Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. Bush vs. Clinton lying - qualitative differences on White House: No Kerry Supporters at IATC Meeting · · Score: 1
    Sure, both of them lied through their teeth.
    • But Clinton mostly lied about his personal life - Bush lies about national policy, which is a lot more serious. And when Clinton was lying, at least about his sex life, he did it with a grin that said "You know I'm lying, and I know you know I'm lying, and we're good old boys playing our part of the game and no hard feelings about it."
    • George H.W. Bush the Elder also lied, including about national policy, but he was at least telling his own lies, and understood what the truth he wasn't telling was, because he had to deal with reality to get stuff done.
    • Dubya not only lies, he doesn't care what's true - he insists on absolute loyalty from his people to whatever position he's taking, and doesn't want to be told that he's wrong, even in Cabinet meetings. Bamford's book, "A Pretext for War", talks about this problem quite a bit.
  2. Outsourcing and Dark Fiber and open telecoms on First 500 Terabytes Transmitted via LHCGlobal Grid · · Score: 1
    The Internet means that anybody can work from anywhere in the civilized world that they want to, which is why for some reason everybody moved to Silicon Valley during the Internet Boom, though some of the 80s-computer-boom generation did move to places like Oregon or Colorado to grow grapes and telecommute now that they had consulting contacts (an occasional plane trip can get you to SF to meet customers in person when you need to or buy designer drugs that you can't grow locally.) And I do know a number of people who've moved to random college towns outside CA and NYC, because they get the lifestyle they want at more rational prices, though some have had to resort to becoming academics to get away with it :-)

    India has only partially realized the Boom, because they only partially implemented telecom liberalization. For instance, there are hundreds of gigabits per second of fiber going BY India's cable heads, but only a few GB actually able to drop there, because the VSNL good-old-former-monopoly-boys still have their hooks into it. They've loosened up enough that there *is* a booming call center business, but it's not like you can actually get wavelengths delivered to Bangalore for prices that have any relationship to the cost of installing them.

    China's somewhat the same way, though they're starting to get better. Their government is still hopelessly obsessed with censorship, so it's hard to install infrastructure that's too fast for them to wiretap, but they're gradually getting things done because the ex-commies are now making money.

    Thailand is a tougher case. Their geography gets really rough and wrinkly once you're more than a few km outside of Bangkok or a few other big cities, and they've still got something that acts like an old corrupt PTT. It's getting better, but it'll be a while before you can really telecommute from Phuket, and the tsunami didn't help anything. Similarly, Costa Rica has amazing geography, being located where Central and South America squish into each other, but they only need a couple of fibers to get San Jose and Cartago on the net - but the telecom bureaucrats are kleptocracy that's trying to criminalize VOIP because it cuts into their profit margins rather than encouraging it because it creates jobs for people who aren't their buddies.

  3. Mirrored Disk Drives on First 500 Terabytes Transmitted via LHCGlobal Grid · · Score: 1

    Disk drives are a bit under $1/GB these days (you'll need a few extra controller cards etc for convenience, so round up.) So 500TB is about $500K, and you can build some kind of RAID-like thingy that lets you pop the racks out onto a Fedex truck without wasting the amount of time copying to tape would take.

  4. So Yeti@Home isn't for you? on NETI@home Data Analyzed · · Score: 1

    So you're now pouring water in your nose. There's also been some possibly relevant marketing research done by Golgafrinchians about "Do people want fire that can be fitted nasally?". But Yetis? Probably not what you need.

  5. AT&T Internet Protect traffic analysis system on NETI@home Data Analyzed · · Score: 1
    AT&T Internet Protect collects traffic headers from some large fraction of their network - the last figure I saw was about 12TB a day of headers (source/dest IP, protocol, source/dest port.) There's a certain amount of analysis they do in real-time, some more that gets fed to human analysts to try to make sense of, and the data's also there for later research. Some kinds of problems are obvious (e.g. port scans on TCP 17300 and TCP 1025 from Asia are heavy this week - 17300 is usually one specific virus, but lots of malware targets 1025), some are hard to tell from regular traffic (a zombie sending out small amounts of spam doesn't look much different from regular email use), and some look weird but really only make sense later (the Slammer worm happened soon after they started collecting headers for research purposes - there were a couple of spikes on udp1434 during the week before the worm finally took off, which appear to either be test runs or fizzled launches.)

    Needless to say, it's a rather specialized database system, designed for problems on the order of "record all the event data needed for phone bills"; you're not going to run it on MYSQL in your basement. And it's not a complete sample of headers, much less message bodies (AT&T carries about 2 Petabytes/day of traffic), but it's an interesting start for detecting many kinds of weirdness. There are other ways to collect lots of traffic - routers mainly do packet counters of various sorts, so you're only getting aggregates rather than details, but they're good for other kinds of problems.

  6. Blocking Forged Packets is Very Easy RFC2827 on NETI@home Data Analyzed · · Score: 1
    There's a Best Current Practices document BCP38 and a few RFCs, notably RFC2827, recommending that ISPs block IP packets with forged Source addresses from their network. It's easy to block them from end users, and while you can't totally block forged packets coming from other ISPs, you can block some of them (strict uRPF for your end users, loose uRPF for peering/transit, plus blocking packets or at least routes from outside that pretend to be from your non-dual-homed end users.) These are standard features of Cisco and Juniper routers, and presumably of other major router vendors.

    This doesn't prevent all network problems by any means, but it cuts down on lots of annoyances. You can prevent forged UDP packets and forged TCP SYN packets, so there are a number of attacks that don't work. (Forging TCP sessions was already much harder.) Forgery can still happen within a subnet, e.g. a packet claiming to be from 1.2.3.4 might be from some other machine at 1.2.3.0/24, but you can go find the right wire to look at, so you can trace problems reliably and add extra filtering/detection in the right place. Forgery can still happen on other ISPs that don't do spoof-proofing, but you can at least trace it if it's within your network and you can work with other ISPs to clean up their acts as well.

  7. Cable Modem Customer Lock-In is Stronger on NETI@home Data Analyzed · · Score: 1
    If you shut off a dial-up user, he might change ISPs or might (try to) clean up his act (with some level of failure, which is not surprising since he was sufficiently incompetent that he got infected in the first place.) If you shut off a DSL user, he also might change ISPs or might try to clean up. But cable modem services are harder to change - there's usually only one cable company serving a given end user, and changing to DSL is not always an option, so cable users are more stuck than other types of Internet users. Also, most people really *don't* want their machines to be used for malware, especially if you scare them about liability and kiddie pr0n and mean nasty lawyers and make it easy for them to figure out if it's their kid's game-playing box or the parents' unpatched Windoze machine.

    Some cable companies already do block internet use from known infected machines - typically by redirecting all their web pages to a "You're infected. Here's how to install anti-virus software and a hardware firewall" page, but sometimes by giving them very restricted Internet access (e.g. only retrieving ports 80/443 web pages and only sending/receiving mail on the ISP mailserver.)

    AFAIK, none of the cable companies have started switching their users's TVs to the "Anti-Virus Cleanup Channel" to *really* get their attention...

  8. List of Zombie Blocklists (+ other Bad-Site-BLs) on NETI@home Data Analyzed · · Score: 2, Informative

    Spamlinks's list of Zombie Blocklists also has other types of block lists on that page (RBLs, Open Proxy blocklists, Known Spammer blocklists, etc.).

  9. Recent Worms DO organize to manage utilization on NETI@home Data Analyzed · · Score: 3, Informative
    Most of the interesting recent viruses *do* have some level of organization to reduce duplication of effort, and the postulated "Warhol Worms" designed to take over the entire Internet in 15 minutes would need to do so, because otherwise they're not as effective. Some of them pre-scan the net to find a list of vulnerable machines to infect first, and then haul around parts of the list. Others partition the address space quasi-deterministically (e.g. Phase 1 scans all of the valid /8 address spaces until it's infected some machine in each one, Phase 2 scans all of the 256 /16 address spaces within its /8 until it's affected one in each, Phase 3 scans all of the 256 /24 addresses within its /16, Phase 4 scans all the 256 addresses within its /24.

    Code Red II implemented a randomized variant on this: "1/8th of the time, CodeRedII probes a completely random IP address. 1/2 of the time, CodeRedII probes a machine in the same /8 (so if the infected machine had the IP address 10.9.8.7, the IP address probed would start with 10.), while 3/8ths of the time, it probes a machine on the same /16 (so the IP address probed would start with 10.9.)" It means the worms don't have to keep track of phases, but it gets similar effects, and while there is more chance of overlap, it's not too high until the worm's infected most of the net, and the added random searches help make up for machines that didn't successfully infect their netblocks due to firewalls or failures or simple slowness.

    At least one worm that took this sort of approach had a bad random number generator, so it kept hitting the same territory too hard and missing other wide-open spaces, which protected a few parts of the net from infection.

  10. Re:Encrypt Filesystems Instead on USB Flash Drive Round-up · · Score: 1
    The problem is that you then need to trust the thumbdrive maker to have done a decent job of cryptography, and you also run into the risk that it'll require some non-portable operating system support. There _are_ drives that do AES encryption on all or part of their filesystems, but they need an interface to the host OS to hand them a key - if they're not open source, you can't evaluate whether to trust their key handling, and they often limit the operating systems that can use that feature (e.g. only Windows XP, or Win and Mac, but maybe not Linux and probably not OpenBSD), and it sometimes interferes with them being bootable.

    There have been USB drives that had fingerprint readers on them, again with no way to examine the source code and evaluate the quality or reliability. You could try to jam some other user interface onto them (e.g. very small keypad), but it'd be tough ergonomically.

    I'm not just ranting about open source because of GNU/Linux prejudice - it's a much more critical issue for cryptographers, because not only do most amateurs design bad encryption algorithms (like the GSM phones or some parts of PPTP), it's often difficult to handle the crypto protocols adequately, especially password management and all the different kinds of data padding you need to do, and even things like PGP have had multiple critical mistakes (as have *far* too many people who've used RC4, such as the amateurs designing WEP and other parts of PPTP.) If you can't see the source code and design documentation, it's guaranteed that you can't trust it. If you *can* see the source code, then it still depends on how smart the people reviewing it are, and what they miss, but you've got *some* chance.

  11. Encrypt Filesystems Instead on USB Flash Drive Round-up · · Score: 1

    Sure, you could do that, but it's simpler to use encrypted filesystem drivers on your PC's operating system so you never store unencrypted data. I don't know how cooperative most USB sticks are about using NTFS instead of FAT, but there are other approaches as well. And if you need to carry around software to do it, you can usually keep it unencrypted on the drive...

  12. Return of the Disk-Based Virus! on USB Flash Drive Round-up · · Score: 2, Insightful

    Now that most people are on the net and send email around instead of bothering with floppies, we'd finally gotten rid of the floppy-based virus as a relevant threat. But USB sticks are starting to bring it back. It's not as serious a problem as it used to be, since most people have anti-virus software, and most people move more bits around by email even if they have USB sticks, but it's non-zero, and it'll get worse as virus writers rediscover the opportunities. Good Times Ahead!

  13. Flash Reader on a USB Cable on USB Flash Drive Round-up · · Score: 1
    Flash readers on USB cables used to cost $29; I assume they're down to $10-15 now. They're a bit bigger than USB sticks, but if you're mostly using them at home or work, they're fine, and you can easily upgrade them as memory prices come down.

    Back when they first came out, I got one for my digital camera, because it was much easier than haggling with the drivers that talk to the camera itself, and the flash cards in the good camera were removable. So when I was thinking about buying a USB stick, I realized that I had the cable, and I had a bunch of flash around from the camera, so why bother. And now I've got an iPod Shuffle, which works well as a flash drive as well as playing music. (Haven't gotten around to installing Knoppix on it yet :-)

  14. Stealing Mobile Phones is passe also on USB Flash Drive Round-up · · Score: 3, Insightful

    Mobile phones used to be expensive and interesting, as well as useful for drug dealers who wanted to call Colombia for free, so they'd get stolen, especially if you left them visible in your car. But these days, at least in the US, nobody bothers them any more. Cell phones are cheap enough to make that you tend to get them free when you sign up for an overpriced cellular plan, or kids who can't afford that can get prepaid phones in the 7-11, so there's essentially no resale market except for the good ones (where you can also buy extremely cheap long-distance phone cards.) Perhaps the fact that the US is mostly not GSM affects that as well - you usually need to register the phone itself with the cellular company, so it's traceable, as opposed to simply popping your SIM card into a better phone. Since the crime has stopped paying, it's just not worth the trouble.

  15. Why are some NOT bootable? on USB Flash Drive Round-up · · Score: 2, Interesting

    I understand that older PCs don't boot from USB - so no surprise there. But why are some of the the USB sticks bootable and some not? Aren't they all implementing the same standards, and just adding their features on top (like crypto drivers or whatever)?

  16. Mother-In-Law's AOL id as Thin Client environment on E-mail As the New Database · · Score: 3, Interesting
    No guilt about it - she's paying them whatever their current price is, and she keeps all the stuff she's interested in on their servers. Of course, she's never really figured out Windows file systems, or why she should use them instead of creating mail folders inside AOL. (:-)

    It's been very useful for helping maintain her system - when Somethine Bad happens to her PC, whether it's spyware or bit rot or hard drive problems, whichever child is nearby can just format the disk, reinstall whatever generation of Windows is handy, get a new AOL coaster (I picked one up in the hotel lobby last trip :-), and she can log in and all her bookmarks, email, buddy lists, etc. are all there right away. We did have to buy an actual install-from-scratch version of XP once, because she'd lost the old Windows ME disk, but WinME was such a loss that scraping it off the disk and getting rid of Compaq's "helpful" system backup software were a pleasure anyway.

    Meanwhile, *my* mom's still happily using her decade-old Mac Performa 630 with System 7.x, Netscape and Eudora, keeps her data on disk as text files that she backs up to floppy, had to buy some more RAM a few years ago so a new printer driver would work reliably, and her only real problem is that her local Mac repair guy retired and no longer makes house calls. It's much more reliable, but she's never been afraid of technology.

  17. Gmail for non-personal email like public lists on E-mail As the New Database · · Score: 1
    I don't use gmail for personal email that I mind if other people read. Google are nice folks, but there's really no reason to trust them with that, especially if for some reason somebody subpoenas them in a lawsuit or the Feds give them a criminal warrant or whatever.

    However, it's fine for non-personal email such as high-volume public mailing lists. I use gmail to receive my subscription to NANOG, the North American Network Operators List, which also means that I can participate in Internet infrastructure discussions without using either my work email address (where there can be bureaucratic issues like conflict of interest) or my main personal home email address, which is already in too many easily-harvested mailing list archives. Gmail's mail indexing isn't extremely sophisticated, but it works pretty well for this sort of discussion list.

  18. Simpler solution - copy/delete/defrag/restore on E-mail As the New Database · · Score: 1
    That's too much trouble, unless you needed to buy a bigger drive anyway.
    • Copy the offending .PST file to an external disk (either USB or a file server or DVD-R or whatever),
    • delete the original, which will leave you enough space to defrag the disk successfully,
    • defrag it,
    • then copy the .PST back from the external drive.
    It's especially valuable because .PST files over a gig or so (especially over 2GB) are likely to explode like a drummer for Spinal Tap, leaving a puff of greasy orange smoke that you can't reincarnate because they're kept in some proprietary undocumented binary format, so it's hard to dredge the original text out of them even if they're not encrypted or compressed.

    I try to avoid this problem by splitting off my .PST files every 3-6 months when they get too big. I prefer to keep longer periods of time per file for simplicity, but keeping files under ~650MB means I can burn them to CDROM.

  19. Disappearing Inc, aka Liquidmachines.com on E-mail As the New Database · · Score: 2, Interesting
    A few years back, Disappearing Inc. made a system to do that. They've since become Omniva and were recently acquired by Liquidmachines.com. Their tech guy gave a talk at a Cypherpunks meeting back when they announced their product, and I was fairly impressed. He started off by explaining what the product doesn't do, because there are lots of things people would like to do that are sufficiently impossible that anybody claiming to do them is selling snake oil. Their objective was limited to supporting private communications between two cooperating parties who aren't trying to work around the system - so they weren't claiming to protect your email from one of the parties using a screen-scraper, etc. This is radically different from the DRM market, where one party doesn't trust the other party and wants to limit what the recipient can do with the information. They basically use plug-in to email/browser etc. that stores a session key with their server, encrypts the email message body with the session key, and lets the recipient fetch the session key to display the message, but never stores the message in cleartext. When the expiration conditions occur (either expiration date or one of the parties says to delete it), they delete the session key from their server. So the sender's and recipient's mail systems only handle the encrypted information, and if they're running backup systems, the backups only contain the encrypted file.

    So if your girlfriend is willing to keep your notes in read-only format, and send you notes in the same format, then it'll protect you, or if your unindicted co-conspirator wants to stay unindicted, then you won't get an Ollie North what do you mean the email's backed up on optical WORM disks?!?!? surprise. But if your girlfriend cuts&pastes your email to her diary, she can later post it to alt.sex.ex-boyfriends.losers, and if your co-conspirator prints out emails because it's easier than reading small type on screen and then stores them in his file cabinet, you can still get busted later. Also, if the Feds hand a warrant to the privacy server operator requiring them to hand over any keys they have for mail to or from you, and they have any keys they haven't already deleted, you lose, but any keys they've already deleted are gone. (I think they also did a version of the keyserver for companies that wanted to maintain them in-house.)

  20. Yes, of course - here's why on RAM Manufacturers Fined for Price Fixing · · Score: 1

    You didn't think this huge judgement was to protect consumers did you? It's to punish people who sell products to consumers at unfairly low prices. So that does mean that any RAM you buy from them in the next year will be more expensive than it would have been without this fine.

  21. I voted for Kudos... on Bastille Adds Reporting, Grabs Fed Attention · · Score: 1

    Wait, wasn't KuDOS an early PC operating system?

  22. Plan 9's 8 1/2 Windowing System - Light and Fast on Next Generation X11 · · Score: 1

    Rob Pike gave a talk at a Usenix a decade or so ago about his 8 1/2 windowing system for Plan 9. His basic intro was "Ken and I spent a decade figuring out what things a windowing system shouldn't do and wrote one that doesn't do them." It was something like 64K lines of C code, and when he typed 8 1/2 (in Unicode :-) into a shell and hit return, he had a running window system up in about the amount of time it normally takes to get a $ prompt back - it was way sub-second. The UI he was running on it was his Acme tiled window manager - I much prefer systems with overlapping windows (but he'd already written one of those for the Blit, so this was new usability research for him.)

  23. iPod Shuffle + Car Stereo + MP3 CDs on The Sony/MP3 Saga Continues · · Score: 1
    1) Portable MP3 players are mostly under $100 these days. (The 1GB iPod Shuffle is $150, though.)

    2) Most car stereos these days support MP3 CDROMs. I don't know about changers, but at least single-CD players do, because it no longer costs money to add the feature.

    Most car stereos also support an Auxiliary Input, though most car stereos as installed by car dealers don't make it reachable and the fscking things don't have it on the front plate where it would be easy to reach, so you've probably got to drill the holes and then wire it yourself. However, once you've done that, it's easy to plug in your MP3 player.

    And while an iPod Shuffle doesn't have the most *powerful* interface in the world, it's definitely something you can run while driving, because all you're going to do is hit the "pause" and "skip" buttons, and you can set it to play playlists in order if you don't like randomness.

  24. First Banner Ad Blocker 199x, Cookie Blocker 199x? on Report on Last Decade of Online Advertising · · Score: 1

    Any ideas what the dates were for the first banner ad blocker and the first cookie blocker? (or for that matter, the first time somebody recommended mapping doubleclick.net to 127.0.0.1?)

  25. Delivering Calls to Telco Phones costs money on Getting Started with VoIP Devices · · Score: 1
    Remember that when the VOIP companies are delivering your phone calls to old-fashioned real phone companies, they're getting charged money to do it. Some part of that money is regulatory fees (not usually most of it - it's still a bogus explanation, but there's a grain of truth under the misdirection.)

    Also, if you're getting incoming phone calls from phone companies, there are costs attached to those phone lines. It's cheaper than traditional phone lines, because they're not only buying big pipes instead of many little pipes, but they're oversubscribing because typical phone use is about 15-20% on business lines, less on residential, and that can cost them money (exactly how much depends on their regulatory status - they can register as a CLEC, or they can do this as a standard business line, with different kinds of mandatory costs for telcos and taxes, and whether it pays off depends a lot on their calling patterns.)