From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id F2B33138010 for ; Sat, 30 Mar 2013 17:30:42 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 39703E0A90; Sat, 30 Mar 2013 17:30:35 +0000 (UTC) Received: from mail-wi0-f176.google.com (mail-wi0-f176.google.com [209.85.212.176]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AF435E0A0B for ; Sat, 30 Mar 2013 17:30:33 +0000 (UTC) Received: by mail-wi0-f176.google.com with SMTP id hm14so622988wib.9 for ; Sat, 30 Mar 2013 10:30:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:reply-to:to:subject:date:user-agent:references :in-reply-to:mime-version:content-type:content-transfer-encoding :message-id; bh=rWsMzIC8CrvC/fCmHm/XE5fMgAz6rATCOaf0s2MPCQs=; b=EVbivt59t8qjXD0WaZIIO2UK79caIYBCh0vjz7zoLKBafh9UexfNcSe1SPH8k0w8SY RDdYNnzNQel42p4FxztyIruWMOD2gGs7YrkbSBbQnnSYYbXbeusYn5Jn9FlmNtPAObIQ QEcKzR0g+Zw/+/8JzR9bAaQQ3TUiF2T3rGqUXZ14T7bZjRnWeaNDhVsg9IugKVjxbAlQ 6L11eLu2acnZBNnZ363XF80EbRvLRsIdtmcdaU8KWE6RvWTUnilaNimB8fOn/8UOuyUg NJ2aUMdN3l2aiQo9TT5NKy77Nft5vI7Dj0FXl4vrSBApf8e4Q7DRbrYnTP4TieQfvZGa enTg== X-Received: by 10.194.10.129 with SMTP id i1mr8784857wjb.21.1364664632367; Sat, 30 Mar 2013 10:30:32 -0700 (PDT) Received: from dell_xps.localnet (230.3.169.217.in-addr.arpa. [217.169.3.230]) by mx.google.com with ESMTPS id ek4sm4317773wib.11.2013.03.30.10.30.30 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 30 Mar 2013 10:30:31 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: [gentoo-user] Re: [seriously O/T] How to prevent a dns amplification attack Date: Sat, 30 Mar 2013 17:30:02 +0000 User-Agent: KMail/1.13.7 (Linux/3.7.10-gentoo; KDE/4.9.5; x86_64; ; ) References: <51540497.5020008@smash-net.org> <9E829B28-D041-488B-BD22-3E25E6E51A35@smash-net.org> <20130330151117.542b249b@kc-sys.chadwicks.me.uk> In-Reply-To: <20130330151117.542b249b@kc-sys.chadwicks.me.uk> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart8480601.exmWBONvPO"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201303301730.13238.michaelkintzios@gmail.com> X-Archives-Salt: 1cc14514-d06c-4510-96dd-eba6411348f4 X-Archives-Hash: 26fdbe0edca66563c3da11d34910b047 --nextPart8480601.exmWBONvPO Content-Type: Text/Plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Saturday 30 Mar 2013 15:11:17 Kevin Chadwick wrote: > On Sat, 30 Mar 2013 13:06:16 +0100 >=20 > Norman Rie=C3=9F wrote: > > As we all know everything works better and cheaper when things are > >=20 > > privatized >=20 > Actually No it's not so simple at all. >=20 > You get incompetence in private and public and you may be more likely > to get away with it for longer in a public service than in a market with > competition but there are many examples where things simply get worse. >=20 > In the UK, water companies were privatisied and fat cats made lots of > money letting the pipes deteriorate for future generations. >=20 > British Telecom, well that's a mixed bag but it is certainly a > tiny shadow of it's original self. >=20 > We know ideals and theory hardly ever work but theoretically public > should be much better when well managed. Well, as you said, "... it's not so simple at all." ;-) Errors, incompetence, inefficiencies due to organisational friction and poo= r=20 structures, plus perverse incentives exist in all organisations. They feed= on=20 human traits and do not depend simply on the public, or private type of=20 ownership, despite what political propaganda based on the prevailing Neo- liberal economic dogma would have you believe. In the UK, in particular, we have had railways, water, gas and energy all=20 privatised and costs increased 3 to 4 times as a minimum, while performance= in=20 many cases decreased dramatically. Failed privatisations and re- nationalisation en mass of railways is an example where fat subsidies to th= e=20 private sector did not produce the improvements in performance or cost=20 efficiencies promised at the beginning. The UK government is now pushing w= ith=20 the privatisation of the Health Service, despite the majority of studies=20 showing that a public ownership model is a more cost effective model. Brit= ish=20 Telecom was actually a mixed bag, i.e. there are areas of improvement,=20 especially where technological innovation could be easily taken advantage o= f=20 (read low business risk). Economic theory speaks of 'natural monopolies' where high risk and very lon= g=20 term investments with relatively low returns, make public ownership more=20 suitable. Typically these kind of industries are better and cheaper manage= d=20 under public ownership; i.e. goals of ownership and those of customers/use= rs=20 are better aligned. However, markets with smaller scope and and shorter lif= e=20 span, is where private sector ownership and competition thrives and excels. > I wonder if ISPS wouldn't be handling things like TalkTalks > Homesafe in such a stupid manner (across the board is where it is > stupid, even for non users of the service) where they redirect all the > http traffic through an undoubtedly insecure layer 7 handling huawei > device with less commercial pressures or analysing bandwidth at layer > 7 when they should be doing so more safely and completely at layers 3 > and 4 leading me to believe they are not just thinking about bandwidth > usage. Why does it matter if you download 1000Gb via torrents or http. > ACKs can be managed in any case. >=20 > I'm glad open source is beginning to make strides into public services > as it should help put an end to expensive interoperability issues (if > we stay away from non posix things like systemd, though even then > shouldn't be too bad ;-)). Talk-Talk is not the only UK ISP who undertakes deep-packet inspection, and= =20 filtering of DNS. There was a debacle only a couple of years ago when=20 TalkTalk (along with Virgin, PlusNet, and Sky I think) gave their users'=20 details to some lawyer who in turn blackmailed them with a law suit against= =20 their alleged p2p activity. Some users paid him, but most told him where t= o=20 go and stick his head! I think his email account and company PC was also=20 hacked and a lot of information leaked. He ended up in court for failing t= o=20 protect private data! :D =2D-=20 Regards, Mick --nextPart8480601.exmWBONvPO Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEABECAAYFAlFXISUACgkQVTDTR3kpaLb9jwCffAf3sDnhve7a4+GwucoN61Ah uEAAnRPZGKPR218RW0PLWSXjOEZeAOWj =RMXm -----END PGP SIGNATURE----- --nextPart8480601.exmWBONvPO--