Posts by Robert Brockway

Life expectancy

A lot of people here are mistaking average life expectancy with the age that most adults die. They are entirely different. People in ancient times routinely live in to their 60s and 70s.

Some years ago I read that the average lifespan of a Roman citizen circa 1AD was 21 years. Did this mean that a lot of people were dying around 21? No, most people who survived childhood made it in to their 60s. The difference is infant mortalty. Almost all of the advancement made in human lifespan has been by severely reducing infant mortality.

Not Hollywood

Interesting comments on lack of originality. There are plenty of original ideas out there but they aren't coming from Hollywood, in fact Hollywood is doing a good job of supressing them. Go look at independent cinema.

Why twitter?

An email to SMS gateway would work just as well and would have the added advantage of being private.

@Publishers and Consumers

The main problem with delivery from a non-business connection is the lack of a static address. A lot of ISPs specifically forbid the running of services on these links in the AUP and port scan to check for compliance (normally excluding ssh). While asymmetric bandwidth is a contributing factor the upload speeds for most broadband links is more than fast enough for the popularity most sites would achieve.

@Pete

MS dominates the desktop for sure but it doesn't quite dominate the world. Go through a data centre sometime and checkout how many boxes are running Linux, FreeBSD or some other version of *nix.

Caveat: You'll probably have to ask the owners in most cases but some boxes always sport a Tux, Debian swirl or Beasty sticker.

Not surprising

As long as most organisations and individuals pay little or no attention to security what can we expect? Our entire society depends on secure computer systems and networks. It's time to pick up the game and be a little serious about security.

Huh?

"As usual, Nielsen doesn't share how it arrives at its numbers,..."

If I can't review their methodology I will assume their numbers came out off a lottery wheel.

@Ian Chard

Youre' quite right about how well known professional sysadmin organisations are, but it is tangential to the argument. FWIW, SAGE-AU is probably the one with the greatest relative success to date.

System Administration itself is a new profession and relatively unknown. We have to start somewhere building professionalism. Considering how important computers have become I expect we will see licensing of sysadmins within a few decades. Just as electricians are licensed today, so will sysadmins be in the future. The level of damage from abuse of the position will sooner or later require a step like this.

Forever is a long time

The author has made a classic mistake. He's mistaken some period of time for "forever". The computer desktop as we understand it today didn't exist 40 years ago and it might not exist in 40 years time. At the very least it will be very different to today.

If the author has suggested that MS might dominate the deskop for 10 or 20 years it would be worth arguing. But to say that no one else will ever replace MS. That just tells me the author needs to get a better perspective of the passage of time.

Th author is right that familiarity is what keeps people to MS-Windows at the moment. I had figured this out too. The thing is this familiarity changes over time. One example is netbooks which do sport Linux and are making people more familiar with the interface, but even that is immaterial for the reasons I mention above

Oh and that tech support example is unrealistic it does highlight an important point: If a company trains someone in how to do their job on an Linux system they should be no more or less happy than if they were trained to do their job on an MS-Win system. As long as they can do their job with the computer then the work is getting done.

OSS methodology

It's funny that people keep saying that WP uses the OSS approach when it allows anyone to edit. It doesn't. Most OSS projects are very careful about who can commit changes. The "commit bit" is a sought after prize in some circles. The key here is that the project name has mindshare. To get your code into the project with a given name (LedgerSMB, Linux (kernel), Bash, or whatever) needs the blessing of a core team member.

Applying the OSS approach to WP would mean that someone who disagreed with the approach of WP could take the encylopedia content and start their own project. This is indeed possible (sans most images) but has rarely been done due to the amount of ground work involved.

@Australia, Western?

Ah yes Australia is a western country. The term doesn't really link to geography very well. I think the best definition is "Western European countries and countries inhabited primarily by the decendents of western europeans".

Things to come

Like a lot of people here I've been in IT a long time. I've seen the distinction between hardware & software blur and it has worried me. When we have devices that won't even boot because of a firmware bug then we have a serious problem. MS are just lucky that the thing is going to recover when the clock rolls over (as per their own reports). Expect to see more and more reports of devices that just break and won't boot following firmware or software updates.

Idiots

The bad guys will just Google Earth from outside India, or *shock* *horror* use a VPN from within India. We really need people with a clue to be in decision making roles.

@What about....

Unfortunately forcing use of trusted DNS servers will only fix a symptom of the problem. Imagine if the "dhcp trojan" started advertising itself as the default gateway via dhcp. It could do any funny business it wanted including changing data or redirecting to the wrong sites again.

@Adrian Challinor

Along with the replies already posted, it is important to remember that Hubble has only a limited power supply. Running Side B when it wasn't needed would consume power they can probably ill afford to waste. While I agree that testing backups is recommended on Earth I can understand why they never powered-up Side B in space.

On another topic...

My understanding was there were going to be no more shuttle trips to Hubble as the shuttle now needs to have a visual review of the heat shield at the ISS during each mission and it can't reach Hubble and the ISS during the same mission (due to lack of fuel). NASA must have revoked this rule at some point and I didn't notice. How did they argue that the shuttle was just as safe for re-entry without the review of the heat shield?

*** Bring back the old penguin icon ***

Something isn't adding up

I have a couple of concerns:

1) We have no details.

2) I can't find any corroborating discussion in places like Bugtraq. or Full Disclosure.

3) The problem (if it exists at all) sounds like one that would come from an implementational issue. Even if the DoS itself is fundamental to TCP, whether or not it is necessary to reboot to recover must be implementational.

It's worth noting that so many TCP stacks are based on the BSD Unix implementation that there have been previous problems which were implementational and yet impacted nearly all operating systems (eg, TCP sequence number prediction maybe 10 years ago).

Practically unheard of?

"Incidences like this are practically unheard of on new phones direct from the manufacturer. We'll decide on a course of action after the investigation is completed."

Practically unheard of? Exactly how many times have they received phones from the factory with pr0n on them?

Snr Sysadmin

A couple of comments here.

1) 486 using 240V (AC). Back home in Australia 240V is the standard.I still have a 386 & a 486 (in storage) that run on 240V. I moved to North America and was stunned to see special 240V runs were put in for "big iron". hahaha :)

2) There are reasons servers are put in server rooms: power consumption, temperature, security, etc.

Leaving a $25-80,000 server outside a server room is a pretty bad plan. It is at far too much risk of theft, damage, etc.

Just because it runs on 110V or whatever doesn't mean the desk has enough power points or that the local circuit can take the current demand. Did these guys even think this through?

Why is this news?

This problem is inherent to the way BGP works. The article itself even states this. Why is this news and why did it get airtime at Defcon?

"Pilosov's innovation is to forward the intercepted data silently to the actual destination, so that no outage occurs." Is that what passes for innovation these days?

BGP has always operated on human trust (for better or worse). If we decide we want to fix it fine but let's not make out this is news or in some way new.

Full disclosure

When Debian got r00ted a few years ago they did full disclosure. Dancing around the issue by not stating the reason for the outage just (1) makes me suspicious and (2) makes me assume the worst.

Debian GNU/Linux, Zeus uses it and you should too.

Re: Outsourced email doesn't need to imply lax security

Hi William. You are quite right. Security is a risk assessment. Suffering a DoS is likely a lot less damaging than having information stolen though. The DoS will end but stolen information is gone forever.

I use alpine to read my mail and the only way to my MTA is to authenticate ssh using RSA keys. The box is locked behind a firewall too. Yes I could suffer a loss of availability or utility but I have assessed the risk and determined that it is a good trade-off.

I'm a sysadmin who takes a lot of notice of security (as all sysadmins should, imho) and I was really surprised to see these security researchers making such basic mistakes.

@ John Curry

"By that justification, I should be able to walk into my nearest Curry's, pick a new TV off the shelf, and wander away muttering some rubbish about 'outdated business models'."

As A J Stiles notes, stealing a TV means you deprive the owner of it, but this is not the case for software.

This gets to the very core of the issue. Stealing in law means to "deprive the owner of the thing of it". Note that it isn't even necessary to take it anywhere. If you walked into the shop and managed to encase the TV in concrete you could also be said to be stealing it (although in practice other offences would apply).

Stealing is a legal concept that simply doesn't apply to software itself. You can steal the media but you can't steal the software.

The widespread use of the world "piracy" for sharing software in contravention of the licencing agreement is really disappointing too. _Real_ piracy is a serious crime which involves murder, rape and theft. Real piracy continues to be a huge problem in some parts of the world (Red Sea, African coast, South East Asia).

What we are talking about is violating software licencing agreements. Let's keep that in perspective. Please stop referring to stealing and piracy because it isn't either of those things.

IANAL.

@Webster Phreaky

I'm glad someone asked why we are bothering with space travel as now I can issue my canned response. Space travel has been a huge boon to the world economy and has brought forth advances throughout science (including in medicine and food production).

Computer technology has had a massive boost and this is having run-on effects everywhere. Read up on "Bioinformatics" for a perfect example. "Computers: bringing the cure for cancer to a hospital near you". (ok i'm being a bit flippant there but I hope it gets the point across).

Space exploration has been claimed to return $3-7 dollars to the world economy in peaceful technologies for every dollar spent. I understand even may-sayers have been forced to admit a 3:1 ROI.

Weapons technology on the other hand only returns a small fraction of the investment as peaceful technologies. A lot more money is spent on weapons too.

Having research the topic I have concluded the money spent on space exploration is money well spent as it has a demonstrated history of making lives better here on Earth.

So the next time you want to say "let's not spend on space exploration" why not change it to "let's not spend on stuff that kills people".

@Andrew Kaluzniacki

AFAIK the jury is still out on what part magnetism plays in memory and/or brain functioning. If memory is based (at least partly) on magnetism then generating strong magnetic fields in the brain might corrupt memory. The worst part is the poor person probably wouldn't even notice (unless the corruption was so bad they got diagnosed with some form of amnesia). In any case you won't find me turning my head in any strong magnets.

@Mycho

I don't know where you heard that Britain is still having a baby boom but it isn't true.

Almost all developed nations are in natural population decline and have been for decades (only immigration is keeping the ship afloat). A few developed nations are just holding their own in natural population. The world's burgeoning population is all in the developing world.

The problem is that the natural birth rate is so low in the developed world that without immigration the ratio of tax payers to old age care recipients will eventually reach a point that the governments could not longer sustain their social welfare systems. This is why the developed countries are allowing so many skilled immigrants in - it isn't because they feel like giving a piece of the pie to the less fortunate.

This problem was predicted decades before it emerged (the downward trend in natural birth rates was pretty obvious) so I'm surprised more people don't know about it.

As an aside the rate of population growth planet-wide has been slowing since the 1970s due to resource exhaustion but this too seems to be a little known fact. The world's population will not continue to grow adinfinitum. The final figures keep getting revised but last time I checked the world population was predicted to peak at about 9.5 billion sometime in the 2nd half of the 21st century.

Costs and benefits of space exploration

I often hear complaints about the cost of space exploration (initially it looked like this article was going down that route). Based on the research I've done every dollar spent on space exploration has returned 3-7 dollars to the world economy. A lot of the computer technology we enjoy today can say a big thank you to the American space program.

What amazes me is that people criticise the cost of space exploration while largely remaining silent on the cost of weapons development and international arms sales. Vast sums of money are spent on arms and weapons development every year and yet the return on investment in terms of useful civilian technologies is quite low.

Let's boost space research which has had huge positive knock-on effects around the world, and cut back on making bombs. Seems pretty simply eh?

@Simon Painter

C'mon Simon, don't use that old myth. There is plenty of commercial support for Linux available, and this has been the case for many years. If someone stays away from Linux due to a lack of commercial support all it shows is they didn't spend 5 minutes on Google.

One great thing about OSS is you can "vendor shop". You can continue to use the same apps while having the option about who to get your support from. For many commercial apps the choice of who can support your product is very limited. Access to the source code is essential to complete support.

@Pavlovs well trained dog

These things are quite a bit different in real life when you encounter a large group of people who's motives are unclear. Terrified is a perfectly normal reaction - especially if the encounter is occurring in your own home.

@Brett Patterson

The nameservers for a particular domain really should seperated geographically and logically (network-wise). Getting a secondary nameserver is free or dirt cheap.

I sometimes hear people say "it doesn't matter much anymore". This is rubbish. Having all of your nameservers down is much worse than just having a service like your website offline. With all of the nameservers down mail to the domain won't queue, it will bounce and people visiting the website will see a message akin to "This domain doesn't exist". Non-technical users might be excused for thinking a company had gone out of business.

Run multiple namservers in different parts of the world. It's cheap, easy and saves a lot of hassles.

@Chris Cook

That's the problem with closed sources. We don't know. Someone with access to the source code would need to parse it through and only after obtaining an NDA I expect.

@first AC

First off let's remember it was a Debian screw up, not a wider problem. Even if the problem had been wider it would have been app related not OS related and that particular app runs on a lot of OSes.

Now to main main point: Debian has a patch stability and security record that is the envy of many a company. Just shows that no one is perfect I guess.

@ yeah, right

I think that is a big harsh. I'm a sysadmin and vastly more concerned about security than most people (including many IT types) and even I'm not going to be down on a company for having an exploit found in their code. Exploits are far too common all over but what counts in a case like this is how quickly they resolve it once notified.

Children of Mixed ethnicity

I see the concept of "hybrid vigor" has already been mentioned. This concept has been shown to be absolutely true in non-human animals.

It's a pretty contentious topic for humans - if scientists are researching it they aren't speaking about it very loudly. A major argument in favour of hybrid vigor is that different ethnicities are (to some extent) prone to different recessive genetic illnesses. A child of mixed heritage will be less likely to have these genes "line up" and will therefore _on average_ be healthier.

Like others here, I like pointing out that we are all of African decent if you look back far enough :) Certain types of people get very wound up by comments like this :)

@Simon Ball

Simon, it is normal for the police to try to coax a mentally ill person to come along of their own free if it is feasible in the situation. This is the case even if they have the right to use force. It is just better for everyone involved. I know this as I am a former police officer and talked many mentally ill people in to the back of a police vehicle so they could be transported to hospital for treatment.

Someone in her state was clearly a danger to herself due to an inability to provide for her own basic needs and the state had a right and a responsibility to act.

Huh?

Microsoft had to decided to get involved before EMACS could be recognised as important? Gimme a break :)

@evil tom

"the silly names and alliteration also help it stand out in the crowd. they are friendly, whimsical names. operating systems don't have to sound like the latest in cyborg hunter-killer tech"

Exactly. Just look at the code names given to kernel releases. They are really silly but hardly anyone hears about them.

I'm surprised at the lack of clue being shown by some users here

I'm a *nix sysadmin that works mainly with Linux & Solaris. I love OSS and do believe that the OSS model offers security advantages.

News flash: No mainstream OS in use today is very secure.

Anyone who claims that simply running a given OS will make their system/network secure hasn't got a clue about security. Perhaps some end users might believe this sort of thing but in my experience even the most inexperienced sysadmins realise that security is a bit more complicated than that. Security is a process that has a purely human component.

As for this exploit itself - it is a local root exploit. This isn't the first in the Linux kernel and it won't be the last. Every other OS has had equivalent problems too.

Spot on Adam

Adam Williamson is spot on. VirtualBox is a fairly well known tool among sysadmins.

As for the website - it is fine. Website glitz is a poor metric for application performance.

This isn't new.

This isn't at all new. Around 1994 I encountered a package which granted a free licence to anyone except for members of the Nevada state legislature and their immediate family members for whom a $50000 licence fee was payable.

Reading between the lines the author was a university student resident in Nevada who didn't at all like the state education policies.

PH because I think she went to Nevada once.

Backups have nothing to do with computers

As usual when we say how they should have had backups someone responds with "they don't understand the technology" or similar. Backups have nothing to do with technology - they have to do with data retention. Believe it or not data existed before computers were invented.

European monks in the middle ages did backups of their important data. They had to do it the hard way by hand copying the documents but they still managed to do a very good job of backing up important data. We can thank their hard work copying documents for us having so many ancient documents available today.

SSL Anyone?

C'mon guys, using a hosts file (and not trusting DNS) is not the solution to this problem. We have this little thing called SSL which was designed years ago to prevent problems exactly like this. The key is education - users need to know in broad terms what SSL is and why they need to get worried if the browser issues a warning to them. I often hear arguments about average users "not understanding this stuff". If they want to use the technology and not get ripped off they are going to have to understand it.