A technical solution would require redefining the IP standard.
This is not something new. These attacks have been known for decades. The majority of existing protocols either are not subject to or have protections against this problem.
If you try and send SYN packets to start a TCP session using a spoofed source address the vast majority of currently deployed stacks will start requring cookies. If you are not able to receive the cookie your evil plot is foiled.
This problem really still only exists in a subset of clueless UDP protocols.
New UDP protocols such as DTLS have it right from day 1. Before TLS handshake starts and DTLS server allocates any state the client must echo back a stateless cookie provided by the server to guard against spoofing. This protects against resource exhaustion and amplification.
There are stateless cookies for other common UDP protocols subject to this problem including SIP and DNS. It requires no change to IP and only minor changes to most existing UDP based protocols.
For SNMP lock down community, use TCP/TLS or DTLS instead. You get better security and there is no more amplification insanity.
Either way you look at it a lot of work still needs to be done to solve the problem. Whether from the operator filtering end or the protocol end. They both suck and they both need to be fixed.
There is a rate limiting patch for BIND. The BIND package in RHEL/CentOS has it now:
If you really want to solve the problem then implement DNS cookies.
Please think about what your doing. Rate limiting solves nothing. Once this is deployed the attacker will simply alter the contents of their queries rather than resending the same tired request such that it now becomes indistinguishable from background with much the same results. At that point any additional rate limiting hurts legitimate users just as much as attackers.
This is your typical spam fighting downward spiral. You see a problem and you fix it. The fix solves nothing because your advasaries have brains but you sure as hell break shit and waste everyones time in the process.
Maybe this is over my head. But how would one rung a "safe" DNS server then? My interpretation of the article basically says to let only specific people use your DNS server, but then how would a company run a public resolver?
The problem is one of degree. The theory is if you don't offer a recursive resolver to the public amount of amplified output you get for your input is diminished over running a resolver that would respond to just whatever your authoratitive for.
Personally I don't buy much into this theory. There are enough ways to request an earfull from enough properly configured servers we can find much more effective things to be doing with our Internet fixing time.
For sake of argument assume you are able to snap your fingers and miraculously all open resolvers have been locked down. What has been accomplished?
Will anyone still be able to issue legitimate DNS queries using forged source address with impunity for which response is several times larger than request? YES.
Will DNSSEC with egregiously enormous amplification when configured entire as recommended simply go away? A man can dream. I doubt this will come to fruition.
The way I see it there are two solutions to this problem. BOTH need to be implemented.
1. Ingres filtering (AKA tools.ietf.org/html/bcp38) as TFA and many others here point out needs to be implemented with enough specificity to meaningfully raise the bar for successful source address spoofing.
2. All UDP protocols allowing amplification or resource exhaustion from spoofed source addresses need to be beaten with a clue stick for making the Internet worse than need be. There is NO EXCUSE.
It does not need to be perfect it only needs to not suck more than the underlying network.
We know how to do this. There are production protocols which get it right. The answer is stateless cookies. It might require an extra round trip once in a blue moon or a few extra CPU cycles to calculate HMACs... we can easily afford it.
In return we get UDP protocols at least as trustworthy as underlying transport. Protocols which can no longer be turned into weapons of mass deluge.
This can easily be phased in conjunction with DNS query rate limiting applicable for requests without cookies.
It seems to me all the money and political interest follow fools errands like DNSSEC which paradoxically makes the Internet we actually have right now less safe from denial of service.
You have the right to be a sellout all you want its a free country. Just don't flush your integrity down the toilet while concurrently expecting others to still give a shit about you.
If I had to choose from one of the open source relational databases it would be PostgresSQL anyway.
This whole going dark meme LEA is throwing around is bunk. It does not matter how society is structured or what the state of technology is.
There will always be a basic need for criminals to discover other buyers and sellers in illicit markets. The same skill set that makes a good detective works in all technological environments. The fallacy LEA makes is seeking advantage it is not morally entitled. This needs to be countered to protect LEA from internal corruption as well as the freedom of citizens to be left alone which is essential to maintenance of the social contract.
Obviously there will always be narrow minded types who only see that which makes their job easier or effective in the short term and self-delude themselves into thinking their power grabs are morally justifiable. The unfortunate reality is that every action has a reaction and contrary to LEA lore not every criminal is stupid.
I never understand the appeal of bitcoins. All transactions are basically public information subject to any number of statistical methods to develop profiles of user activity over time. Your local paper currency still wins out big in the areas of privacy and legitimacy nor is it clear that governments would actually continue to tolerate the usage of bitcoin if it ever popped its head out of the ashes of irrelevance without subjecting it to at least the same rules as normal currency. Perhaps this is unlikely due to the self limiting nature of coin circulation.
Like a chorous caroling under a troll bridge if you want to go green turn the goddamn things off when your not using them.
In other words ICANN is creating a whole host of phishing/identity problems with a money making TLD scheme which help nobody except phishers and their bottom line...
(...drumroll...)
Now they seriously have the nerve to seek mitigation against blatently predictable abuse of TLD insanity of their own making by soliciting even more money in extortion payments to safeguard their trademarks. WTF
I wish operators in the root zone list would grow a fucking spine and revolt against these loosers. ICANN needs to be gutted/shut down and replaced with a governance structure not prone to corruption and endless seas of conflicts of interest.
The reality is that Microsoft is unifying their interface across phone, tablet and computer and since tablets are the future and tablets use touch, touch is the priority. This is obviously imperfect for those of us who still use traditional form-factor computers, but in 5-10 years we'll be a minority (if not sooner).
In 5-10 years from now this nonsensical fad will be replaced by another soon after RSI hospital bills are tallied and enough people give up and break out the keyboards. You will notice even Microsofts ultra trendy surface comes with a keyboard.
I think that Metro is actually Microsoft, for the first time in a long time, being ahead of the curve. I expect Apple will be following suit within a few years.
We have all of these resources and tools but the OS vendors choose to piss them away by focusing on shallow useless interfaces and shells.
I think Metro is actually ahead of some bullshit hipster curve that means nothing and helps nobody.
The hardware people are kicking ass while the software people sit on theirs. It is pathetic and sorry.
This aint about progress its about extracting as much value as possible from the market. MS wants a percent of all software sold. They want apples deal while at the same time a whole lot of interests line up to lock down computation. The future is about greed and aggregation of power. If you are happy with your ipad and having one company dictate what software you can and cannot run you will love the goddamn future.
I'm always amazed at how many people think because they were successful in ripping off the music and movie business for so long, en masse, that somehow that's their moral imperative?
None here has made such a claim as near as I can tell but don't let this stand in your way.
This world is seriously jacked up, and that mentality is the most obvious face of it. Grow up,
You REALLY need to get out more and brush up on your history.
people. Stealing music isn't *sticking it to the man*, you just just it to yourself by severely limiting the amount of good music that's come out over the last two decades.
What amuses me most of all is songs I hear and like have been broadcast over the radio free of charge for as long as I have been alive. People have had technical means to record them and play them back for just as long. The old radio/tape combos came prewired to make this as easy as possible. In 43 years I have been alive courts have consistantly ruled recording over the air broadcasts is legal yet people including myself still shell out the cash for records/CDs, even broadcast TV series and they still go to the theatres even with the egregious pricing schemes.
Could someone help me with this "would you rather" logic displayed in TFA.
There are NO changes in law. The only change is an agreement between vigilante conspirators.
MPAA/RIAA have to get a court order/subpeona to send you legal threats. They remain perfectly free do this regardless of the numbered strike you happen to be on today.
If anything CAS makes it worse. The lawyers will no doubt argue by clicking close on connection hijack delivered warnings or following subsequent instructions you have admitted to or failed to do something.
It would have been nice if TFA tried to address the issue of the point of a particular instruction set over another. What do you gain by jumping ship and trying something new you can't get by adding on to what you already have?
The conventional wisdom says ARM is unbeatable at low (mostly idle) power but nobody explains why x86 can't have the same characteristics. If the marketeers at intel are to be believed there is no reason.
I used to think the future of processors were those specialized java bytecode executing CPUs but nobody is touching this approach these days.
People talk about CISC vs RISC but anymore it seems instruction set is nothing more than an interface to an underlying structure that seems to have little problem evolving within the constraints of the interface.
Now my working assumption is that what really matters in the age of parallisim going forward is the memory / concurrency model of the system...yet I'm not so sure of even this what prevents you from introducing new instructions with fewer guarantees? As the number of transistors reach twoard absurdity does the total amount of effort needed to deal with the past increase or decrease?
Why the mystery? Why couldn't it just say that this failed?
No, you don't. You don't know if the block is bad, if the data bus is suffering an intermittent fault that happened to occur while that block was being read, if it's the BIST or ECC mechanisms that are faulty, or if it's a software error corrupting the data. Going from "we got a fault on reading this block" to "that block and only that block is affected, let's get on with it" with no consideration is a great way to lose a rover.
Why should the rover have to read or write to persistant storage to continue to operate?
Ah, so you only allow your software to be run on hardware with ECC corrected RAM and ECC caches and ECC data busses... seems weird to call this a "PC app" when it's excluding most of the PC market. Unless you're doing it yourself then you're only checking for a subset of errors.
If your going to use this interpretation of "error" ECC is not good enough. It can fail undetected as well, same goes for cryptographic signatures. This is not a grand tour of everything and anything that can go wrong. I never asserted the system should continue if the running image was suspect. That would be madness. This is about I/O to persistant storage specifically.
Now, assuming it's one that you can see, how do you "handle" that error? Do you just not read from that file again but continue on under the assumption that it was a singular event of no further consequence?
Not using anything you have reason to think may be suspect is a fine strategy.
In PC land I trust the I/O subsystem to retry read operations to underlying media and remap failed write operations as appropriate. I trust the storage subsystem to monitor persistant storage and inform of any systematic problems. Trust is more powerful than paranoia. Make each component trustworthy and each exchange between components transactional, instrument each subsystem so you can be alerted to problems and make good decisions. Paranoia does not scale.
Yes, and?
No implication, was providing a data point from TFA.
NASA did. From the space.com article they said some files were corrupted meaning flash hardware could still be accessed.
The article suggests the flash memory may have been corrupted by cosmic rays, how do you protect against that? Redundancy.
There are several ways to do it using error correction techniques at the cost of some capacity. My point is not that flash should not have failed it is the system should be able to continue to function with external I/O failure present as long as the core system processor/northbridge is ok. An I/O error transfering data for one discrete experiment or function should not adversly effect another.
Plus no-one said that the A-side could never recover on its own (like what happened with Spirit), I'm sure it's just a lot easier to boot the redundant system and diagnose it from there.
This again is not my point. The point is it should still be able to function in the face of I/O failure.
Or do you have a better idea for how they could architected it?
I would expect all I/O to be transactional and orthagonal operations to be isolated. From the space.com article I know that 1. data upload failed, 2 sleep failed, 3 they had to take manual action to figure out why.
The computer on Curiosity is completely redundant and has switched over to the secondary computer, even if the primary computer has suffered fatal hardware failure the rover can continue to operate on the secondary. If that's not "being useful" after a failure I don't know what is!
This is confusing my point. Your drawing a "systems" box around both computers while I have only drawn a box around one computer.
Relying on hardware redundancy to fix a software problem kind of spoils the reason for hardware redundancy doesn't it? What if B-side had been burnt to a crisp and then the same problem occured? I'm sure they have an answer for that.
Pretty much any fault, error, or out-of-bounds reading with any part of the rover causes it to stop whatever it is doing and wait for ground control to check it out and decide what to do.
Thats a great strategy only problem with it is from TFA the indication they received was noticing it was not behaving the way it was supposed to be behaving. They had to look around to figure out why.
If the fault is with the computer itself, it makes sense to gracefully enter safe mode. It probably was a cosmic ray flipping a random bit, but you can't assume that when designing your fault handler.
You don't have to assume anything. You KNOW the block is invalid. A bad block should not cripple the computer so that it can't do anything else. There is no indication from TFA there were any other faults.
See, I think you have that backwards. If it were a PC app it would be appropriate to just assume the error was insignificant or more likely not bother checking in the first place.
All I do is write software and I refuse to follow this shitty advice. Every error should be checked and handled. Besides the fricking hardware does all the heavy lifting for us all we have to do is check the return codes of read() and write() as they say not rocket science.
serious problem then eventually the app or OS might crash, the user will reboot, and if that doesn't work reinstall, and if not that then they'll just go get some new hardware.
We're talking about I/O failure to flash not crashing an OS or broken hardware.
For a multi-billion rover on another planet, you don't want to just wait and see what happens. Any anomaly at all should be cause for cautious, deliberate action. Heck, the whole project is run that way.
From TFA this is exactly what they did do...they waited to notice the rover not doing what it was supposed to be doing. This is deserving in my view of "should not happen again".
"The issue cropped up Wednesday (Feb. 27), when the spacecraft failed to send its recorded data back to Earth and did not switch into its daily sleep mode as planned. After looking into the issue, engineers decided to switch the Curiosity rover from its primary "A-side" computer to its "B-side" backup on Thursday at 5:30 "
The rover was designed with a lot of redundancy and flexibility so that it can be useful even in the face of more serious problems, and if that turns out to be the case they'll find a way to make the rover as useful as possible. Missing a couple night's worth of downloads and delaying some activities in order to take the time to make sure they're maximizing the rover's future potential is an easy tradeoff.
"We have probably several days, maybe a week of activities to get everything back and reconfigured."
Yeah... did you miss the part where it went to the redundant unit and sent an error to mission control? Sheesh.
No I missed it. I read both articles and none of them mentioned A. the rover went to a redundant anything by *itself* or B that it sent an error.
It says they "NASA" switched it and that they noticed the problem when the rover did not uplink or enter sleep mode when it was supposed to... what error are you talking about?
And I think my point remains. Just because you can't read or write to an area of persistant storage what prevents you from entering sleep mode or uplinking data? There was also no information anything but the flash memory was broke.
Ok lets assume a cosmic ray corrupted some random block of flash memory...so what? Why should that lead to failure to upload anything or enter sleep mode?
I can only assume there is integrity check for block level I/O from flash and it just did not try to load garbage without knowing it. If it were any old PC app this would be perfectly acceptable behavior.
However for ultra expensive spacefaring things I would expect it to be designed to still try and be useful even if the southbridge cought fire.
The problem with agile is that it leads to locally optimal solutions and punishes large change and significant systems infrastructure investments. It is a suboptimal methodology if you care about the opportunity cost to global complexity and progress.
I think MS is wasting everyones time to be constantly reinventing the wheel with essentially the same or worse outcomes as before in some categories it would actually be refreshing for once if they just sat down and made the existing shit they have work better rather than constantly rewriting the wheel.
As for IT upgrades XP and Office 2003 are good enough for tons of users even if they upgraded and loved the new versions what difference in productivity/bottom line does a new version of word or windows really make? All of the important problems in the space have already been addressed. Thinking you can strongarm people into constantly re-buying or renting all of their software is a battle you will loose.
You either incrementally improve your systems or work on huge disruptive change with huge payouts. You don't ever introduce disruptive change with only incremental or arguably negative improvements if you expect to continue to stay relevant.
It seems to me that the content of an IP packet should be protected under wiretapping laws. What gives the ISPs the right to monitor my traffic. If they do have this right, do they also have the right to break or somehow spoof encrypted traffic as well?
I dislike CAS as much as everyone else but lets be real about what is and is not happening here.
The ISPs are not searching their pipes for infringements they are being notified by rights holders...although it is anyones guess how rights holders are determining infringement.. most obvious low hanging fruit is P2P where your participation in a torrent is essentially public knowledge and requires no spying or intercepting of pipes.
I dislike CAS for handing the phishers a gift from heaven.
I think CAS is illegal because it plays the roles of jury and executioner based on alligations alone. This is not how we roll in the US.
CAS may be explioted as an attack vector to deny "frenemies" internet access by continuous impersonation of infringement. See also http://en.wikipedia.org/wiki/Swatting
CAS may be leveraged to effectivly deny legitimate activities such as a customer choice of open access policy or hosting a tor node to support freedom in oppressed regions.
There is little to no information about how infringement is determined or information about the presence of humans anywhere in the loop of generation and processing of notifications.
That ISPs would choose to implement something like this speaks to an underlying problem of over aggregation and insufficient competition in the ISP marketplace.
It is not enough simply to work to defeat CAS. We need to support and find ways to reserrect the local ISP. Muni fiber, legislation even locally to open up cable and telcom infustructure to competitition on a fair and reasonable basis. Commercial aggregation of control over the pipes scary given most of these outfits are also cable and media monopolies.
Port control protocol is also very close to being reality. It's a bit like a combination of UPnP and DHCP that allows static IPv4 ports to be requested by and allocated to an end user like IP addresses are now.
I have never understood this its like people keep chasing themselves around in circles.
Having a computer with a public address and no firewall is bad.
Having a computer with a public address and a firewall in which every application you install adds a firewall exception for itself is good.
Having a computer with a private address with UPNP is good when this is little different from having a public address with no firewall.
What is really the difference between intentionally listening on a port locally and sending a signal to some middle box saying please send me this? You are expressing the same intent either way.
I think in some situations there is value in a central filtering system to enforce policy but if every system is going to grant itself the ability to punch holes willy nilly by default as is the case with all of the current consumer gear WTF is the point? All you have done is increased system complexity and introduced more components to be attacked.
I really don't get why so many American's are up in arms about un-manned aircraft - there have been aircraft "looking down into" their backyards for 100 years now, who cares if it has a pilot IN IT or not.
Maybe people just want to be left alone and not continuously stalked and spied upon? It seems to make a difference to humans whether you just happen to run into them on the street vs following their every move (stalking).
There is a difference between viewing the license plate of the vechicle in front of you and recording all license plates everywhere, building vast databases of the movement patterns of all vechicles.
Systematic surveillance and large scale imaging from drones = stalking. Flying over random houses in a hot air balloon and taking pictures != stalking.
But almost no-one has raised near one third the stink about almost all their personal private conversations being intercepted and sifted through.
While both issues need more attention this is BS. The domestic wholesale wiretapping issue has been on the table 4 > decade. Wholesale domestic drone use is a brand new issue.
I've distinctly gotten the impression that American's have a heck of a lot stronger (almost zealous) "my home is my castle, my own little personal country where no one is allowed, if
I reckon this is why they call private property "private".
they're a tresspassn' I'm allowed to shoot em" fantasy.
I don't think you'll find many willing to subscribe to your unqualified trespassing = death meme.
If Chinese checked their state forestry administration (SFA) web servers my guess they will see the same patterns of "attacks". e.g. random scans from botnets.
There is a real problem with definition what constitutes an attack. We also routinely see US peeps in government and industry who should know better sit in front of congress and pop off scary specious figures to bend reality twoard their policy goals.
With all of these "we're being attacked" rumblings from government, warnings from Penetta and Sunday show rounds from former CIA's Hayden.. I expected to see some legislation... oh look SOPA is being reserrected.
Slashdot Mirror
A technical solution would require redefining the IP standard.
This is not something new. These attacks have been known for decades. The majority of existing protocols either are not subject to or have protections against this problem.
If you try and send SYN packets to start a TCP session using a spoofed source address the vast majority of currently deployed stacks will start requring cookies. If you are not able to receive the cookie your evil plot is foiled.
This problem really still only exists in a subset of clueless UDP protocols.
New UDP protocols such as DTLS have it right from day 1. Before TLS handshake starts and DTLS server allocates any state the client must echo back a stateless cookie provided by the server to guard against spoofing. This protects against resource exhaustion and amplification.
There are stateless cookies for other common UDP protocols subject to this problem including SIP and DNS. It requires no change to IP and only minor changes to most existing UDP based protocols.
For SNMP lock down community, use TCP/TLS or DTLS instead. You get better security and there is no more amplification insanity.
Either way you look at it a lot of work still needs to be done to solve the problem. Whether from the operator filtering end or the protocol end. They both suck and they both need to be fixed.
There is a rate limiting patch for BIND. The BIND package in RHEL/CentOS has it now:
If you really want to solve the problem then implement DNS cookies.
Please think about what your doing. Rate limiting solves nothing. Once this is deployed the attacker will simply alter the contents of their queries rather than resending the same tired request such that it now becomes indistinguishable from background with much the same results. At that point any additional rate limiting hurts legitimate users just as much as attackers.
This is your typical spam fighting downward spiral. You see a problem and you fix it. The fix solves nothing because your advasaries have brains but you sure as hell break shit and waste everyones time in the process.
Maybe this is over my head. But how would one rung a "safe" DNS server then? My interpretation of the article basically says to let only specific people use your DNS server, but then how would a company run a public resolver?
The problem is one of degree. The theory is if you don't offer a recursive resolver to the public amount of amplified output you get for your input is diminished over running a resolver that would respond to just whatever your authoratitive for.
Personally I don't buy much into this theory. There are enough ways to request an earfull from enough properly configured servers we can find much more effective things to be doing with our Internet fixing time.
Why are they not sending out emails to the people running these things.
Check which domains these servers are authoritative for and send them a damn email.
Cause "fixing" them solves nothing?
For sake of argument assume you are able to snap your fingers and miraculously all open resolvers have been locked down. What has been accomplished?
Will anyone still be able to issue legitimate DNS queries using forged source address with impunity for which response is several times larger than request? YES.
Will DNSSEC with egregiously enormous amplification when configured entire as recommended simply go away? A man can dream. I doubt this will come to fruition.
The way I see it there are two solutions to this problem. BOTH need to be implemented.
1. Ingres filtering (AKA tools.ietf.org/html/bcp38) as TFA and many others here point out needs to be implemented with enough specificity to meaningfully raise the bar for successful source address spoofing.
2. All UDP protocols allowing amplification or resource exhaustion from spoofed source addresses need to be beaten with a clue stick for making the Internet worse than need be. There is NO EXCUSE.
It does not need to be perfect it only needs to not suck more than the underlying network.
We know how to do this. There are production protocols which get it right. The answer is stateless cookies. It might require an extra round trip once in a blue moon or a few extra CPU cycles to calculate HMACs... we can easily afford it.
In return we get UDP protocols at least as trustworthy as underlying transport. Protocols which can no longer be turned into weapons of mass deluge.
For DNS we have had reasonable solutions for years...yet we sit on our hands and nothing gets done...
http://tools.ietf.org/html/draft-eastlake-dnsext-cookies-03
This can easily be phased in conjunction with DNS query rate limiting applicable for requests without cookies.
It seems to me all the money and political interest follow fools errands like DNSSEC which paradoxically makes the Internet we actually have right now less safe from denial of service.
You have the right to be a sellout all you want its a free country. Just don't flush your integrity down the toilet while concurrently expecting others to still give a shit about you.
If I had to choose from one of the open source relational databases it would be PostgresSQL anyway.
This whole going dark meme LEA is throwing around is bunk. It does not matter how society is structured or what the state of technology is.
There will always be a basic need for criminals to discover other buyers and sellers in illicit markets. The same skill set that makes a good detective works in all technological environments. The fallacy LEA makes is seeking advantage it is not morally entitled. This needs to be countered to protect LEA from internal corruption as well as the freedom of citizens to be left alone which is essential to maintenance of the social contract.
Obviously there will always be narrow minded types who only see that which makes their job easier or effective in the short term and self-delude themselves into thinking their power grabs are morally justifiable. The unfortunate reality is that every action has a reaction and contrary to LEA lore not every criminal is stupid.
I never understand the appeal of bitcoins. All transactions are basically public information subject to any number of statistical methods to develop profiles of user activity over time. Your local paper currency still wins out big in the areas of privacy and legitimacy nor is it clear that governments would actually continue to tolerate the usage of bitcoin if it ever popped its head out of the ashes of irrelevance without subjecting it to at least the same rules as normal currency. Perhaps this is unlikely due to the self limiting nature of coin circulation.
Like a chorous caroling under a troll bridge if you want to go green turn the goddamn things off when your not using them.
In other words ICANN is creating a whole host of phishing/identity problems with a money making TLD scheme which help nobody except phishers and their bottom line...
(...drumroll...)
Now they seriously have the nerve to seek mitigation against blatently predictable abuse of TLD insanity of their own making by soliciting even more money in extortion payments to safeguard their trademarks. WTF
I wish operators in the root zone list would grow a fucking spine and revolt against these loosers. ICANN needs to be gutted/shut down and replaced with a governance structure not prone to corruption and endless seas of conflicts of interest.
The reality is that Microsoft is unifying their interface across phone, tablet and computer and since tablets are the future and tablets use touch, touch is the priority. This is obviously imperfect for those of us who still use traditional form-factor computers, but in 5-10 years we'll be a minority (if not sooner).
In 5-10 years from now this nonsensical fad will be replaced by another soon after RSI hospital bills are tallied and enough people give up and break out the keyboards. You will notice even Microsofts ultra trendy surface comes with a keyboard.
I think that Metro is actually Microsoft, for the first time in a long time, being ahead of the curve. I expect Apple will be following suit within a few years.
We have all of these resources and tools but the OS vendors choose to piss them away by focusing on shallow useless interfaces and shells.
I think Metro is actually ahead of some bullshit hipster curve that means nothing and helps nobody.
The hardware people are kicking ass while the software people sit on theirs. It is pathetic and sorry.
This aint about progress its about extracting as much value as possible from the market. MS wants a percent of all software sold. They want apples deal while at the same time a whole lot of interests line up to lock down computation. The future is about greed and aggregation of power. If you are happy with your ipad and having one company dictate what software you can and cannot run you will love the goddamn future.
We've seen far too much blue software out of Microsoft. They couldn't come up with something catchy and relevant like Harakiri?
Windows Seppuku
I'm always amazed at how many people think because they were successful in ripping off the music and movie business for so long, en masse, that somehow that's their moral imperative?
None here has made such a claim as near as I can tell but don't let this stand in your way.
This world is seriously jacked up, and that mentality is the most obvious face of it. Grow up,
You REALLY need to get out more and brush up on your history.
people. Stealing music isn't *sticking it to the man*, you just just it to yourself by severely limiting the amount of good music that's come out over the last two decades.
What amuses me most of all is songs I hear and like have been broadcast over the radio free of charge for as long as I have been alive. People have had technical means to record them and play them back for just as long. The old radio/tape combos came prewired to make this as easy as possible. In 43 years I have been alive courts have consistantly ruled recording over the air broadcasts is legal yet people including myself still shell out the cash for records/CDs, even broadcast TV series and they still go to the theatres even with the egregious pricing schemes.
Could someone help me with this "would you rather" logic displayed in TFA.
There are NO changes in law. The only change is an agreement between vigilante conspirators.
MPAA/RIAA have to get a court order/subpeona to send you legal threats. They remain perfectly free do this regardless of the numbered strike you happen to be on today.
If anything CAS makes it worse. The lawyers will no doubt argue by clicking close on connection hijack delivered warnings or following subsequent instructions you have admitted to or failed to do something.
It would have been nice if TFA tried to address the issue of the point of a particular instruction set over another. What do you gain by jumping ship and trying something new you can't get by adding on to what you already have?
The conventional wisdom says ARM is unbeatable at low (mostly idle) power but nobody explains why x86 can't have the same characteristics. If the marketeers at intel are to be believed there is no reason.
I used to think the future of processors were those specialized java bytecode executing CPUs but nobody is touching this approach these days.
People talk about CISC vs RISC but anymore it seems instruction set is nothing more than an interface to an underlying structure that seems to have little problem evolving within the constraints of the interface.
Now my working assumption is that what really matters in the age of parallisim going forward is the memory / concurrency model of the system...yet I'm not so sure of even this what prevents you from introducing new instructions with fewer guarantees? As the number of transistors reach twoard absurdity does the total amount of effort needed to deal with the past increase or decrease?
Yes, because normal operations were suspended.
Why the mystery? Why couldn't it just say that this failed?
No, you don't. You don't know if the block is bad, if the data bus is suffering an intermittent fault that happened to occur while that block was being read, if it's the BIST or ECC mechanisms that are faulty, or if it's a software error corrupting the data. Going from "we got a fault on reading this block" to "that block and only that block is affected, let's get on with it" with no consideration is a great way to lose a rover.
Why should the rover have to read or write to persistant storage to continue to operate?
Ah, so you only allow your software to be run on hardware with ECC corrected RAM and ECC caches and ECC data busses... seems weird to call this a "PC app" when it's excluding most of the PC market. Unless you're doing it yourself then you're only checking for a subset of errors.
If your going to use this interpretation of "error" ECC is not good enough. It can fail undetected as well, same goes for cryptographic signatures. This is not a grand tour of everything and anything that can go wrong. I never asserted the system should continue if the running image was suspect. That would be madness. This is about I/O to persistant storage specifically.
Now, assuming it's one that you can see, how do you "handle" that error? Do you just not read from that file again but continue on under the assumption that it was a singular event of no further consequence?
Not using anything you have reason to think may be suspect is a fine strategy.
In PC land I trust the I/O subsystem to retry read operations to underlying media and remap failed write operations as appropriate. I trust the storage subsystem to monitor persistant storage and inform of any systematic problems. Trust is more powerful than paranoia. Make each component trustworthy and each exchange between components transactional, instrument each subsystem so you can be alerted to problems and make good decisions. Paranoia does not scale.
Yes, and?
No implication, was providing a data point from TFA.
Who said it was a software only problem?
NASA did. From the space.com article they said some files were corrupted meaning flash hardware could still be accessed.
The article suggests the flash memory may have been corrupted by cosmic rays, how do you protect against that? Redundancy.
There are several ways to do it using error correction techniques at the cost of some capacity. My point is not that flash should not have failed it is the system should be able to continue to function with external I/O failure present as long as the core system processor/northbridge is ok. An I/O error transfering data for one discrete experiment or function should not adversly effect another.
Plus no-one said that the A-side could never recover on its own (like what happened with Spirit), I'm sure it's just a lot easier to boot the redundant system and diagnose it from there.
This again is not my point. The point is it should still be able to function in the face of I/O failure.
Or do you have a better idea for how they could architected it?
I would expect all I/O to be transactional and orthagonal operations to be isolated. From the space.com article I know that 1. data upload failed, 2 sleep failed, 3 they had to take manual action to figure out why.
The computer on Curiosity is completely redundant and has switched over to the secondary computer, even if the primary computer has suffered fatal hardware failure the rover can continue to operate on the secondary. If that's not "being useful" after a failure I don't know what is!
This is confusing my point. Your drawing a "systems" box around both computers while I have only drawn a box around one computer.
Relying on hardware redundancy to fix a software problem kind of spoils the reason for hardware redundancy doesn't it? What if B-side had been burnt to a crisp and then the same problem occured? I'm sure they have an answer for that.
Pretty much any fault, error, or out-of-bounds reading with any part of the rover causes it to stop whatever it is doing and wait for ground control to check it out and decide what to do.
Thats a great strategy only problem with it is from TFA the indication they received was noticing it was not behaving the way it was supposed to be behaving. They had to look around to figure out why.
If the fault is with the computer itself, it makes sense to gracefully enter safe mode. It probably was a cosmic ray flipping a random bit, but you can't assume that when designing your fault handler.
You don't have to assume anything. You KNOW the block is invalid. A bad block should not cripple the computer so that it can't do anything else. There is no indication from TFA there were any other faults.
See, I think you have that backwards. If it were a PC app it would be appropriate to just assume the error was insignificant or more likely not bother checking in the first place.
All I do is write software and I refuse to follow this shitty advice. Every error should be checked and handled. Besides the fricking hardware does all the heavy lifting for us all we have to do is check the return codes of read() and write() as they say not rocket science.
serious problem then eventually the app or OS might crash, the user will reboot, and if that doesn't work reinstall, and if not that then they'll just go get some new hardware.
We're talking about I/O failure to flash not crashing an OS or broken hardware.
For a multi-billion rover on another planet, you don't want to just wait and see what happens. Any anomaly at all should be cause for cautious, deliberate action. Heck, the whole project is run that way.
From TFA this is exactly what they did do...they waited to notice the rover not doing what it was supposed to be doing. This is deserving in my view of "should not happen again".
"The issue cropped up Wednesday (Feb. 27), when the spacecraft failed to send its recorded data back to Earth and did not switch into its daily sleep mode as planned. After looking into the issue, engineers decided to switch the Curiosity rover from its primary "A-side" computer to its "B-side" backup on Thursday at 5:30 "
The rover was designed with a lot of redundancy and flexibility so that it can be useful even in the face of more serious problems, and if that turns out to be the case they'll find a way to make the rover as useful as possible. Missing a couple night's worth of downloads and delaying some activities in order to take the time to make sure they're maximizing the rover's future potential is an easy tradeoff.
"We have probably several days, maybe a week of activities to get everything back and reconfigured."
Yeah... did you miss the part where it went to the redundant unit and sent an error to mission control? Sheesh.
No I missed it. I read both articles and none of them mentioned A. the rover went to a redundant anything by *itself* or B that it sent an error.
It says they "NASA" switched it and that they noticed the problem when the rover did not uplink or enter sleep mode when it was supposed to... what error are you talking about?
And I think my point remains. Just because you can't read or write to an area of persistant storage what prevents you from entering sleep mode or uplinking data? There was also no information anything but the flash memory was broke.
Ok lets assume a cosmic ray corrupted some random block of flash memory...so what? Why should that lead to failure to upload anything or enter sleep mode?
I can only assume there is integrity check for block level I/O from flash and it just did not try to load garbage without knowing it. If it were any old PC app this would be perfectly acceptable behavior.
However for ultra expensive spacefaring things I would expect it to be designed to still try and be useful even if the southbridge cought fire.
The problem with agile is that it leads to locally optimal solutions and punishes large change and significant systems infrastructure investments.
It is a suboptimal methodology if you care about the opportunity cost to global complexity and progress.
I think MS is wasting everyones time to be constantly reinventing the wheel with essentially the same or worse outcomes as before in some categories it would actually be refreshing for once if they just sat down and made the existing shit they have work better rather than constantly rewriting the wheel.
As for IT upgrades XP and Office 2003 are good enough for tons of users even if they upgraded and loved the new versions what difference in productivity/bottom line does a new version of word or windows really make? All of the important problems in the space have already been addressed. Thinking you can strongarm people into constantly re-buying or renting all of their software is a battle you will loose.
You either incrementally improve your systems or work on huge disruptive change with huge payouts. You don't ever introduce disruptive change with only incremental or arguably negative improvements if you expect to continue to stay relevant.
It seems to me that the content of an IP packet should be protected under wiretapping laws. What gives the ISPs the right to monitor my traffic. If they do have this right, do they also have the right to break or somehow spoof encrypted traffic as well?
I dislike CAS as much as everyone else but lets be real about what is and is not happening here.
The ISPs are not searching their pipes for infringements they are being notified by rights holders...although it is anyones guess how rights holders are determining infringement.. most obvious low hanging fruit is P2P where your participation in a torrent is essentially public knowledge and requires no spying or intercepting of pipes.
I dislike CAS for handing the phishers a gift from heaven.
I think CAS is illegal because it plays the roles of jury and executioner based on alligations alone. This is not how we roll in the US.
CAS may be explioted as an attack vector to deny "frenemies" internet access by continuous impersonation of infringement. See also http://en.wikipedia.org/wiki/Swatting
CAS may be leveraged to effectivly deny legitimate activities such as a customer choice of open access policy or hosting a tor node to support freedom in oppressed regions.
There is little to no information about how infringement is determined or information about the presence of humans anywhere in the loop of generation and processing of notifications.
That ISPs would choose to implement something like this speaks to an underlying problem of over aggregation and insufficient competition in the ISP marketplace.
It is not enough simply to work to defeat CAS. We need to support and find ways to reserrect the local ISP. Muni fiber, legislation even locally to open up cable and telcom infustructure to competitition on a fair and reasonable basis. Commercial aggregation of control over the pipes scary given most of these outfits are also cable and media monopolies.
Port control protocol is also very close to being reality. It's a bit like a combination of UPnP and DHCP that allows static IPv4 ports to be requested by and allocated to an end user like IP addresses are now.
I have never understood this its like people keep chasing themselves around in circles.
Having a computer with a public address and no firewall is bad.
Having a computer with a public address and a firewall in which every application you install adds a firewall exception for itself is good.
Having a computer with a private address with UPNP is good when this is little different from having a public address with no firewall.
What is really the difference between intentionally listening on a port locally and sending a signal to some middle box saying please send me this? You are expressing the same intent either way.
I think in some situations there is value in a central filtering system to enforce policy but if every system is going to grant itself the ability to punch holes willy nilly by default as is the case with all of the current consumer gear WTF is the point? All you have done is increased system complexity and introduced more components to be attacked.
I really don't get why so many American's are up in arms about un-manned aircraft - there have been aircraft "looking down into" their backyards for 100 years now, who cares if it has a pilot IN IT or not.
Maybe people just want to be left alone and not continuously stalked and spied upon? It seems to make a difference to humans whether you just happen to run into them on the street vs following their every move (stalking).
There is a difference between viewing the license plate of the vechicle in front of you and recording all license plates everywhere, building vast databases of the movement patterns of all vechicles.
Systematic surveillance and large scale imaging from drones = stalking. Flying over random houses in a hot air balloon and taking pictures != stalking.
But almost no-one has raised near one third the stink about almost all their personal private conversations being intercepted and sifted through.
While both issues need more attention this is BS. The domestic wholesale wiretapping issue has been on the table 4 > decade. Wholesale domestic drone use is a brand new issue.
I've distinctly gotten the impression that American's have a heck of a lot stronger (almost zealous) "my home is my castle, my own little personal country where no one is allowed, if
I reckon this is why they call private property "private".
they're a tresspassn' I'm allowed to shoot em" fantasy.
I don't think you'll find many willing to subscribe to your unqualified trespassing = death meme.
If Chinese checked their state forestry administration (SFA) web servers my guess they will see the same patterns of "attacks". e.g. random scans from botnets.
There is a real problem with definition what constitutes an attack. We also routinely see US peeps in government and industry who should know better sit in front of congress and pop off scary specious figures to bend reality twoard their policy goals.
With all of these "we're being attacked" rumblings from government, warnings from Penetta and Sunday show rounds from former CIA's Hayden.. I expected to see some legislation... oh look SOPA is being reserrected.