If your goal is mainly disaster recovery (and not pampering over user mistakes), you can just share large encrypted tarballs. Leaking them won't reveal anything about your data or yourself.
Only few backup solutions offer encryption, though, and I've only heard of file-level encryption where the file names are transmitted in the clear (only the data itself is encrypted). In this case, this is clearly unacceptable.
Better example: The sad story of David Kelly
on
Googling for CIA Agents
·
· Score: 4, Interesting
According to this story from The Guardian, David Kelly was actually exposed by correlating data using Google.
Norton-Taylor said, "I went to the internet and searched through Google and I pressed a couple of words in. I typed in the search engine something like 'Britain' plus 'Unscom' plus maybe one other word. About the first or second item on that list that came up on Google was a lecture David Kelly had given, I think in America, and it said that he was a former British Unscom inspector."
They considered shortening it to ".mob" but the Mafia threatened a class action for TLD squatting.
Even in the U.S. alone, there seem to be quite a few MOBI trademark registrations. Looks like using this TLD could prove indeed risky. What were they thinking when they decided to use a non-descriptive term?
Common Lisp (the language) is not completely safe, it permits unsafe constructs which can even lead to classic buffer overflows. Most implementations omit bounds checks which are not mandated by the standard when optimizing, so these problems can occur in practice.
What? Have you even READ the spec? Have you read a book on the subject?
The spec (RFC 2460) claims that extension headers are usually not examined by routers. But this claim is false; often you have to examine them in order to locate the transport layer hat (with TCP/UDP/SCTP port information), otherwise packet filters cannot do their task. Same is true for fragmentation. Offloading it to the edges does not offer a real performance benefit, either, because compared to regular packet forwarding, fragmenting the original packet and generating an ICMP response is almost equally costly.
IPv4 faces the same issues, of course. But nobody claims that IPv4 headers are optimized for high-performance routers. (The trouble is that the IPv6 optimizations were extremely short-sighted and concerned only with packet handling by regular CPUs, not the ASIC/real CPU combinations which we have today.)
Reality is quite different and does not live up to the short-sighted analysis you quoted.
The larger address space is meaningless as long as it's harder to get independently routeable IPv6 prefixes than it is for IPv4. IPv6 headers are not fixed-size, especially in enterprise environments, the extension headers make the IPv6 header variable-length, causing endless headaches with hardware-assisted forwarding. Quality of implementation of the transition mechanism often suck, and they introduce new security issues. IPsec for IPv6 is not widely available, in contrast to IPsec for IPv4 -- even though it is mandated by the RFCs.
Right now, IPv6 cannot deliver any of the new features it promises. It makes a lot of sense not to deploy it at this stage.
There's also the problem that Ebay's business operation creates lots of small fraud cases, which binds law enforcement ressources. I don't think it's fair that Ebay tries to shrug off all responsibility and to burden society as a whole with the resulting costs. After all, they don't pay any taxes over here.
Debian is definitely pedantic about licenses, but I think that's better than having license issues come back to haunt them in the form of a lawsuit.
Debian's decision to distribute something is usually not a legal decision. Some developers fear that documentation licensed under the GNU FDL (even with no invariant sections) compromises the free software ideals Debian subscribes to. This is the public justification, the real reason is likely some desire to inflict harm on the FSF, Richard M. Stallman, Debian, or all of them.
I wouldn't worry too much about the licensing wars. Debian has comitted itself to keep to the non-free section. For a typical end user (who owns an x86 machine), there are few practical differences between the main and non-free section.
Is there anything that you can do back that isn't illegal itself?
Share as much information as you can, even with competitors. Invest into developing software and infrastructure which makes sharing easier. Bring smart people together who want to donate part of their spare time to make the net a better place. Help drafting legal frameworks for large-scale detection and response measures.
There are many ways to remove a rogue server from the Internet, and a lot of them are quite legal. The key issue is to bring together those who can (almost literally) pull the plug and those who have the evidence that such drastic action is indeed necessary, and help them to establish something like trust.
Vigilantism is not just about fighting back with your own DoS attacks, at least in its responsible variants. But it's less satisfying than blind revenge most of the time, and requires lots of work, so it appeals to fewer people. It doesn't make a good news story, either.
Yeah, it's pretty amateurish because they don't have a WebTrust seal, unlike MarketScore.
Re:the code of conduct for free software distribut
on
Drafting GPL3
·
· Score: 2, Informative
*THE* code of conduct? Not *A* code of conduct? I bet the BSD folks would have something to say about that.
The BSD folks usually quickly point out that their license is not a code of conduct for distributors, in contrast to the GPL. It certainly grants more freedom to distributors (and indirectly, less to the end users).
I honestly wonder if there is an environment that does the same thing to bittorrent on such a scale.
Any decent content distribution network (like those offered by Akamai or Savvis) will do. The overall network load is even lower than Bittorrent because you automatically download from a server which is close to you.
IPv6 is not really suitable for porn because it's expected that end users receive static address assignments, which makes porn download less anonymous.
...think this is a good move on the part of ISPs to quit doing the government's dirty work for tracking down criminals.
The downside is that such ISPs will have no ways to identify customers with infected Windows machines, disconnect them (or put them into some kind of "walled garden"), and tell the customers to clean up their PCs.
this seems like an incredibly stupid and public way of locking customers into paying for information they were already previously getting for free.
Maybe they are concerned with feeding forged engine data to the monitors? If it's properly encrypted, you can make sure that no one has tampered with the data (for example, by installing some middlebox which covers up a few nasty things which are going on).
Tipping Point's products are not suitable for ISPs because they lack the correct connectors. You can't plug them into your existing network easily. What's worse, one appliance can only handle a meager 250,000 connections per second (Fast Ethernet line rate is already at 150,000 connections per second, by the way). So it's unlikely these devices are able to handle more than just a tiny (incoming or outgoing) attack.
What exactly is your problem? Do the viruses impact network availability? If they don't, why do you care?
You really should develop are more professional attitude and look the other way, like most ISPs do. You're learning what they already know: it doesn't pay off to hunt down infected customer PCs.
If your ethics don't permit this, you should concentrate on detection, try to script as much as possible, and encourage users to rely on local help (for example, people on each floor who help their neighbours). If you can get away with it, wire your network as if it were a honeypot, and conduct security research on a real network. Interesting results are practically guaranteed, but it's also very time-consuming.
The whole point of gcc4.0.0 is the tree-ssa thing.
True, this is the major infrastructure change which justified the "4".
The author of this test didn't seem to notice that this stuff doesn't get enabled in -O2 nor -O3, but does have to be enabled by hand.
No, most tree-ssa optimizers are enabled implicitly at -O2 (they replace quite a few of the old RTL-based optimizers). Only some numerics code can benefit from loop autovectorization (which has to be enabled explicitly; for most source code, it just increases compile time).
As far as I understand it, it is due to the inability of a compiler to optimise execution flow where pointers are involved.
Yes, but the main problem is pointer aliasing. The restrict keyword in C99 helps with that, but compilers still need to make full use of it (and programmers must actually provide these optimization hints). The array layout issues are less of a problem and can be worked around. Of course, you must not declare a 5x5 matrix as double matrix[5][5] (double matrix[25] and manual indexing is much better), but this is just a minor inconvinience C programmers are used to anyway.
I thought Mathematica was the successor to Fortran.
Mathematica is (hopefully) mostly used for symbolic computations. In numeric computing, MATLAB and its extensions is quite popular (maybe even GNU Octave for those who rightly fear that proprietary software undermines freedom of research). I have no idea why the folks at Sun think that Fortran is their competitor. Maybe MATLAB suffers from a stigma similar to Visual Basic. Certainly someone inside Sun knows that their HPC customers frequently run MATLAB programs on Sun hardware.
Why don't they just improve the Mathematica calc engine for parallel/distributed supercomputing?
Why would they want to improve the product of a competitor on a government grant? Sounds like a stupid plan to me from a business perspective.
Anyway, language design suitable for numeric computing is not Sun's strength.
Slashdot Mirror
Doesn't Linus own the 'Linux' trademark already?
Indeed, his fees are about the same. Indeed, it turns out that Jeremy Malcolm is acting on Linus' behalf. There is even a web site which explains the situation.
They have already entered the DVD rental market: Amazon.de Launches DVD Rental Service For Customers in Germany, Amazon.co.uk Launches New DVD Rental Service
If your goal is mainly disaster recovery (and not pampering over user mistakes), you can just share large encrypted tarballs. Leaking them won't reveal anything about your data or yourself.
Only few backup solutions offer encryption, though, and I've only heard of file-level encryption where the file names are transmitted in the clear (only the data itself is encrypted). In this case, this is clearly unacceptable.
The second part is the more important one. Finding information is easy, most of the time. Deciding what's relevant is the key issue.
They considered shortening it to ".mob" but the Mafia threatened a class action for TLD squatting.
Even in the U.S. alone, there seem to be quite a few MOBI trademark registrations. Looks like using this TLD could prove indeed risky. What were they thinking when they decided to use a non-descriptive term?
Common Lisp (the language) is not completely safe, it permits unsafe constructs which can even lead to classic buffer overflows. Most implementations omit bounds checks which are not mandated by the standard when optimizing, so these problems can occur in practice.
What? Have you even READ the spec? Have you read a book on the subject?
The spec (RFC 2460) claims that extension headers are usually not examined by routers. But this claim is false; often you have to examine them in order to locate the transport layer hat (with TCP/UDP/SCTP port information), otherwise packet filters cannot do their task. Same is true for fragmentation. Offloading it to the edges does not offer a real performance benefit, either, because compared to regular packet forwarding, fragmenting the original packet and generating an ICMP response is almost equally costly.
IPv4 faces the same issues, of course. But nobody claims that IPv4 headers are optimized for high-performance routers. (The trouble is that the IPv6 optimizations were extremely short-sighted and concerned only with packet handling by regular CPUs, not the ASIC/real CPU combinations which we have today.)
Reality is quite different and does not live up to the short-sighted analysis you quoted.
The larger address space is meaningless as long as it's harder to get independently routeable IPv6 prefixes than it is for IPv4. IPv6 headers are not fixed-size, especially in enterprise environments, the extension headers make the IPv6 header variable-length, causing endless headaches with hardware-assisted forwarding. Quality of implementation of the transition mechanism often suck, and they introduce new security issues. IPsec for IPv6 is not widely available, in contrast to IPsec for IPv4 -- even though it is mandated by the RFCs.
Right now, IPv6 cannot deliver any of the new features it promises. It makes a lot of sense not to deploy it at this stage.
There's also the problem that Ebay's business operation creates lots of small fraud cases, which binds law enforcement ressources. I don't think it's fair that Ebay tries to shrug off all responsibility and to burden society as a whole with the resulting costs. After all, they don't pay any taxes over here.
Debian is definitely pedantic about licenses, but I think that's better than having license issues come back to haunt them in the form of a lawsuit.
Debian's decision to distribute something is usually not a legal decision. Some developers fear that documentation licensed under the GNU FDL (even with no invariant sections) compromises the free software ideals Debian subscribes to. This is the public justification, the real reason is likely some desire to inflict harm on the FSF, Richard M. Stallman, Debian, or all of them.
I wouldn't worry too much about the licensing wars. Debian has comitted itself to keep to the non-free section. For a typical end user (who owns an x86 machine), there are few practical differences between the main and non-free section.
Is there anything that you can do back that isn't illegal itself?
Share as much information as you can, even with competitors. Invest into developing software and infrastructure which makes sharing easier. Bring smart people together who want to donate part of their spare time to make the net a better place. Help drafting legal frameworks for large-scale detection and response measures.
There are many ways to remove a rogue server from the Internet, and a lot of them are quite legal. The key issue is to bring together those who can (almost literally) pull the plug and those who have the evidence that such drastic action is indeed necessary, and help them to establish something like trust.
Vigilantism is not just about fighting back with your own DoS attacks, at least in its responsible variants. But it's less satisfying than blind revenge most of the time, and requires lots of work, so it appeals to fewer people. It doesn't make a good news story, either.
Yeah, it's pretty amateurish because they don't have a WebTrust seal, unlike MarketScore.
*THE* code of conduct? Not *A* code of conduct? I bet the BSD folks would have something to say about that.
The BSD folks usually quickly point out that their license is not a code of conduct for distributors, in contrast to the GPL. It certainly grants more freedom to distributors (and indirectly, less to the end users).
Damn. This is forward looking, hedge all your bets corporate Management. World class Management.
It does look like a typical skunkworks project which suddenly became relevant, though.
I honestly wonder if there is an environment that does the same thing to bittorrent on such a scale.
Any decent content distribution network (like those offered by Akamai or Savvis) will do. The overall network load is even lower than Bittorrent because you automatically download from a server which is close to you.
Second, move all the porn sites to IP v6.
IPv6 is not really suitable for porn because it's expected that end users receive static address assignments, which makes porn download less anonymous.
...think this is a good move on the part of ISPs to quit doing the government's dirty work for tracking down criminals.
The downside is that such ISPs will have no ways to identify customers with infected Windows machines, disconnect them (or put them into some kind of "walled garden"), and tell the customers to clean up their PCs.
this seems like an incredibly stupid and public way of locking customers into paying for information they were already previously getting for free.
Maybe they are concerned with feeding forged engine data to the monitors? If it's properly encrypted, you can make sure that no one has tampered with the data (for example, by installing some middlebox which covers up a few nasty things which are going on).
Tipping Point's products are not suitable for ISPs because they lack the correct connectors. You can't plug them into your existing network easily. What's worse, one appliance can only handle a meager 250,000 connections per second (Fast Ethernet line rate is already at 150,000 connections per second, by the way). So it's unlikely these devices are able to handle more than just a tiny (incoming or outgoing) attack.
What exactly is your problem? Do the viruses impact network availability? If they don't, why do you care?
You really should develop are more professional attitude and look the other way, like most ISPs do. You're learning what they already know: it doesn't pay off to hunt down infected customer PCs.
If your ethics don't permit this, you should concentrate on detection, try to script as much as possible, and encourage users to rely on local help (for example, people on each floor who help their neighbours). If you can get away with it, wire your network as if it were a honeypot, and conduct security research on a real network. Interesting results are practically guaranteed, but it's also very time-consuming.
The whole point of gcc4.0.0 is the tree-ssa thing.
True, this is the major infrastructure change which justified the "4".
The author of this test didn't seem to notice that this stuff doesn't get enabled in -O2 nor -O3, but does have to be enabled by hand.
No, most tree-ssa optimizers are enabled implicitly at -O2 (they replace quite a few of the old RTL-based optimizers). Only some numerics code can benefit from loop autovectorization (which has to be enabled explicitly; for most source code, it just increases compile time).
As far as I understand it, it is due to the inability of a compiler to optimise execution flow where pointers are involved.
Yes, but the main problem is pointer aliasing. The restrict keyword in C99 helps with that, but compilers still need to make full use of it (and programmers must actually provide these optimization hints). The array layout issues are less of a problem and can be worked around. Of course, you must not declare a 5x5 matrix as double matrix[5][5] (double matrix[25] and manual indexing is much better), but this is just a minor inconvinience C programmers are used to anyway.
I thought Mathematica was the successor to Fortran.
Mathematica is (hopefully) mostly used for symbolic computations. In numeric computing, MATLAB and its extensions is quite popular (maybe even GNU Octave for those who rightly fear that proprietary software undermines freedom of research). I have no idea why the folks at Sun think that Fortran is their competitor. Maybe MATLAB suffers from a stigma similar to Visual Basic. Certainly someone inside Sun knows that their HPC customers frequently run MATLAB programs on Sun hardware.
Why don't they just improve the Mathematica calc engine for parallel/distributed supercomputing?
Why would they want to improve the product of a competitor on a government grant? Sounds like a stupid plan to me from a business perspective.
Anyway, language design suitable for numeric computing is not Sun's strength.
Could someone proficient in LISP give me three cogent reasons to learn the language?
It's sufficiently different from other languages outside the Lisp family so that learning it is an entertaining exercise.
If I hook up a hardware-based traffic generator and run at 100% over an OC192 for a few weeks will I get a slashdot article, too?
Probably yes, if you route the traffic to a major e-commerce site.
5 Gbps sustained is indeed not that much traffic, and the underground grid computing community probably has gone beyond that by now.