I think the point is not that these entities shouldn't have connectivity to the Internet, but the network they use to monitor and operate the critical infrastructure components should be segregated from any network accessible from the Internet. How they are segregated is up for discussion.
We are using a couple Soekris boxes for some basic monitoring. They are lightweight atom processors with no active cooling and it's designed with networking in min. 4 Gig-E ports on the 6501, and you can get up to 8 more thanks to 2 PCI-E slots available in the rackmount version. Since we are using an mSATA SSD on the board we have no moving parts, so nothing mechanic to fail.
I noticed China got 8 pages and then some on that report, but no other country even has a single page dedicated to it. Yet how much shit gets manufactured over there and then shipped out all over the world?
I'm not suggesting this was majority opinion, but my understanding was some companies in the porn industry did want.xxx so that it could be filtered. Not all of the porn companies are douches, I believe some help companies that make filtering software because they agree children shouldn't be accessing that content.
With so much manufacturing work going overseas or replaced with low maintenance machines we have a lot of people who can't do jack shit for the current job market. This is trying to take our assembly line workforce and convert them to programmers. The problem is programming isn't a learn and repeat process, it's a creative one. Just about anyone can do assembly line work, you get trained and just do the same task over and over until you rotate into a different spot. Programming requires the person at the keyboard to think about the process that function/module/task needs to perform and articulate it, something that requires a different thought process and much less common.
We either need to find some other rudimentary tasks for those incapable of creative tasks to perform or our jobless rate is probably stuck in limbo. Sadly this means we are likely screwed until the other countries we have outsourced all this manufacturing work to reach our economic level and stop being so cheap. Will we be able to adapt before the pendulum swings too far and brings down the stack of cards.
Then again I could be wrong and making a bad assumption about how much people can adapt.
When the company is paying you for research, they often want the results that work well for them, not the unbiased results. A government employed scientist shouldn't have that kind of biased pressure. How ever I don't think that means skepticism should go out the window, I think regardless of the source skepticism is necessary.
The only time I want an end user managing a firewall is in their own home, and I think most consumer devices have a decent enough web interface to get by. If you're talking about a business environment that needs something more then a consumer appliance then you should probably hire a network admin to help manage it. Security is often a trade off for ease of use, and I'm not saying unnecessarily convoluted configuration methods are secure, but if you want to be able to secure your network it's something I see as being more complex then the average end user is going to understand. I don't expect the average executive assistant at a company to understand the implications of allowing any thing through the filter, but I wouldn't doubt they would do that so they can use a little application just got installed by this email from an African prince.
Any ISP that's not "wild" about the idea should step up and work with the community on actually getting IPv6 connectivity as functional as IPv4. I can see Google/Netflix perspective here. If they don't have some sort of white list they will get a black eye for having poor service when it's not even a result of something they control. Hopefully this will be something very short lived but I can imaging if service providers don't step up and start taking IPv6 seriously it's just going to prolong the issue.
I think you misunderstood him. I was at his talk and he clearly said that he would still push for open sourcing the engines once the next gen has been released. He is still technical director of id and I think he has enough pull to get that done if he really wants to. I know he said to expect the Doom 3 (id tech 4) source once Rage has come out.
The difference between an IP Address and identifiable numbers (Street Address, License Plate Number, Telephone Number, SSN, Student ID, Credit Card #) is that IP addresses aren't exclusive to people. IP addresses are allocated to organizations, not end users. AS Numbers are allocated to organizations, not end users. A single IP address doesn't distinctly identify a user in any way and could be used by thousands of different people in the course of a day or less. And you can not tie an IP to a specific person in order to give it this purpose, just not technically feasible. The only thing an IP address can identify is the organization it's been allocated to and possibly what hosts have used that address.
id Software has since exploded in size, and I think I heard they had about 40 people employed and 2 full teams going. As I under stand it currently there is a team working on Rage and another working on QuakeLive.
I think a better option would to look at what some have already done and utilize IPSec. Some companies already do support BGP sessions with IPSec authentication. The one thing I knew of holding people back is the lack of IPSec support on Cisco gear handling BGP sessions. I'm not sure about current IOS releases or if newer hardware could handle it on the routers used by larger transit providers support it. At least adding a simple shared key authentication header should provide some additional security.
I'm am in no way an expert though.
I had to use Ada in my Data Structures class with John McCormick at UNI
http://www.cs.uni.edu/~mccormic/
This guy teaches a tough class but you end up learning a lot, and he is very big on Ada. While I haven't used it much since I did like a lot of features in the language.
The loopback netblock is a/8, so even though your host may only use 127.0.0.1 itself, the entire 127.0.0.0/8 block is allocated for loopback addressing and is not usable on the public internet.
A simple Sweater won't keep you warm for much of the far north states. When you have a a foot of snow on the ground a simple sweater won't have a chance to hold off that frost bite.
Slashdot Mirror
I wonder if any of the auto manufacturers have considered working with Google and using Android?
I think the point is not that these entities shouldn't have connectivity to the Internet, but the network they use to monitor and operate the critical infrastructure components should be segregated from any network accessible from the Internet. How they are segregated is up for discussion.
We are using a couple Soekris boxes for some basic monitoring. They are lightweight atom processors with no active cooling and it's designed with networking in min. 4 Gig-E ports on the 6501, and you can get up to 8 more thanks to 2 PCI-E slots available in the rackmount version. Since we are using an mSATA SSD on the board we have no moving parts, so nothing mechanic to fail.
That's already a requirement from CALEA, so they already have lawful intercept requirements on the books.
Actually any broadband provider already has to provide wiretap capabilities from the CALEA changes years ago.
I noticed China got 8 pages and then some on that report, but no other country even has a single page dedicated to it. Yet how much shit gets manufactured over there and then shipped out all over the world?
Climate change is a bitch
I'm not suggesting this was majority opinion, but my understanding was some companies in the porn industry did want .xxx so that it could be filtered. Not all of the porn companies are douches, I believe some help companies that make filtering software because they agree children shouldn't be accessing that content.
With so much manufacturing work going overseas or replaced with low maintenance machines we have a lot of people who can't do jack shit for the current job market. This is trying to take our assembly line workforce and convert them to programmers. The problem is programming isn't a learn and repeat process, it's a creative one. Just about anyone can do assembly line work, you get trained and just do the same task over and over until you rotate into a different spot. Programming requires the person at the keyboard to think about the process that function/module/task needs to perform and articulate it, something that requires a different thought process and much less common.
We either need to find some other rudimentary tasks for those incapable of creative tasks to perform or our jobless rate is probably stuck in limbo. Sadly this means we are likely screwed until the other countries we have outsourced all this manufacturing work to reach our economic level and stop being so cheap. Will we be able to adapt before the pendulum swings too far and brings down the stack of cards.
Then again I could be wrong and making a bad assumption about how much people can adapt.
I'm in the same boat. Apart from games I'm pretty OS agnostic.
One of my co-workers joked about walking down to the server room and taking a dump in a random server.
When the company is paying you for research, they often want the results that work well for them, not the unbiased results. A government employed scientist shouldn't have that kind of biased pressure. How ever I don't think that means skepticism should go out the window, I think regardless of the source skepticism is necessary.
The only time I want an end user managing a firewall is in their own home, and I think most consumer devices have a decent enough web interface to get by. If you're talking about a business environment that needs something more then a consumer appliance then you should probably hire a network admin to help manage it. Security is often a trade off for ease of use, and I'm not saying unnecessarily convoluted configuration methods are secure, but if you want to be able to secure your network it's something I see as being more complex then the average end user is going to understand. I don't expect the average executive assistant at a company to understand the implications of allowing any thing through the filter, but I wouldn't doubt they would do that so they can use a little application just got installed by this email from an African prince.
Any ISP that's not "wild" about the idea should step up and work with the community on actually getting IPv6 connectivity as functional as IPv4. I can see Google/Netflix perspective here. If they don't have some sort of white list they will get a black eye for having poor service when it's not even a result of something they control. Hopefully this will be something very short lived but I can imaging if service providers don't step up and start taking IPv6 seriously it's just going to prolong the issue.
If you want to do it that way you could just donate money and grab the ISO when it's available, or build your own off the stable branch.
You can read the report for yourself here
http://www.potaroo.net/tools/ipv4/
I think you misunderstood him. I was at his talk and he clearly said that he would still push for open sourcing the engines once the next gen has been released. He is still technical director of id and I think he has enough pull to get that done if he really wants to. I know he said to expect the Doom 3 (id tech 4) source once Rage has come out.
The difference between an IP Address and identifiable numbers (Street Address, License Plate Number, Telephone Number, SSN, Student ID, Credit Card #) is that IP addresses aren't exclusive to people. IP addresses are allocated to organizations, not end users. AS Numbers are allocated to organizations, not end users. A single IP address doesn't distinctly identify a user in any way and could be used by thousands of different people in the course of a day or less. And you can not tie an IP to a specific person in order to give it this purpose, just not technically feasible. The only thing an IP address can identify is the organization it's been allocated to and possibly what hosts have used that address.
id Software has since exploded in size, and I think I heard they had about 40 people employed and 2 full teams going. As I under stand it currently there is a team working on Rage and another working on QuakeLive.
I would also like to see a native Linux client.
I think a better option would to look at what some have already done and utilize IPSec. Some companies already do support BGP sessions with IPSec authentication. The one thing I knew of holding people back is the lack of IPSec support on Cisco gear handling BGP sessions. I'm not sure about current IOS releases or if newer hardware could handle it on the routers used by larger transit providers support it. At least adding a simple shared key authentication header should provide some additional security. I'm am in no way an expert though.
I had to use Ada in my Data Structures class with John McCormick at UNI http://www.cs.uni.edu/~mccormic/ This guy teaches a tough class but you end up learning a lot, and he is very big on Ada. While I haven't used it much since I did like a lot of features in the language.
The loopback netblock is a /8, so even though your host may only use 127.0.0.1 itself, the entire 127.0.0.0/8 block is allocated for loopback addressing and is not usable on the public internet.
Incorrect, it wasn't until 4.2 I believe that OpenBSD disabled direct root logins over SSH by default.
A simple Sweater won't keep you warm for much of the far north states. When you have a a foot of snow on the ground a simple sweater won't have a chance to hold off that frost bite.