Not to beat a dead horse here, but the S/N ratio in this hole is really getting out of hand. The average day on slashdot consists of a couple of interesting science stories, complete with low comment volume and not much said, a few OS stories, jam-packed full of idiot "microsoft sucks" posts, and a Katz piece where all of you limp-dick amateur flamethrowers attempt to sound smart in front of your peers while never EVER bringing up valid points or contributing to a decent conversation.
Three quarters of you motherfuckers haven't managed to say anything useful ever, and probably don't have the slightest clue about anything going on around you. Mindless babble. And when you aren't babbling, you're posting some pseudo-intellectual thinly-veiled attack against a) the author b) some commercial company c) somebody else's ideas... ideas that your dead brains are incapable of creating and so are consumed with destroying.
Face it. 99% of what happens on slashdot anymore is useless. Anyone who tries to say something besides "linux is cool" is shouted down. Intelligence has been largely replaced by some horrible open source frat party. The only guy who dares to write original material for the site is hissed at constantly by a bunch of low-brow morons who wouldn't know intelligent discussion if it bit them in the ass.
Oh well. Fuck you people. There are way too many of you to start swinging the clue bat.
The ability to tap a line on both Nortel (DMS?) and Lucent (5ESS, etc) phone switches existed long before Oklahoma City. It has been a legal requirement for as long as I can remember.
At one time, Congress was wondering about requiring the same for Internet routers, but were told that it wasn't feasible... perhaps that was the post-OK-city law?
Yep. I don't agree with the overreaction, but tapping an individual line, or creating software or hardware to watch a user's radius logon, grab the IP assigned, and sniff all traffic at the source is trivial.
'Course, it's trivial in the states, too. I have been called at a NOC by the USAF, among others, and asked to detail account usage, provide info, etc. If they have a warrant, and they want an IP sniffed off the wire, (and they want to come down w/hardware), nobody has any probs with that.
I don't think it is big news, however. There are many, many countries where it is not necessary to inform courts or get permission before setting up surveillance of voice lines, and one would not expect that restrictions be placed on the surveillance of an internet connection in those countries. This seems like a logical extension (although a particularly expensive one, in that it requires dedicated hardware) of Russia's current surveillance activities.
I haven't looked closely, but I don't think that Russia (or any part of the former USSR) is going to see a lot of transit Internet traffic anyway.
As to the work-around, it would be trivial to assign high routing metrics to all traffic originating from Russian Autonomous Systems, and even easier to blackhole the country entirely. However, it is unlikely... the whole point of the 'net is universal connectivity, and you would have to do something very scary to cause the rest of the world to muck with your traffic.
OK, try this sometime. Put a hardware IDS on a Fast Ethernet feed, ask it to cap all packets across the wire, and load the FE 80%. See where it starts to fall apart.
Now, take an Internet router, connected via OC-3 or OC-12 (dunno if Russia is doing OC-48 yet, but likely), with several circuits feeding it, and try to find the place where you would put a device that is going to pull traffic off and write it anywhere. The router can't redirect all traffic, because it doesn't have the buffers, memory, or processor to do so. I haven't seen any kind of transparent hardware tech that would sit on an OC-12 and copy all bits running through the wire.
Regardless of the mystical shroud around government spooks, I really question the feasability of this kind of monitoring... the rate that we are pushing data on the backbone is astronomical, and we have achieved that by reducing the amount of packets that must be processed. Technologies like CEF or flow switching on Cisco routers speed packet processing up by touching as few of them as possible and switching as many as possible through ASICs. This doesn't give you a whole lot of room for surveillance equipment.
The only place for feasible monitoring would be on Ethernets or Fast Ethernets that connect server farms, and that would require the placement of monitoring devices at every server farm... not likely to go unnoticed.
I think this might be the Russian gov. blowing smoke. It doesn't strike me as a technical possibility right now.
Now that's a lawsuit I will stand behind, as it protects consumer rights rather than trampling them.
I don't know when it started, but I certainly didn't give anyone express permission to buy and sell my life's history as a consumer, just so they could "target" the junk mail and telephone spam that they insist on hurling at me. These giant databases of consumer information are sketchy in and of themselves, but when they are combined with what I consider browsing surveillance, they very well could cross the line into corporate big brother behavior.
If we have the freedom not to be illicitly watched by the government in our private lives (without cause), wouldn't that freedom extend to restrict the behavior of corporations?
Additionally, if someone is indiscriminately watching my habits online, how close does that get to wiretapping?
The reliability to which you refer is the main reason large companies went with SNA in the first place. Happily, I have seen results that are at least as good using IP QoS/CoS to provide consistent response time and bandwidth.
The QoS/CoS capability (at least on a Cisco platform) is the driving force for Voice over IP and Voice over Frame Relay that many businesses are rolling out. If I can engineer a network that will provide predictable bandwidth and latency that is good enough for a human ear (less than 200ms latency, 13kbps dedicated bw per call), then there should be no issue providing consistent response time to a TN3270.
I have to agree, though, that it probably won't go anywhere soon. The tools have been in place for a long time to phase out SNA, and it hasn't happened... I attribute this mostly to old mainframe operators who refuse to learn a new technology and maintain a 30-year old death grip on the server/network environment.
No apology necessary... I'm pretty thick skinned. As to the supplementary question (and this comes with some caveats):
My answer is C) TCP/IP WITH the addition of QoS/CoS across the backbone allows for a more effecient backbone design, and removes the need for multiprotocol networks which support both IBM protocols (SNA, APPN, all that junk) and native IP. The primary reason we would want this is B) that IP networks are more widespread, and increasingly required to interoperate with traditional SNA networks... and said interoperability is clunky, a pain in the ass, and generally slow and suboptimal.
* SNA is much better at traffic control than TCP/IP without quality of service. However, the need for that level of control should have been erased when the rest of the world migrated to switched Fast Ethernet (god only knows when that became available to FEPs...) and QoS/CoS can do a very good job of providing predictable response times, guaranteed bandwith, etc.
"With regards to "skills gap", I'll probably cause a flame war here by calling you an upstart UNIX weenie here.. Remember that S/390 has been "out in the wild" running large-scale commercial installations for 30 odd years. There's a *lot* of skilled people out there who can do COBOL, who can administer IBM mainframes, and who get paid good money for putting in and maintaining SNA networks."
No flame war there, as I don't claim to do any sort of programming or operation of IBM mainframes... I do, however, see networking environments that support SNA as their method of connecting to said mainframes. I don't much care if the apps are still running strong, as the networks that support those connections are falling apart under the stress of corporate LAN requirements. If something provides me some shred of hope that people will upgrade/migrate, and move to an IP based network, I cheer it's arrival.
The argument for knocking off SNA would be that you have to contort your network in all sorts of non-optimal ways to deal with the fact that you have, essentially, two networks... one for SNA traffic, and one for the TCP/IP apps that the rest of your business uses, yet you need to provide connectivity between nodes running both stacks.
It doesn't seem to be useful to me to be running your POS systems, or reservation systems, etc. on SNA just because that is the way the original app was written. Using classic SNA, you are talking about a connection-oriented protocol... which is clunky, complex, and expensive. The idea of a mainframe-controlled connection may have been useful when LANs were running at 4Mbps, but the resources available now invalidate the "need" for predictable response times provided by SNA. So IBM comes up with APPN... not a lot better, even though it will do route discovery and allow you to merge traditional LAN traffic with your SNA mainframe sessions across the backbone, but it is once again clunky, complex, and not very efficient.
A far better fix would be to use QoS/CoS across an IP backbone and allow the mainframe (and associated apps) to deal with it's sessions over IP... thus freeing everyone from the connection-oriented crap and allowing the mainframe to play on a LAN as if it were another server.
You are entirely correct that there is TCP/IP support. I believe an open, LINUX OS on the mainframe would make software portability easier, and would make the argument to migrate both the software and protocol stack to a pure IP environment much more palatable from a business perspective.
What I am looking for here is the "killer app" that would cause a migration, and LINUX as the OS could do that... smooth interoperability with other 'nix servers, less of a skillset gap between admins, a single network architecture, no more "split networks" which are designed to deal with SNA and IP traffic separately, etc.
If they are serious about the mainframe part, and about open standards, maybe it will be a good excuse to migrate all of those poor bastard banks, retail chains, and airline reservation systems that still run on (shudder) SNA. Everyone else runs TCP/IP... why not IBM mainframes?
Imagine a world where us poor network engineers don't have to cope with screwed-up proprietary IBM network protocols in the data center. (starry-eyed sigh)
Come the fuck on. How many of you are emailing Linus about how long it takes to get another stable kernel out. These people are busy... remember that. The software they give (that is GIVE) to people will get developed and released in open-source manner to the community when they are fucking done with the next version of it. If they don't have time to maintain a daily update CVS server, cope with it, instead of bitching about their release schedule. I would prefer that they took their time with code releases and concentrated on making slashdot... content and code and everything else in it, good.
This really doesn't help the general adoption of security patches. Even Microsoft can occasionally release a security patch that doesn't adversely affect the system. If we are to expect joe user to adopt security patches, it helps if they work and don't break anything else. Otherwise, it just leads to the NT Service Pack attitude... "I'll install it after a couple of months, when I'm sure it doesn't blow up my system."
No shit, Sherlock! That's why I don't work there... I prefer Boston, with it's suits and stiffs, to the Bay area, because of all that you have written.
Corporate culture in a city is important. California is more enjoyable than Boston(where I'm at now) because it is more relaxed / less suit-and-tie.
Rent!!! I was working in Phoenix for a while, and it was spectacular. $750 / month for a split-level second floor 2 bedroom apartment in a really nice complex. Compare that to sillycon valley or Boston or DC metro.
Entertainment and all of the other nice things help, but if I could find somewhere that had a good cost of living / corporate culture combination, I would be much more likely to stick around.
"I don't agree with censorship, but I don't have any problem with two web sites trying to find some kind of common ground so that they can talk this over like human beings."
Talking things over like human beings doesn't include suing for and recieving an injunction against someone's livelihood, shutting them down, going so far as to remove their email access, and then sending a preliminary olive branch after your biggest retail season is over. I don't think etoys should be treated with any respect at this point, nor should they be able to mandate any terms of surrender. If justice were to be served, they would be shut down themselves for a month, just to even the score.
How about a countersuit claiming product recognition problems and trademark dilution? If the domain name was there first, and the trademark status favors etoy, they should just go for the jugular and bring down etoys.com altogether.
Yeah, I have blackholed selected IPs, but only for short times under extreme circumstances. The idea of a real blackhole, where you have to remedy the problem before you are let back in the routing tables, hasn't caught on yet.:(
Perhaps the distributed DOS trend will help generate the need for some kind of structured blackhole process by which the offending network/user can be informed, and the blackhole reversed when security problems are fixed.
Sorry I was a little harsh. It gets real nasty when you have to chase a DOS attack all over your backbone trying to find out where it is coming from.... plug one hole, open up another. It is a touchy subject.
The smurf problem illustrates nicely... there is one line on a Cisco that fixes smurfs entirely. Go to the console, configure ethernet interfaces, and type "no ip directed-broadcast", and smurfs are no longer capable of being amplified from your network. If you search the 'net, however, you can find lists of networks which haven't taken the simplest measures to protect others from their misconfigurations.
The distributed network attacks are a new danger. Rather than protecting others from DOS by securing your network border, now you have to secure each internet accessible machine in order to avoid being used as an attack platform. This seems to me to require much more attention from users, rather than network admins, and so it is very necessary that people understand what their lack of a patch can do to someone else. It is really an issue of education, and the education is severely lacking.
That's exactly the stupid-ass attitude that makes it possible to run smurf attacks against people, still...
"why should I turn off directed broadcast?? What difference does it make if my network is used to destroy someone else's connectivity?"
Shit, I'll tell you why you should apply the patch. Eventually, ISPs are just going to blackhole the networks that source denial of service attacks, because eventually it is your responsibility for being vulnerable, rather than the attacker's responsibility for exploiting you.
OK, this is just stupid. I'm a little touchy about these studies, because I build e-commerce networks for money. I also ordered all of my christmas presents and shipped them on-line this year, and constantly buy everything I can over the Internet.
This Christmas season, I did all my shopping last week. All of my items were delivered, on time. I got confirmation e-mails when my order was processed, and when it was shipped. (Granted, with overnight shipping, some sites didn't inform me of shipping status until the product was already there, but I won't bitch about that.) Staples managed to send me 2 of an item I ordered, but took care of it in a prompt, professional manner.
All of the web sites I ordered off of told me whether or not an item I was looking at was in stock. None of them didn't know what was in stock or took a week to find out what was in stock. Maybe that's the way it works on www.shadyecommerce.com, but I experienced no such problems.
Granted, there are glitches. I have been double-billed, both by catalogs and web sites. The only difference between the two is that on a web site, a polite email gets my card reimbursed, and I never have to wait on hold for someone.
I have had items destroyed in shipping, (a copy of freeBSD, in fact) and a polite email was enough to insure that the replacement was delivered overnight.
I have had items run out of stock. I knew the next day, and had no problem modifying my order.
If that record, over 3 years of impulsive internet shopping, turns into a 25% failure rate, than Anderson counts differently than me. Anderson seems to forget that catalog orders and in-store purchases fail too... in fact, I have bought more faulty hardware from a physical store than I have from online merchants. Previous posters are likely correct... FUD for e-business managers, and a way to generate more consulting hours for Anderson.
Slashdot Mirror
Not to beat a dead horse here, but the S/N ratio in this hole is really getting out of hand. The average day on slashdot consists of a couple of interesting science stories, complete with low comment volume and not much said, a few OS stories, jam-packed full of idiot "microsoft sucks" posts, and a Katz piece where all of you limp-dick amateur flamethrowers attempt to sound smart in front of your peers while never EVER bringing up valid points or contributing to a decent conversation.
... ideas that your dead brains are incapable of creating and so are consumed with destroying.
Three quarters of you motherfuckers haven't managed to say anything useful ever, and probably don't have the slightest clue about anything going on around you. Mindless babble. And when you aren't babbling, you're posting some pseudo-intellectual thinly-veiled attack against a) the author b) some commercial company c) somebody else's ideas
Face it. 99% of what happens on slashdot anymore is useless. Anyone who tries to say something besides "linux is cool" is shouted down. Intelligence has been largely replaced by some horrible open source frat party. The only guy who dares to write original material for the site is hissed at constantly by a bunch of low-brow morons who wouldn't know intelligent discussion if it bit them in the ass.
Oh well. Fuck you people. There are way too many of you to start swinging the clue bat.
The ability to tap a line on both Nortel (DMS?) and Lucent (5ESS, etc) phone switches existed long before Oklahoma City. It has been a legal requirement for as long as I can remember.
... perhaps that was the post-OK-city law?
At one time, Congress was wondering about requiring the same for Internet routers, but were told that it wasn't feasible
Yep. I don't agree with the overreaction, but tapping an individual line, or creating software or hardware to watch a user's radius logon, grab the IP assigned, and sniff all traffic at the source is trivial.
'Course, it's trivial in the states, too. I have been called at a NOC by the USAF, among others, and asked to detail account usage, provide info, etc. If they have a warrant, and they want an IP sniffed off the wire, (and they want to come down w/hardware), nobody has any probs with that.
I don't think it is big news, however. There are many, many countries where it is not necessary to inform courts or get permission before setting up surveillance of voice lines, and one would not expect that restrictions be placed on the surveillance of an internet connection in those countries. This seems like a logical extension (although a particularly expensive one, in that it requires dedicated hardware) of Russia's current surveillance activities.
As soon as I read the link provided in the above comment, the idea of buying this damn thing evaporated. I will not support ANYTHING SDMI. Period.
I haven't looked closely, but I don't think that Russia (or any part of the former USSR) is going to see a lot of transit Internet traffic anyway.
... the whole point of the 'net is universal connectivity, and you would have to do something very scary to cause the rest of the world to muck with your traffic.
As to the work-around, it would be trivial to assign high routing metrics to all traffic originating from Russian Autonomous Systems, and even easier to blackhole the country entirely. However, it is unlikely
OK, try this sometime. Put a hardware IDS on a Fast Ethernet feed, ask it to cap all packets across the wire, and load the FE 80%. See where it starts to fall apart.
... the rate that we are pushing data on the backbone is astronomical, and we have achieved that by reducing the amount of packets that must be processed. Technologies like CEF or flow switching on Cisco routers speed packet processing up by touching as few of them as possible and switching as many as possible through ASICs. This doesn't give you a whole lot of room for surveillance equipment.
... not likely to go unnoticed.
Now, take an Internet router, connected via OC-3 or OC-12 (dunno if Russia is doing OC-48 yet, but likely), with several circuits feeding it, and try to find the place where you would put a device that is going to pull traffic off and write it anywhere. The router can't redirect all traffic, because it doesn't have the buffers, memory, or processor to do so. I haven't seen any kind of transparent hardware tech that would sit on an OC-12 and copy all bits running through the wire.
Regardless of the mystical shroud around government spooks, I really question the feasability of this kind of monitoring
The only place for feasible monitoring would be on Ethernets or Fast Ethernets that connect server farms, and that would require the placement of monitoring devices at every server farm
I think this might be the Russian gov. blowing smoke. It doesn't strike me as a technical possibility right now.
Now that's a lawsuit I will stand behind, as it protects consumer rights rather than trampling them.
... feel free to flame or add.
I don't know when it started, but I certainly didn't give anyone express permission to buy and sell my life's history as a consumer, just so they could "target" the junk mail and telephone spam that they insist on hurling at me. These giant databases of consumer information are sketchy in and of themselves, but when they are combined with what I consider browsing surveillance, they very well could cross the line into corporate big brother behavior.
If we have the freedom not to be illicitly watched by the government in our private lives (without cause), wouldn't that freedom extend to restrict the behavior of corporations?
Additionally, if someone is indiscriminately watching my habits online, how close does that get to wiretapping?
Just rambling
The reliability to which you refer is the main reason large companies went with SNA in the first place. Happily, I have seen results that are at least as good using IP QoS/CoS to provide consistent response time and bandwidth.
... I attribute this mostly to old mainframe operators who refuse to learn a new technology and maintain a 30-year old death grip on the server/network environment.
The QoS/CoS capability (at least on a Cisco platform) is the driving force for Voice over IP and Voice over Frame Relay that many businesses are rolling out. If I can engineer a network that will provide predictable bandwidth and latency that is good enough for a human ear (less than 200ms latency, 13kbps dedicated bw per call), then there should be no issue providing consistent response time to a TN3270.
I have to agree, though, that it probably won't go anywhere soon. The tools have been in place for a long time to phase out SNA, and it hasn't happened
Gak! typo. Read "not fast or well."
I wouldn't necessarily call DLSw (or even DLSw+) the best of both worlds ... yeah, it provides some interoperability, but not with fast or well.
No apology necessary ... I'm pretty thick skinned. As to the supplementary question (and this comes with some caveats):
... and said interoperability is clunky, a pain in the ass, and generally slow and suboptimal.
...) and QoS/CoS can do a very good job of providing predictable response times, guaranteed bandwith, etc.
My answer is C) TCP/IP WITH the addition of QoS/CoS across the backbone allows for a more effecient backbone design, and removes the need for multiprotocol networks which support both IBM protocols (SNA, APPN, all that junk) and native IP. The primary reason we would want this is B) that IP networks are more widespread, and increasingly required to interoperate with traditional SNA networks
* SNA is much better at traffic control than TCP/IP without quality of service. However, the need for that level of control should have been erased when the rest of the world migrated to switched Fast Ethernet (god only knows when that became available to FEPs
"With regards to "skills gap", I'll probably cause a flame war here by calling you an upstart UNIX weenie here.. Remember that S/390 has been "out in the wild" running large-scale commercial installations for 30 odd years. There's a *lot* of skilled people out there who can do COBOL, who can administer IBM mainframes, and who get paid good money for putting in and maintaining SNA networks."
... I do, however, see networking environments that support SNA as their method of connecting to said mainframes. I don't much care if the apps are still running strong, as the networks that support those connections are falling apart under the stress of corporate LAN requirements. If something provides me some shred of hope that people will upgrade/migrate, and move to an IP based network, I cheer it's arrival.
No flame war there, as I don't claim to do any sort of programming or operation of IBM mainframes
The argument for knocking off SNA would be that you have to contort your network in all sorts of non-optimal ways to deal with the fact that you have, essentially, two networks ... one for SNA traffic, and one for the TCP/IP apps that the rest of your business uses, yet you need to provide connectivity between nodes running both stacks.
... which is clunky, complex, and expensive. The idea of a mainframe-controlled connection may have been useful when LANs were running at 4Mbps, but the resources available now invalidate the "need" for predictable response times provided by SNA. So IBM comes up with APPN ... not a lot better, even though it will do route discovery and allow you to merge traditional LAN traffic with your SNA mainframe sessions across the backbone, but it is once again clunky, complex, and not very efficient.
... thus freeing everyone from the connection-oriented crap and allowing the mainframe to play on a LAN as if it were another server.
It doesn't seem to be useful to me to be running your POS systems, or reservation systems, etc. on SNA just because that is the way the original app was written. Using classic SNA, you are talking about a connection-oriented protocol
A far better fix would be to use QoS/CoS across an IP backbone and allow the mainframe (and associated apps) to deal with it's sessions over IP
You are entirely correct that there is TCP/IP support. I believe an open, LINUX OS on the mainframe would make software portability easier, and would make the argument to migrate both the software and protocol stack to a pure IP environment much more palatable from a business perspective.
... smooth interoperability with other 'nix servers, less of a skillset gap between admins, a single network architecture, no more "split networks" which are designed to deal with SNA and IP traffic separately, etc.
What I am looking for here is the "killer app" that would cause a migration, and LINUX as the OS could do that
If they are serious about the mainframe part, and about open standards, maybe it will be a good excuse to migrate all of those poor bastard banks, retail chains, and airline reservation systems that still run on (shudder) SNA. Everyone else runs TCP/IP ... why not IBM mainframes?
Imagine a world where us poor network engineers don't have to cope with screwed-up proprietary IBM network protocols in the data center. (starry-eyed sigh)
Come the fuck on. How many of you are emailing Linus about how long it takes to get another stable kernel out. These people are busy ... remember that. The software they give (that is GIVE) to people will get developed and released in open-source manner to the community when they are fucking done with the next version of it. If they don't have time to maintain a daily update CVS server, cope with it, instead of bitching about their release schedule. I would prefer that they took their time with code releases and concentrated on making slashdot ... content and code and everything else in it, good.
This really doesn't help the general adoption of security patches. Even Microsoft can occasionally release a security patch that doesn't adversely affect the system. If we are to expect joe user to adopt security patches, it helps if they work and don't break anything else. Otherwise, it just leads to the NT Service Pack attitude ... "I'll install it after a couple of months, when I'm sure it doesn't blow up my system."
No shit, Sherlock! That's why I don't work there ... I prefer Boston, with it's suits and stiffs, to the Bay area, because of all that you have written.
My thoughts:
Corporate culture in a city is important. California is more enjoyable than Boston(where I'm at now) because it is more relaxed / less suit-and-tie.
Rent!!! I was working in Phoenix for a while, and it was spectacular. $750 / month for a split-level second floor 2 bedroom apartment in a really nice complex. Compare that to sillycon valley or Boston or DC metro.
Entertainment and all of the other nice things help, but if I could find somewhere that had a good cost of living / corporate culture combination, I would be much more likely to stick around.
"I don't agree with censorship, but I don't have any problem with two web sites trying to find some kind of common ground so that they can talk this over like human beings."
Talking things over like human beings doesn't include suing for and recieving an injunction against someone's livelihood, shutting them down, going so far as to remove their email access, and then sending a preliminary olive branch after your biggest retail season is over. I don't think etoys should be treated with any respect at this point, nor should they be able to mandate any terms of surrender. If justice were to be served, they would be shut down themselves for a month, just to even the score.
How about a countersuit claiming product recognition problems and trademark dilution? If the domain name was there first, and the trademark status favors etoy, they should just go for the jugular and bring down etoys.com altogether.
Yeah, I have blackholed selected IPs, but only for short times under extreme circumstances. The idea of a real blackhole, where you have to remedy the problem before you are let back in the routing tables, hasn't caught on yet. :(
Perhaps the distributed DOS trend will help generate the need for some kind of structured blackhole process by which the offending network/user can be informed, and the blackhole reversed when security problems are fixed.
Sorry I was a little harsh. It gets real nasty when you have to chase a DOS attack all over your backbone trying to find out where it is coming from .... plug one hole, open up another. It is a touchy subject.
... there is one line on a Cisco that fixes smurfs entirely. Go to the console, configure ethernet interfaces, and type "no ip directed-broadcast", and smurfs are no longer capable of being amplified from your network. If you search the 'net, however, you can find lists of networks which haven't taken the simplest measures to protect others from their misconfigurations.
The smurf problem illustrates nicely
The distributed network attacks are a new danger. Rather than protecting others from DOS by securing your network border, now you have to secure each internet accessible machine in order to avoid being used as an attack platform. This seems to me to require much more attention from users, rather than network admins, and so it is very necessary that people understand what their lack of a patch can do to someone else. It is really an issue of education, and the education is severely lacking.
Cheers.
That's exactly the stupid-ass attitude that makes it possible to run smurf attacks against people, still ...
"why should I turn off directed broadcast?? What difference does it make if my network is used to destroy someone else's connectivity?"
Shit, I'll tell you why you should apply the patch. Eventually, ISPs are just going to blackhole the networks that source denial of service attacks, because eventually it is your responsibility for being vulnerable, rather than the attacker's responsibility for exploiting you.
Purchase clue.
OK, this is just stupid. I'm a little touchy about these studies, because I build e-commerce networks for money. I also ordered all of my christmas presents and shipped them on-line this year, and constantly buy everything I can over the Internet.
... in fact, I have bought more faulty hardware from a physical store than I have from online merchants. Previous posters are likely correct ... FUD for e-business managers, and a way to generate more consulting hours for Anderson.
This Christmas season, I did all my shopping last week. All of my items were delivered, on time. I got confirmation e-mails when my order was processed, and when it was shipped. (Granted, with overnight shipping, some sites didn't inform me of shipping status until the product was already there, but I won't bitch about that.) Staples managed to send me 2 of an item I ordered, but took care of it in a prompt, professional manner.
All of the web sites I ordered off of told me whether or not an item I was looking at was in stock. None of them didn't know what was in stock or took a week to find out what was in stock. Maybe that's the way it works on www.shadyecommerce.com, but I experienced no such problems.
Granted, there are glitches. I have been double-billed, both by catalogs and web sites. The only difference between the two is that on a web site, a polite email gets my card reimbursed, and I never have to wait on hold for someone.
I have had items destroyed in shipping, (a copy of freeBSD, in fact) and a polite email was enough to insure that the replacement was delivered overnight.
I have had items run out of stock. I knew the next day, and had no problem modifying my order.
If that record, over 3 years of impulsive internet shopping, turns into a 25% failure rate, than Anderson counts differently than me. Anderson seems to forget that catalog orders and in-store purchases fail too