C'mon, leave moral out of a discussion about Nike. Nike shoes (and clothes I guess) are assembled by children in third world countries, earning less than $5 a day.
Go to a shop in your city and check the price tags on these shoes to get a rough idea of Nike's profit margin. This is how nike can afford to offer such a "generous" warranty. And be assured that this warranty has more to do with marketing efforts than with good faith of nike management.
How do you send 25k/sec? That's 640 SYN packets/sec or roughly a latency of 1.56ms. Considering the RTTs I get with various sites that doesn't seem plausible from a cable modem.
I can easily send 40kb/s from home, and I'm only on a weak DSL link. You do know that you don't have to wait for a 3-way handshake to finish to initiate another connection, right?;) In practice any not-so-braindead zombie will just flood syn's and may process some the synacks as they flow in, if at all. The goal is to take the remote host down, not to implement proper tcp.
And as said, it is unfornationally not trivial to cut all attackers off. You can hit a portion of them but when blocking full subnets you're likely to hurt some legit customers, too. Smart zombies may also cycle through different attack patterns, one of which could be a set of random legit looking sessions that makes them hard to distinguish from real users.
A sophisticated attacker will profile your site for "expensive" links (think "search function" or dynamic content coming from a slow backend) and come up with fake sessions that focus on these expensive operations.
OTOH, I've seen one spammer (not several, one machine on their end) bring a machine that routes all the mail for a small group of users above 130 load average. It's a single proc AMD 2200 with the full availability of a T3. Mine is not the only machine on this network that repeatedly gets this treatment (it's a colocation facility - my wife works at the ISP so I get it for free, heh). I was forced to move to lighter front end solutions such as messagewall because even the relatively simplistic QMail could not hold up.
I'm curious, what the heck did the spammer do to drive your qmail up to 130 (not missing a dot there?)?!
I regularly send out newsletters to a _very_ bad recipient list (about 80% malformed or bouncing addresses, we're in the process of weeding it out) of ~100000 addresses.
Even while pumping the mail down qmail-injects throat (~20k mails in the queue, sometimes ~10k mails in the "not-yet-processed chain") the machine never goes to any significant load (1.0 maybe but that's it).
And that's also a weak athlon box on a 100mbit link.
That's nice to get a test-server going but I hope it is obvious to anyone involved with production systems that for these beasts you must ofcourse handpick all critical packages always. No matter what distro you chose for the base system.
No package manager can replace a sane admin and most distro packages (yes, the deb's too) of complicated stuff like application servers are a) horrible outdated and b) horribly built/laid out.
You mentioned tomcat though so I assume you weren't talking about a production system that's going to see any significant load anyways.;-)
1. A full fledged ddos attack will likely saturate your switch-port (if it's 100mbit) so your webserver will not receive a lot of legitimate requests anymore.
2. Your ISP is going to bill the ddos packets to you if you don't tell them to cut it off. 400 zombies sending at 25k/s each would suffice to deliver 10M/s to your front door. Given a few big pipes (office or *shudder* university lines) on the zombie network drastically reduce the number of zombies required to plug up a 100mbit-link but most of the ddos attacks I have read about were just using an insane amount of cablemodem-zombies (800+).
Unfornationally this doesn't really work. Zombie software is usually smart enough to be set on a target domain name, not ip address. Once your hostname starts resolving to a new ip the zombies will attack the new target. If you change to a completely different domain you'll have to announce it to your customers - and the attacker will likely pick it up on the same channel.
In fact I'm supporting your point somewhat even though I'm a bit on the sceptic side if the card can succeed. Others said it, making hardware and distributing it costs a bit of money - unlike software. Developing a decent gfx-card is hella expensive and if you want to sell it at a competitive price...
the problem is that once you reword other peoples posts, the murphies law says that you normally can't fit a valid analogy into an exact copy of it. The text you have is no longer "sane" once it's in a slashdot article. Your successor spends two mouse clicks and has a reference text to humiliate you. The text he builds won't be exactly like yours, because he can take good ideas from your post and implement them better as long as he knows when to stop. Think not at all?
The webserver logs are full of.../c/winnt/system32/cmd.exe?/c+dir/d/winnt/system32/cmd.exe?/c+dir/scripts/..%255c../winnt/system32/cmd.exe?/c+dir/msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c 1%1c../..%c1%1c../winnt/syst em32/cmd.exe?/c+dir...over 1000 hits a day. The firewall logs were even worse until I turned off logging for the common wintendo "remote administration"-ports.
BRAVE you say? I'd call it braindead or, polite, "uneducated".
I recommend abcde to anyone who's fed up with useless guis for something that's supposed to be a one-step task.
It rips and encodes to any format you like (mp3, ogg among others). Also takes care of renaming, cddb/tagging etc.
Insert disk, type 'abcde', sit back. Easy as making toast. I ripped 30 cds in one night, thanks to the feat. that you don't have to wait for the encoding process to finish before you can start another rip. So in the end I had like 15 oggenc-procs chugging in the background, probably the only time that I ever maxed out my CPU for such a long time... fun!
A small shell script should easily fix that. Just extract the id3 tag (hopefully the standard id3-util can read it from.ogg?) and use oggtag to properly tag them.
The monthy costs of 2U worth of space VS 1U is enough to warent the cost of the extra smaller drives in many cases.
Maybe in small hosting plans (20U) but in my (limited) expirience you'd usually be better off to go with 2U-servers instead of 1U simply because all 1U pizza-boxes I have seen get too damn hot to last.
A nicely cooled 2U host will certainly get you more upgrade choices too (dual cpu, more drives) and save you money either way in the long run.
Sounds nice in theory but has anyone ever done it in reality? I mean with servers that actually provide a service, under load? With maybe hundreds of TCP connections going at any time? No service interruption, none at all?
Heck, I agree. Gimme a standalone MP3 player that looks like that! Add a nice display, upgradable 2.5" hdd, wifi for streaming and a non-IR-remote and they'll sell like paris hilton.
You're assuming that the IT-staff at eBay has a clue. Telling from the trouble they went through (and are probably still going through) to employ only basic fraud countermeasures (like, duh, strip javascript from actions or, gahh, figure out how this ssl thing works) and their failure to do proper stress testing before "upgrading" something as mission critical as their payment platform, well, I'd say there's reason to doubt it.
And if you're still not convinced I recommend to just take a look at the page-source for the ebay.com frontpage, or if you're really brave, for one of the category listings. Whatever they're smoking, it must be good!
Not quite, I was comparing what you are seeing on screen and how responsive it is. I'd claim that a 2GHZ/1GB wintel box will do the graphics stuff just as well as the $2000 mac we were talking about.
Ofcourse the mac is fancier, but I think that wasn't the point here.
In the unix world, all locking is at the application level and nothing prevents someone else modifying a file you have open (as long as they have write permission of course). So there is greater flexability
I never really got that. Why the heck would you ever want to write to the same file from two processes at the same time? Is there a real-world example of when this feat has ever been useful for anyone?
Slashdot Mirror
C'mon, leave moral out of a discussion about Nike.
Nike shoes (and clothes I guess) are assembled by children in third world countries, earning less than $5 a day.
Go to a shop in your city and check the price tags on these shoes to get a rough idea of Nike's profit margin. This is how nike can afford to offer such a "generous" warranty. And be assured that this warranty has more to do with marketing efforts than with good faith of nike management.
How do you send 25k/sec? That's 640 SYN packets/sec or roughly a latency of 1.56ms. Considering the RTTs I get with various sites that doesn't seem plausible from a cable modem.
;)
I can easily send 40kb/s from home, and I'm only on a weak DSL link.
You do know that you don't have to wait for a 3-way handshake to finish to initiate another connection, right?
In practice any not-so-braindead zombie will just flood syn's and may process some the synacks as they flow in, if at all. The goal is to take the remote host down, not to implement proper tcp.
And as said, it is unfornationally not trivial to cut all attackers off.
You can hit a portion of them but when blocking full subnets you're likely to hurt some legit customers, too. Smart zombies may also cycle through different attack patterns, one of which could be a set of random legit looking sessions that makes them hard to distinguish from real users.
A sophisticated attacker will profile your site for "expensive" links (think "search function" or dynamic content coming from a slow backend) and come up with fake sessions that focus on these expensive operations.
OTOH, I've seen one spammer (not several, one machine on their end) bring a machine that routes all the mail for a small group of users above 130 load average. It's a single proc AMD 2200 with the full availability of a T3. Mine is not the only machine on this network that repeatedly gets this treatment (it's a colocation facility - my wife works at the ISP so I get it for free, heh).
I was forced to move to lighter front end solutions such as messagewall because even the relatively simplistic QMail could not hold up.
I'm curious, what the heck did the spammer do to drive your qmail up to 130 (not missing a dot there?)?!
I regularly send out newsletters to a _very_ bad recipient list (about 80% malformed or bouncing addresses, we're in the process of weeding it out) of ~100000 addresses.
Even while pumping the mail down qmail-injects throat (~20k mails in the queue, sometimes ~10k mails in the "not-yet-processed chain") the machine never goes to any significant load (1.0 maybe but that's it).
And that's also a weak athlon box on a 100mbit link.
That's nice to get a test-server going but I hope it is obvious to anyone involved with production systems that for these beasts you must ofcourse handpick all critical packages always. No matter what distro you chose for the base system.
;-)
No package manager can replace a sane admin and most distro packages (yes, the deb's too) of complicated stuff like application servers are a) horrible outdated and b) horribly built/laid out.
You mentioned tomcat though so I assume you weren't talking about a production system that's going to see any significant load anyways.
Two problems:
1. A full fledged ddos attack will likely saturate your switch-port (if it's 100mbit) so your webserver will not receive a lot of legitimate requests anymore.
2. Your ISP is going to bill the ddos packets to you if you don't tell them to cut it off. 400 zombies sending at 25k/s each would suffice to deliver 10M/s to your front door. Given a few big pipes (office or *shudder* university lines) on the zombie network drastically reduce the number of zombies required to plug up a 100mbit-link but most of the ddos attacks I have read about were just using an insane amount of cablemodem-zombies (800+).
Unfornationally this doesn't really work.
Zombie software is usually smart enough to be set on a target domain name, not ip address. Once your hostname starts resolving to a new ip the zombies will attack the new target. If you change to a completely different domain you'll have to announce it to your customers - and the attacker will likely pick it up on the same channel.
Man, I would hate to get my DIR_COLORS messed up!
I was really just kiddin. ;-)
In fact I'm supporting your point somewhat even though I'm a bit on the sceptic side if the card can succeed. Others said it, making hardware and distributing it costs a bit of money - unlike software. Developing a decent gfx-card is hella expensive and if you want to sell it at a competitive price...
the problem is that once you reword other peoples posts, the murphies law says that you normally can't fit a valid analogy into an exact copy of it. The text you have is no longer "sane" once it's in a slashdot article. Your successor spends two mouse clicks and has a reference text to humiliate you. The text he builds won't be exactly like yours, because he can take good ideas from your post and implement them better as long as he knows when to stop.
Think not at all?
Yea, funny stuff.
/c/winnt/system32/cmd.exe?/c+dir /d/winnt/system32/cmd.exe?/c+dir /scripts/..%255c../winnt/system32/cmd.exe?/c+dir /msadc/..%255c../..%255c../..%255c/..%c1%1c../..%c 1%1c../..%c1%1c../winnt/syst ...over 1000 hits a day.
The webserver logs are full of...
em32/cmd.exe?/c+dir
The firewall logs were even worse until I turned off logging for the
common wintendo "remote administration"-ports.
BRAVE you say? I'd call it braindead or, polite, "uneducated".
I recommend abcde to anyone who's fed up with useless guis for something that's supposed to be a one-step task.
It rips and encodes to any format you like (mp3, ogg among others). Also takes care of renaming, cddb/tagging etc.
Insert disk, type 'abcde', sit back. Easy as making toast.
I ripped 30 cds in one night, thanks to the feat. that you don't have to wait for the encoding process to finish before you can start another rip. So in the end I had like 15 oggenc-procs chugging in the background, probably the only time that I ever maxed out my CPU for such a long time... fun!
Debian ppl can apt-get install abcde.
A small shell script should easily fix that. .ogg?) and use oggtag to properly tag them.
Just extract the id3 tag (hopefully the standard id3-util can read it from
Maybe he meant Orkut will collapse in 2 years?
Orkut will just migrate to some LAN in portugal.
So, uh, I see all this talking about GNUstep. Anyone have a link to their website?
Wow, you must have good memory if you can remember all the ads!
The monthy costs of 2U worth of space VS 1U is enough to warent the cost of the extra smaller drives in many cases.
Maybe in small hosting plans (20U) but in my (limited) expirience you'd usually be better off to go with 2U-servers instead of 1U simply because all 1U pizza-boxes I have seen get too damn hot to last.
A nicely cooled 2U host will certainly get you more upgrade choices too (dual cpu, more drives) and save you money either way in the long run.
Sounds nice in theory but has anyone ever done it in reality?
I mean with servers that actually provide a service, under load?
With maybe hundreds of TCP connections going at any time?
No service interruption, none at all?
¼ß`æ ¼ w ££ j®½tsg >!!!
Gah. Has anyone read this comment to the end and can provide a short summary?
Heck, I agree. Gimme a standalone MP3 player that looks like that!
Add a nice display, upgradable 2.5" hdd, wifi for streaming and a non-IR-remote and they'll sell like paris hilton.
You're assuming that the IT-staff at eBay has a clue.
Telling from the trouble they went through (and are probably still going through) to employ only basic fraud countermeasures (like, duh, strip javascript from actions or, gahh, figure out how this ssl thing works) and their failure to do proper stress testing before "upgrading" something as mission critical as their payment platform, well, I'd say there's reason to doubt it.
And if you're still not convinced I recommend to just take a look at the page-source for the ebay.com frontpage, or if you're really brave, for one of the category listings. Whatever they're smoking, it must be good!
garbled.
and the i is for interface.
Not quite, I was comparing what you are seeing on screen and how responsive it is. I'd claim that a 2GHZ/1GB wintel box will do the graphics stuff just as well as the $2000 mac we were talking about.
Ofcourse the mac is fancier, but I think that wasn't the point here.
In the unix world, all locking is at the application level and nothing prevents someone else modifying a file you have open (as long as they have write permission of course). So there is greater flexability
I never really got that.
Why the heck would you ever want to write to the same file from two processes at the same time?
Is there a real-world example of when this feat has ever been useful for anyone?
Sorry, but the $800 PC can do the stuff you mentioned (run Illustrator, Photoshop, Quark, Acrobat, Distiller etc. at the same time) just fine.
If it doesn't you may have to add another GB of ram ($150) and maybe a faster CPU (~$150).
You'll be ending up somewhere around $1200, maybe $1500 if you need RAID0, firewire and more fancy stuff but nowhere near $2000.