What makes a troll a troll is the behavior of trying to get money from people for doing what they are already doing. There is no value add. A legitimate non-practicing entity, on the other hand, gets money by getting people do do something new that they were not already doing.
The distinction is clear and simple. If you approach me and tell me I need a license to do what I'm already doing, you're a troll. That's the only way to be a troll.
Laws and regulations need feedback loops so that efficacy can be determined and acted upon. This means that the goal and rationale for laws and regulations needs to be explicitly stated and then the effects measured and reported.
While you can't predict against future failures, if you want to make sure that your drive media is okay today, there is a tool that will fill your disk with garbage and then verify that your disk has the right garbage on it: spew. Spew isn't the friendliest tool, but it does the job.
As a side effect, it stresses your I/O systems and memory. Years ago, I discovered that some Dell 2550's I had couldn't pass this test with the SATA controller I had shoved into them that seemed to work fine otherwise.
I've only tried 1000 and 100. On my AMD 3200+, a Linux 2.6.12 kernel with HZ=1000 takes 10-14% of the CPU (when idle). With HZ=100, it takes about a tenth of that. I'm not using these guest installations as production servers. As test environments, I can't tell the difference between 100 and 1000 HZ except for the amount of idle cpu overhead they take.
Regardless of what you use for the host, when you run Linux as a client there are a couple of things to be aware of. First, include AMD ethernet and Buslogic SCSI drivers in your kernel. Second, if you're running a 2.6 kernel, they'll eat a lot of extra CPU when idle unless you redefine HZ and recompile the kernel.
I get a lot of bounces from mail I didn't send. Things that come from postmaster or mailer-daemon aren't a big deal: send 'em all to/dev/null with procmail. The larger problem is vacation messages. I haven't figured out any good way to filter them. Ideas?
My SpamAssassin rules do a pretty good job of filterering messages about viruses I didn't send but even then I can't get 'em all. I wish there was standard for email generated in response to other emails.
There is no loyalty anyway. Even if you're an employee, you can still be layed off or fired on little more than a whim. Being a contractor simply makes the lack of promise explicit.
Long ago, I took an employee position. I was layed off after five months. I felt betrayed and I was really angry. My next several posisitons were as a contractor and my employement at these positions lasted as long as *I* wanted it to. Since I hadn't made a promise, I simply left if I didn't like the job that much. The positions that I liked lasted for years. The lack of promise kept everyone happier and prevented anyone from feeling betrayed by a one-sided promise.
Put the hard drive in a removable IDE enclosure.
Take it with you. Leave a Knoppix CDROM in the
computer. Provide a DSL/Cable router with DHCP.
An 802.11[abg] access point would also be a plus.
IPv6 could allow easy access to multihoming. (Actually, IPv6 could actually solve a problem but doesn't do that either).
There are organizations (ARIN in North America) that handle IP alloations. Their policies have been created with one stated goal: keep the number of routes down so that routers don't blow up. With IPv6, they seem to be following the same policies.
How do you keep the number of routes low? You make it really hard to get IP addresses. That's what they do and they do it fairly well. Personally, I'm not convinced that keeping the number of routes down actually helps anyone. The routers that carry full routing tables are all large and expensive and if they don't have the capacity for much larger routing tables already then it's because the router manufacturers knew that the number of routes was being kept low.
IPv6 could change all this. With 128 bits of address, one could allow real multi-homing without making huge routing tables. This could be accomplished by splitting of multiple sections of the IP address as Service Provider IDs (SPID). An actuall address would the contain multiple SPIDs and an end user address. To have a full routing table, you would need routes to all the service providers and to all of your own customers. Just an idea.
I'll try to clarify, but I'm not sure I understand your question.
Web servers would have many IP addresses. In my example, www.example.com had 100,000,000. The set would slowly change over time. The rate of change would need to be balanced against the DNS refresh/timeout settings.
Or are you asking about what happens when someone attacks from your box? In that situation, you would be blackholed for a particular web site. This could be inconvienent. On the other hand, this would only happen if your machine was exploitable in the first place.
I'm not proposing a long-term blacklist. When an exploited machine is identified, its owner should be tracked down. The machine should be secured. Perhaps a long-term blacklist might develop if certain machines were used repeatedadly.
Regarding the router level. By using a public-key crypto system to distribute the filtering, it's my hope that no one router would be overloaded. This is a vulnerability though.
I suspect the router problem is solvable. For small-fry, their upstream providers can do the filtering for them. For larger players, the distributed public-key authenticated filtering can solve the problem.
I guess it could auto-scale: when a request-to-filter is published, each router that receives the request could implement it, and then check a few minutes later to see if it is filtering much. If not, it would drop the filter. The would allow the traffic to proceed farther to where it would reach a concentration where the benifit of filtering outweighs the cost of filtering.
If you're willing to burn lots and lots of IP addresses, then it is possible to win the fight against DDOS attacks. Here's how to prepare www.example.com:
Allocate a large range of IP addresses (say 1E10).
Of the 1E10 addresses, blackhole 99% of them. Choose the set to blackhole with a slowly-changing cryptographic method. (This leaves 1E8)
Teach your routers to pass traffic for the valid IP addresses to the web server (www.example.com). Traffic for the other addresses should be logged.
Whenever a DNS request comes in, pick one of the valid IPs using a crytographic hash function of the requesting-host's IP address.
There are a couple attacks that the bad guys can attempt.
Attack the whole address range of www.example.com.
This is an attempt to overwhelm the routers/pipes near www.example.com. To defend against this, additional infrastructure must be in place:
For each network block, there must be a a public key.
For each backbone router, there must be a public key.
There must be a list of backbone routers.
When under attack (as seen by lots of traffic dropping), edge routers, must contact many backbone routers and send an authenticated message with the crypto-key used for IP filtering.
Backbone routers receiving the key can now drop useless traffic.
Attack against valid IP addresses of www.example.com.
Each attack exposes the attacker to identification. The attacker may be able to overwhelm www.example.com in the short-term, but the attacking hosts can be identified and dealt with one by one.
The attack streams can be filtered. Again possibly using public key filtration system.
To do this requires a lot of infrastructure. It requires IPv6. It would change the balance of power though. It would allow attacks to either be shrugged off or traced. Either way, it's a lot better for the good guys.
Good simple/cheap trading (including options) can be had at www.edreyfus.com. I looked at a bunch and they are who I use.
For analysis of stocks, I think the best is www.clearstation.com. They are very good on both community take and technical analysis. Yahoo's stock pages are pretty good for fundemental analysis.
If you plan to be a heavy day-trader, take a look at CyberCorp.Com. I haven't used them myself though.
The earlier comment about getting a good book and reading it is quite apt.
Sorry, perhaps I should have been more clear. I was talking solely of market share and mind share.
As for as technology goes, I think FreeBSD solves my problems the best. That said, I did my competative analysis nearly five years ago. I've been very happy with FreeBSD ever since and thus I have not done a detailed comparision since.
Nothing I've heard from other people in the interm has made me think I would get a different answer now. I run an ISP (Idiom) and my analysis reflects my requirements. Here's how I think things stack up now...
FreeBSD: focus on performance and stability (exactly what I want!). Note that stability requires security.
Linux: focus on features, too many players and too much energy to be really stable. Lots of fun and what I would reccomend for most new unix users.
NetBSD: focus on doing things right. Glad someone is, but I'll use something else until they finish:-)
OpenBSD: focus on security and integration of encryption. Mostly follows NetBSD development.
Slashdot Mirror
What makes a troll a troll is the behavior of trying to get money from people for doing what they are already doing. There is no value add. A legitimate non-practicing entity, on the other hand, gets money by getting people do do something new that they were not already doing.
The distinction is clear and simple. If you approach me and tell me I need a license to do what I'm already doing, you're a troll. That's the only way to be a troll.
Citizens United must be reversed. This will probably require a constitutional amendment.
Laws and regulations need feedback loops so that efficacy can be determined and acted upon. This means that the goal and rationale for laws and regulations needs to be explicitly stated and then the effects measured and reported.
The premise is wrong. At 12Mbps, it takes 44 minutes to move 4GB.
If you're going to post ads, they cannot look like stories.
If you're going to post ads, make sure they're good or nobody will click on more than one.
http://linux.die.net/man/1/spew
While you can't predict against future failures, if you want to make sure that your drive media is okay today, there is a tool that will fill your disk with garbage and then verify that your disk has the right garbage on it: spew. Spew isn't the friendliest tool, but it does the job.
As a side effect, it stresses your I/O systems and memory. Years ago, I discovered that some Dell 2550's I had couldn't pass this test with the SATA controller I had shoved into them that seemed to work fine otherwise.
I've only tried 1000 and 100. On my AMD 3200+, a Linux 2.6.12 kernel with HZ=1000 takes 10-14% of the CPU (when idle). With HZ=100, it takes about a tenth of that. I'm not using these guest installations as production servers. As test environments, I can't tell the difference between 100 and 1000 HZ except for the amount of idle cpu overhead they take.
Regardless of what you use for the host, when you run Linux as a client there are a couple of things to be aware of. First, include AMD ethernet and Buslogic SCSI drivers in your kernel. Second, if you're running a 2.6 kernel, they'll eat a lot of extra CPU when idle unless you redefine HZ and recompile the kernel.
p hp?p_faqid=1420
The VMWare web site has info on this and on fixing other clock problems: http://www.vmware.com/support/kb/enduser/std_adp.
I get a lot of bounces from mail I didn't send. Things that come from postmaster or mailer-daemon aren't a big deal: send 'em all to /dev/null with procmail. The larger problem is vacation messages. I haven't figured out any good way to filter them. Ideas?
My SpamAssassin rules do a pretty good job of filterering messages about viruses I didn't send but even then I can't get 'em all. I wish there was standard for email generated in response to other emails.
There is no loyalty anyway. Even if you're an employee, you can still be layed off or fired on little more than a whim. Being a contractor simply makes the lack of promise explicit.
Long ago, I took an employee position. I was layed off after five months. I felt betrayed and I was really angry. My next several posisitons were as a contractor and my employement at these positions lasted as long as *I* wanted it to. Since I hadn't made a promise, I simply left if I didn't like the job that much. The positions that I liked lasted for years. The lack of promise kept everyone happier and prevented anyone from feeling betrayed by a one-sided promise.
Put the hard drive in a removable IDE enclosure. Take it with you. Leave a Knoppix CDROM in the computer. Provide a DSL/Cable router with DHCP. An 802.11[abg] access point would also be a plus.
IPv6 could allow easy access to multihoming. (Actually, IPv6 could actually solve a problem but doesn't do that either).
There are organizations (ARIN in North America) that handle IP alloations. Their policies have been created with one stated goal: keep the number of routes down so that routers don't blow up. With IPv6, they seem to be following the same policies.
How do you keep the number of routes low? You make it really hard to get IP addresses. That's what they do and they do it fairly well. Personally, I'm not convinced that keeping the number of routes down actually helps anyone. The routers that carry full routing tables are all large and expensive and if they don't have the capacity for much larger routing tables already then it's because the router manufacturers knew that the number of routes was being kept low.
IPv6 could change all this. With 128 bits of address, one could allow real multi-homing without making huge routing tables. This could be accomplished by splitting of multiple sections of the IP address as Service Provider IDs (SPID). An actuall address would the contain multiple SPIDs and an end user address. To have a full routing table, you would need routes to all the service providers and to all of your own customers. Just an idea.
Web servers would have many IP addresses. In my example, www.example.com had 100,000,000. The set would slowly change over time. The rate of change would need to be balanced against the DNS refresh/timeout settings.
Or are you asking about what happens when someone attacks from your box? In that situation, you would be blackholed for a particular web site. This could be inconvienent. On the other hand, this would only happen if your machine was exploitable in the first place.
I'm not proposing a long-term blacklist. When an exploited machine is identified, its owner should be tracked down. The machine should be secured. Perhaps a long-term blacklist might develop if certain machines were used repeatedadly.
Regarding the router level. By using a public-key crypto system to distribute the filtering, it's my hope that no one router would be overloaded. This is a vulnerability though.
I suspect the router problem is solvable. For small-fry, their upstream providers can do the filtering for them. For larger players, the distributed public-key authenticated filtering can solve the problem.
I guess it could auto-scale: when a request-to-filter is published, each router that receives the request could implement it, and then check a few minutes later to see if it is filtering much. If not, it would drop the filter. The would allow the traffic to proceed farther to where it would reach a concentration where the benifit of filtering outweighs the cost of filtering.
There are a couple attacks that the bad guys can attempt.
This is an attempt to overwhelm the routers/pipes near www.example.com. To defend against this, additional infrastructure must be in place:
Each attack exposes the attacker to identification. The attacker may be able to overwhelm www.example.com in the short-term, but the attacking hosts can be identified and dealt with one by one.
The attack streams can be filtered. Again possibly using public key filtration system.
To do this requires a lot of infrastructure. It requires IPv6. It would change the balance of power though. It would allow attacks to either be shrugged off or traced. Either way, it's a lot better for the good guys.
For analysis of stocks, I think the best is www.clearstation.com. They are very good on both community take and technical analysis. Yahoo's stock pages are pretty good for fundemental analysis.
If you plan to be a heavy day-trader, take a look at CyberCorp.Com. I haven't used them myself though.
The earlier comment about getting a good book and reading it is quite apt.
Sorry, perhaps I should have been more clear. I was talking solely of market share and mind share.
:-)
As for as technology goes, I think FreeBSD solves my problems the best. That said, I did my competative analysis nearly five years ago. I've been very happy with FreeBSD ever since and thus I have not done a detailed comparision since.
Nothing I've heard from other people in the interm has made me think I would get a different answer now. I run an ISP (Idiom) and my analysis reflects my requirements. Here's how I think things stack up now...
FreeBSD: focus on performance and stability (exactly what I want!). Note that stability requires security.
Linux: focus on features, too many players and too much energy to be really stable. Lots of fun and what I would reccomend for most new unix users.
NetBSD: focus on doing things right. Glad someone is, but I'll use something else until they finish
OpenBSD: focus on security and integration of encryption. Mostly follows NetBSD development.
Linux simply got a head start while the BSD camp was distracted by the AT&T lawsuit.
*BSD is growing just as fast as Linux. It's just a couple of years behind.
I don't know what the long-term picture looks like. Either operating system could falter. Mostly growth of Linux is good for *BSD and vice versa.
The paper is available here (in postscript).
At the talk I had the impression that the softwware was free. I cannot find it on their (skimpy) web site though.
From their description, 25,000 users wouldn't begin to make it sweat.