Well, when the other guy is sitting in a helicopter or plane and trying to pick where to drop the bombs you don't care too much about noise... But you do care a lot about IR.
1.Do something like what they did in the second world and escort civilian ships through the (relatively small) danger zone. Any pirates that show up get to find out just what the massive deck gun or missile launcher of a navy destroyer does to a small pirate boat. Enough pirates will get back to Somalia and tell all their pirate buddies about it that many will think twice about taking the risk.
The zone is not very small. Pirates strike half way to India and down by madagaskar. We are talking about an area about half the size of the USA to monitor and convoy ships through. In addition, convoys are not very efficient against pirates. Ship-to-ship missiles and deck cannons are designed to hit ships, not small motorboats... which means you have to get close to stop the pirates. Not an easy task if you have a convoy of perhaps 30 ships to watch over and the pirates show up with 10 boats. And once the pirates are aboard a ship it gets a lot more complicated, as they can use the crew as a shield.
Or another alternative would be to provide guns (or armed officers) on shops as they enter the danger zone and remove them when they leave. Any pirates that try to board get shot at with a large caliber rifle. I am not a Somali pirate but I suspect even Somali pirates dont like being shot at (and possibly seriously injured or killed).
When the options are "starvation or earn the equivalent of $100 million in the local currency" people suddenly get much more likely to take risks. Being shot is a risk they accept. In addition, you are talking about starting a shootout between a few sailors and a bunch of random people from a country in civil war. It's not especially certain that the sailors will win that shootout.
2.Apply international pressure on the government of Somalia to clean up its act and clear things out. Offer them incentives (foriegn aid, support to eliminate the warlords and guns or whatever else) if they are willing to clean up their country and stop the pirates.
Government? Somalia? The closest thing you will find is the Islamic Courts Union, which is a radical Islamic group. They do stop piracy, but I kind of doubt anybody in the western world wants to support them. In fact a lot has been done to arm everybody else in an effort to stop the ICU.
and 3.Offer direct aid to the Somali people (aid that comes with checks to make sure it ends up in the hands of the right people and not the warlords). Find things the Somali fishermen-turned-pirates can use to earn a legitimate living. If they have enough money to live off without piracy, they are much less likely to take the risk (especially given #1 above).
How? You have no banking system in Somalia, no working government. It is extremely hard to distribute aid in that situation. The waters outside Somalia are outfished, and it will take generations before the fishery industry recovers.... Not to mention that the large amount of toxic waste dumped in the water will prevent them from selling the fish.
These people arent terrorists, they have no political agenda, they are only in it because they feel like they have no other choice if they want to survive. So you attack in 3 ways, you increase the risks for the pirates (so that the risk vs reward equation changes), you offer them incentives to stop being pirates and you apply political pressure to the government to make it illegal (if it isn't already) and to enforce the law.
No, they are not terrorists, but sadly none of the methods you mentioned are likely to have a large effect on the current situation.
If the law in Somalia doesn't make piracy illegal, it should be changed. And it should specify that any pirates who are caught have their ships impounded by the government and destroyed/sunk/on-sold.
There is no law in Somalia as there is no unified governement. The closest thing is a Sharia based law in the ICU region, which is mostly in the south. They have taken a stance against piracy.
And students (in my experience especially those from the American and Asian educational systems) demand lazy teachers. I design 4 exams a year on master level for a mixed group of students and I have noticed that students want the same questions as last year, with a few variables changed. The moment you ask students to do something that has not been covered in exactly that format in the course and previous exams you get complaints.
For the higher grades I demand that the students can apply their knowledge in practical scenarios. This is something most students find extremely hard, as it requires them to apply what they have learned in the course in a new way and not just barf up what they have memorized on the paper which is what high school and undergraduate education trains them to do. Few students like hard and unpredictable tasks, even if the grading is generous.
Students might claim that they want deeper and more original questions, but I have statistics indicating that introducing original, open ended, questions on an exam decreases the perceived "fairness" (that the exam does not overly favour some group of students), "coverage" (that all the course material is accurately covered by the exam), "representativity" (that the result of the exam gives a good representation of the individual student performance) as well as overall "quality".
Your eye protection reflexes does not trigger as well on monochromatic light as it does on light with a broader spectrum, even if the laser happens to be in the visible spectrum. In addition the laser does not have as much chromatic aberration, which significantly increases the risk of damage to the eye. There is a reason we classify lasers for their risk of eye damage but not other sources of light.
If we deliver the same energy to the same area of the retina there will indeed be the same amount of damage, as the damage is primarily from heating. But it is a lot harder to deliver that energy if you use a flashlight compared to a laser.
A laser is very concentrated light, further focused by the eye, which is why it will cause burning damage to the retina.
This is similar to the flash-bang grenade. A very strong difuse source of light will drain your retina of the signal substance it uses to detect light, and it takes the body considerable time to produce new signal substance. Fire a camera flash in your own face and you can experience a mild form of the effect.
Thereby not said anything about the viability of the product. I doubt something that can be stopped with sunglasses will replace tasers any time soon.
Yes, we are running out of IPv4 addresses, but the ISP's couldn't care less. It doesn't cost anything to request an extra/16 from your local RIR. And a company doesn't spend money building systems to conserve something that is free. It's not like "we preserve IPv4 address space" makes great marketing.
You know that the primary reason that most ISP's originally limited their customers to a single IP address was to make connection sharing more complicated, right? Today they might claim it is to "conserve IP addresses" or some other BS, but don't let that fool you.
The ISP's would happily charge you per system if they could figure out how.
As I said, I don't know if he is guilty or not. But at this point I doubt he will get a fair trial in Sweden. Nobody will be satisfied with the result, regardless of what it is. He is not getting the same treatment as Sven Svensson would get if suspected of the same crime, which makes me very suspicious.
Historically Sweden has had a very high profile independence in international matters. But this have been strongly eroded the last ten years or so. We have had some rather spectacular scandals, including Swedish security police helping the CIA send refugees from Sweden to Egypt where they were tortured in secret prisons. So, we have reason to suspect parts of our government not to act in the best interest of the people living in Sweden and instead give priority to US foreign interests.
There is a significant difference between ally and lapdog. You can do a lot with your lapdogs you can't do with your allies.
I don't know if he is guilty or not. But the whole case have been handled in a strange, high profile, way all the way, which hints that there is a lot of political pressure involved. And that is not good for our legal system here in Sweden.
It's a simulation of the impact of a coordinated attack on BGP. We know since a long time back that BGP is vulnerable to a number of attacks, this being one of them. The researcher has done a good job with the simulations and putting numbers on it.
Nothing else to see here, move along. The writer of the news article has no idea what he/she is talking about. We have much larger stability issues (such as Network Neutrality, IPv6 swap over and government blocking) to deal with, and theoretical attacks by large scale bot nets on BGP Is not something that will keep me up at night.
Even without NAT, I would still have to know which ports to open in the firewall (you are not suggesting that I should be without a firewall, right?).
Why not as a home user? Do you seriously think your $20 NAT box, with the last firmware update 2003 is more secure than your OS? If your system has the port closed you have nothing to worry about. If the port is open it should be open in the firewall anyway.
Don't fall in the trap of secure/DMZ/insecure networks. We have known for decades that that security model is extremely weak. Harden your systems instead.
It's bad design to not trust the header of the packet and embed the copy of the IP address inside the data section of the packet. There is very little reason to do so and should not be done unless really needed.
FTP and other protocols with embedded IP addresses is the only thing that NAT breaks. Try sending a few fragmented TCP packets over a NAT box and see what happens... (Hint: This is a common reason for bad performance and connection problems for home users behind NAT)
OTOH, with NAT, I can make example.com:80 and example.com:21 actually be different servers without resorting to www.example.com and ftp.example.com.
And why would you want to stick something as broken as NAT into your server infrastructure? You can just as well do it properly with a proxy or load balancer, most likely with better performance as well.
Or, I could make two external IPs point to a single server.
Ever heard of Multihoming? I have servers running with 20 ip addresses, and no NAT in sight.
I could also make example.com:80 and example1.com:80 be one server, while example.com:21 and example1.com:21 be another one.
Which you can do just as well with a proxy or load balancer.
I can also load balance two internet connections with no cooperation from the ISPs.
Okay, you got me. You can do IPv4 transparent load balancing on flow level between different ISPs using NAT. That is hard to do without it. Not that such load balancing tends to work very well (servers tend to bind your identity to the IP address, breaking stuff like authentication).
The alternative is using a transport protocol actually built for Mobility, like SCTP. Or IPv6 with mobility extensions. And then you suddenly don't need NAT and things will actually work...
Or, I can have a transparent proxy.
See, all that fun stuff needs NAT. Not just making a bunch of computers use only one external IP.
No, you don't need NAT for it. NAT is an ugly hack to solve a very specific problem created by ISPs trying to prevent customers from having too many systems connected. A hack that many unskilled network administrators use as their golden hammer. NAT is something holding us back, locking us into a situation were we can not deploy new protocols and systems that the Internet badly needs.
NAT boxes is a primary reason that IPv6 deployment is going so slowly. And these boxes will really hurt us in the coming years.
There is no security benefit of NAT, but NAT offers some conveniences too, at the price of breaking a few badly designed protocols.
Badly designed protocols like TCP and UDP? The convenience of not distributing enough IP addresses to your customers? (which is the primary reason NAT is in use...)
NAT breaks a vast majority of transport protocols to a larger or smaller degree. In some cases the NAT box can repair most of the connection, making it "kind of" work, but don't be fooled. NAT Breaks stuff. Badly and in unpredictable ways. The day we slay NAT is the day that we will get rid of one of the largest sources of connection problems on the internet.
One of the truly fundamental design decisions of IP was that the network should not keep any state about a connection, nor should the network modify anything but a few fields in the header (TTL, Fragmentation and Checksum). This was one of the primary reason IP won. Anything that breaks this paradigm brings us closer to the the horror that is Telecom style protocols.
Asking me to sign a waiver should a surgeon about to cut me open be tired seems only like a CYA policy. I can't make an informed decision, and I am most likely in distress and need of the surgery and saying no would delay it.
I am already putting a huge amount of trust in his abilities, and that includes him being able to decide if he skilled and in shape to do the operation or not. If I can't trust my doctor to make that decision I can't trust him to operate at me anyway. Therefor this seems completely pointless.
The small airports serve multiple functions. Among the most important is that they give pilots a reasonable chance to log flight hours and get the practice the pilots need before being licensed get into passenger airplanes, they serve as a good spot for emergency landings and they are a way to get high priority goods and personnel to the right place as fast as possible.
I don't know if you have ever needed a transport _RIGHT NOW_. I have, and I have thanked my lucky star that we have an airport nearby. These small airports serve an important function in these cases. For example medical transports and spare parts for the industry.
Significantly increasing the price to use the small airports would push the majority of them from "unprofitable" to "shut down", which would be a loss to everybody involved. Sometimes it is worth paying a bit extra to keep infrastructure up and running. You save money and keep your country competitive in the long run.
The human brain is not good at memorizing strings. I deal with well over 100 passwords a normal week. Assuming, generously, a 6 month timeout it would mean memorizing new passwords every few days. I have better things to do with my life. Much better things. As does the vast majority of users, which is why any company with short password timeout find that the passwords are either on post-it notes under the keyboards or a variation of "anna-December01".
If your system demands high security a passwords are not suitable anyway. You should be going for multi-factor authentication, not make the passwords longer or time out more often.
But, you might say, shouldn't changing passwords limit my exposure in an networked environment?
Well, there are a few alternatives. If you store your passwords in an insecure manner (postit under the keyboard, your secretary etc...) then you have allready lost. Anybody can grab your password when they need it. If you keep them secure (memorized), but worry about some server being hacked there are two allternatives: Either you have the same password everywhere, and then updating the password won't change anything, as the attacker will have your password the moment you update it. Or you have different passwords, and then it server where you updated it will still be compromized, but the rest still secure.
If you send your passwords in clear text over the network and worry about sniffing you don't care about the security.
In the end, passwords are simple security mechanisms for discuraging causual abuse of systems. Make sure they do not fall to a trivial brute-force attack and move on. If you need real security you will have to look beyond passwords anyway.
The way scheduling works in vmWare (and most other virtualization systems) you don't want to create VM's with a huge number of cores. When the VM runs you need to allocate 4 cores to it, and never less. Assume a simple scenario:
CPU: 8 cores VM1: 4 cores VM2: 4 cores
In this scenario VM1 and VM2 will almost never run at the same time, as the Dom0 tends to eat a little bit of CPU, interupting the virtual machines. Also, even if there is no load on the VM they will eat 4 cores.
You should not allocate multiple cores to a VM unless it is constantly heavily loaded. Extra cores have significantly penalties for system performance in many cases. The limit to 4 cores per VM is actually a sane limit for a wast majority of systems.
For stable server virtualization vmWare ESXi is pretty much the king at the moment, unless you want to pay an insane amount. It's free (as in beer) stable, easy to manage, fast and scalable. Sadly the management tools are windows only, I highly recommend it, if you have suitable hardware.
For workstations it's a bit less clearcut. Generally you want a primary OS in your workstation where you do most of your work, and secondary OS that you boot up in a virtualized environment. The three primary choises are KVM, XEN and OpenVS. They all have performance penalties, and I am not aware of any clear cut advantage for any of the three. I would suggest you go with what is default in your favourite linux distribution, as maintaining virtualization infrastructure isn't an especially fun task.
Historical reasons mostly. Migrating to a new IP plan is far from trivial in a large scale network. The amount of work they would have to do to return that/8 is in no way proportional to the "gain" of delaying forced IPv6 introduction by a few weeks. It's easy to blame the early adopters for getting large amounts of IP addresses assigned, but when you look at it from a historical perspective it does make sense. Early adopters of internet technologies were assigned a large amount of resources, simplifying the deployment before there were good technologies to deal with the issues.
By the way, Class A/B/C networks is a historical term and makes no sense since we introduced CLIDR in 1993, taking away their magic status. It just confuses people now.
The technical term for it is "ACK Compression", if you want to google for solutions. Typically the problem is not packet loss. Thanks to fast retransmit TCP handles packetloss reasonably well. Instead the problem is that the ACK packets get stuck in the buffer and significantly delayed, which hampers TCP performance.
Also note that is you are joining a swarm with mostly US users you shouldn't expect to get a fast download. Most of the users are still on heavily asymmetric connections, so they can't feed you data especially fast.
Kalle is 00:23:6c:8a:75:26 Oscar is 00:21:b7:24:52:18
Sep 22 17:04:08 husky dhcpd[2673]: DHCPREQUEST for 192.168.0.74 from 00:23:6c:8a:75:26 via re0 Sep 22 17:04:09 husky dhcpd[2673]: DHCPACK on 192.168.0.74 to 00:23:6c:8a:75:26 via re0 Sep 22 22:29:37 husky dhcpd[2673]: DHCPRELEASE of 192.168.0.74 from 00:23:6c:8a:75:26 via re0 (found) Sep 22 22:29:37 husky dhcpd[2673]: DHCPRELEASE of 192.168.0.74 from 00:23:6c:8a:75:26 via re0 (found) Sep 22 22:29:37 husky dhcpd[2673]: Released lease for IP address 192.168.0.74 Sep 22 22:30:18 husky dhcpd[2673]: DHCPDISCOVER from 00:21:b7:24:52:18 via re0 Sep 22 22:30:18 husky dhcpd[2673]: DHCPOFFER on 192.168.0.74 to 00:21:b7:24:52:18 via re0 Sep 22 22:30:20 husky dhcpd[2673]: DHCPREQUEST for 192.168.0.74 from 00:21:b7:24:52:18 via re0 Sep 22 22:30:20 husky dhcpd[2673]: DHCPACK on 192.168.0.74 to 00:21:b7:24:52:18 via re0 Sep 22 22:34:37 husky dhcpd[2673]: DHCPRELEASE of 192.168.0.74 from 00:21:b7:24:52:18 via re0 (found) Sep 22 22:34:37 husky dhcpd[2673]: DHCPRELEASE of 192.168.0.74 from 00:21:b7:24:52:18 via re0 (found) Sep 22 22:34:37 husky dhcpd[2673]: Released lease for IP address 192.168.0.74
Given this data, please tell me which user had 192.168.0.74 at Sep 22 22:30...
Finding out how the switching fabric in a large network is configured at a point in time is a non-trivial problem. To this you should add that you don't know the precision of clocks involved, nor do you know if one of your users suddenly changed their MAC address. Possible you can log MAC address-port allocation, but even this is a very crude tool, as you have to match this logging information against your DHCP logs and then make sure that nobody was cheating the system by hard configuring an IP so it wasn't handed out by DHCP (remember: dumb switches are common in the last mile!)
I don't envy anybody having to build such a system that can stand up to any scrutiny.
On the acute side: * Plants have a nice, thick, outer layer (compared to your skin) which blocks a lot of potentialy dangerous radition. * Every single cell in a plant has a cellulose based cell wall which can soak up a lot of damage compared to your cells. * Plants don't move nearly as much stuff around inside them, ensuring dangerous particles mostly stay on the outside.
On the chronic side: * Plants don't have nearly as many specialized, quickly dividing, cells that a stray alpha particle can turn into cancer. * Plants have a much slower metabolism rate, giving them a better chanse to survive should cancer develop.
Technically it's possible to do what you want to do, but to avoid leaking information and get good performance you have to use non-trivial cipher modes. I suggest you have a look at the documentation for TrueCrypt, which covers most of the mathematics:
The problems you are likely to run into are related to the handling of identical data in several files. A naive implementation will leak a lot of information.
I think you are confusing the Captain/first officer with the PF/PNF. Normally the PF/PNF tasks swaps between the captain and the first officer. On short trips it's often one of them that is PF the whole way, on longer trips the task shifts between them (for example, the Captain can be PF during takeoff and the first hour, the first officer PF during the landing).
Of course, on the job training is a part of being 1st officer...
In the cockpit you have two pilots for a reason. One is PF (Pilot Flying). One is PNF (Pilot Not Flying). The PF is responsible for actually flying the plane. The PNF is responsible for all the checks and offloading to ensure the pilot can take care of the plane. He reads the checklists, handles communication and everything else. And even with this set of checks one of the most common causes of accidents is "Pilot Error". Removing the checking function of the PNF in that situation is beyond insane. It would take us back 30 years in aircraft security and completely ignores the whole CRM (Cockpit Resource Management) concept. You should think of removing the CNF as making a law that all drivers on the road must speak in their mobile phone and fiddle with the radio while driving.
Also, better technology has not made airplanes easier to fly. It has made them safer and more powerful, but not easier. It's like claiming that a modern nuclear powerplant doesn't need any engineers because it's all automatic... Planes are large and very complex machines. More technology means more failure modes.
Slashdot Mirror
Well, when the other guy is sitting in a helicopter or plane and trying to pick where to drop the bombs you don't care too much about noise... But you do care a lot about IR.
1.Do something like what they did in the second world and escort civilian ships through the (relatively small) danger zone. Any pirates that show up get to find out just what the massive deck gun or missile launcher of a navy destroyer does to a small pirate boat. Enough pirates will get back to Somalia and tell all their pirate buddies about it that many will think twice about taking the risk.
The zone is not very small. Pirates strike half way to India and down by madagaskar. We are talking about an area about half the size of the USA to monitor and convoy ships through. In addition, convoys are not very efficient against pirates. Ship-to-ship missiles and deck cannons are designed to hit ships, not small motorboats... which means you have to get close to stop the pirates. Not an easy task if you have a convoy of perhaps 30 ships to watch over and the pirates show up with 10 boats. And once the pirates are aboard a ship it gets a lot more complicated, as they can use the crew as a shield.
Or another alternative would be to provide guns (or armed officers) on shops as they enter the danger zone and remove them when they leave. Any pirates that try to board get shot at with a large caliber rifle. I am not a Somali pirate but I suspect even Somali pirates dont like being shot at (and possibly seriously injured or killed).
When the options are "starvation or earn the equivalent of $100 million in the local currency" people suddenly get much more likely to take risks. Being shot is a risk they accept. In addition, you are talking about starting a shootout between a few sailors and a bunch of random people from a country in civil war. It's not especially certain that the sailors will win that shootout.
2.Apply international pressure on the government of Somalia to clean up its act and clear things out. Offer them incentives (foriegn aid, support to eliminate the warlords and guns or whatever else) if they are willing to clean up their country and stop the pirates.
Government? Somalia? The closest thing you will find is the Islamic Courts Union, which is a radical Islamic group. They do stop piracy, but I kind of doubt anybody in the western world wants to support them. In fact a lot has been done to arm everybody else in an effort to stop the ICU.
and 3.Offer direct aid to the Somali people (aid that comes with checks to make sure it ends up in the hands of the right people and not the warlords). Find things the Somali fishermen-turned-pirates can use to earn a legitimate living. If they have enough money to live off without piracy, they are much less likely to take the risk (especially given #1 above).
How? You have no banking system in Somalia, no working government. It is extremely hard to distribute aid in that situation. The waters outside Somalia are outfished, and it will take generations before the fishery industry recovers.... Not to mention that the large amount of toxic waste dumped in the water will prevent them from selling the fish.
These people arent terrorists, they have no political agenda, they are only in it because they feel like they have no other choice if they want to survive. So you attack in 3 ways, you increase the risks for the pirates (so that the risk vs reward equation changes), you offer them incentives to stop being pirates and you apply political pressure to the government to make it illegal (if it isn't already) and to enforce the law.
No, they are not terrorists, but sadly none of the methods you mentioned are likely to have a large effect on the current situation.
If the law in Somalia doesn't make piracy illegal, it should be changed. And it should specify that any pirates who are caught have their ships impounded by the government and destroyed/sunk/on-sold.
There is no law in Somalia as there is no unified governement. The closest thing is a Sharia based law in the ICU region, which is mostly in the south. They have taken a stance against piracy.
And students (in my experience especially those from the American and Asian educational systems) demand lazy teachers. I design 4 exams a year on master level for a mixed group of students and I have noticed that students want the same questions as last year, with a few variables changed. The moment you ask students to do something that has not been covered in exactly that format in the course and previous exams you get complaints.
For the higher grades I demand that the students can apply their knowledge in practical scenarios. This is something most students find extremely hard, as it requires them to apply what they have learned in the course in a new way and not just barf up what they have memorized on the paper which is what high school and undergraduate education trains them to do. Few students like hard and unpredictable tasks, even if the grading is generous.
Students might claim that they want deeper and more original questions, but I have statistics indicating that introducing original, open ended, questions on an exam decreases the perceived "fairness" (that the exam does not overly favour some group of students), "coverage" (that all the course material is accurately covered by the exam), "representativity" (that the result of the exam gives a good representation of the individual student performance) as well as overall "quality".
Layman explanation, not nonsense.
Your eye protection reflexes does not trigger as well on monochromatic light as it does on light with a broader spectrum, even if the laser happens to be in the visible spectrum. In addition the laser does not have as much chromatic aberration, which significantly increases the risk of damage to the eye. There is a reason we classify lasers for their risk of eye damage but not other sources of light.
If we deliver the same energy to the same area of the retina there will indeed be the same amount of damage, as the damage is primarily from heating. But it is a lot harder to deliver that energy if you use a flashlight compared to a laser.
I recommend reading http://en.wikipedia.org/wiki/Laser_safety
A laser is very concentrated light, further focused by the eye, which is why it will cause burning damage to the retina.
This is similar to the flash-bang grenade. A very strong difuse source of light will drain your retina of the signal substance it uses to detect light, and it takes the body considerable time to produce new signal substance. Fire a camera flash in your own face and you can experience a mild form of the effect.
Thereby not said anything about the viability of the product. I doubt something that can be stopped with sunglasses will replace tasers any time soon.
Yes, we are running out of IPv4 addresses, but the ISP's couldn't care less. It doesn't cost anything to request an extra /16 from your local RIR. And a company doesn't spend money building systems to conserve something that is free. It's not like "we preserve IPv4 address space" makes great marketing.
You know that the primary reason that most ISP's originally limited their customers to a single IP address was to make connection sharing more complicated, right? Today they might claim it is to "conserve IP addresses" or some other BS, but don't let that fool you.
The ISP's would happily charge you per system if they could figure out how.
As I said, I don't know if he is guilty or not. But at this point I doubt he will get a fair trial in Sweden. Nobody will be satisfied with the result, regardless of what it is. He is not getting the same treatment as Sven Svensson would get if suspected of the same crime, which makes me very suspicious.
Historically Sweden has had a very high profile independence in international matters. But this have been strongly eroded the last ten years or so. We have had some rather spectacular scandals, including Swedish security police helping the CIA send refugees from Sweden to Egypt where they were tortured in secret prisons. So, we have reason to suspect parts of our government not to act in the best interest of the people living in Sweden and instead give priority to US foreign interests.
There is a significant difference between ally and lapdog. You can do a lot with your lapdogs you can't do with your allies.
I don't know if he is guilty or not. But the whole case have been handled in a strange, high profile, way all the way, which hints that there is a lot of political pressure involved. And that is not good for our legal system here in Sweden.
I am not sure if you are aware of it, but the USA is a foreign country...
Read this:
http://www-users.cs.umn.edu/~schuch/papers/lci-ndss.pdf
Then read this:
http://www.phdcomics.com/comics.php?f=1174
It's a simulation of the impact of a coordinated attack on BGP. We know since a long time back that BGP is vulnerable to a number of attacks, this being one of them. The researcher has done a good job with the simulations and putting numbers on it.
Nothing else to see here, move along. The writer of the news article has no idea what he/she is talking about. We have much larger stability issues (such as Network Neutrality, IPv6 swap over and government blocking) to deal with, and theoretical attacks by large scale bot nets on BGP Is not something that will keep me up at night.
Even without NAT, I would still have to know which ports to open in the firewall (you are not suggesting that I should be without a firewall, right?).
Why not as a home user? Do you seriously think your $20 NAT box, with the last firmware update 2003 is more secure than your OS? If your system has the port closed you have nothing to worry about. If the port is open it should be open in the firewall anyway.
Don't fall in the trap of secure/DMZ/insecure networks. We have known for decades that that security model is extremely weak. Harden your systems instead.
It's bad design to not trust the header of the packet and embed the copy of the IP address inside the data section of the packet. There is very little reason to do so and should not be done unless really needed.
FTP and other protocols with embedded IP addresses is the only thing that NAT breaks. Try sending a few fragmented TCP packets over a NAT box and see what happens... (Hint: This is a common reason for bad performance and connection problems for home users behind NAT)
OTOH, with NAT, I can make example.com:80 and example.com:21 actually be different servers without resorting to www.example.com and ftp.example.com.
And why would you want to stick something as broken as NAT into your server infrastructure? You can just as well do it properly with a proxy or load balancer, most likely with better performance as well.
Or, I could make two external IPs point to a single server.
Ever heard of Multihoming? I have servers running with 20 ip addresses, and no NAT in sight.
I could also make example.com:80 and example1.com:80 be one server, while example.com:21 and example1.com:21 be another one.
Which you can do just as well with a proxy or load balancer.
I can also load balance two internet connections with no cooperation from the ISPs.
Okay, you got me. You can do IPv4 transparent load balancing on flow level between different ISPs using NAT. That is hard to do without it. Not that such load balancing tends to work very well (servers tend to bind your identity to the IP address, breaking stuff like authentication).
The alternative is using a transport protocol actually built for Mobility, like SCTP. Or IPv6 with mobility extensions. And then you suddenly don't need NAT and things will actually work...
Or, I can have a transparent proxy.
See, all that fun stuff needs NAT. Not just making a bunch of computers use only one external IP.
No, you don't need NAT for it. NAT is an ugly hack to solve a very specific problem created by ISPs trying to prevent customers from having too many systems connected. A hack that many unskilled network administrators use as their golden hammer. NAT is something holding us back, locking us into a situation were we can not deploy new protocols and systems that the Internet badly needs.
NAT boxes is a primary reason that IPv6 deployment is going so slowly. And these boxes will really hurt us in the coming years.
There is no security benefit of NAT, but NAT offers some conveniences too, at the price of breaking a few badly designed protocols.
Badly designed protocols like TCP and UDP?
The convenience of not distributing enough IP addresses to your customers? (which is the primary reason NAT is in use...)
NAT breaks a vast majority of transport protocols to a larger or smaller degree. In some cases the NAT box can repair most of the connection, making it "kind of" work, but don't be fooled. NAT Breaks stuff. Badly and in unpredictable ways. The day we slay NAT is the day that we will get rid of one of the largest sources of connection problems on the internet.
One of the truly fundamental design decisions of IP was that the network should not keep any state about a connection, nor should the network modify anything but a few fields in the header (TTL, Fragmentation and Checksum). This was one of the primary reason IP won. Anything that breaks this paradigm brings us closer to the the horror that is Telecom style protocols.
Asking me to sign a waiver should a surgeon about to cut me open be tired seems only like a CYA policy. I can't make an informed decision, and I am most likely in distress and need of the surgery and saying no would delay it.
I am already putting a huge amount of trust in his abilities, and that includes him being able to decide if he skilled and in shape to do the operation or not. If I can't trust my doctor to make that decision I can't trust him to operate at me anyway. Therefor this seems completely pointless.
I
The small airports serve multiple functions. Among the most important is that they give pilots a reasonable chance to log flight hours and get the practice the pilots need before being licensed get into passenger airplanes, they serve as a good spot for emergency landings and they are a way to get high priority goods and personnel to the right place as fast as possible.
I don't know if you have ever needed a transport _RIGHT NOW_. I have, and I have thanked my lucky star that we have an airport nearby. These small airports serve an important function in these cases. For example medical transports and spare parts for the industry.
Significantly increasing the price to use the small airports would push the majority of them from "unprofitable" to "shut down", which would be a loss to everybody involved. Sometimes it is worth paying a bit extra to keep infrastructure up and running. You save money and keep your country competitive in the long run.
Frankly, the answer is almost always "Never"
The human brain is not good at memorizing strings. I deal with well over 100 passwords a normal week. Assuming, generously, a 6 month timeout it would mean memorizing new passwords every few days. I have better things to do with my life. Much better things. As does the vast majority of users, which is why any company with short password timeout find that the passwords are either on post-it notes under the keyboards or a variation of "anna-December01".
If your system demands high security a passwords are not suitable anyway. You should be going for multi-factor authentication, not make the passwords longer or time out more often.
But, you might say, shouldn't changing passwords limit my exposure in an networked environment?
Well, there are a few alternatives. If you store your passwords in an insecure manner (postit under the keyboard, your secretary etc...) then you have allready lost. Anybody can grab your password when they need it. If you keep them secure (memorized), but worry about some server being hacked there are two allternatives: Either you have the same password everywhere, and then updating the password won't change anything, as the attacker will have your password the moment you update it. Or you have different passwords, and then it server where you updated it will still be compromized, but the rest still secure.
If you send your passwords in clear text over the network and worry about sniffing you don't care about the security.
In the end, passwords are simple security mechanisms for discuraging causual abuse of systems. Make sure they do not fall to a trivial brute-force attack and move on. If you need real security you will have to look beyond passwords anyway.
The way scheduling works in vmWare (and most other virtualization systems) you don't want to create VM's with a huge number of cores. When the VM runs you need to allocate 4 cores to it, and never less. Assume a simple scenario:
CPU: 8 cores
VM1: 4 cores
VM2: 4 cores
In this scenario VM1 and VM2 will almost never run at the same time, as the Dom0 tends to eat a little bit of CPU, interupting the virtual machines. Also, even if there is no load on the VM they will eat 4 cores.
You should not allocate multiple cores to a VM unless it is constantly heavily loaded. Extra cores have significantly penalties for system performance in many cases. The limit to 4 cores per VM is actually a sane limit for a wast majority of systems.
For stable server virtualization vmWare ESXi is pretty much the king at the moment, unless you want to pay an insane amount. It's free (as in beer) stable, easy to manage, fast and scalable. Sadly the management tools are windows only, I highly recommend it, if you have suitable hardware.
For workstations it's a bit less clearcut. Generally you want a primary OS in your workstation where you do most of your work, and secondary OS that you boot up in a virtualized environment. The three primary choises are KVM, XEN and OpenVS. They all have performance penalties, and I am not aware of any clear cut advantage for any of the three. I would suggest you go with what is default in your favourite linux distribution, as maintaining virtualization infrastructure isn't an especially fun task.
Historical reasons mostly. Migrating to a new IP plan is far from trivial in a large scale network. The amount of work they would have to do to return that /8 is in no way proportional to the "gain" of delaying forced IPv6 introduction by a few weeks. It's easy to blame the early adopters for getting large amounts of IP addresses assigned, but when you look at it from a historical perspective it does make sense. Early adopters of internet technologies were assigned a large amount of resources, simplifying the deployment before there were good technologies to deal with the issues.
By the way, Class A/B/C networks is a historical term and makes no sense since we introduced CLIDR in 1993, taking away their magic status. It just confuses people now.
The technical term for it is "ACK Compression", if you want to google for solutions. Typically the problem is not packet loss. Thanks to fast retransmit TCP handles packetloss reasonably well. Instead the problem is that the ACK packets get stuck in the buffer and significantly delayed, which hampers TCP performance.
Also note that is you are joining a swarm with mostly US users you shouldn't expect to get a fast download. Most of the users are still on heavily asymmetric connections, so they can't feed you data especially fast.
Okay, I will bite.
Kalle is 00:23:6c:8a:75:26
Oscar is 00:21:b7:24:52:18
Sep 22 17:04:08 husky dhcpd[2673]: DHCPREQUEST for 192.168.0.74 from 00:23:6c:8a:75:26 via re0
Sep 22 17:04:09 husky dhcpd[2673]: DHCPACK on 192.168.0.74 to 00:23:6c:8a:75:26 via re0
Sep 22 22:29:37 husky dhcpd[2673]: DHCPRELEASE of 192.168.0.74 from 00:23:6c:8a:75:26 via re0 (found)
Sep 22 22:29:37 husky dhcpd[2673]: DHCPRELEASE of 192.168.0.74 from 00:23:6c:8a:75:26 via re0 (found)
Sep 22 22:29:37 husky dhcpd[2673]: Released lease for IP address 192.168.0.74
Sep 22 22:30:18 husky dhcpd[2673]: DHCPDISCOVER from 00:21:b7:24:52:18 via re0
Sep 22 22:30:18 husky dhcpd[2673]: DHCPOFFER on 192.168.0.74 to 00:21:b7:24:52:18 via re0
Sep 22 22:30:20 husky dhcpd[2673]: DHCPREQUEST for 192.168.0.74 from 00:21:b7:24:52:18 via re0
Sep 22 22:30:20 husky dhcpd[2673]: DHCPACK on 192.168.0.74 to 00:21:b7:24:52:18 via re0
Sep 22 22:34:37 husky dhcpd[2673]: DHCPRELEASE of 192.168.0.74 from 00:21:b7:24:52:18 via re0 (found)
Sep 22 22:34:37 husky dhcpd[2673]: DHCPRELEASE of 192.168.0.74 from 00:21:b7:24:52:18 via re0 (found)
Sep 22 22:34:37 husky dhcpd[2673]: Released lease for IP address 192.168.0.74
Given this data, please tell me which user had 192.168.0.74 at Sep 22 22:30...
Finding out how the switching fabric in a large network is configured at a point in time is a non-trivial problem. To this you should add that you don't know the precision of clocks involved, nor do you know if one of your users suddenly changed their MAC address. Possible you can log MAC address-port allocation, but even this is a very crude tool, as you have to match this logging information against your DHCP logs and then make sure that nobody was cheating the system by hard configuring an IP so it wasn't handed out by DHCP (remember: dumb switches are common in the last mile!)
I don't envy anybody having to build such a system that can stand up to any scrutiny.
On the acute side:
* Plants have a nice, thick, outer layer (compared to your skin) which blocks a lot of potentialy dangerous radition.
* Every single cell in a plant has a cellulose based cell wall which can soak up a lot of damage compared to your cells.
* Plants don't move nearly as much stuff around inside them, ensuring dangerous particles mostly stay on the outside.
On the chronic side:
* Plants don't have nearly as many specialized, quickly dividing, cells that a stray alpha particle can turn into cancer.
* Plants have a much slower metabolism rate, giving them a better chanse to survive should cancer develop.
In general, plants are very hardy compared to animals, but they are not invulnerable. See http://en.wikipedia.org/wiki/Red_Forest
Technically it's possible to do what you want to do, but to avoid leaking information and get good performance you have to use non-trivial cipher modes. I suggest you have a look at the documentation for TrueCrypt, which covers most of the mathematics:
http://www.truecrypt.org/docs/
The problems you are likely to run into are related to the handling of identical data in several files. A naive implementation will leak a lot of information.
I think you are confusing the Captain/first officer with the PF/PNF. Normally the PF/PNF tasks swaps between the captain and the first officer. On short trips it's often one of them that is PF the whole way, on longer trips the task shifts between them (for example, the Captain can be PF during takeoff and the first hour, the first officer PF during the landing).
Of course, on the job training is a part of being 1st officer...
Well, it is ridiculous.
In the cockpit you have two pilots for a reason. One is PF (Pilot Flying). One is PNF (Pilot Not Flying). The PF is responsible for actually flying the plane. The PNF is responsible for all the checks and offloading to ensure the pilot can take care of the plane. He reads the checklists, handles communication and everything else. And even with this set of checks one of the most common causes of accidents is "Pilot Error". Removing the checking function of the PNF in that situation is beyond insane. It would take us back 30 years in aircraft security and completely ignores the whole CRM (Cockpit Resource Management) concept. You should think of removing the CNF as making a law that all drivers on the road must speak in their mobile phone and fiddle with the radio while driving.
Also, better technology has not made airplanes easier to fly. It has made them safer and more powerful, but not easier. It's like claiming that a modern nuclear powerplant doesn't need any engineers because it's all automatic... Planes are large and very complex machines. More technology means more failure modes.