Unfortunately, the "I told you so" method only makes things worse. You come off as a smart-ass even if you are just doing your job (and that of other less compotents.)
I have learned to take a zen-like approach: "Why ask for my input when you are going to go off and do what you think is best anyway?" If they want my input, then they can ask for it. If they don't take my advice and things fail apart, then that's their problem. (I actually take great joy in watching that.)
The "you broke it; you fix it" rule also works well.
[Those that have asked for and acted on my input have never regretted doing so.]
If that. Those that really make the "big bucks" -- those with "chief" in their title -- (100k to 250k or more) have nothing near the stress of the lower paid (50k to 75k) "techies". To a geek, management is boring; they'd rather be installing routers or breaking something (so they can fix it.)
I see how much companies pay people (well, ranges, not exact figures.) It would appear, the less you do, the more you get paid. However, I still think the technical people keeping the show running are paid well -- I wouldn't say very well. As for the 60+ hour work week, that's not a company requirement -- there are laws against that sort of thing; you work 10-16 hours a day because you want to. If you have a Floyd concert to go to, you won't be setting in the office for 16 hours. (And you wouldn't be able to hear your pager anyway.)
True. However, this is acceptable. I see this happen rather often browsing the web.
Technically, the problem is the client's to deal with. The client should have a timeout. This sort of situation can occur naturally with a transient network fault.
Also concider the effect of a lost SYN_ACK. The client will timeout and resent it's SYN. The server is likely to send back a different SYN_ACK as it has no state on the original SYN.
Use of syncookies can cause some very odd problems. This is why it has to be explicitly activated by the administrator. Compiling it into the kernel does not turn it on.
Indeed. Alot of the problems appear to be political. And the over inflated egos of the operators don't help matters.
There are now, what, two open servers? Most of the server require ident to connect even though ident is 150% worthless in proving an identity. And at least one of those servers doesn't have an inverse DNS record so it's impossible to connect to it (>15s for DNS to error out but the server has stopped waiting for the ident response and closes the connection.)
DoS attacks on the servers
Yes, there have been and are attacks on the EFNet servers. This is simply children being, well, children. The IRC protocol was never designed to survive in the present-day, hostile Internet. It's a tree structured bandwidth whore. And it looks like very few people are actively maintaining that spooge. (None of the stat pages about EFNet are being updated correctly. None of the maillist archives are up-to-date or even work correctly. Etc.)
Because of the threat potential of hosting an EFNet server, most ISPs don't want to run one. Plus the administrative overhead, the bandwidth, and the political mess involved in being part of EFNet...
can't this sort of thing be tracked?
Yes, it can. However, it takes time and the cooperation of many people often in different time zones and even different countries to trace back to the source. And when you do find the source, you have to find the ass who broke into the box somewhere in outer mongolia... Then what do you do when you actually find the 13year-old idiot in Utah who did all of this? Or some teen in China? Sorry; a lot of this shit simply cannot be prosecuted. And then there's nothing to prevent them from doing it again.
... These packet monkeys...
Maybe, but it's effective. Parts of EFNet are knocked around everyday. I would attribute some of this to children taking over channels. You don't see this in other IRC networks because they handle transient network problems better and some have nick and channel servers to maintain control. EFNet is still the "lawless wild west" of IRC networks. (The Ops like it this way -- power trip and all that sorta stuff; plus it limits the amount of stuff they have to care about.)
"script kiddies" are everywhere. Most of them are too stupid (inexperienced???) to know what they are doing. Just pick an address range and scan it... Sometimes you don't realize how much damage you can do.
For the record, I've never been a script-kiddie... I always write my own:-) And yes, I've unintentionally fubar'ed things in my explorations.
Well, if you want to be pedantic, most of the bible cannot (or should not) be taken literally. First, the stories were passed on by word-of-mouth for thousands of years, transcribed by the hands of monks for centuries, and translated numerous times over the course of history.
Also, we don't know how long a "year" was, so saying Noah was 600 when he got on The Arc and 601 when he got off, doesn't really tell us anything. (see above about word-of-mouth.)
You left out an important word... shortage of skilledprogrammers and other tech workers in the U.S. And it's true. There is a shortage of skilled programmers. Any idiot can spew Java and call it a program -- and somebody will try to sell it. It's very hard to find skill workers. Part of the difficulty is simply screening all the applications -- people do lie or otherwise "colorize" their resume. Then actually interviewing people... I can recall two interviewees that I couldn't get out of my office fast enough. They looked good on paper. *sheesh*
In my experience (being an American), most American workers are lazy and take little pride in their work. Notice I'm using the word "most"; everyone isn't a lazy mooch, but the majority are. The larger the company the more likely you are to see this. Everyone I've ever known with an H1 was unquestionablly skilled and took great pride in their work.
People pay 10-20$ for 4KB/s (modem) or 7KB/s (ISDN)... most dual channel ISDN connections run in the 40$ range (and most are metered)
I'm out of range for DSL (I'm certainly not paying 100+$ for IDSL) and I cannot get a subnet via cable modem. (40$/month for a single static IP is ripoff.)
Oh h*** yes you can. The source address of the packet (where you want the spoofed reply to go) is not within the ISPs network, so throw it away. Many large providers at meet-points started checking that years ago and threatened to stop peering with those that hadn't blocked it. I don't know that anyone still does that anymore.
(This is also necessary to prevent misconfigured multi-homed customers from sending you the wrong traffic or acting as a transit point.)
Last time I checked, destroying evidence was illegal. And if they destroy it, they are responsible for replacing it -- those "drug dealers" don't get their cars back as burned out heaps either. (If you're convicted, you may never get the seized evidence back.)
No, you pay several orders of magnitude more for the device than it costs to make it and then pay for each tape on which you record. And the VCR records exactly what you tell it to record.
Sell it for whatever it costs to make... why does suddenly everyone want users to *subscribe* to things[?]
Because people wouldn't buy it otherwise. ReplayTV units are far more expensive than TiVo units. As a result, they aren't selling as well. If they sold it to you "at cost", you'd be paying in the range of 600$ for a TiVo -- there's over 100$ in RAM chips alone.
... but it's not perfect
No, it isn't perfect. Having used one of the original Sony DSS units, I hate the TiVo UI -- it contantly wastes half the screen realestate. I would like to have more control over what it records -- a "User Suggestions" to guide the "Tivo Suggestions" (my TiVo was recording every Senfeild episode it could find and then one day it stopped -- I didn't do anything; the scheduler just stopped selecting it.) You cannot add a season pass if there's an overlap, but passes can overlap without warning if the lineup changes -- FOX and WB have moved shows around for the fall. (I've got hundreds of tweaks..)
I'd like to see a "TiVo Cluster" where several TiVo's use a cooperative scheduler to deal with overlaps. This isn't going to happen with the existing hardware -- you'd need a networkable MFS to this properly:-)
In Dan's defense, if he's gonna swear on his life that qmail is unhackable, then he's got the right to stop people from dicking with the source and making it available -- including ports to other systems. The Open Source Bigots run in with nukes everytime a single line of source code is seen with a "leave my f***in' code alone" clause.
Alot of the things I've written over the years have been credited to others. (I won't bore anyone with a list.) I'm sure even more has been rolled into things I'm not even aware of. Only once has someone hunted me down (and offered to pay me) to update/fix/extend a device driver I wrote years ago. [I did it for free, btw.]
By using network stack signature tests (every network stack acts a little differently if you look close enough), you can tell what OS, and in some cases even the version, someone is running.
Actually, they currently don't know directly which TiVo is sending back data. They could corelate a few logs and tell. You can ask TiVo to stop collecting this information (or turn it off yourself.)
Just watch the log files (/var/log/...) if you want to know what it's doing.
I do the exact same thing. This is why I will always advocate ISDN: access to Q931 signalling data is heavenly. (No phone rings and no one is billed because the SETUP message is refused.)
I also like being able to tell people they have the wrong number (by name) when they call. I do a reverse lookup on the number or refuse everything that doesn't have a number. That freaks people out.
This reminds me of the NCSU Telecommunications Office billing be for $0.00 - yes, -zero-. I threw it in the trash thinking nothing about writing them a check for $0.00. One week later I got a past due, pay this or we cut off your phone, bill again. I walked over to the Telecom office and wrote the b****es a check for $0.00. They never sent me another bill. Ever.
I did this as a joke years ago... old firewalls used to let ICMP traffic through unchecked. I might still have the changes to Linux *cough*1.0*cough* to do this.
That's not a "tunnel" per se. It's a protocol: Clay Tablet by Carrier Pigeon. Too bad they are an endangered species -- too many lost tablets I guess. *grin*
Neat. I guess I should document and make available all the Evil Things (patent pending) I've done over the years:
"Knight Rider" LED mode on a DEC terminal keyboard - prolonged execution tended to lockup the workstation
IP over ICMP tunnel - done as a joke. You think IP over DNS is wicked...
TCP connection flash start hack - instantly steal the connection from any other machine on the same network.
NFS mass mounter - I actually locked up an AFS server with that one. (It's their own fault for using the AFS to NFS translator. Even Transarc runs when those words are spoken.)
SCSI-IP - Yes, that's actually doable.
dir-crusher - *grin* interesting utility to make huge directories. Eat someone's entire disk quota with a single empty directory. (That one almost killed an AFS server too.)
And my personal fav...
"NO CARRIER" ping - *evil grin* properly phrased ICMP echo packet with "+++ATH0" in it so the echo reply would hang up the user's modem. That doesn't work anymore -- modem speeds are too fast and most modems have a guard time.
(It's too bad I didn't know the SDL flash start codes for USR modems then:-) And yes, those work at any speed and can lockup both user and ISP modems.)
Well, I'd give Oracle part of the blame for this. Nowhere in he installation instructions or printed documentation with ANY Oracle product do they tell you what users and passwords they are loading. I've only ever been asked for a password during installation on a windows system. I had to look through the setup scripts to find their damned default password.
BTW, this is a problem in alot of places. Software installs things you aren't aware of (esp. on windows.) And admins aren't paying attention or aren't trained to manage what they are handed.
Dude, 128k_bits_/s is no where near the speed of even the crapiest cable modem. For that matter, it's a lot slower than most DSL as well, but only by a factor of 2-5. It's quite an improvement over 28.8/33.6/56k modem access, but it's still slow.
Unfortunately, the "I told you so" method only makes things worse. You come off as a smart-ass even if you are just doing your job (and that of other less compotents.)
I have learned to take a zen-like approach: "Why ask for my input when you are going to go off and do what you think is best anyway?" If they want my input, then they can ask for it. If they don't take my advice and things fail apart, then that's their problem. (I actually take great joy in watching that.)
The "you broke it; you fix it" rule also works well.
[Those that have asked for and acted on my input have never regretted doing so.]
- ... tend to work 9 to 5 and that's it.
If that. Those that really make the "big bucks" -- those with "chief" in their title -- (100k to 250k or more) have nothing near the stress of the lower paid (50k to 75k) "techies". To a geek, management is boring; they'd rather be installing routers or breaking something (so they can fix it.)I see how much companies pay people (well, ranges, not exact figures.) It would appear, the less you do, the more you get paid. However, I still think the technical people keeping the show running are paid well -- I wouldn't say very well. As for the 60+ hour work week, that's not a company requirement -- there are laws against that sort of thing; you work 10-16 hours a day because you want to. If you have a Floyd concert to go to, you won't be setting in the office for 16 hours. (And you wouldn't be able to hear your pager anyway.)
s/USPTO, evil/USPTO, stupid/
True. However, this is acceptable. I see this happen rather often browsing the web.
Technically, the problem is the client's to deal with. The client should have a timeout. This sort of situation can occur naturally with a transient network fault.
Also concider the effect of a lost SYN_ACK. The client will timeout and resent it's SYN. The server is likely to send back a different SYN_ACK as it has no state on the original SYN.
Use of syncookies can cause some very odd problems. This is why it has to be explicitly activated by the administrator. Compiling it into the kernel does not turn it on.
- what the hell has been happening to EFNet?
Indeed. Alot of the problems appear to be political. And the over inflated egos of the operators don't help matters.There are now, what, two open servers? Most of the server require ident to connect even though ident is 150% worthless in proving an identity. And at least one of those servers doesn't have an inverse DNS record so it's impossible to connect to it (>15s for DNS to error out but the server has stopped waiting for the ident response and closes the connection.)
- DoS attacks on the servers
Yes, there have been and are attacks on the EFNet servers. This is simply children being, well, children. The IRC protocol was never designed to survive in the present-day, hostile Internet. It's a tree structured bandwidth whore. And it looks like very few people are actively maintaining that spooge. (None of the stat pages about EFNet are being updated correctly. None of the maillist archives are up-to-date or even work correctly. Etc.)Because of the threat potential of hosting an EFNet server, most ISPs don't want to run one. Plus the administrative overhead, the bandwidth, and the political mess involved in being part of EFNet...
- can't this sort of thing be tracked?
Yes, it can. However, it takes time and the cooperation of many people often in different time zones and even different countries to trace back to the source. And when you do find the source, you have to find the ass who broke into the box somewhere in outer mongolia... Then what do you do when you actually find the 13year-old idiot in Utah who did all of this? Or some teen in China? Sorry; a lot of this shit simply cannot be prosecuted. And then there's nothing to prevent them from doing it again. - ... These packet monkeys
...
Maybe, but it's effective. Parts of EFNet are knocked around everyday. I would attribute some of this to children taking over channels. You don't see this in other IRC networks because they handle transient network problems better and some have nick and channel servers to maintain control. EFNet is still the "lawless wild west" of IRC networks. (The Ops like it this way -- power trip and all that sorta stuff; plus it limits the amount of stuff they have to care about.)"script kiddies" are everywhere. Most of them are too stupid (inexperienced???) to know what they are doing. Just pick an address range and scan it... Sometimes you don't realize how much damage you can do.
:-) And yes, I've unintentionally fubar'ed things in my explorations.
For the record, I've never been a script-kiddie... I always write my own
Well, if you want to be pedantic, most of the bible cannot (or should not) be taken literally. First, the stories were passed on by word-of-mouth for thousands of years, transcribed by the hands of monks for centuries, and translated numerous times over the course of history.
Also, we don't know how long a "year" was, so saying Noah was 600 when he got on The Arc and 601 when he got off, doesn't really tell us anything. (see above about word-of-mouth.)
hah... "Our Germans are better than their Germans."
You left out an important word... shortage of skilled programmers and other tech workers in the U.S. And it's true. There is a shortage of skilled programmers. Any idiot can spew Java and call it a program -- and somebody will try to sell it. It's very hard to find skill workers. Part of the difficulty is simply screening all the applications -- people do lie or otherwise "colorize" their resume. Then actually interviewing people... I can recall two interviewees that I couldn't get out of my office fast enough. They looked good on paper. *sheesh*
In my experience (being an American), most American workers are lazy and take little pride in their work. Notice I'm using the word "most"; everyone isn't a lazy mooch, but the majority are. The larger the company the more likely you are to see this. Everyone I've ever known with an H1 was unquestionablly skilled and took great pride in their work.
BiT: But NNTP is four letters.
BOFH: <pause> Inflation.
(BiT == BOFH in Training)
People pay 10-20$ for 4KB/s (modem) or 7KB/s (ISDN)... most dual channel ISDN connections run in the 40$ range (and most are metered)
I'm out of range for DSL (I'm certainly not paying 100+$ for IDSL) and I cannot get a subnet via cable modem. (40$/month for a single static IP is ripoff.)
Oh h*** yes you can. The source address of the packet (where you want the spoofed reply to go) is not within the ISPs network, so throw it away. Many large providers at meet-points started checking that years ago and threatened to stop peering with those that hadn't blocked it. I don't know that anyone still does that anymore.
(This is also necessary to prevent misconfigured multi-homed customers from sending you the wrong traffic or acting as a transit point.)
Last time I checked, destroying evidence was illegal. And if they destroy it, they are responsible for replacing it -- those "drug dealers" don't get their cars back as burned out heaps either. (If you're convicted, you may never get the seized evidence back.)
- I don't pay money to usa a VCR...
No, you pay several orders of magnitude more for the device than it costs to make it and then pay for each tape on which you record. And the VCR records exactly what you tell it to record.- Sell it for whatever it costs to make... why does suddenly everyone want users to *subscribe* to things[?]
Because people wouldn't buy it otherwise. ReplayTV units are far more expensive than TiVo units. As a result, they aren't selling as well. If they sold it to you "at cost", you'd be paying in the range of 600$ for a TiVo -- there's over 100$ in RAM chips alone.- ... but it's not perfect
No, it isn't perfect. Having used one of the original Sony DSS units, I hate the TiVo UI -- it contantly wastes half the screen realestate. I would like to have more control over what it records -- a "User Suggestions" to guide the "Tivo Suggestions" (my TiVo was recording every Senfeild episode it could find and then one day it stopped -- I didn't do anything; the scheduler just stopped selecting it.) You cannot add a season pass if there's an overlap, but passes can overlap without warning if the lineup changes -- FOX and WB have moved shows around for the fall. (I've got hundreds of tweaks..)I'd like to see a "TiVo Cluster" where several TiVo's use a cooperative scheduler to deal with overlaps. This isn't going to happen with the existing hardware -- you'd need a networkable MFS to this properly
In Dan's defense, if he's gonna swear on his life that qmail is unhackable, then he's got the right to stop people from dicking with the source and making it available -- including ports to other systems. The Open Source Bigots run in with nukes everytime a single line of source code is seen with a "leave my f***in' code alone" clause.
Alot of the things I've written over the years have been credited to others. (I won't bore anyone with a list.) I'm sure even more has been rolled into things I'm not even aware of. Only once has someone hunted me down (and offered to pay me) to update/fix/extend a device driver I wrote years ago. [I did it for free, btw.]
By using network stack signature tests (every network stack acts a little differently if you look close enough), you can tell what OS, and in some cases even the version, someone is running.
Search freshmeat for "queso"...
This is still "security through obscurity."
Actually, they currently don't know directly which TiVo is sending back data. They could corelate a few logs and tell. You can ask TiVo to stop collecting this information (or turn it off yourself.)
Just watch the log files (/var/log/...) if you want to know what it's doing.
"We" know how to get mpeg data out of it. It's just not very useful, yet. And the procedure is a royal pain in the rear.
I do the exact same thing. This is why I will always advocate ISDN: access to Q931 signalling data is heavenly. (No phone rings and no one is billed because the SETUP message is refused.)
I also like being able to tell people they have the wrong number (by name) when they call. I do a reverse lookup on the number or refuse everything that doesn't have a number. That freaks people out.
This reminds me of the NCSU Telecommunications Office billing be for $0.00 - yes, -zero-. I threw it in the trash thinking nothing about writing them a check for $0.00. One week later I got a past due, pay this or we cut off your phone, bill again. I walked over to the Telecom office and wrote the b****es a check for $0.00. They never sent me another bill. Ever.
I did this as a joke years ago... old firewalls used to let ICMP traffic through unchecked. I might still have the changes to Linux *cough*1.0*cough* to do this.
That's not a "tunnel" per se. It's a protocol: Clay Tablet by Carrier Pigeon. Too bad they are an endangered species -- too many lost tablets I guess. *grin*
"Knight Rider" LED mode on a DEC terminal keyboard - prolonged execution tended to lockup the workstation
IP over ICMP tunnel - done as a joke. You think IP over DNS is wicked...
TCP connection flash start hack - instantly steal the connection from any other machine on the same network.
NFS mass mounter - I actually locked up an AFS server with that one. (It's their own fault for using the AFS to NFS translator. Even Transarc runs when those words are spoken.)
SCSI-IP - Yes, that's actually doable.
dir-crusher - *grin* interesting utility to make huge directories. Eat someone's entire disk quota with a single empty directory. (That one almost killed an AFS server too.)
And my personal fav...
"NO CARRIER" ping - *evil grin* properly phrased ICMP echo packet with "+++ATH0" in it so the echo reply would hang up the user's modem. That doesn't work anymore -- modem speeds are too fast and most modems have a guard time. :-) And yes, those work at any speed and can lockup both user and ISP modems.)
(It's too bad I didn't know the SDL flash start codes for USR modems then
Well, I'd give Oracle part of the blame for this. Nowhere in he installation instructions or printed documentation with ANY Oracle product do they tell you what users and passwords they are loading. I've only ever been asked for a password during installation on a windows system. I had to look through the setup scripts to find their damned default password.
BTW, this is a problem in alot of places. Software installs things you aren't aware of (esp. on windows.) And admins aren't paying attention or aren't trained to manage what they are handed.
Dude, 128k_bits_/s is no where near the speed of even the crapiest cable modem. For that matter, it's a lot slower than most DSL as well, but only by a factor of 2-5. It's quite an improvement over 28.8/33.6/56k modem access, but it's still slow.