К вопросу о технологическом прогрессе

Сегодня на Слэшдоте написали, что в Штатах больше не осталось никого, кто мог бы сделать боеголовку к ракете Трайдент.

И сегодня же я прочитал, что европейские космонавты и астронавты чехвостят проект ATV, потому что его стыковка и тем более расстыковка — сложнейший процесс, требующий чёткой и и слаженной работы двух человек экипажа на протяжении нескольких часов. Почему чехвостят? Да потому, что предыдущий грузовой корабль Прогресс хотя и не имел в названии слова автоматический, тем не менее отстыковывался сам по команде с Земли, причём обычно это происходило в то время, когда космонавты спали.

Новая идея измерения хабрасилы, кармы и т.д. от Пола Грэма

Как всегда, самое полезное — маленьким шрифтом в сносках ;-)

I tried ranking users by both average and median comment score, and average (with the high score thrown out) seemed the more accurate predictor of high quality. Median may be the more accurate predictor of low quality though.

То есть, можно использовать среднее арифметическое от веса комментариев для того, чтобы выяснить, кто хорош, а среднее — для того, чтобы выяснить кто плох. Таким образом, критерии хорошести и плохости становятся независимыми.

.
Tags: 

A first-hand account of a DDOS attack mitigation

A few days ago, I lived through a DDOS attack at one of the sites I run. It started with the general unavialability of Apache, although the system was idle and the ssh access functioned perfectly. As I already had some experience with DDOS attacks, I immediately looked at the network connections using netstat and saw over 300 IPs sending SYN_REC packets in mass. The attack was much more powerful than I ever experienced.

~# netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'| sort |uniq |wc -l
310

I immediately started the APF firewall with RAB enabled and a script to block the offending IPs in iptables, as I had these at hand from the previous DDOS attack:

BEGIN {
 pipe = "netstat -n|gawk '{print $5}'|gawk 'BEGIN{FS=\":\"}{print $1}'|sort|uniq -c |sort -n"
 while (( pipe| getline) > 0 )  {
   if ($1 > 29 && $2 != "") {
     command="/sbin/iptables -I INPUT -s " $2 " -j DROP"
     date="date"
     command | getline result
     date | getline dateresult
     print dateresult " - command: " command ", result: " result >>"/var/log/firewall.log"
     }
   }
   close(pipe)
}

After a few hours it became clear that the IPs are rotating too often and the size of the botnet is well over 10.000, so I was left with a choice of either dying under DDOS or dying due to the performance hit of the large pool of IP addresses in iptables. The SYN_REC part was being filtered easily by syncookies, APF activated them on launch. The real problem was the HTTP flood.

The pitfalls of the part-time business in Belgium

Anyone working at least part-time as an employee in Belgium can opt for his own part-time business. This is even mandatory if you have a constant revenue stream coming from the side projects.

At first sight, this option looks very competitive. You pay lower social charges and retain all the benefits of the employee position while being able to exercise the secondary activity in your spare time.

On the taxation side, things look much dimmer. Let's assume that you are a full-time employee in IT and want to do some consulting on the side. You probably have a rather high salary, that attains already, although barely, the highest 53.50% tax level. This is realistic for many IT professionals.

You do your first project and charge your client 1000 €, including VAT. How much will you have left after the taxes?

Well, that's easy. You pay subsequently 21% of VAT, 22% in social charges, and then 53.50% of the income tax, which amounts to

1000*0.79*0.78*0.4650=286.53 €

286.53 € out of that nifty pay-check of 1000 € that you just thought will go into your pocket.

You were expecting to get more, and you start to look for ways to avoid taxation. Fortunately, this is possible by going to the natural economy instead of the monetary one. That is, you try to increase your expenses and reduce the monetary profits.

Bye-bye, Yahoo!

I am probably the last webmaster in the world to ban Yahoo! Slurp from indexing my sites. Now, I am resolved. Bye-bye, Yahoo! You were just behaving too badly.

iptables -A INPUT -s 66.196.64.0/18 -j DROP
iptables -A INPUT -s 68.142.192.0/18 -j DROP
iptables -A INPUT -s 72.30.0.0/16 -j DROP
iptables -A INPUT -s 74.6.0.0/16 -j DROP

La diminution des tirages des journaux à l'époque de l'internet: un exemple concret.

Les tirages des quotidiens francophones en Belgique ont diminué de 19% sur la période de dix ans, de 1997 à 2007. C'est la conclusion que je tire des statistiques du CIM, publiée sur leur site et complétés par les chiffres de 1997 venant d'un dossier thématique de la Revue Nouvelle. Malheureusement, je n'ai pas sû trouver les chiffres des tirages des quotidiens flamands en 1997. D'après les statistiques des années 2003-2007 disponibles sur le site de CIM, les quotidiens flamands doivent se porter mieux que les francophones.

Traditionellement, j'inclus ci-dessous les chiffres crus, ainsi que le script gnuplot

données:
"Journal" 1997 2007
"L'Echo" 27449 24696
"Vers l'avenir" 131155 110559
"La Derniere Heure" 101327 110124
"La Libre Belgique" 73103 56808
"Le Soir" 178569 112265
script:
set terminal png enhanced
set output "evaluation.png"
set boxwidth 1 absolute
set style fill  solid 1.00 border -1
set style histogram clustered gap 2 title

set style data histograms
set xtics rotate
set yrange [ 0 : 200000]

plot 'graph.dat' u 2:xtic(1) ti col, '' u 3 ti col
Tags: 

Pages