* Posts by prathlev

116 publicly visible posts • joined 17 Apr 2007

Page:

Cisco trims bloat

prathlev
Happy

Pull the other one...

"In short, Cisco has gone from a company that runs itself based on marketing teams back to one that is focused on engineering and sale"

I would love for that to be the case, and it might happen in my lifetime, but boy do they have a long way to go. IMHO of course. And I wouldn't trade my current Cisco-centric job for another one anyway.

Rackspace backtracks over toff-proof sign-up process

prathlev
Happy

@Gav

It's a classic:

http://xkcd.com/327/

IP registry goes to Defcon 1 as IPv4 doomsday nears

prathlev
Boffin

@AC 21:13

They didn't start out with classful addressing. :-) And there's nothing wrong with using /31 on point-to-point-links (RFC3021), and it often works on Ethernet-links too!

And 240.0.0.0/3 will hopefully not see service any time soon. The work involved in making sure it's reachable from everywhere makes IPv6 deployment seem like a vacation. It'll give you 14-15 IPv4 /8s, just around one years worth with the current allocation speed.

prathlev

@-tim

It's no problem making a router that can take 16 million prefixes or more. Each prefix should take up less than 16 bytes so even my laptop could probably easily hold at least 50 million prefixes.

There's just one catch to a large table: The lookup time tends to stink. And remember that each and every packet crossing the router needs at least one such lookup. Many solutions have been tried with varying success, e.g. flow-based routing (a la NetFlow) or trie, but I would guess the most widely used solution is the TCAM approach.

This guarantees lookup times no matter what size, but TCAM is very very expensive. I'm certain that any major router vendor will gladly supply you with a TCAM based router that will hold 16 million prefixes, but it'll cost you...

Attack hijacks sensitive data using newer Windows features

prathlev
Boffin

@ARP spoofing etc.

One of the points here is that most exploits in IPv4 have been dealt with so you have no end of knobs to turn, e.g. "Dynamic ARP Inspection", "DHCP Snooping" et cetera. Features similar to these are much less common in IPv6, which is a shame. Though there's not much new in the article one can hope it helps forcing the vendors to supply RA Guard et cetera.

prathlev
Happy

@Shannon Jacobs

It depends on what you mean by "configuration state". Most deployments are dual stack where IPv4 and IPv6 live together. Each one is configured just like if it was the only one. In some deployments you could have tunnelling here and there, but for most users/uses this should appear transparent.

If you suspect your ISP is incapable of handling issues like these you really should choose another. Protecting customers from each other has long been a standard ISP practice and IPv6 doesn't change this at all.

Network failure closed hospitals to ambulance admissions

prathlev
Happy

@AC 11:25

Well ffs... the people taking over the responsibility for the network (and taking the money) are obligated to look for problems. I only know Cisco and cannot speak wisely about other vendors, but everything is in the configuration. You can't "hide" stuff as such.

prathlev
Happy

@spanning tree problems

Oh please... the spanning tree protocol is there to _help_. Many people think it's a bad thing, but it's not. Many people configure their network wrong and blame spanning-tree for the ensuing problems.

You could be right about this being a spanning-tree related problem, i.e. a problem created or exacerbated by wrong STP configuration, but STP is not at fault. The problem lies with the (highly paid?) incompetent "consultants" that design and operate the network.

It sure does sound like they need a redesign: A network with a single point of failure, where said SPoF can disable the whole network and where fault isolation takes several hours. Amateurs! :-)

prathlev
Thumb Up

@Peter Jones 2

You might very well be right about the current operator (Logica) probably not being directly responsible for the initial sorry state of the network. But _anyone_ assuming responsibility for a network _has_ to observe some kind of "due diligence". If Logica (or whoever) is willing to take the money they implicitely also accept taking the blame.

Microsoft spends $7.5m on IP addresses

prathlev
Headmaster

Not sold yet

Please bear in mind that the transfer has not happened yet.

"The parties have requested approval of a sale order from the Bankruptcy judge. There is a timeline for making filings and a hearing date. There is not an approved sale order at this time, [...]"

http://blog.internetgovernance.org/blog/_archives/2011/3/23/4778509.html#1426588

Microsoft confirms code execution bug in Windows

prathlev
Linux

@The Dodoman

It's the *lack* of critical fixes that people complain about. Every sane OS (which excludes OS/400) needs fixes to critical bugs. We get updates to our CentOS servers often, and the Fedora workstations get them like every day.

The problem is when there's a bug and the fix is NOT supplied. And then the exploiting starts...

Rogue TV satellite brought to heel after auto reboot

prathlev
Big Brother

@Brian

Yeah, that actually made me a little sad inside every time you said it.

Mozilla exposes 44,000 passwords

prathlev
Happy

Relax guys...

Even though weaknesses have been found in MD5 it doesn't mean that Joe Blow can feasibly extract the plaintext password from the hashes that were inadverently posted.

If you think you can, please tell me what plaintext I used for this hash: "0f0d334af847f44e9611204ed72275d0". I'll even tell you it's 14 characters plain english, no funny capitalization.

Windows hits 25

prathlev
Happy

Yeah wait a minute...

Ah, so *that's* what the author meant, "Sun VirtualBox". Oh wait, ^W^W^W^W^W^WOracle VirtualBox" of course. And I'm using VirtualBox something like every other day.

Aircraft bombs may mean end to in-flight Wi-Fi, mobile

prathlev
Black Helicopters

@AC 17:02

Sir, you need to come with us please. You obviously display terrorist tendencies.

Alien Earthlike worlds 'like grains of sand', say 'wobble' boffins

prathlev
Happy

@Andy and Cowherd

You two are WoW nerds. (Or should it be WotW?)

Ministry of Sound floored by Anonymous

prathlev
Happy

@Bugs R Us

Sure, let's have some "rights managed" content. But PLEASE make sure that it then actually works for the people who pay for it. Not everyone uses Microsoft Windows and Windows Media Player, and things like protected WMA can't work at all on my Fedora installation.

The iTunes Plus ".m4a" files are fine, at least I can get a gstreamer plugin to play those. I don't know if they're patent encumbered though. The files themselves are identified as having been bought by me. I have no problem with that.

The BSA's fading twentieth-century piracy fight

prathlev
Happy

CentOS != "piracy" (obviously, but non-open sourcers might not know)

"Ironically, the BSA has discovered one of the few ways to "pirate" open-source software, and is apparently an advocate. The BSA's website apparently runs on Red Hat Enterprise Linux clone CentOS. Surely a license-respecting organization like the BSA would want to pay full freight for a RHEL license rather than undermine Red Hat by choosing CentOS? Evidently not."

I'm sure Matt doesn't mean it like I read it, but I dislike the comparison between "piracy" and legitimate derived work. The GPL specifically allows, yes even mandates, the possibility of what CentOS is. Red Hat themselves didn't invent many of the important parts of their distro, including the Linux kernel and many many GNU programs. If CentOS is "piracy" then RHEL is just as much.

IMHO what Red Hat sells isn't software as such, it's support. And that support might very well be worth all the dough it costs. But using CentOS (as I do myself extensively) is encouraged by the GPL.

(Very good article though, I'm starting to really like this Matt Asay!)

'Hyperbolic map' of the internet will save it from COLLAPSE

prathlev
Happy

@AC 05:27

Maybe you should read up on Internet routing. Nobody uses OSPF on the "Internet". SPF algorithms can give you best-latency routing, but they scale very badly.

And maybe you should read the paper. They do try to explain why a "nearest neighbor" routing scheme could be a good idea.

It has not met any serious criticism on NANOG-ML, on the contrary:

http://mailman.nanog.org/pipermail/nanog/2010-September/025219.html

Firefox 4 beta gets hard on Windows

prathlev
Headmaster

OpenGL maybe?

I'm a little puzzled about there being "nothing analogous to Direct2D from other OSes"; I don't know the Windows-world very well, but I seem to have seen OpenGL able to provide services on a few other OSses, a.o. Linux. And on my laptop hardware acceleration works very well. (I'm using the proprietary NVIDIA-driver, but that's irrelevant to the OpenGL argument.)

AFAICT the Direct2D APIs are "easier" on the developer, but OpenGL can to 2D acceleration fine.

AMD: 'Bobcat' smaller, faster than Intel's Atom

prathlev
Happy

@Asgard

> "I don't see any 4Ghz chips and i've been waiting years for them!"

How does a 5.0 GHz POWER6 sound to you? Or an 8 core 4 GHz POWER7? If you don't see these chips you're really taking care not to follow tech news.

Police slam internet justice - then use it themselves

prathlev
Happy

@Mark_T

If you by "old laws incapable of addressing the modern world" mean that the juror's/victim's/witness' Googling/Facebooking is just a thing of the modern world that the judicial system should accept, you are IMHO very wrong.

They must never be allowed to investigate by themselves, Internet-based or otherwise. When a victim or witness has to ID a suspected perpetrator among many potential in a line-up, all these potential suspects are presented in as much a neutral and equal way as at all possible. If the victim starts investigating himself then he already has an idea from which his investigation starts, and he is thus prejudiced against the subject of this investigation.

And a juror's job is to consider the guilt or innocence based only on what the court presents. There's a reason certain things are inadmissible in court, things that are not presented to the jury at all. The same goes with things that the jurors are explicitly instructed to ignore.

Letting people investigate by themselves would erode the legal rights of the innocent-until-proven-guilty suspects.

(I do not commend the MET's actions described in this article. And IANAL.)

Google dubs Oracle suit 'attack on Java community'

prathlev

@Renato

I understand the problem thus: The allegedly infringed patents might be generic enough to not only concern Dalvik but also other pieces of code in other software stacks. If Oracle would succeed in winning a patent case against Google they would set precedent and therefore make it much easier to "come after" other open source software projects with patents, either the same or similar.

Testing software patents this way might open up a Pandora's box. Imagine that a court decides that the specific patents from this case are clearly enforceable, or imagine that Oracle and Google choose to settle out of court, thereby scaring others from using Dalvik code or derivatives, or even code vaguely similar to Dalvik.

We can of course hope that Oracle clearly loses this case, and that an appeals court (or higher) asserts that (at least these) patents simple aren't enforceable. But that's probably hoping too much.

prathlev
Happy

@AC 00:22

There are others ways of making money than being litigious you know. I think James' was miffed by the sparkling eyes being those of the lawyer, since this lawyer's goal seemed to clearly be suing Google.

Ellison wrestles Google to strangle 'unofficial' Java

prathlev

@Marcus Aurelius

Seems you pulled it off. And you should seriously put that in your Meditations. That would spice it up a bit. :-)

Hack uses Google Street View data to stalk its victims

prathlev
Happy

@MAC users

Yeah, screw MAC users, let's start using X.25 again!

Flaw could expose 'millions' of home routers

prathlev
Happy

@TJK

No, a /16 network isn't always a Class B network. The Class B networks start with binary "10", and cover the range from 128.0.0.0 to 191.255.255.255. In classful addressing their natural netmask is 255.255.0.0, i.e. /16 in CIDR notation.

The network 170.56.77.0/24 (CIDR-notation) is a /24 subnet of the Class B network 170.56.0.0. And 192.168.0.0/16 (CIDR-notation) is a supernet of the Class C networks 192.168.0.0 through 192.168.255.0.

Everyone please forget everything about classful addressing.

prathlev
Thumb Down

@Highlander

But the malicious traffic actually comes from your own PC, not from the Internet. The filtering you suggest, while theoretically a good idea, is of no use here.

Anyway the "special use" IP-adresses (RFC 5735) are not likely to hit your front door, since sane ISPs are unlikely to accept these in the DFZ.

Vatican Google-bombed over weekend

prathlev
Headmaster

@John Sanders

You said "I'm still awaiting for an anti-Muslim Google bombing".

Famous 'Invisible Gorilla' trick vid gets sequel

prathlev
Happy

@Alex 64

It's called slang. Look it up. El Reg have used "trick cyclist" instead of "psychiatrist".

Take a look at http://www.trickcyclists.co.uk/ for example.

Google's Wi-Fi snoop nabbed passwords and emails

prathlev

@mittfh

From a security standpoint there isn't much idea in hiding your ESSID or filtering MAC addresses. Any activity on the network defeats the hiding. And MAC addresses are easily spoofable.

Stick to encryption instead of voodoo. :-)

Jobs woos devs with iPhone OS iOS 4

prathlev

@Lusty

Couldn't you be arsed to google it either? There's an explanation, see a later comment. :-)

prathlev
Boffin

iOS 4? Bah...

"... gave an overview of iOS 4's capabilities, ..."

We generally IOS 12.2(33)SXI and 12.2(52)SE, with a few devices running 12.4 GD or even 15.0M. Who would want to downgrade to IOS 4?

prathlev
Happy

@AC 21:42

"And just what does the "i" in Apple's iOS stand for anyway?"

The "i" in "iOS" is the same as the "i" in iPhone, iPad et cetera which is a super short form of "Irritating incompetent inept impotent idiot".

Apple picks death not compliance for open source iPhone game

prathlev
Headmaster

@James

""If I were running the App Store I'd go through all other apps and ensure that any which use the GPL are booted. And I'd turn down any future GPL apps.""

That would be extremely prudent. It would even be illegal _not_ to do this. Unless Apple changes their license terms.

Please understand: Distributing GPL applications via the App Store using the store's standard license terms is ILLEGAL.

Fedora 13 – Linux for Applephobes

prathlev
Happy

@boltar

"So in other words a daemon running with root privs just downloads and installs stuff when it feels like it. No bloody thank you!"

I haven't tried this flavour, but if it works like how auto-installs have worked in Fedora 12 it's not a daemon, it's a program started on demand. And it asks you for a root password to install the packages.

Even if it doesn't, I would think they have protected this program just as they have protected "login", "gdm" and other programs running as root and taking input from the user.

How do you feel about being able to shutdown your machine from the GUI without specifying a root password? How do you think that works?

Atlantis spacewalkers snapped through shuttle windows

prathlev
Happy

@max allan

You didn't try to zoom in did you? Was that too difficult for you? They're stopwatches

prathlev

@AC 15:42, not quite...

http://www.snopes.com/business/genius/spacepen.asp

Google screws Scroogle

prathlev
Welcome

@Andrew Jones 2

You must live in a strange country. :-)

Where I live (Denmark) it works like this: One person verifies your ID (typically drivers licence) before taking your voting card (sent to you previously by snail mail) and putting a mark on the list next to your name. Another person, sitting next to the first person, hands you a voting ballot. Noone writes anything down about who gets which ballot.

Are you sure it's trackable where you are? Most modern countries seem to use an anonymous system.

DNSSEC: the internet's International Criminal Court?

prathlev
Happy

@AC 04:17

Please read up on what DNSSEC is. It gives the client a cryptographically safe way of determining if the DNS answer came from a "trusted" source, just like SSL certificates.

It will not make it any easier to track you (yes YOU Derek) on the Internet than it already is.

Applesoft, Ogg, and the future of web video

prathlev

@rhoderickj

I don't get it. If some patent troll could come after me in court over VP3 then why couldn't they do the same over H.264? How can the MPEG LA "guarantee" that they don't infringe on other patents? Or is it just because so many of the big players are part of the MPEG LA, each commited to not suing if you have a license from the group?

prathlev
Happy

@AC 16:13

"... you download one of the many FREE MP3 encoders. Same goes for H.264 - ..."

Where can I find a free MP3 and/or H.264 encoder for commercial use?

prathlev
Headmaster

@psyq

I completely agree with your point: Technology like codecs isn't free to develop, and giving out patents ensures that someone actually wants to spend their ressources developing shuff.

One thing bothers me a little though: The patents last for 20 years. That's a long time when we're talking software. So if we want to keep software patents, let's at least shorten that period a little, to maybe 10 years instead.

The people making money from H.264/MPEG4 licences now isn't the same people that developed the thing.

Google victorious in US trademark & German copyright cases

prathlev
Happy

@AC 14:05, amanfrommars?

Why would amanfrommars post as AC?

'al-Qaeda suicide cat' sends US Iraq war robots out of control

prathlev
Happy

I for one...

... welcome our new feline roboplane sabotaging overlords!

Will DNSSEC kill your internet?

prathlev
Heart

@ disabling DNSSEC in BIND 9?

I don't get it. What's wrong with "dnssec-enable no" in your named.conf? I haven't tested it myself (no handicapped network connections here) but I can't see why it wouldn't work.

(If you're referring to the mess with a certain python script mangling named.conf, that's hardly a BIND problem.)

prathlev
Happy

@pillowfight

> Funny, nobody said "********" yet.

You just did. :-) But let's keep this discussion humane and civilized please.

prathlev
Happy

Why the downvotes?

This is actually the funniest post so far. Some people have no humour it seems...

prathlev
Gates Halo

@problems using 8.8.8.8

Are you guys sure it's not something between you and 8.8.8.8?

[20:45:36 prathlev@euler ~]$ dig @8.8.8.8 +short rs.dns-oarc.net txt

rst.x1247.rs.dns-oarc.net.

rst.x1257.x1247.rs.dns-oarc.net.

rst.x1228.x1257.x1247.rs.dns-oarc.net.

"74.125.42.94 DNS reply size limit is at least 1257"

"74.125.42.94 sent EDNS buffer size 1280"

"Tested at 2010-04-14 18:45:23 UTC"

[20:45:36 prathlev@euler ~]$

(Yes, my timezone is GMT+2)

prathlev
Joke

Making MS ISA 2006 do EDNS0

Simple: Press the "Start"-button, choose to shut down the machine. Insert a CentOS 5 DVD and install from there. In about 30 minutes you will have a server that can do EDNS0. Name it "msisa" or something for nostalgic reasons.

Page: