I suppose they could have a mobile base that continually moves so as to always stay on the dark side, but wouldn't it make more sense to just put it on the far side and leave it there?
Nah, "Dark Side of the Moon" always refers to the Far Side of the Moon relative to the Earth, even when the sun is illuminating that side. It is called "Dark" not for failure of the Sun to illuminate it, but for centuries of failure of human instruments to see it: "Dark" as in unknown, not unlit.
Furthermore, as you do appear to be aware, that side never rotates back towards the earth. Thus, it's a great place to test nukes^W^W, I mean build a super secret moon base in a hollowed out, extinct moon volcano.:D
You are of course correct, even I never said that.
What I said was "you will get demands for support". I did not say "obligations".
Or.. are you suggesting that open source projects in the wild do not attract arbitrary expectations of support from the public?
And you assuming the knowledge that "most open source developers do not want arbitrary people to use their software." is absolutely ludicrous.
Understand also, I am not magically inferring to know how every FOSS developer thinks. I can however follow trends.
For example, between the release of Windows Vista in 2006 and the public betas of Windows 7 in 2009, precisely which distribution of Linux or flavor of BSD stepped up to receive the millions of users so generously disenfranchised by Microsoft?
Or, will you claim that Vista was too successfully marketed to compete against, or will you infer that every linux distribution and bsd fork combined fail to make up a large enough slice of the FOSS pie to represent a fair statistical sample of Open Source project behavioral trends? There has to be some justification for your calling my claim "ludicrous".
Open source developers are just developers who are wanting to share their project and its source. Just normal human developers with completely distinct normal human intentions.
I agree with this statement completely, but don't make me quote Agent K about the difference between "a developer" and "developers". If we simply abandoned discerning patterns in how large groups of people behave solely because of how diverse the individuals are, we'd never have developed disciplines like Economics.
My point is that "wanting to share their project and its source" does not imply "with everyone, in a manner 'everyone' will be able to use". A vast majority of open source projects are not accessible to the layman, and I contend this is because most FOSS developers do not want the responsibility of bridging the informational gap to allow users incapable of submitting patches to grok how to utilize the software. The developers instead tend to target themselves as the end-audience.
I am not inferring that such developers are thus selfish or skimping on any sort of socialist obligations. The behavior does lead to the projects having little penetration into mainstream markets, but as you've mentioned the developers are already acting with as much goodwill as we can really ask of them.
I surmise that the true failure here is the lack of incentive to deliver the product in a form non-technical users can consume. What we need is some clever economical carrots here to take the developer beyond their simple motivation to use the software themselves.
Some of the best examples of open source projects enjoying success in the mainstream of their industries include Firefox (funding from agreements with Google provide financial incentives for developers to keep the end-user base strong) and other projects with funding from enterprise versions driving project goals for community versions (Red Hat/Fedora, MySQL, Open Office, etc).
These are also the projects who have surmounted the press challenges cited in TFA.
As a company that has done a lot to destroy fair and good reporting everywhere it goes, News Corp should NOT be listened to as an expert on what will produce 'Fair and Balanced' news.
The Census Bureau committed a *flawed* poll via the mail, which is considered a flawed, nonscientific, worthless method.
Alright, so you've pulled the 3% figure from an Op-Ed piece in the Washington Examiner that does not cite it's sources either.
Same piece by the way says this:
But the Census Bureau data show that many are relatively affluent. Over 17.5 million -- 38 percent -- of the uninsured make more than $50,000 a year. And 9.1 million have an annual income of over $75,000 a year.
Piece doesn't break this down per capita. Are these single people making 50-75k, or families with multiple income earners and 2-4 children?
My youngest child costs (presently) $110/mo to insure, so he is insured. I can afford that. Eldest child has a history of hospitalization due to Asthma. He does not qualify for any government programs, as we make more than 50k. Private insurance will cost no less than $500/mo for him. For me, it would be $250/mo. Together, that's more than we pay for rent. Thus, neither of us are insured.
We are not "invincible" as your Op Ed piece states, we simply cannot afford the ludicrous fees that are asked of any household not employed at a large corporation. For example, I did work at T-mobile for two years at one point, where our whole family got lavish medical coverage for $30/mo. I left because the actual salary was too low, and impressive medical packages still do not pay the other bills.
It's also wrong because because many people (like me) don't want insurance - we voluntarily decided not to buy any, therefore we should not be included.
You should not be included in what? The proposed health care bill? That's not relevant to the statistics in your sig. Again, by "we" I assume you mean the class of citizens who make as much money as you do.
But, on that same point, I wish not to benefit from Foreign National Defense. Please show me where to opt out of that, eh? I figure, as long as my physical neighbors benefit, why should I pay for it in my taxes?
That leaves about 3% of Americans who *want* insurance but cannot get it, either privately or via government.
I know you're quoting the unsubstantiated "8 million" from your beloved Op Ed piece. Aside from quoting someone else pulling figures from her ass being no better than pulling figures out of your own, I'd also like to know your definition of "cannot" get it. Anyone who earns $15k+ takes home more than the $800/mo private health care would cost my family, and thus "can" get it, right? RIGHT? Or what percentage of a family's take-home is "reasonable" to invest in health insurance, oh great oracle?
As for the 86% figure, you can go to the library and read the Time magazine yourself.
I'm sorry sir, that burden ought to be yours. I've already spent half an hour poking around their website. Even your Op Ed piece doesn't *say* "3%" anywhere, so how do I even know what I'm looking for?
Either admit you simply enjoy wasting everyone's time and being a troll, or bring your citations to this discussion to be considered. If you expect everyone else to go on wild goose chases to track down where you got your figures from, then you're no better than the loudmobs who block up the town halls and try to rile up the public instead of discussing facts and figures.
No, I'm talking about NAT and not the firewall. You are conflating the two as if they were one service.
If you are in fact talking about the NAT and not about the firewall, then the DMZ test should be completely valid. A DMZ is "part of" neither a NAT nor a Firewall on a basic level. It is simply defined as any part of a local network not protected by the same firewall policy as the remainder.
Since by definition a NAT service demarcates a local network segment from the WAN, any portion of that local network which does not partake in Firewall services can be referred to as "the NAT's DMZ" or "The NAT'd DMZ", which was the original intention of my comment.
My NAT doesn't have a DMZ. The firewall does. See, you've confused the two.
No, U. Firewalls only "have" DMZ's from the perspective that a contiguous firewall policy defines a DMZ specifically by not serving that segment of the network. I've already clarified my language regarding the NAT's relationship to the DMZ.
So far as your routing equipment lacking the capability of supporting a DMZ: most SOHO routers (netgear, linksys, D-link, Belkin, etc) provide a DMZ option, whereby you specify one host within the NAT'ed network which will not be firewalled. All inbound traffic not otherwise port forwarded will be delivered to the DMZ.
If your router has no less than the functionality provided by these cheap SOHO units, then you can accomplish the same feat, and doing so would illustrate my point. Your computer would still be taking advantage of your Network Address Translation services â" it would still have a private, non-world-viewable IP address â" yet it would not take advantage of any firewall services your router might otherwise provide.
In that scenario, please list the "security side benefits" your target machine would enjoy from taking advantage of NAT services but no Firewall services.
You want to be crude and disgusting, I can respond the same way. It won't accomplish anything, asshole, but it sure feels good, I guess.
3% == Citizens who *want* health insurance but are not covered. 86%==Number happy with what they've got (TIME August 10)
100% == Slashdotters who are sick of this trolling sig already. If you're trying to make a point, use a real citation so we can explain to you why your figures are bunk. "TIME August 10" doesn't work, as it's not a URL and I can't google it, and there are no stories on time.com anywhere vaguely around August that mention the number "86%", health care or not.
One nice thing about short term profit is that it's relatively low risk. You have enough data to reliably predict what will profit you short term.
Let's say you make a 5-10 year plan for your business that involves securing extra amounts of resource X. Next year the market changes, making resource X worthless and obviating your need. Investment wasted.
There is such a thing as overthinking. Assuming a properly freed market: any company in business has survived the environment, putting it's past decisions beyond the critique of armchair quarterbacks. Companies that think too short term or too long term get splatted against the windshield of change. However, unfortunately the market is not entirely free and we wind up with system abusers, monopolies, oligopolies which shelter many stockholders from the consequences of their own decisions.
In short, it's no more meaningful to scowl at the thought process of a generalized CEO or corporation than it is to be annoyed with the thought process of a wild animal. If you feel like you and they don't get along, work to craft the environment to foster cooperation instead.
I say skip to step 3. What precisely is broken to begin with? "I get spam someone has to filter for me and people disagree with me in the forums?" boo fucking hoo.:P
NAT provides a level of security, whether it was designed to do that or if it comes along as a side-benefit.
Is that so?
I have a PC sitting behind a NAT router. I dare you to reach out from a site I don't currently have a connection to and touch that system in any way, shape or form. Every attempt YOU make to touch that system ends at the router. It doesn't matter if I have a completely unsecured FTP/SMTP/HTTP/whatever server running on that system available to everyone else on my local net, YOU can't touch it.
Damn, you're right. I can't touch it. It appears as though the same machine that is providing NAT services is also providing Firewall services. Perhaps you are confusing those two?
That's easy to remedy for the purposes of our test though. Simply place your computer within your NAT's DMZ. There you go! All of the NAT, with none of the Firewall. Where is your God^H^H^H Security now, bitch? >;D
It needs to be redesigned specifically so that entry points were available everywhere, to everyone, without any registration.
What do you mean by "it" here, the Internet?
What you are asking for (once you tune out the hyperbole of "everyone/everywhere") is not an architectural problem, but a political one.
Any one organization, co-op or consortium could provide the service you ask for. One consortium that does in fact is the EFF'sTOR. While onion routing is complex under the hood and that complexity leads to a dialup-like user experience, the alternative would be obfuscation provided by the Network Service Provider itself. The Pirate Bay has shown us what that is like however. If you "hide" all of your clients from the rest of the world, then you will be held responsible for their actions when they hack, threaten, or disseminate spam and trojans.
Still, if you are so gung ho that such services should be offered then start your own ISP and let us know how it goes. Offer service for less than a kazillion in my area, mebe I'll even sign up. *shrug*
I pay a total of $30/mo and have two high speed connections to my house.
Connection 1 has 5 public IP's, 6mbit down / 1mbit up uncapped, I'm only using one of the 5 IP's. I've got commercial grade routing equipment at my house so I can use 'em all, but I'm natting behind 1 because I have more than 5 things on my LAN, and can't think of a policy to spread that over these IPs..... and I'm lazy.
Connection 2 is 4mbit down / 2 mbit up uncapped. It comes from work, so I could assign it a/24 if I wanted to be really ambitious. This connection is new, so I haven't figured out how to even begin utilizing the blasted thing! I presently just hook it into my switch on an unused VLAN.
Connection 3: to be perfectly honest, I'm typing this all from a 2.5mbit down / 0.3 mbit up wifi connection at a hotel. The NAT here is outside my control though.
My email account is via Gmail. So I'll bet I receive plenty of Spam, I just never see it. I consider Spam as much of a problem as SSH trolling or religious fundamentalists. I see none of these as technological problems at the core. I think you can really only fight them by starving them.
I get SSL certs for free whenever I want. Each of my ISP's give me 3 nines of reliable connectivity, and if I load balanced them (too lazy to figure that out ATM, it seems;D) I could increase the combined reliability to 5 nines.
So for me, while I'm sure things could be improved, they all currently bottleneck at my desk. I'm certain it is the same for virtually everyone, if you look at things from the right perspective.
I assume you mean, so long as no more than a few thousand of these 16 million try to use the net at one time?
There are only 65k ports to a public IP address. Every outbound connection consumes a port to receive data back from the internet. Every meaningful web page access makes connections to up to a dozen foreign IPs (trackers, ad networks, all that fun stuff I get called a thief for AdBlock'ing;3). Hence, you'll only get a few thousand of your 16 million, aka, less than one tenth of one percent ( < 0.1% ) of your customer base online at any given time.
What sort of beefy router you feel like running that gnarly NAT on by the way? Just routing that much traffic is hard enough, do you have any idea how much overhead you are making up for yourself trying to NAT every connection as well, when you could just adopt the ipv6 standard instead?
Seriously, you can (physically) stuff up to 20 people into a hotel room with 2 fire exits and one toilet. This was even a popular living arrangement for immigrants in the early 20th century. But who would do that when you could instead allocate square miles of land for every person's dog's flea?
I agree that the number of people on the planet is not directly related to the number of needed IP addresses. After all, my laptop has one, as does my desktop machine, my workstation at work, the Fax machine, my cell phone, my media center, the playstation, each CCTV camera I've got keeping an eye out on my house and the livestock, my web server at work, the off-site backup, and all of the virtual machine instances they host..
Firewalls are capable of providing all of the positive benefits of NAT (transient traffic flow approval instead of mapping for example, blocking traffic not originated from the LAN, etc) save obfuscating the source address. Obfuscating the source address isn't particularly relevant from an attack perspective given that the entire LAN is still protected by the same Firewall process, NAT or not.
For example: you could NAT your LAN in 192.168.10.x space behind IP 1.2.3.4.. you connect to shady.com port 80 sport 192.168.10.101:2000, NAT/firewall allocates 1.2.3.4:3000 for you. Shady sees all the traffic coming from 1.2.3.4:3000, but has no way (short of client-side malware) to know that maps to 192.168.10.101; nor can Shady care since all access to 192.168.10.101 is mediated by 1.2.3.4. Shady.com might try to port scan 1.2.3.4, and see any port forwards your entire LAN uses in one swoop, try to exploit them if possible. Moral: make sure you know what you are doing when you port forward.
Or, if you use IPv6 for your LAN, let's say you are allocated 1:2:3::/112. No need to NAT it, so you just firewall behind your gateway, let's say 1:2:3::4. You connect to shady.com port 80, sport [1:2:3::101]:2000. Firewall doesn't have to allocate a damned thing for you, but instead records the flow for [1:2:3::101]:2000 shady.com:80 as established from within the LAN and thus authorized. Shady sees all the traffic coming from [1:2:3::101]:2000, but it's not relevant since all access to 1:2:3::101 is still mediated by the firewall at gateway 1:2:3::4. Shady.com can port scan 1:2:3::101 if it likes, but won't see any open ports if you only allow LAN established traffic, or else sees your whitelisted ports for that IP only (instead of your entire LAN). Just like the IPv4/NAT scenario, keep your open ports secure.
As you can see, source IP obfuscation provides no meaningful advantage to the end user in this scenario. If anything, IPv6 users who feel like they want to use NAT could have the firewall choose random source addresses as well as random source ports out of their/112, and hide their 3 LAN devices within a pool of 65 thousand addresses. Would that not confuse a would-be attacker?
Still, the major drawback to be avoided with NAT is in breaking the globally unique address space and complicating inbound connection access, which will become a growing part of popular network policy over the next few decades. One thing Bit Torrent teaches us is that "the server" will less and less frequently have resources comparable to the "client swarm", so crowdsourcing the heavy lifting (from distribution to content creation to editing to caching) becomes vital to any scaling strategy worth it's salt. The hub/spoke communication model is slowly eroding in the presence of more sophisticated, decentralized many-to-many connection models.
NAT reduces a peer to a "consumer" which can only fetch data, but never re-offer it without convoluted port forwarding messes. Entire LAN's are limited to one named service per outbound IP, unless one wishes to screw with what port they offer services on, further complicating the job for other firewalls and participants of the content network.
You'll know what I mean if you've ever tried to configure mobile SIP access. Half the time you are behind a NAT, and you'll never know in advance if it's full cone, symmetric, or just somehow pathological. Sometimes you are nested within multiple NATs which each behave differently!
Some legacy UDP protocols I've worked with need to make connections to thousands of remote IP addresses at multiple, highly transient port mappings which bring NAT mapping tables to their knees. In a firewall-only environment, it's easy to whitelist access to swaths of ports for clients and then the gateway need not maintain tables for related traffic, but can continue to protect unrelated ports unlike with SOHO DMZ.
To sum up, NAT is not only a bandaid, but it's already pulling at our short-hairs.
Axually, we wrote the code long before 4.4.0 or 5.anything, so... new manual entry is unhelpful.:) (I cited "MAXINT" given my C heritage.. PHP's nomenclature fails anyway, as they lack an analogue to "MININT";3)
When you've got code failing at unpredictable places for unpredictable reasons, the first place you look is not the "integer" subsection of the manual, anyhow. Besides, by that time the damage were already done. We noodled out the cause and thereafter found your cited manual points to corroborate our theory.
We were still stuck using PHP which apparently cannot understand anything but signed 32 bit reliably, interfacing with MySQL which isn't capable of interim calculations in that space.
we refuse to write anything but simple two's compliment logic into all of our applicable SQL statements, so for things like sort we just aren't going there.
Allow me to forstall suggestions of using GMP given that gmp_strval(gmp_add(gmp_init("2"), gmp_init("2"))) is fail compared to "2+2" in every conceivable way, and there do not appear to be any OO bindings for GMP in PHP 5.x to rectify.
Put simply, we could obviate this problem easily if ANY of the following were possible:
* Sane integer support in PHP
* Sane OO support in PHP (for example, OO GMP bindings.. though there would still be crippling performance hits for major parts of our app!)
* sane functional support in the database to handle the two's compliment logic imposed by PHP
If we had the resources to remake the project in Ruby or Python against a postgres database, then all of those possible solutions would be at our fingertips, so much so that only the first solution would need to apply. The other solutions/capabilities would simply stand around looking cool.:P
So... meantime, can't afford the Ferrari and have to duct tape the pinto's engine together. *sob*
PHP signed 32 bit integers.. I really can't say much more without crying.
I thought it was just wonky 64-bit support, until I found out their MAXINT was influenced by the machine the code ran on.
I would write code to get around the apparently wonky support ("So you won't accept a 32 bit unsigned hex literal, eh? ok I'll add two of them together and comment why.. great, that passes all the unit tests..), little did I know that these things were being silently cast to 64 bit floats on the affected machines.
It wasn't until an affected machine had to bit-mask numbers larger than ~2.14 billion that we began to notice the problems. It was an edge condition noone really forsaw, so no tests were written until it was too late. It took FOR EV UHHRR to track this sh1t down, given that it worked on 75% of the servers and 50% of the valid inputs!
Our values were all meant to be 32 bit unsigned, so we eventually had to kludge something together that "utilized" the negative bit of PHP's prefered 32 bit signed values.
Now, most of the sh1t works, but you can't sort the values out of the database easily without all the +2.14bil values preceding zero. (the database doesn't have this @#$% int problem..) We're still gritting our teeth waiting for the other shoe to drop.
This is a "kludge" insofar as we need to abandon PHP as a lost cause, and lack the spare man hours for the effort.:(
It's an interesting economic question to ponder: how to motivate without impeding the optimal allocation.
Interesting, sure, but luckily rife with solutions.:)
Essentially, content creators should be paid for creating the content, not for worrying their fingers to the nub about who is worthy to view the content once it's created.
So, creators can use the power of the internet to amass a collective of small time investors, each willing to pay $X or $0.0X, until their production fees are covered. Then creators create the content, deliver to investors, offer the content themselves to any new takers at an optional convenience fee (to cover hosting, whatev) or else just upsell their work next to the distribution channel, while anyone already privy to the data are also free to share as they see fit.
If you didn't already get a copy from the creator, you can pay them a tiny fee (or put up with their site UI, or whatev) for a pristine copy from the source or get a copy third hand which might have been modified or ad-saddled. Your choice, and it really is a brilliant choice to have. Especially given that third hand copies can exceed originals thanks to "after-market" mods, or improved distribution options.
This copyright-phobic business model is called Micropatronage, and the contracts which enable such transactions are most frequently Assurance Contracts, the "dominant" variety being the most intriguing from an economic perspective.
The benefits of dissolving all copyright and using forward thinking business models like this instead include:
* the reins of distribution are put back into the hands of (first) the creators, and (as distribution grows) the consumers themselves.
* With all public data in the public domain, production costs plummet, since you are not penalized for subsuming or remixing content which came before. Still, people will only obtain your modified work if you are truly adding some kind of value.
* On the flipside of that coin, any value that can be added to content will be. Want that song encoded in XYZ for your ancient media player? Someone has done so and you can get a copy, and it's legal.
* When rule 34 fails, you still have rule 35. If you take the time to mod a thing to suit your needs, there is fame, tit4tat, and quite probably even cash with your name on it from others who wish to see such a mod. Presently such efforts are illegal out of the gate.
* Production also becomes more prolific, as there is no barrier to entry and no fear of legal reprisal due to the rusted out copyright mechanism before you start on your own ambitious, essentially original project. I recall Darren Aronofsky in the commentary for Pi talking about having to make sure the tune being hummed by a cleaning lady in some transition scene was pre-1923. Creators ought not have such ridiculous legal burdens; it's nothing but make-work for the legal counsel.
* Courts are free to focus on fraud and crime instead of being gummed up by enforcing media's decrepit business models
* Everyone gets sh!t for free, or near free. Free will be there, chow down. Near-free will be there when you want something that caters a little more closely to your tastes. Pony up the tiny amounts needed (or significant amounts if you want something really ambitious commissioned, up to you!) and still, chow the f*ck down.
* Society gets what it was promised in the US constitution: enrichment of the god damned public domain. That was the job our constitution commissioned Copyright for in the first place. Epic Fail.
I strongly favor complete Copyright Abolition. I believe that we should live in a world where everyone enjoys the right to transmit any information at their disposal to any person wishing to receive said data. I believe this will lead to the best results for individuals and society, produce
Ideology (information wants to be free, yadda yadda yadda!) is a nice excuse,... It's just a bit of self-righteous rationalization after the fact.
Let people take a slice of my income, and they'll get $30-$50/mo. out of me for entertainment, no problem, instead of the $0 they're getting right now.
I know you're trying to channel wisdom here, and you are more clever about economics than most, but you still miss an important point.
To whit: how much of that $30-$50/mo will Slashdot get? And if you don't pay, you won't get to read/post any more?
Show me a flower that would set up a toll booth for birds and insects to feed from their nectar, and I'll show you a flower that fails to get pollinated.
Flowers give nectar away for free. Trees give huge, juicy fruits away that many species of animals depend solely upon for nourishment. Do these animals "make excuses" for their freeloading, or do they simply have needs and find symbiosis to suit those needs?
This plant + animal symbiosis is a winning business model in nature. Erecting toll booths around plants, using the proceeds from the toll booths to clone the plants over every square inch of the planet and then hunting animals caught sneaking past the toll booths would comparably be a losing strategy. It wouldn't matter if the animals had pocket change that might be divvied differently if the toll booths simply chose to charge less, the strategy is broken and the prices are so high because of the broken strategy. Seriously, centralized cloning is just less efficient and more expensive than letting the hungry animals distribute and seed for you.
Sometimes, trailblazing really is just finding a path of least resistance from an adjusted set of expectations, and then using the damned thing to get your needs met.
Slashdot Mirror
HOW come you got ABOve post confUsed wiTh roT13? tHat was not hIS intention at all! :/
I suppose they could have a mobile base that continually moves so as to always stay on the dark side, but wouldn't it make more sense to just put it on the far side and leave it there?
Nah, "Dark Side of the Moon" always refers to the Far Side of the Moon relative to the Earth, even when the sun is illuminating that side. It is called "Dark" not for failure of the Sun to illuminate it, but for centuries of failure of human instruments to see it: "Dark" as in unknown, not unlit.
Furthermore, as you do appear to be aware, that side never rotates back towards the earth. Thus, it's a great place to test nukes^W^W, I mean build a super secret moon base in a hollowed out, extinct moon volcano. :D
The first rule of nuking the moon is, don't talk about nuking the moon. (see? you get modded down and flamed for it :D)
Second rule of nuking the moon, is, well I can't tell you. It otherwise conflicts with the first rule. (damn you, Asimov!)
Chandrayan likely failed due to inadequate heat shielding (problem was radiated heat from the Moon)
Epic! Satellite suffers from third degree moon-burns! ;D
Nobody said they had to answer anything.
You are of course correct, even I never said that.
What I said was "you will get demands for support". I did not say "obligations".
Or.. are you suggesting that open source projects in the wild do not attract arbitrary expectations of support from the public?
And you assuming the knowledge that "most open source developers do not want arbitrary people to use their software." is absolutely ludicrous.
Understand also, I am not magically inferring to know how every FOSS developer thinks. I can however follow trends.
For example, between the release of Windows Vista in 2006 and the public betas of Windows 7 in 2009, precisely which distribution of Linux or flavor of BSD stepped up to receive the millions of users so generously disenfranchised by Microsoft?
Or, will you claim that Vista was too successfully marketed to compete against, or will you infer that every linux distribution and bsd fork combined fail to make up a large enough slice of the FOSS pie to represent a fair statistical sample of Open Source project behavioral trends? There has to be some justification for your calling my claim "ludicrous".
Open source developers are just developers who are wanting to share their project and its source. Just normal human developers with completely distinct normal human intentions.
I agree with this statement completely, but don't make me quote Agent K about the difference between "a developer" and "developers". If we simply abandoned discerning patterns in how large groups of people behave solely because of how diverse the individuals are, we'd never have developed disciplines like Economics.
My point is that "wanting to share their project and its source" does not imply "with everyone, in a manner 'everyone' will be able to use". A vast majority of open source projects are not accessible to the layman, and I contend this is because most FOSS developers do not want the responsibility of bridging the informational gap to allow users incapable of submitting patches to grok how to utilize the software. The developers instead tend to target themselves as the end-audience.
I am not inferring that such developers are thus selfish or skimping on any sort of socialist obligations. The behavior does lead to the projects having little penetration into mainstream markets, but as you've mentioned the developers are already acting with as much goodwill as we can really ask of them.
I surmise that the true failure here is the lack of incentive to deliver the product in a form non-technical users can consume. What we need is some clever economical carrots here to take the developer beyond their simple motivation to use the software themselves.
Some of the best examples of open source projects enjoying success in the mainstream of their industries include Firefox (funding from agreements with Google provide financial incentives for developers to keep the end-user base strong) and other projects with funding from enterprise versions driving project goals for community versions (Red Hat/Fedora, MySQL, Open Office, etc).
These are also the projects who have surmounted the press challenges cited in TFA.
Soz, you forgot the end tag. :3
He's right, Doctor Who pays no such taxes, and he only watches BBC when he parks the Tardis at Rose or Marha's house. Damn freeloader. ;D
As a company that has done a lot to destroy fair and good reporting everywhere it goes, News Corp should NOT be listened to as an expert on what will produce 'Fair and Balanced' news.
It's the pot calling the paper towels black.
Most open source projects get no press because most open source developers do not want arbitrary people to use their software.
Arbitrary people using your software means you will get demands for support from people who "Just Don't Get It".
The Census Bureau committed a *flawed* poll via the mail, which is considered a flawed, nonscientific, worthless method.
Alright, so you've pulled the 3% figure from an Op-Ed piece in the Washington Examiner that does not cite it's sources either.
Same piece by the way says this:
But the Census Bureau data show that many are relatively affluent. Over 17.5 million -- 38 percent -- of the uninsured make more than $50,000 a year. And 9.1 million have an annual income of over $75,000 a year.
Piece doesn't break this down per capita. Are these single people making 50-75k, or families with multiple income earners and 2-4 children?
My youngest child costs (presently) $110/mo to insure, so he is insured. I can afford that. Eldest child has a history of hospitalization due to Asthma. He does not qualify for any government programs, as we make more than 50k. Private insurance will cost no less than $500/mo for him. For me, it would be $250/mo. Together, that's more than we pay for rent. Thus, neither of us are insured.
We are not "invincible" as your Op Ed piece states, we simply cannot afford the ludicrous fees that are asked of any household not employed at a large corporation. For example, I did work at T-mobile for two years at one point, where our whole family got lavish medical coverage for $30/mo. I left because the actual salary was too low, and impressive medical packages still do not pay the other bills.
It's also wrong because because many people (like me) don't want insurance - we voluntarily decided not to buy any, therefore we should not be included.
You should not be included in what? The proposed health care bill? That's not relevant to the statistics in your sig. Again, by "we" I assume you mean the class of citizens who make as much money as you do.
But, on that same point, I wish not to benefit from Foreign National Defense. Please show me where to opt out of that, eh? I figure, as long as my physical neighbors benefit, why should I pay for it in my taxes?
That leaves about 3% of Americans who *want* insurance but cannot get it, either privately or via government.
I know you're quoting the unsubstantiated "8 million" from your beloved Op Ed piece. Aside from quoting someone else pulling figures from her ass being no better than pulling figures out of your own, I'd also like to know your definition of "cannot" get it. Anyone who earns $15k+ takes home more than the $800/mo private health care would cost my family, and thus "can" get it, right? RIGHT? Or what percentage of a family's take-home is "reasonable" to invest in health insurance, oh great oracle?
As for the 86% figure, you can go to the library and read the Time magazine yourself.
I'm sorry sir, that burden ought to be yours. I've already spent half an hour poking around their website. Even your Op Ed piece doesn't *say* "3%" anywhere, so how do I even know what I'm looking for?
Either admit you simply enjoy wasting everyone's time and being a troll, or bring your citations to this discussion to be considered. If you expect everyone else to go on wild goose chases to track down where you got your figures from, then you're no better than the loud mobs who block up the town halls and try to rile up the public instead of discussing facts and figures.
No, I'm talking about NAT and not the firewall. You are conflating the two as if they were one service.
If you are in fact talking about the NAT and not about the firewall, then the DMZ test should be completely valid. A DMZ is "part of" neither a NAT nor a Firewall on a basic level. It is simply defined as any part of a local network not protected by the same firewall policy as the remainder.
Since by definition a NAT service demarcates a local network segment from the WAN, any portion of that local network which does not partake in Firewall services can be referred to as "the NAT's DMZ" or "The NAT'd DMZ", which was the original intention of my comment.
My NAT doesn't have a DMZ. The firewall does. See, you've confused the two.
No, U. Firewalls only "have" DMZ's from the perspective that a contiguous firewall policy defines a DMZ specifically by not serving that segment of the network. I've already clarified my language regarding the NAT's relationship to the DMZ.
So far as your routing equipment lacking the capability of supporting a DMZ: most SOHO routers (netgear, linksys, D-link, Belkin, etc) provide a DMZ option, whereby you specify one host within the NAT'ed network which will not be firewalled. All inbound traffic not otherwise port forwarded will be delivered to the DMZ.
If your router has no less than the functionality provided by these cheap SOHO units, then you can accomplish the same feat, and doing so would illustrate my point. Your computer would still be taking advantage of your Network Address Translation services â" it would still have a private, non-world-viewable IP address â" yet it would not take advantage of any firewall services your router might otherwise provide.
In that scenario, please list the "security side benefits" your target machine would enjoy from taking advantage of NAT services but no Firewall services.
You want to be crude and disgusting, I can respond the same way. It won't accomplish anything, asshole, but it sure feels good, I guess.
Please refer to Fig. 1a: "Whoooosche" ;3
3% == Citizens who *want* health insurance but are not covered. 86%==Number happy with what they've got (TIME August 10)
100% == Slashdotters who are sick of this trolling sig already. If you're trying to make a point, use a real citation so we can explain to you why your figures are bunk. "TIME August 10" doesn't work, as it's not a URL and I can't google it, and there are no stories on time.com anywhere vaguely around August that mention the number "86%", health care or not.
Fail.
One nice thing about short term profit is that it's relatively low risk. You have enough data to reliably predict what will profit you short term.
Let's say you make a 5-10 year plan for your business that involves securing extra amounts of resource X. Next year the market changes, making resource X worthless and obviating your need. Investment wasted.
There is such a thing as overthinking. Assuming a properly freed market: any company in business has survived the environment, putting it's past decisions beyond the critique of armchair quarterbacks. Companies that think too short term or too long term get splatted against the windshield of change. However, unfortunately the market is not entirely free and we wind up with system abusers, monopolies, oligopolies which shelter many stockholders from the consequences of their own decisions.
In short, it's no more meaningful to scowl at the thought process of a generalized CEO or corporation than it is to be annoyed with the thought process of a wild animal. If you feel like you and they don't get along, work to craft the environment to foster cooperation instead.
I say skip to step 3. What precisely is broken to begin with? "I get spam someone has to filter for me and people disagree with me in the forums?" boo fucking hoo. :P
NAT provides a level of security, whether it was designed to do that or if it comes along as a side-benefit.
Is that so?
I have a PC sitting behind a NAT router. I dare you to reach out from a site I don't currently have a connection to and touch that system in any way, shape or form. Every attempt YOU make to touch that system ends at the router. It doesn't matter if I have a completely unsecured FTP/SMTP/HTTP/whatever server running on that system available to everyone else on my local net, YOU can't touch it.
Damn, you're right. I can't touch it. It appears as though the same machine that is providing NAT services is also providing Firewall services. Perhaps you are confusing those two?
That's easy to remedy for the purposes of our test though. Simply place your computer within your NAT's DMZ. There you go! All of the NAT, with none of the Firewall. Where is your God^H^H^H Security now, bitch? >;D
It needs to be redesigned specifically so that entry points were available everywhere, to everyone, without any registration.
What do you mean by "it" here, the Internet?
What you are asking for (once you tune out the hyperbole of "everyone/everywhere") is not an architectural problem, but a political one.
Any one organization, co-op or consortium could provide the service you ask for. One consortium that does in fact is the EFF's TOR. While onion routing is complex under the hood and that complexity leads to a dialup-like user experience, the alternative would be obfuscation provided by the Network Service Provider itself. The Pirate Bay has shown us what that is like however. If you "hide" all of your clients from the rest of the world, then you will be held responsible for their actions when they hack, threaten, or disseminate spam and trojans.
Still, if you are so gung ho that such services should be offered then start your own ISP and let us know how it goes. Offer service for less than a kazillion in my area, mebe I'll even sign up. *shrug*
I pay a total of $30/mo and have two high speed connections to my house.
Connection 1 has 5 public IP's, 6mbit down / 1mbit up uncapped, I'm only using one of the 5 IP's. I've got commercial grade routing equipment at my house so I can use 'em all, but I'm natting behind 1 because I have more than 5 things on my LAN, and can't think of a policy to spread that over these IPs..... and I'm lazy.
Connection 2 is 4mbit down / 2 mbit up uncapped. It comes from work, so I could assign it a /24 if I wanted to be really ambitious. This connection is new, so I haven't figured out how to even begin utilizing the blasted thing! I presently just hook it into my switch on an unused VLAN.
Connection 3: to be perfectly honest, I'm typing this all from a 2.5mbit down / 0.3 mbit up wifi connection at a hotel. The NAT here is outside my control though.
My email account is via Gmail. So I'll bet I receive plenty of Spam, I just never see it. I consider Spam as much of a problem as SSH trolling or religious fundamentalists. I see none of these as technological problems at the core. I think you can really only fight them by starving them.
I get SSL certs for free whenever I want. Each of my ISP's give me 3 nines of reliable connectivity, and if I load balanced them (too lazy to figure that out ATM, it seems ;D) I could increase the combined reliability to 5 nines.
So for me, while I'm sure things could be improved, they all currently bottleneck at my desk. I'm certain it is the same for virtually everyone, if you look at things from the right perspective.
I assume you mean, so long as no more than a few thousand of these 16 million try to use the net at one time?
There are only 65k ports to a public IP address. Every outbound connection consumes a port to receive data back from the internet. Every meaningful web page access makes connections to up to a dozen foreign IPs (trackers, ad networks, all that fun stuff I get called a thief for AdBlock'ing ;3). Hence, you'll only get a few thousand of your 16 million, aka, less than one tenth of one percent ( < 0.1% ) of your customer base online at any given time.
What sort of beefy router you feel like running that gnarly NAT on by the way? Just routing that much traffic is hard enough, do you have any idea how much overhead you are making up for yourself trying to NAT every connection as well, when you could just adopt the ipv6 standard instead?
Seriously, you can (physically) stuff up to 20 people into a hotel room with 2 fire exits and one toilet. This was even a popular living arrangement for immigrants in the early 20th century. But who would do that when you could instead allocate square miles of land for every person's dog's flea?
I agree that the number of people on the planet is not directly related to the number of needed IP addresses. After all, my laptop has one, as does my desktop machine, my workstation at work, the Fax machine, my cell phone, my media center, the playstation, each CCTV camera I've got keeping an eye out on my house and the livestock, my web server at work, the off-site backup, and all of the virtual machine instances they host..
Firewalls are capable of providing all of the positive benefits of NAT (transient traffic flow approval instead of mapping for example, blocking traffic not originated from the LAN, etc) save obfuscating the source address. Obfuscating the source address isn't particularly relevant from an attack perspective given that the entire LAN is still protected by the same Firewall process, NAT or not.
For example: you could NAT your LAN in 192.168.10.x space behind IP 1.2.3.4 .. you connect to shady.com port 80 sport 192.168.10.101:2000, NAT/firewall allocates 1.2.3.4:3000 for you. Shady sees all the traffic coming from 1.2.3.4:3000, but has no way (short of client-side malware) to know that maps to 192.168.10.101; nor can Shady care since all access to 192.168.10.101 is mediated by 1.2.3.4. Shady.com might try to port scan 1.2.3.4, and see any port forwards your entire LAN uses in one swoop, try to exploit them if possible. Moral: make sure you know what you are doing when you port forward.
Or, if you use IPv6 for your LAN, let's say you are allocated 1:2:3::/112. No need to NAT it, so you just firewall behind your gateway, let's say 1:2:3::4. You connect to shady.com port 80, sport [1:2:3::101]:2000. Firewall doesn't have to allocate a damned thing for you, but instead records the flow for [1:2:3::101]:2000 shady.com:80 as established from within the LAN and thus authorized. Shady sees all the traffic coming from [1:2:3::101]:2000, but it's not relevant since all access to 1:2:3::101 is still mediated by the firewall at gateway 1:2:3::4. Shady.com can port scan 1:2:3::101 if it likes, but won't see any open ports if you only allow LAN established traffic, or else sees your whitelisted ports for that IP only (instead of your entire LAN). Just like the IPv4/NAT scenario, keep your open ports secure.
As you can see, source IP obfuscation provides no meaningful advantage to the end user in this scenario. If anything, IPv6 users who feel like they want to use NAT could have the firewall choose random source addresses as well as random source ports out of their /112, and hide their 3 LAN devices within a pool of 65 thousand addresses. Would that not confuse a would-be attacker?
Still, the major drawback to be avoided with NAT is in breaking the globally unique address space and complicating inbound connection access, which will become a growing part of popular network policy over the next few decades. One thing Bit Torrent teaches us is that "the server" will less and less frequently have resources comparable to the "client swarm", so crowdsourcing the heavy lifting (from distribution to content creation to editing to caching) becomes vital to any scaling strategy worth it's salt. The hub/spoke communication model is slowly eroding in the presence of more sophisticated, decentralized many-to-many connection models.
NAT reduces a peer to a "consumer" which can only fetch data, but never re-offer it without convoluted port forwarding messes. Entire LAN's are limited to one named service per outbound IP, unless one wishes to screw with what port they offer services on, further complicating the job for other firewalls and participants of the content network.
You'll know what I mean if you've ever tried to configure mobile SIP access. Half the time you are behind a NAT, and you'll never know in advance if it's full cone, symmetric, or just somehow pathological. Sometimes you are nested within multiple NATs which each behave differently!
Some legacy UDP protocols I've worked with need to make connections to thousands of remote IP addresses at multiple, highly transient port mappings which bring NAT mapping tables to their knees. In a firewall-only environment, it's easy to whitelist access to swaths of ports for clients and then the gateway need not maintain tables for related traffic, but can continue to protect unrelated ports unlike with SOHO DMZ.
To sum up, NAT is not only a bandaid, but it's already pulling at our short-hairs.
Axually, we wrote the code long before 4.4.0 or 5.anything, so... new manual entry is unhelpful. :) (I cited "MAXINT" given my C heritage .. PHP's nomenclature fails anyway, as they lack an analogue to "MININT" ;3)
When you've got code failing at unpredictable places for unpredictable reasons, the first place you look is not the "integer" subsection of the manual, anyhow. Besides, by that time the damage were already done. We noodled out the cause and thereafter found your cited manual points to corroborate our theory.
We were still stuck using PHP which apparently cannot understand anything but signed 32 bit reliably, interfacing with MySQL which isn't capable of interim calculations in that space.
we refuse to write anything but simple two's compliment logic into all of our applicable SQL statements, so for things like sort we just aren't going there.
Allow me to forstall suggestions of using GMP given that gmp_strval(gmp_add(gmp_init("2"), gmp_init("2"))) is fail compared to "2+2" in every conceivable way, and there do not appear to be any OO bindings for GMP in PHP 5.x to rectify.
Put simply, we could obviate this problem easily if ANY of the following were possible:
* Sane integer support in PHP
* Sane OO support in PHP (for example, OO GMP bindings .. though there would still be crippling performance hits for major parts of our app!)
* sane functional support in the database to handle the two's compliment logic imposed by PHP
If we had the resources to remake the project in Ruby or Python against a postgres database, then all of those possible solutions would be at our fingertips, so much so that only the first solution would need to apply. The other solutions/capabilities would simply stand around looking cool. :P
So... meantime, can't afford the Ferrari and have to duct tape the pinto's engine together. *sob*
PHP signed 32 bit integers .. I really can't say much more without crying.
I thought it was just wonky 64-bit support, until I found out their MAXINT was influenced by the machine the code ran on.
I would write code to get around the apparently wonky support ("So you won't accept a 32 bit unsigned hex literal, eh? ok I'll add two of them together and comment why.. great, that passes all the unit tests..), little did I know that these things were being silently cast to 64 bit floats on the affected machines.
It wasn't until an affected machine had to bit-mask numbers larger than ~2.14 billion that we began to notice the problems. It was an edge condition noone really forsaw, so no tests were written until it was too late. It took FOR EV UHHRR to track this sh1t down, given that it worked on 75% of the servers and 50% of the valid inputs!
Our values were all meant to be 32 bit unsigned, so we eventually had to kludge something together that "utilized" the negative bit of PHP's prefered 32 bit signed values.
Now, most of the sh1t works, but you can't sort the values out of the database easily without all the +2.14bil values preceding zero. (the database doesn't have this @#$% int problem..) We're still gritting our teeth waiting for the other shoe to drop.
This is a "kludge" insofar as we need to abandon PHP as a lost cause, and lack the spare man hours for the effort. :(
This sounds like a goal for a project: Quick, someone write an "ACID" test for ACPI compliance, and then name/shame the OEM's that fall short.
Maybe even get Google to sign up. You know they'll want hardware ACPI compliance to buffet their ChromeOS project.
Just a idea. :3
It's an interesting economic question to ponder: how to motivate without impeding the optimal allocation.
Interesting, sure, but luckily rife with solutions. :)
Essentially, content creators should be paid for creating the content, not for worrying their fingers to the nub about who is worthy to view the content once it's created.
So, creators can use the power of the internet to amass a collective of small time investors, each willing to pay $X or $0.0X, until their production fees are covered. Then creators create the content, deliver to investors, offer the content themselves to any new takers at an optional convenience fee (to cover hosting, whatev) or else just upsell their work next to the distribution channel, while anyone already privy to the data are also free to share as they see fit.
If you didn't already get a copy from the creator, you can pay them a tiny fee (or put up with their site UI, or whatev) for a pristine copy from the source or get a copy third hand which might have been modified or ad-saddled. Your choice, and it really is a brilliant choice to have. Especially given that third hand copies can exceed originals thanks to "after-market" mods, or improved distribution options.
This copyright-phobic business model is called Micropatronage, and the contracts which enable such transactions are most frequently Assurance Contracts, the "dominant" variety being the most intriguing from an economic perspective.
The benefits of dissolving all copyright and using forward thinking business models like this instead include:
* the reins of distribution are put back into the hands of (first) the creators, and (as distribution grows) the consumers themselves.
* With all public data in the public domain, production costs plummet, since you are not penalized for subsuming or remixing content which came before. Still, people will only obtain your modified work if you are truly adding some kind of value.
* On the flipside of that coin, any value that can be added to content will be. Want that song encoded in XYZ for your ancient media player? Someone has done so and you can get a copy, and it's legal.
* When rule 34 fails, you still have rule 35. If you take the time to mod a thing to suit your needs, there is fame, tit4tat, and quite probably even cash with your name on it from others who wish to see such a mod. Presently such efforts are illegal out of the gate.
* Production also becomes more prolific, as there is no barrier to entry and no fear of legal reprisal due to the rusted out copyright mechanism before you start on your own ambitious, essentially original project. I recall Darren Aronofsky in the commentary for Pi talking about having to make sure the tune being hummed by a cleaning lady in some transition scene was pre-1923. Creators ought not have such ridiculous legal burdens; it's nothing but make-work for the legal counsel.
* Courts are free to focus on fraud and crime instead of being gummed up by enforcing media's decrepit business models
* Everyone gets sh!t for free, or near free. Free will be there, chow down. Near-free will be there when you want something that caters a little more closely to your tastes. Pony up the tiny amounts needed (or significant amounts if you want something really ambitious commissioned, up to you!) and still, chow the f*ck down.
* Society gets what it was promised in the US constitution: enrichment of the god damned public domain. That was the job our constitution commissioned Copyright for in the first place. Epic Fail.
I strongly favor complete Copyright Abolition. I believe that we should live in a world where everyone enjoys the right to transmit any information at their disposal to any person wishing to receive said data. I believe this will lead to the best results for individuals and society, produce
Ideology (information wants to be free, yadda yadda yadda!) is a nice excuse, ... It's just a bit of self-righteous rationalization after the fact.
Let people take a slice of my income, and they'll get $30-$50/mo. out of me for entertainment, no problem, instead of the $0 they're getting right now.
I know you're trying to channel wisdom here, and you are more clever about economics than most, but you still miss an important point.
To whit: how much of that $30-$50/mo will Slashdot get? And if you don't pay, you won't get to read/post any more?
Show me a flower that would set up a toll booth for birds and insects to feed from their nectar, and I'll show you a flower that fails to get pollinated.
Flowers give nectar away for free. Trees give huge, juicy fruits away that many species of animals depend solely upon for nourishment. Do these animals "make excuses" for their freeloading, or do they simply have needs and find symbiosis to suit those needs?
This plant + animal symbiosis is a winning business model in nature. Erecting toll booths around plants, using the proceeds from the toll booths to clone the plants over every square inch of the planet and then hunting animals caught sneaking past the toll booths would comparably be a losing strategy. It wouldn't matter if the animals had pocket change that might be divvied differently if the toll booths simply chose to charge less, the strategy is broken and the prices are so high because of the broken strategy. Seriously, centralized cloning is just less efficient and more expensive than letting the hungry animals distribute and seed for you.
Sometimes, trailblazing really is just finding a path of least resistance from an adjusted set of expectations, and then using the damned thing to get your needs met.
Mod parent up, +1 "hell yes", assuming you have that in your dropdown. :3