Please create an account to participate in the Slashdot moderation system


Forgot your password?

Comment: Or people could, you know, do their damn jobs... (Score 2) 57

by TaliesinWI (#48587413) Attached to: BGP Hijacking Continues, Despite the Ability To Prevent It

As the article points out, the only reason this was able to work was because one of the upstreams didn't filter announcements correctly. So instead of one provider doing something simple, the "fix" is for the rest of the world to do something complex?

Back in the day if a provider dicked around with BGP enough (either through incompetence or malice) they would find that eventually no one would accept any prefixes originating from their network. Kind of hard to have customers when the rest of the internet won't accept your traffic, isn't it?

BGP4 was new and exciting in 1994, and people are still doing it incorrectly. Film at 11.

Comment: Re:There's a clue shortage (Score 4, Insightful) 574

by TaliesinWI (#48307267) Attached to: The Great IT Hiring He-Said / She-Said

My personal favorite - and one I was dinged on several times before I learned to basically just lie my ass off about it - was how many servers I've been responsible for at one time. At some ISP jobs I've had, I've had to touch hundreds of unique servers while helping clients, but only had maybe 20-30 to worry about day to day. But companies hiring based on this metric want to hear that you were administering 200+, 500+, whatever number of servers on a daily basis. This is bullshit for two main reasons:

1. No single person is personally touching dozens or hundreds of servers on a daily or even weekly basis. A _team_ of people might, but a person isn't.
2. Once you get into a mid double digit number of servers (or sometimes even sooner) you're using automation stuff like Chef or CFEngine or BladeLogic or whatever. At that point 50, 100, 500, 5000 servers become rapidly irrelevant, because you're thinking in terms of a single task affecting an arbitrary number of servers, not a one-to-one situation. You're not logging into each individual server and firing off Windows Update every Patch Tuesday. In fact if you're wasting your time doing crap like that I would argue you're not a very good system administrator, because you're not learning and growing, you're simply caring and feeding.

Comment: Re:Great idea at the concept stage. (Score 1) 254

by TaliesinWI (#47834191) Attached to: UCLA, CIsco & More Launch Consortium To Replace TCP/IP

NAT is NOT a firewall. Meaning that you haven't hid anything and you are not secure. Also NAT is a huge reason why IPSec doesn't work. It breaks the internet.

Oh look, it's one of those purist types.

If an arbitrary host can't reach through my router and connect to an arbitrary device in my home network, guess what? That's effectively a firewall. Yes it's not a _packet filtering_ firewall, but who cares? The end effect is the same. NAT takes multiple devices that only need to connect to other internet hosts (not be connected to themselves) and lets it work.

In a NAT situation, the return packets from the host my PC is surfing to are translated so it all functions. If that same PC were on a public IP, a stateful firewall would open the return ports so the packets could get back to the PC from the web server. Care to tell me what's insecure about one vs. secure about the other? Unless there's actual inspection going on, those return packets could have the same bad data in them regardless. I'm not "more secure" simply because a slightly smarter device managed to let me make the same de facto connection to a web server that a basic NAT device would. I'm only _truly_ secure if my intermediate device, be it a NAT router or a stateful firewall, can actually inspect the return traffic and stop it from reaching my PC if it's bogus or bad.

And IPSec didn't take off because it was WAY too complex, and stupid parts of it like AH mode and transport mode should have never made it in. There are multiple overlapping ways to do the same thing and there didn't need to be.

Comment: Re:Final Update to XP (Score 2) 417

For SNI, you can enable it, but you can't rely on it since IE on XP will show SSL errors. However, there are many, many other devices out there aside from IE on XP that don't support SNI.

Most of which are pretty deprecated at this point. Android Honeycomb came out in late 2011, Windows Mobile 6.5 in late 2009, iPhone 4 in mid 2010. All of those (and anything later) are SNI capable. It's pretty much been the "IE on XP" crowd that's holding back adoption, everyone else would be in the 1% "other" category of most web sites.

Comment: Re:Irrelevant for the normal consumer (Score 1) 206

by TaliesinWI (#39397649) Attached to: Netflix Terms of Service Invalidates Your Right To Sue

What if they decide to charge you some insane sum of money for something you did not agree to?

Then I flag it as a fraudulent transaction and let my credit card company handle it? There is nothing a company like Netflix can do to me (and actually manage to pull off) that would be worth my time and money dragging them into court for. This is pretty much true of any company that one has month-to-month dealings with at dollars or tens of dollars per month. Once again, we're not talking about a situation where I sign a contract and the company I'm dealing with can move the goal posts after the fact and tell me to suck it - that's a situation where lawsuits are pretty much the only option.

Comment: Re:Irrelevant for the normal consumer (Score 1) 206

by TaliesinWI (#39389551) Attached to: Netflix Terms of Service Invalidates Your Right To Sue

Yeah, I don't get this at all. If Netflix starts pulling shenanigans I cancel my account and I'm out the $20 for the month, that's it. Why would I even think about bothering to sue them? This isn't like a cell phone situation where you're locked into a contract for two years and if they don't provide the service you think they promised you can't just cancel, so you have to sue them for redress.

Comment: Re:You know why they call it Xbox 720 (Score 2) 543

by TaliesinWI (#38834193) Attached to: Xbox 720 Might Reject Used Games

Pre-iTunes: CDs for $20-$30 for a dozen songs. That you would still need to rip

Where the hell did you buy your CDs? Most of the music on iTunes is the kind that tends to be sold at discounts at places like Wal Mart or Best Buy, so it's more like $12-15 for a CD. Even when somewhere like Barnes & Noble sells it at full price it's $18 or so.

Comment: Re:Proof you are 100% wrong per your request (Score 1) 176

by TaliesinWI (#38828755) Attached to: Exploits Emerge For Linux Privilege Escalation Flaw

Do you have a problem reading and understanding the English language? While I appreciate your attempts to credit the definition as my own, it has been an accepted term in security circles for a long time, and I am not the one who came up with it. Nobody worth their salt ever said that 100% security can be achieved, and you are not saying anything that isn't obvious to even a security neophyte like yourself. What is known is that security through obscurity is not an effective method of achieving security, even in deference to the fact that nobody will ever achieve 100% security.

It's a very accepted term, but you're not using the accepted definition. You're equating "obscure" with "secret". If I look at a security algorithm and by doing so enables me to break into whatever it's protecting, that's security through obscurity. If I look at one but still something like keys or passwords, that is NOT security through obscurity. Yes the keys or passwords are "obscure" but they _have_ to be, and that's not what people mean when they use that word.

Comment: Re:So what? (Score 1) 360

by TaliesinWI (#38775132) Attached to: DOJ Investigates Google, Apple, and Others For 'No Poaching' Agreement

Ever worked a trade show in a place like Chicago or Las Vegas? No? You have absolutely no idea what the hell you're talking about.

Part of the reason CES left Chicago is the smaller vendors wouldn't/couldn't afford to pay a union electrician the exorbitant minimum fee to do something as simple as plug a device into a power outlet. I kid you not - if you were (for example) a boutique loudspeaker vendor with one product and all you had to do was plug in the power amp/preamp/CD player running the speakers you're demoing and you did it yourself, you better have someone sleeping in your booth or room overnight because the next morning there was a chance something would be damaged, and all anyone could do is shrug. The damage would never happen to the vendors that paid hundreds or thousands of dollars for what amounted to an hour or less of actual electrical work.

Comment: It's been the case for years... (Score 3, Informative) 78

by TaliesinWI (#38678040) Attached to: Who Goes To CES?

Was able to get into the Winter CES in Chicago back in the early 90s just because I was a register drone at Babbage's (computer software and video game store for you youngn's.) I think they had me down as "buyer" even though I had nothing to do with what the company stocked. Hell a buddy of mine who built PCs in his basement got in with a "technician" badge. As long as you didn't show up with children in tow and could ask reasonably coherent questions they were mostly happy to deal with people that were a half step above "Joe Q. Public."

Comment: Re:I'm sorry, is there an echo? (Score 1) 348

by TaliesinWI (#38486572) Attached to: Sorry, IT: These 5 Technologies Belong To Users

I didn't mean to suggest anything specific to Apple or Android devices. The point I was trying to make was control of information - in regulated environments we're not going to allow something to connect to the corporate network that is then going to get taken home and synced with a personal computer, I don't care how secure the device itself can be made to be - the instant it touches anything that doesn't have a corporate identity it can no longer be vouched for.

Comment: I'm sorry, is there an echo? (Score 2) 348

by TaliesinWI (#38484130) Attached to: Sorry, IT: These 5 Technologies Belong To Users

This is like the fifth article this year talking about how users bringing their own devices into a corporate network are inevitable, yadda yadda, and here are some flashy new programs and services to keep it all under control that we happen to have developed and want to sell to you!

Well you know what wins, pundits? PCI and/or HIPPA.

We're PCI compliant at my job, and we're damn sure going to stay that way. That means that yes, you can bring in your iWhatever, and oh look, an open guest wireless network! But you know where that guest network goes? The internet. That's it. You can check your corporate E-mail through the public web interface if you'd like. Don't ask us to help you connect it to the corporate network, because we're going to tell you to go pound sand. And you know what? We're perfectly OK with you being pissed off at us because _you're not the one who's ass is in a sling if credit card information leaks out._ We provide you with all the tools you need to get your job done. You get a nice shiny corporate laptop that you can take anywhere with you (because it will help you VPN in and run your virtual desktop back at the office) and you get a rather impressive smartphone so your E-mail and contacts are never out of reach. You can't sit here and tell me you need MORE than that to do your job effectively.

If I have not seen as far as others, it is because giants were standing on my shoulders. -- Hal Abelson