- Load balancing two internet connections without any cooperation from the ISPs.
technically speaking, two routers with two public IP's, each with half the office behind them each is "load balancing". if you don't want a cheep hack form of load balancing (where connections are handled properly based on line load) talk to your ISP. they're happy to help.

- Making example.com:21 and example.com:80 be separate servers.
(in the cisco world) create an ACL patching each port, and set them on a route-map with the next-hop being the server(s) in question.

Conversely, making example.com:80 and example1.com:80 be one server while example.com:21 and example1.com:21 are another server.
EASY to do with a load balancer. (though many will say it's basically the same thing.)

- Transparent proxies.
already covered in the comments above. your router can easily move flows of TCP port 80 traffic to another destination.

uhhhh, easy? either just forward the HTTP flows (either by just rerouting port 80 traffic, or through packet inspection) to a different host at your gateway, or transparent proxy after your gateway?

it blows my mind that people don't understand the basic idea of routing. your traffic originates from an IP, and flows where it's told it can flow. if it needs to leave the layer 2 segment, it sends the traffic to it's default gateway and awaits the return data.

any router worth it's power requirement should be able to route traffic. tell the router what internal addresses get routed where and bam!, you're done.

Schwing!

I'm already getting people asking about buying /29's and /27's from me. I keep telling them the address space isn't marked as ISP space, I can't just give it out!

(though, at this rate, maybe I should think about it!)

Rather random "the more you know", all of wikipedia runs on linux.

http://meta.wikimedia.org/wiki/Wikimedia_servers

This is no different then coal, lumber, hydro, or any other form of power generation. you're saying that if you take a material that has a huge amount of potential energy and cause it to undergo a reaction that consumes that fuel, it can perform work.

in your lighter example, give me a functional use of the process. in any long term reaction, you'll eventually run out of fuel and have to start using the energy you released to bind new fuel at a net loss.

thus, you can only release as much energy as you put into a system, but likely you only get a portion of that energy while your process itself consumes a portion.

I assume Insurance companies would LOVE a "do not track" header. they just start tracking who uses it, and increase their rates!

Uhhh, last time I checked standard print density stated that a 2560X1920 image (or 5MP) can be printed to a minimum level of acceptable print detail in larger wall sizes at 175DPI.

10"x14" is not at all 30"x40".

Being somebody who captures images in a variety of forms, and produces final products from those images: 5MP is not sufficient for any semi-professional blowups. that's completely not to mention some of the interesting+useful crops you can take from those images years later after you've looked at them every night.

Please, somebody with mod points push this guy up.

This!

I've worked for a number of people in my life: and I've told the ones who would reject an employee based on their youth that happen to be available on the internet to go fuck themselves.

I'm happy to take a pay cut if it'll change somebodies bad habits. I'm sick and tired of the constant attempts to prevent kids from having fun. Just because you never got to go to parties and get drunk with friends is not a valid reason to not hire people that did.

This, a million times over.

people need to stop thinking of web apps in terms of "Internet explorer users". people FINALLY moved into the idea that you MIGHT have to support Firefox+IE, but need to stop thinking of the browser as a single platform.

The point is that a LARGE portion of the world runs on linux. whether it be the embedded software running in your router, or the cache server you're pulling data from at this moment.

Linux is everywhere: the reason people don't bother exploiting it is because it's so easy to sandbox a machine and see exactly what's going on from userspace all the way to kernel land.
once you know how an attack works, it's easy to fix the issue. In the open source world, patches/fixes can be released/deployed in minutes/hours, rather then weeks/months.

The difference is not that there ARE NOT EXPLOITS, the key is that anyone can fix them.

One of the key's in what makes people target desktop users is the old saying "attack what has value". The PCN transaction machines in most major networks contain a LOT more value then the likely-already-maxed-credit-cards of most end users.

Really? I'd like to know where you get your stats from. According to numerous sources, including W3's OS Statistics ( http://www.w3schools.com/browsers/browsers_os.asp ) DESKTOP linux users number about 5%. and that doesn't include the VAST number of servers.

Linux in the server market outnumbers windows. http://en.wikipedia.org/wiki/Usage_share_of_operating_systems in the last few months "Linux/unix and variants" passed 50% of ALL server use.

with most of the people in Internet Security working on a platform that's NOT windows, there's good reason it's as well secured as it is. (that and anybody can find/fix a bug in the open source world. but that's another topic entirely ;)

to whom? what you have to keep in mind is that computers operate as single minded entities. when you approach a machine like that: security is currently an afterthought. this tells me that there is somebody that holds access above the other users, basically missing the point here.

Again, that means that there's somebody administering the logging system. and I almost assure you that even if their logins are listed somewhere: they have full access to remove those entries and make it look like it never happened.

as a hypothetical situation, say I have a machine that stores credit card numbers on a DSS approved network that's locked down in the ways you describe above. at the admin level, it would take me minutes to provision a machine to replicate the target. I don't mean replicate as in contents, I mean replicate to the network view.

the replicated machine can be tunneled into place and act as if it was the machine in question. as the admin: I already know what traffic flows the machine needs to produce on a regular basis (SNMP uptime's, network traffic counters, heartbeats, etc) so I can inject artificial traffic in it's place.

at this point, I can reverse firewall the unit preventing it for calling for help or reporting the changes I make. I can snapshot the drive and move it offsite, while making the changes to the snapshot to remove my presence from the machine and set the loader to write over itself with the snap. reboot into the snap and pull the zombie as the machine comes back up:

and what will the monitoring/auditing/reporting software see? nothing. everything will check out, MAC addresses will match, SNMP keys will match, even the statistics reported will look like they fit into the graphs.

Until CPU's are made to understand the "two key" approach to authentication, any machine will be susceptible to weak physical security.

This.

if you can't trust the person at the top: then either they don't deserve to be there, or you need to find a new job.

when you're the person at the top: you better have earned the trust and respect of those under you. Subverting it does nobody any good in any long term.

is it terrible that all that makes me imagine is kids trying to become sick, so they can get a ride in space?