Comment Another False Technology Headline (Score 1) 254
If Slashdot editors can't even get the technology headlines correct, how is it better than Reddit, Fark, or any other news aggregator site?
Damn you guys have fallen far.
If Slashdot editors can't even get the technology headlines correct, how is it better than Reddit, Fark, or any other news aggregator site?
Damn you guys have fallen far.
Where life's emissions are easily detectable.
I'm not so sure I'd want to make contact.
Go to your local observatory on an open-house night and get a free look through the lens. There are usually amateurs set up with their own equipment outside and will allow viewers too.
If your kids can stay up late and stand in the cold without complaining, they're ready for a telescope.
Not surprising as Slashdot has resorted to becoming a clickbait website for their flagging readership.
10 years ago, there were regularly 800-1000 comments on articles. Now, a highly commented article gets around 200.
It's a shame that the editors have stopped doing their jobs and post anything without checking it (at best!). But this isn't the first time I've seen it.
This submission is obviously false, and it needs to be pulled down or with the inflammatory and false sentence deleted. Since it's been up for hours, and there are numerous posts above that debunk the submission, it leads me to believe that Slashdot wants the clickbait and is leaving it up on purpose.
Do the right thing. Pull the article. Save what's left of your reputation, Slashdot.
The parent needs to be modded up and Timothy needs to mod himself down for allowing such an inflammatory, unfounded submission blaming the Chinese.
It is no wonder readership is down over the last 10 years.
Thanks for replying to my post instead of keeping the non-brilliance of my ideas to yourself. My biggest concern when writing that post was that I was talking to myself. I'll attempt to address your concerns one by one.
You're... welcome?
Just about all ISPs and backbone carriers carry full tables and many large organisations do as well for multihoming purposes.
Then I misunderstood you. I thought you were repeating what others have said earlier, claiming each router carries a complete copy of all the routes on the Internet, which of course isn't true.
Now that we have that cleared up, I'll snip out parts I don't need to reply to.
Your bitcoinesque solution for IPv6 allocation would make things worse.
It seemed like a technical solution to avoid the politics of Internet governance. I admit it wasn't well thought out, however I am curious how it would make things worse by allowing a small block of IPv6 addresses to be allocated in a decentralized way and adding cryptographic integrity along the way.
Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.
I should have been more specific; I was suggesting originating advertisements would be signed as opposed to transient advertisements.
You are asking for DomainKeys but with routes. That is too computationally expensive right now and would require too many lookups and time. Perhaps somewhere down the line when the big iron routers catch up with CPU resources vs line speed.
Routers that speak BGP are on the ISP and backbone level,
Medium to large organisations also use BGP to advertise their address space to their ISP(s).
Not to your home router.
and are physically secured.
Originating BGP route advertisement signing is not intended to supplant physical security measures.
I'm aware of the difference between remote access, console access, and physical access, and hardware vs software.
Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it.
None of this would really be necessary for a home user as their ISP would be doing all of this on their behalf.
That's what I just said...
To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.
To announce rogue routes, one only needs an ISP that doesn't filter incoming BGP advertisements properly. It seems apparent as the Internet grows there will be more and more BGP peerings and as a consequence of that not all of them will be competent or aboveboard with their implementations.
You're just restating what I said. I guess I wasn't clear, but I'm also assuming a best practice (or as near as possible) implementation, because there's no use talking about security if people are going to leave the front door open, right? It's not even a discussion at that point.
The Resource Public Key Infrastructure (RPKI) is a step in the right direction, however seems to be mainly for preventing mis-configurations from causing outages. Someone with malicious intent need only use AS path prepending to bypass this protection.
Again, anyone with access to the routers can do this right now. Any organization that doesn't shut its front door can have this happen. This can be solved through best practices. This isn't e-mail. Even if you got people on board for this, it would take a protocol revision AND all new hardware for everyone. It's not going to happen anytime soon.
Don't take it personally. Your offered solution for route signing (whether you wrote them or not) just isn't feasible right now.
I've been a Cisco networking guy for 10+ years
Then you'll realize it only takes one router to constantly flap routes to ruin everyone else's day. Hey Traffic! Over here! Nope, go over there! OK, over here now! Wait a minute, go over there! and on and on...
No one router has a "full table" of all the routes. The routing protocols and the engineers work to make sure the tables are as close to lean as possible.
Your offered solution isn't necessary.
Your bitcoinesque solution for IPv6 allocation would make things worse. Plus, networks transit other networks all the time, meaning one network can advertise a prefix they don't own, legitimately.
Routers that speak BGP are on the ISP and backbone level, and are physically secured. Your home router doesn't speak BGP, and if it did, your ISP's router would ignore it. To announce rogue routes, one needs to hack into the ISP and backbone peering routers -- which happened recently, but is rare.
Math is like love -- a simple idea but it can get complicated. -- R. Drabek