Forgot your password?
typodupeerror

Comment Re:What's the Real Danger? (Score 1) 57

Assuming that CGNAT makes you immune is a huge error.
Once you compromise a single customer you're now inside the CGNAT pool, where you will see lots of very vulnerable devices because they were left vulnerable on the assumption that they were not reachable. In an ISP with thousands of customers, at least a handful will have some infected devices.

Modern Windows devices absolutely do not become compromised via inbound connections to open ports, they become compromised via vulnerable client software or user error (eg phishing, malware infected downloads etc), all of which only depends on being able to make outbound connections.

Comment Re:Lots of magical thinking here (Score 1) 114

There's a way, but it doesn't jive with AI not becoming radically more powerful.

LLMs would evaporate if something superseded it by being appreciably better.

But if one asserts AI isn't going to become radically more powerful, then it is a silly statement to say LLMs won't be a thing. There's clearly *some* appetite and use for them. The bubble may pop and maybe some LLM applications will back off, but they are certainly going to hang in there.

Comment Re:Shouldn't this be expected? (Score 1) 57

Many simply don't care.
A lot of ISPs especially in Asia use CGNAT and/or rapidly rotating IPv6 and then do nothing about abuse so the address space is widely blacklisted.

In other countries ISPs aren't forced to use CGNAT, and use at least sticky if not fully static addressing so if customers get themselves blacklisted the ISP generally doesn't need to care as it won't affect other users.

Comment Re:standard practice (Score 3, Interesting) 57

Setting the policy to DROP just means that clients will try multiple times before timing out, which means not only will you waste bandwidth with the retries, but your own clients will experience a delay while they time out instead of receiving an instant rejection.

For legacy IPv4 networks the address space is so congested and in short supply that it's economically unviable to leave unused addresses, so you gain nothing from this. With IPv6 there might be some very limited security-through-obscurity value to someone not being able to identify a live address, but its also not practical to scan sequential address space anyway.

What this article really highllghts however, is how flawed the perimeter security model is. Modern end user devices will actually do perfectly well on an open connection, as they don't have any externally visible services. Indeed people frequently connect their devices to public wifi networks where they are fully exposed to the network owner, other users and potentially beyond and it hasn't caused the apocalypse.

People are relying on the perimeter security model, and then using really lousy insecure devices to actually implement that perimeter so they get the worst possible outcome. User think their devices are inside a secured perimeter when the very device supposed to be enforcing that perimeter has been compromised putting the attacker inside. These devices are often MUCH worse than today's end user operating systems.

The proper solution is zero trust - assume your devices are fully exposed and have to stand alone.

Comment Re:Old man yells at clouds (Score 1) 33

That is true, out of 70 reports, only 1 was spot on and only one other was technically incorrect, but it was adjacent to a real problem.

The thing was that as maddening it was to review the 70 reports, the two issues either directly or indirectly responsible were worth it.

However, in an open source ecosystem, you have a whole bunch of users so those 68 bogus 'findings' get repeated for every rando that feels like 'helping' with issues... So open source gets hit harder due to the higher chance for duplicates...

Comment Re:We will see (Score 1) 71

and they are not yet charging for the "tokens" what they need to charge to become profitable

We recently got access to Claude Enterprise and found how expensive it is. We were given $45 a month of budget. Everyone in the team blew through that in 2 days. And considering this is still being "subsidized" I honestly don't see what's the future for "AI Coding".

So, $22.50 per day, or $113 per week. How much does one of your people cost, all-in, including benefits? It's unlikely that it's less than $100k per year, and very likely at least double or triple that, if not five times or more. At $200k/year for 50 weeks, that's $4k/week. At the current token price, the AI makes a $200k engineer 3% more productive, the company is breaking even. If it makes them 1.5X or 2X as productive it's a clear and unquestionable win, even with higher token prices.

As for me, think AI makes me about 5X more productive than I would be without it, and that's just considering volume of work. Honestly, I think the quality is a little higher than I'd do myself -- not because the AI writes better code than I do (it definitely does not), but because I'm able to be pickier and do more and larger refactors than I would if I had to do the grunt work myself. Also because I have Claude write documentation that, frankly, I just wouldn't get around to if it were me. The documentation is not nearly as good as if you gave me a dedicated technical writer... but the $2500 I spend per month in tokens would come nowhere close to paying a writer, even if we ignored the coding productivity.

Comment This is why I just let my ISP deal with the router (Score 1) 57

I don't have time to keep track of security updates for my router, apply them, and check now and then to make sure it hasn't been compromised. Comcast has the infrastructure and people to do it all themselves. I don't have to think about it at all.

Of course it's probably the only thing Comcast can do right, but I think most people on Slashdot have heard that story a million times so I won't go there!

Comment Re:Maybe... (Score 1) 81

Now that most people have a fast internet connection

In the case of BitTorrent, even the fastest Internet connection won't get you a lot of successful peer connections if your ISP blocks all inbound TCP connections.

If youtube goes away, streaming video won't disappear, some new ecosystem will grow in its place.

Such a new ecosystem already has grown, as I understand it. It's called getting Netflix, HBO Max, Paramount+, Disney+/Hulu, Peacock, Prime Video, or Apple TV to accept your pitch and fund it. These take the place of cable television channels in the pre-broadband economy. And there are still a lot more pilot screenplays than budget to produce all of them.

Comment Re:whatsoever a man soweth, that shall he also rea (Score 1) 236

Big organizations just naturally tend to bloat and waste tons of money at every level of the system, because they don't have the same incentives to keep things lean

Somewhat, yes (and this most definitely includes the federal government!). On the other hand, small organizations don't have the same opportunities for economies of scale. This is what drives consolidation in most markets; the bigger players can outcompete the small ones because they have efficiency opportunities the small ones just don't, and greater consolidation increases that... up until it gets balanced and then exceeded by bloat, which lets smaller players back in.

That's what happens in competitive markets, anyway. The healthcare market is so heavily regulated that it may not work the same way.

Comment Re: There is no such thing as a labour shortage. (Score 1) 236

That totally ignores the laws of supply and demand. You make more workers by paying more.

You can only move workers by paying more, either moving them from one job to another or from being unemployed to being employed. But if you're already very close to full employment (which we are; prime-age employment is 83.3%), then in order to get more workers you have to get more people.

Slashdot Top Deals

Never appeal to a man's "better nature." He may not have one. Invoking his self-interest gives you more leverage. -- Lazarus Long

Working...