Slashdot Mirror


User: WaffleMonster

WaffleMonster's activity in the archive.

Stories
0
Comments
4,185
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 4,185

  1. Re:Torrents on FCC Chair Calls On ISPs To Adopt New Security Measures · · Score: 1

    Instead of nitpicking the numbers I pulled off the top of my head because they might interfere with your particular invented legitimate activity, how about recognizing that outliers in usage patterns often correspond to malicious activity? Maybe 500 pings/minute is a bad example, but certainly that's not the norm for an average customer.

    I'm not only nitpicking your examples. I'm nitpicking the underlying concept. The hueristics have all been tried with SMTP and not only has it failed to stop spam but it has made email unreliable and unusable in the process. I prefer not to see the same errors repeated in the name of network management.

    The reason for failure is your advasary is a living thinking human being with a brain just like yourself. Every action you take to detect a problem can and will be countered by moderating the system so that it does not trip the thresholds you set. It is an evolution of war unwinnable by either side.

    How about an ISP noticing that 100 IPs within their address space are sending the exact same http query to a particular website at a very high rate? Surely even you guys would think this might indicate an ongoing DDOS attack that someone should look at.

    Now back to nitpicking your latest ideas... Maybe it is just a popular web site and they have a polling system for dynamic updates such as is very common with news sites, interactive forums, online chat, ebay countdowns..etc. I imagine the same error happened in the minds of the spam fighters who could not imagine that anyone would ever have a reason to send a legitimate email with the word viagra in the subject line.

    As for how many IPs/ports for port scanning makes me suspicious - certainly scanning entire subnets looks suspicious. Scanning 100's of ports on a single IP would count as probing and a possible attack

    How many IPs are in an entire subnet? A subnet can be a /8 network for all I know?

    Why even bother at this point? The world is moving to IPv6 where blind subnet scanning will soon become a fruitless activity anyway.

    In terms of scanning 100's of ports on a single IP lets say everyone adds a rule blocking the 100th attempt. The botnet C&C adjusts clients to try a port on the same IP once every hour or so to avoid detection or commands other systems to perform a distributed port scan. Same outcome except now the ISP has wasted tons of cash on expensive high speed DPI gear AND it is now harder for a skilled person who knows what their looking for to understand what is happening.

    BTW, what possible reason could you have for doing traceroute with a refresh rate of 1 second?

    Your question is really the core issue... The person designing the rules makes the value judgement based on their limited knowledge and as a result things break and people become unhappy because the rule maker turns out to not be as smart as their self image. If you think I'm nitpicking.. the real world is absolutely relentless... Ask the people who wrote mtr why they did it. It is often used to evaluate transient or long term metrics about the network path..per-hop latency, packet loss. I assume it is to keep from having to wait forever to see what is going on and where.

  2. Parasites on Why Tesla Cars Aren't Bricked By Failing Batteries · · Score: 1

    Apparently the manual for this thing states 7% of the capacity of the battery can be lost PER DAY simply by sitting there.

    After some threshold the discharge rate is reduced to 5% per week.

    This is crazy.. 7% per day I hear/assume is used for active temperature management, electronics, dc-dc converters..etc.

    Whats left after temperature control shuts down is better but insufficient.

    They need to shut down *everything* including the management circuts in each string group of batteries when the charge is reduced below a critical level.

    The reasons and excuses from the manufacturer don't matter... Current behavior complete with $40k bill is unacceptable to people and this is all that matters.

  3. Re:Torrents on FCC Chair Calls On ISPs To Adopt New Security Measures · · Score: 2

    If you're port scanning multiple IPs, then you fit the profile of an attacker and need to be looked at

    Are you sure? How many IPs/ports make you suspicious? Who decides?

    It's no different than the cops stopping someone who is walking through the neighborhood checking the doors.

    Where I live people are constantly going door to door selling crap... For all I know they could just be checking doors... Do I get to call the police whenever I see someone making their rounds down the block?

    If a connection is spewing 500 pings a minute for 10 minutes, it's pretty unlikely it's for a legitimate reason.

    Lets see MTR to a destination with 20 hops default refresh rate of 1 second. After a minute you just spewed 1200 pings. OMFG call the police!!

  4. Re:Berkeley DB? on Is It Time For NoSQL 2.0? · · Score: 1

    Dead on. And I'm currently building an ecommerce site on openldap. It's way better than it used to be. In particular, I'd never use it in the past because slurpd stank. Now that that's gone their replication is fast and solid. And yeah, NoSQL is basically a poor reimplementation of well tuned LDAP.

    OpenLDAP is not the directory server you seek.. Switch to 389 you will.

  5. Re:Why not both? on Is It Time For NoSQL 2.0? · · Score: 1

    There's another piece to the definition. The traditional RDBMS (Oracle, DB2, SQL Server, MySQL, PostgreSQL) is designed to give 100% consistent results. All other design goals are sacrificed so that two people asking the DB the same question at the same time will get the same answer, and no one can make a
    modification and someone else gets an answer that is not 100% up to date.

    This is incorrect. Oracle and MySQL use MVCC for all reads by default. SQL Server is the only one in your list that blocks readers for data where write locks have been issued unless SI or uncommited reads are enabled for the query ( CHOICE). Oracle does not even offer a serialized reads option.

    If one person authorizes $500 on your credit card at 1:00 and consumes your limit and someone else tries to authorize $300 at 1:00:10 and it goes through because the DBMS isn't giving consistent answers, that's a problem.

    Changes are consistant...answers are NOT.

    NoSQL trades consistency for flexibility/simpler scalability.

    You can make consistancy tradeoffs with most RDBMS systems as well.

    Want to store terabytes of big LOBs and use your DB as a transactional filesystem? It can be done, but it won't be pretty.

    Why not?

  6. Re:Torrents on FCC Chair Calls On ISPs To Adopt New Security Measures · · Score: 2

    The ISPs are really the only ones positioned to thwart attacks as well.

    I disagree, the government goes after the botnets and shuts them down. They have all the needed logging and C&C data. Your best off letting the virus scanning companies deal with this and colloberate with the government where it makes sense.

    For example, blocking an IP that appears to be port scanning or sending high rates of email.

    What right does the ISP have to limit me from port scanning or sending bulk mail? I do both on a regular basis for legitimate reasons. Profiling is unacceptable. SMTP email is now worthless thanks to stupid algorithms with thinks every other legitimate message is spam and needs to be silently deleted.

    Or rate-limiting icmp packets to reduce the effectiveness of DOS attacks

    Please don't rate limit ICMP because it screws up PMTUD and anyone trying to troubleshoot real problems. Smurf attacks don't work anymore have not for many years. All ISPs need to do is enable ingres filtering.

  7. Now I'm really confused on Faulty Cable To Blame For Superluminal Neutrino Results · · Score: 1

    I thought they also did the whole travelling sneeizum clock thing to verify GPS timing? If the GPS was broke wouldn't they have detected that earlier? I'm really confused...

    "After tightening the connection and then measuring the time it takes data to travel the length of the fiber, researchers found that the data arrive 60 nanoseconds earlier than assumed."

    Even more confused... Did they not take the index of refraction of the cable into account?

    They tightened a cable and then the measured delay was 60ns less than expected? If that was true wouldn't increase the problem by another 60ns? Since it is now faster?

    I'm hopelessly confused...

  8. ISPs just say no on FCC Chair Calls On ISPs To Adopt New Security Measures · · Score: 1

    Although it seems like a great idea for ISPs to try and help customers in reality they won't do it. FBI recently tried to send notifications out to ISPs to notify their customers but their data was screwed up and 100% worthless.

    ISP: (Calling john smith)..
    JS: Hello

    ISP: Hello, I'm from x and your computer is infected with y.

    JS: No I will not install your malware you must be trying to scam me.

    JS: I have no idea what you just said...don't call back.

    JS: You allowed my computer to be infected?!?

    JS: I have to pay you to fix it for me?!? WTF!

    JS: How do you know? Are you spying on me???

    JS: My computer works fine, leave me alone.

  9. Is it time for the NoIP Internet? on Is It Time For NoSQL 2.0? · · Score: 1

    Why does a new product operating in the very same space as other keyvalue stores warrant an increment of the buzzword version number?

  10. Re:When programming tools and databases meet.. on New Opa S4 Release Puts Forward New 'ORM' For MongoDB · · Score: 1

    Now, we know we can separate the representation of data in a database from the data itself, but the two can look identical, with a middleware as the go-between between the programming tools and the database. Or they can co-habit.

    It doesn't matter what you call it, but I like it.

    Hows about "create view" ?

    My dream environment = perfect representation of data in flexible/dynamic objects in a programming language, disconnected or connected to databases with nearly identical, flexible and dynamic data model representation, with a powerful query language (SQL-like), the scalability of the new generation of shared-nothing architectures, simple connectivity options (simple sockets all the way up to REST) and the reliability of a relational database's ACID properties.

    ACID + disconnected databases = oxymoron

    Thinking you can treat online and disconnected databases the same since they are both "databases" = dellusional.

    dynamic data model = see self modifying code

    http based Implementations of the idea of REST suck for anything but trivial CRUD.

    Shared nothing + crappy schema = so much for scalability.

    Until singularity time schema design is and shall remain more important than selection or use of underlying technology.

    Scalable, consistant/reliable and easy to design... pick any two.

  11. RFID is a great way to get americans killed on Damaged US Passport Chip Strands Travelers · · Score: 1

    It has been demonstrated many times over with the right equipment you can pick up and track RFID signals from significant distances.

    Any group seeking to kidnap or kill Americans just needs a few thousand bucks worth of equipment to pluck them out of a crowd or detonate a bomb when a sufficient number are present.

    What is the point? RFID technology is far from being hack proof.

  12. Defense on Ask Slashdot: What Would Real Space Combat Look Like? · · Score: 1

    Unless people are capable of being long term self sufficient outside the planet the answer to winning any space war is nuking earthly targets.

    What if you could design a cushion hull fat enough to absorb the energy of incoming projectiles or smart rocks on a collision course? Maybe some kind of molasses blob designed to transfer kenetic energy at a controlled rate.

    You could also shape the hull to have massive surface area and effecient heat transfer layers to mitigate the effects of laser attack.

    Given distances time/involved, lack of air, dust, fog and cost of propellent for offensive weapons some sort of phalanx like device might be quite a bit more effective in a space based battle cruiser.

    Before there can be a space battle there has to be something in space worth fighting over.

  13. Re:Oh come on. on LightSquared Hires Lawyers To Prep For GPS Battle · · Score: 1

    The FCC had an obligation to not dick LightSquared around. No clue why they did, but they did. It's not the GPS makers' fault, they were there first.

    How did the FCC dick LS around? The spectrum was purchased with the knowledge it could not be used for ground stations. What promise did the FCC make that was not delivered?

  14. Re:What this is really about! on LightSquared Hires Lawyers To Prep For GPS Battle · · Score: 1

    I've designed highly focused radio systems using very similar technology. The difficultly in design goes WAY up but on the other hand when you trying only focus in on a small band you should ONLY be looking that band and nothing else

    You sound like a physicist who thinks they know everything about biology. What do you know about GPS? Do you realize it operates *BELOW* the noise floor? What do you know about intermodulation interference?

    If the spectrum doesn't get used now it will in the future and we'll come to the same issues then.

    Total nonsense. They are free to use their spectrum within the constraints stipulated when it was purchased.

    If you do have half assed work you'll always be redoing it later.

    GPS vendors should have known better than to think the FCC band plan would change abitrarily and increase their BOM and costs in expectation of something for which there was no reasonable expectation.

  15. Re:So let me get this straight... on LightSquared Hires Lawyers To Prep For GPS Battle · · Score: 5, Interesting

    * LightSquared gets an assignment of free spectrum

    One they had for a while and with terms explicitly preventing them from using the spectrum for terrestrial broadcast.

    * LightSquared invests tons of money

    Irrelevent.

    * The GPS industry has been violating FCC rules by not filtering out non-GPS spectrum _as they are required to_ on all devices. Independent tests say 75% are not FCC-compliant

    LOL what rules? You don't need to meet any GPS specific requirements or approval specific to building a GPS receiver. FCC only has say over units that transmit a signal.

    * The FCC performs tests with models chosen from said 75%

    There is no such thing!

    * The FCC states that the risk is too large and destroys LightSquared's business model, assets and tells them they are not allowed to use their spectrum.

    They can use their spectrum as long as they do it within the limits stipulated when they purchased it including the ATC integrated services rule.

    In my opinion, the willful neglect by the GPS manufacturers requires them to fix it at own cost.

    All of the points are factually incorrect. Please take some time reevaluate.

  16. Re:Oh come on. on LightSquared Hires Lawyers To Prep For GPS Battle · · Score: 1

    So what your comment says is that because LightSquared is the loud music neighbor analogy which GPS makers would come up with from the story you linked, they (LightSquared) are in the wrong? I disagree. I prefer the much more accurate analogy that GPS makers are the ones that built their proverbial "patio" into LightSquared's property before LightSquared owned it and moved in. Quoted below from your own link

    Your analogy is lacking...

      They did not build a patio.. They built an underground water main. When LS purchased the property they purchased it with all of the terms and condittions which applied including the easement associated with that water main (ATC integrated services rule) ..

    Lightsquare is asking permission to dig into the water main against the condititions stipulated when the property was purchased. The response they got was a resounding HELL NO.

  17. Windows CE 2003... on Flash Memory, Not Networks, Hamper Smartphones Most · · Score: 1

    I remember with the old versions of windows CE it was basically like knoppix with a fused file system to ram. If the devices battery died or the OS crashed all of your data went with it. They had a separate backup battery but obviously this didn't stop your data from disappearing on a regular basis. One thing I loved about the platform between XIP and your data in ram all file operations at least were instantaneous no delay and no worries about burnt out flash.

    Given the capabilities of modern hardware it is a bit sad to see quite a bit of capability wasted due to laziness all-around. Caches, ram disks..etc help but really are not the answer. The applications data tier need to be smart enough to at least minimize random writes even if that means giving up some level of reliability in persistant storage. Browsers will still work just fine if the device crashes in the middle of setting a cookie. Make it part of the platform/APIs so developers have access to the best tradeoffs.

  18. Re:So can we jail CA seismologists next time? on US Seismologist Testifies Against Scientists In Quake-Prediction Case · · Score: 1

    Did California seismologists state that there was "no danger" from an earthquake? Did California seismologists cause people to ignore commonly accepted safety routines by their statements or actions? Maybe the next time you try to draw similarities between two situations, you can read a little and not be so ignorant! We can at least expect you to read the caption under the pictures, can't we?

    Read, you mean like this quote from one of the accused scientists? "It is unlikely that an earthquake like the one in 1703 could occur in the short term, but the possibility cannot be totally excluded."

  19. Two problems on US Seismologist Testifies Against Scientists In Quake-Prediction Case · · Score: 1

    First problem is suing the weather guy for unnecessarily ruining your plans. Predictions sometimes fail because they are predictions. They are not statements of facts. They are guesses based on best effort analysis of avaliable data. You can make the same case in reverse. The weatherman said it was going to snow yesterday and the day before that and it never did. So today when he said snow again I did not believe him and as a result I did not get up early, got snowed in and lost my job for failing to appear on time. Second problem is allowing the legal system to settle scientific issues. It does not work. Never did never will. What you can get an "expert" to say has no real effect on reality. On the other hand those 5000 scientists signatures should mean something? If these scientists are found guilty then Italy deserves to have no seismologists to ever say anything to the public ever and the public deserves what they get as a result.

  20. Re:I hate to defend Monsanto somewhat, but on 300k Organic Farmers To Sue Monsanto For Seed Patent Claims · · Score: 2

    Yes, I have no doubt that some organic farmers are being caught up unfairly in the dragnet. But I also can't blame Monsanto for having these much-maligned "seed police," because there are plenty of farmers out there who would gladly fuck them if they could. Sorry if that complicates the "Noble Farmer vs. Evil Corporation" black-and-white narrative

    I have a feeling the last thing the overwhelming majority of organic farmers want in their fields is monsanto demon seed. Afterall organic GMO is an oxymoron.

    Monsanto creates an environment where those following traditional seed selection practices can no longer compete. Farmers are required to pay to stay in business and anyone who does not pay is accused when their invasive species takes over.

    Meanwhile we have Monsanto tweaking gods creations in subtle ways and contractually offloading all responsibility for the predictable and inveitable consequences to the farmers.

    Legal structures and common sense simply can't exist this disconnected from reality without society having to eventually pay the consequences.

  21. Something aint right... on Doctors "Fire" Vaccine Refusers · · Score: 1

    It must really suck to be a doctor sometimes having to put up with "customers" who think they know everything. Especially when that knowledge is fringe / conspiracy / whacknut / nonsense they got from Joe Bigfoot off the Internet.

    I am glad there is public awareness and pressure on vaccines to make it as safe as possible and prevent recurrances of previous issues... but refusers are still dangerous idiots in my view.

    From a market perspective the only thing worse than a conspiracy whacknut customer is no customer. Why do doctors feel they can get away with this? I'm sure there are limits to the types of customers any business will tolerate but why is it a growing trend? More people living on the Internet?

    Why is Medicine immune from cost competition? Scarcity of doctors? I'm sure this is true to some extent but the phone book is full of doctors.. I've long suspected the real problem is insurance reinforcing the need for itself. People don't know what the cost of something is in advance and even if they did know that knowledge is useless because the effective cost actually paid by insurance is different than the more insane cost published when you ask.

    If insurance did not exist and people paid for stuff themselves I'm sure some of the absurdities and waste induced by lack of cost competition would be gone...not that I'm advocating... but the costs and bloat are reaching well into the land of absurdity.. I believe lack of cost compeitition is really core to the doctor firing their patients problem. No industry deserves to be soo well off that it can AFFORD to act that way.

  22. Late arrivals at the desalination party on Battery Turns Saltwater Into Drinking Water · · Score: 3, Informative

    Just the other day it was discovered water magically evaporates thru sheets of graphene about as fast as you can pour.

    Kind of makes it difficult to see the point of experiments involving basic chemistry with lousy effeciency falling off a cliff as concentration of salt is reduced.

  23. Re:and where is exactly the problem? on Journalist Arrested By Interpol For Tweet · · Score: 1

    No, what's important to understand is that the Muslim religion is a plague on the world no matter what their own justification of barbarism is.

    Why do all of the major religions expressly forbid mortals from speaking for god when they are universally institutionally ignored? "God told me to do x" "god says you should do y". "God wills you to give me.." "country x is blessed by god" "action x is contrary to the will of god"

    People don't really care about "god" they just care about power and controlling others. Religion is simply a vechicle of control. If not religion there would be another device to fill the void with the same outcomes.

    The problem is not relgion. The problem is actually barbarisim itself.

  24. I don't care.. on Microsoft Details Windows 8 for ARM · · Score: 1

    I don't understand why Microsoft is racing off a cliff to be just like Apple nor do I care.

    I will not purchase anything remotly like apple i*. If people like having the OS vendor dictate what they can run on their own devices they paid for then they deserve what they get.

    Look at the previews of Win8 MS... **everyone** thinks metro is crap and unusable.

  25. Re:Tough to crack... on Pasadena Police Encrypt, Deny Access To Police Radio · · Score: 1

    I work for a PD that has an encrypted radio system. The first generation used 56-bit single-DES encryption on the 8khz PCM encoded audio stream. That would've been fairly easy to crack given today's computing power, but not back then. These days the encryption is 168-bit 3DES, which is considerably more difficult to crack. Our next upgrade will employ 128-bit AES with keys rotated using an algorithm driven by a GPS netclock system, Your local jr college comp-sci kids ain't gonna crack that in their entire lifetimes.

    Funny thing about crypto is that it often is not necessary to attack the crypto to have your way with a system.

    Using the wrong block chaining algorithm? Using a VBR codec?
    AES implementation without blinding?
    Key management problems?
    Group keys shared by hundreds? thousands?

    As far as key rotation goes it just makes things slightly more difficult. Key rotation did not prevent TKIP from sucking did it? If you can derypt the initial conversation you know enough to defeat key rotation.

    Radios with GPS clocks used in self organizing systems to provide timing for shared access schemes are just another attack vector allowing the communication channel to be interrupted by denying access to GPS which is trivial to do.

      If GPS is only used by base stations then if the base station goes out it is like a cell tower going out everyone looses the ability to directly communicate with each other during a disaster.