Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re: First lesson (Score 1) 126

"But on the IPv6 network, you have the potential to have thousands of DNS servers, or even multicast/anycast addresses for DNS servers."

Most large DNS deployments already use IP Anycast on IPv4.

For example, Google's public recursive DNS (, uses IP Anycast. Most DNS root servers use IP Anycast.

There are two main benefits to IP Anycast, but the most relevant is allowing the distribution of an IP address over multiple geographic location, which allows lower latency, but also limits the number of attackers who can attack a specific deployment.

Comment Re: Never Down (Score 1) 234

"Good, because 802.1x isn't MAC authentication, so MAC spoofing is unrelated to that topic. "

My mention of MAC spoofing was with reference to using port security instead of 802.1x (to avoid outages when your radius server is down).

"And your solution of active/active load balancers still leaves you with a single point of failure. Active/active, by definition, has a single configuration across the devices. So one typo on one device can take down both. Back to a single point of failure."

Active-active load balancers are one means of achieving active-active setups, IP anycast is another (more applicable to stateless services). Which one you use may depend on the application.

But this discussion started out about preventing failures due to equipment failure. If you employ idiots (who can't implement a GLBP change correctly the first time or test it on a non-customer affecting environment) then of course there is no way you can offer SLAs.

Comment Re: Never Down (Score 1) 234

"What's your redundancy? HSRP? What happens when someone spoofs your VIP/virtual MAC? Everything is down. I've seen large offices taken down becuase they used as an important device, and someone plugged in a home router under their desk as an AP, causing a conflict that took down a "redundant" network."

Why would you trunk your service VLANs to your user access switches?

You don't need to do 802.1x for distribution or server switches, you can just do port security (slightly higher admin overhead for ports on really important places). It might not prevent MAC spoofing being an issue, but surely you would physically secure switches which carry 'production' VLANs.

Even if you had a failure in one layer 2 domain, you surely have your critical services active-active across geographically redundant sites (using IP anycast if you can, or a geographic load balancer like F5s BigIP GTM) with 5-second or less failover, that share no single points of failure (e.g. multiple route reflectors, multiple peering points, multiple links to each multiple transit providers).

(And I'm not involved in networking in our team, I look after servers and applications).

Comment Re: Welp, back to pirating (Score 1) 212

"The definition makes no distinction between tangible and intellectual property, and a thief is simply a person who steals."

Which is why, after the invention of the printing press, a new term was created for those who were given permission to steal copies of an author's work using this device, thieveryright.


Wrong. The English Language does not therefore define theft as the unauthorised copying of a work that is already being distributed (for a fee) to the public.

Comment Re: yes, the level of testing / stability (Score 1) 30

Sure, maybe Fortinet has market share in the "internet backbone" business, of you consider firewalls to be the backbone of the internet.

However, most people consider routers to be the backbone of the internet, and in that segment the players are (in approximate order of market share) Cisco, Juniper, Alcatel-Lucent/Nokia, Huawei, Extreme Networks (and then the other 4).

High-end firewalls can handle about 100Gbps peak, fully-specced core routers can route in region of 10Tbps (depending on which vendor) or more.

Comment Re: This is the same guy (Score 1) 385

Left out the link for the August EP-650s:

Regarding availability of earphones with aptX support, most mainstream Android phone makers (Samsung, Sony, LG etc.) and the high-end audio brands (e.g. Sennheiser, Yamaha) have at least one pair listed, but a lot of the other bluetooth headset brands (Jabra, Skullcandy etc.) don't seem to have any listed on the AptX site.

Lots of Bluetooth soeakers and portable bluetooth speakers to choose from though.

Comment Re: This is the same guy (Score 1) 385

And AptX is available on at least the Samsung Galaxy S3 and newer (https://www.aptx.com/products?field_product_brand_tid=12&field_product_category_tid=126), but still not on any Apple devices.

Works nicely withy S6 and the August EP-650 bluetooth headphones (which I also use on my linux desktop and was painless to use).

Comment Re: Linux is far worse than Microsoft (Score 1) 541

In our service-provider environment, about 1/3rd of all our services have been migrated to RHEL7 (about 120 VMs) so far. I haven't had a single problem with systemd.

I am actually requiring specific motivation from any team wanting to run RHEL6, because system means 1)less divergence from upstream, 2)portability between distros

Any decent config managrment system should be able to handle systemd vs sysvinit (ansible does). But then sysvinit scripts will work just fine on RHEL7 with the same commands.

Comment Re: How are they doing this? (Score 1) 57

And if they are trying some form of packet inspection, good luck doing that on an encrypted HTTPS YouTube stream.

The 3 leading DPI platforms currently have no problem identifying Youtube over HTTPS. I think most of them use the certificate exchange to do so at present. Encrypted certificate exchange which is being considered as an enhancement to HTTP2 may prevent this.

Comment Re: Tricks victims into reauthenticating (Score 2) 32

ISPs don't use proxies for that.

The two most common ways to track usage (in DSL/fibre networks, I am not that familiar with cabke) are:
- RADIUS accounting from the BNG where the PPP (e.g. PPPoE) session terminates
- From a DPI-basen in-line system (3GPP terminology is 'PCEF'). This can also typically be used from enabling transparent caching (but that can also be done with e.g. WCCP on a router in-linr IIRC, but DPI can make better decisions on what traffic to send to caches).

But, typically there isn't authentication involved with accessing transparent caches ...

Comment Re: Patch already available (I think...) (Score 2) 39

All the different distributions of Linux combined with no user friendly way of keeping the latest patches installed is just asking to be trouble.

All the distros I have used have had both n00b-friendly and cli-autobatible options for installing updates for more than a decade. E.g. red icon pops up in systray, click it to see what updates are available, deselect some if you need to defer restarting something, click the update button. and carry on with what you were doing. If a kernel or very common lubrary update was installed, you're informed at the end that you should reboot and you are asked if you want to reboot or do it yourself later.

I don't know how it could be any more user friendly.

Comment Re: Why use VMWare? (Score 2) 162

Well try running a whole enterprise with clustering, eSAN storage, virtual switching, failovers, cloud integration for backups, expiring VM's, auditing for infosec, ability to move the VM's anywhere, and command line tools to automate tens of thousands of virtual servers all on virtualbox and let me see how far you get?

Why would I do that when i could just use ovirt, or the commercially supported version that is faster and significantly cheaper with 90% feature parity to vSphere Enterprise Plus, Red Hat Enterprise Virtualisation (RHEV)?

Comment Re: Que the consultant guy... (Score 1) 162

Furthermore, after reviewing this GPL our lawyers advised us that any products compiled with GPL'ed tools - such as gcc - would also have to its source code released.

Why hasn't anyone sued Oracle then? Oh right, this is obviously false and you are trolling.

Although we had planned for no one outside of this company to ever use, let alone see the source code, we were now put in a difficult position.

Yes, that of explaining how you paid lawyers who don't understand the word 'distribute'.

Slashdot Top Deals

I cannot believe that God plays dice with the cosmos. -- Albert Einstein, on the randomness of quantum mechanics