Of course there are still magazines around - if you haven't seen the usual collections of Golf Digest, People, Ladies' Home Journal, Men's Health, etc., in your dentist's office, then either you need to get regular dental checkups or else your dentist has few enough patients that you haven't had to wait when you get there. That doesn't mean you actually want to read any of the magazines there, but they're a standard feature.
I started going to my dentist 30 years ago when he was the young junior partner stuck working Saturdays, and his office reading material was Zippy the Pinhead and Zap Comix, and the music was the loud rock station. Since then he's moved his office from the city out to the suburbs, had kids who are now grown up, replaced the sports car with a minivan and then replaced that with a sports car again, and the office has canonical dentist's office muzak and the Golf/People/etc. magazines, and he's now got a young junior partner stuck working Saturdays...
The purpose of bitcoin isn't to hold coins for investment, but to use them for transactions, because they have useful properties for anonymousish internet payment that other payment processing systems don't have. Except for a few silly applications, transactions aren't priced in Bitcoins, they're priced in dollars or Euros or RMB or whatever, and you buy $x worth of Bitcoins on an exchange, use them to order easily shipped illegal pharmaceuticals or send money to your parents back in the old country, and the recipient sells them back on an exchange to get ~$x of locally useful currency.
You're not buying Bitcoins to hold them until they appreciate or the latest bubble bursts or the pyramid crashes, you're buying them to use for half an hour for a transaction, and they're almost always stable enough that any price fluctuation is within your tolerance for money transmission service fees (i.e. hopefully cheaper than Western Union, possibly competitive with Paypal, and certainly much smaller than the 90% markup the dealer is getting for a sheet of LSD or the 50% markup they're making on other drugs, and even if it's more expensive than Visa, the lack of record-keeping is a feature, not a bug.) And yes, if you're using it for illegal transactions, the lack of record-keeping is also a risk, because your dealer might not actually ship you the products, but you're probably only buying a $100 retail quantity, or if you're buying more you can structure it as multiple phases so you don't pay for the third 25% chunk until you've received the second one. And it wasn't like the credit card $50 loss limit was going to reimburse you if your sheet of "psychedelic artwork" arrived but didn't actually have any acid in it.
There's a respectably large underground complex in Crystal City, on the south side of Washington DC, though it's not quite Toronto scale. A subway station, a mall with food court, entrances to office buildings, bottom floors of a couple of hotels. I had some business trips where entered the subway at National Airport (briefly above ground) and didn't come out of the tunnels again until I left town. There's an elevator in the complex that tells you what floor you're on which was confused one day (telling me I was one floor below the one I was really on), and unfortunately I didn't have time to take it down to the basement to see what it would say about it.
and the oscillation overthruster didn't even kick in:-) It was the new tunnel that replaces Devil's Slide Rd. south of San Francisco, and my GPS didn't have a map update for the recently-opened tunnel, so it showed me driving right through the mountain.
No, Bitcoin doesn't have an intrinsic value - the cost you spent to mine a bitcoin is sunk cost, but that doesn't mean that the bitcoin you produce is actually worth anything. (Consider a mathematical problem that requires a similar level of effort to compute - you can do that computation and get the answer, but it won't be worth anything, even though you spent an amount of electricity and hardware depreciation that could have gotten you a bitcoin instead.)
What bitcoins have is utility value, which is fairly independent of the mining cost. The mathematical properties make it somewhat useful for private transactions over the internet, and the market value of the coins usually has enough stability that people are willing to float them for a few minutes to a few days in order to use them to facilitate transactions that do have value. Specifically, that $100 sheet of LSD on SilkRoad costs about $10 to make, so a seller who's willing to accept bitcoins as payment can risk a 10%-50% drop in price (if that happens) in return for successfully making the transaction, and the buyer's willing to risk $100 worth of bitcoin and hope the seller doesn't burn him. (The buyer doesn't have to worry about price fluctuations between buying the bitcoin and spending it with the dealer, because he can buy the coin right before purchase, and if the price goes up or down between the time he sends the bitcoin and the time the drugs arrive in the mail, it doesn't actually cost him any money.)
Iran's propaganda issues aren't just about Shia vs. Sunni or Muslim vs. The Great Satan America and The Previous Great Satan England, but also about Persians vs. Arabs, Turks, and other Muslims. Persians have been in the Empire business for more than a millennium before Islam.
Also, the Persians had the benefit of Greek culture after Alexander the Great invaded them, and probably well before, and the Greeks not only knew that the world was spherical, but had a pretty good estimate of its size.
Leave aside that the US would still be a British colony if the French hadn't supported the revolutionaries as part of their war with Britain.
The reason we've had the "France surrenders" and "Freedom Fries" memes spread around by the US press since 2002 or so is that France didn't support Bush's war on Iraq, and the Bush League didn't want people comparing the Iraqi resistance to the WW II French Resistance, who were total badasses defending their country against invaders. Bush's propaganda push was that after the US beat Saddam, any Iraqis who didn't hail us as liberators were terrorists who deserve to be stomped into the ground because they hated our freedom.
Oh, yeah, the French Foreign Legion? They were colonialists who were generally on the side of evil, but they were also badasses.
There are three or four likely possibilities for what's going on here
* The hospital's lawyers and administration know what the IT guy is doing, and are ok with it. Therefore they'll be ok with you and your doctors' group lawyers talking to them about it, though you're going to have to have a long conversation about why this is not a good idea.
* The hospital's lawyers and administration don't know what the IT department is doing, but the IT department thinks they're doing something officially useful, and need to get told it's inappropriate.
* The hospital's IT department is doing this stuff on his own, for evil reasons, and needs to be caught and stopped.
* Some outsider is masquerading as the hospital's IT department, and the email you contacted to tell them to stop doing stuff is really redirected to the bad guys. In that case, the hospital's in a real mess and needs to know about it.
. Either way, you've got a responsibility to your doctors and your patients, and you need to go to the top since going to the working-level people didn't get you taken seriously.
If their pen test gets through to a server that only has your public information on it, that's fine. The static parts of your public web pages, the phone numbers for your practice, the contact page that says you don't accept email from untrusted sources, the intrusion detection system that sends email notices to the hospital's legal contact any time it detects an attack...
I'm really tired of you right-wingers constantly attacking Pelosi and Reid for being the House and Senate majority leaders. Neither one of them are extreme ideologues; Pelosi's a bit too conservative for her district, and I'm annoyed at both of them for chickening out when the Republicans attacked them during the 2006-2010 years instead of fighting back and using the Democratic majorities that they had.
Feinstein, on the other hand? Attack away! She supports most wars and dislikes the 1st and 4th Amendments just as much as she dislikes the 2nd, so if you want to say that makes her a conservative, go ahead. Her primary gun control positions are much more traditionally conservative - it's fine for her or her bodyguards to have them, just not for the rabble - but since she's a Democrat 1%er she's including you in the rabble and not just urban poor folks.
Dude, if you went to public school, it was because the liberals got ahold of the education system, and they also funded that city bus you took to get there. There are good arguments against having public schools, but it was the liberals who set up the system, particularly in New York State, where there were religious and secular charity-run schools before the public system forced most kids to go to government schools in the early 1800s, long before the "progressive" movement.
We didn't have guns in high school in my part of Delaware in the early 70s, but we learned to shoot in Boy Scouts, and we certainly brought our pocket knives to elementary school, and it was simply not a problem. On the other hand, it was the suburbs; the rural kids may very well have brought guns to go hunting after school. And in junior high metal shop, the first rule was always wear safety goggles, but the second rule was "you can't make knives or other weapons"; the teacher was a blue-collar urban guy (and it was ok for him to have a battle-ax on the shop wall;-)
A couple of years ago I ran into SAS at a trade show. It really surprised me that they were still around; I'd previously seen their products on mainframes back in the late 70s, with punch cards. (I forget by now whether I'd used SAS or SPSS, which were the two competing commercial stats packages in that environment.)
Hawai'i has big commercial airlines that fly between islands and to the mainland, but it also has a (variable) number of small airlines that typically use small 10-12-seat planes. They're often cheaper, and they usually fly out of the commuter/freight terminals instead of the main terminals, so you don't have to wait in the TSA security line or do TSA baggage inspection; the planes are small enough they don't pretend terrorists are going to crash it into buildings, and they don't carry enough fuel to hijack the plane to Cuba. The airline people still have to use a metal-detector wand, but there's none of the abuse, and the person putting your luggage onto the plane is often the pilot.
On the other hand, they do need to know your weight. It doesn't affect the price, but they need to balance the plane properly. So I usually end up sitting in the back with the Samoans and local Hawai'ian guys:-)
Apparently there are very few green-colored mercury compounds*; most of them tend to be reddish or white. So if the mercury you left in the fridge is turning green, because you've got a bunch of chromate ions floating around inside, you've got at least two problems in your fridge... and you don't usually see that kind of behaviour in a major appliance.
(* That's based on Google/Wikipedia searches; it's been a while since I've done real chemistry, and it's possible there's also some green organometallic mercury compound, but most of the ones I could find were reds or whites. It's also possible that you've got some mercury-tolerant molds growing on the organic debris floating on top of your bowl of mercury, but I'm still not gonna eat anything from your fridge.)
Just a correction for JSG's post - the IPX address had two parts, a 32-bit network address and a 48-bit host address. SPX was separate - it's the Netware Layer 4 protocol that's roughly equivalent to TCP. IPX network addresses were locally administered, not globally, and most people just used the default network address of 0 (i.e. 00:00:00:00) and if they had multiple LANs they bridged them rather than routing, though some people got fancy and assigned network numbers 1,2,3, etc. the way they currently assign RFC1918 addresses themselves. The host address was almost always a MAC address (or broadcast.)
IPX addresses had two parts - a 4-byte network number and a 6-byte host number that was almost always the MAC address. The network number was locally assigned, and in practice was almost always 00:00:00:00 (the default local network, because almost nobody actually bothered with routing), or FF:FF:FF:FF (broadcast), though some people got fancy and actually split up their networks into routed segments 1,2,3 etc. instead of bridging.
So you could theoretically run an Internet-like network on it if there were some central authority assigning network numbers instead of everybody rolling their own, and it would scale better than IPv4 because there were 32 bits of network number!
AT&T ran an IPX public internet in the mid/late 90s, in coordination with Novell. We assigned public network numbers, and sold connections. By now I've forgotten exactly what years it was, and I wasn't organizationally close enough to it to know if they actually got many customers, and of course there weren't really a lot of applications for it, but it probably ran for about two years.
The first time I studied for the Cisco CCNA exam, in the mid-2000s or so, it still had questions about how to configure Netware IPX. Unfortunately, they wouldn't accept the right answer, which was "Tell the users that Netware has supported TCP/IP since Version 5, and if they're still running IPX it's time to upgrade their software.":-)
But one thing I did like about IPv6 was the IPX-like address autoconfiguration. On the other hand, when DHCP came out, it did autoconfiguration just about as easily, and the IPv6 folks seem to have decided "Oh, boy, we get to add all the features anybody thought of that weren't in DHCPv4" so there's a mess of Router Advertisements and different flavors of DHCPv6s and it's not clear that you can get all the capabilities you want from just one protocol. (And EUI64 is gratuitously uglier than just using the MAC address, though I understand why you'd want to bite the bullet now and use 64-bit instead of 48-bit MACs.) And most client-only implementations these days are using IPv6 address privacy extensions when they can, which is a really good thing.
Sure, all ISPs ought to be following BCP38 and blocking spoofed-source packets, and at $DAYJOB we've been doing it since the mid 90s, but for some reason spammer-friendly ISPs don't do that. And you can't properly run strict-mode uRPF except on single-homed customers.
But there are two kinds of DNS servers - authoritative, and recursive. Authoritative servers are the ones that domain name owners use to resolve queries about their own domains, and they're supposed to reply to everybody who asks. They can do things like rate-limiting responses, and trying to configure their data so that small queries only get large responses over TCP, not UDP, which makes spoofing much much harder, but that does require careful administration.
Recursive DNS servers are the ones that ISPs, Enterprises, and sometimes even individuals use so that end users can send one query for www.foo.bar.com and have somebody else do the work of querying the different servers that handle the root,.com, bar.com, foo.bar.com, and www.foo.bar.com, and ideally keep a cache so that most of those names are remembered locally instead of needing queries. An "Open Recursive DNS server" will accept recursive queries from anybody, but you really don't have to do that - you can limit your servers to accepting queries from your own users. That doesn't prevent somebody from using spoofed UDP DNS requests to attack your users, but it does prevent them from using your DNS server to do spoofed attacks against people who aren't your users, keeping the internet safer for everybody.
There are businesses who have good reasons for running open DNS servers - half the machines in my lab are configured to use Google's 8.8.8.8 because it's an easy-to-remember number and because different parts of my lab aren't always connected in ways that let them reach my corporate DNS servers. I don't know the architecture of Google's DNS servers, but my guess is that they've got lots of servers deployed over anycast, and that they've probably done their own anti-spoofing so they'll only send out replies over the connections the requests came from.
An ISP can filter out spoofed UDP packets just as easily as spoofed TCP packets - the filtering happens at the IP layer in the router, not at the transport or application layer. Unfortunately, as another Anonymous Coward points out, it has to be done at/near the ISP where the spoofed packets originated, and that ISP may be spammer-friendly and have an upstream that's not enforcing anti-spam policies or using strict-mode uRPF (because that's something that normally you don't do except on leaf nodes.)
An authoritative DNS server can't do much about spoofing except rate-limit and try to keep response sizes small, but a recursive DNS server can do more than that. If you're an ISP providing DNS resolution for your customers, and you filter it so you ONLY accept requests from your customers' addresses, somebody can still use your DNS server to spoof attacks against your customers, but can't use it to attack people who aren't your customers. It's a good start.
DNS used to not be a threat; that's been changing. Rate limiting wasn't an issue. Source address verification was a problem for ISP routers (to prevent address spoofing), but it wasn't a problem for recursive DNS servers (who were willing to serve anybody, not just their own customers), and it especially wasn't a problem for authoritative DNS servers, because they're supposed to tell anybody the address for www.yourdomain.com, and aren't in the right part of the network to verify whether a UDP DNS request came from a forged address (that's an edge problem, not a center problem.)
Unfortunately, it's easy to have DNS configurations where a response is larger than the query (sometimes even a lot larger.) The emerging standards have been to require TCP if the responses don't fit in a single UDP packet, but not everybody supports it (and since not all clients support it, servers can't always enforce it), but even then there's a sweet spot where you can still send a request that's under 100 bytes and get up to 576 bytes of response (or sometimes even 1500), depending on what records the DNS server is configured for.
And rate limiting is a server software feature, but record sizes available for querying are very much a user data issue.
But if you're handling classified data, a drive that's got bad sectors that you're going to bin is precisely the kind of drive you want to wipe with something better than/dev/zero. You may or may not get anything useful - it's much more likely that you'll get some random chunk of operating system software or word-process than a few KB of SECRET PLANS, but if you're the KGB, it's worth a try, and bad guys or Drivesavers are going to have their own custom disk controllers. And no, those sectors are not by definition a corrupt pile of random bits - they're a block of bits that produces an error message, and maybe they're all bad or maybe just a few bytes at one end are bad, but a regular disk controller is going to hand them to you a block at a time and remap them if it's getting errors, so a serious attacker who's using his own custom disk controller is going to override that. A really well-designed regular disk controller is going to decide that if it's gotten correctable errors on a block more than X times, it's going to copy the data onto a good block while it still can and map out the old block.
I tried a few different things to convince that drive to give me all my space back, but at some point the obvious tradeoff was to give up and buy another one. And that one had bad blocks so I returned it to Fry's:-)
Back in the 80s I ran a computer center that handled classified data, and we used DEC RM05 removable-disk-pack drives on a VAX. The AR380-380 regs for declassifying storage media gave us a few choices
- Degaussing with NSA-certified Big Magnets (not in MY computer lab, where I still have disks I want to keep!)
- NSA-certified software. The big deal isn't just overwriting it 3-7 times to prevent the KGB from using electron microscopes on it, it's making sure that you've really erased all the data, including the spare and bad blocks remapped by the disk controllers, and if you only had one disk drive in the machine, the software needed to be able to keep running from RAM even after you'd erased the operating system including the files for your disk-wiping commands. (Too much paperwork required.)
- Physical destruction. Why, yes, we're a large company with a machine shop down in the basement, and they have Sandblasters! Win!
I was no longer sysadmin by the time they closed the classified processing system. My successor got to disassemble the dozen or so disk packs we had and take them down to the machine shop for sandblasting.
Remember how ever sysadmin in the 80s used to have a disk on their wall with decorative scratches on it from a head crash? Hers was pure shiny metal.
There are two basic threat models here - the DriveSavers level and the KGB level. dd will overwrite most of the bits on your drive, but remember that modern hard drives don't actually let you write physical blocks on the drive; the disk controllers remap requests, replace bad blocks with spares, move stuff around, hide stuff in hidden partitions like the Host Protected Area that standard Linux tools can't access, etc. Commercial data recovery companies like DriveSavers aren't going to find much after a dd, but there may be some data left in the good parts of bad blocks, and if you're dealing with military secrets, that may be enough to be dangerous.
(I've got a 500 GB PATA drive which some cretinous external-drive hardware remapped down to 200 GB when I replaced a bad disk; Linux tools weren't able to fix it, even though we rebuilt the kernel to fix a few things, because it didn't know how to ask the BIOS nicely, nor did WinXP. Linux was able to shrink the usable partition further, though:-)
The other issue is the KGB threat model. DriveSavers isn't going to drag out electron microscopes and other ridiculously high-tech stuff to catch the magnetic images of that 1 bit that weren't quite wiped out by writing a 0 bit over it. Your commercial data's just not worth that much. Military secrets might be. But sandblasting the disk means never having to say you're sorry.
The "which" refers to the obvious antecedent, "its blacklist". Spamhaus is the target, Cyberbunker is a hosting provider (more or less), and while nobody's directly proven that Cyberbunker is doing the attack, it's pretty clear that they or their customers or owners are involved.
Slashdot Mirror
Of course there are still magazines around - if you haven't seen the usual collections of Golf Digest, People, Ladies' Home Journal, Men's Health, etc., in your dentist's office, then either you need to get regular dental checkups or else your dentist has few enough patients that you haven't had to wait when you get there. That doesn't mean you actually want to read any of the magazines there, but they're a standard feature.
I started going to my dentist 30 years ago when he was the young junior partner stuck working Saturdays, and his office reading material was Zippy the Pinhead and Zap Comix, and the music was the loud rock station. Since then he's moved his office from the city out to the suburbs, had kids who are now grown up, replaced the sports car with a minivan and then replaced that with a sports car again, and the office has canonical dentist's office muzak and the Golf/People/etc. magazines, and he's now got a young junior partner stuck working Saturdays...
The purpose of bitcoin isn't to hold coins for investment, but to use them for transactions, because they have useful properties for anonymousish internet payment that other payment processing systems don't have. Except for a few silly applications, transactions aren't priced in Bitcoins, they're priced in dollars or Euros or RMB or whatever, and you buy $x worth of Bitcoins on an exchange, use them to order easily shipped illegal pharmaceuticals or send money to your parents back in the old country, and the recipient sells them back on an exchange to get ~$x of locally useful currency.
You're not buying Bitcoins to hold them until they appreciate or the latest bubble bursts or the pyramid crashes, you're buying them to use for half an hour for a transaction, and they're almost always stable enough that any price fluctuation is within your tolerance for money transmission service fees (i.e. hopefully cheaper than Western Union, possibly competitive with Paypal, and certainly much smaller than the 90% markup the dealer is getting for a sheet of LSD or the 50% markup they're making on other drugs, and even if it's more expensive than Visa, the lack of record-keeping is a feature, not a bug.) And yes, if you're using it for illegal transactions, the lack of record-keeping is also a risk, because your dealer might not actually ship you the products, but you're probably only buying a $100 retail quantity, or if you're buying more you can structure it as multiple phases so you don't pay for the third 25% chunk until you've received the second one. And it wasn't like the credit card $50 loss limit was going to reimburse you if your sheet of "psychedelic artwork" arrived but didn't actually have any acid in it.
You must not know a lot of Persians who are proud of their long cultural history or have issues with neighboring cultures.
There's a respectably large underground complex in Crystal City, on the south side of Washington DC, though it's not quite Toronto scale. A subway station, a mall with food court, entrances to office buildings, bottom floors of a couple of hotels. I had some business trips where entered the subway at National Airport (briefly above ground) and didn't come out of the tunnels again until I left town. There's an elevator in the complex that tells you what floor you're on which was confused one day (telling me I was one floor below the one I was really on), and unfortunately I didn't have time to take it down to the basement to see what it would say about it.
and the oscillation overthruster didn't even kick in :-) It was the new tunnel that replaces Devil's Slide Rd. south of San Francisco, and my GPS didn't have a map update for the recently-opened tunnel, so it showed me driving right through the mountain.
No, Bitcoin doesn't have an intrinsic value - the cost you spent to mine a bitcoin is sunk cost, but that doesn't mean that the bitcoin you produce is actually worth anything. (Consider a mathematical problem that requires a similar level of effort to compute - you can do that computation and get the answer, but it won't be worth anything, even though you spent an amount of electricity and hardware depreciation that could have gotten you a bitcoin instead.)
What bitcoins have is utility value, which is fairly independent of the mining cost. The mathematical properties make it somewhat useful for private transactions over the internet, and the market value of the coins usually has enough stability that people are willing to float them for a few minutes to a few days in order to use them to facilitate transactions that do have value. Specifically, that $100 sheet of LSD on SilkRoad costs about $10 to make, so a seller who's willing to accept bitcoins as payment can risk a 10%-50% drop in price (if that happens) in return for successfully making the transaction, and the buyer's willing to risk $100 worth of bitcoin and hope the seller doesn't burn him. (The buyer doesn't have to worry about price fluctuations between buying the bitcoin and spending it with the dealer, because he can buy the coin right before purchase, and if the price goes up or down between the time he sends the bitcoin and the time the drugs arrive in the mail, it doesn't actually cost him any money.)
Iran's propaganda issues aren't just about Shia vs. Sunni or Muslim vs. The Great Satan America and The Previous Great Satan England, but also about Persians vs. Arabs, Turks, and other Muslims. Persians have been in the Empire business for more than a millennium before Islam.
Also, the Persians had the benefit of Greek culture after Alexander the Great invaded them, and probably well before, and the Greeks not only knew that the world was spherical, but had a pretty good estimate of its size.
Leave aside that the US would still be a British colony if the French hadn't supported the revolutionaries as part of their war with Britain.
The reason we've had the "France surrenders" and "Freedom Fries" memes spread around by the US press since 2002 or so is that France didn't support Bush's war on Iraq, and the Bush League didn't want people comparing the Iraqi resistance to the WW II French Resistance, who were total badasses defending their country against invaders. Bush's propaganda push was that after the US beat Saddam, any Iraqis who didn't hail us as liberators were terrorists who deserve to be stomped into the ground because they hated our freedom.
Oh, yeah, the French Foreign Legion? They were colonialists who were generally on the side of evil, but they were also badasses.
There are three or four likely possibilities for what's going on here
* The hospital's lawyers and administration know what the IT guy is doing, and are ok with it. Therefore they'll be ok with you and your doctors' group lawyers talking to them about it, though you're going to have to have a long conversation about why this is not a good idea. * The hospital's lawyers and administration don't know what the IT department is doing, but the IT department thinks they're doing something officially useful, and need to get told it's inappropriate. * The hospital's IT department is doing this stuff on his own, for evil reasons, and needs to be caught and stopped. * Some outsider is masquerading as the hospital's IT department, and the email you contacted to tell them to stop doing stuff is really redirected to the bad guys. In that case, the hospital's in a real mess and needs to know about it.. Either way, you've got a responsibility to your doctors and your patients, and you need to go to the top since going to the working-level people didn't get you taken seriously.
If their pen test gets through to a server that only has your public information on it, that's fine. The static parts of your public web pages, the phone numbers for your practice, the contact page that says you don't accept email from untrusted sources, the intrusion detection system that sends email notices to the hospital's legal contact any time it detects an attack...
I'm really tired of you right-wingers constantly attacking Pelosi and Reid for being the House and Senate majority leaders. Neither one of them are extreme ideologues; Pelosi's a bit too conservative for her district, and I'm annoyed at both of them for chickening out when the Republicans attacked them during the 2006-2010 years instead of fighting back and using the Democratic majorities that they had.
Feinstein, on the other hand? Attack away! She supports most wars and dislikes the 1st and 4th Amendments just as much as she dislikes the 2nd, so if you want to say that makes her a conservative, go ahead. Her primary gun control positions are much more traditionally conservative - it's fine for her or her bodyguards to have them, just not for the rabble - but since she's a Democrat 1%er she's including you in the rabble and not just urban poor folks.
Dude, if you went to public school, it was because the liberals got ahold of the education system, and they also funded that city bus you took to get there. There are good arguments against having public schools, but it was the liberals who set up the system, particularly in New York State, where there were religious and secular charity-run schools before the public system forced most kids to go to government schools in the early 1800s, long before the "progressive" movement.
We didn't have guns in high school in my part of Delaware in the early 70s, but we learned to shoot in Boy Scouts, and we certainly brought our pocket knives to elementary school, and it was simply not a problem. On the other hand, it was the suburbs; the rural kids may very well have brought guns to go hunting after school. And in junior high metal shop, the first rule was always wear safety goggles, but the second rule was "you can't make knives or other weapons"; the teacher was a blue-collar urban guy (and it was ok for him to have a battle-ax on the shop wall ;-)
A couple of years ago I ran into SAS at a trade show. It really surprised me that they were still around; I'd previously seen their products on mainframes back in the late 70s, with punch cards. (I forget by now whether I'd used SAS or SPSS, which were the two competing commercial stats packages in that environment.)
Hawai'i has big commercial airlines that fly between islands and to the mainland, but it also has a (variable) number of small airlines that typically use small 10-12-seat planes. They're often cheaper, and they usually fly out of the commuter/freight terminals instead of the main terminals, so you don't have to wait in the TSA security line or do TSA baggage inspection; the planes are small enough they don't pretend terrorists are going to crash it into buildings, and they don't carry enough fuel to hijack the plane to Cuba. The airline people still have to use a metal-detector wand, but there's none of the abuse, and the person putting your luggage onto the plane is often the pilot.
On the other hand, they do need to know your weight. It doesn't affect the price, but they need to balance the plane properly. So I usually end up sitting in the back with the Samoans and local Hawai'ian guys :-)
Apparently there are very few green-colored mercury compounds*; most of them tend to be reddish or white. So if the mercury you left in the fridge is turning green, because you've got a bunch of chromate ions floating around inside, you've got at least two problems in your fridge... and you don't usually see that kind of behaviour in a major appliance.
(* That's based on Google/Wikipedia searches; it's been a while since I've done real chemistry, and it's possible there's also some green organometallic mercury compound, but most of the ones I could find were reds or whites. It's also possible that you've got some mercury-tolerant molds growing on the organic debris floating on top of your bowl of mercury, but I'm still not gonna eat anything from your fridge.)
Just a correction for JSG's post - the IPX address had two parts, a 32-bit network address and a 48-bit host address. SPX was separate - it's the Netware Layer 4 protocol that's roughly equivalent to TCP. IPX network addresses were locally administered, not globally, and most people just used the default network address of 0 (i.e. 00:00:00:00) and if they had multiple LANs they bridged them rather than routing, though some people got fancy and assigned network numbers 1,2,3, etc. the way they currently assign RFC1918 addresses themselves. The host address was almost always a MAC address (or broadcast.)
IPX addresses had two parts - a 4-byte network number and a 6-byte host number that was almost always the MAC address. The network number was locally assigned, and in practice was almost always 00:00:00:00 (the default local network, because almost nobody actually bothered with routing), or FF:FF:FF:FF (broadcast), though some people got fancy and actually split up their networks into routed segments 1,2,3 etc. instead of bridging.
So you could theoretically run an Internet-like network on it if there were some central authority assigning network numbers instead of everybody rolling their own, and it would scale better than IPv4 because there were 32 bits of network number!
AT&T ran an IPX public internet in the mid/late 90s, in coordination with Novell. We assigned public network numbers, and sold connections. By now I've forgotten exactly what years it was, and I wasn't organizationally close enough to it to know if they actually got many customers, and of course there weren't really a lot of applications for it, but it probably ran for about two years.
The first time I studied for the Cisco CCNA exam, in the mid-2000s or so, it still had questions about how to configure Netware IPX. Unfortunately, they wouldn't accept the right answer, which was "Tell the users that Netware has supported TCP/IP since Version 5, and if they're still running IPX it's time to upgrade their software." :-)
But one thing I did like about IPv6 was the IPX-like address autoconfiguration. On the other hand, when DHCP came out, it did autoconfiguration just about as easily, and the IPv6 folks seem to have decided "Oh, boy, we get to add all the features anybody thought of that weren't in DHCPv4" so there's a mess of Router Advertisements and different flavors of DHCPv6s and it's not clear that you can get all the capabilities you want from just one protocol. (And EUI64 is gratuitously uglier than just using the MAC address, though I understand why you'd want to bite the bullet now and use 64-bit instead of 48-bit MACs.) And most client-only implementations these days are using IPv6 address privacy extensions when they can, which is a really good thing.
Sure, all ISPs ought to be following BCP38 and blocking spoofed-source packets, and at $DAYJOB we've been doing it since the mid 90s, but for some reason spammer-friendly ISPs don't do that. And you can't properly run strict-mode uRPF except on single-homed customers.
But there are two kinds of DNS servers - authoritative, and recursive. Authoritative servers are the ones that domain name owners use to resolve queries about their own domains, and they're supposed to reply to everybody who asks. They can do things like rate-limiting responses, and trying to configure their data so that small queries only get large responses over TCP, not UDP, which makes spoofing much much harder, but that does require careful administration.
Recursive DNS servers are the ones that ISPs, Enterprises, and sometimes even individuals use so that end users can send one query for www.foo.bar.com and have somebody else do the work of querying the different servers that handle the root, .com, bar.com, foo.bar.com, and www.foo.bar.com, and ideally keep a cache so that most of those names are remembered locally instead of needing queries. An "Open Recursive DNS server" will accept recursive queries from anybody, but you really don't have to do that - you can limit your servers to accepting queries from your own users. That doesn't prevent somebody from using spoofed UDP DNS requests to attack your users, but it does prevent them from using your DNS server to do spoofed attacks against people who aren't your users, keeping the internet safer for everybody.
There are businesses who have good reasons for running open DNS servers - half the machines in my lab are configured to use Google's 8.8.8.8 because it's an easy-to-remember number and because different parts of my lab aren't always connected in ways that let them reach my corporate DNS servers. I don't know the architecture of Google's DNS servers, but my guess is that they've got lots of servers deployed over anycast, and that they've probably done their own anti-spoofing so they'll only send out replies over the connections the requests came from.
An ISP can filter out spoofed UDP packets just as easily as spoofed TCP packets - the filtering happens at the IP layer in the router, not at the transport or application layer. Unfortunately, as another Anonymous Coward points out, it has to be done at/near the ISP where the spoofed packets originated, and that ISP may be spammer-friendly and have an upstream that's not enforcing anti-spam policies or using strict-mode uRPF (because that's something that normally you don't do except on leaf nodes.)
An authoritative DNS server can't do much about spoofing except rate-limit and try to keep response sizes small, but a recursive DNS server can do more than that. If you're an ISP providing DNS resolution for your customers, and you filter it so you ONLY accept requests from your customers' addresses, somebody can still use your DNS server to spoof attacks against your customers, but can't use it to attack people who aren't your customers. It's a good start.
DNS used to not be a threat; that's been changing. Rate limiting wasn't an issue. Source address verification was a problem for ISP routers (to prevent address spoofing), but it wasn't a problem for recursive DNS servers (who were willing to serve anybody, not just their own customers), and it especially wasn't a problem for authoritative DNS servers, because they're supposed to tell anybody the address for www.yourdomain.com, and aren't in the right part of the network to verify whether a UDP DNS request came from a forged address (that's an edge problem, not a center problem.)
Unfortunately, it's easy to have DNS configurations where a response is larger than the query (sometimes even a lot larger.) The emerging standards have been to require TCP if the responses don't fit in a single UDP packet, but not everybody supports it (and since not all clients support it, servers can't always enforce it), but even then there's a sweet spot where you can still send a request that's under 100 bytes and get up to 576 bytes of response (or sometimes even 1500), depending on what records the DNS server is configured for.
And rate limiting is a server software feature, but record sizes available for querying are very much a user data issue.
MFT? Are you thinking MFM?
But if you're handling classified data, a drive that's got bad sectors that you're going to bin is precisely the kind of drive you want to wipe with something better than /dev/zero. You may or may not get anything useful - it's much more likely that you'll get some random chunk of operating system software or word-process than a few KB of SECRET PLANS, but if you're the KGB, it's worth a try, and bad guys or Drivesavers are going to have their own custom disk controllers. And no, those sectors are not by definition a corrupt pile of random bits - they're a block of bits that produces an error message, and maybe they're all bad or maybe just a few bytes at one end are bad, but a regular disk controller is going to hand them to you a block at a time and remap them if it's getting errors, so a serious attacker who's using his own custom disk controller is going to override that. A really well-designed regular disk controller is going to decide that if it's gotten correctable errors on a block more than X times, it's going to copy the data onto a good block while it still can and map out the old block.
I tried a few different things to convince that drive to give me all my space back, but at some point the obvious tradeoff was to give up and buy another one. And that one had bad blocks so I returned it to Fry's :-)
Back in the 80s I ran a computer center that handled classified data, and we used DEC RM05 removable-disk-pack drives on a VAX. The AR380-380 regs for declassifying storage media gave us a few choices
- Degaussing with NSA-certified Big Magnets (not in MY computer lab, where I still have disks I want to keep!) - NSA-certified software. The big deal isn't just overwriting it 3-7 times to prevent the KGB from using electron microscopes on it, it's making sure that you've really erased all the data, including the spare and bad blocks remapped by the disk controllers, and if you only had one disk drive in the machine, the software needed to be able to keep running from RAM even after you'd erased the operating system including the files for your disk-wiping commands. (Too much paperwork required.) - Physical destruction. Why, yes, we're a large company with a machine shop down in the basement, and they have Sandblasters! Win!I was no longer sysadmin by the time they closed the classified processing system. My successor got to disassemble the dozen or so disk packs we had and take them down to the machine shop for sandblasting.
Remember how ever sysadmin in the 80s used to have a disk on their wall with decorative scratches on it from a head crash? Hers was pure shiny metal.
There are two basic threat models here - the DriveSavers level and the KGB level. dd will overwrite most of the bits on your drive, but remember that modern hard drives don't actually let you write physical blocks on the drive; the disk controllers remap requests, replace bad blocks with spares, move stuff around, hide stuff in hidden partitions like the Host Protected Area that standard Linux tools can't access, etc. Commercial data recovery companies like DriveSavers aren't going to find much after a dd, but there may be some data left in the good parts of bad blocks, and if you're dealing with military secrets, that may be enough to be dangerous.
(I've got a 500 GB PATA drive which some cretinous external-drive hardware remapped down to 200 GB when I replaced a bad disk; Linux tools weren't able to fix it, even though we rebuilt the kernel to fix a few things, because it didn't know how to ask the BIOS nicely, nor did WinXP. Linux was able to shrink the usable partition further, though :-)
The other issue is the KGB threat model. DriveSavers isn't going to drag out electron microscopes and other ridiculously high-tech stuff to catch the magnetic images of that 1 bit that weren't quite wiped out by writing a 0 bit over it. Your commercial data's just not worth that much. Military secrets might be. But sandblasting the disk means never having to say you're sorry.
The "which" refers to the obvious antecedent, "its blacklist". Spamhaus is the target, Cyberbunker is a hosting provider (more or less), and while nobody's directly proven that Cyberbunker is doing the attack, it's pretty clear that they or their customers or owners are involved.