[gentoo-user] Re: [seriously O/T] How to prevent a dns amplification attack

[Mick <michaelkintzios@gmail.com>]

[-- Attachment #1: Type: Text/Plain, Size: 4013 bytes --]

On Saturday 30 Mar 2013 15:11:17 Kevin Chadwick wrote:
> On Sat, 30 Mar 2013 13:06:16 +0100
> 
> Norman Rieß <norman@smash-net.org> wrote:
> >  As we all know everything works better and cheaper when things are
> > 
> > privatized
> 
> Actually No it's not so simple at all.
> 
> You get incompetence in private and public and you may be more likely
> to get away with it for longer in a public service than in a market with
> competition but there are many examples where things simply get worse.
> 
> In the UK, water companies were privatisied and fat cats made lots of
> money letting the pipes deteriorate for future generations.
> 
> British Telecom, well that's a mixed bag but it is certainly a
> tiny shadow of it's original self.
> 
> We know ideals and theory hardly ever work but theoretically public
> should be much better when well managed.

Well, as you said, "... it's not so simple at all."  ;-)

Errors, incompetence, inefficiencies due to organisational friction and poor 
structures, plus perverse incentives exist in all organisations.  They feed on 
human traits and do not depend simply on the public, or private type of 
ownership, despite what political propaganda based on the prevailing Neo-
liberal economic dogma would have you believe.

In the UK, in particular, we have had railways, water, gas and energy all 
privatised and costs increased 3 to 4 times as a minimum, while performance in 
many cases decreased dramatically.  Failed privatisations and re-
nationalisation en mass of railways is an example where fat subsidies to the 
private sector did not produce the improvements in performance or cost 
efficiencies promised at the beginning.  The UK government is now pushing with 
the privatisation of the Health Service, despite the majority of studies 
showing that a public ownership model is a more cost effective model.  British 
Telecom was actually a mixed bag, i.e. there are areas of improvement, 
especially where technological innovation could be easily taken advantage of 
(read low business risk).

Economic theory speaks of 'natural monopolies' where high risk and very long 
term investments with relatively low returns, make public ownership more 
suitable.  Typically these kind of industries are better and cheaper managed 
under public ownership;  i.e. goals of ownership and those of customers/users 
are better aligned. However, markets with smaller scope and and shorter life 
span, is where private sector ownership and competition thrives and excels.


> I wonder if ISPS wouldn't be handling things like TalkTalks
> Homesafe in such a stupid manner (across the board is where it is
> stupid, even for non users of the service) where they redirect all the
> http traffic through an undoubtedly insecure layer 7 handling huawei
> device with less commercial pressures or analysing bandwidth at layer
> 7 when they should be doing so more safely and completely at layers 3
> and 4 leading me to believe they are not just thinking about bandwidth
> usage. Why does it matter if you download 1000Gb via torrents or http.
> ACKs can be managed in any case.
> 
> I'm glad open source is beginning to make strides into public services
> as it should help put an end to expensive interoperability issues (if
> we stay away from non posix things like systemd, though even then
> shouldn't be too bad ;-)).

Talk-Talk is not the only UK ISP who undertakes deep-packet inspection, and 
filtering of DNS.  There was a debacle only a couple of years ago when 
TalkTalk (along with Virgin, PlusNet, and Sky I think) gave their users' 
details to some lawyer who in turn blackmailed them with a law suit against 
their alleged p2p activity.  Some users paid him, but most told him where to 
go and stick his head!  I think his email account and company PC was also 
hacked and a lot of information leaked.  He ended up in court for failing to 
protect private data!  :D
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 198 bytes --]