Re: Just a DDOS?
The packets are using a spoofed source, your servers replies are the attack.
173 posts • joined 11 Jun 2009
The packets are using a spoofed source, your servers replies are the attack.
If the CIA wanted him dead, he would be dead. Russia or not.
"One thing that appears to be missing from the IP protocol is a concrete way to indicate network congestion to endpoints by signals originating at the affected point in the intervening infrastructure."
There's always ECN, although there's the problem that some NAT routers discard every TCP packet that has that "unknown option" of "I support ECN". Apparently apple are going ECN enabled by default which might be interesting.
"It is achieved by ramping up the packet rate until the round trip time starts to increase, as that is when the packets start to fill the queues in the routers along the route."
Detecting congestion has nothing to do with monitoring latency. Increased latency will not cause TCP to slow down - it will assume there is still more bandwidth and keep increasing the data rate until the buffers completely fill and start dropping packets. Oversized buffers in networking equipment is a serious problem.
You begin by commenting "when you lose power to your house, you can't use internet anyway", then admit you have your gear on a UPS and therefore you yourself are an example of where this is not the case.
I have my modem and one of my wireless access points on UPS power and my main computers and home servers are all laptops with internal batteries. I haven't actually had a power cut since getting VDSL so have no idea what would happen to my internet connection in an outage, but in theory if BT are doing their job properly and putting batteries in the cabinets I should stay up. My main systems and hosting infrastructure is tested to remain fully functional for at least 4 hours, and things will degrade to 1 access point with emergency internet access for the next 48 hours - although I doubt they have 48 hours worth of battery in the cabinet.
Because their official role is what I would call a technical role. While they have limited enforcement powers their role is basically to ensure the continued operational stability of the internet by maintaining the registries that everyone else uses to enforce "law and order".
When they decided to release the piles of new TLDs for financial reasons, the entire technical community opposed it because of the huge risks to the stability and proper functioning of a very critical piece of Internet infrastructure. There were numerous concerns including potentially very serious implications that ICANN hadn't even considered, all were dismissed without discussion.
It's a bit like having a police force who respond to a video of someone being murdering with "I am not aware of anyone being murdered, and I'm too busy to watch your stupid little home videos, go away and stop wasting our time".
That is why it needs fixing.
If you don’t mind spending <£5/year for a "professional email address" then you can have email@example.com instead of needing a "special character".
As an example a few years back I had to add a rule to auto-delete all email addressed to beatthatquote@mydomain (apparently they have now been acquired by google, who at least dont sell client lists as far as I know).
be warned, if I ever start receiving spam directed to elreg@mydomain I will know who has been naughty!
Their "backup MX" service won't help if the primary provider is still receiving email but then deletes it from their infrastructure. A backup MX is also not needed for a 13 hour outage, as the origin mail servers should spool the messages for several days before considering them undeliverable and notifying the sender to try again.
"because transactions between users are structured in such a way that calls for the involvement of a third party".
If he wants to try and rule based on technicalities of how the system works, he should probably get several people experienced in understanding complex network protocols to analyse both the banking system and the bitcoin transaction mechanisms and come to a consensus on the similarities and differences first.
For example is this is a reference to the fact that a transfer is verified by publishing a cryptographic verification to a distributed log as it reads to me then I think he'll find that bank transfers are verified by publishing them to a third party "clearing house" database. A fraudulent bank transfer is actionable in court last I checked.
If your "defence" for your actions is "I was an idiot and spoke without checking if I knew what I was talking about and acted without thinking of the consequences", I am going to judge you as an idiot who speaks and acts without thinking, and I am not going to assume that what you are telling me today is any better researched than the previous nonsense you admit you were making up. It's called a reputation.
I "grew up on the internet" when it was full of professionals and academics before facebook and such. If I made a fool of myself I was respectfully mocked and took note to do my research before "acting like an expert" so I would say something more intelligent next time.
I have scrapped my "teenage identity", however if someone did find my old activities I am happy to defend anything I said. The way I said some things might come across as immature, however I can explain that the nature of the interactions and the way the person was treating me lead to an emotional reaction and can generally point out their messages were far more offensive than mine. I then alter the conversation on to the intellectual content of the messages, which was always well reasoned and researched before posting.
Unfortunately the Internet is not the same place as it was then - If whenever you post factual information that someone doesn't like you get bombarded with "you dunt know what ur talkin bout if you fink that, shut up", you aren't ever going to learn the art of constructive conversation, you are just going to learn to "ignore idiots", including "idiots" who have a valid point.
"And there will be organisations that tell their users "don't click on suspicous attachments" and then email important pay/pensions forms as word doc named PDQQ-6756-BHG.docx"
My bank sends me monthly emails saying my statement is now available online, with a "convenient" link to the login page to check it. Fucking idiots.
A safe should "fail secure". If a failure causes the safe to fly open then all I have to do is trigger a failure and I get your cash. If your safe fails secure then if I can trigger a failure all it means is you need to waste a few hours with a drill to get at your cash, which will also encourage you to replace the now-broken safe with a better model.
The only reason we're still abusing antibiotics is because they are expensive...
If you have trouble remembering your own name, how are you going to remember that you even work for XYZ corp? and then when you've logged in, what is your job? what are you meant to be doing? and how do you do it? what do you click?
If you can't remember a password, you are very unlikely to be compitent enough to actually need a password for anything.
When chroms came out I switched from firefox to chrome to get the huge speed improvements. I have recently converted back to firefox in order to take advantages of the superior speed and performance of firefox... i kid you not, chrome got to the point where a clean install you'd type "google.com" and press enter and it would freeze, start hammering the hard drive for 5 seconds, then start resolving the domain... yes START resolving the domain, as in the very first thing that it needs to do and the thing it should have started doing before you've even released the enter key.
At university the profile directory is stored on a slow file server... meaning chrome basically doesn't work at all there. It used to when they first installed it, but it has updated itself since then.
They went from being the fastest to being totally unusable. And they didn't add a single useful feature in the process, just fucked around with things for the sake of it.
how is data processing by companies in any way shape or form even slightly related to police persuing an escaped criminal?
why are the authorities going after uber? they aren't actually in those countries violating their taxi laws, their drivers are... if the police order a taxi from uber then arrest the driver for operating an illegal taxi service and national media start reporting that uber drivers are going to goto prison... they don't need to arrest a second driver, because uber won't have any left...
Who seriously uses ISP supplied email? you're stuck with that ISP, if you change you have to re-register accounts all over the place with your new email address. Just use gmail!
Some out of the box thinking here, but they hire incompetent people who are motivated to do a crap job (the longer it takes, the more updates, etc the more they get paid)... you can also get loads of inexperienced people who are motivated to do a good job for free - students!
approach a university, they have software development courses where they make their students create software projects purely for the experience of making it - give them your system requirements and let them set that as an assignment.
the students will have to make a system as part of their course so it's no extra work for them, but at the end of it you get 200 students with 200 versions of the software you require - so then you just have a look at them all, out of 200 attempts you are bound to get at least a few decent examples... offer to buy the system off them for £100,000, loads of money to a fresh graduate, peanuts to the government!
If a business can afford a leased line, perhaps they can spend that money on multiple low grade ADSL/Cable links instead, combined reliability should be better...
"All very true: Netflix and the like provide the majority of eyeball bound traffic in the US. Why shouldn't they pay carriers for the massive amount of traffic that they are dumping on them?"
should my ISP be paying me for the massive amounts of data I request/they dump on me, or would that be silly?
It's worth noting that they expect government customers, and nobody else.
Then they can go after them for money laundering or some other serious criminal charge because they falsified their paperwork... (unless you think visa have no way to know which company asked them to charge the credit card they signed up to the VPN service with?)
From the 'adobe' reference in the article i'd guess about the same time flash became part of HTML5? oh...
I can never understand how these companies end up getting paid. Which civil servant was authorised to pay out $6mil but was able to spend over 100 times the amount? Whose signature is on the payments, and who gave them the authority to make the payments? I'm sure you can tell where i'm going with this if it turns out someone was taking money without authorisation, and if it was actually authorised then that raises even bigger questions...
Except in this case the files directly in the my documents folder are mostly inaccessible and you can only use subdirectories, but companies still want to put their files there...
If you dont want them globally addressable, use local addresses instead. This isn't IPv4 - all v6 devices get dedicated local IP addresses that can't be accessed remotely, as well as the optional globally routable one(s).
What would you rather have, an agent who can read some of the messages and maybe send a summary, possibly a copy of some of the messages? How about a copy of all of the messages, without worrying about your source getting caught and turned/shot?
Lack of standards isn't the reason your ISP doesn't offer that service, it's because you are using an ISP for low bandwidth users. If you select an ISP that caters for heavy users then you'll find most of them offer line bonding options of some kind (some will even bond VDSL lines), of course they also expect you to use the extra bandwidth so it's not going to be as cheap as an ISP offering you a "check your facebooks" connection.
Funny you should mention PPP, as that's the most obvious (although not only) way to do it - PPP has built in support for multiple connections creating a single logical pipe, works with bog standard PPP equipment that is already deployed and doesn't require any new standards or new devices. Used to be quite popular for bonding dialup connections together.
Call it a "stupid tax" and it sounds fine to me. If keeping your servers up is that critical that you'll throw £40,000 for a possible extra week or so (nothing stopping them taking the cash and shutting it off anyway), why don't you have a backup you can switch to?
The reason the government doesn't do what most people would recognise as the obvious cheaper better option is actually quite simple, those options are better for private companies/individuals but the government doesn't operate like a normal company and the usual incentives are reversed.
If a project goes over budget then the project manager can now put down a £200mil project on his CV instead of a £100mil project.
If a departments staff and have a huge backlog of work, they are obviously overloaded and under funded and the department needs a bigger budget for more staff, oh and as the number of people in the team has increased obviously the manager needs a pay rise to reflect the increased responsibility, etc.
That's why government projects manage to blow through huge piles of cash without ever achieving anything, they are rewarded for blowing through cash and punished for achieving anything! That's before you even start on the companies circling the gravy train sucking it dry (with full government support).
google can probably deliver the content for free anyway over peering links to france telecom's upstreams, however they are still paying infrastructure and delivery costs, and delivering locally to france costs requires them to purchase capacity from providers and interconnect locally, they likely have connections to all the local IXs for local traffic delivery.
If they can peer with an ISP 10Gbit ports in a couple of datacentres directly on a major providers core network, they can probably get similar pricing as their IX capacity or peering capacity to their upstreams if it even exists locally, so if it costs around the same but performs better to those users then it makes perfect sense, it makes even more sense when you're talking a few million on budgets of billions...
I think a few petitons to officially recognise the work of historic figures have been accepted. Not sure about any that ask the government to do anything more than reply, anyone?
they're too busy calibrating and adjusting their printers to notice this article
that was my first thought, most of the stuff they get will have been seized somewhere else, processed, then spend several days being trasnported before it arrives there, and i bet it won't be put in a faraday cage until it gets there.
posted from my account registered with the email address firstname.lastname@example.org, which has received no spam - unlike email@example.com for example which has had 139 spam messages (yes pharmacy ad type spam, not notifications for some account) in the last 30 days, i have several such addresses auto-filtered and know exactly who to blame for the spam, almost all of it is easily identified (can't do much about addresses in whois databases and public websites, then i just use per-site addresses so i can filter it if it gets too spammy)
It is both the best porn you have ever seen, and the most disgusting thing you've ever seen, at the same time.
isn't that like responding to the announcement of the first portable computer by saying these things will never be that portable - if such crazy ideas had merit then why would people have computers the size of entire rooms?
If they have 5 versions of the file stored, and you put in a request for all 5 versions then I would assume that they would have to comply as you are requesting something they hold?
The only circumstance where I would think there might be doubt is if you didn't specifically request all versions in which case I think they would probably just assume you only wanted the latest one. I wonder if there is any obligation for them to request clarification in this case? or if they merely need to use their judgement as to what they think you're asking for (which for 99.9% of requests will probably be the latest versions)
perhaps if they wanted people to be interested in technology it should be more reachable - i recently tried to purchase a load of ICs to play around with and it can be quite a challenge finding things in a big enough form factor that you can actually do something with them without needing robotic arms to mount the components on a PCB...
they never said BT was the cheapest, just that it is cheaper than what they currently have (so it's the second most expensive option)
because if your small business wanted to make the world greated word processor, you're not allowed because microsoft already patented word processing software. or perhaps you want to be able to have your application contain more than will fit on a single screen? but scroll bars have been patented, as have buttons for switching between multiple windows, and any other even slightly obvious method of doing that.
Copyright is "it's illegal to steal my work and claim it as yours", patents are "it's illegal to make a product that competes with mine". Patents should not apply at all to software, we have copyright protection for that!
Technically they are saying that nothing has changed regarding what law enforcement are allowed to listen in on as a result of the architecture change, it makes no comment on how much they were allowed to listen in on before only that it hasn't changed since then.
The call technical info tab will also show if a call is going directly or being relayed through supernodes (needs to be enabled in options, then the option appears on the menu), i'd only be suspicious if all of your calls are being relayed even though you have global reachability (inbound allowed through firewalls/forwarded through 1:n NATs etc).
Theoretically that tab could lie about it and claim a call isn't relayed whilst it is, but so far i've not seen anyone claiming this can happen - and this would require sending a "you are being monitored, lie to the user" signal to the client, whereas forcing all calls to relay can be done by the supernode quite easily without the client being aware of it.
Surely you mean they must have been using <insert readers ISP>? (judging by comments on most ISP related articles it seems most readers seem to chose to give their money to ISPs they think are a load of crap)
except if they did combine all their networks in to 1 network then if you didn't have a signal then the option of using a different network that does have a signal would be gone - along with the incentives to provide better coverage than your current provider to take your custom
I suspect this is because OSX users are used to things not working properly for them due to their choice of operating system. If someone told me that it was normal for things to not work on their chosen OS, I would probably suggest they try a better OS.
Although that is probably countered slightly by the larger than average number of single person households amongst the readership...