Actually, it adds a measurable cost. Something has to generate a password, print it on a label, burn it into the device, and then get it on the case. The biggest issue is getting the manufacturing chain re-tooled to do it. There's already a serial number doing all that, so the SN logically becomes that "random password". Given the MAC and SN are related numbers, it makes for a bad password.
And after all that work, the new owner sets a bad password. A device with complex password requirements will get returned in favor of one that doesn't preach bullshit to the user. (the more complicated you force a password to be, the LESS secure the password will actually be. How many times have I seen people use P@s5word or P@ssw0rd?)
Your TTL would have to be measured in multiple DAYS. 30min (1800s) isn't a very long attack. The sites you see with 120s TTLs either do so for load balancing, or because their admins are idiots. (or their DNS provider are idiots setting such a low default, and the admin didn't change it, assuming there's an obvious way to do so.)
Holding the CEO and other executives legally responsible for the insecurity of their networks would be a start. Of course, that'll never happen. And it wouldn't stop a damned thing in other countries. Is it really so shocking that penny pinching ISPs have shitty, insecurity networks that (a) no one actively monitors, or (b) give enough of a shit to do anything when they are made aware of a problem? And those are the "good actors"! There are plenty of ISPs across the globe that simply do not care what their customers do, as long as the bill is paid. (the unending spam in your inbox should've taught you that long ago.)
The only technical means of doing anything about it would be for Cisco, Juniper, etc. to turn on uRPF permanently, with ZERO option to ever disable it. That won't stop an attack, but at least you'll know who is attacking you.
Actually, you've pretty much always been able to get better (newer) hardware in the windows market, for the same dollar. Apple is invariably one to two generations behind on processors, graphics chips, and (non-"retina") displays. Of course, almost all modern displays are just f'ing TV's these days (1920x1080)
My favorite failure comes courtesy of the local power company (CP&L) installation of backup power systems. A pair of 1.2MW generators with a make-before-break "glitchless" transfer between them. The day they tested it they turned that transfer switch into a puddle of copper and aluminum in a fraction of a second.
99.99% per week is much cheaper than 99.99% per year
No it isn't. 99.99% over a week is 60.48s, over a year is ~52x that. It's much harder to ensure a network has less than one minute of downtime over any given week than one hour over a year. Just because you didn't have an downtime last week doesn't mean you get to have 2 minutes this week.
SLAs tend to be much more specific, detailing exactly what "outside events" are beyond the contract -- the usual "acts of God" clause, and include maintenance periods. There may be sufficient room in one's contract to have 2 hours of downtime per month and still be called "five nines".
"UCARP" and "well thought out"??? Holy shit, what are you smoking!
All redundancy protocols are horrible. They're either old and full of holes (eg. STP), or new and designed by people who didn't learn shit from the old full-of-holes mechanisms. I guess you've never seen Cisco gear with "split brain" syndrome -- where both controllers are in active mode because they each think the other is dead and end up fighting over line cards (rebooting them)
I've seen a design like this before in, oh I don't know, every init system under the sun I think it was.
Incorrect. SysV init (and even more so, BSD) are basically a one-shot "run a bunch of things" (which amounts to a shell script that runs other shell scripts). Once booted, init does next to nothing. 99.999999% of it's life is spent monitoring the exit of a bunch getty's. It's not eating all logs (journalD). It's not managing networking. It's not passing messages around. In fact, it's listening for exactly ONE message: change runlevel, which only root can send.
Things like upstart and systemD are problems looking for problems. I ran linux as my desktop for years, LONG before Pottering learned to spell systemD. It worked just fucking fine. And I didn't have to constantly login as root to start and stop things. If I wanted a local webserver on the machine, it was set to start at boot. I didn't need systemD to sit there listening on port 80 waiting to start apache. (a function -- starting network services on demand, for the record, that was quite adequately served by inetd) In fact, I ran entire labs of linux desktops where the users could not login as root.
If they hadn't adopted it, no one else would have. If you don't join with the borg, then you will forever be maintaining a growing mountain of patches to remove the systemD cancer from an ever growing collection of programs.
It was in the summary... some idiot's minecraft server.
Also, it's entirely possible some of the botnet was OVH hosts in the first place. OVH isn't known for having the smartest customers. (In fact, they'll host anything.)
Count yourself one of the lucky few. More complex firewall configurations are orders of magnitude more likely to get completely screwed. I know several enterprises that dumped Cisco over this bullshit.
Because of the specific device they have (5505 can't run 9.6, for example.) Or because their "certified configuration" requires a specific version.
Also, as others have mentioned (and will CONTINUE to mention), 8.3+ significantly fucked up the NAT configuration language. I will switch vendors before I use that fucked up shit.
The issue is not one of liquid or gel construction -- which is an issue, to be sure... leaks, evaporation, boiling, etc. The issue with such technology is spelled:
L-I-T-H-I-U-M.
Lithium based batteries react rather poorly to being exposed to the atmosphere. Unless they've created a non-reactive lithium electrolyte, there's really nothing new here. (hint: that's not new, either.) So they've brought "AGM" to li-po technology.
And the cost of electricity is about 70 to 80% less than the equivalent cost of a gasoline car per mile.
Except it isn't. Everyone who's ever said that has ignored the real world effect their shiny new EV has had on their power bill. It can be a marginal cost savings, but in my experience (focus ev vs tdi wagon) they come out fairly even. (it's even worse given the cheapness of an old tdi wagon, esp. today.)
(And in reality, given today's gas and electric prices, the focus is costing more to operate than my ES300h. $113/yr more. To date, it's been cheaper as gas prices were higher.)
Ok, so you take ~30s to connect/disconnect the charger. You do that every day. Possibly more than once a day -- charging at work, the mall, etc. So, just one attach-detach cycle per day is 5+ min per week. It takes me ~5min to fill my car once every 2-3 weeks. And that 5min fill up gets me 550-700 miles without any worry . There are gas stations "everywhere", and they are trivial to find. Charging stations are rare, and difficult to find. I don't need an "app" to find a gas station; I do to find chargers. And seeing how it take hours to charge (30min 80% "fast charge") and there are typically only a token pair of stations per location, don't bet on being able to charge your car at any random location. People plug in and walk away for extended periods -- no one leaves their movie to unplug and re-park their car so someone else can charge.
I love the idea of EVs. But the technology is still lacking. They're still highly impractical.
The theater makes next to nothing from the ticket. All of their profits come from concessions and those boring ads before the movie. (it really is a horrible business to be in.)
Like that will stop anyone from "going there" to collect their idiotic pokemon. They'll just turn on mock locations and travel around the world while sitting on the sofa. (people are *ALREADY* doing that, btw.)
Plus, this is dumb way to select targets. You're going to be bombing lots of empty buildings, warehouses, entire ghost cities, etc.
Legally, it doesn't work like that. As soon as you've handed in your written resignation, they can walk you to the door. And as most people aren't giving notice until they already have a new job lined up, they wouldn't get any unemployment at all.
Just on the start/stop process a lot of people won't depress the clutch
That's why cars have a safety interlock that requires the clutch pedal be depressed before the starter can be engaged. Even automatics have an interlock -- starter is only available in park and neutral.
Except when the parking pawl slips, or breaks, or ISN'T ENGAGED. Engaged the damned park brake; then your car is much less likely to "accidentally" roll down a hill and kill you.
ABSOLUTELY. 100%. INCORRECT. The park brake / e-brake is a physically cabled, manual auxiliary brake mechanism -- sometimes a completely independent brake. In every civilized part of the world, it's a safety device that MUST be 100% operable with zero power. An electronic mechanism cannot be engaged or disengaged without power. Yes, the gear box, including "park", are almost always electronic these days, but the "handbrake" is not.
Slashdot Mirror
Actually, it adds a measurable cost. Something has to generate a password, print it on a label, burn it into the device, and then get it on the case. The biggest issue is getting the manufacturing chain re-tooled to do it. There's already a serial number doing all that, so the SN logically becomes that "random password". Given the MAC and SN are related numbers, it makes for a bad password.
And after all that work, the new owner sets a bad password. A device with complex password requirements will get returned in favor of one that doesn't preach bullshit to the user. (the more complicated you force a password to be, the LESS secure the password will actually be. How many times have I seen people use P@s5word or P@ssw0rd?)
Your TTL would have to be measured in multiple DAYS. 30min (1800s) isn't a very long attack. The sites you see with 120s TTLs either do so for load balancing, or because their admins are idiots. (or their DNS provider are idiots setting such a low default, and the admin didn't change it, assuming there's an obvious way to do so.)
Holding the CEO and other executives legally responsible for the insecurity of their networks would be a start. Of course, that'll never happen. And it wouldn't stop a damned thing in other countries. Is it really so shocking that penny pinching ISPs have shitty, insecurity networks that (a) no one actively monitors, or (b) give enough of a shit to do anything when they are made aware of a problem? And those are the "good actors"! There are plenty of ISPs across the globe that simply do not care what their customers do, as long as the bill is paid. (the unending spam in your inbox should've taught you that long ago.)
The only technical means of doing anything about it would be for Cisco, Juniper, etc. to turn on uRPF permanently, with ZERO option to ever disable it. That won't stop an attack, but at least you'll know who is attacking you.
Actually, you've pretty much always been able to get better (newer) hardware in the windows market, for the same dollar. Apple is invariably one to two generations behind on processors, graphics chips, and (non-"retina") displays. Of course, almost all modern displays are just f'ing TV's these days (1920x1080)
My favorite failure comes courtesy of the local power company (CP&L) installation of backup power systems. A pair of 1.2MW generators with a make-before-break "glitchless" transfer between them. The day they tested it they turned that transfer switch into a puddle of copper and aluminum in a fraction of a second.
No it isn't. 99.99% over a week is 60.48s, over a year is ~52x that. It's much harder to ensure a network has less than one minute of downtime over any given week than one hour over a year. Just because you didn't have an downtime last week doesn't mean you get to have 2 minutes this week.
SLAs tend to be much more specific, detailing exactly what "outside events" are beyond the contract -- the usual "acts of God" clause, and include maintenance periods. There may be sufficient room in one's contract to have 2 hours of downtime per month and still be called "five nines".
"UCARP" and "well thought out"??? Holy shit, what are you smoking!
All redundancy protocols are horrible. They're either old and full of holes (eg. STP), or new and designed by people who didn't learn shit from the old full-of-holes mechanisms. I guess you've never seen Cisco gear with "split brain" syndrome -- where both controllers are in active mode because they each think the other is dead and end up fighting over line cards (rebooting them)
I would guess >90% of 4chan users block the holy hell out of anything that might've once gone to school with an ad.
Incorrect. SysV init (and even more so, BSD) are basically a one-shot "run a bunch of things" (which amounts to a shell script that runs other shell scripts). Once booted, init does next to nothing. 99.999999% of it's life is spent monitoring the exit of a bunch getty's. It's not eating all logs (journalD). It's not managing networking. It's not passing messages around. In fact, it's listening for exactly ONE message: change runlevel, which only root can send.
Things like upstart and systemD are problems looking for problems. I ran linux as my desktop for years, LONG before Pottering learned to spell systemD. It worked just fucking fine. And I didn't have to constantly login as root to start and stop things. If I wanted a local webserver on the machine, it was set to start at boot. I didn't need systemD to sit there listening on port 80 waiting to start apache. (a function -- starting network services on demand, for the record, that was quite adequately served by inetd) In fact, I ran entire labs of linux desktops where the users could not login as root.
*cough*RED HAT*cough*
If they hadn't adopted it, no one else would have. If you don't join with the borg, then you will forever be maintaining a growing mountain of patches to remove the systemD cancer from an ever growing collection of programs.
It was in the summary... some idiot's minecraft server.
Also, it's entirely possible some of the botnet was OVH hosts in the first place. OVH isn't known for having the smartest customers. (In fact, they'll host anything.)
Count yourself one of the lucky few. More complex firewall configurations are orders of magnitude more likely to get completely screwed. I know several enterprises that dumped Cisco over this bullshit.
Because of the specific device they have (5505 can't run 9.6, for example.) Or because their "certified configuration" requires a specific version.
Also, as others have mentioned (and will CONTINUE to mention), 8.3+ significantly fucked up the NAT configuration language. I will switch vendors before I use that fucked up shit.
The issue is not one of liquid or gel construction -- which is an issue, to be sure... leaks, evaporation, boiling, etc. The issue with such technology is spelled:
L-I-T-H-I-U-M.
Lithium based batteries react rather poorly to being exposed to the atmosphere. Unless they've created a non-reactive lithium electrolyte, there's really nothing new here. (hint: that's not new, either.) So they've brought "AGM" to li-po technology.
And yet, every job hunting site on the planet has various Cisco jobs posted.
Except it isn't. Everyone who's ever said that has ignored the real world effect their shiny new EV has had on their power bill. It can be a marginal cost savings, but in my experience (focus ev vs tdi wagon) they come out fairly even. (it's even worse given the cheapness of an old tdi wagon, esp. today.)
(And in reality, given today's gas and electric prices, the focus is costing more to operate than my ES300h. $113/yr more. To date, it's been cheaper as gas prices were higher.)
Ok, so you take ~30s to connect/disconnect the charger. You do that every day. Possibly more than once a day -- charging at work, the mall, etc. So, just one attach-detach cycle per day is 5+ min per week. It takes me ~5min to fill my car once every 2-3 weeks. And that 5min fill up gets me 550-700 miles without any worry . There are gas stations "everywhere", and they are trivial to find. Charging stations are rare, and difficult to find. I don't need an "app" to find a gas station; I do to find chargers. And seeing how it take hours to charge (30min 80% "fast charge") and there are typically only a token pair of stations per location, don't bet on being able to charge your car at any random location. People plug in and walk away for extended periods -- no one leaves their movie to unplug and re-park their car so someone else can charge.
I love the idea of EVs. But the technology is still lacking. They're still highly impractical.
Obviously, you've never met Uverse.
The theater makes next to nothing from the ticket. All of their profits come from concessions and those boring ads before the movie. (it really is a horrible business to be in.)
Like that will stop anyone from "going there" to collect their idiotic pokemon. They'll just turn on mock locations and travel around the world while sitting on the sofa. (people are *ALREADY* doing that, btw.)
Plus, this is dumb way to select targets. You're going to be bombing lots of empty buildings, warehouses, entire ghost cities, etc.
Which state?
Legally, it doesn't work like that. As soon as you've handed in your written resignation, they can walk you to the door. And as most people aren't giving notice until they already have a new job lined up, they wouldn't get any unemployment at all.
That's why cars have a safety interlock that requires the clutch pedal be depressed before the starter can be engaged. Even automatics have an interlock -- starter is only available in park and neutral.
Except when the parking pawl slips, or breaks, or ISN'T ENGAGED. Engaged the damned park brake; then your car is much less likely to "accidentally" roll down a hill and kill you.
ABSOLUTELY. 100%. INCORRECT. The park brake / e-brake is a physically cabled, manual auxiliary brake mechanism -- sometimes a completely independent brake. In every civilized part of the world, it's a safety device that MUST be 100% operable with zero power. An electronic mechanism cannot be engaged or disengaged without power. Yes, the gear box, including "park", are almost always electronic these days, but the "handbrake" is not.