Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


Comment: Re:Realistic (Score 2) 356

by jaredmauch (#49129613) Attached to: The Groups Behind Making Distributed Solar Power Harder To Adopt

The challenge here is the other costs that are unaccounted for. Sure, you see power at 5c/10c per KWH, but all the other parts cost money as well, such as poles. Sure, the pole may be split in cost between the power, phone and cable companies, but that's still an expensive asset. provides a view into what this costs to be maintained. If a pole costs $1-3k, how many are you sharing the cost of as part of the rate. This is part of the "ugly profit" people gripe about with some of these shared assets, both in an electric network and the ways the bits reach your screen here.

If I get to a bill of zero due to investing and net-metering, someone else is going to be paying for those grid parts either in higher rates, or I need to pay for some usage of that giant battery network. No free lunch, etc..

Comment: CPE are horrible (Score 1) 64

by jaredmauch (#48935855) Attached to: D-Link Routers Vulnerable To DNS Hijacking

I've been working on various aspects of the CPE equation for almost 2 years now as part of the various OpenResolverProject, OpenNTPProject, and other related aspects. Most CPE can't even do DNS correctly, let alone securely.

Take Netgear for example, they can't even process RFC1035 4.2.2 correctly to say a client should support DNS over TCP (it's not just for zone transfers), but instead of just not responding, or sending back some error that allows the DNS client to try the next resolver it has, you get it sending REFUSED:

These devices are unmaintained outside of the few who actually upgrade them, and it's most likely still got default passwords on it causing all sorts of other possible pain and xss abuse/malware concerns. This is only going to get worse as more things have an IP address and communicate with the rest of the world.

Comment: Re:Isn't possible (Score 1) 174

by jaredmauch (#48121941) Attached to: Ask Slashdot: VPN Setup To Improve Latency Over Multiple Connections?

This isn't possible, nor should it be.

Actually, I know of some people who have built their own network appliances to perform this task. It's feasible and can work but requires encapsulate and decapsulation on each end. You can MSS clamp for TCP and timestamp/reassemble the UDP frames. Not impossible, but certainly requires effort. The people I know who did this was for redundancy between DSL + Business DOCSIS services so they would get the fastest performance of each direction from their links with redundancy should one fail.

Comment: last mile access (Score 1) 135

by jaredmauch (#46867007) Attached to: Netflix Confirms Deal For Access To Verizon's Network

Now is the time if you care to have everyone you know stand-up for *decreased* regulation in the last mile and locally, not more. The cost of building high speed access to your location is not in the long-haul but the local access network. Long-haul costs are at their lowest point ever, but getting to the major locations is always the expensive part. Labor costs, including engineering and permits make the cost of installing fiber or other technology insignificant.

Comment: Re:SubjectsInCommentsAreStupid (Score 1) 285

by jaredmauch (#45324047) Attached to: Ask Slashdot: Simple Backups To a Neighbor?

Fiber and media converters are suitably cheap. You can get the TP-LINK MC220-L for around $20-30, and the optic for as low as $35 depending on your source and type/distance. This works well as you don't have to worry about shielded cabling if you ran something like cat5/6. You can also reach much further distances than with copper wire. You don't necessarily need permits, but you do need to call MISS-DIG, or whatever the local version of that is. When the guy comes out, tell him exactly what you are planning on doing, route, possible routes, etc. Most places require a hand dig within a few feet of any marked utility. The rest you can use a rented trencher to do. Running conduit will make a lot of sense, you typically need schedule-80 which you won't find at lowes/home depot. You can also call a contractor to do this work, depending on the distance it may only cost a few thousand dollars at most. If your goal is to keep things super-low cost, then wifi or other networking may be your ideal solution. Look at the hardware from and see what works. If you don't have line of sight, you will need to run a cable to make this work. If cost doesn't come into the equation, you can also get SFP+ PCIe cards and do this at 10Gb/s vs 1Gb/s much easier. Make sure you run single model fiber, otherwise you may have troubles if you encounter older OM1/OM2 and try to launch 10G signals.

Hope it works out!

Comment: Properly configured hosts not impacted (Score 5, Informative) 179

by jaredmauch (#42046843) Attached to: NTP Glitch Reverts Clocks Back To 2000

If you saw this problem, your NTP time sources were not properly configured and diverse.

Consider using the NTP pool and not relying on so few sources to properly sync your time. Read 5.3.3 and 5.3.4 from for help to correct your NTP setup.

Comment: Re:do *not* Get a tunnel. (Score 1) 312

by jaredmauch (#35087124) Attached to: Last Available IPv4 Blocks Allocated

You're talking about small routers. I'm talking about stuff like t1600 where everything is done entirely in hardware. If you look at the QFP in the ASR1k (cisco) you will see where it can do the nat, etc in hardware. that's more sensible than a lot of the devices where things are just pure slow-path (ie: punted to cpu for the fib lookup based on the various ribs your device may have).

We're talking about entirely different classes [and engineered uses] of equipment, and that's obvious to me. Hope you understand that as well.

Comment: Re:do *not* Get a tunnel. (Score 1) 312

by jaredmauch (#35078746) Attached to: Last Available IPv4 Blocks Allocated

You are talking about a Firewall device that performs NAT, (and appears as a "router" on the lan. Most of what you see at the store/online is not a "real" router IMHO. Then again, I'm biased as I deal with n*10G all day in a large network. When people call those devices at their home a 'modem' or 'router' i generally wince. I think of them more along the lines of a media converter (dsl, cable to rj45/802.3)

Comment: do *not* Get a tunnel. (Score 1) 312

by jaredmauch (#35068128) Attached to: Last Available IPv4 Blocks Allocated

Real routers don't have 'state tables'.

Ask your ISP for IPv6 access. Enable your web server/site for IPv6 day. Use a 'web bug' tracker item to identify broken thins.

visit places like to try to understand how ready you are.

Make sure if you have a tunnel, or use one, you do not add too much latency to your connection. The CDNs won't send your traffic over IPv6 if your IPv6 goes to some other continent or geographical region.

Comment: Re:DDOS = Digital Sit-in (Score 1) 206

by jaredmauch (#34534312) Attached to: Has Progress Been Made In Fighting DDoS Attacks?

Not really. If you are blocking the public right of way, you can be arrested. Most stores are on private property, not public so they can reserve the right to refuse service to you as well.

This is why those involved in sit-ins have been arrested in the past, and those on-strike have to 'keep moving' and can't just do their own sit-in.

Comment: Re:Staff shortages (Score 1) 156

by jaredmauch (#33752624) Attached to: Cyber Command Will Miss Friday's Operational Deadline

There's a lot of places to go with this, including over classifying data, etc.. that typically happens, and getting it revisited with the right class authority. You have to look no further than the SBU reports that come out from GAO. It makes it really tough, combined with existing regulations set in stone by congress.

Comment: Re:Staff shortages (Score 1) 156

by jaredmauch (#33752552) Attached to: Cyber Command Will Miss Friday's Operational Deadline

A lot of these jobs require that you be a US Citizen in order to pass the background check to be granted a security clearance. There are lots of jobs posted at and other sites that reflect this need. It may take 6-9 months for that process to complete itself (or up to ~2 years in some cases) but once that gauntlet has been run, it becomes much easier the next time.

If you're a qualified networking or IT geek that meets those criteria, there are plenty of jobs available. may also be of value to you as well.

Some of these jobs are serious cash $119k+ ($10k/mo)

Thus spake the master programmer: "Time for you to leave." -- Geoffrey James, "The Tao of Programming"