You also don't "need" to defragment the files. The FS is perfectly happy filling in the gaps with additional files. Performance will suffer but it will indeed work reliably.
In Windows 2000 and XP you can format Fat32 up to 160gigs assuming you have the correct driver. With SP2 for XP you can format it up to 250gigs I believe. Most removable drives from Maxtor for instance were and are formatted Fat32.
Technically you're right though, since most Linux distros can format fat32 up to 2tb. NTFS is vastly superior though so the issue has never really affected me personally. Of course on a Windows machines you don't have to use Microsoft's formatting or partitioning tools, you can always format fat32 up to 2tb on your linux box then put the disk into a Windows box and it will read it just fine. I can't imagine why you would want to do that but the option exists.
You can run SSH on several smart-phones already so I don't know why technical people would want it over any Windows Mobile or other smart-phone.
Last I checked the thing had no mechanism for ActiveSync, so no real-time synchronization with email, calendars, contacts. In my phone I don't have Outlook contacts and regular contacts. I have one place, if I add it to my contacts in Outlook it will appear on my phone almost instantly depending on the time of the day. Alternatively if I add a contact while I'm out in the field it will automatically be in Outlook where it is safely backed up.
Storage on the smart-phones is simple as well, a simple SD card and you can have a good chunk of music, or lots of reference material, or in my case, a password database.
Emailing while out in the field has become a big app too, from what I'm seeing the iPhone won't hold up real well to texting. Besides the fact that the screen would get dirty I don't know how it would stand up to regular cell phone abuse. How many times have I dropped my Treo? Many, and it's still fine, the phone isn't as pretty as it once was but it's still fully functional.
Lastly, and the biggest reason why the iPhone is not for business. As systems administrator I can't remotely manage and secure the phones for my organization. If a Treo is lost and there are important sensitive documents on the phone I can simply erase everything on it so that any person they may find it on a park bench somewhere will not see that sensitive information. I can do this all wireless and in real-time.
Considering OS X for the desktop still lacks these advanced management, monitoring, and security tools I don't think the phone is going to get it anytime soon. I will admit, the day that Apple does close this whole I imagine their market share will rise much faster. Combine that with binary compatibility with Windows and Apple would have all it needs to become dominant. I don't see it happening though, Apple has always seemed content to be a smaller player in the field of business.
I'm curious, how is leaving a meeting easier than texting during the meeting? With a standard qwerty keyboard that comes with the Q you don't need to look at the keys at all so you can do it discreetly and politely.
The big app is indeed texting or various forms of IM. If people just wanted to make calls then they would buy phones that make a whole lot more sense for that.
The general trend lately with phones is that they are getting bigger, not smaller, which is precisely to accomodate texting. Everything else could be put into smaller and smaller packages. Hell, with a 4gig SD-HC card my phone could store a ton of music if I were so inclined. Alternatively I can store powerpoints, reference diagrams, whatever I want. I can also throw it into any card reader on a computer and be good to go.
I think the iPhone is more about the coolness factor. I'm not sure how well the screen will hold up to the pain most cell phones go through. How careful do you have to be not to keep it in the same pocket with keys?
I rarely ever use predictive text on my phones because I've been buying smartphones lately and with the qwerty keyboard it's just not necessary and as always, predictive text usually just makes texting more difficult. Some people have no problems with it, good for them. The Treos, Q, Nokia e62, and the other smartphones are hands down better for business so I definitely see this being targeted towards teens. Everyone else uses their laptops to send the level of multimedia required. If you're in business then you want active sync with real-time access to your calendar, contacts, and of course email. The fact that my office phone voice mail goes to my email makes it even more important that I keep up with my email. Then of course there is the fact that I can as systems administrator restrict and manage the phones remotely and wirelessly. The iPhone may be able to do all this but OS X currently lacks these advanced management tools entirely for the desktop, so I won't hold my breath for the phone. If that is changed then it and OS X in general will be a hit, from what I hear, the phone lacks all of these business features, so I don't see it getting adopted too quickly until they make some pretty big changes.
Beyond the fact that it looks cool I can't see any compelling reason to get an iPhone at this point in time. That however, may be enough to great a trend.
Fair enough and I must compliment you on presenting your side of the issue civilly.
I do see your point and it is a compelling argument. In a perfect world your ideas here would make perfect sense and the world would be better off going your way. I don't see AT&T, Cox Cable, Comcast, or any other large ISP operating the way you describe. In regards to IPTV you could have different providers coming over the same pipe like what happens with WinampTV today. The service is already there, it works great, and it works over a neutral network because it was designed to allow for congestion for the rare moments where congestion is actually a problem.
I didn't get into much detail but when I take the company to Florida we VPN into our office in AZ where our PBX is located. All our phones are SIP and communicate over the Internet without a problem. Customer based QoS is far more important than QoS on the backbone, as I said, the ISP pipes are big enough to handle it. When they are no longer big enough then you just light up more of the fiber that isn't currently lit but is in the ground already. Then you simply load balance and you're good to go. I don't need my end-point to have gigabit unless I'm hosting my website which a couple of times a year will see millions of people suddenly flocking to it to get our latest numbers, photos, and videos.
I don't have a problem suggesting this plan of action because we already give ISPs billions every year to lay the ground work which they are squandering on mismanagement and poorly designed roll outs. In short, they should have the money to purchase the equipment to ramp up their backbone as required.
I'll give an example with Qwest. We put in an order for 12 T1s to be installed on site here in AZ. It was critical we had these Ts in place before a certain date so we ordered them well ahead of time. A month before the event we were checking up on the progress and only two T1s had been installed. We pushed and pushed including the CEO of our company calling the CEO of Qwest to get things pushed through. The next day a tech came to our site and installed one more T1, the next day another T1 with a different. Ultimately we had 7 of the 12 we needed but that's why we have contingency plans. They are so inefficient that the source of their problems isn't congestion but mismanagement. I don't think adding more management to the network is going to make anything better, in fact, I think it's going to make it a whole lot worse.
I would tend to propose a compromise since as I said, your points are valid and make a lot of sense. Make the thing neutral until the companies can demonstrate enough specific examples that it makes sense to start prioritizing things on the backbone level. I don't see any applications that require this to date. My P2P client will not fill my cable Internet let alone my gigabit Internet pipe because I'm not downloading that much and when I am, I throttle it down on my end to allow for my connection to be shared with my roommates. I have the bandwidth, let me prioritize as I need it and keep the ISPs out as they at the very least seem to be only out to screw America out of what we deserve after all our investment in them.
I've seen this stance before, it's perfectly logical but it shortsighted. The problem isn't that providers should have to pay money for special treatment, it's that one provider pays then all providers have to pay. So one person trying to role out IPTV will not be able to compete with another company that has money to throw at it. If every service has the same priority on the pipe then you build your technology around that condition knowing that congestion is solved by bigger and better pipes.
There is also the fact that tax dollars from content producers such as Google, as well as tax dollars from the individual such as myself helped pay for the pipe that AT&T wishes to charge more money for quality access. If we're giving them all this money we should be be benefiting from it, not getting charged more and more while the rest of the world is paying less and less.
If you're having problems with VOIP over the Internet, blame your ISP and get a new one that can intelligently handle your traffic. Personally I have no problems with such things even when I go to Florida and connect back to Arizona. That's about as worse a case scenario I can think of and VOIP works just fine. So I don't see the need to add more restrictions and force people to pay twice for access to the Internet. Last I checked I paid $81.99/month for 7meg down and 896kbps up not just the 7meg down so I should be able to use all of that as much as I want.
The website end of things too, we pay for collocation facilities and pay a ton for gigabit Internet, why should we have to pay twice because people are interested in our site?
I see no reason why IPTV or any other service out there is in any way restricted by neutrality, that is why virtually anything and everything requiring any kind of connectivity always has some sort of buffer. Especially in an IPTV scenario network latency plays no part, virtual reality chat with integrated HDTV might be more latency sensitive but should that come into existence we'll have faster access to each-other so the issue will solve itself assuming ISPs stay competitive on service.
Probably because you have things like Exchange 2003-2007, Windows Server 2003 including IIS6, MOM 2005, SQL 2005, SMS 2003 and a bunch of other products which despite what you seem to think weren't disappointments. Windows CE through Windows Mobile 5.0 have all been rather consistently high quality. Real PDAs actually work and work well unlike these smart phones which the carriers seem to screw up again and again. Why does my $400 iPaq work a lot better than my smart phone? Twice the ram you say? Twice the processor power you say? More than twice the battery life you say? Funny how well it works when you don't have the phone company doing installs for you.
If MS products didn't work the vast majority of the time for the vast majority of people then it wouldn't still be popular given all the valid alternatives.
MS has certainly put out failures, the Zune for one right off the top of my head. The company puts out a lot of products though, some are good and some are bad. Pretty much like any big software company. Look at Oracle, the base DBMS is rock solid, all the add-ons, not so much.
It kills me that I have to defend MS from complete FUD such as this. Why is it that people can't just stick to facts instead of presenting opinions as fact?
Fair enough, it's safe to say the state of the economy is certainly not a simple conversation. So many people want it to be a black and white problem when it's always been a giant cloud.
Except that the only reason inflation is down is because people aren't being paid more to purchase all the goods that have gone up in price. I'd call that bad times for a lot of people. Fortunately I'm still due my raise, woohoo for no inflation!
You keep referring to Cisco proprietary URPF like I suggest it as the end all be all. It's amazing the things you choose to focus on. Do you really think Clinton made technology decisions for the Whitehouse? Hell no, there are people paid to perform such tasks so your asking for him to say it is just ridiculous. In much the same way the my boss's spam problems are handled by me because the problem affects him but I'm responsible for it.
There are other techniques for fighting against DDoS attacks one of which has been used for the last 5 -10 years to protect corporate machines from virus infections. When there is a massive surge of traffic in one direction you split it and multi-path the whole thing. If too much traffic is coming from one location then it starts to filter that one location dynamically and on the fly. It's just one of hundreds of protection mechanisms employed all over the world already.
The only problem is in the lack of standards, corporation A implements solution B while corporation C implements solution D which is incompatible. If there was a standard they could work together and both save a lot of money. Since there is no standard they both spend a lot of money and achieve the same result.
I've concluded you don't have a point since even in your example of URPF the solution is very effective even today, just because it is not 100% effective doesn't make it not worth deploying. You're probably one of the people that thinks if services are configured properly on all servers then you don't need a firewall. Completely short-sighted
As for a briefing from the whitehouse, here is an example from the Bush adminstration. Older articles are indeed harder to find but this is a pretty clear statement about DDoS attacks back when there were even less options.
You completely an utterly missed my point. I never once suggested using tax dollars to require this of companies. I said specifically there should be standard technologies not encumbered by copyright or patent that all companies could use so my current HP infrastructure restricts me to using HP anti-DDoS techniques, the Cisco approach is proprietary along with several other companies that offer such things. If there was a common standard many more ISPs that are smaller would then implement such technologies. I never said any specific technology should be implemented.
So you're reality seems to be reading things that were never said so I'm going to trust my reality where my firewalls don't accept traffic from the wrong location. If someone is spoofing and address inside my network they will not get out to the Internet. It's easy for me to deploy as I have the resources to do it.
I'm going to trust my reality and ignore the fact that GWB wasn't President when Whitehouse.gov was upgraded and that Clinton did indeed rally international support for these kinds of controls as well as controls I wouldn't agree with. I also never said that one technique had to be deployed globally, I said over and over that it needs to be implemented when an ISP peers with another ISP, it makes total sense and your opposition to it is astounding to say the least as it's completely irrational. A technology that can save an ISP lots and lots of money while putting an end to DDoS attacks really has no downside especially given that the vast majority of large companies out there have already invested in these technologies.
Highly redundant servers and links are just the beginning and most certainly not the only solution that was implemented. The fact that you think it is I'm finding more and more humorous considering they have since deployed some very high end anti-DDoS solutions as distributed servers alone are not enough to prevent this. If you can saturate one link you can certainly saturate three links.
I will say that we are a much much smaller company but twice a year we have spikes to our bandwidth consumption that results in millions coming to our website and hundreds of megs of bandwidth coming out of our collocation facility. This helps us too! I know of companies like Live Global Bid and Limelight which offer content services and would probably be shut down if they had to double pay for delivering content.
There are thousands of small companies that use a lot of bandwidth for a lot of amazing stuff and there will only be more as the future becomes the present.
The fact that net neutrality would benefit Yahoo and Google as well as small companies and individuals tells you that it is for the common good.
Actually yes, I have performed a Gentoo install and I chose which kernel to download and compile selecting the one that isn't the newest every-time because the current release always had problems. It has improved over the years but that is why I have testing servers. I can pilot updates and know if they're going to break anything.
Gentoo has changed over the last two years to make stage 3 installs a reality and your statement about a stage 3 install being identical to a stage 1 install is just simply pointless. The very nature of it results in the same thing, since it's a modular OS, of course you can pull it out an optimize, you can do it again and again regardless of where you started from.
It's like me distilling my own water versus you buying distilled water. Of course the result is the same. The only difference is that I'm not relying on scripts that other people have added which has been a common sore point in Gentoo. Little bugs here and there you'll find in your stage 3 install that you'll have to pin down one by one. My stage 1 install will result in a stable, high performing system without any bugs every time.
I will also add that a stage 3 Gentoo install is not something I would consider risky, any bugs you encounter are likely to just be annoying and not critical. When I'm install a mission critical server though I'm going to take my time and make sure it is setup right the first time so that I don't have to revisit it.
If people are automatically hopping on the latest software from Gentoo then I fear for them, I don't do that for any updates on any platform. Everything is always test deployed first.
Your points are fair enough, it's honestly been a few years since I've done a Gentoo install because my Gentoo machines are still running just fine. I liked it as a learning opportunity, but now that I have learned a stage 3 install sounds like a better plan. I just don't know that I trust them to make all the decisions for me if it's a server or some specialized network service.
Of course nothing is hidden so I suppose you just have to verify once and then you're good to go for future installs. Scripting changes as necessary would make it even easier.
I will take your advice and give it a second look. I have an Oracle collaboration server I'm throwing together and I think Gentoo will be its base although I had thought Debian was perhaps a better choice since I don't have a lot of time to waste on it but if I can learn something new then it would be worth it.
Sorry, but you have an odd definition of reality. Whitehouse.gov was completely taken out by a DDoS some years ago when it was a huge issue. Now in the last year we've had massive DDoS attacks on the root DNS systems which naturally held up because these trunk level ip filters you seem to think are impossible to implement HAVE been implemented. So in short, the only one that doesn't think this can be implemented globally is you.
I'll refer you to AT&T "Clean pipes" initiative as an example of a multinational corporation implementing this on a massive scale and using it to charge their customers more while giving their customers more value for their dollar. Face it, DDoS attacks were already a huge problem, you just never noticed because you were too busy saying everything is impossible and that countries can't work together despite that being the very nature of the Internet. AT&T is by far not the only ISP implementing this all over their backbone as well. Refer to at least a couple dozen other posts in this thread and you will see that are lots of options and many of them are deployed and the same method does not need to be deployed globally to be effective. As I said, it only really needs to happen when you peer with another provider. It saves the ISPs money on back haul charges and they can charge their customers more for the same service that they already had an interest in delivering.
I also don't understand how that proves your point and not mine when it clearly illustrates that the problem is indeed widespread and has affected people with the means to create real change. It might help your point as well as mine but it certainly discredits nothing. This is why the Whitehouse.gov is where it is today. It wasn't always distributed, why do the think they spent millions to make it that way in the first place? You think they just thought it was a good idea at the time? Perhaps you don't realize that big business is not proactive nor is big government.
I wasn't referring to watching compiler messages, I was referring to USE flags, the fact that you actually have to choose which FS you want to use, the fact that you have to add all your hardware and compile a kernel that will actually function for you. This all gives you a much lower level idea of how an OS works and gives you a lot of insight into Linux as a platform. You have to know what processor you have and depending on what release it may impact your choices during your install. The handbook is very thorough and informative while you're installing.
Face it, a lot of the hype behind Gentoo is legitimate, there is always BS surrounding every distro. It is a pain in the ass to get going, but once you're there you are there and will stay there until the machine dies.
Personally I've always seen the strength of Gentoo in that it teaches you how an OS really works for the most part. You're doing every step along the way assuming a Stage 1 install which is the only Gentoo installs I'll perform. You are building your system from the ground up and with that you learn a lot about the underlying systems that you just won't learn from installing and using Ubuntu.
Of course the speed and optimizations are nice as well, with a Gentoo install the only things running on the systems are applications that you explicitly command it to run. It's a pain and I wouldn't really use it for a general purpose workstation but for some servers its simply great. Of course with Gentoo you have to always wait a bit after every release since every new release has big bugs. That's what testing servers are for though.
In short, I agree with you. There is definitely a place for both.
Wow, talk about not understanding what a SAN actually is. A $4700 unit is no comparison to what you get for 50k from an HP or IBM SAN solution. The biggest factor, I started with 30tb now I need 100tb! Oh noes, I need to buy more units and create more volumes. With a SAN you fill up your fabric or iSCSI switch with more storage racks allowing you to mix and match, SATA, SCSI, FCA or anything else you like. Then replicate the whole deal off-site at the hardware level.
Now mirrored OS drives? Are you mad? You've got a SAN, the suckers will boot straight from the SAN meaning you'll never have to worry about RAID array failure or hard drive failure causing downtime. This also means there is no need for hard drives in your blade which will reduce the internal temperature under full load. Of course since the OS drive is connecting through a fiber-channel SAN it is a hell of a lot faster than two mirrored drives which means faster and more reliable servers and increased uptime. A motherboard fries? No problem, either remap the LUN to another server with identical hardware which could be configured automatically or just change which port the server is plugged into the fabric.
There are hundreds more advantages here, ZFS does address a lot of them but it is not at that level and not near the performance. How about automatic archiving of files that haven't been accessed in say six months? Either archive to near-line storage or to tape, or do a tiered approach and archive to near-line after six months and tape after a year. The management is there for SANs and is very mature. It's just getting started for ZFS. ZFS is turning out to be a great low cost alternative meaning less risks starting out, but once you're into SAN country and not just DASD land then the rules are different.
There are heads of state which have experienced the effects of DDoS attacks. Think Whitehouse.gov
Furthermore, most of these mechanisms are already deployed, they just aren't enforced unless you pay extra for the protection. Even then, it's too late, by then the traffic has aggregated enough bandwidth that the problem is much harder to work with. Kill it before it becomes big and see how the problems disappear.
The U.S. isn't the only country interested in this kind of protection especially with all the news of China and it's growing online presence. Japan and Taiwan have both experienced problems in this regard as well. I'm sure South Korea isn't far behind.
In the case of AT&T I want nothing to do with them. It does add value so it makes a lot of sense. So you've backed up my point. There is no down side to mass DDoS filtering. There is absolutely no reason why ISPs can't step up and at the very least make this much less of an issue.
I agree that people often give up freedom for security and that it is never worth it. In this case however the only freedom being taken away is the freedom to launch DDoS attack on people. It's very limited in scope and only serves the best interests of the law abiding with zero innocents getting caught in the crossfire. It's a total win-win situation, the only thing is costs is a little time and probably a bit of money which we waste in dealing with the problems of DDoS attacks. I've had to divert time and other resources to deal with such things in the past and I tend to believe if there is something we can all do to help prevent this then we'll all benefit and there is no reason not to participate. This is a reason outgoing port 25 is completely banned on the subnets thats my workstations use. I have selective bans on other subnets which contain servers allowing only the MTAs to transfer mail out.
Basically if people become more responsible for the machines in their care the problem goes away. To aid in this end I think ISPs should assist by blocking DDoS attacks. I don't see any downside to it. If you're forging an IP address then you don't intend to receive the result of what you're sending out. I can't find any legitimate reason for this on the Internet.
Perhaps you missed the part I wrote about maintaining anonymity? Preventing DDoS is very easy without needing to identify people. I also said that most countries don't control the Internet because corporate entities do. I was not advocating this be changed. Only that we provide guidelines to those entities that peer with other providers. If you implement some basic techniques at the peering locations then you can prevent the vast majority of DDoS attacks because it can be aggregated enough to cause problems. Then the regional personnel can handle the problem with whatever policy they see fit, whether it be through shutting off the subscribers bot infested machine or just simply ignoring the problem. As long as it doesn't go past the next peering point then the problem won't become an aggregate problem and DDoS will be gone and no government has any new way to censor beyond their current abilities.
Control and freedom are not mutually exclusive, everyone at my office can go to whatever website they like. My firewall will filter out 99% of any malware they encounter. Local access privileges restrict the last 1% from actually causing any harm so my users can do what they like without worry, plus they don't have to see myspace ads. I don't have to track them to provide a little control over them. I'm getting rid of the bad while allowing them to continue on their merry way.
In short, I fail to see how anything I said that would appeal to an authoritarian regime as it would prevent them from launching DDoS attacks on their neighbors. That's the whole point, it is nothing but a net gain so I don't understand why there would be any resistance to something like this
That wouldn't be the case if the ISP at the source in question had also implemented the technique before they peer with another provider. At that level the aggregate is a lot smaller and much easier to pin down. The real problem is coming up with a non-Cisco proprietary solution. Something not encumbered with copyright and patents which I believe is what is holding up a lot of development in anti-DDoS techniques.
HP and a few others have been learning this lesson trying to implement standards wherever they can. The bonus for the Cisco people is that you usually get the standards with Cisco proprietary on top so it doesn't kick them out of the play area. Move to standards and get every ISP to implement them perhaps with tax incentives and the problem becomes a lot smaller. Of course the major ISPs already receive a lot of tax dollars so maybe we just specify how that money is spent as currently it looks like there is no accountability.
Slashdot Mirror
You also don't "need" to defragment the files. The FS is perfectly happy filling in the gaps with additional files. Performance will suffer but it will indeed work reliably.
In Windows 2000 and XP you can format Fat32 up to 160gigs assuming you have the correct driver. With SP2 for XP you can format it up to 250gigs I believe. Most removable drives from Maxtor for instance were and are formatted Fat32.
Technically you're right though, since most Linux distros can format fat32 up to 2tb. NTFS is vastly superior though so the issue has never really affected me personally. Of course on a Windows machines you don't have to use Microsoft's formatting or partitioning tools, you can always format fat32 up to 2tb on your linux box then put the disk into a Windows box and it will read it just fine. I can't imagine why you would want to do that but the option exists.
You can run SSH on several smart-phones already so I don't know why technical people would want it over any Windows Mobile or other smart-phone.
Last I checked the thing had no mechanism for ActiveSync, so no real-time synchronization with email, calendars, contacts. In my phone I don't have Outlook contacts and regular contacts. I have one place, if I add it to my contacts in Outlook it will appear on my phone almost instantly depending on the time of the day. Alternatively if I add a contact while I'm out in the field it will automatically be in Outlook where it is safely backed up.
Storage on the smart-phones is simple as well, a simple SD card and you can have a good chunk of music, or lots of reference material, or in my case, a password database.
Emailing while out in the field has become a big app too, from what I'm seeing the iPhone won't hold up real well to texting. Besides the fact that the screen would get dirty I don't know how it would stand up to regular cell phone abuse. How many times have I dropped my Treo? Many, and it's still fine, the phone isn't as pretty as it once was but it's still fully functional.
Lastly, and the biggest reason why the iPhone is not for business. As systems administrator I can't remotely manage and secure the phones for my organization. If a Treo is lost and there are important sensitive documents on the phone I can simply erase everything on it so that any person they may find it on a park bench somewhere will not see that sensitive information. I can do this all wireless and in real-time.
Considering OS X for the desktop still lacks these advanced management, monitoring, and security tools I don't think the phone is going to get it anytime soon. I will admit, the day that Apple does close this whole I imagine their market share will rise much faster. Combine that with binary compatibility with Windows and Apple would have all it needs to become dominant. I don't see it happening though, Apple has always seemed content to be a smaller player in the field of business.
I'm curious, how is leaving a meeting easier than texting during the meeting? With a standard qwerty keyboard that comes with the Q you don't need to look at the keys at all so you can do it discreetly and politely.
The big app is indeed texting or various forms of IM. If people just wanted to make calls then they would buy phones that make a whole lot more sense for that.
The general trend lately with phones is that they are getting bigger, not smaller, which is precisely to accomodate texting. Everything else could be put into smaller and smaller packages. Hell, with a 4gig SD-HC card my phone could store a ton of music if I were so inclined. Alternatively I can store powerpoints, reference diagrams, whatever I want. I can also throw it into any card reader on a computer and be good to go.
I think the iPhone is more about the coolness factor. I'm not sure how well the screen will hold up to the pain most cell phones go through. How careful do you have to be not to keep it in the same pocket with keys?
I rarely ever use predictive text on my phones because I've been buying smartphones lately and with the qwerty keyboard it's just not necessary and as always, predictive text usually just makes texting more difficult. Some people have no problems with it, good for them. The Treos, Q, Nokia e62, and the other smartphones are hands down better for business so I definitely see this being targeted towards teens. Everyone else uses their laptops to send the level of multimedia required. If you're in business then you want active sync with real-time access to your calendar, contacts, and of course email. The fact that my office phone voice mail goes to my email makes it even more important that I keep up with my email. Then of course there is the fact that I can as systems administrator restrict and manage the phones remotely and wirelessly. The iPhone may be able to do all this but OS X currently lacks these advanced management tools entirely for the desktop, so I won't hold my breath for the phone. If that is changed then it and OS X in general will be a hit, from what I hear, the phone lacks all of these business features, so I don't see it getting adopted too quickly until they make some pretty big changes.
Beyond the fact that it looks cool I can't see any compelling reason to get an iPhone at this point in time. That however, may be enough to great a trend.
Fair enough and I must compliment you on presenting your side of the issue civilly.
I do see your point and it is a compelling argument. In a perfect world your ideas here would make perfect sense and the world would be better off going your way. I don't see AT&T, Cox Cable, Comcast, or any other large ISP operating the way you describe. In regards to IPTV you could have different providers coming over the same pipe like what happens with WinampTV today. The service is already there, it works great, and it works over a neutral network because it was designed to allow for congestion for the rare moments where congestion is actually a problem.
I didn't get into much detail but when I take the company to Florida we VPN into our office in AZ where our PBX is located. All our phones are SIP and communicate over the Internet without a problem. Customer based QoS is far more important than QoS on the backbone, as I said, the ISP pipes are big enough to handle it. When they are no longer big enough then you just light up more of the fiber that isn't currently lit but is in the ground already. Then you simply load balance and you're good to go. I don't need my end-point to have gigabit unless I'm hosting my website which a couple of times a year will see millions of people suddenly flocking to it to get our latest numbers, photos, and videos.
I don't have a problem suggesting this plan of action because we already give ISPs billions every year to lay the ground work which they are squandering on mismanagement and poorly designed roll outs. In short, they should have the money to purchase the equipment to ramp up their backbone as required.
I'll give an example with Qwest. We put in an order for 12 T1s to be installed on site here in AZ. It was critical we had these Ts in place before a certain date so we ordered them well ahead of time. A month before the event we were checking up on the progress and only two T1s had been installed. We pushed and pushed including the CEO of our company calling the CEO of Qwest to get things pushed through. The next day a tech came to our site and installed one more T1, the next day another T1 with a different. Ultimately we had 7 of the 12 we needed but that's why we have contingency plans. They are so inefficient that the source of their problems isn't congestion but mismanagement. I don't think adding more management to the network is going to make anything better, in fact, I think it's going to make it a whole lot worse.
I would tend to propose a compromise since as I said, your points are valid and make a lot of sense. Make the thing neutral until the companies can demonstrate enough specific examples that it makes sense to start prioritizing things on the backbone level. I don't see any applications that require this to date. My P2P client will not fill my cable Internet let alone my gigabit Internet pipe because I'm not downloading that much and when I am, I throttle it down on my end to allow for my connection to be shared with my roommates. I have the bandwidth, let me prioritize as I need it and keep the ISPs out as they at the very least seem to be only out to screw America out of what we deserve after all our investment in them.
I've seen this stance before, it's perfectly logical but it shortsighted. The problem isn't that providers should have to pay money for special treatment, it's that one provider pays then all providers have to pay. So one person trying to role out IPTV will not be able to compete with another company that has money to throw at it. If every service has the same priority on the pipe then you build your technology around that condition knowing that congestion is solved by bigger and better pipes.
There is also the fact that tax dollars from content producers such as Google, as well as tax dollars from the individual such as myself helped pay for the pipe that AT&T wishes to charge more money for quality access. If we're giving them all this money we should be be benefiting from it, not getting charged more and more while the rest of the world is paying less and less.
If you're having problems with VOIP over the Internet, blame your ISP and get a new one that can intelligently handle your traffic. Personally I have no problems with such things even when I go to Florida and connect back to Arizona. That's about as worse a case scenario I can think of and VOIP works just fine. So I don't see the need to add more restrictions and force people to pay twice for access to the Internet. Last I checked I paid $81.99/month for 7meg down and 896kbps up not just the 7meg down so I should be able to use all of that as much as I want.
The website end of things too, we pay for collocation facilities and pay a ton for gigabit Internet, why should we have to pay twice because people are interested in our site?
I see no reason why IPTV or any other service out there is in any way restricted by neutrality, that is why virtually anything and everything requiring any kind of connectivity always has some sort of buffer. Especially in an IPTV scenario network latency plays no part, virtual reality chat with integrated HDTV might be more latency sensitive but should that come into existence we'll have faster access to each-other so the issue will solve itself assuming ISPs stay competitive on service.
Probably because you have things like Exchange 2003-2007, Windows Server 2003 including IIS6, MOM 2005, SQL 2005, SMS 2003 and a bunch of other products which despite what you seem to think weren't disappointments. Windows CE through Windows Mobile 5.0 have all been rather consistently high quality. Real PDAs actually work and work well unlike these smart phones which the carriers seem to screw up again and again. Why does my $400 iPaq work a lot better than my smart phone? Twice the ram you say? Twice the processor power you say? More than twice the battery life you say? Funny how well it works when you don't have the phone company doing installs for you.
If MS products didn't work the vast majority of the time for the vast majority of people then it wouldn't still be popular given all the valid alternatives.
MS has certainly put out failures, the Zune for one right off the top of my head. The company puts out a lot of products though, some are good and some are bad. Pretty much like any big software company. Look at Oracle, the base DBMS is rock solid, all the add-ons, not so much.
It kills me that I have to defend MS from complete FUD such as this. Why is it that people can't just stick to facts instead of presenting opinions as fact?
Because I already know how to do what I need to do with Debian. With Gentoo it's different but a stage 3 install really makes me reconsider.
Fair enough, it's safe to say the state of the economy is certainly not a simple conversation. So many people want it to be a black and white problem when it's always been a giant cloud.
They are all following the lead of IBM laying off 1500 people for no reason after meeting profit projections. Gotta love it!
Except that the only reason inflation is down is because people aren't being paid more to purchase all the goods that have gone up in price. I'd call that bad times for a lot of people. Fortunately I'm still due my raise, woohoo for no inflation!
You keep referring to Cisco proprietary URPF like I suggest it as the end all be all. It's amazing the things you choose to focus on. Do you really think Clinton made technology decisions for the Whitehouse? Hell no, there are people paid to perform such tasks so your asking for him to say it is just ridiculous. In much the same way the my boss's spam problems are handled by me because the problem affects him but I'm responsible for it.
There are other techniques for fighting against DDoS attacks one of which has been used for the last 5 -10 years to protect corporate machines from virus infections. When there is a massive surge of traffic in one direction you split it and multi-path the whole thing. If too much traffic is coming from one location then it starts to filter that one location dynamically and on the fly. It's just one of hundreds of protection mechanisms employed all over the world already.
The only problem is in the lack of standards, corporation A implements solution B while corporation C implements solution D which is incompatible. If there was a standard they could work together and both save a lot of money. Since there is no standard they both spend a lot of money and achieve the same result.
I've concluded you don't have a point since even in your example of URPF the solution is very effective even today, just because it is not 100% effective doesn't make it not worth deploying. You're probably one of the people that thinks if services are configured properly on all servers then you don't need a firewall. Completely short-sighted
As for a briefing from the whitehouse, here is an example from the Bush adminstration. Older articles are indeed harder to find but this is a pretty clear statement about DDoS attacks back when there were even less options.
You completely an utterly missed my point. I never once suggested using tax dollars to require this of companies. I said specifically there should be standard technologies not encumbered by copyright or patent that all companies could use so my current HP infrastructure restricts me to using HP anti-DDoS techniques, the Cisco approach is proprietary along with several other companies that offer such things. If there was a common standard many more ISPs that are smaller would then implement such technologies. I never said any specific technology should be implemented.
So you're reality seems to be reading things that were never said so I'm going to trust my reality where my firewalls don't accept traffic from the wrong location. If someone is spoofing and address inside my network they will not get out to the Internet. It's easy for me to deploy as I have the resources to do it.
I'm going to trust my reality and ignore the fact that GWB wasn't President when Whitehouse.gov was upgraded and that Clinton did indeed rally international support for these kinds of controls as well as controls I wouldn't agree with. I also never said that one technique had to be deployed globally, I said over and over that it needs to be implemented when an ISP peers with another ISP, it makes total sense and your opposition to it is astounding to say the least as it's completely irrational. A technology that can save an ISP lots and lots of money while putting an end to DDoS attacks really has no downside especially given that the vast majority of large companies out there have already invested in these technologies.
Highly redundant servers and links are just the beginning and most certainly not the only solution that was implemented. The fact that you think it is I'm finding more and more humorous considering they have since deployed some very high end anti-DDoS solutions as distributed servers alone are not enough to prevent this. If you can saturate one link you can certainly saturate three links.
I will say that we are a much much smaller company but twice a year we have spikes to our bandwidth consumption that results in millions coming to our website and hundreds of megs of bandwidth coming out of our collocation facility. This helps us too! I know of companies like Live Global Bid and Limelight which offer content services and would probably be shut down if they had to double pay for delivering content.
There are thousands of small companies that use a lot of bandwidth for a lot of amazing stuff and there will only be more as the future becomes the present.
The fact that net neutrality would benefit Yahoo and Google as well as small companies and individuals tells you that it is for the common good.
Actually yes, I have performed a Gentoo install and I chose which kernel to download and compile selecting the one that isn't the newest every-time because the current release always had problems. It has improved over the years but that is why I have testing servers. I can pilot updates and know if they're going to break anything.
Gentoo has changed over the last two years to make stage 3 installs a reality and your statement about a stage 3 install being identical to a stage 1 install is just simply pointless. The very nature of it results in the same thing, since it's a modular OS, of course you can pull it out an optimize, you can do it again and again regardless of where you started from.
It's like me distilling my own water versus you buying distilled water. Of course the result is the same. The only difference is that I'm not relying on scripts that other people have added which has been a common sore point in Gentoo. Little bugs here and there you'll find in your stage 3 install that you'll have to pin down one by one. My stage 1 install will result in a stable, high performing system without any bugs every time.
I will also add that a stage 3 Gentoo install is not something I would consider risky, any bugs you encounter are likely to just be annoying and not critical. When I'm install a mission critical server though I'm going to take my time and make sure it is setup right the first time so that I don't have to revisit it.
If people are automatically hopping on the latest software from Gentoo then I fear for them, I don't do that for any updates on any platform. Everything is always test deployed first.
Your points are fair enough, it's honestly been a few years since I've done a Gentoo install because my Gentoo machines are still running just fine. I liked it as a learning opportunity, but now that I have learned a stage 3 install sounds like a better plan. I just don't know that I trust them to make all the decisions for me if it's a server or some specialized network service.
Of course nothing is hidden so I suppose you just have to verify once and then you're good to go for future installs. Scripting changes as necessary would make it even easier.
I will take your advice and give it a second look. I have an Oracle collaboration server I'm throwing together and I think Gentoo will be its base although I had thought Debian was perhaps a better choice since I don't have a lot of time to waste on it but if I can learn something new then it would be worth it.
Sorry, but you have an odd definition of reality. Whitehouse.gov was completely taken out by a DDoS some years ago when it was a huge issue. Now in the last year we've had massive DDoS attacks on the root DNS systems which naturally held up because these trunk level ip filters you seem to think are impossible to implement HAVE been implemented. So in short, the only one that doesn't think this can be implemented globally is you.
I'll refer you to AT&T "Clean pipes" initiative as an example of a multinational corporation implementing this on a massive scale and using it to charge their customers more while giving their customers more value for their dollar. Face it, DDoS attacks were already a huge problem, you just never noticed because you were too busy saying everything is impossible and that countries can't work together despite that being the very nature of the Internet. AT&T is by far not the only ISP implementing this all over their backbone as well. Refer to at least a couple dozen other posts in this thread and you will see that are lots of options and many of them are deployed and the same method does not need to be deployed globally to be effective. As I said, it only really needs to happen when you peer with another provider. It saves the ISPs money on back haul charges and they can charge their customers more for the same service that they already had an interest in delivering.
I also don't understand how that proves your point and not mine when it clearly illustrates that the problem is indeed widespread and has affected people with the means to create real change. It might help your point as well as mine but it certainly discredits nothing. This is why the Whitehouse.gov is where it is today. It wasn't always distributed, why do the think they spent millions to make it that way in the first place? You think they just thought it was a good idea at the time? Perhaps you don't realize that big business is not proactive nor is big government.
I wasn't referring to watching compiler messages, I was referring to USE flags, the fact that you actually have to choose which FS you want to use, the fact that you have to add all your hardware and compile a kernel that will actually function for you. This all gives you a much lower level idea of how an OS works and gives you a lot of insight into Linux as a platform. You have to know what processor you have and depending on what release it may impact your choices during your install. The handbook is very thorough and informative while you're installing.
Face it, a lot of the hype behind Gentoo is legitimate, there is always BS surrounding every distro. It is a pain in the ass to get going, but once you're there you are there and will stay there until the machine dies.
Personally I've always seen the strength of Gentoo in that it teaches you how an OS really works for the most part. You're doing every step along the way assuming a Stage 1 install which is the only Gentoo installs I'll perform. You are building your system from the ground up and with that you learn a lot about the underlying systems that you just won't learn from installing and using Ubuntu.
Of course the speed and optimizations are nice as well, with a Gentoo install the only things running on the systems are applications that you explicitly command it to run. It's a pain and I wouldn't really use it for a general purpose workstation but for some servers its simply great. Of course with Gentoo you have to always wait a bit after every release since every new release has big bugs. That's what testing servers are for though.
In short, I agree with you. There is definitely a place for both.
Wow, talk about not understanding what a SAN actually is. A $4700 unit is no comparison to what you get for 50k from an HP or IBM SAN solution. The biggest factor, I started with 30tb now I need 100tb! Oh noes, I need to buy more units and create more volumes. With a SAN you fill up your fabric or iSCSI switch with more storage racks allowing you to mix and match, SATA, SCSI, FCA or anything else you like. Then replicate the whole deal off-site at the hardware level.
Now mirrored OS drives? Are you mad? You've got a SAN, the suckers will boot straight from the SAN meaning you'll never have to worry about RAID array failure or hard drive failure causing downtime. This also means there is no need for hard drives in your blade which will reduce the internal temperature under full load. Of course since the OS drive is connecting through a fiber-channel SAN it is a hell of a lot faster than two mirrored drives which means faster and more reliable servers and increased uptime. A motherboard fries? No problem, either remap the LUN to another server with identical hardware which could be configured automatically or just change which port the server is plugged into the fabric.
There are hundreds more advantages here, ZFS does address a lot of them but it is not at that level and not near the performance. How about automatic archiving of files that haven't been accessed in say six months? Either archive to near-line storage or to tape, or do a tiered approach and archive to near-line after six months and tape after a year. The management is there for SANs and is very mature. It's just getting started for ZFS. ZFS is turning out to be a great low cost alternative meaning less risks starting out, but once you're into SAN country and not just DASD land then the rules are different.
There are heads of state which have experienced the effects of DDoS attacks. Think Whitehouse.gov
Furthermore, most of these mechanisms are already deployed, they just aren't enforced unless you pay extra for the protection. Even then, it's too late, by then the traffic has aggregated enough bandwidth that the problem is much harder to work with. Kill it before it becomes big and see how the problems disappear.
The U.S. isn't the only country interested in this kind of protection especially with all the news of China and it's growing online presence. Japan and Taiwan have both experienced problems in this regard as well. I'm sure South Korea isn't far behind.
In the case of AT&T I want nothing to do with them. It does add value so it makes a lot of sense. So you've backed up my point. There is no down side to mass DDoS filtering. There is absolutely no reason why ISPs can't step up and at the very least make this much less of an issue.
I agree that people often give up freedom for security and that it is never worth it. In this case however the only freedom being taken away is the freedom to launch DDoS attack on people. It's very limited in scope and only serves the best interests of the law abiding with zero innocents getting caught in the crossfire. It's a total win-win situation, the only thing is costs is a little time and probably a bit of money which we waste in dealing with the problems of DDoS attacks. I've had to divert time and other resources to deal with such things in the past and I tend to believe if there is something we can all do to help prevent this then we'll all benefit and there is no reason not to participate. This is a reason outgoing port 25 is completely banned on the subnets thats my workstations use. I have selective bans on other subnets which contain servers allowing only the MTAs to transfer mail out.
Basically if people become more responsible for the machines in their care the problem goes away. To aid in this end I think ISPs should assist by blocking DDoS attacks. I don't see any downside to it. If you're forging an IP address then you don't intend to receive the result of what you're sending out. I can't find any legitimate reason for this on the Internet.
Perhaps you missed the part I wrote about maintaining anonymity? Preventing DDoS is very easy without needing to identify people. I also said that most countries don't control the Internet because corporate entities do. I was not advocating this be changed. Only that we provide guidelines to those entities that peer with other providers. If you implement some basic techniques at the peering locations then you can prevent the vast majority of DDoS attacks because it can be aggregated enough to cause problems. Then the regional personnel can handle the problem with whatever policy they see fit, whether it be through shutting off the subscribers bot infested machine or just simply ignoring the problem. As long as it doesn't go past the next peering point then the problem won't become an aggregate problem and DDoS will be gone and no government has any new way to censor beyond their current abilities.
Control and freedom are not mutually exclusive, everyone at my office can go to whatever website they like. My firewall will filter out 99% of any malware they encounter. Local access privileges restrict the last 1% from actually causing any harm so my users can do what they like without worry, plus they don't have to see myspace ads. I don't have to track them to provide a little control over them. I'm getting rid of the bad while allowing them to continue on their merry way.
In short, I fail to see how anything I said that would appeal to an authoritarian regime as it would prevent them from launching DDoS attacks on their neighbors. That's the whole point, it is nothing but a net gain so I don't understand why there would be any resistance to something like this
That wouldn't be the case if the ISP at the source in question had also implemented the technique before they peer with another provider. At that level the aggregate is a lot smaller and much easier to pin down. The real problem is coming up with a non-Cisco proprietary solution. Something not encumbered with copyright and patents which I believe is what is holding up a lot of development in anti-DDoS techniques.
HP and a few others have been learning this lesson trying to implement standards wherever they can. The bonus for the Cisco people is that you usually get the standards with Cisco proprietary on top so it doesn't kick them out of the play area. Move to standards and get every ISP to implement them perhaps with tax incentives and the problem becomes a lot smaller. Of course the major ISPs already receive a lot of tax dollars so maybe we just specify how that money is spent as currently it looks like there is no accountability.