I too have my doubts about the sincerity of corporate entities who are in the business of relieving folks of their money. I also think they're in spin control mode.
But, when you get right down to it, their advice is not wrong. It behooves us brainy type peoples to ignore the political and social connotations that prompted such announcements and distill the subject matter down to it's essence and ultimately determine whether or the information is correct or not.
It's news for nerds because the government paying attention to electronic data has been in the limelight for awhile now.
Since we nerds are the kinds of folks who are tasked with the implementation and maintenance of the systems that store and process said electronic data, this is the kind of thing that could have an effect on our livelihoods.
Sure, it's obvious that you should encrypt your data, especially if it's at rest on equipment you don't personally control. It's also somewhat of an unmitigated pain in the ass to actually setup and maintain, especially if you inherited infrastructure that you didn't build from the ground up. Or maybe you're a lazy sumbitch.
In the same vein, it's obvious that if you eat a shit load of junk food, you'll get fat and have health issues. Despite the fact that it's obvious, there's a severe problem with obesity in the US, hence we have health groups trying to spread awareness, whether it's through scare tactics or just trying to inform people and at least get them to acknowledge a problem they pretend doesn't exist.
In the same vein, the folks who post about this kind of thing are treated somewhere between polite acknowledgement, with nods of 'yup, he/she's right, we should do that', or viewed as the mad prophet raving in the town square. In both cases, folks pretty much forget about it after theyr'e done and go back to the status quo.
While I'm not in the habit of defending large corporations, I understand why they put out stuff like this. On the one hand, if they want to legally continue to do business without suffering censure by local governments, they have to comply with legal requests for data. If they simply do it, they're viewed as being in collusion by the general public. If they try and provide the information to their customers on how to mitigate their risk, their words tend to fall on deaf ears.
While I'm certain Amazon probably doesn't give a shit about handing over a customers data, they recognize that it's a touchy subject, and a potential PR nightmare, hence they spend some time trying to encourage their customers to do what's in their own best interests. I don't think it's a good idea to try and curb that.
Cogent is well known for undercutting the market to acquire another networks eyeballs, and then sending all that traffic into the networks they have settlement free peering agreements with. That kind of dick move means nobody wants to turn up settlement free links with you. Verizon's no angel either, but they're merely the latest to disagree with Cogent about what constitutes polite use of the access to their network.
This is no different than the Comcast/Level3/Netflix peering dispute, except for the fact that this time Netflix is using Cogent as it's beater instead of Level3... which from a respectability standpoint is just about as bad that money grab snafu they made that cost them a whole lot of customers.
I wasn't aware Representative Nancy Pelosi of the 12th District of California and Minority Leader of the United States House of Representatives had made the change over to the Senate.
She must have forgotten to update her Facebook page.
They could try, and they'd be embarrassed on the court challenge. Forcing a detainee to unlock a phone without a warrant would be very unlikely to hold up against a 5th amendment challenge.
Well shit, I stand corrected then. I guess Netgear actually put some folk to work figuring out how to autosense which PHY standard is being used on the port plugged in and then work with that.
However, ~$1000 for 8 ports is not what I would call cost effective, especially given the fact that to make it useful, you'd need to upgrade your entire backbone to support more than 10 gigs of transport, given the possibility of saturation.
On the other hand, the gigabit ethernet is unforgivable. It really needs to be dual 10Gbase-T ports in this day and age.
You are aware that 10GE is not backward compatible with 10/100/1000 ethernet, correct?
You are aware that 10GE switches are not exactly consumer grade products at the moment, yes? Given that Apple is not a network hardware vendor, and that a decent 10 gig switch is likely to be more expensive than the Mac Pro, not putting in 10GE ports is a sane decision.
The internal flash doesn't bother me so much. The kinds of folks who are likely to be using this box likely have access to large network based storage. Alot of companies have also figured out that it's easier to move to a NAS or provide some sort of network based storage, than to continue wasting time and money upgrading local storage for a bunch of users.
Some further research indicates that my initial reaction to VLAN and security is somewhat dated, and VLAN tech has improved drastically since. Still, there does seem to be a few places where poor configuration could lead to a spectacular breach, simply because any exploit of the switch allows an attacker to access any VLAN segment.
Well isn't that a bit obvious? If you can compromise a core router or distribution switch, yes, you can do alot of nasty things with network security. That has absolutely nothing to do with VLAN security, device hardening is a whole other ballgame.
Blatantly incorrect. The vlan is what defines the broadcast domain. A broadcast (by default anyway) will reach every single port in a given vlan, and no other.
You really should do your research, this is absurdly easy to disprove.
You're correct in that in and of themselves, VLAN's are not a security feature. Neither is NAT. VLAN's provide layer 2 segregation of network segments.
However, most of the major switch vendors have security features to apply to VLAN's that, when used in conjunction with VLAN's, makes them very secure.
Just to nitpick - if my goal was to offend, and I'm causing offense with my words, then I daresay that I am indeed communicating properly.
Which isn't to say I condone the use of certain words, but neither do I condemn. A person should be aware of the effect their words are likely to have, and be willing to deal with the consequences.
On the other side of that argument, I think that going through life being concerned with what other people think or are going to think of you, whether it's because of your diction, your manner of dress, or anything else, is a cowardly way to approach life.
Depends on what you define as a good job. I'm a network engineer for a very well known service provider. I make twice the average household income in America. I would consider it a good job.
I have an Associates Degree, but it wasn't even a consideration for the job, all they required was a high school education, along with the ability and temperament to do the job. I demonstrated those quite handily that I was offered the position in under 24 hours.
The longest I've been unemployed since I turned 16 (I'm well into my 30's) was 3 months, and every time I change jobs, my pay rate goes up.
I personally think alot of folks use lack of education as an excuse. There's no magic recipe to being successful. No checklist to getting a 'good' job. It takes some effort. Virtually every out of work or underemployed person I know is severely lacking in motivation and will to better themselves and has perfected the victim mentality. My evidence is, of course, anecdotal, but it's all I have to go on, and I calls 'em as I see's em.
have to specify here, that tracert, the windows tool, is ICMP. Non windows platforms that implement traceroute (equivalent functionality), tends to use UDP.
No, you're not being routed through the listening devices.
There are pretty much two popular ways of surveilling the network. The first is a physical tap. It's essentially a bump in the wire. Everything that passes through the tap is forwarded on like normal, but also copied out another port where a device (or devices) on the other end records it. You will never know of it's existence.
The second method is simply port mirroring. This is where all data that passes through a router port is replicated to another port on the same (or remote, depending on technology and vendor) router or switch. On the other end of the port where the replicated data is being sent, there will be listening device(s) taking in all the data being sent down. Likewise, this will never show up in your transit path and happens without you ever knowing,
That pretty much hits the nail on the head. They get the small providers by tapping up the peering points, and bigger providers that do in fact have a lot of traffic moving around their network are expected to tap directly.
You make some bad assumptions. The sites aren't maintained by the government. As such, there have to be some folks who actually are aware of where the taps and listening devices are, and those are usually the people who maintain the physical site. It is very difficult to capture full real time information of all data crossing a link without someone knowing about it, especially once you get into gigabit speeds. The maintenance techs pretty much have to know where the taps are, because if they break it during their regular maintenance duties, it's pretty much their ass in the grinder.
Secretly building it into the firmware is highly unlikely. Even if the government did manage to coerce the major router manufacturers to give them a tap via the firmware, if there's no tap in the building, and there's no physical recording device, that means said data has to cross a transit link in order to get somewhere else. When you're talking that much data, it would be very obvious from your traffic usage that something isn't right and you're sending more than you're supposed to. Building a tap into the firmware of anything other than a device that sits in the direct traffic path for every flow (ie, not a core router or switch) is foolish, because it wouldn't have full visibility to all traffic on the network.
You accuse the OP of arrogance and small-mindedness. Your statements expose a distinct lack of experience with the physical operations side of running a data network, and as such, I think you just might be guilty of what you're accusing of.
Actually, it's been my experience that the folks who work on the physical infrastructure usually are the ones who know where the taps are with the best degree of accuracy. They have to, so that they don't inadvertently screw with the link.
Just a point - It was an Assistant State Attorney, not a District Attorney. Florida doesn't have judicial districts. In this case, Polk falls under the authority of the Florida 10th Circuit, which has jurisdiction over Polk, Hardee, and Highlands
It also means she's being charged by the State, not the municipality. Bit of a difference.
Sadly enough, when I went through AP Chem (ironically enough, in a Florida public school) that's exactly what it was. In Chem Honors, I had been actually allowed to play with chemicals (with supervision). AP Chem was nothing but lecture and home work, absolutely zero lab time. I dropped the course and transferred into something else.
Unless the kid who was let off the BB gun charge shot and killed his brother while he was at school, then I'm failing to see how the cases are comparable. It's one thing to blow something up at school, you have the potential to hurt a mass of people, and given events of the past 10 years or so, that's kind of a big deal.
Near as I can tell, the kid who shot his brother took place at home. As such, this reeks of sensationalist journalism (which is pretty much par for the course when it comes to Huffington Post, sadly). I strongly suspect that the Huff Post article author look into the ASA's case history to find a case where she let a white go, and decided to prosecute the black one. Since I happen to be an intelligent and discerning adult, I have to ask myself, who's actually pushing a racist agenda here?
Now, with that out of the way. I did this "experiment" when I was a kid as well. We didn't style it a science experiment. We did it as a halloween prank. We used aluminum foil, pool cleaner, and a 2 liter bottle. Dropped the foil in, sealed up the bottle, and tossed it down a sewer. When it went boom, it scared the hell out of folks for a few blocks and made some shock waves felt farther out then we expected. We had such a good laugh, we did it again in another part of the neighborhood.
Now that I'm older, I realize how incredibly foolish we were, not to mention that there was danger existant that we weren't aware of. If someone had gotten hurt, I'd never have forgiven myself.
I think the felony charges is an overreaction on the part of law enforcement, and is a panicked reaction to the events of Columbine, VT, and Sandy Hook. I sincerely hope that once everyone involved has had a chance to settle down and not let their emotions get the better of them, that they'll drop the felony charges and not ruin the girls life.
I find myself unable to argue against the explusion though. I think the school board would probably be up to it's ears in rabid parents if they hadn't expelled her, and I don't think they want to be answering questions from angry parents about the safety of their children ad nauseum.
The student displayed poor judgement, and is about to learn that actions have consequences. I just hope that the adults are willing to show a little grace.
Pretty simple, he likely cut a deal with the employer to turn over all information regarded to the activity to avoid prosecution from the company itself.
As an example, years ago, I worked for a hardware reseller. The guy who processed our RMA's was using the company to supply his ebay business. Since he was the one handling replacements, when he went into the cage where the expensive stuff was held, no one gave it a second thought.
He got greedy and sold off 20 grand of inventory, which was enough to trip an internal investigation. In order to avoid prosecution, he cut a deal with the company to turn over all the records for his side business and resign his position.
Slashdot Mirror
I too have my doubts about the sincerity of corporate entities who are in the business of relieving folks of their money. I also think they're in spin control mode.
But, when you get right down to it, their advice is not wrong. It behooves us brainy type peoples to ignore the political and social connotations that prompted such announcements and distill the subject matter down to it's essence and ultimately determine whether or the information is correct or not.
It's news for nerds because the government paying attention to electronic data has been in the limelight for awhile now.
Since we nerds are the kinds of folks who are tasked with the implementation and maintenance of the systems that store and process said electronic data, this is the kind of thing that could have an effect on our livelihoods.
Sure, it's obvious that you should encrypt your data, especially if it's at rest on equipment you don't personally control. It's also somewhat of an unmitigated pain in the ass to actually setup and maintain, especially if you inherited infrastructure that you didn't build from the ground up. Or maybe you're a lazy sumbitch.
In the same vein, it's obvious that if you eat a shit load of junk food, you'll get fat and have health issues. Despite the fact that it's obvious, there's a severe problem with obesity in the US, hence we have health groups trying to spread awareness, whether it's through scare tactics or just trying to inform people and at least get them to acknowledge a problem they pretend doesn't exist.
In the same vein, the folks who post about this kind of thing are treated somewhere between polite acknowledgement, with nods of 'yup, he/she's right, we should do that', or viewed as the mad prophet raving in the town square. In both cases, folks pretty much forget about it after theyr'e done and go back to the status quo.
While I'm not in the habit of defending large corporations, I understand why they put out stuff like this. On the one hand, if they want to legally continue to do business without suffering censure by local governments, they have to comply with legal requests for data. If they simply do it, they're viewed as being in collusion by the general public. If they try and provide the information to their customers on how to mitigate their risk, their words tend to fall on deaf ears.
While I'm certain Amazon probably doesn't give a shit about handing over a customers data, they recognize that it's a touchy subject, and a potential PR nightmare, hence they spend some time trying to encourage their customers to do what's in their own best interests. I don't think it's a good idea to try and curb that.
Gee, that like, never happens!
Cogent is well known for undercutting the market to acquire another networks eyeballs, and then sending all that traffic into the networks they have settlement free peering agreements with. That kind of dick move means nobody wants to turn up settlement free links with you. Verizon's no angel either, but they're merely the latest to disagree with Cogent about what constitutes polite use of the access to their network.
This is no different than the Comcast/Level3/Netflix peering dispute, except for the fact that this time Netflix is using Cogent as it's beater instead of Level3... which from a respectability standpoint is just about as bad that money grab snafu they made that cost them a whole lot of customers.
I wasn't aware Representative Nancy Pelosi of the 12th District of California and Minority Leader of the United States House of Representatives had made the change over to the Senate.
She must have forgotten to update her Facebook page.
They could try, and they'd be embarrassed on the court challenge. Forcing a detainee to unlock a phone without a warrant would be very unlikely to hold up against a 5th amendment challenge.
Well shit, I stand corrected then. I guess Netgear actually put some folk to work figuring out how to autosense which PHY standard is being used on the port plugged in and then work with that.
However, ~$1000 for 8 ports is not what I would call cost effective, especially given the fact that to make it useful, you'd need to upgrade your entire backbone to support more than 10 gigs of transport, given the possibility of saturation.
On the other hand, the gigabit ethernet is unforgivable. It really needs to be dual 10Gbase-T ports in this day and age.
You are aware that 10GE is not backward compatible with 10/100/1000 ethernet, correct?
You are aware that 10GE switches are not exactly consumer grade products at the moment, yes? Given that Apple is not a network hardware vendor, and that a decent 10 gig switch is likely to be more expensive than the Mac Pro, not putting in 10GE ports is a sane decision.
The internal flash doesn't bother me so much. The kinds of folks who are likely to be using this box likely have access to large network based storage. Alot of companies have also figured out that it's easier to move to a NAS or provide some sort of network based storage, than to continue wasting time and money upgrading local storage for a bunch of users.
nitpick:
should be
Hey! You can't do that I have a righ^M NO CARRIER
(substitute 3 for NO CARRIER if you were too good to use verbose result codes)
Some further research indicates that my initial reaction to VLAN and security is somewhat dated, and VLAN tech has improved drastically since. Still, there does seem to be a few places where poor configuration could lead to a spectacular breach, simply because any exploit of the switch allows an attacker to access any VLAN segment.
Well isn't that a bit obvious? If you can compromise a core router or distribution switch, yes, you can do alot of nasty things with network security. That has absolutely nothing to do with VLAN security, device hardening is a whole other ballgame.
Blatantly incorrect. The vlan is what defines the broadcast domain. A broadcast (by default anyway) will reach every single port in a given vlan, and no other.
You really should do your research, this is absurdly easy to disprove.
You're correct in that in and of themselves, VLAN's are not a security feature. Neither is NAT. VLAN's provide layer 2 segregation of network segments.
However, most of the major switch vendors have security features to apply to VLAN's that, when used in conjunction with VLAN's, makes them very secure.
Just to nitpick - if my goal was to offend, and I'm causing offense with my words, then I daresay that I am indeed communicating properly.
Which isn't to say I condone the use of certain words, but neither do I condemn. A person should be aware of the effect their words are likely to have, and be willing to deal with the consequences.
On the other side of that argument, I think that going through life being concerned with what other people think or are going to think of you, whether it's because of your diction, your manner of dress, or anything else, is a cowardly way to approach life.
He's the village idiot. Yeah, he's batshit insane, but this is our village, and he's our idiot.
Depends on what you define as a good job. I'm a network engineer for a very well known service provider. I make twice the average household income in America. I would consider it a good job.
I have an Associates Degree, but it wasn't even a consideration for the job, all they required was a high school education, along with the ability and temperament to do the job. I demonstrated those quite handily that I was offered the position in under 24 hours.
The longest I've been unemployed since I turned 16 (I'm well into my 30's) was 3 months, and every time I change jobs, my pay rate goes up.
I personally think alot of folks use lack of education as an excuse. There's no magic recipe to being successful. No checklist to getting a 'good' job. It takes some effort. Virtually every out of work or underemployed person I know is severely lacking in motivation and will to better themselves and has perfected the victim mentality. My evidence is, of course, anecdotal, but it's all I have to go on, and I calls 'em as I see's em.
have to specify here, that tracert, the windows tool, is ICMP. Non windows platforms that implement traceroute (equivalent functionality), tends to use UDP.
No, you're not being routed through the listening devices.
There are pretty much two popular ways of surveilling the network. The first is a physical tap. It's essentially a bump in the wire. Everything that passes through the tap is forwarded on like normal, but also copied out another port where a device (or devices) on the other end records it. You will never know of it's existence.
The second method is simply port mirroring. This is where all data that passes through a router port is replicated to another port on the same (or remote, depending on technology and vendor) router or switch. On the other end of the port where the replicated data is being sent, there will be listening device(s) taking in all the data being sent down. Likewise, this will never show up in your transit path and happens without you ever knowing,
That pretty much hits the nail on the head. They get the small providers by tapping up the peering points, and bigger providers that do in fact have a lot of traffic moving around their network are expected to tap directly.
You make some bad assumptions. The sites aren't maintained by the government. As such, there have to be some folks who actually are aware of where the taps and listening devices are, and those are usually the people who maintain the physical site. It is very difficult to capture full real time information of all data crossing a link without someone knowing about it, especially once you get into gigabit speeds. The maintenance techs pretty much have to know where the taps are, because if they break it during their regular maintenance duties, it's pretty much their ass in the grinder.
Secretly building it into the firmware is highly unlikely. Even if the government did manage to coerce the major router manufacturers to give them a tap via the firmware, if there's no tap in the building, and there's no physical recording device, that means said data has to cross a transit link in order to get somewhere else. When you're talking that much data, it would be very obvious from your traffic usage that something isn't right and you're sending more than you're supposed to. Building a tap into the firmware of anything other than a device that sits in the direct traffic path for every flow (ie, not a core router or switch) is foolish, because it wouldn't have full visibility to all traffic on the network.
You accuse the OP of arrogance and small-mindedness. Your statements expose a distinct lack of experience with the physical operations side of running a data network, and as such, I think you just might be guilty of what you're accusing of.
Actually, it's been my experience that the folks who work on the physical infrastructure usually are the ones who know where the taps are with the best degree of accuracy. They have to, so that they don't inadvertently screw with the link.
Not explosive. In that case, it'd be a ballistically induced projectile weapon!
Just a point - It was an Assistant State Attorney, not a District Attorney. Florida doesn't have judicial districts. In this case, Polk falls under the authority of the Florida 10th Circuit, which has jurisdiction over Polk, Hardee, and Highlands
It also means she's being charged by the State, not the municipality. Bit of a difference.
Sadly enough, when I went through AP Chem (ironically enough, in a Florida public school) that's exactly what it was. In Chem Honors, I had been actually allowed to play with chemicals (with supervision). AP Chem was nothing but lecture and home work, absolutely zero lab time. I dropped the course and transferred into something else.
Unless the kid who was let off the BB gun charge shot and killed his brother while he was at school, then I'm failing to see how the cases are comparable. It's one thing to blow something up at school, you have the potential to hurt a mass of people, and given events of the past 10 years or so, that's kind of a big deal.
Near as I can tell, the kid who shot his brother took place at home. As such, this reeks of sensationalist journalism (which is pretty much par for the course when it comes to Huffington Post, sadly). I strongly suspect that the Huff Post article author look into the ASA's case history to find a case where she let a white go, and decided to prosecute the black one. Since I happen to be an intelligent and discerning adult, I have to ask myself, who's actually pushing a racist agenda here?
Now, with that out of the way. I did this "experiment" when I was a kid as well. We didn't style it a science experiment. We did it as a halloween prank. We used aluminum foil, pool cleaner, and a 2 liter bottle. Dropped the foil in, sealed up the bottle, and tossed it down a sewer. When it went boom, it scared the hell out of folks for a few blocks and made some shock waves felt farther out then we expected. We had such a good laugh, we did it again in another part of the neighborhood.
Now that I'm older, I realize how incredibly foolish we were, not to mention that there was danger existant that we weren't aware of. If someone had gotten hurt, I'd never have forgiven myself.
I think the felony charges is an overreaction on the part of law enforcement, and is a panicked reaction to the events of Columbine, VT, and Sandy Hook. I sincerely hope that once everyone involved has had a chance to settle down and not let their emotions get the better of them, that they'll drop the felony charges and not ruin the girls life.
I find myself unable to argue against the explusion though. I think the school board would probably be up to it's ears in rabid parents if they hadn't expelled her, and I don't think they want to be answering questions from angry parents about the safety of their children ad nauseum.
The student displayed poor judgement, and is about to learn that actions have consequences. I just hope that the adults are willing to show a little grace.
Pretty simple, he likely cut a deal with the employer to turn over all information regarded to the activity to avoid prosecution from the company itself.
As an example, years ago, I worked for a hardware reseller. The guy who processed our RMA's was using the company to supply his ebay business. Since he was the one handling replacements, when he went into the cage where the expensive stuff was held, no one gave it a second thought.
He got greedy and sold off 20 grand of inventory, which was enough to trip an internal investigation. In order to avoid prosecution, he cut a deal with the company to turn over all the records for his side business and resign his position.