Microsoft to ship new versions with firewall enabled
John Markoff reports in the New York Times that Microsoft plans to change how it ships Windows XP due to the worm. In the future Microsoft will ship both business and consumer verisons of Windows XP with the included firewall enabled by default.
on 8/14/2003 9:29 AM Sean Donelan wrote:
John Markoff reports in the New York Times that Microsoft plans to change how it ships Windows XP due to the worm. In the future Microsoft will ship both business and consumer verisons of Windows XP with the included firewall enabled by default.
Wouldn't it make more sense to ship with all of the services disabled? I mean, if the role of the firewall is to block packets to weak services, wouldn't it be simpler to just disable the damn services since they aren't going to be usable anyway? -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
On Thu, 14 Aug 2003, Eric A. Hall wrote:
Wouldn't it make more sense to ship with all of the services disabled?
I mean, if the role of the firewall is to block packets to weak services, wouldn't it be simpler to just disable the damn services since they aren't going to be usable anyway?
'Firewall' is more buzzword compliant. This doesn't even begin to address the fact that the firewalling included in windows is nowhere near as functional as the firewalling in other OSes (such as FreeBSD or Linux).
ipchains and similar firewalls are indeed far superior. I manage "real" firewalls as part of my responsibilities. However the new microsoft policy will help protect the network from Joe and Jane average who buy a PC from the closest "big box" store and hook it up to their cable modem so they can exchange pictures of the kids with the grandparents in Fla. This is the class of users who botnet builders dream about because these people do not see a computer as a complex system which _requires_ constant maintenance but as a semi-magical device for moving images and text around. Scott C. McGrath On Thu, 14 Aug 2003, Greg Maxwell wrote:
On Thu, 14 Aug 2003, Eric A. Hall wrote:
Wouldn't it make more sense to ship with all of the services disabled?
I mean, if the role of the firewall is to block packets to weak services, wouldn't it be simpler to just disable the damn services since they aren't going to be usable anyway?
'Firewall' is more buzzword compliant.
This doesn't even begin to address the fact that the firewalling included in windows is nowhere near as functional as the firewalling in other OSes (such as FreeBSD or Linux).
On Thu, 14 Aug 2003 16:07 UTC, "Eric A. Hall" <ehall@ehsco.com> wrote: | Wouldn't it make more sense to ship with all of the services disabled? Yes it would - at least to US - but that would inevitably create a load for the Support desk. However as Microsoft charge for end-user support I wouldn't put it past them thinking along those lines. I hope there's nobody from Microsoft reading this list ... that might give them ideas! | if the role of the firewall is to block packets to weak services, | wouldn't it be simpler to just disable the damn services since they | aren't going to be usable anyway? That wouldn't make sense at all. What that would do is give the user a false sense of security: it is just as important to block activities by unauthorised programs ("trojans" etc) as it is to protect services installed as part of the operating system. What I do like in the latest release of Zone Alarm Pro is that it will stop ANY program from connecting outbound on Port 25 unless that program has been specifically authorised to send mail. It was quite informative to see which programs were trying to mail information back to their base! -- Richard Cox RC1500-RIPE
Richard Cox wrote:
On Thu, 14 Aug 2003 16:07 UTC, "Eric A. Hall" <ehall@ehsco.com> wrote:
| Wouldn't it make more sense to ship with all of the services disabled?
Yes it would - at least to US - but that would inevitably create a load for the Support desk. However as Microsoft charge for end-user support I wouldn't put it past them thinking along those lines. I hope there's nobody from Microsoft reading this list ... that might give them ideas!
But who actually calls Microsoft for support? Bob and Beth Luser call their OEM, DELL, Gateway, Sony, Compaq, etc., not Microsoft. And I think the EOMs are getting off a little easy in all of this. Microsoft distributes their product to OEMs who have a fair a bit room to customize the default settings (all of the monopolistic arm twisting involving hiding IE icons, installing other web browsers, etc., ignored for now). How much you wanna bet if Microsoft distributes with the firewall enabled, OEMs will turn around and _disable_ it in the installation they sell? They are the ones who want to cut down the support calls. And they don't want to lose business to a competitor who ships with all of the bells-n-whistles turned back on because Bob and Beth are convinced the computer they got was "broken" because disabled (mis)features were not enabled out of the box. On the other hand, OEMs can be the Good Guys here and take the lead ahead of Mickeysoft and firm up the loose default setting they get from Microsoft. DELL has promised to do this... but I still don't know if their press releases will live up to reality. If any NANOGers out there make purchasing decisions about PCs with Windows, I hope you direct your business towards OEMs who do sell better secured distributions or demand that the OEMs do so. -- Crist J. Clark crist.clark@globalstar.com
On the other hand, OEMs can be the Good Guys here and take the lead ahead of Mickeysoft and firm up the loose default setting they get from Microsoft. DELL has promised to do this... but I still don't know if their press releases will live up to reality. If any NANOGers out there make purchasing decisions about PCs with Windows, I hope you direct your business towards OEMs who do sell better secured distributions or demand that the OEMs do so.
Wouldn't really matter. NANOGers run networks for the most part, not computer clubs, college classes, afterschool programs, IT departments, or hair salons, where most computer-buying decisions are made. People want value and functionality without having to deal with complicated details like output wattage of power supplies or say something like security. But at the same time, everyone has some sort of theory about a Microsoft conspiracy and why Windows Update shouldn't be allowed to automatically update machines instead of prompting users, resulting in patches not being applied month after month until some worm comes out and makes you work overtime. At which point a bunch of you run out and buy 'bad guy' paint and dump bucketloads all over Microsoft while promoting your favorite OS. *shrug*
On Thu, Aug 14, 2003 at 05:37:44PM +0100, Richard Cox wrote:
What I do like in the latest release of Zone Alarm Pro is that it will stop ANY program from connecting outbound on Port 25 unless that program has been specifically authorised to send mail. It was quite informative to see which programs were trying to mail information back to their base!
Zone Alarm Pro is very stupid as well. When a machine makes an outbound connection attempt, yes, you'll see a dialog that pops up asking you whether to allow that SINGLE connection or not, I guess this is what you mean... BUT on every single occasion I get that dialog box, it's telling me that the program is trying to access my ISP's DNS servers, which is correct, I click yes to allow that SINGLE connection, and it lets the program go ahead and connect to port 22 (putty is the application in this instance), instead of asking me about port 22 next. Reasons why this is bad? A) Semi-savvy user sees 'DNS' and their ISP's nameservers and clicks yes not knowing it's a trojan trying to resolve the hostname for trojan base. B) Trojanned program operates semi-normally, makes the initial connection to the proper host, you ok it with ZoneAlarm because it looks legit, but ZoneAlarm goes ahead and lets the program connect to whatever it wants after the inital OK, (example scenario: buffer overflow), so the trojan connections are concealed. C) It's bothersome. Ask the user every time they fire up the program whether they want to let it connect to something, and they're going to click the "please don't ask me about this crappy program ever again" checkbox, and be done with it, again, concealing trojan connections in the event the program gets modified later down the road.
Anyone know whats up with the big power outage in Ontario Canada ? ---Mike
http://www.cnn.com/2003/US/08/14/power.outage/index.html NEW YORK (CNN) -- A major power outage simultaneously struck several large cities in the United States and Canada late Thursday afternoon. Cities affected include New York; Boston, Massachusetts; Cleveland, Ohio; Detroit, Michigan; Toronto, Ontario; and Ottawa, Ontario. The power outage occurred shortly after 4 p.m. Much of Midtown Manhattan and Wall Street were shut down, including all area airports and the Long Island Railroad. The airports were operating on back-up power and operations were reported to be normal, officials said. The New York City Police Department said they were trying to determine what happened. A Con Edison transformer on East 14th Street in Manhattan was afire, CNN learned. Thousands of people could be seen leaving buildings and walking into the streets. New York subways were reported stopped and people were trapped in the cars. ===== Telecommunications Policy Research Conference ~~ September 19 - 21 Arlington, Virginia ~~ ~~ www.tprc.org ~~ __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
Apple have the right idea... I'd say all the vendors need to take a carefully balanced approach to security in the default configurations of their software. Leave services exposed to the network disabled by default, where possible. By all means, configure firewalls by default to block all non-established incoming connections to low port numbers, but for heaven's sake don't also block access to those ports from the local subnet as well. How would your users cope if all their shared printers and file servers suddenly became inaccessible because NetBIOS was universally blocked by new operating system "security features"? I'd hazard a guess that after they've called their ISP support team a couple of hunderd times, they'll just switch the firewall off... Your firewall rules should automatically open ports when services are explicitly enabled, and should be able to cope with laptops roaming between home and office where the local subnet addresses may change. If the firewall doesn't detect this, then you're going to cause a whole new world of support problems. - Matt
At 12:39 PM 8/14/2003, Matthew Watkins wrote:
Apple have the right idea... I'd say all the vendors need to take a carefully balanced approach to security in the default configurations of their software. Leave services exposed to the network disabled by default, where possible.
By all means, configure firewalls by default to block all non-established incoming connections to low port numbers, but for heaven's sake don't also block access to those ports from the local subnet as well.
Define "local subnet." Go sit in a Starbucks and use Wifi. Is the person at the next table, or sitting on the bench outside with their laptop considered on the "local subnet?" Do you trust that person? This is just an example of how a policy like the one you suggest can be dangerous.
At 10:00 AM 8/14/2003, Daniel Senie wrote:
At 12:39 PM 8/14/2003, Matthew Watkins wrote:
Apple have the right idea... I'd say all the vendors need to take a carefully balanced approach to security in the default configurations of their software. Leave services exposed to the network disabled by default, where possible.
By all means, configure firewalls by default to block all non-established incoming connections to low port numbers, but for heaven's sake don't also block access to those ports from the local subnet as well.
Define "local subnet."
Go sit in a Starbucks and use Wifi. Is the person at the next table, or sitting on the bench outside with their laptop considered on the "local subnet?" Do you trust that person?
Hold on a second, and let me ask him. :-)
This is just an example of how a policy like the one you suggest can be dangerous.
He said "What's a subnet?" heh jc
I just lost 80 circuits (Voice and Data), across multiple states on the East Coast in the last 10 minutes. Is there a Northeast power outage or fiber cut that anyone knows about? Any info would be appreciated... -Aaron
From CNN:
NEW YORK (CNN) -- A major power outage simultaneously struck several large cities in the United States and Canada late Thursday afternoon. Cities affected include New York; Boston, Massachusetts; Cleveland, Ohio; Detroit, Michigan; Toronto, Ontario; and Ottawa, Ontario. The power outage occurred shortly after 4 p.m. <snip> no word on the cause(s), but a ConEd transformer on East 14th street was said to be on fine...not sure how that could affect other cities, though... On Thu, 14 Aug 2003, Aaron D. Britt wrote:
I just lost 80 circuits (Voice and Data), across multiple states on the East Coast in the last 10 minutes. Is there a Northeast power outage or fiber cut that anyone knows about?
Any info would be appreciated...
-Aaron
James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am =========================================================================
no word on the cause(s), but a ConEd transformer on East 14th street was said to be on fine...not sure how that could affect other cities, though...
BBC reports Mayor Bloomberg blaming a failure at ConEd plant at Niagra, but also reports US Govt. spokesman blaming a fault in Manhattan... Ray
On Thu, 14 Aug 2003 up@3.am wrote:
From CNN:
NEW YORK (CNN) -- A major power outage simultaneously struck several large cities in the United States and Canada late Thursday afternoon.
Cities affected include New York; Boston, Massachusetts; Cleveland, Ohio; Detroit, Michigan; Toronto, Ontario; and Ottawa, Ontario. The power outage occurred shortly after 4 p.m.
The rest: State officials said the Niagara-Mohawk power grid was overloaded. The grid provides power for New York and stretches into Canada. The officials said the outage is a natural occurrence and not related to terrorism. ... New York Mayor Michael Bloomberg confirmed the outage was not related to terrorism or an accident. "The good news is, Con Ed's facilities have shut down automatically, which they're programmed to do," he said. "No damage was done to the Con-Ed facility." (The facillity they're referencing, is the Transformer station on 14th St.) - d. -- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ------------------------------------------------------------------------------- http://www.the-infinite.org/ http://www.the-infinite.org/~dominic/
Current news links below. Info is still very sketchy: http://www.cnn.com/2003/US/08/14/power.outage/index.html http://www.nytimes.com/2003/08/14/nyregion/14WIRE_POWER.html Toronto Sun has nothing online at the moment. --Lloyd On Thu, 14 Aug 2003, Aaron D. Britt wrote:
Date: Thu, 14 Aug 2003 13:31:33 -0700 From: Aaron D. Britt <flip@deru.com> To: nanog@merit.edu Subject: East Coast outage?
I just lost 80 circuits (Voice and Data), across multiple states on the East Coast in the last 10 minutes. Is there a Northeast power outage or fiber cut that anyone knows about?
Any info would be appreciated...
-Aaron
--
More news sites: Toronto News: http://cnews.canoe.ca/CNEWS/Canada/2003/08/14/160918-cp.html Baltimore: http://www.sunspot.net/news/nationworld/bal-newyork0815,0,2936608.story?coll... --Lloyd On Thu, 14 Aug 2003, Lloyd Taylor wrote:
Date: Thu, 14 Aug 2003 13:52:26 -0700 (PDT) From: Lloyd Taylor <ltaylor@keynote.com> To: Aaron D. Britt <flip@deru.com> Cc: nanog@merit.edu Subject: Re: East Coast outage?
Current news links below. Info is still very sketchy:
http://www.cnn.com/2003/US/08/14/power.outage/index.html http://www.nytimes.com/2003/08/14/nyregion/14WIRE_POWER.html
Toronto Sun has nothing online at the moment.
--Lloyd
On Thu, 14 Aug 2003, Aaron D. Britt wrote:
Date: Thu, 14 Aug 2003 13:31:33 -0700 From: Aaron D. Britt <flip@deru.com> To: nanog@merit.edu Subject: East Coast outage?
I just lost 80 circuits (Voice and Data), across multiple states on the East Coast in the last 10 minutes. Is there a Northeast power outage or fiber cut that anyone knows about?
Any info would be appreciated...
-Aaron
--
"Aaron D. Britt" <flip@deru.com> wrote:
I just lost 80 circuits (Voice and Data), across multiple states on the East Coast in the last 10 minutes. Is there a Northeast power outage or fiber cut that anyone knows about?
Any info would be appreciated...
-Aaron
Power -- we were hit as far west as Cleveland, and saw the blip in Dayton. -ls-
CNN is reporting a New York State offical as saying that "The Niagara-Mohawk power grid is overloaded". On Thu, Aug 14, 2003 at 01:31:33PM -0700, Aaron D. Britt wrote:
I just lost 80 circuits (Voice and Data), across multiple states on the East Coast in the last 10 minutes. Is there a Northeast power outage or fiber cut that anyone knows about?
Any info would be appreciated...
-Aaron
-- Shawn Morris NTT/Verio IP Engineering v:312.621.7422 f:520.447.7082 shawn@smorris.com smorris@verio.net
in spite of reports on this list - so far no problems in Boston Scott
BGP plots from http://bgp.lcs.mit.edu/ - MIT: http://bgp1.notlong.com GLBX London: http://bgp2.notlong.com
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Shawn Morris Sent: Thursday, August 14, 2003 4:56 PM To: Aaron D. Britt Cc: nanog@merit.edu Subject: Re: East Coast outage?
CNN is reporting a New York State offical as saying that "The Niagara-Mohawk power grid is overloaded".
On Thu, Aug 14, 2003 at 01:31:33PM -0700, Aaron D. Britt wrote:
I just lost 80 circuits (Voice and Data), across multiple states on the East Coast in the last 10 minutes. Is there a Northeast power outage or fiber cut that anyone knows about?
Any info would be appreciated...
-Aaron
-- Shawn Morris NTT/Verio IP Engineering v:312.621.7422 f:520.447.7082 shawn@smorris.com smorris@verio.net
http://www.cnn.com/2003/US/08/14/power.outage/index.html Looks like we lost the Niagara-Mohawk power grid , says it is not related to Terrorism. _Scott ----- Original Message ----- From: "Aaron D. Britt" <flip@deru.com> To: <nanog@merit.edu> Sent: Thursday, August 14, 2003 4:31 PM Subject: East Coast outage?
I just lost 80 circuits (Voice and Data), across multiple states on the East Coast in the last 10 minutes. Is there a Northeast power outage or fiber cut that anyone knows about?
Any info would be appreciated...
-Aaron
At 02:03 PM 8/14/2003, K. Scott Bethke wrote:
http://www.cnn.com/2003/US/08/14/power.outage/index.html
Looks like we lost the Niagara-Mohawk power grid
This looks pretty much like the same thing that happened (one failure causes cascading switch failures as the power overloads adjacent switches, taking down the whole grid) when the Pacific InterTie went down in the summer of 1996: <http://www.cnn.com/US/9607/02/blackout.final/> <http://www.ece.umr.edu/courses/f02/ee207/spectrum/Grid/> Am I the only one who is surprised that here we are now - over 7 years later - and the electric grid industry still hasn't found/implemented a design fix for this problem? What does the FERC and the DOE do anyway? Do they just "regulate" prices? (Yeah, they did such a good job with E! and we in California will be paying for it for many years to come.) I kinda thought the whole point of having federal departments and commissions to oversee energy was to assure the country of a *reliable* energy system... jc
Speaking on Deep Background, the Press Secretary whispered:
Am I the only one who is surprised that here we are now - over 7 years later - and the electric grid industry still hasn't found/implemented a design fix for this problem?
Guess what... Real Time is Hard. Real Time when dealing with amounts of energy sufficient to move mountains, with dv/dt in milliseconds, is even harder. Spread it out over a grid that measures fractions of a wavelength, it gets harder still. Then run parts at 105-110% and it gets really hard. Now, play Prisoner's Dilemma with it.... and watch the sparks. I'm no power engineer but I do not envy them. Can YOU build an equal size TCP/IP network with the added requirement that you never drop any more than say one or 2 bits/hour? And if you do, you cold boot it all again? -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
At 08:13 PM 8/14/2003, David Lesher wrote:
Then run parts at 105-110% and it gets really hard.
The power industry designs a grid that runs so close to capacity that if^W when something big fails, the whole grid shuts down in a cascade. They know it: "What happens if <$big_num_watts> power plant suddenly spikes"? "We have a cascade failure thru the whole grid as switches overload and shut off. This causes blackouts over a wide area, and it takes many hours to restore electrical service. Also, many outlying TelCo facilities have battery backup power that will be exhausted before we can restore power to them, and there aren't enough gen sets around to keep them all running when their batteries die. So TelCo service (and by extension, also Internet service) will fail in many areas as a result of the widespread electrical grid failure." "How often can we expect this to occur?" "Oh, once every decade or so, on one of the major grids. It usually happens when electric use is at peak demand, late afternoon during the summer." "Oh. Ok then. Carry on." See: <http://story.news.yahoo.com/news?tmpl=story&cid=578&ncid=578&e=2&u=/nm/20030815/ts_nm/power_grid_dc> "We're a superpower with a third-world grid. We need a new grid," New Mexico Gov. and former Energy Secretary Bill Richardson told the CNN television network. "The problem is that nobody is building enough transmission capacity." What's the point in having DOE and FERC regulation and oversight if they just rubber-stamp this type of design and endorse running at over-capacity on a routine basis? What happened to designing something so that it doesn't break when one big part fails, designing it so that switches don't get overloaded when a nearby plant spikes and goes off the grid? Is it *that* hard/expensive to have switching plants sufficiently resilient, with the extra capacity that can handle a *predictable and expected* event? In California we design our systems to survive major earthquakes (e.g 7.x), even though they only happen once every 10-20 years, and then only affect a relatively small portion (compared to the size of power grids) of the state. When we discover that the engineering isn't resilient enough (e.g. when the Cypress structure collapsed and a piece of the SF Bay Bridge fell during the Loma Prieta quake in 1989), we find out what went wrong and FIX it, not just in the one inadequately designed structure or system, but statewide, system-wide. (We have rebuilt a lot of bridges in the last 14 years!) Yet we keep on seeing electrical switches that can't handle the load when a nearby plant spikes or goes off the grid, causing cascade failures. It is predictable and it has been happening for at least 40 years! Don't they notice that their design is inadequate and FIX it??? Quoting the above article again: "According to the Electric Power Research Institute in Palo Alto, California, U.S. power demand has surged 30 percent in the last decade, while transmission capacity grew a mere 15 percent. " They not only don't fix it, they let it get worse. sigh... Well, at least we now have a great argument against regulation when they try to create a Department of the Internet to oversee the "Internet industry". jc
At 08:13 PM 8/14/2003, David Lesher wrote:
Then run parts at 105-110% and it gets really hard.
The power industry designs a grid that runs so close to capacity that if^W when something big fails, the whole grid shuts down in a cascade. They know it:
Rubbish again. Welcome to the wonderful world of physics. Ask your favourite physics professor what does E1 = E2 in context of yesterdays events. Amount of energy generated must be balanced with the amount of energy used at any time. Otherwise Bad Things (tm) will happen. The shutown of the grid is a very good thing compared to what it would have been had it not shutdown. Alex
On vrijdag, aug 15, 2003, at 23:58 Europe/Amsterdam, alex@yuriev.com wrote:
Amount of energy generated must be balanced with the amount of energy used at any time. Otherwise Bad Things (tm) will happen. The shutown of the grid is a very good thing compared to what it would have been had it not shutdown.
It seems to me that the power guys are still living somewhere in the last century. Is it really impossible to absorb power spikes? We can go from utility to battery or the other way around in milliseconds, so it should be possible to activate something that can absorb a short spike much the same way. Balancing intermediate-term generation/usage mismatches should be possible by simply communicating with users. There is lots of stuff out there that switches on and off periodically (all kinds of cooling systems, battery charging, lights), so let it switch on or off for a few minutes when the power network needs it to. I think the idea that the power should be always present and always reliable is actually harmful, as it doesn't provide for any "congestion contnrol" by bringing the users into the loop.
On Sat, 16 Aug 2003 00:25:14 +0200, Iljitsch van Beijnum said:
It seems to me that the power guys are still living somewhere in the last century. Is it really impossible to absorb power spikes? We can go from utility to battery or the other way around in milliseconds, so it
How many kVA are *you* switching? How many kVA are running through those big 765kv lines? This is what a *circuit breaker* looks like at those sizes: http://www.hhi.co.kr/english/IndustrialPowerSystem/product/highvoltage/produ... 8000 amps at 765kv. And that's just to *break* the circuit without vaporizing itself in the process.
Speaking on Deep Background, the Press Secretary whispered:
It seems to me that the power guys are still living somewhere in the last century. Is it really impossible to absorb power spikes? We can go from utility to battery or the other way around in milliseconds, so it
How many kVA are *you* switching?
How many kVA are running through those big 765kv lines?
This is what a *circuit breaker* looks like at those sizes:
http://www.hhi.co.kr/english/IndustrialPowerSystem/product/highvoltage/produ...
8000 amps at 765kv.
And that's just to *break* the circuit without vaporizing itself in the process.
At last, someone with clue. But note the minor details missing in the url: price, and lead time. Plus, the 'last century' guy needs to do a little math. Sure we can store 50-500 joules. BFD. But the gap between that and that 768KV going flat out is many orders of magnitude more than between oh 110BPS and OC-48. The basic issue with all the power nets is really simple to grasp, in NANOG terms: Redundancy co$t$ -- who wants to pay?????? The power industry had no telecom bubble to overbuild facilities. It's easy to go from OC-48 to OC-96, right? It's far far harder to double the capacity of a 500 mile or even a 100 mile line. FIRST, there's the money. Then there's the politics. Only THEN do you hit the lead-time issue. And then.... And to put it another way... You have a buncha OC circuits, and get hit by backhoe fade. After you patch the fiber, you first have to junk the ci$co boxes at both ends because they blew up when the fiber broke. To restart, you then must get a sync signal from Hillsburo, get everything all on key & in tune, and then you start the smallest box, the next one, then finally.... Do it wrong and you get another Star Trek Bridge panel scene. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
It seems to me that the power guys are still living somewhere in the last century. Is it really impossible to absorb power spikes? We can go from utility to battery or the other way around in milliseconds, so it should be possible to activate something that can absorb a short spike much the same way. Balancing intermediate-term generation/usage mismatches should be possible by simply communicating with users. There is lots of stuff out there that switches on and off periodically (all kinds of cooling systems, battery charging, lights), so let it switch on or off for a few minutes when the power network needs it to.
No, the problem is that by the time your users receive that information and act upon it, you will either get a blackout (braker) or a blow up (transformers becoming brakers). The reason it takes long to restore the power is that to restore the power to section "A" one needs to deliver the amount nearly equal to what the section "A" needs at that specific time and that is a lot of calculatins. Alex
On Sat, 16 Aug 2003 00:25:14 +0200, Iljitsch van Beijnum <iljitsch@muada.com> writes:
On vrijdag, aug 15, 2003, at 23:58 Europe/Amsterdam, alex@yuriev.com wrote:
Amount of energy generated must be balanced with the amount of energy used
at any time. Otherwise Bad Things (tm) will happen. The shutown of the grid is a very good thing compared to what it would have been had it not
shutdown.
It seems to me that the power guys are still living somewhere in the last century. Is it really impossible to absorb power spikes?
I don't know, but at least reading this IEEE Spectrum article: http://www.ece.umr.edu/courses/f02/ee207/spectrum/Grid/ implies that long distance transmission is full of strange and nonlinear effects such as 'reactive power', voltage support, and other technical concepts that made me conclude that there are nasty details that are not widely known. Excerpts follow: Generators at another smallpower plant also tripped. The tripping was due to high reactive power output associated with supporting transmission voltage ** Reactive power sidebar: Reactive power consumption tends to depress transmission voltage, while its production or injection tends to support voltage. Transmission lines both consume it (because of their series inductance) and produce it (from their shunt capacitance). Because transmission line voltage is held relatively constant, the production of reactive power is nearly constant. Its consumption, however, is low at light load and high at heavy load. The variable net reactive-power requirements of a transmission line give rise to a voltage control problem. Generators and reactive-power compensation equipment must absorb reactive power during light load, and produce it during heavy load. In a general emergency, when there are outages and high loading on re-maining transmission lines, those lines consume reactive power that must be supplied by nearby generators and shunt capacitor banks. (Reactive power can be transmitted only over relatively short distances.) If reactive power cannot be supplied promptly enough in an area of decaying voltage, voltage may in effect collapse. Insufficient voltage support may in addition contribute to synchronous instability. --C.W.T. ** Done Later it talks about how ''fast capacitor-bank switching in southern Idaho would have contained the initial 2 July outages.''. It also says something about: ''That August day, though, the power system stabilizers at a large nuclear plant in Southern California were out of service. (Power system stabilization at this location is especially effective because it is near one end of the north-south intertie oscillation mode.)'' I think to really understand the material above one needs to read author's book: _Power System Voltage Stability_ I also think that its hard to appreciate the stability differences between shipping power a few hundred feet and shipping power 1000 miles. It looks like that long-distance shipping is the root cause of the half-dozen major outages over the past 30 years. Why is the northwest getting power 800 miles away in Wyoming instead of putting up their own plant? Also, 'alternative generation' isn't there yet. For instance, from California's wind energy site http://www.energy.ca.gov/wind/overview.html The total output of all 13000 turbines in CA, *together* average only 400MW of unreliable power over the course of a year. Diablo Canyon (nuclear, california) produces five times this so does Jim Bridger (coal, wyoming). After 20 years of effort and subsidies, thats 1% of CA's energy use, and 10% of what was imported today. http://currentenergy.lbl.gov/ca/ Scott
On 15 Aug 2003, Scott A Crosby wrote:
I also think that its hard to appreciate the stability differences between shipping power a few hundred feet and shipping power 1000 miles. It looks like that long-distance shipping is the root cause of the half-dozen major outages over the past 30 years.
Yep. That's why DC power transmission is the way to go. No potentially harmful low-frequency EM emissions, too. --vadim
Load management is actually fairly common here in Ohio in the cooperative electric utilities. Residential users get rebates on heat pumps and water heaters in exchange for allowing the utility to install RF controlled interrupting switches on them. Summer ironically isn't the problem for them, its winter when they want to do peak demand management so as not to ratchet into a higher wholesale demand rate class. My guess is when it shakes out, the failure will be traced to a rather large unit or interconnect tripping offline. Since the load is relatively constant if you look at the time in a short enough period, and you lose a couple hundred MVA of feed onto the grid, the other generation on the grid is going to attempt to absorb it. It works just like a drill, in reverse. If you put a sanding wheel onto a drill and press it into wood, it will drag the drill down. Opposite for generation. Steam is driving the turbine, which is producing power. Throw more load on instantaneously, the rotor will slow down. Now the units can absorb slight variations in load, but 500MVA falling off quickly cannot be instantaneously absorbed. So, the rotor slows down. As it slows down, the frequency drops. When the frequency gets low enough (and we're talking fractions of a Hz), protective relaying kicks in and opens the breaker between the unit and the grid. This compounds the effect, because the 500MVA loss may cause another 100MVA in units to trip off relatively close. Now the grid has 600MVA to absorb and that loads more units down, which drift farther down and they trip, which adds another X MVA to the load and it justs keeps going. Same thing can happen in reverse to when the load is suddenly removed and the unit overruns the frequency. This effect was observed a couple of times for a muni electric I used to work with. They had a tie line to a IOU and when it opened in the summer becuase of lightning, overload, etc, it would trip all their units off line because the tie was carrying inbound on the order of 40% of their load. Interestingly, it had effects on the IOU also, since the muni was consuming watts, but supplying VAR's, trying to help maintain power factor on the IOU system. Units can only produce so many MVA's. MVA = sqrt(MW ** 2 + MVAR ** 2). As reactive loads go up (like AC units in the summer), MVAR's go up. According to the formula, MW production goes down since the unit can only produce so many MVA's (its a nice right triangle, MVA is the hypotenuse, MW is the horizontal and MVAR is the vertical and power factor is the cosine of the angle. With a purely resistive load like a light bulb, PF = 1 since there are no VAR flows there [cos 0 = 1]). They do cheat sometimes and use capacitors or synchronous condensors/reactors (an overexcited motor which looks like a variable capacitor, kind of cool) to try and equal out the power factor. The bite is, Joe Consumer doesn't pay for VAR's, he pays for Watts. But the transmission and distribution system has to account for and carry the VAR flows also. And if you size the lines and forget the VAR flows, in the summer, things can go boom. Everyone whines because of the "antiquated" system. The system worked like it should. It may suck to be without power for 48 hours, but try 18 months if the unit came apart. You don't go to Ace Hardware and buy a new 50MVA steam driven unit. And the nukes tripping off was probably more an artifact of frequency instability on the grid than a problem with the nukes themselves. Coal, gas or nuke, you still have to maintain frequency. As an old EE prof of mine said, the system will seek stability. Seeking may be nice like flow re-distribution, or it may be ugly like the rotor and frame separating. Either way, it ends up stable (albeit maybe in the field next to the plant) ...
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu]On Behalf Of Iljitsch van Beijnum Sent: Friday, August 15, 2003 6:25 PM To: alex@yuriev.com Cc: nanog list Subject: Re: East Coast outage?
On vrijdag, aug 15, 2003, at 23:58 Europe/Amsterdam, alex@yuriev.com wrote:
Amount of energy generated must be balanced with the amount of energy used at any time. Otherwise Bad Things (tm) will happen. The shutown of the grid is a very good thing compared to what it would have been had it not shutdown.
It seems to me that the power guys are still living somewhere in the last century. Is it really impossible to absorb power spikes? We can go from utility to battery or the other way around in milliseconds, so it should be possible to activate something that can absorb a short spike much the same way. Balancing intermediate-term generation/usage mismatches should be possible by simply communicating with users. There is lots of stuff out there that switches on and off periodically (all kinds of cooling systems, battery charging, lights), so let it switch on or off for a few minutes when the power network needs it to.
I think the idea that the power should be always present and always reliable is actually harmful, as it doesn't provide for any "congestion contnrol" by bringing the users into the loop.
On zaterdag, aug 16, 2003, at 05:38 Europe/Amsterdam, Eric Germann wrote:
And the nukes tripping off was probably more an artifact of frequency instability on the grid than a problem with the nukes themselves.
Maybe a stupid question... But what if the huge distribution systems used DC and the whole thing was only converted to AC close to the users in small installations? This would get rid of the frequency problems.
Once upon a time, Iljitsch van Beijnum <iljitsch@muada.com> said:
Maybe a stupid question...
But what if the huge distribution systems used DC and the whole thing was only converted to AC close to the users in small installations? This would get rid of the frequency problems.
Basic physics. To run DC at the power levels required, the "wire" would have to be over 100 feet in diameter IIRC. Look up the Edison vs. Tesla power arguments for all kinds of information on AC vs. DC. This is one of the problems that makes the room-temperature superconductor a "holy grail" research area. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
On zaterdag, aug 16, 2003, at 10:48 Europe/Amsterdam, Chris Adams wrote:
But what if the huge distribution systems used DC and the whole thing
was only converted to AC close to the users in small installations? This would get rid of the frequency problems.
Basic physics. To run DC at the power levels required, the "wire" would have to be over 100 feet in diameter IIRC. Look up the Edison vs. Tesla power arguments for all kinds of information on AC vs. DC.
What are the "required levels"? There is a 600 MW DC sea cable between Sweden and Germany with an outer diameter of about five inches (130 mm).
On Sat, 16 Aug 2003, Chris Adams wrote:
Basic physics. To run DC at the power levels required, the "wire" would have to be over 100 feet in diameter IIRC. Look up the Edison vs. Tesla power arguments for all kinds of information on AC vs. DC.
Edison and Tesla's arguments took place long before switching power supplies and the development of insulating materials capable of withstanding hundreds of kilovolts. The size of the conductor is a function of IR losses. Losses are a function of the resistance of the conductor and the current passing through it. By raising the voltage, the current drops proportionally for the amount of power delivered, and hence the conductor size also drops. The problem in the Edison/Tesla days was a practical way to convert high voltage DC to low voltage (120 volts or so) power for distribution to homes and businesses. 200KV light bulbs and switches are kind of impractical for home use. :-) The advantage of AC is that a simple transformer can be used to step down the voltage from transmission to distribution levels. Before high voltage semiconductors and switching supplies, high voltage DC transmission was useless as there was no practical means to convert it to the lower voltage levels useful in homes. Rotary motor-generator sets would have been the only choice. Huge, not very efficient, lots of (big) moving parts. Not trivial to maintain. AC still makes sense for distribution, but HV DC transmission lines are becoming the norm. Think about some very large SCRs and associated parts to convert to AC for distribution. -- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Speaking on Deep Background, the Press Secretary whispered:
AC still makes sense for distribution, but HV DC transmission lines are becoming the norm. Think about some very large SCRs and associated parts to convert to AC for distribution.
For several reasons.... You must size the equipment inc. insulators for the peak voltage (plus whatever safety factor, of course...). With DC, the peak voltage is by definition equal to the RMS [Root-Mean-Square] voltage [0]. For sinosoidal AC there's this SQR 2 factor you must throw in. Thus, given a line insulated with say 18" insulators, you can run a higher DC voltage and thus carry more power. Secondly, there are AC capacitive losses. Power lines, especially buried ones, have some capacitance to ground & each other. In a AC system, that's a loss; in a DC it's actually storage... If you walk under a 132/354KV line on a humid day, you can hear the hum. If you hear it, it's wasted energy. But a very important reason for choosing DC is a good NANOG term: Asynchronous. With a long AC line, both ends must be exactly in sync. Phase differences actually control which end is the source, and which the load. [I can remember Prof. Klingshirn proving this on the blackboard but no way would I go any deeper than this..] So you end up with some REALLY nasty non-linear effects that resemble trying to use an screen editor over a slow link with both variable latency and severe packet loss. The difference is, here things blow up like an Irwin Allen set; instead of just turning "Hello World" into "^H%$^&%EBBFFSJJS" When things get more out of phase, cutouts trip to CYA. If they don't trip fast enough, really big expensive rotating machines compensate for that by breaking loose from the floor and playing pavement roller. And if they trip, the lights go out. Do you wait 150 ms and see if things quiet down, or save your hide by jumping ship? It's more like paying poker than blackjack. DC solves the whole phase issue: the energy direction is a voltage difference function, not phase. That's why it's used to bridge different power grids. But the price is larger initial costs. DC makes circuit breakers (interrupters) far harder to build than AC. You need massive SCR banks and diode arrays; they have their own losses inherent in their operation. Further, we have many decades of engineering experience with HV AC and far far less with +100KV DC. Lastly there is separate major major non-engineering issue. Up until recently, the national grid sorta resembled the pre-84 Bell System. Sure there were separate companies but they were not in direct competition with each other. Now it's almost like our telecom/peering backbone system, and you have the same economic Prisoners Dilemma. While it might, in a dispassionate stability analysis, make the most sense to dump all of the NASA Pathfinder traffic onto {say} AGIS or PSI and let them eat it; they will likely disagree and do the opposite. Retail suppliers like ConEd or PEPCO clearly want to buy the cheapest power whenever they can [1], and sell it to their users. But to get it to DC from Canada, it must transit lines now owned by a third party, who wants to move the most they can (and thus get paid the most, of course..) and thus runs them as hard as they can. Harder == less slack to handle a sudden change, be it from your load, or a Disturbance In The Force somewhere 750 miles away. Just as security is the opposite of efficiency; stability and redundancy are the enemies of maximum profit. So where's the bright line set? Good Question [TM]. Maybe those Y2K/Montana Milita types are right; get off the grid anyhow because the flouridation of the network is a massive Commie^^H^H^H^H Saudi^H^H^H Freedonian plot. I donno. I do know it is not going to get better, and any White House program to "fix the problem" will make it 3x as bad. [1] and they likely buy it from a broker/reseller like Enron, further muddying the waters.. [0] VRMS is the AC voltage that if you run it though a resistor, you get the DC-equal watts of heat. Take 10v DC and and a one ohm resistor, and you get 100 watts. Same for 10 V RMS as well. Not the same for 10 VAC "average" "peak" "peak-to peak" or whatever -- they'll all differ with waveform. In fact only really accurate VRMS meters used to be lab-precision resistors and calorimeters. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
I just thought of a better analogy. The goal of almost any aeronautical engineer is to build a plane that has good positive stability; you let go the stick and it reverts to stable, level flight. The reality of the power system more resembles the V22 Osprey, or the Shuttle 'flying' on final approach. One minor wrong move and you soon become a pile of burning composite on the ground. Both "fly" at all because they have significant flight control hardware+software to ..mimic.. that stability. But mimic is the best as you can get. Newer, better mimickry is still mimickry. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
http://www.hydro.mb.ca/our_facilities/ts_nelson.shtml ----- Original Message ----- From: "Chris Adams" <cmadams@hiwaay.net> To: <nanog@merit.edu> Sent: Friday, August 15, 2003 10:48 PM Subject: Re: East Coast outage?
Once upon a time, Iljitsch van Beijnum <iljitsch@muada.com> said:
Maybe a stupid question...
But what if the huge distribution systems used DC and the whole thing was only converted to AC close to the users in small installations? This would get rid of the frequency problems.
Basic physics. To run DC at the power levels required, the "wire" would have to be over 100 feet in diameter IIRC. Look up the Edison vs. Tesla power arguments for all kinds of information on AC vs. DC.
This is one of the problems that makes the room-temperature superconductor a "holy grail" research area.
-- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
http://www.hydro.mb.ca/our_facilities/ts_nelson.shtml
----- Original Message ----- From: "Chris Adams" <cmadams@hiwaay.net> To: <nanog@merit.edu> Sent: Friday, August 15, 2003 10:48 PM Subject: Re: East Coast outage?
Once upon a time, Iljitsch van Beijnum <iljitsch@muada.com> said:
Maybe a stupid question...
But what if the huge distribution systems used DC and the whole
On Saturday 16 August 2003 03:58 pm, Having folded space, the Third Stage Guild Navigator said: thing
was only converted to AC close to the users in small installations? This would get rid of the frequency problems.
Basic physics. To run DC at the power levels required, the "wire" would have to be over 100 feet in diameter IIRC. Look up the Edison vs. Tesla power arguments for all kinds of information on AC vs. DC.
Huh ? Where in the physics of ohms law is Hz a factor ? Having lived off the grid, where systems are often at max 48v, yes the wires have to be several 0's of gage to carry the lagre amperages. Much the same in A/B DC legs in a colo. Up the volts and the amps go down to produce the same power (watts or work). I am a little rusty on this one, but I seem to remember that AC travels only on the outside skin of the wire but DC uses all the wire.
hackerwacker@tarpit.cybermesa.com wrote:
I am a little rusty on this one, but I seem to remember that AC travels only on the outside skin of the wire but DC uses all the wire.
"Skin effect" is only significant at high frequencies (lots of megahertz and up). At 60hz it can be ignored.
Chris Adams wrote:
Basic physics. To run DC at the power levels required, the "wire" would have to be over 100 feet in diameter IIRC. Look up the Edison vs. Tesla power arguments for all kinds of information on AC vs. DC.
This was under the assumption that the transmission line was at the same voltage as the end-user, because there were no good DC-DC voltage converters in that day. And a few bazillion amps at 120V needs a really fat wire. There's no significant wire size difference between a DC and AC line at the same ampacity. Voltage conversion is the key. _If_ you can do it, then transmission isn't a problem.
Once upon a time, Chris Lewis <clewis@nortelnetworks.com> said:
Chris Adams wrote:
Basic physics. To run DC at the power levels required, the "wire" would have to be over 100 feet in diameter IIRC. Look up the Edison vs. Tesla power arguments for all kinds of information on AC vs. DC.
This was under the assumption that the transmission line was at the same voltage as the end-user, because there were no good DC-DC voltage converters in that day. And a few bazillion amps at 120V needs a really fat wire.
To the many that (properly) corrected me: yes, this is what I was thinking about (well, that and the server I was restoring at the time). I wasn't aware that there are high voltage DC long-haul lines that then are converted to AC for local distribution. -- Chris Adams <cmadams@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
I wasn't aware that there are high voltage DC long-haul lines that then are converted to AC for local distribution.
Another use for HVDC is to isolate transmission networks. Hydro Quebec uses Back-to-Back High Voltage DC conversion equipment at its interconnection points with other transmission networks such as the New York, Vermont and Mass. transmision networks. The HVDC interconnection removes frequency synchronization as a concern at the interconnect and allows much simpler protection and control implementations as there are less electrical properties to consider/monitor/manage at the HVDC interconnect point. Perhaps the H-Q interconnect design is one of the reasons that H-Q was unaffected by the blackout. Conversely, the "Lake Erie Loop" is an example of a richly meshed ring with multiple paths. when synchronized, flow on the mesh/ring is a function of voltage. To import power into a grid you lower the voltage slightly, to export power you raise the voltage slightly. AC Syncronization across the interconnect can limit power transfer capability. Out of sync condition causes the interconnect to be reactive with current peaks leading or lagging voltage peaks. Phase Angle Regulators (PARs) are transformers with phase shifting capabilities. They are often used at AC interconnect points to manipulate the synchronization to optimize power transfer. -Randy
Speaking on Deep Background, the Press Secretary whispered:
Maybe a stupid question...
But what if the huge distribution systems used DC and the whole thing was only converted to AC close to the users in small installations? This would get rid of the frequency problems.
True, and it's done. There are two very large DC lines in use: The Pacific Intertie, from Washington State down to Califunny A line from the Great Frozen North down to Minnesota. There's also a short tie between 2 grids; I think it strattles the Mississippi but I don't recall for sure. DC has multiple advantages, but they don't shine through until the line gets large and long. There are fixed losses in the AC->DC and DC->AC conversions you need to make up for. Plus, it's only in the last decade or so that we've had the power semiconductor technology to do the conversions well. But we've been doing AC lines for eons, so there's considerable inertia. -- A host is a host from coast to coast.................wb8foz@nrk.com & no one will talk to a host that's close........[v].(301) 56-LINUX Unless the host (that isn't close).........................pob 1433 is busy, hung or dead....................................20915-1433
David Lesher wrote:
True, and it's done. There are two very large DC lines in use:
The Pacific Intertie, from Washington State down to Califunny
A line from the Great Frozen North down to Minnesota.
IIUC, after the ice storm's enormous damage Hydro Quebec replaced their interconnects with the rest of the grid (primarily New York and Ontario) with a "DC buffer". Made it much easier for them to disconnect without harm from the melt-down. They're already exporting power to both New York and Ontario to help them get back up.
My guess is when it shakes out, the failure will be traced to a rather large unit or interconnect tripping offline.
It will be traced back to a huge branch from a huge tree that fell and took down a couple of transmission lines which then melted the road in a fairly expensive neighborhood in northeastern ohio. That started a chain reaction because it was too big a ripple. Geo.
On Thursday, 14 August 2003, at 23:13PM, David Lesher wrote:
I'm no power engineer but I do not envy them. Can YOU build an equal size TCP/IP network with the added requirement that you never drop any more than say one or 2 bits/hour?
Perhaps the lesson to learn is that very large networks don't always lead to very high stability. A much larger number of smaller, more autonomous generation and transmission facilities might have much more reasonable interconnection requirements, and hence less wide-ranging failure modes. Seems to me, if more consumers were opportunistic generators (fuel cells, solar cells, wind turbines, whatever) the islands formed during interconnection failures would have far more accurately-matched supply and demand, and failures would stand a much better chance of having only local impact. Joe (battery and GPRS powered, still)
For good or bad, we in Alaska are not on a national grid. As it's staying light still till around 9 or 10:00pm, and it's cloudy and not 85 like it was last week, it would not have bothered us as much. FERC & NERC are surely going to more active now. Dee On Thu, 2003-08-14 at 16:18, JC Dill wrote:
At 02:03 PM 8/14/2003, K. Scott Bethke wrote:
http://www.cnn.com/2003/US/08/14/power.outage/index.html
Looks like we lost the Niagara-Mohawk power grid
This looks pretty much like the same thing that happened (one failure causes cascading switch failures as the power overloads adjacent switches, taking down the whole grid) when the Pacific InterTie went down in the summer of 1996:
<http://www.cnn.com/US/9607/02/blackout.final/> <http://www.ece.umr.edu/courses/f02/ee207/spectrum/Grid/>
Am I the only one who is surprised that here we are now - over 7 years later - and the electric grid industry still hasn't found/implemented a design fix for this problem? What does the FERC and the DOE do anyway? Do they just "regulate" prices? (Yeah, they did such a good job with E! and we in California will be paying for it for many years to come.) I kinda thought the whole point of having federal departments and commissions to oversee energy was to assure the country of a *reliable* energy system...
jc
JC Dill wrote: [snip]
Am I the only one who is surprised that here we are now - over 7 years later - and the electric grid industry still hasn't found/implemented a design fix for this problem? What does the FERC and the DOE do anyway? Do they just "regulate" prices?
To see what FERC does, http://www.ferc.gov/about/ferc-does.asp As for what the DOE does, it's primary function is and has always been the production and maintenance of the United States's nuclear weapon arsenal. FERC is pretty much the only part of it that deals with the nitty-gritty of commercial power and energy regulation. See, http://www.doe.gov/engine/content.do?BT_CODE=ABOUTDOE http://www.doe.gov/engine/content.do?BT_CODE=AD_O
(Yeah, they did such a good job with E! and we in California will be paying for it for many years to come.) I kinda thought the whole point of having federal departments and commissions to oversee energy was to assure the country of a *reliable* energy system...
Yes and no. The USian approach is to regulate, not dictate, as subtle as that difference may be. -- Crist J. Clark crist.clark@globalstar.com Globalstar Communications (408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com
At 01:31 PM 8/14/2003 -0700, Aaron D. Britt wrote:
I just lost 80 circuits (Voice and Data), across multiple states on the East Coast in the last 10 minutes. Is there a Northeast power outage or fiber cut that anyone knows about?
CNN speaks: Major power outage hits New York, other large cities Thursday, August 14, 2003 Posted: 6:28 PM EDT (2228 GMT) NEW YORK (CNN) -- A major power outage simultaneously struck dozens of cities in the United States and Canada late Thursday afternoon. http://www.cnn.com/2003/US/08/14/power.outage/index.html
At 12:07 PM 8/14/2003, Eric A. Hall wrote:
on 8/14/2003 9:29 AM Sean Donelan wrote:
John Markoff reports in the New York Times that Microsoft plans to change how it ships Windows XP due to the worm. In the future Microsoft will ship both business and consumer verisons of Windows XP with the included firewall enabled by default.
Wouldn't it make more sense to ship with all of the services disabled?
I mean, if the role of the firewall is to block packets to weak services, wouldn't it be simpler to just disable the damn services since they aren't going to be usable anyway?
Ah, no. There are many services that ARE useful on the local machine, which may not need to listen to the outside world in all configurations. While I think the intent of your question was reasonable, the better way to phrase it would be: "Wouldn't it make more sense to ship products with services listening only on loopback interfaces, rather than listening on all interfaces?" The same exact issue applies to every operating system. Indeed, some vendors are dealing with this well. RedHat changed the default configuration of sendmail in RH9 to listen only on 127.0.0.1. The user can change that to listen to the outside IF the machine in question has a need to listen (i.e. it really was intended to me a mail server). This approach is to be commended, and should be followed for other services that may be necessary to run on a local machine, but which need not be reachable from outside the machine.
At 10:29 -0400 8/14/03, Sean Donelan wrote:
John Markoff reports in the New York Times that Microsoft plans to change how it ships Windows XP due to the worm. In the future Microsoft will ship both business and consumer verisons of Windows XP with the included firewall enabled by default.
Not being an XP user I haven't confirmed this personally, but I'm told that when an XP box with the latest updates/packs/whatever has IPv6 turned on, the included IPv6 "firewall" is automatically enabled with all inbound connections blocked. Apparently this change was made when they started including the p2p kit. I did recently see a case where an XP machine refused to answer IPv6 pings, and suspect that this was behind it. . . Bill.
participants (41)
-
Aaron D. Britt
-
alex@yuriev.com
-
Bill Owens
-
Chris Adams
-
Chris Lewis
-
Crist Clark
-
Daniel Senie
-
David Lesher
-
Dominic J. Eidson
-
Eric A. Hall
-
Eric Germann
-
Fred Baker
-
Geo.
-
Greg Maxwell
-
hackerwacker@tarpit.cybermesa.com
-
Iljitsch van Beijnum
-
Jay Hennigan
-
JC Dill
-
Joe Abley
-
John Kinsella
-
K. Scott Bethke
-
Larry Snyder
-
Lloyd Taylor
-
Matthew Watkins
-
Michael Painter
-
Mike Tancsa
-
Omachonu Ogali
-
Randy Neals (ORION)
-
Ray Bellis
-
Richard Cox
-
Robert Cannon
-
Scott A Crosby
-
Scott Bradner
-
Scott McGrath
-
Sean Donelan
-
Shawn Morris
-
Terry Baranski
-
up@3.am
-
Vadim Antonov
-
Valdis.Kletnieks@vt.edu
-
W.D. McKinney