So your opinion is based off anecdotal evidence from the elderly which goes back (I assume) less than 100 years? Even if they're right - does that even mean anything? 100 years ago is *nothing* compared to cooling and warming periods the earth has seen.
very well said - where are my mod points when I need them. let's also not forget the untold lines of code that they've contributed to the kernel and other upstream projects. anyone who thinks redhat hasn't been exceptionally good to the community is a moron.
Can you explain that a little better? In what way is kvm linux and xen isn't? I don't know much about either of the two pieces of software and I'm genuinely curious.
An average of 10% utilization sounds like a great candidate for virtualization. VMWare with DRS to consolidate guests and power down some host machines during off peak processing times.
But let's not forget that while an average of 10% is fine you still have to accommodate peak demand.
Well based on the preponderance of evidence (billions of attacks on systems exclusively from Chinese address space) it makes it harder to believe this isn't malicious.
I don't see how signing announcements stops this from happening? All that would do is make it (nearly) impossible to forge announcements. That's not and hasn't ever been a problem that I'm aware of. We know where the bad routes are coming from.
Depends on the relationship. But the easiest is Tier 1 to Tier 2 where the Tier 2 is a customer of Tier 1.
In which case, the Tier 1 should filter announcements for anything other than:
address space they gave the tier 2 isp
portable address space owned by the tier 2
address space neither owned by the tier 1 or tier 2 but for another ISP who has provided a LOA to allow the tier 2 to announce that particular address space
And to answer your other question, Apple owns 17.0.0.0/8
OrgName: Apple Inc.
OrgID: APPLEC-1-Z
Address: 20400 Stevens Creek Blvd., City Center Bldg 3
City: Cupertino
StateProv: CA
PostalCode: 95014
Country: US
"Even illicit trades like drug dealers transport their goods on public roads."
...and eat food that was given the OK by the FDA and breath air and drink water who's safety is overseen by the EPA and bought goods delivered by companies monitored by the DOT all while living in a country protected by the United States armed forces.
except that both BIG_ISP_A and BIG_ISP_B should have filtered the announcements from SMALL_CHINA_ISP and never seen routes to the two big ISP's available via SMALL_CHINA_ISP
Well these bgp sessions are customer -> provider or in a peering arrangement between provider provider. It's not like some anonymous service available to anyone. They delivered the Internet circuit to the customer. If the customer fucks up bad enough they just turn them off. When you have someone by the balls you can afford a certain level of trust.
That's not entirely true. There's lots of route filtering going on. Typically a very small ISP shouldn't be capable of doing this because their BGP announcements should be filtered by their ISP. The closer you get to the core of the Internet the more difficult this becomes as you start dealing with Tier 1 carrier's peering sessions with thousands and thousands of routes being announced and changing constantly. But those aren't the type of people who make these types of "mistakes" as we're calling it.
If we were xenophobic then wouldn't we be afraid of Pakistan and Spain in your examples? I forgive your ignorance because clearly you don't live in the US and you're not constantly deluged by the millions of attacks coming from China 24 hours a day -- but understand this: this is not an incident in isolation.
100% of my thousands of failed SSH attempts come from (Chinese) APNIC address space. I will humbly disagree with your conclusion that blocking the source of all attacks doesn't increase security. Like anything it's one layer of defense. When they start relaying it off American hosts then we'll come up with a Plan B, which will most likely be cutting off the relays, since ARIN and US companies within US jurisdiction are a little easier to work with:)
I do business with some Americans that might come from those netblocks, so I can't block them. I don't do any business with anyone in China (or a statistically negligible amount, anyway) so I can block those networks.
Without Apple the Chinese manufacturers would have nothing. Apple's business strategy, marketing, design and software development - the "magic" that actually separates Apple from every other tech company, none of this exists without Apple.
You're basically saying that if I put together a jigsaw puzzle I invented it.
Slashdot Mirror
So your opinion is based off anecdotal evidence from the elderly which goes back (I assume) less than 100 years? Even if they're right - does that even mean anything? 100 years ago is *nothing* compared to cooling and warming periods the earth has seen.
"Which, when looking at a trend over 1,000 years, means diddlyshit. "
Kind of like the warming period over the previous 85 years means diddlyshit, right?
very well said - where are my mod points when I need them. let's also not forget the untold lines of code that they've contributed to the kernel and other upstream projects. anyone who thinks redhat hasn't been exceptionally good to the community is a moron.
Can you explain that a little better? In what way is kvm linux and xen isn't? I don't know much about either of the two pieces of software and I'm genuinely curious.
Why not replace them with a (or pair, for redundancy) machine and virtualize them? Are they not physically close to one another or something?
An average of 10% utilization sounds like a great candidate for virtualization. VMWare with DRS to consolidate guests and power down some host machines during off peak processing times.
But let's not forget that while an average of 10% is fine you still have to accommodate peak demand.
So, all the time, indirectly, using underhanded tricks and corrupt politics? Got it.
Well based on the preponderance of evidence (billions of attacks on systems exclusively from Chinese address space) it makes it harder to believe this isn't malicious.
I don't see how signing announcements stops this from happening? All that would do is make it (nearly) impossible to forge announcements. That's not and hasn't ever been a problem that I'm aware of. We know where the bad routes are coming from.
In which case, the Tier 1 should filter announcements for anything other than:
And to answer your other question, Apple owns 17.0.0.0/8
OrgName: Apple Inc.
OrgID: APPLEC-1-Z
Address: 20400 Stevens Creek Blvd., City Center Bldg 3
City: Cupertino
StateProv: CA
PostalCode: 95014
Country: US
What the fuck in his post is racist?
/. and accompanied by some idiot claiming they're racist somehow.
I'm tired of seeing almost daily china threads started on
"Even illicit trades like drug dealers transport their goods on public roads."
...and eat food that was given the OK by the FDA and breath air and drink water who's safety is overseen by the EPA and bought goods delivered by companies monitored by the DOT all while living in a country protected by the United States armed forces.
except that both BIG_ISP_A and BIG_ISP_B should have filtered the announcements from SMALL_CHINA_ISP and never seen routes to the two big ISP's available via SMALL_CHINA_ISP
Well these bgp sessions are customer -> provider or in a peering arrangement between provider provider. It's not like some anonymous service available to anyone. They delivered the Internet circuit to the customer. If the customer fucks up bad enough they just turn them off. When you have someone by the balls you can afford a certain level of trust.
That's not entirely true. There's lots of route filtering going on. Typically a very small ISP shouldn't be capable of doing this because their BGP announcements should be filtered by their ISP. The closer you get to the core of the Internet the more difficult this becomes as you start dealing with Tier 1 carrier's peering sessions with thousands and thousands of routes being announced and changing constantly. But those aren't the type of people who make these types of "mistakes" as we're calling it.
If we were xenophobic then wouldn't we be afraid of Pakistan and Spain in your examples? I forgive your ignorance because clearly you don't live in the US and you're not constantly deluged by the millions of attacks coming from China 24 hours a day -- but understand this: this is not an incident in isolation.
100% of my thousands of failed SSH attempts come from (Chinese) APNIC address space. I will humbly disagree with your conclusion that blocking the source of all attacks doesn't increase security. Like anything it's one layer of defense. When they start relaying it off American hosts then we'll come up with a Plan B, which will most likely be cutting off the relays, since ARIN and US companies within US jurisdiction are a little easier to work with :)
Yes because if I buy a computer indirectly from Chinese through an American corporation I better unblock their networks.
You sir are a fucking moron.
I do business with some Americans that might come from those netblocks, so I can't block them. I don't do any business with anyone in China (or a statistically negligible amount, anyway) so I can block those networks.
Without Apple the Chinese manufacturers would have nothing. Apple's business strategy, marketing, design and software development - the "magic" that actually separates Apple from every other tech company, none of this exists without Apple.
You're basically saying that if I put together a jigsaw puzzle I invented it.
And sometimes (usually) the government is just incompetent and wastes our money. Occam's razor, dude.
I think there was some sarcasm I missed? I'm thinking that was the point of the proper name "Core". It's starting to sink in now ...
"Clock frequency is worthless as a measure of CPU performance."
Well you mean when comparing chips of different architectures, yes.
SMP doesn't necessarily mean multi-core. And I'd call 6 (Intel) and 12 (AMD) core CPU's officially a "multicore phenomenon".
HAHAHAHAHAHAHA i'm dying over here. apparently the indians got moderator points today.