... Any headline which ends in a question mark can be answered "no"
I just can't see how an underwater data centre could be more economical than a normal one on land. Maybe they're experimenting with some new offshore cooling system, but a whole data centre? No.
Then again, it's possible that the minimum wage staff in their call centre honestly believe that the script they're following is legit. From the calls I've got myself and the ones reported by others, it really sounds like the callers truly believe what they're saying and don't know much better.
Well most intelligent people know that, but from this woman's point of view she was expecting a large payout. Just like a casino gives the impression of a large payout.
Basically, if you drive, you can be tracked. No. Certain objects attached to the car might be able to be tracked. There is a big difference between tracking tires, license plates, etc. and tracking people. A distinction which most posters seem to have ignored in their paranoia.
Probably because of the cost. I do network design for a fairly large telco, and let me tell you the cost goes up exponentially with the number of "9"s that the business asks for.
You're exactly right. Only those people with enough spare time & effort would use it.
I wrote the UnOfficial SELinux FAQ and I'll tell you what the most common search query that Google sends to that page, its "disable selinux". About 80% of the hits to that FAQ are from people wanting to know how to disable it.
Lots of people like the MAC idea, and they're keen to try it out. But its causing pain - its hard to understand and it stops stuff from working. The majority of people out there, even the open source boffins, just don't have the spare time to figure it out and work with it.
Despite this, the SELinux by Example book is good. If you're developing software which you want to run on an SELinux system the book will help you a lot in showing you how to write the policy for your package. In fact, if you want to do serious work with SELinux then you pretty much need this book. Any online documentation you can find is likely to be very old and of little use.
It seems that the croud here decries criminal background checks as useless or even counter-productive. And yet this is the same croud that villifies Diebold for hiring criminals. Not really. Some of this crowd decries criminal background checks, and some of this crowd villifies Diebold for hiring criminals.
You're underestimating just how huge this crowd is.
while DB software, two-way radios, DNA analysis gear, and video probes, are allowed
And these items could also be very useful for disaster response and relief - in other words, humanitarian aid.
The poster seems to be struggling to make a political point where there is simply not enoungh evidence which clearly defines what these things will be used for.
The problem is really one of economics more than anything else, so the solution has to be cheap.
He's correct that performing complex packet matching on a Cisco router would load it too much - they just don't have the CPU to do that function for any significant traffic load.
I would configure the switch that the NTP server is on to have a SPAN port - a port to which all traffic is copied. Most Cisco switches will do this without any problem. On that SPAN port, connect a Linux box with a bit of CPU power - 2GHz would be tons. On the Linux box, setup tcpdump to match the packet patterns that D-Link routers are sending ( from TFA he has this as detected by a network consultant ).
From the output of tcpdump, extract the source IP addresses. A fairly small perl script would probably do it. Take these IP addresses and massage them into access-lists for the upstream router to block, again perl or TCL/Expect would be reasonable tools. Routers are good at blocking large lists of IP addresses - its not such a load for them as the list gets compiled and pushed onto the hardware. Depending on his router model a few thousand ACL lines would be fine.
Alternatively, he could use the same approach to detect the non-D-Link source IPs - permit these and block anything else. From his stats of legit -vs- D-Link sources this would result in a shorter access list.
The only issue here is that a D-Link behind a shared-NAT'd IP address would result in that address being blocked, but there shouldn't be too many of these. And legally he can block anything he wants - his service has no written guarantee to he should be legally safe (yeah, IANAL).
To keep costs and time down, he can probably get help from the local University ( a cool project for any CompSci students ) to do the code and Linux setup, or help from the local LUG - I'd bet there would be plenty of volunteers to set it up, and I could imagine it being done within a couple of days.
Thats no so surprising really. At best, SPF and other technical solutions can buy us some time while the spammers catch up, but they aren't the silver-bullet that their designers make them out to be. Even the RBLs and bayesian filters only go so far to cure the problem. Such systems only buy us time - in this case maybe 6months or up to a year, as the spammers catch up to the technology and find ways to avoid it. Bear in mind that these people are very well-funded and therefore highly motivated.
With the abundance of "always-on" network connections, and the insecurity of those systems always connected its still easy to generate and send huge quantities of spam.
Bad things like this happen everywhere around the world. This gets into the headlines because New Yorkers are so good at telling the whole world about every little problem they have.
I don't think so. The NSA released SELinux as source code, it has been reviewed by many people and adopted into the 2.6 kernel. It would be rather difficult to sneak in "hundreds if not thousands of pre-programmed exploits" into the Linux kernel.
The crumbling search engines you referred to crumbled because they have to make a profit. Read that again : the commercial sites MUST MAKE A PROFIT or they die - and the Internet is littered with such remains.
Portal/Search sites run by the Chinese (government) don't need to make a profit. They don't need to create a competitive PRODUCT, they can run without banner ads, without sponsorship, and without anyone paying for page rank. As long as they get their money from the government, and as long as the operators keep the government happy through whatever means then they will keep running. They could potentially put up sites which provide a better service to the public than commercial sites such as Google because they don't have the commercial baggage and clutter and demands from shareholders.
This has got nothing to do with the Internet beating communism, its just plain old capitalism.
called The White Plague, if you haven't read it, the story goes a bit like this:
A biochemist witnesses his wife and children getting killed in a car bomb explosion in Dublin, Ireland. After suffering a deep depression, he goes into hiding in the US and after a couple of years he develops a new contagious virus which infects and kills women only. He releases it in Ireland and, IIRC, Algeria and some other terrorist states by posting infected dollar bills to people in those countries. Of course, the virus sooon spreads to other countries and Frank Herbert doesn't hold back in graphically describing the pain, suffering, and insanity.
It makes a very powerful story in light of recent events, and is well worth reading of you can find a copy.
If Anthrax-in-the-post worried you, this story would scare the shit out of you.
Uhh, guys I submitted this story last November and it was rejected. Now I'm not complaining about being rejected, but this story is really OLD, and the concept is a long way from being proven to be practical or even remotely possible.
* 2001-11-22 21:35:54 New encryption technology : Geo-Encryption (articles,encryption) (rejected)
... because its going to cost billions of dollars over the next 5 years or so to modify almost every piece of electronic equipment on the planet. And then some smart-ass Russian kid is going to write a cracker which will bring the whole house-of-cards tumbling down.
Sick sense of humour, I know. But thats the hacker ethic. I sure hope Elcomsoft is watching this and having a good laugh.
This system isn't biological, its not even artificial intelligence.
The proposed method of preventing a (DoS) attack by notifying your upstream provider to cut off traffic has been proposed before, and discarded as a bad idea. Imagine if I sent a bunch of messages from my workstation to my ISP which had just such a system :
"Help Help! microsoft.com is DoSsing me!"
.. and then the automated "biological" response system at my ISP acted on it, forwarded it to microsoft.com's ISP and had them cut off from the Internet. Actually, on the other hand, that might not be such a bad idea......
But in all seriousness, the scope for misuse is so large that nobody would ever put this kind of system in place.
Think about it - its not technically feasible. Basic security measures and anti-virus programs will stop it dead. Key logging is aguably the same as wiretapping - in other words probably illegal without a court order.
And think about this - wouldn't it create quite an international incident of the FBI is found to be actively attacking computer systems not located in the continental US?
Slashdot Mirror
... Any headline which ends in a question mark can be answered "no"
I just can't see how an underwater data centre could be more economical than a normal one on land. Maybe they're experimenting with some new offshore cooling system, but a whole data centre? No.
Cisco is already ahead of you there.
Cisco's NX-OS is based on Linux, but with a IOS-like CLI on top of that.
Then again, it's possible that the minimum wage staff in their call centre honestly believe that the script they're following is legit.
From the calls I've got myself and the ones reported by others, it really sounds like the callers truly believe what they're saying and don't know much better.
Well most intelligent people know that, but from this woman's point of view she was expecting a large payout. Just like a casino gives the impression of a large payout.
Probably because of the cost. I do network design for a fairly large telco, and let me tell you the cost goes up exponentially with the number of "9"s that the business asks for.
You're exactly right. Only those people with enough spare time & effort would use it.
I wrote the UnOfficial SELinux FAQ and I'll tell you what the most common search query that Google sends to that page, its "disable selinux". About 80% of the hits to that FAQ are from people wanting to know how to disable it.
Lots of people like the MAC idea, and they're keen to try it out. But its causing pain - its hard to understand and it stops stuff from working. The majority of people out there, even the open source boffins, just don't have the spare time to figure it out and work with it.
Despite this, the SELinux by Example book is good. If you're developing software which you want to run on an SELinux system the book will help you a lot in showing you how to write the policy for your package. In fact, if you want to do serious work with SELinux then you pretty much need this book. Any online documentation you can find is likely to be very old and of little use.
You're underestimating just how huge this crowd is.
what is it over there, like some kind of geek paradise?
.geek.nz 2LD. Geeks are taken seriously in NZ, almost as important as the sheep.
Yep, thats why they created the
while DB software, two-way radios, DNA analysis gear, and video probes, are allowed
And these items could also be very useful for disaster response and relief - in other words, humanitarian aid.
The poster seems to be struggling to make a political point where there is simply not enoungh evidence which clearly defines what these things will be used for.
The problem is really one of economics more than anything else, so the solution has to be cheap.
He's correct that performing complex packet matching on a Cisco router would load it too much - they just don't have the CPU to do that function for any significant traffic load.
I would configure the switch that the NTP server is on to have a SPAN port - a port to which all traffic is copied. Most Cisco switches will do this without any problem. On that SPAN port, connect a Linux box with a bit of CPU power - 2GHz would be tons. On the Linux box, setup tcpdump to match the packet patterns that D-Link routers are sending ( from TFA he has this as detected by a network consultant ).
From the output of tcpdump, extract the source IP addresses. A fairly small perl script would probably do it. Take these IP addresses and massage them into access-lists for the upstream router to block, again perl or TCL/Expect would be reasonable tools. Routers are good at blocking large lists of IP addresses - its not such a load for them as the list gets compiled and pushed onto the hardware. Depending on his router model a few thousand ACL lines would be fine.
Alternatively, he could use the same approach to detect the non-D-Link source IPs - permit these and block anything else. From his stats of legit -vs- D-Link sources this would result in a shorter access list.
The only issue here is that a D-Link behind a shared-NAT'd IP address would result in that address being blocked, but there shouldn't be too many of these. And legally he can block anything he wants - his service has no written guarantee to he should be legally safe (yeah, IANAL).
To keep costs and time down, he can probably get help from the local University ( a cool project for any CompSci students ) to do the code and Linux setup, or help from the local LUG - I'd bet there would be plenty of volunteers to set it up, and I could imagine it being done within a couple of days.
Kerry
Thats no so surprising really. At best, SPF and other technical solutions can buy us some time while the spammers catch up, but they aren't the silver-bullet that their designers make them out to be. Even the RBLs and bayesian filters only go so far to cure the problem. Such systems only buy us time - in this case maybe 6months or up to a year, as the spammers catch up to the technology and find ways to avoid it. Bear in mind that these people are very well-funded and therefore highly motivated.
With the abundance of "always-on" network connections, and the insecurity of those systems always connected its still easy to generate and send huge quantities of spam.
NIST have recently released a good guide on securing XP boxes here
I haven't had the time to read it yet, but from the high quality of their other documents it is probably well worth printing and reading.
Bad things like this happen everywhere around the world. This gets into the headlines because New Yorkers are so good at telling the whole world about every little problem they have.
I don't think so. The NSA released SELinux as source code, it has been reviewed by many people and adopted into the 2.6 kernel. It would be rather difficult to sneak in "hundreds if not thousands of pre-programmed exploits" into the Linux kernel.
Check the FAQ
No, thats almost completely wrong.
The crumbling search engines you referred to crumbled because they have to make a profit. Read that again : the commercial sites MUST MAKE A PROFIT or they die - and the Internet is littered with such remains.
Portal/Search sites run by the Chinese (government) don't need to make a profit. They don't need to create a competitive PRODUCT, they can run without banner ads, without sponsorship, and without anyone paying for page rank. As long as they get their money from the government, and as long as the operators keep the government happy through whatever means then they will keep running. They could potentially put up sites which provide a better service to the public than commercial sites such as Google because they don't have the commercial baggage and clutter and demands from shareholders.
This has got nothing to do with the Internet beating communism, its just plain old capitalism.
A Google representative could not be immediately reached for comment.
The rep was too busy cleaning up the coffee that he'd laughed out of his nose.
called The White Plague, if you haven't read it, the story goes a bit like this :
A biochemist witnesses his wife and children getting killed in a car bomb explosion in Dublin, Ireland. After suffering a deep depression, he goes into hiding in the US and after a couple of years he develops a new contagious virus which infects and kills women only. He releases it in Ireland and, IIRC, Algeria and some other terrorist states by posting infected dollar bills to people in those countries. Of course, the virus sooon spreads to other countries and Frank Herbert doesn't hold back in graphically describing the pain, suffering, and insanity.
It makes a very powerful story in light of recent events, and is well worth reading of you can find a copy.
If Anthrax-in-the-post worried you, this story would scare the shit out of you.
... are in a 1.3 Mb PDF paper by security guru Ross Anderson here
Uhh, guys I submitted this story last November and it was rejected. Now I'm not complaining about being rejected, but this story is really OLD, and the concept is a long way from being proven to be practical or even remotely possible.
* 2001-11-22 21:35:54 New encryption technology : Geo-Encryption (articles,encryption) (rejected)
... because its going to cost billions of dollars over the next 5 years or so to modify almost every piece of electronic equipment on the planet. And then some smart-ass Russian kid is going to write a cracker which will bring the whole house-of-cards tumbling down.
Sick sense of humour, I know. But thats the hacker ethic. I sure hope Elcomsoft is watching this and having a good laugh.
Just thought I'd drop you a line about the sort of things I would like on my cellphone.
Some features I don't want
- Internet Explorer inextricably embedded into the OS
- Visual Basic scripting
- .NET, or
.anything for that matter
- Any sort of web server
- Outlook, Exchange, or Hotmail
- Buffer overflows
- Passport authentication
What I would like is- to be able to enter a number and make a phone call
Thanks,Intro.
This system isn't biological, its not even artificial intelligence.
......
The proposed method of preventing a (DoS) attack by notifying your upstream provider to cut off traffic has been proposed before, and discarded as a bad idea. Imagine if I sent a bunch of messages from my workstation to my ISP which had just such a system :
"Help Help! microsoft.com is DoSsing me!"
.. and then the automated "biological" response system at my ISP acted on it, forwarded it to microsoft.com's ISP and had them cut off from the Internet. Actually, on the other hand, that might not be such a bad idea
But in all seriousness, the scope for misuse is so large that nobody would ever put this kind of system in place.
More info :
Peter Chambers is the manager of the Clean Energy Education Trust ( www.hydrogen.co.uk ), which as another link connecting him to this "invention".
see http://www.hydrogen.co.uk/about/about_us.htm
This sounds a lot like FUD.
Think about it - its not technically feasible. Basic security measures and anti-virus programs will stop it dead. Key logging is aguably the same as wiretapping - in other words probably illegal without a court order.
And think about this - wouldn't it create quite an international incident of the FBI is found to be actively attacking computer systems not located in the continental US?