Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Ask Slashdot: What Should Every Programmer Read?

ech3 Secrets of Consulting (352 comments)

The Secrets of Consulting: A Guide to Giving and Getting Advice Successfully by Gerald M. Weinberg
It has a lot of little anecdotes that help you recall concepts of how to manage your own time. Things like Rudy's law of Rutabaga stick with me even though I haven't picked up the book in a while. I read this book based on someone's recommendation on /. a long time ago, and I am glad I did.

about 9 months ago

First Bionic Eye Gets FDA Blessing

ech3 The eyes are not enough (42 comments)

I saw a program a while back interviewing an author about a book called "Crashing Through", where the main character looses his sight when he is very young, and then has it restored to him later in life. The problem was that because his brain had not learned to interpret the signals coming from it, he was unable to get "Normal" vision. From what I remember of the interview, a lot of people who have been in a similar situation get very depressed because they know their vision will never be restored and they are overwhelmed by the amount of new and useless info their brain is receiving.

about 2 years ago

Security Focus on Cable Modem Uncapping

ech3 Re:Say what? (489 comments)

The DOCSIS 1.1 spec introduces Service flows, which were not part of the 1.0 spec, they allow voice in that you can lock up bandwidth with more flavors of QoS than I really want to think about. With DOCSIS 1.1 you can use the Downstream Maximum Sustained Rate as defined in Section C. of the DOCSIS 1.1 RFI (www.cablemodem.com) to limit users to a specified Bandwidth. Once this is used the CMTS ( for people not in the industry read: the head end unit that talks to the cable modem) must enforce upstream grants instead of the modem, and hacking a CMTS is a MUCH bigger task. Now, of course if you have a DOCSIS 1.0 modem on a 1.1 plant you have to use CoS to provision the modem, or else the modem will most likely freak out. How the hackers uncap is they have to find vulnerable firmware (which the MSO(read: Cable Company)s could probably upgrade and fix this problem) which downloads its tftp file through the ethernet link. This is a vulnerability that should really be closed, but might be useful useful in a development enviornment. However if you try to spoof the bandwidth settings with a DOCSIS 1.1 CMTS you will have a record within the CMTS of the bandwidth settings, and it will be near impossible to spoof the connection speed so that the MSO won't be able to see it. You also have to remember that when someone steals bandwidth it really screws up everyone else on that upstream, since the resource planning (if existant) for the upstream bandwidth gets shot to hell.

This ability to control bandwidth is one of the main advantages of DOCSIS 1.1, however since many MSOs do not utilize such features as the CMTS-MIC authenication string, new firmware, SNMP v3, or Baseline privacy, it is no wonder that things like uncapping occur. Heck we all know better than to not install security patches for programs, upgrading firmware on modems is no different. In addition since there are so many modems out there that are DOCSIS 1.0 only, the only real thing pushing DOCSIS 1.1 is VoIP solutions (read: an extra $30/voice line/month for an MSO). However with the presence of CBR solutions in the marketplace and the momentum behind them and the cutting edge nature of VoIP (read expensive deployment cost / very few large vendors with DOCSIS 1.1 capable CMTSs/CMs) it will take a while before DOCSIS 1.1 becomes deFacto and uncapping becomes more a thing of the past.

more than 12 years ago


ech3 hasn't submitted any stories.


ech3 has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?