Jesus what an asshole this parent poster is. Someone asks for advice and this arrogant guy calls them incompetent for not being born with the knowledge. Someone please mod him troll; this is exactly why non-techies think we're all arrogant.
At least not to accomplish anything meaningful. The source MAC address changes every time the packet goes through a router, so in essence M$ would be blocking anyone and everyone whose last hop was the same as some guy who modded his xbox. Not even Microsoft is that stupid.
The article is on my level. I still use my Creative Nomad 1 for mp3s at the gym, even though part of me wishes it would break so I could get a new iPod. But time is on my side; since I bought that thing the iPod has gotten upgraded THREE times and even gotten a little cheaper. My laptop is a Tecra 8100 from 2000, my car has the original stock tape deck.
If you've ever gotten hung out to dry financially you get an appreciation for penny-pinching. My company went Chapter 7 in 2001 and didn't pay us. I was caught with about 2 months pad money (should always keep six around) and they stole our 401k, employee stock purchase, etc..
So after getting my ASS KICKED like that, I view using my old gear until it grinds noisily to a halt to be a form of purchasing something else... a solid night's sleep.
I don't know wth nanog is, but from that slideshow I wish I *was* there. It sounded right up my alley. And since my contract at AT&T is not being renewed due to their horrific financial condition I think I could have networked a little.
Null routes are indeed a terrible way to defend against DDoS attacks. ISPs nowadays are investing up to millions of dollars in *intelligent* defenses. These are mostly anomaly-based Network Intrusion Detection Systems (NIDS) from companies like Riverhead Networks, Top Layer and Vsecure Technologies sometimes referred to as "attack mitigators". Instead of a full-fledged NIDS like Snort, these systems focus primarily on DDoS attacks, and while I haven't used one professionally I have spoken with several people who have (old-school, cynical networking/unix guys) and they say that they are very good at not blocking innocent traffic.
Basically they look for anomolies like the rate of traffic hitting a specific site, then they start to look for patterns in the traffic (source IP, packet size, packet interval, page requested, etc.). From there the detection boxes inform a second machine that "scrubs" the traffic, in other words drops all nefarious stuff. Some of these guys sit inline (inline=the packets must physically pass through them as light/electricity) or sit off the path, but send BGP Updates to the routers passing these packets. The BGP Update technique is interesting because it allows the normal routers to send traffic destined to the IP under attack through the scrubber because the router has a very specific route to that machine, while the rest of the subnet is routed normally. Anyone familiar with BGP knows that you advertise the biggest supernet possible (/20,/22...) so this is nice in that it leaves your other stuff alone.
I'm sure some products use null routing at the end of this process, but it isn't some geek sitting at a keyboard typing in IPs. It's intelligent automation (at least one product actually checks to see if its remedy fixed the problem, and if it didn't it undoes the fix). I can tell you for a fact that AT&T is deploying a bunch of these attack mitigators (Riverhead - now part of Cisco) in their routing core.
As for writing an Apache module or taking steps on the actual target web site... the success of those will always be limited by the fact that they can only reduce the load somewhat, and a bandwidth exhaustion attack won't care if your site requires a login.
Stewart had a simple point, but they never let him flush it out. It was that these guys argue back and forth about the little crap like war records and "flip-flopping" that the campaign strategists *want* them to argue about. John seemed to be pleading with them to get real and start arguing about things that both sides are trying to play down, like exact specifics on budgetary (neither sides' line up) and exact specifics on the environment.
Instead the Crossfire guys fill the crucial role of disecting every little thing either candidate says, which leads both sides to avoid saying anything of substance. Bush said the war on terrorism can't be won and people jumped on him. He was right! You can never eradicate every terrorist, you can only bring the level down to a tolerable level ("tolerable" is a subjective point I know). As Bruce Scheier has pointed out, our tolerable level of car accident deaths in the US is 40k/year. So rather than discuss "winning" the war rationally and maybe try and think out loud about what he meant, Kerry's backers ran to twist and exploit it, and Bush's backers ran to do damage control.
So instead of heeding or even listening to his pleas, they interrupted him incessantly and the right-wing dork in the bow-tie was even insulting. BTW, is it me or does the right-wing take criticism exceedingly poorly?
If Joe Public cared about getting hardcore about science and/or technology, then Joe Public would have studied it in college, where the overwhelming majority studies Liberal Arts like History, PoliSci etc.. And most people I know (all to be honest) don't turn on the tube to learn something, they turn it on to relax. The reason programs like PBS Astronomy shows do decently well is that they skim the surface and make it more glamorous.
What do you think will happen when someone plops a math formula across the screen?
This also serves to remind us that no one can be Billy Badass in 100 different areas (unless you're Vin Diesel). A viewer may have a PHd. in Chemistry but not know much about designing embedded software. He turns the TV on, sees this show, and realizes that he can only spend about an hour (2 hours tops) on this topic, and thus decides it isn't worth it because the program is narrow and deep. He changes the channel.
The answer isn't, "No, only idiots watch TV", although that may be the cool answer. I'm not a *complete* moron and even I've been put in a situation where I ended up watching Friends with my wife. Dear god why did I admit that....
Yeah that was my first thought: "Great, now I'll have to microwave my driver's license".
Bruce Schneier has spoken on the concept of agendas. It is the govt's agenda to be able to identify me on a whim. It is not *my* agenda to be able to be identified on a whim. I am not a criminal and until I am they can byte me.
This will be the 6th Toorcon and my personal 4th. I've liked all of them a lot. The talks range from psuedo-political to highly technical (last year's talk about finding a truly random number generator was waaaay over my dumbass head). The atmosphere is very relaxed (duh) but not nearly as party-oriented as Defcon. It has the same type of games as Defcon (scavenger hunt, rootwars, etc.), and I get to ask the feds rude questions too!
So it's like Defcon light. They cut out all the crap and left the educational stuff.
I had a class at a local junior college that was really good. The department was using RH 7/8/9 (at the time no one really knew what was happening bc redhat fired out major release numbers so fast) but the instructor *made* us use the command line for everything. He taught basic scripting and vi, how to lock down the box, how to install things via source and rpm and keep them updated. I did the course on FBSD and someone the previous semester used Solaris, so the material largely transfered all over. Tons of stuff, and the kicker was the price - the course cost about $100 and was a semester long (3 hours/week).
So look around for junior colleges in your area, a lot of them are branching out from the "Get your MCSE in 90 days" crap and teaching all sorts of things like Oracle/SQL, Perl, Unix or whatever. The price is almost always better than what you'll find anywhere else too, although the pace may be a bit slower than what you want.
Oh yeah, the course was at Saddleback College in Orange County. The teacher was Jeff Dorsz (spelling?). I would recommend him to anyone.
Bush has done a lot things that should piss most people off.
Pulling us out of the Kyoto Accord. Pulling us out of the ban on land mines. Trying to hold prayer circles in the oval office. Pushing an Amendment against same-sex marriage (an Amendment essentially means the US could never change it's mind without incredible upheaval). Holding people indefinitely without charges. Opening commercial logging in Alaskan old-growth forests. Breaking the bank with skin-peeling deficits. Pissing on science for political agendas.
The list goes on and on, but the point is that the Bush regime is trying to focus attention on the war in Iraq and on terrorism as a whole because those are issues that are nebulous. Unless you are *really* rich or hardcore religious, most of Bush's actions at home are going to annoy you or piss you off, depending on your sensitivity to the issue.
The basic problem is that Bush is *too radical*. All politicians are in various pockets, but this guy is insane, not to mention an idiot of the highest magnitude. He can barely finish a sentence!
I've also heard this type of logic. It went: cut taxes on the rich (while sneakily raising taxes on the poor via capped taxes like social security), then the rich will spend/invest more money and rejuvinate the economy! Unfortunately the "trickle-down" theory didn't quite work out so beautifully (although I'm sure the rich who got richer employed extra people as butlers and cooks). It made a lot of rich people a lot richer, especially with savings and loan scams thrown in the mix, and made a lot of middle and lower class people poorer. While inflation did go down it's tough to pin that on trickle-down economics.
Whenever economists talk I cringe now because they have managed to reduce human beings to numbers and calculations - that's their job. I wish they were better at it....
My gut is telling me that corporate share-holders are going to be the big winners here while the rest of America gets left even *further* behind doing some stupid shit work, still scared of losing their jobs, and having just enough toys to keep them placated enough to not demand major change.
Check out the X Games. They are smaller, better and less corrupt, although that last part may (will) change with time.
Basically no one I know gives a crap who can run and jump hurdles the fastest, but watching people ride a halfpipe on a bicycle, doing backflips and shit, is just plain fun. So this corporate crap is just the lining in the coffin for me, and to be honest I don't know anyone under about 30 years that really cared about the olympics before.
A friend of mine worked the return counter at Target for years and refused to take back some underwear that was obviously years old. She said the lady freaked out on her. At least her manager took her side and it was only her student job.
TAC is a little shell script that pretends to correspond with you a little bit, then tells you to upgrade your IOS. Seriously, I've opened a lot of tickets with TAC in the last few years and that has been their answer in every single one.
At least they could have used perl or something so the correspondence part didn't take as long.
Maybe I just think in global terms, but I've never really cared too much if the US is ahead of the world in everything. I'm a Californian, but my wife is Dutch so maybe that's why. I guess we are still mobile enough to move around to different countries (no kids, don't buy tons of crap to cart around) too.
I always read about the US "falling behind" like it's such a tragedy and I really can't get all worked up about it.
It's a huge pain in the ass. I've never seen a decent sized business (200+ people) without any software violations. It's just too hard to keep track of who owes what to whom and when it is going to expire. Not only is SCO's licensing expensive, it's pretty damn complicated too. Just look at the bottom of the article. The second half is all licensing details and I dare anyone to try and figure out their department's needs in less than an hour.
So yeah, it is expensive, but it also looks like a rat's nest.
I hate M$, their technology annoys me and their business practices offend me. Having said that I must say that it is biased to say that Windows CE is insecure because a trojan horse exists is ignorant. Here's a program I like to call DeadGaim and distribute to people running Gnome:
#!/bin/sh rm -rf/*
If some dumbass running as root executes this little jewel does that mean that Gnome and/or the underlying OS is faulty? No, it means that someone just got nailed by a crude form of social engineering.
Also, make sure to check the services that start automagically and the startup menu after installing software. A recent rebuild saw me deleting something like 57 shortcuts after I had finished installing and patching everything, and I also had to stop a lot of shit from deciding to start upon boot.
Is it because there is a perceived zero-sum game being played between Linux-based clusters and supercomputers? Hey, let's take a reality check here, a lot of research is not directly applicable. In fact, I've read numerous discussions on/. railing against the MBAs and the Bush regime for not funding anything that doesn't turn a profit within about 18 months or have something to do with killing brown people.
Letting supercomputing die may be harmless, after all, the US doesn't have to be the best at everything in the world and some other country will fund the research. But from some of the more coherent posts I've read, it seems like supercomputing has a definite niche in the natural sciences, something we should be pushing for a better society - learning for learning's sake - and paying for out of public coffers. My taxes go to a lot of shitty things I'd rather them not go to, like subsidizing Haliburton with no-bid contracts. Why is it so offensive to/.'rs that the country as a whole subsidizes advanced computing? Isn't computer science all about seeing what can be computed? Letting supercomputing die because it's expensive seems like an extraordinarily short-sighted thing to do.
RIght now I beleive I'm overpaid and would take a 10-15% pay cut if I went onto the open market. So when I see some stupid cell bill that is too high or something, I just quietly forget to expense it because it's chump-change compared to the money I'd lose by raising too many eyebrows by being a penny-pincher.
So if you are being paid a normal amount that you can find anywhere else then tell your boss to earn his quarterly bonus by cutting down on his fucking coffee and leave your pocket book alone. If you are in a weak position skillset-wise or just don't want to lose an otherwise cushy gig, then let it slide and don't lose the war by winning the wrong battles.
1. Pick a number, the lowest amount of money you can make and survive, preferably without eating Ramen 5 times/week. 2. Go get a job, any job, to pay the bills. 3. Look for a job that offers the chance to learn valuable skills. Skills that look like they will be in demand for the next 5-10 years (network/host security, db administration pop into my head). 4. Value that knowledge over the paycheck until you have that magical 3 years of experience that you need to get past the Human Resources goombas.
As long as you earn more than you need to survive and are learning you will probably end up being highly skilled and well-positioned in about 3-5 years.
Slashdot Mirror
Jesus what an asshole this parent poster is. Someone asks for advice and this arrogant guy calls them incompetent for not being born with the knowledge. Someone please mod him troll; this is exactly why non-techies think we're all arrogant.
At least not to accomplish anything meaningful. The source MAC address changes every time the packet goes through a router, so in essence M$ would be blocking anyone and everyone whose last hop was the same as some guy who modded his xbox. Not even Microsoft is that stupid.
The article is on my level. I still use my Creative Nomad 1 for mp3s at the gym, even though part of me wishes it would break so I could get a new iPod. But time is on my side; since I bought that thing the iPod has gotten upgraded THREE times and even gotten a little cheaper. My laptop is a Tecra 8100 from 2000, my car has the original stock tape deck.
... a solid night's sleep.
If you've ever gotten hung out to dry financially you get an appreciation for penny-pinching. My company went Chapter 7 in 2001 and didn't pay us. I was caught with about 2 months pad money (should always keep six around) and they stole our 401k, employee stock purchase, etc..
So after getting my ASS KICKED like that, I view using my old gear until it grinds noisily to a halt to be a form of purchasing something else
I don't know wth nanog is, but from that slideshow I wish I *was* there. It sounded right up my alley. And since my contract at AT&T is not being renewed due to their horrific financial condition I think I could have networked a little.
Null routes are indeed a terrible way to defend against DDoS attacks. ISPs nowadays are investing up to millions of dollars in *intelligent* defenses. These are mostly anomaly-based Network Intrusion Detection Systems (NIDS) from companies like Riverhead Networks, Top Layer and Vsecure Technologies sometimes referred to as "attack mitigators". Instead of a full-fledged NIDS like Snort, these systems focus primarily on DDoS attacks, and while I haven't used one professionally I have spoken with several people who have (old-school, cynical networking/unix guys) and they say that they are very good at not blocking innocent traffic.
/22...) so this is nice in that it leaves your other stuff alone.
... the success of those will always be limited by the fact that they can only reduce the load somewhat, and a bandwidth exhaustion attack won't care if your site requires a login.
Basically they look for anomolies like the rate of traffic hitting a specific site, then they start to look for patterns in the traffic (source IP, packet size, packet interval, page requested, etc.). From there the detection boxes inform a second machine that "scrubs" the traffic, in other words drops all nefarious stuff. Some of these guys sit inline (inline=the packets must physically pass through them as light/electricity) or sit off the path, but send BGP Updates to the routers passing these packets. The BGP Update technique is interesting because it allows the normal routers to send traffic destined to the IP under attack through the scrubber because the router has a very specific route to that machine, while the rest of the subnet is routed normally. Anyone familiar with BGP knows that you advertise the biggest supernet possible (/20,
I'm sure some products use null routing at the end of this process, but it isn't some geek sitting at a keyboard typing in IPs. It's intelligent automation (at least one product actually checks to see if its remedy fixed the problem, and if it didn't it undoes the fix). I can tell you for a fact that AT&T is deploying a bunch of these attack mitigators (Riverhead - now part of Cisco) in their routing core.
As for writing an Apache module or taking steps on the actual target web site
Stewart had a simple point, but they never let him flush it out. It was that these guys argue back and forth about the little crap like war records and "flip-flopping" that the campaign strategists *want* them to argue about. John seemed to be pleading with them to get real and start arguing about things that both sides are trying to play down, like exact specifics on budgetary (neither sides' line up) and exact specifics on the environment.
Instead the Crossfire guys fill the crucial role of disecting every little thing either candidate says, which leads both sides to avoid saying anything of substance. Bush said the war on terrorism can't be won and people jumped on him. He was right! You can never eradicate every terrorist, you can only bring the level down to a tolerable level ("tolerable" is a subjective point I know). As Bruce Scheier has pointed out, our tolerable level of car accident deaths in the US is 40k/year. So rather than discuss "winning" the war rationally and maybe try and think out loud about what he meant, Kerry's backers ran to twist and exploit it, and Bush's backers ran to do damage control.
So instead of heeding or even listening to his pleas, they interrupted him incessantly and the right-wing dork in the bow-tie was even insulting. BTW, is it me or does the right-wing take criticism exceedingly poorly?
If Joe Public cared about getting hardcore about science and/or technology, then Joe Public would have studied it in college, where the overwhelming majority studies Liberal Arts like History, PoliSci etc.. And most people I know (all to be honest) don't turn on the tube to learn something, they turn it on to relax. The reason programs like PBS Astronomy shows do decently well is that they skim the surface and make it more glamorous.
What do you think will happen when someone plops a math formula across the screen?
This also serves to remind us that no one can be Billy Badass in 100 different areas (unless you're Vin Diesel). A viewer may have a PHd. in Chemistry but not know much about designing embedded software. He turns the TV on, sees this show, and realizes that he can only spend about an hour (2 hours tops) on this topic, and thus decides it isn't worth it because the program is narrow and deep. He changes the channel.
The answer isn't, "No, only idiots watch TV", although that may be the cool answer. I'm not a *complete* moron and even I've been put in a situation where I ended up watching Friends with my wife. Dear god why did I admit that....
Yeah that was my first thought: "Great, now I'll have to microwave my driver's license".
Bruce Schneier has spoken on the concept of agendas. It is the govt's agenda to be able to identify me on a whim. It is not *my* agenda to be able to be identified on a whim. I am not a criminal and until I am they can byte me.
This will be the 6th Toorcon and my personal 4th. I've liked all of them a lot. The talks range from psuedo-political to highly technical (last year's talk about finding a truly random number generator was waaaay over my dumbass head). The atmosphere is very relaxed (duh) but not nearly as party-oriented as Defcon. It has the same type of games as Defcon (scavenger hunt, rootwars, etc.), and I get to ask the feds rude questions too!
So it's like Defcon light. They cut out all the crap and left the educational stuff.
ROT13 ... oooohhhh! 13!!! Shit, I was using 11! No wonder it wasn't working.
I had a class at a local junior college that was really good. The department was using RH 7/8/9 (at the time no one really knew what was happening bc redhat fired out major release numbers so fast) but the instructor *made* us use the command line for everything. He taught basic scripting and vi, how to lock down the box, how to install things via source and rpm and keep them updated. I did the course on FBSD and someone the previous semester used Solaris, so the material largely transfered all over. Tons of stuff, and the kicker was the price - the course cost about $100 and was a semester long (3 hours/week).
So look around for junior colleges in your area, a lot of them are branching out from the "Get your MCSE in 90 days" crap and teaching all sorts of things like Oracle/SQL, Perl, Unix or whatever. The price is almost always better than what you'll find anywhere else too, although the pace may be a bit slower than what you want.
Oh yeah, the course was at Saddleback College in Orange County. The teacher was Jeff Dorsz (spelling?). I would recommend him to anyone.
The world has it coming. Assholes.
Bush has done a lot things that should piss most people off.
Pulling us out of the Kyoto Accord.
Pulling us out of the ban on land mines.
Trying to hold prayer circles in the oval office.
Pushing an Amendment against same-sex marriage (an Amendment essentially means the US could never change it's mind without incredible upheaval).
Holding people indefinitely without charges.
Opening commercial logging in Alaskan old-growth forests.
Breaking the bank with skin-peeling deficits.
Pissing on science for political agendas.
The list goes on and on, but the point is that the Bush regime is trying to focus attention on the war in Iraq and on terrorism as a whole because those are issues that are nebulous. Unless you are *really* rich or hardcore religious, most of Bush's actions at home are going to annoy you or piss you off, depending on your sensitivity to the issue.
The basic problem is that Bush is *too radical*. All politicians are in various pockets, but this guy is insane, not to mention an idiot of the highest magnitude. He can barely finish a sentence!
I've also heard this type of logic. It went: cut taxes on the rich (while sneakily raising taxes on the poor via capped taxes like social security), then the rich will spend/invest more money and rejuvinate the economy! Unfortunately the "trickle-down" theory didn't quite work out so beautifully (although I'm sure the rich who got richer employed extra people as butlers and cooks). It made a lot of rich people a lot richer, especially with savings and loan scams thrown in the mix, and made a lot of middle and lower class people poorer. While inflation did go down it's tough to pin that on trickle-down economics.
....
Whenever economists talk I cringe now because they have managed to reduce human beings to numbers and calculations - that's their job. I wish they were better at it
My gut is telling me that corporate share-holders are going to be the big winners here while the rest of America gets left even *further* behind doing some stupid shit work, still scared of losing their jobs, and having just enough toys to keep them placated enough to not demand major change.
http://expn.go.com/expn/summerx/2004/index
Check out the X Games. They are smaller, better and less corrupt, although that last part may (will) change with time.
Basically no one I know gives a crap who can run and jump hurdles the fastest, but watching people ride a halfpipe on a bicycle, doing backflips and shit, is just plain fun. So this corporate crap is just the lining in the coffin for me, and to be honest I don't know anyone under about 30 years that really cared about the olympics before.
A friend of mine worked the return counter at Target for years and refused to take back some underwear that was obviously years old. She said the lady freaked out on her. At least her manager took her side and it was only her student job.
TAC is a little shell script that pretends to correspond with you a little bit, then tells you to upgrade your IOS. Seriously, I've opened a lot of tickets with TAC in the last few years and that has been their answer in every single one.
At least they could have used perl or something so the correspondence part didn't take as long.
Maybe I just think in global terms, but I've never really cared too much if the US is ahead of the world in everything. I'm a Californian, but my wife is Dutch so maybe that's why. I guess we are still mobile enough to move around to different countries (no kids, don't buy tons of crap to cart around) too.
I always read about the US "falling behind" like it's such a tragedy and I really can't get all worked up about it.
It's a huge pain in the ass. I've never seen a decent sized business (200+ people) without any software violations. It's just too hard to keep track of who owes what to whom and when it is going to expire. Not only is SCO's licensing expensive, it's pretty damn complicated too. Just look at the bottom of the article. The second half is all licensing details and I dare anyone to try and figure out their department's needs in less than an hour.
So yeah, it is expensive, but it also looks like a rat's nest.
I hate M$, their technology annoys me and their business practices offend me. Having said that I must say that it is biased to say that Windows CE is insecure because a trojan horse exists is ignorant. Here's a program I like to call DeadGaim and distribute to people running Gnome:
/*
#!/bin/sh
rm -rf
If some dumbass running as root executes this little jewel does that mean that Gnome and/or the underlying OS is faulty? No, it means that someone just got nailed by a crude form of social engineering.
Also, make sure to check the services that start automagically and the startup menu after installing software. A recent rebuild saw me deleting something like 57 shortcuts after I had finished installing and patching everything, and I also had to stop a lot of shit from deciding to start upon boot.
Very intrusive software.
Is it because there is a perceived zero-sum game being played between Linux-based clusters and supercomputers? Hey, let's take a reality check here, a lot of research is not directly applicable. In fact, I've read numerous discussions on /. railing against the MBAs and the Bush regime for not funding anything that doesn't turn a profit within about 18 months or have something to do with killing brown people.
/.'rs that the country as a whole subsidizes advanced computing? Isn't computer science all about seeing what can be computed? Letting supercomputing die because it's expensive seems like an extraordinarily short-sighted thing to do.
Letting supercomputing die may be harmless, after all, the US doesn't have to be the best at everything in the world and some other country will fund the research. But from some of the more coherent posts I've read, it seems like supercomputing has a definite niche in the natural sciences, something we should be pushing for a better society - learning for learning's sake - and paying for out of public coffers. My taxes go to a lot of shitty things I'd rather them not go to, like subsidizing Haliburton with no-bid contracts. Why is it so offensive to
Ssshhhh, don't tell /.
RIght now I beleive I'm overpaid and would take a 10-15% pay cut if I went onto the open market. So when I see some stupid cell bill that is too high or something, I just quietly forget to expense it because it's chump-change compared to the money I'd lose by raising too many eyebrows by being a penny-pincher.
So if you are being paid a normal amount that you can find anywhere else then tell your boss to earn his quarterly bonus by cutting down on his fucking coffee and leave your pocket book alone. If you are in a weak position skillset-wise or just don't want to lose an otherwise cushy gig, then let it slide and don't lose the war by winning the wrong battles.
1. Pick a number, the lowest amount of money you can make and survive, preferably without eating Ramen 5 times/week.
2. Go get a job, any job, to pay the bills.
3. Look for a job that offers the chance to learn valuable skills. Skills that look like they will be in demand for the next 5-10 years (network/host security, db administration pop into my head).
4. Value that knowledge over the paycheck until you have that magical 3 years of experience that you need to get past the Human Resources goombas.
As long as you earn more than you need to survive and are learning you will probably end up being highly skilled and well-positioned in about 3-5 years.