Except "Attacker" in this case is the administrator at the peer, and the peers are entire companies, multinationals, and governments. We're not talking about your average basement-dweller script kiddie.
If your peers are messing with you, or their peers are messing with them, how do you defend against an attack where the whole system is based on trust?
You could go to a no-trust solution, but then that would need a central authority that would need to pre-calculate all the routes from every single AS. If a route breaks, that'll be slow to adjust to a backup route. If a new route needs to be added, the ISP would need to apply to a central authority with bureaucracy and red tape.
If a route needed to be blackholed because of a DDOS, and that action had to be approved of by a central authority, which could take days to weeks for a ruling, nothing could be done because routers would not accept changes to any route until then.
Essentially, the answer to security is to effectively lock out the AS ISPs from their own routers.
You either trust the AS administrators or you don't. And since they're humans, they'll make mistakes, be malicious, or be affected by politics. This won't be solved by (trusting) a central bureaucracy similar to the UN, at least not in a manner you'll prefer.
Go to your local observatory on an open-house night and get a free look through the lens. There are usually amateurs set up with their own equipment outside and will allow viewers too.
If your kids can stay up late and stand in the cold without complaining, they're ready for a telescope.
10 years ago, there were regularly 800-1000 comments on articles. Now, a highly commented article gets around 200.
It's a shame that the editors have stopped doing their jobs and post anything without checking it (at best!). But this isn't the first time I've seen it.
This submission is obviously false, and it needs to be pulled down or with the inflammatory and false sentence deleted. Since it's been up for hours, and there are numerous posts above that debunk the submission, it leads me to believe that Slashdot wants the clickbait and is leaving it up on purpose.
Do the right thing. Pull the article. Save what's left of your reputation, Slashdot.
Thanks for replying to my post instead of keeping the non-brilliance of my ideas to yourself. My biggest concern when writing that post was that I was talking to myself. I'll attempt to address your concerns one by one.
You're... welcome?
Just about all ISPs and backbone carriers carry full tables and many large organisations do as well for multihoming purposes.
Then I misunderstood you. I thought you were repeating what others have said earlier, claiming each router carries a complete copy of all the routes on the Internet, which of course isn't true.
Now that we have that cleared up, I'll snip out parts I don't need to reply to.
Your bitcoinesque solution for IPv6 allocation would make things worse.
It seemed like a technical solution to avoid the politics of Internet governance. I admit it wasn't well thought out, however I am curious how it would make things worse by allowing a small block of IPv6 addresses to be allocated in a decentralized way and adding cryptographic integrity along the way.
Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.
I should have been more specific; I was suggesting originating advertisements would be signed as opposed to transient advertisements.
You are asking for DomainKeys but with routes. That is too computationally expensive right now and would require too many lookups and time. Perhaps somewhere down the line when the big iron routers catch up with CPU resources vs line speed.
Routers that speak BGP are on the ISP and backbone level,
Medium to large organisations also use BGP to advertise their address space to their ISP(s).
Not to your home router.
and are physically secured.
Originating BGP route advertisement signing is not intended to supplant physical security measures.
I'm aware of the difference between remote access, console access, and physical access, and hardware vs software.
Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it.
None of this would really be necessary for a home user as their ISP would be doing all of this on their behalf.
That's what I just said...
To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.
To announce rogue routes, one only needs an ISP that doesn't filter incoming BGP advertisements properly. It seems apparent as the Internet grows there will be more and more BGP peerings and as a consequence of that not all of them will be competent or aboveboard with their implementations.
You're just restating what I said. I guess I wasn't clear, but I'm also assuming a best practice (or as near as possible) implementation, because there's no use talking about security if people are going to leave the front door open, right? It's not even a discussion at that point.
The Resource Public Key Infrastructure (RPKI) is a step in the right direction, however seems to be mainly for preventing mis-configurations from causing outages. Someone with malicious intent need only use AS path prepending to bypass this protection.
Again, anyone with access to the routers can do this right now. Any organization that doesn't shut its front door can have this happen. This can be solved through best practices. This isn't e-mail. Even if you got people on board for this, it would take a protocol revision AND all new hardware for everyone. It's not going to happen anytime soon.
Don't take it personally. Your offered solution for route signing (whether you wrote them or not) just isn't feasible right now.
Then you'll realize it only takes one router to constantly flap routes to ruin everyone else's day. Hey Traffic! Over here! Nope, go over there! OK, over here now! Wait a minute, go over there! and on and on...
No one router has a "full table" of all the routes. The routing protocols and the engineers work to make sure the tables are as close to lean as possible.
Your offered solution isn't necessary.
Your bitcoinesque solution for IPv6 allocation would make things worse. Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.
Routers that speak BGP are on the ISP and backbone level, and are physically secured. Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it. To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.
"The Speaker is responsible for ensuring that the House passes legislation supported by the majority party. In pursuing this goal, the Speaker may use his or her power to determine when each bill reaches the floor." http://en.wikipedia.org/wiki/S...
There is nothing that providing a laptop per child affords that can't be accomplished through classroom media presentation devices (computer & projector) and a good school computer lab.
Homework. Many poorer kids do not have a computer at home, and a smartphone is terrible for writing papers and research. The laptop/tablet is also locked down so distractions are kept to a minimum.
These devices will only be a distraction and huge expense for families and schools as millions of them are broken every year.
Hyperbole. Citation needed. Yesterday's article about iPads in Coachella said district-wide there were less than 10 lost or stolen. How does that scale up to millions?
Not only that, jailbreaking the device and installing anything else besides school-approved software would likely get the child disciplined. This is true of both iPad and Chromebook.
USRobotics kept walking around and saying their modems were the #1 selling modem. This is analogous of what Apple is doing today.
However, while USR was the #1 brand, most modems sold overall had the Rockwell chipset, with most brands simply adding a plastic box and different color LEDs.
More recently, Apple claims that the iPhone is the #1 selling phone. However, phones that use Android sell the most, period.
I shouldn't be, but I'm always surprised how religious people get when their favorite electronics company is shown to be extremely misleading. I know a guy that I'd known for years who threatened to "unfriend" simply because I refuted his claim that the iPhone was the #1 phone.
So this iPad/Chromebook issue is just another chapter of misleading sales tactics. But if you look at what Apple actually says officially, they're very specific in the literature. Unfortunately, people will be blind to anything that might change their worldview... and any company would be nuts not to take advantage of that.
Motorola couldn't manufacture enough of the 68K CPUs, so Apple set up an alliance with IBM and Motorola (AIM). The first generation of the PowerPC was fast and easily manufactured.
Motorola sold Apple on AltiVec, the 128bit vector unit, and it was added to the PowerPC.
Once again, problems with the design and just sheer Motorola incompetence caused CPU production to fall behind. IBM, seeing the writing on the wall, bailed.
Apple, finally tired of Motorola's crap, ported everything to Intel, and left without looking back. Too bad it took them 20 years to realize this.
Motorola became synonymous with crap hardware and crap cellphones that would break. However, Motorola was great at the con game. They suckered Google into buying them, and then Google unloaded the Motorola unit at an $8 billion loss to Lenovo, probably for parts.
But whatever you feel about Apple, do not blame IBM. Motorola was the one holding back Apple.
The programmers, sysadmins, and netadmins can only do so much. If you completely lock them down, the users can't do their jobs effectively and/or whine and complain and not buy your software or use your service.
People do pay more for bulletproof software and systems, but most people aren't buying airliners.
$160 million per mile, to prevent an average of 50-60 tornado deaths per year?
1) Build 1000 miles? Only $160 billion? Is that cost of labor alone? What about the cost of land? 2) Build just for cities? Which cities? 3) How does a city afford even 1 mile of wall?
We can drop nukes in tornadoes too for much less, not that I'm advocating that either.
Slashdot Mirror
Except "Attacker" in this case is the administrator at the peer, and the peers are entire companies, multinationals, and governments. We're not talking about your average basement-dweller script kiddie.
If your peers are messing with you, or their peers are messing with them, how do you defend against an attack where the whole system is based on trust?
You could go to a no-trust solution, but then that would need a central authority that would need to pre-calculate all the routes from every single AS. If a route breaks, that'll be slow to adjust to a backup route. If a new route needs to be added, the ISP would need to apply to a central authority with bureaucracy and red tape.
If a route needed to be blackholed because of a DDOS, and that action had to be approved of by a central authority, which could take days to weeks for a ruling, nothing could be done because routers would not accept changes to any route until then.
Essentially, the answer to security is to effectively lock out the AS ISPs from their own routers.
You either trust the AS administrators or you don't. And since they're humans, they'll make mistakes, be malicious, or be affected by politics. This won't be solved by (trusting) a central bureaucracy similar to the UN, at least not in a manner you'll prefer.
If Slashdot editors can't even get the technology headlines correct, how is it better than Reddit, Fark, or any other news aggregator site?
Damn you guys have fallen far.
Where life's emissions are easily detectable.
I'm not so sure I'd want to make contact.
Go to your local observatory on an open-house night and get a free look through the lens. There are usually amateurs set up with their own equipment outside and will allow viewers too.
If your kids can stay up late and stand in the cold without complaining, they're ready for a telescope.
Not surprising as Slashdot has resorted to becoming a clickbait website for their flagging readership.
10 years ago, there were regularly 800-1000 comments on articles. Now, a highly commented article gets around 200.
It's a shame that the editors have stopped doing their jobs and post anything without checking it (at best!). But this isn't the first time I've seen it.
This submission is obviously false, and it needs to be pulled down or with the inflammatory and false sentence deleted. Since it's been up for hours, and there are numerous posts above that debunk the submission, it leads me to believe that Slashdot wants the clickbait and is leaving it up on purpose.
Do the right thing. Pull the article. Save what's left of your reputation, Slashdot.
The parent needs to be modded up and Timothy needs to mod himself down for allowing such an inflammatory, unfounded submission blaming the Chinese.
It is no wonder readership is down over the last 10 years.
Thanks for replying to my post instead of keeping the non-brilliance of my ideas to yourself. My biggest concern when writing that post was that I was talking to myself. I'll attempt to address your concerns one by one.
You're... welcome?
Just about all ISPs and backbone carriers carry full tables and many large organisations do as well for multihoming purposes.
Then I misunderstood you. I thought you were repeating what others have said earlier, claiming each router carries a complete copy of all the routes on the Internet, which of course isn't true.
Now that we have that cleared up, I'll snip out parts I don't need to reply to.
Your bitcoinesque solution for IPv6 allocation would make things worse.
It seemed like a technical solution to avoid the politics of Internet governance. I admit it wasn't well thought out, however I am curious how it would make things worse by allowing a small block of IPv6 addresses to be allocated in a decentralized way and adding cryptographic integrity along the way.
Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.
I should have been more specific; I was suggesting originating advertisements would be signed as opposed to transient advertisements.
You are asking for DomainKeys but with routes. That is too computationally expensive right now and would require too many lookups and time. Perhaps somewhere down the line when the big iron routers catch up with CPU resources vs line speed.
Routers that speak BGP are on the ISP and backbone level,
Medium to large organisations also use BGP to advertise their address space to their ISP(s).
Not to your home router.
and are physically secured.
Originating BGP route advertisement signing is not intended to supplant physical security measures.
I'm aware of the difference between remote access, console access, and physical access, and hardware vs software.
Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it.
None of this would really be necessary for a home user as their ISP would be doing all of this on their behalf.
That's what I just said...
To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.
To announce rogue routes, one only needs an ISP that doesn't filter incoming BGP advertisements properly. It seems apparent as the Internet grows there will be more and more BGP peerings and as a consequence of that not all of them will be competent or aboveboard with their implementations.
You're just restating what I said. I guess I wasn't clear, but I'm also assuming a best practice (or as near as possible) implementation, because there's no use talking about security if people are going to leave the front door open, right? It's not even a discussion at that point.
The Resource Public Key Infrastructure (RPKI) is a step in the right direction, however seems to be mainly for preventing mis-configurations from causing outages. Someone with malicious intent need only use AS path prepending to bypass this protection.
Again, anyone with access to the routers can do this right now. Any organization that doesn't shut its front door can have this happen. This can be solved through best practices. This isn't e-mail. Even if you got people on board for this, it would take a protocol revision AND all new hardware for everyone. It's not going to happen anytime soon.
Don't take it personally. Your offered solution for route signing (whether you wrote them or not) just isn't feasible right now.
I've been a Cisco networking guy for 10+ years
Then you'll realize it only takes one router to constantly flap routes to ruin everyone else's day. Hey Traffic! Over here! Nope, go over there! OK, over here now! Wait a minute, go over there! and on and on...
No one router has a "full table" of all the routes. The routing protocols and the engineers work to make sure the tables are as close to lean as possible.
Your offered solution isn't necessary.
Your bitcoinesque solution for IPv6 allocation would make things worse. Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.
Routers that speak BGP are on the ISP and backbone level, and are physically secured. Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it. To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.
You're incorrect on calling me incorrect.
"The Speaker is responsible for ensuring that the House passes legislation supported by the majority party. In pursuing this goal, the Speaker may use his or her power to determine when each bill reaches the floor."
http://en.wikipedia.org/wiki/S...
Please, people. Learn your civics.
Your link says:
218 Republicans voted for, 159 Democrats voted against.
So a few Democrats and Republicans breaking ranks does not make this bipartisan. Clearly this is a deeply partisan issue.
You also forget to mention that not one single bill can be voted on unless the Speaker of the House, Republican John Boehner, says it can be voted on.
So, how is this bipartisan again? It was a Republican bill, passed with a Republican majority. Welcome to politics.
The Republicans, who currently hold a majority in the US House, are the ones who voted to strip the science funding.
Saying "Congress" makes it sound bipartisan. It's only the Republicans.
You're proving my point.
ACs can be quite funny sometimes.
An iPad's value isn't in its hardware specs. It's in the way that it works both with hardware and software and ecosystem.
Yeah, man... puff puff pass, k?
There is nothing that providing a laptop per child affords that can't be accomplished through classroom media presentation devices (computer & projector) and a good school computer lab.
Homework. Many poorer kids do not have a computer at home, and a smartphone is terrible for writing papers and research. The laptop/tablet is also locked down so distractions are kept to a minimum.
These devices will only be a distraction and huge expense for families and schools as millions of them are broken every year.
Hyperbole. Citation needed. Yesterday's article about iPads in Coachella said district-wide there were less than 10 lost or stolen. How does that scale up to millions?
Not only that, jailbreaking the device and installing anything else besides school-approved software would likely get the child disciplined. This is true of both iPad and Chromebook.
USRobotics kept walking around and saying their modems were the #1 selling modem. This is analogous of what Apple is doing today.
However, while USR was the #1 brand, most modems sold overall had the Rockwell chipset, with most brands simply adding a plastic box and different color LEDs.
More recently, Apple claims that the iPhone is the #1 selling phone. However, phones that use Android sell the most, period.
I shouldn't be, but I'm always surprised how religious people get when their favorite electronics company is shown to be extremely misleading. I know a guy that I'd known for years who threatened to "unfriend" simply because I refuted his claim that the iPhone was the #1 phone.
So this iPad/Chromebook issue is just another chapter of misleading sales tactics. But if you look at what Apple actually says officially, they're very specific in the literature. Unfortunately, people will be blind to anything that might change their worldview... and any company would be nuts not to take advantage of that.
"The only students at the school sans iPad, Dr. Adams says, are a very small number who turned it down on religious grounds."
Who would turn down a free iPad?
tend to get sick when exercising.
Motorola couldn't manufacture enough of the 68K CPUs, so Apple set up an alliance with IBM and Motorola (AIM). The first generation of the PowerPC was fast and easily manufactured.
Motorola sold Apple on AltiVec, the 128bit vector unit, and it was added to the PowerPC.
Once again, problems with the design and just sheer Motorola incompetence caused CPU production to fall behind. IBM, seeing the writing on the wall, bailed.
Apple, finally tired of Motorola's crap, ported everything to Intel, and left without looking back. Too bad it took them 20 years to realize this.
Motorola became synonymous with crap hardware and crap cellphones that would break. However, Motorola was great at the con game. They suckered Google into buying them, and then Google unloaded the Motorola unit at an $8 billion loss to Lenovo, probably for parts.
But whatever you feel about Apple, do not blame IBM. Motorola was the one holding back Apple.
Perfect opportunity. He would've loved the idea.
NHTSA: Economic costs of car crashes $277 billion
I've provided two links now. Where are yours?
People will run malware for pennies.
The programmers, sysadmins, and netadmins can only do so much. If you completely lock them down, the users can't do their jobs effectively and/or whine and complain and not buy your software or use your service.
People do pay more for bulletproof software and systems, but most people aren't buying airliners.
$160 million per mile, to prevent an average of 50-60 tornado deaths per year?
1) Build 1000 miles? Only $160 billion? Is that cost of labor alone? What about the cost of land?
2) Build just for cities? Which cities?
3) How does a city afford even 1 mile of wall?
We can drop nukes in tornadoes too for much less, not that I'm advocating that either.
Just last year, there were 32,850 vehicle fatalities in the good ol' USofA.
Driverless cars would've prevented 99% of the crashes. Let's concentrate on rolling those out first and soon.