Or the woman who backed up the office database, reinstalled SQL server, and backed up the new (empty) server on the same tape. Yeah, a new tape would have solved that problem. Or, you know, not being a mindless automaton.
It is not obvious to someone replacing the backup tape whether the backup is appended to the previous backup or replaces the previous one entirely. The former was not all that uncommon back when backup tapes had decent sizes. These days where you need 4 tapes to backup a single drive no one appends.
Of course there are tons of other things wrong with a one-tape backup schedule, but again she couldn't necessarily be expected to know about them.
It would just be nice if all connections were protected from passive sniffing by default. HTTPS is fine as it is (well its PKI is broken, which is why we have this article). However, doing opportunistic encryption for HTTP would be nice, it's just important that the secure connection icon ISN'T being shown, because the connection ISN'T secure.
It's very different. OSPF requires everyone to know the layout of the complete network. For mesh networks, OSPF is useless, it never converges. Attempts to amend OSPF to work for mesh networks have so far failed.
AntNet works quite badly, but it does get most of the traffic to its destination most of the time. That is a lot better than anyone else does.
UDP packet order is already unreliable. You have to build in your own sequencing and error-correction logic at the application level (if you need it).
For both UDP and TCP, most actual uses require packet order to be almost-maintained. TCP gets basically useless if there is more than a little bit of packet reordering, and VoIP with packet reordering is no fun at all.
And if they want it to look right, they need to set it to exactly what the original author did. Every time you decide to break up a line of code, you're making a decision that locks the reader into a particular spacing in order to have legible code.
No. You indent by tabs to the correct level, and add spaces for effect afterwards where necessary. Even if you end up adding more spaces than a tab width. That way it looks right no matter the tab width.
Guaranteed easy kill for any wannabe terrorists who drive a loaded truck or car bomb underneath this bus. Stupid idea.
I don't think you realize how easy it is to kill lots of people with a car bomb already. This thing won't improve the kill ratio by even 2:1 and may even lower it because the bus would likely contain the explosion somewhat.
Yes, HP is the worst out there when it comes to recovery disks. My 6730b had no option for burning recovery disks at all. Strangely enough it came with fairly pristine Windows XP install disks...
Not that it matters all that much, I boot Windows XP every month to get the security updates and every 3 months to run some random proprietary software which doesn't work in Wine.
Sure, I do that, but the reality is that right now Danish ISP's are FORCED to keep the data. The ISP's have tried to convince the politicians that this is a bad idea, but so far no luck. The same is the case for many other countries, unfortunately.
Yes but the point is, there are now sufficient users running browsers other than IE that you have to develop for them...
The funny thing is that when Firefox had a similar market share to what IE6 has now, lots of sites said "screw it, this site only works in Internet Explorer". Adding support for Firefox was easy; just write a reasonably standards-compliant site and it looked ok in Firefox. Now developers have a much harder job trying to make sites work in IE6, yet you rarely see sites just rejecting it.
I still find the occasional site telling me I have an unsupported browser (Yahoo is one of them, which is pretty hilarious in 2010). HP blade enclosures "support" Firefox by asking you to install the IE tab extension.
The police just send a warrant to the ISP and get the last 6+ months of activity as well as billing information. No need to bother with breaking into any routers.
Or more likely, the police just files the report of the crime and never investigates.
There may be other ways, perhaps involving GPS-enabled cell devices using various third party software products, or even first party depending on the party.
Wikipedia is wrong then. Internet Explorer doesn't do SNI on Windows XP, but Firefox is fine. More specifically the library SChannel is broken on XP, and therefore the browsers depending on SChannel have a problem. That includes Internet Explorer and it at least used to include Chrome, although Google has been working on an alternative NSS implementation. It seems that Chrome M6 has the problem fixed.
It is even common that you can't replace the router because the ADSL modem is built-in and they won't give you the PPPoA password. This would be reasonably ok if the routers they provide weren't horribly unstable and running 3 year old customized ISP-specific firmwares with even more interesting bugs.
I'm glad I'm in Denmark where you can usually get just a modem with an ethernet port + bridging -- and authentication is done by ADSL port in the DSLAM, so there's no password to worry about.
Even mid-range Cisco gear has similar problems. If you care enough, read the cisco-nsp archives, search for 7600... Apparently the high end has its share of interesting issues too, but they don't come up so often on that list, and I haven't had the chance to play with it myself.
Similarly with the FortiGate 3016B, another mid-range product. Very nice firewall which had some interesting NAT issues. Fortunately FortiNet has fixed the issues I found (pretty good tech support at least compared to e.g. Cisco). I only have one ticket open with them right now, which they promise they'll have fixed in 4.3.
However, the low end isn't without problems either. Why can't vendors e.g. get DHCP client implementations right? Even when they're running Linux and could just use dhclient instead of making their own?
You live in Southern California and your heating system runs in June! I'm beginning to understand how the US manages emit twice as much CO2 per capita as Europe.
Who cares if you leave disks 10% full? To get rid of the minimum of 2 disks per server you need to boot from SAN, and disk space in the SAN is often 10x the cost of standard SAS disks. Especially if the server could make do with the two built-in disks and save the cost of an FC card + FC switch port.
I/O's per second on the other hand cost real money, so it is a waste to leave 15k and SSD disks idle. A quarter full does not matter if they are I/O saturated; the rest of the capacity is just wasted, but again you often cannot buy a disk a quarter of the size with the same I/O's per second.
It worked four times as fast (at the time) but it cost more than four times as much.
Only in bandwidth. Latency sucked big time, and processors back then weren't very good at hiding latency, so real-world non-benchmark performance wasn't any better than decent SDRAM.
Actually it seems that WPA2 enterprise is exactly like a switched wired network. The casual users can't see each others traffic, but the knowledgeable can see everything. Unless there's an ubergeek doing the switch administration (which generally doesn't happen outside academia) and the switch is really good (which is rarely the case in academia).
Do not rely on switches for security within a particular VLAN, unless you go high-end and really know what you are doing. There are a million ways to beat switch "security", including mac spoofing, forcing the switch to flood traffic, fake DHCP, fake ARP, fake RA or ND (on IPV6). Each of those attacks can be stopped by a sufficiently clever and well-configured switch, although right now it is difficult to find one that can do RA and ND protection.
it would be insane to not expect things like this to happen.
I agree completely. However, that doesn't seem to stop the onward march of twice-removed oversight. I doubt this disaster will change that, at least not for long. After all, BP is just one bad apple and all the other companies have a perfect safety record... Until everyone can see the opposite, of course, and then it's just another bad apple.
Slashdot Mirror
So far I have heard zero horror stories about decent SSD drives, and lots of horror stories (including personal experience) about spinning disks.
All the concern about SSD seems to be theoretical.
Or the woman who backed up the office database, reinstalled SQL server, and backed up the new (empty) server on the same tape. Yeah, a new tape would have solved that problem. Or, you know, not being a mindless automaton.
It is not obvious to someone replacing the backup tape whether the backup is appended to the previous backup or replaces the previous one entirely. The former was not all that uncommon back when backup tapes had decent sizes. These days where you need 4 tapes to backup a single drive no one appends.
Of course there are tons of other things wrong with a one-tape backup schedule, but again she couldn't necessarily be expected to know about them.
It would just be nice if all connections were protected from passive sniffing by default. HTTPS is fine as it is (well its PKI is broken, which is why we have this article). However, doing opportunistic encryption for HTTP would be nice, it's just important that the secure connection icon ISN'T being shown, because the connection ISN'T secure.
The neat thing would be if HTTP could just transparently upgrade to SSL without displaying the secure connection icon.
It's very different. OSPF requires everyone to know the layout of the complete network. For mesh networks, OSPF is useless, it never converges. Attempts to amend OSPF to work for mesh networks have so far failed.
AntNet works quite badly, but it does get most of the traffic to its destination most of the time. That is a lot better than anyone else does.
UDP packet order is already unreliable. You have to build in your own sequencing and error-correction logic at the application level (if you need it).
For both UDP and TCP, most actual uses require packet order to be almost-maintained. TCP gets basically useless if there is more than a little bit of packet reordering, and VoIP with packet reordering is no fun at all.
You'd need a radar guided medium-altitude SAM. The typical insurgent will find it a bit too heavy to lug around much.
And if they want it to look right, they need to set it to exactly what the original author did. Every time you decide to break up a line of code, you're making a decision that locks the reader into a particular spacing in order to have legible code.
No. You indent by tabs to the correct level, and add spaces for effect afterwards where necessary. Even if you end up adding more spaces than a tab width. That way it looks right no matter the tab width.
Guaranteed easy kill for any wannabe terrorists who drive a loaded truck or car bomb underneath this bus. Stupid idea.
I don't think you realize how easy it is to kill lots of people with a car bomb already. This thing won't improve the kill ratio by even 2:1 and may even lower it because the bus would likely contain the explosion somewhat.
Yes, HP is the worst out there when it comes to recovery disks. My 6730b had no option for burning recovery disks at all. Strangely enough it came with fairly pristine Windows XP install disks...
Not that it matters all that much, I boot Windows XP every month to get the security updates and every 3 months to run some random proprietary software which doesn't work in Wine.
Sure, I do that, but the reality is that right now Danish ISP's are FORCED to keep the data. The ISP's have tried to convince the politicians that this is a bad idea, but so far no luck. The same is the case for many other countries, unfortunately.
Yes but the point is, there are now sufficient users running browsers other than IE that you have to develop for them...
The funny thing is that when Firefox had a similar market share to what IE6 has now, lots of sites said "screw it, this site only works in Internet Explorer". Adding support for Firefox was easy; just write a reasonably standards-compliant site and it looked ok in Firefox. Now developers have a much harder job trying to make sites work in IE6, yet you rarely see sites just rejecting it.
I still find the occasional site telling me I have an unsupported browser (Yahoo is one of them, which is pretty hilarious in 2010). HP blade enclosures "support" Firefox by asking you to install the IE tab extension.
The police just send a warrant to the ISP and get the last 6+ months of activity as well as billing information. No need to bother with breaking into any routers.
Or more likely, the police just files the report of the crime and never investigates.
There may be other ways, perhaps involving GPS-enabled cell devices using various third party software products, or even first party depending on the party.
Google Maps on cell phones does that, AFAIK.
Wikipedia is wrong then. Internet Explorer doesn't do SNI on Windows XP, but Firefox is fine. More specifically the library SChannel is broken on XP, and therefore the browsers depending on SChannel have a problem. That includes Internet Explorer and it at least used to include Chrome, although Google has been working on an alternative NSS implementation. It seems that Chrome M6 has the problem fixed.
It is even common that you can't replace the router because the ADSL modem is built-in and they won't give you the PPPoA password. This would be reasonably ok if the routers they provide weren't horribly unstable and running 3 year old customized ISP-specific firmwares with even more interesting bugs.
I'm glad I'm in Denmark where you can usually get just a modem with an ethernet port + bridging -- and authentication is done by ADSL port in the DSLAM, so there's no password to worry about.
because SSL sucks for virtual hosts
This has been fixed with TLS. See SSL with Virtual Hosts Using SNI. It doesn't work with IE6, but then, what does?
Even mid-range Cisco gear has similar problems. If you care enough, read the cisco-nsp archives, search for 7600... Apparently the high end has its share of interesting issues too, but they don't come up so often on that list, and I haven't had the chance to play with it myself.
Similarly with the FortiGate 3016B, another mid-range product. Very nice firewall which had some interesting NAT issues. Fortunately FortiNet has fixed the issues I found (pretty good tech support at least compared to e.g. Cisco). I only have one ticket open with them right now, which they promise they'll have fixed in 4.3.
However, the low end isn't without problems either. Why can't vendors e.g. get DHCP client implementations right? Even when they're running Linux and could just use dhclient instead of making their own?
You live in Southern California and your heating system runs in June! I'm beginning to understand how the US manages emit twice as much CO2 per capita as Europe.
Who cares if you leave disks 10% full? To get rid of the minimum of 2 disks per server you need to boot from SAN, and disk space in the SAN is often 10x the cost of standard SAS disks. Especially if the server could make do with the two built-in disks and save the cost of an FC card + FC switch port.
I/O's per second on the other hand cost real money, so it is a waste to leave 15k and SSD disks idle. A quarter full does not matter if they are I/O saturated; the rest of the capacity is just wasted, but again you often cannot buy a disk a quarter of the size with the same I/O's per second.
It worked four times as fast (at the time) but it cost more than four times as much.
Only in bandwidth. Latency sucked big time, and processors back then weren't very good at hiding latency, so real-world non-benchmark performance wasn't any better than decent SDRAM.
If you get to keep bits of the old computer, why not keep at least the hard drive and the case? Then we're down to a $150 computer.
Actually it seems that WPA2 enterprise is exactly like a switched wired network. The casual users can't see each others traffic, but the knowledgeable can see everything. Unless there's an ubergeek doing the switch administration (which generally doesn't happen outside academia) and the switch is really good (which is rarely the case in academia).
Do not rely on switches for security within a particular VLAN, unless you go high-end and really know what you are doing. There are a million ways to beat switch "security", including mac spoofing, forcing the switch to flood traffic, fake DHCP, fake ARP, fake RA or ND (on IPV6). Each of those attacks can be stopped by a sufficiently clever and well-configured switch, although right now it is difficult to find one that can do RA and ND protection.
it would be insane to not expect things like this to happen.
I agree completely. However, that doesn't seem to stop the onward march of twice-removed oversight. I doubt this disaster will change that, at least not for long. After all, BP is just one bad apple and all the other companies have a perfect safety record... Until everyone can see the opposite, of course, and then it's just another bad apple.