Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×

Comment Re: slashdot IoT sales banner (Score 1) 75

I didn't read the details of the attack, but if it was using UDP DNS requests the source IPs could have been spoofed (if they originate from networks that don't have uRPF enabled).

In that case, their transit providers would only be able to identify them by traffic patterns on their circuits, or by more in-depth analysis if the provider can afford to run IPFIX/Netflow analysis on all their traffic.

Comment Re: First lesson (Score 1) 135

"But on the IPv6 network, you have the potential to have thousands of DNS servers, or even multicast/anycast addresses for DNS servers."

Most large DNS deployments already use IP Anycast on IPv4.

For example, Google's public recursive DNS (, uses IP Anycast. Most DNS root servers use IP Anycast.

There are two main benefits to IP Anycast, but the most relevant is allowing the distribution of an IP address over multiple geographic location, which allows lower latency, but also limits the number of attackers who can attack a specific deployment.

Comment Re: Never Down (Score 1) 237

"Good, because 802.1x isn't MAC authentication, so MAC spoofing is unrelated to that topic. "

My mention of MAC spoofing was with reference to using port security instead of 802.1x (to avoid outages when your radius server is down).

"And your solution of active/active load balancers still leaves you with a single point of failure. Active/active, by definition, has a single configuration across the devices. So one typo on one device can take down both. Back to a single point of failure."

Active-active load balancers are one means of achieving active-active setups, IP anycast is another (more applicable to stateless services). Which one you use may depend on the application.

But this discussion started out about preventing failures due to equipment failure. If you employ idiots (who can't implement a GLBP change correctly the first time or test it on a non-customer affecting environment) then of course there is no way you can offer SLAs.

Comment A kind of Godwin's law. . . (Score 1) 437

Trump is not the Secretary of State

So he automatically gets a free pass and is measured by lower standards? You must do a great job hiring people for your business. . .

Irregardless, saying our voting system is rigged without any credible evidence has invoked a kind of Godwin's law in my mind. . . For anyone who cares about our democracy, the primary goal at this point should be to make sure Trump loses by a large enough margin that any claim of a rigged election would be laughable.

Otherwise, these last couple months will seem like a VACATION compared to what is headed our way. Let's end this once and for all. . .

Comment Re: Never Down (Score 1) 237

"What's your redundancy? HSRP? What happens when someone spoofs your VIP/virtual MAC? Everything is down. I've seen large offices taken down becuase they used as an important device, and someone plugged in a home router under their desk as an AP, causing a conflict that took down a "redundant" network."

Why would you trunk your service VLANs to your user access switches?

You don't need to do 802.1x for distribution or server switches, you can just do port security (slightly higher admin overhead for ports on really important places). It might not prevent MAC spoofing being an issue, but surely you would physically secure switches which carry 'production' VLANs.

Even if you had a failure in one layer 2 domain, you surely have your critical services active-active across geographically redundant sites (using IP anycast if you can, or a geographic load balancer like F5s BigIP GTM) with 5-second or less failover, that share no single points of failure (e.g. multiple route reflectors, multiple peering points, multiple links to each multiple transit providers).

(And I'm not involved in networking in our team, I look after servers and applications).

Comment Re: Welp, back to pirating (Score 1) 212

"The definition makes no distinction between tangible and intellectual property, and a thief is simply a person who steals."

Which is why, after the invention of the printing press, a new term was created for those who were given permission to steal copies of an author's work using this device, thieveryright.


Wrong. The English Language does not therefore define theft as the unauthorised copying of a work that is already being distributed (for a fee) to the public.

Comment Re: yes, the level of testing / stability (Score 1) 30

Sure, maybe Fortinet has market share in the "internet backbone" business, of you consider firewalls to be the backbone of the internet.

However, most people consider routers to be the backbone of the internet, and in that segment the players are (in approximate order of market share) Cisco, Juniper, Alcatel-Lucent/Nokia, Huawei, Extreme Networks (and then the other 4).

High-end firewalls can handle about 100Gbps peak, fully-specced core routers can route in region of 10Tbps (depending on which vendor) or more.

Comment Conflating language and Framework (Score 3) 51

And I respect PHP very much for that focus. But as soon as you go beyond the very basics, I think the learning curve there is steeper. Rails simply has so many answers to so many questions, and it introduces those answers in a pretty progressive way. You don't even have to learn what SQL injection is if you're using the preferred query methods. You SHOULD learn what that is, but you don't have to to get started. If you don't know what SQL injection is and you use the MySQL db query functions with a string-interpolated query in PHP, well, you're going to be in trouble.

Probably he knows the difference :). But he seems to just try to make a point where there is none. He is making a wrong comparison. Ruby on Rails is a framework and should have classes/methods to handle SQL queries, just like any proper framework. Ruby and PHP are languages and shouldn't do that. If you use a framework in PHP, or even a CMS as WordPress or Drupal, you have classes/methods for doing SQL queries.

Comment Slashdot = Fair & Balanced. . . (Score 1, Offtopic) 157

Or. . . maybe they want to do things like turn on A/Cs earlier in the day to cool off houses while the solar power generation for the day is still high, instead of waiting for people to get home later in the day and manually turn on their A/Cs (after solar power generation has gone down, so you have to use natural gas)?

Coming home to a cooled house is actually a plus for both the consumer and the grid, but don't let that get in the way of your FOX like "'bama's gonna take our guns!" like interpretation. . .

Comment Re: This is the same guy (Score 1) 385

Left out the link for the August EP-650s:

Regarding availability of earphones with aptX support, most mainstream Android phone makers (Samsung, Sony, LG etc.) and the high-end audio brands (e.g. Sennheiser, Yamaha) have at least one pair listed, but a lot of the other bluetooth headset brands (Jabra, Skullcandy etc.) don't seem to have any listed on the AptX site.

Lots of Bluetooth soeakers and portable bluetooth speakers to choose from though.

Comment Re: This is the same guy (Score 1) 385

And AptX is available on at least the Samsung Galaxy S3 and newer (https://www.aptx.com/products?field_product_brand_tid=12&field_product_category_tid=126), but still not on any Apple devices.

Works nicely withy S6 and the August EP-650 bluetooth headphones (which I also use on my linux desktop and was painless to use).

Slashdot Top Deals

BASIC is to computer programming as QWERTY is to typing. -- Seymour Papert