It is.. but I think it's getting... lost in the noise.
Even a nearly worst case scenario (unframed encrypted transmissions) still need to be of high enough power to be heard over the actual environmental noise, and can be detected as non-natural. Directionality of those transmissions is the much bigger problem, as others have stated. However, if we're an average civilization, there's still plenty of unencrypted unidirectional traffic being pumped around, and will continue to be for quite some time. Terrestrial radio (FM) transmissions, navigation beacons, HAM operations, and so on.
There are also high powered directional transmissions that while perhaps not carrying useful data, are still detectable because they're cyclic, like radar for weather and ATC. We also use Goldstone and Arecibo for radar mapping of asteroids, and similar projects continue because looking for dangerous rocks heading for us is important.
We are still a very radio-noisy planet, and will likely continue to be for a very long time.
The biggest problem is really still the distance. Detecting the Arecibo message sent in 1974 with an identical antenna is only possible within about 150LY, for example, and it was highly directional; the transmit power was 1MW and ERP was something like 1TW. Put it in space and you can double or triple that depending on how cold you can get the components. Detecting the significantly lower power and less directional signals we're putting out regularly would require an enormous, cold, detector. We will need something similar to have a chance at detecting them if their transmission habits match ours.
I don't get it. You have the words directly from the inventor of the technology and you think he's wrong, that you know better? There were many reasons for the invention of NAT, IP address exhaustion did not rank highly among them. If anything, *that* was the side effect, as the device and technology were originally marketed without even a nod in that direction. It was only after it was invented and tested that some people saw "hey, this can help with that IP address allocation mess too."
Disputing this is pointless -- the inventor of the technology has spoken, explaining why it was created. The uses it's served since then can't change that.
Off topic ironic finger pointing: RFC1466 which addressed potential future exhaustion and came up with additional guidelines for assigning IP blocks was written by Elise Gerich, who was director of national something or other at Merit, a non-profit that networks universities in Michigan. Merit has two/11's, two/12's, two/13's, and several smaller blocks -- just in 35/8 -- assigned to them just a year after authoring the RFC. http://whois.arin.net/rest/net... Somebody didn't read their own memo.
Just FYI, NAT was not created simply because of the impending IP exhaustion; That's one reason, but many people were using it (and still do) for other reasons.
It provides enhanced security for one. It also makes it much easier to move your company or branch office from one ISP to another, which will end up in you receiving a new IP block if you aren't an AS. Likewise it's simpler to multihome a corporate network for redundancy if you don't have to renumber your entire network. For these reasons and more, NAT was very popular even among people that didn't believe the address space would ever really run out.
Also, there's nothing about NAT in "the protocol" -- all that was required to implement it was hardware and imagination. The assignment of the private address space helped, but was not required. Before the blocks for private address space were reserved for that purpose, admins would use unregistered IP space. It was pretty common to see people just picking random unallocated IPs back then and using them on their LAN. I've even seen actual registered/assigned space used as private space, if you don't care that you can't communicate with the true holder of that space; e.g. the DoD has 13 different/8's that no average person is ever going to connect to or route over.
For some interesting history/backstory from the horses mouth: http://www.jma.com/The_History... -- just scroll down past all the photos.
The eggheads did see exhaustion coming though, and saw it early. If you really want to facepalm, consider this: IPv6 deployments started in 1999. At that point, there were still over 120 unassigned/8's. 16 years later, IPv6 almost accounts for 10% of the unique source addresses seen by google. Some good news, the US is leading (in something good for once) in adoption, with deployment here over 20%. Only Belgium and Switzerland have greater penetration.
That said, Kodak is (was?) one of the old boys. They have a/16 dating back to 1987, so they fit your description well; there really was no option back then but to give everything a "real" IP.
Protecting against inside attacks is difficult, but hardly impossible. It's no more difficult than securing against external attacks, and this has been the case for quite a while.
MAC spoofing and ARP poisoning are both easy to detect and mitigate on modern network hardware, or through a centralized IDS. Long gone are the days when you could just flood a switchport with a ton of different MACs and get it to fail-open and start mirroring/bridging all traffic to get the sniffer working. This behavior was fairly common 10 years ago, but now it's just cheap consumer grade stuff that responds this way.
Defense in depth is as you said an absolute requirement. Part of that is firewalling your open/dangling ethernet drops and putting them on a separate VLAN as well, and here you certainly can implement MAC *blacklists* easily, without scaling problems. You can and should firewall any access to rogue network services, like DHCP, web, mail, and dns servers so that if a user puts one on an open drop, it can't start screwing up servers using them -- though screwing up users is another matter.
Printers and such have always been a sore spot. Put them on a private VLAN and filter heavily through the firewall. I do this with all of my network equipment at home, and on the corporate network. Tag the VLAN on the switch for that port and disallow other VLANs, put a VLAN'd virtual interface on your firewall to talk to it, and now you can heavily restrict traffic to and from that port with the firewall. pfSense excels at this. You can plug any unauthorized device you like into the printers ethernet drop -- you'll have far less access than you get on most of the others.
Before you ask why I do this at home, I'm not some kind of paranoid security freak; I have my home network setup to fairly closely parallel the corporate network structure, and use it as a testbed for potentially service-breaking changes.
The real problem is that few admins actually go through the steps to secure their internal networks, not that securing them is particularly difficult compared to securing external access.
This deserves more upvotes, as does the one below from TWX. slacka needs many many downvotes.
Physical access to *my* network gets you nothing from a sniffer. The same goes for any properly secured and administered network where random people can plug devices into it.
Is this actually verified by anyone? I have two Win7 machines, desktop and laptop, and both are set to automatically download but not install updates. Neither one has had this update show up. If it's legit, where's the KB # to go with it? Right now it's just more unverified inquirer nonsense and a dogpile. Status quo in other words.
Almost certainly this is due to it using Ham frequencies and some other crap, and nothing to do with OH NOES TEH NSA.
It's trivially easy to build a signal boosting reflector out of some aluminum foil and construction paper, or use one of the 8139417234 different cantenna plans on dem innernetz.
...I still have two perfectly working Thinkpads; An IBM T50 (PIII, FreeBSD) and a Lenovo W510 (Core i5, Win7). The thing with a Thinkpad is.. you do not need to replace them every year, or even every five. Both of them have the thinklight, blue enter button, trackpoint, lots of blinkenlites, etc. If they'd ditch the trackpad entirely on a T or W series, I'd consider getting a third.
Hint - If you're deleting things because you know they are evidence of acts you committed or participated in, and you also know those acts are illegal, you are indeed destroying evidence and obstructing. Thankfully our system knows this to be true, even if you don't.
Blaming the language for bad code is asinine. Blame bad (or inexperienced, or just plain lazy) programmers. I write PHP stuff. I also write Perl, C, C++, C#, Pascal, JS, and recently VHDL. I have written Java and Ruby code as well, but no longer do. Overall PHP is only as bad as the developer makes it. If I could change one thing about it, it would be getting the built in functions more consistent in return types and argument order for similar functions. I'm constantly referring to the documentation because for some particular functions I can't remember if haystack or needle comes first, for example.
It gets the job done quickly and easily, and if you find or write a good foundation of libraries and classes, the code is elegant and easy to understand as well. Just like every other language.
A) Your labor is "worth" exactly what someone is willing to pay for it.
B) See this quite often. It's never been a barrier to getting the interview or the job, but it does weed out the overly pedantic types.
C) All too often today "crappy environment" is just a euphemism for "productive environment."
D) Translated, states "Frankly, I hope they won't be in business very long, because they don't believe me a genius."
Disclaimer: This list is only as accurate and inflammatory as the one it is responding to. Intentionally.
Guy who gives away free stuff gets angry when guy taking free stuff turns around and sells it. News at 11. We will also interview guy who didn't get any of the free stuff to begin with and feels like he's entitled to some now that he understands there is money to be made.
because those chips are pure security theater, protecting only against the (quite rare) 'skimming' devices
Chip and PIN also protects you against having your card stolen and used in store, because the only verification is the signature - which is conveniently already on the back of the card for the thief to copy (and usually checked by a singularly uninterested human).
Secondly, how rare is "quite rare"?
Can you explain in detail how the CHIP part of that provides even one tiny fraction of added security, in that situation? It doesn't. It prevents cards from being copied, it provides no additional protection for POS or online purchases. The stolen card still has the (intact, valid) chip on it.
The prevalence of skimming devices is tough to get an exact handle on, but it was big news a few years ago when the FBI found a large number of them installed in SoCal and began making arrests. The "large number" resulted in roughly $50,000 in fraud spread over 50 victims. You've got a greater chance of getting hit by lightning than being a victim of a card skimmer.
Yes, yes it is something we should be proud of -- because those chips are pure security theater, protecting only against the (quite rare) 'skimming' devices. If you steal someones card, you get the chip with it. You don't get the PIN. In neither case can the card be used to withdraw money from an ATM. In both cases, the card can be used for online purchasing.
How the authors conclude that this has anything to do with ATM bombings is a complete mystery. What were they doing before the useless encryption chips? Stealing dozens of cards and beating the PINs out of the owners? How did these magical encryption chips put a stop to this practice?
The SDK is not "publicly available" and not "just anyone" can download it. I fully support this move just because MS is so obnoxious about SDK access that someone really needed to poke them in the eye. To be clear to get sanctioned access to the SDK you at a minimum must submit an application (resume, not program) to MS that "proves" you are an "experienced game developer" on one or more platforms. You must also sign an NDA.
This is a far cry from developing for other systems like Android, where anyone at all can go download Android Studio and get a full toolchain including virtual devices to test on, without even having to register.
I have a 360 and a One, and I've long wanted to just "fool around" with developing apps for them, to see how difficult it is. This will potentially make that a possibility on the One at least.
It sounds like you're suggesting that memory bus speed will not continue to increase, and thus, we should stop adding bus contention by adding cores. The conclusion there hinges on a rather unsupported premise that is contradicted by the (historical) empirical data. All signs point to memory becoming much faster indeed.
If Linus' expertise were really relevant here, perhaps Transmeta wouldn't have failed.
It's one thing to argue against massive parallelism in a single piece of software. Of course that's not the right answer to every problem, or even to most of them. But arguing against many cores at a hardware level, as he seems to be doing, is plain stupid. Of course more cores == better. As long as I have 100+ processes running on my desktop PC, the more cores I have to spread them around, the better.
No special languages or programmer training required.
Wonder if submitter (or upvoters) understand that anyone can submit articles to arxiv and have them "published" there, regardless of merit or credentials, and with no peer review. There are articles there on perpetual motion, time travel, and all kinds of other garbage. Arxiv is basically the pastebin of scientific (or pseudoscientific) papers. Anything you read there that hasn't been published elsewhere should be taken with a super massive salt grain.
Pop quiz, hotshot. What is the result of some life form or precursor of life entering an atmosphere or impacting a body of some kind (as required to "spread life") when the object in question has a relativistic velocity compared to the other?
Extra credit, hotshot. Examine the impact of relativistic time dilation on evolution in the system in question.
This is a bias that I can't remember the name of right now, but it boils down to a person not believing that people can create a machine that "truly" thinks/feels because they don't understand what drives those aspects of themselves. The whole argument in the link reduces to the so called "Chinese Room", which itself is just a version of Solipsism that draws the boundary between biology and technology (well actually Chemistry and technology, in Searle's case) rather than between one individual mind and another.
If I can't prove to you that Watson "thinks", then likewise you can't prove to me that you "think." Such arguments get us absolutely nowhere in the realm of scientific endeavor, which is why we have the concept of a Turing Test to begin with.
Claiming a thing cannot be conscious or exhibit understanding simply because you fully understand (and can predict) that things behavior isn't a scientific or logical argument. It stinks of an argument driven purely out of fear that determinism might be correct.
that Moz/FF is still focusing on stupid features that are already covered by other tools, rather than fixing their memory leaks and other bugs. Hopefully we'll get another pointless UI facelift soon too, I've finally adapted to the last one.
Every viral disease considered to be airborne spreads through droplets. They don't fly around the air like birds. Chickenpox, smallpox, and the flu are all considered airborne diseases
Coughing up blood on someone isn't airborne. Sneezing or coughing on them is. If you can catch Ebola this way, then it is airborne. They are probably saying it's not just to keep the panic level down.
Slashdot Mirror
It is.. but I think it's getting... lost in the noise.
Even a nearly worst case scenario (unframed encrypted transmissions) still need to be of high enough power to be heard over the actual environmental noise, and can be detected as non-natural. Directionality of those transmissions is the much bigger problem, as others have stated. However, if we're an average civilization, there's still plenty of unencrypted unidirectional traffic being pumped around, and will continue to be for quite some time. Terrestrial radio (FM) transmissions, navigation beacons, HAM operations, and so on.
There are also high powered directional transmissions that while perhaps not carrying useful data, are still detectable because they're cyclic, like radar for weather and ATC. We also use Goldstone and Arecibo for radar mapping of asteroids, and similar projects continue because looking for dangerous rocks heading for us is important.
We are still a very radio-noisy planet, and will likely continue to be for a very long time.
The biggest problem is really still the distance. Detecting the Arecibo message sent in 1974 with an identical antenna is only possible within about 150LY, for example, and it was highly directional; the transmit power was 1MW and ERP was something like 1TW. Put it in space and you can double or triple that depending on how cold you can get the components. Detecting the significantly lower power and less directional signals we're putting out regularly would require an enormous, cold, detector. We will need something similar to have a chance at detecting them if their transmission habits match ours.
I don't get it. You have the words directly from the inventor of the technology and you think he's wrong, that you know better? There were many reasons for the invention of NAT, IP address exhaustion did not rank highly among them. If anything, *that* was the side effect, as the device and technology were originally marketed without even a nod in that direction. It was only after it was invented and tested that some people saw "hey, this can help with that IP address allocation mess too."
/11's, two /12's, two /13's, and several smaller blocks -- just in 35/8 -- assigned to them just a year after authoring the RFC. http://whois.arin.net/rest/net... Somebody didn't read their own memo.
Disputing this is pointless -- the inventor of the technology has spoken, explaining why it was created. The uses it's served since then can't change that.
Off topic ironic finger pointing: RFC1466 which addressed potential future exhaustion and came up with additional guidelines for assigning IP blocks was written by Elise Gerich, who was director of national something or other at Merit, a non-profit that networks universities in Michigan. Merit has two
Just FYI, NAT was not created simply because of the impending IP exhaustion; That's one reason, but many people were using it (and still do) for other reasons.
/8's that no average person is ever going to connect to or route over.
/8's. 16 years later, IPv6 almost accounts for 10% of the unique source addresses seen by google. Some good news, the US is leading (in something good for once) in adoption, with deployment here over 20%. Only Belgium and Switzerland have greater penetration.
/16 dating back to 1987, so they fit your description well; there really was no option back then but to give everything a "real" IP.
It provides enhanced security for one. It also makes it much easier to move your company or branch office from one ISP to another, which will end up in you receiving a new IP block if you aren't an AS. Likewise it's simpler to multihome a corporate network for redundancy if you don't have to renumber your entire network. For these reasons and more, NAT was very popular even among people that didn't believe the address space would ever really run out.
Also, there's nothing about NAT in "the protocol" -- all that was required to implement it was hardware and imagination. The assignment of the private address space helped, but was not required. Before the blocks for private address space were reserved for that purpose, admins would use unregistered IP space. It was pretty common to see people just picking random unallocated IPs back then and using them on their LAN. I've even seen actual registered/assigned space used as private space, if you don't care that you can't communicate with the true holder of that space; e.g. the DoD has 13 different
For some interesting history/backstory from the horses mouth: http://www.jma.com/The_History... -- just scroll down past all the photos.
The eggheads did see exhaustion coming though, and saw it early. If you really want to facepalm, consider this: IPv6 deployments started in 1999. At that point, there were still over 120 unassigned
That said, Kodak is (was?) one of the old boys. They have a
Protecting against inside attacks is difficult, but hardly impossible. It's no more difficult than securing against external attacks, and this has been the case for quite a while.
MAC spoofing and ARP poisoning are both easy to detect and mitigate on modern network hardware, or through a centralized IDS. Long gone are the days when you could just flood a switchport with a ton of different MACs and get it to fail-open and start mirroring/bridging all traffic to get the sniffer working. This behavior was fairly common 10 years ago, but now it's just cheap consumer grade stuff that responds this way.
Defense in depth is as you said an absolute requirement. Part of that is firewalling your open/dangling ethernet drops and putting them on a separate VLAN as well, and here you certainly can implement MAC *blacklists* easily, without scaling problems. You can and should firewall any access to rogue network services, like DHCP, web, mail, and dns servers so that if a user puts one on an open drop, it can't start screwing up servers using them -- though screwing up users is another matter.
Printers and such have always been a sore spot. Put them on a private VLAN and filter heavily through the firewall. I do this with all of my network equipment at home, and on the corporate network. Tag the VLAN on the switch for that port and disallow other VLANs, put a VLAN'd virtual interface on your firewall to talk to it, and now you can heavily restrict traffic to and from that port with the firewall. pfSense excels at this. You can plug any unauthorized device you like into the printers ethernet drop -- you'll have far less access than you get on most of the others.
Before you ask why I do this at home, I'm not some kind of paranoid security freak; I have my home network setup to fairly closely parallel the corporate network structure, and use it as a testbed for potentially service-breaking changes.
The real problem is that few admins actually go through the steps to secure their internal networks, not that securing them is particularly difficult compared to securing external access.
This deserves more upvotes, as does the one below from TWX. slacka needs many many downvotes. Physical access to *my* network gets you nothing from a sniffer. The same goes for any properly secured and administered network where random people can plug devices into it.
Is this actually verified by anyone? I have two Win7 machines, desktop and laptop, and both are set to automatically download but not install updates. Neither one has had this update show up. If it's legit, where's the KB # to go with it? Right now it's just more unverified inquirer nonsense and a dogpile. Status quo in other words.
Without them, nothing else matters.
Almost certainly this is due to it using Ham frequencies and some other crap, and nothing to do with OH NOES TEH NSA.
It's trivially easy to build a signal boosting reflector out of some aluminum foil and construction paper, or use one of the 8139417234 different cantenna plans on dem innernetz.
...I still have two perfectly working Thinkpads; An IBM T50 (PIII, FreeBSD) and a Lenovo W510 (Core i5, Win7). The thing with a Thinkpad is.. you do not need to replace them every year, or even every five. Both of them have the thinklight, blue enter button, trackpoint, lots of blinkenlites, etc. If they'd ditch the trackpad entirely on a T or W series, I'd consider getting a third.
Actually, no.
Hint - If you're deleting things because you know they are evidence of acts you committed or participated in, and you also know those acts are illegal, you are indeed destroying evidence and obstructing. Thankfully our system knows this to be true, even if you don't.
"with intent to obstruct a federal investigation" FFS, RIF.
Blaming the language for bad code is asinine. Blame bad (or inexperienced, or just plain lazy) programmers. I write PHP stuff. I also write Perl, C, C++, C#, Pascal, JS, and recently VHDL. I have written Java and Ruby code as well, but no longer do. Overall PHP is only as bad as the developer makes it. If I could change one thing about it, it would be getting the built in functions more consistent in return types and argument order for similar functions. I'm constantly referring to the documentation because for some particular functions I can't remember if haystack or needle comes first, for example.
It gets the job done quickly and easily, and if you find or write a good foundation of libraries and classes, the code is elegant and easy to understand as well. Just like every other language.
A) Your labor is "worth" exactly what someone is willing to pay for it.
B) See this quite often. It's never been a barrier to getting the interview or the job, but it does weed out the overly pedantic types.
C) All too often today "crappy environment" is just a euphemism for "productive environment."
D) Translated, states "Frankly, I hope they won't be in business very long, because they don't believe me a genius."
Disclaimer: This list is only as accurate and inflammatory as the one it is responding to. Intentionally.
For you to "still" be relevant, you would have to have been relevant before all this.
No, you should be on -STABLE or at least RELENG_? if you only want security fixes. -RELEASE is just that, the release version, no updates.
Guy who gives away free stuff gets angry when guy taking free stuff turns around and sells it. News at 11. We will also interview guy who didn't get any of the free stuff to begin with and feels like he's entitled to some now that he understands there is money to be made.
because those chips are pure security theater, protecting only against the (quite rare) 'skimming' devices
Chip and PIN also protects you against having your card stolen and used in store, because the only verification is the signature - which is conveniently already on the back of the card for the thief to copy (and usually checked by a singularly uninterested human).
Secondly, how rare is "quite rare"?
Can you explain in detail how the CHIP part of that provides even one tiny fraction of added security, in that situation? It doesn't. It prevents cards from being copied, it provides no additional protection for POS or online purchases. The stolen card still has the (intact, valid) chip on it.
The prevalence of skimming devices is tough to get an exact handle on, but it was big news a few years ago when the FBI found a large number of them installed in SoCal and began making arrests. The "large number" resulted in roughly $50,000 in fraud spread over 50 victims. You've got a greater chance of getting hit by lightning than being a victim of a card skimmer.
Yes, yes it is something we should be proud of -- because those chips are pure security theater, protecting only against the (quite rare) 'skimming' devices. If you steal someones card, you get the chip with it. You don't get the PIN. In neither case can the card be used to withdraw money from an ATM. In both cases, the card can be used for online purchasing.
How the authors conclude that this has anything to do with ATM bombings is a complete mystery. What were they doing before the useless encryption chips? Stealing dozens of cards and beating the PINs out of the owners? How did these magical encryption chips put a stop to this practice?
The SDK is not "publicly available" and not "just anyone" can download it. I fully support this move just because MS is so obnoxious about SDK access that someone really needed to poke them in the eye. To be clear to get sanctioned access to the SDK you at a minimum must submit an application (resume, not program) to MS that "proves" you are an "experienced game developer" on one or more platforms. You must also sign an NDA.
This is a far cry from developing for other systems like Android, where anyone at all can go download Android Studio and get a full toolchain including virtual devices to test on, without even having to register.
I have a 360 and a One, and I've long wanted to just "fool around" with developing apps for them, to see how difficult it is. This will potentially make that a possibility on the One at least.
It sounds like you're suggesting that memory bus speed will not continue to increase, and thus, we should stop adding bus contention by adding cores. The conclusion there hinges on a rather unsupported premise that is contradicted by the (historical) empirical data. All signs point to memory becoming much faster indeed.
If Linus' expertise were really relevant here, perhaps Transmeta wouldn't have failed.
It's one thing to argue against massive parallelism in a single piece of software. Of course that's not the right answer to every problem, or even to most of them. But arguing against many cores at a hardware level, as he seems to be doing, is plain stupid. Of course more cores == better. As long as I have 100+ processes running on my desktop PC, the more cores I have to spread them around, the better.
No special languages or programmer training required.
Wonder if submitter (or upvoters) understand that anyone can submit articles to arxiv and have them "published" there, regardless of merit or credentials, and with no peer review. There are articles there on perpetual motion, time travel, and all kinds of other garbage. Arxiv is basically the pastebin of scientific (or pseudoscientific) papers. Anything you read there that hasn't been published elsewhere should be taken with a super massive salt grain.
Pop quiz, hotshot. What is the result of some life form or precursor of life entering an atmosphere or impacting a body of some kind (as required to "spread life") when the object in question has a relativistic velocity compared to the other?
Extra credit, hotshot. Examine the impact of relativistic time dilation on evolution in the system in question.
This is a bias that I can't remember the name of right now, but it boils down to a person not believing that people can create a machine that "truly" thinks/feels because they don't understand what drives those aspects of themselves. The whole argument in the link reduces to the so called "Chinese Room", which itself is just a version of Solipsism that draws the boundary between biology and technology (well actually Chemistry and technology, in Searle's case) rather than between one individual mind and another.
If I can't prove to you that Watson "thinks", then likewise you can't prove to me that you "think." Such arguments get us absolutely nowhere in the realm of scientific endeavor, which is why we have the concept of a Turing Test to begin with.
Claiming a thing cannot be conscious or exhibit understanding simply because you fully understand (and can predict) that things behavior isn't a scientific or logical argument. It stinks of an argument driven purely out of fear that determinism might be correct.
that Moz/FF is still focusing on stupid features that are already covered by other tools, rather than fixing their memory leaks and other bugs. Hopefully we'll get another pointless UI facelift soon too, I've finally adapted to the last one.
Can you "back any of this up?"
Every viral disease considered to be airborne spreads through droplets. They don't fly around the air like birds. Chickenpox, smallpox, and the flu are all considered airborne diseases
Coughing up blood on someone isn't airborne. Sneezing or coughing on them is. If you can catch Ebola this way, then it is airborne. They are probably saying it's not just to keep the panic level down.