I have been working on a similar network for some time, and dealt with similar problems. I don't know if these are optimal solutions, but here is how we are doing it:
First of all, we have build a simple management system based around SNMPv3. You want this. Take a course in enterprise management or read up on it yourself. The day you stop writing scripts and use a management system instead is the day when you begin to come out on top of the problem. OpenWBEM can be a start if you want to know what can be done.
Here is our setup: Incoming connections are blocked. There has been a discussion about removing this block and allowing "safe" ports. At the moment the issue is rather pointless as we are behind a NAT due to lack of IP space. Outgoing connections to DNS, SMTP and HTTP/HTTPS are filtered to force people to use our servers. Some of the more notorious p2p protocols are capped to keep the bandwidth usage from going insane.
We have a central register of users. To use the network you have to register and pay a symbolic sum each month. Then you get access to the connection in your room. You are responsible for what happens from your connection. This register gives us an easy way to contact users. To be allowed to join the network you have to sign a paper stating what you are allowed to do and not do. Our TOS are pretty restrictive, but without them we wouldn't be able to manage the net.
After some network outages (Code Red...) we have implemented a quarantine VPN. We have several IDS spread out, and if they detect a computer spreading malware they move the computer to the quarantine VPN. On this VPN the computer can/ONLY/ connect to the DNS server and the HTTP/HTTPS proxy server. This server provides the user with a message about the computer being infected, links to several sites with patches, free AV and updates. And a note that they will have to contact an administrator to get access renewed. The user can continue browsing freely, but don't do anything else. If they want to get back to the usual network they have to clean up their computer.
We also have several special checks for "evilness", most important rouge DHCP servers and ARP spoofing. Anybody caught by these simply get their connection pulled until they have explained themselves. Administrators are notoriously slow when it comes to returning connection to people knowingly doing malicious things on the network.
The storage capacity depends heavily on what you are talking about. Remember that the ship will likely be anchored. So it will only need oil for generators. The only supplies that will be a problem are fresh food.
Your guess on the cost of a support ship seems very much off. I see no reason they should need more than 200 tons of supplies a day (and such a small transport costs more like ~1500 a day). Doing a trip of 12nm at 12 knots (normal speed for a small transport) takes 1 hour. Add 2 hours for loading/unloading and you end up with a 4-hour return trip. Doing two trips a day will not be a problem.
They can use microwave links or radio. Underwater cables are expensive, but not hideously so. 12 nm is not a long distance. Using an underwater cable and connect it to a buoy is not an unheard of solution.
How far out they will place the ship probably depends on what zone they want to be inside. It's 12 nm for territorial waters. US claims 24 nm for the contiguous zone and 200 nm for the economic zone. I would guess they would place the ship in the economic zone, just over 12 nm (22km) out.
Security? Piracy? They are still in the US economic zone and can call up on the US costal guard and the US navy for help. They also has to register the ship somewhere, gaining an legal system along the way (normally the laws of the home country are used on a ship when not inside territorial waters. Inside territorial waters it gets more complicated).
Safety depends on the country where the ship is registered. Panama and Philippines have very low demands. Norway, Sweden and England considerably higher demands. Two week training is a very small investment compared to the other cost of keeping an employee.
Waste? That is not very much. It can easily be transported back. Sewage? You are at the sea. You simply dump it into the water and let the fishes eat it. If you want to be environmental friendly you take care of the black water (read: shit), transporting it back and filter the grey water (from showers, cleaning etc.) before dumping it. Did you think a carrier brought along the shit from 2000 persons until the next visit at a harbour (in 6 months...)
For the last two, remember that it's not unusual for sailors to work for 6 months. You work 6 months (with a good pay), and then you are home for 6 months. I think there are a lot of coders who don't mind taking 6 months, working 100% with a project, and then returning home for a 6-month vacation.
Visas and such? Give them seaman passports, if they are still recognized in the US. Otherwise they only need a permission to travel through the country, not impossible to get (even if it gets harder).
This seems like a project to employ coders more after the rules seamen has lived under for hundreds of years. If it will be successful or not I have no idea, but it's certainly doable. There are no major technical challenges. If you want a technical challenge, then you should look at staffing an oilrig.
Well, this is mostly a matter of writing sane laws. It's far easier and better to create a law that states that products containing peanuts should have a special text, than it is to create a law that states that a product containing peanuts should have a special text unless it's named peanuts.
The later opens a can of worms: Suddenly people can claim that it should be obvious that their "Pistachio Icecreame" contains peanuts (to mention something that killed a girl I knew. She had eaten the same brand for years to stay safe, and then they changed the recipe...)
If you really want something tough I would suggest going for the multi-layer approach. It has kept my laptops alive through some quite rough years.
Start with the laptop. Add a first layer of protection in the form of a thin, padded "laptop cover". This also helps keep water away. Then put it all into one of those standard laptop bags of the thin sort, togeather with all the equipment. Then put this into the backpack. I am using a cheap and rather worn Eiger 30 for this. There is also enough space for a few books and a lunch box.
The end result is a laptop that's protected from most of the things you can imagine. I have bicycled to the university like this for a few years and it has survived some rather nasty accidents. It has also survived heavy rains (it never gets through the laptop bag) and even a quick bath (don't ask...).
This is probably partly due to the excellent quality of the ASUS (M2400) laptop, but also due the many layers of protection. Not to mention that it's a very cheap solution compared to a specialized bag.
Once upon the time spam through faxes was a hideous problem. But now it's rather rare. The combination of effective laws, enforcement of said laws and new tech actually stopped the spam.
It is months since I last got any fax spam, and had to respond with the usual 1000 pages of "Do not send advertising to this phone number". Using a modem that goes rather quick.
What we need is effective laws (forget the current). We need effective enforcement of said laws. Make it the ISP's responsibility to filter outgoing mail. If a user wants to run an SMTP server he will have to ask the ISP for permission and take responsibility for it. Make sure the fines/HURT/. Spam is one of the few kinds of crime where the punishment actually can be an effective deterrent, together with other economic crimes.
Last, and most important, people will have to stop the attitude of "Filter and try to survive". Begin striking at the source. Cutting of spammers from their income or raising the costs are both good ways. If they have a homepage, drain their bandwidth. Download it a couple of million times. Bandwidth is expensive. Try to get their payment systems revoked so they can't take payments. Snail mail addresses? Those are vulnerable. Anything that earns the spammer money should be targeted and shut down.
Here in Sweden fake invoices was a huge problem, until the company that handles most of the payments began freezing any account associated with such. In a matter of weeks the problem more or less disappeared. If this were possible with spam we would have a much easier life.
There is still a lot that can, and should be done. But if mail as a system is to survive we will have to defeat spam somehow. For people will eventually give up. I can deal with 100 spam a day, but I have relatives that don't use email any more.
Actually you have a point there, but perhaps not the point you wanted to make.
Linux is a/hassle/ to install compared to windows or even unix. Even for one who does know both and use them regularly it simply takes far more time to get a linux computer up and running with a reasonably working configuration (window system, the normal set of applications etc.). I have yet to find any flavour of linux easy to install. And while I can get a windows computer up and running within a day without too much effort it often takes well over a week to set up a linux box, especially if it has unusual hardware.
If linux is to actually begin claiming the desctop market from windows this is one of the critical things that needs to change. And no, asking if the user has an Ati23192 revision B based motherboard as we need to use a special driver is not a good solution.
Using the law against those who wanted it...
on
EU Passes Nasty IP Law
·
· Score: 2, Insightful
I have not read the full suggestion yet, but all these laws that allows a company to take police actions makes me begin wondering...
What would happen if I created a recording company, published a single song and began raiding political offices and homes as we have "Proof" of them sharing our intellectual property? And raiding ISP to take their servers?
This seems to me like they are writing away an important part of the legal security and this is something to be very very affraid of when it begins happening. Giving a company the power of the police (intrusion etc) is never a good thing.
Frankly I can't see why anybody is whining over this, unless it's the instinctive MS bashing of Slashdot.
They are adding a security feature that will improve the overall security of the operating system at the cost of breaking older, insecure, applications. This is done everywhere and for some odd reason it's usually considered a good thing.
I am looking forward to this, any my question is only when this kind of features can be implemented in linux to improve the security here too... (Or is it perhaps in there allready?)
I find this lawsuit a bit interesting, for where, except the internet, would we find this kind of advertisement. Consider a road sign telling you "Danger Road blocked" and an "alternative" rout that ends in Honest Harry's gas station. Sure, you might be able to tell that it was a fake sign, but is it legal because of that?
Anything that makes the Internet easier to use and less scary for the common user without limiting anybody else is a good thing.
Slashdot Mirror
I am not sure how much help it is, but have a look at http://www.hadiko.de/hadinet/ (it's in German).
I have been working on a similar network for some time, and dealt with similar problems. I don't know if these are optimal solutions, but here is how we are doing it:
/ONLY/ connect to the DNS server and the HTTP/HTTPS proxy server. This server provides the user with a message about the computer being infected, links to several sites with patches, free AV and updates. And a note that they will have to contact an administrator to get access renewed. The user can continue browsing freely, but don't do anything else. If they want to get back to the usual network they have to clean up their computer.
First of all, we have build a simple management system based around SNMPv3. You want this. Take a course in enterprise management or read up on it yourself. The day you stop writing scripts and use a management system instead is the day when you begin to come out on top of the problem. OpenWBEM can be a start if you want to know what can be done.
Here is our setup:
Incoming connections are blocked. There has been a discussion about removing this block and allowing "safe" ports. At the moment the issue is rather pointless as we are behind a NAT due to lack of IP space. Outgoing connections to DNS, SMTP and HTTP/HTTPS are filtered to force people to use our servers. Some of the more notorious p2p protocols are capped to keep the bandwidth usage from going insane.
We have a central register of users. To use the network you have to register and pay a symbolic sum each month. Then you get access to the connection in your room. You are responsible for what happens from your connection. This register gives us an easy way to contact users. To be allowed to join the network you have to sign a paper stating what you are allowed to do and not do. Our TOS are pretty restrictive, but without them we wouldn't be able to manage the net.
After some network outages (Code Red...) we have implemented a quarantine VPN. We have several IDS spread out, and if they detect a computer spreading malware they move the computer to the quarantine VPN. On this VPN the computer can
We also have several special checks for "evilness", most important rouge DHCP servers and ARP spoofing. Anybody caught by these simply get their connection pulled until they have explained themselves. Administrators are notoriously slow when it comes to returning connection to people knowingly doing malicious things on the network.
The storage capacity depends heavily on what you are talking about. Remember that the ship will likely be anchored. So it will only need oil for generators. The only supplies that will be a problem are fresh food. Your guess on the cost of a support ship seems very much off. I see no reason they should need more than 200 tons of supplies a day (and such a small transport costs more like ~1500 a day). Doing a trip of 12nm at 12 knots (normal speed for a small transport) takes 1 hour. Add 2 hours for loading/unloading and you end up with a 4-hour return trip. Doing two trips a day will not be a problem. They can use microwave links or radio. Underwater cables are expensive, but not hideously so. 12 nm is not a long distance. Using an underwater cable and connect it to a buoy is not an unheard of solution. How far out they will place the ship probably depends on what zone they want to be inside. It's 12 nm for territorial waters. US claims 24 nm for the contiguous zone and 200 nm for the economic zone. I would guess they would place the ship in the economic zone, just over 12 nm (22km) out. Security? Piracy? They are still in the US economic zone and can call up on the US costal guard and the US navy for help. They also has to register the ship somewhere, gaining an legal system along the way (normally the laws of the home country are used on a ship when not inside territorial waters. Inside territorial waters it gets more complicated). Safety depends on the country where the ship is registered. Panama and Philippines have very low demands. Norway, Sweden and England considerably higher demands. Two week training is a very small investment compared to the other cost of keeping an employee. Waste? That is not very much. It can easily be transported back. Sewage? You are at the sea. You simply dump it into the water and let the fishes eat it. If you want to be environmental friendly you take care of the black water (read: shit), transporting it back and filter the grey water (from showers, cleaning etc.) before dumping it. Did you think a carrier brought along the shit from 2000 persons until the next visit at a harbour (in 6 months...) For the last two, remember that it's not unusual for sailors to work for 6 months. You work 6 months (with a good pay), and then you are home for 6 months. I think there are a lot of coders who don't mind taking 6 months, working 100% with a project, and then returning home for a 6-month vacation. Visas and such? Give them seaman passports, if they are still recognized in the US. Otherwise they only need a permission to travel through the country, not impossible to get (even if it gets harder). This seems like a project to employ coders more after the rules seamen has lived under for hundreds of years. If it will be successful or not I have no idea, but it's certainly doable. There are no major technical challenges. If you want a technical challenge, then you should look at staffing an oilrig.
Well, this is mostly a matter of writing sane laws. It's far easier and better to create a law that states that products containing peanuts should have a special text, than it is to create a law that states that a product containing peanuts should have a special text unless it's named peanuts. The later opens a can of worms: Suddenly people can claim that it should be obvious that their "Pistachio Icecreame" contains peanuts (to mention something that killed a girl I knew. She had eaten the same brand for years to stay safe, and then they changed the recipe...)
http://www.choppingblock.org/d/20040715.html
(I am sure Butch knows)
If you really want something tough I would suggest going for the multi-layer approach. It has kept my laptops alive through some quite rough years.
Start with the laptop. Add a first layer of protection in the form of a thin, padded "laptop cover". This also helps keep water away. Then put it all into one of those standard laptop bags of the thin sort, togeather with all the equipment. Then put this into the backpack. I am using a cheap and rather worn Eiger 30 for this. There is also enough space for a few books and a lunch box.
The end result is a laptop that's protected from most of the things you can imagine. I have bicycled to the university like this for a few years and it has survived some rather nasty accidents. It has also survived heavy rains (it never gets through the laptop bag) and even a quick bath (don't ask...).
This is probably partly due to the excellent quality of the ASUS (M2400) laptop, but also due the many layers of protection. Not to mention that it's a very cheap solution compared to a specialized bag.
From now on we will not publish any information about trafic jams, delayed trains or other disruptions in the transport systems.
Terrorists may use this information to attack our infrastructure...
Once upon the time spam through faxes was a hideous problem. But now it's rather rare. The combination of effective laws, enforcement of said laws and new tech actually stopped the spam.
/HURT/. Spam is one of the few kinds of crime where the punishment actually can be an effective deterrent, together with other economic crimes.
It is months since I last got any fax spam, and had to respond with the usual 1000 pages of "Do not send advertising to this phone number". Using a modem that goes rather quick.
What we need is effective laws (forget the current). We need effective enforcement of said laws. Make it the ISP's responsibility to filter outgoing mail. If a user wants to run an SMTP server he will have to ask the ISP for permission and take responsibility for it. Make sure the fines
Last, and most important, people will have to stop the attitude of "Filter and try to survive". Begin striking at the source. Cutting of spammers from their income or raising the costs are both good ways. If they have a homepage, drain their bandwidth. Download it a couple of million times. Bandwidth is expensive. Try to get their payment systems revoked so they can't take payments. Snail mail addresses? Those are vulnerable. Anything that earns the spammer money should be targeted and shut down.
Here in Sweden fake invoices was a huge problem, until the company that handles most of the payments began freezing any account associated with such. In a matter of weeks the problem more or less disappeared. If this were possible with spam we would have a much easier life.
There is still a lot that can, and should be done. But if mail as a system is to survive we will have to defeat spam somehow. For people will eventually give up. I can deal with 100 spam a day, but I have relatives that don't use email any more.
Actually you have a point there, but perhaps not the point you wanted to make.
/hassle/ to install compared to windows or even unix. Even for one who does know both and use them regularly it simply takes far more time to get a linux computer up and running with a reasonably working configuration (window system, the normal set of applications etc.). I have yet to find any flavour of linux easy to install. And while I can get a windows computer up and running within a day without too much effort it often takes well over a week to set up a linux box, especially if it has unusual hardware.
Linux is a
If linux is to actually begin claiming the desctop market from windows this is one of the critical things that needs to change. And no, asking if the user has an Ati23192 revision B based motherboard as we need to use a special driver is not a good solution.
I have not read the full suggestion yet, but all these laws that allows a company to take police actions makes me begin wondering... What would happen if I created a recording company, published a single song and began raiding political offices and homes as we have "Proof" of them sharing our intellectual property? And raiding ISP to take their servers? This seems to me like they are writing away an important part of the legal security and this is something to be very very affraid of when it begins happening. Giving a company the power of the police (intrusion etc) is never a good thing.
Frankly I can't see why anybody is whining over this, unless it's the instinctive MS bashing of Slashdot.
They are adding a security feature that will improve the overall security of the operating system at the cost of breaking older, insecure, applications. This is done everywhere and for some odd reason it's usually considered a good thing.
I am looking forward to this, any my question is only when this kind of features can be implemented in linux to improve the security here too... (Or is it perhaps in there allready?)
I find this lawsuit a bit interesting, for where, except the internet, would we find this kind of advertisement. Consider a road sign telling you "Danger Road blocked" and an "alternative" rout that ends in Honest Harry's gas station. Sure, you might be able to tell that it was a fake sign, but is it legal because of that?
Anything that makes the Internet easier to use and less scary for the common user without limiting anybody else is a good thing.