Slashdot Mirror

← Back to Domains

Domain: geocities.com

Stories and comments across the archive that link to geocities.com.

Comments · 8,978

  1. Sorry...REJECTED! by Commienst · · Score: -1 · on First 3D Simulations of Complete Nuclear Detonations

    Dear Troll,

    We are sad to inform you that, after careful consideration , we have rejected your troll submission to the Troll Library.

    You show a a poor skill at trolling. Please go read Troll Howto, and try again. Either that, or stick to adequacy.

  2. Vikings in North America by knuth · · Score: 2 · on Chinese Explorers 'Discovered America'?

    marjine says,

    the Vikings never made it past "new found land"

    Depends who you ask. Some people believe that the "Vikings" (actually, a fourteenth-century band of Goths and Norwegians) made it as far inland as west central Minnesota.

    Look up the Kensington Runestone. This is controversial, however; some people think it is a hoax.

  3. Re:498 million seems like so much... by sporktoast · · Score: 2 · on Online Population now Half Billion

    More like just around 8%, meaning there's over 5.5 billion people left.
    And growing.

    We'd better hurry up and find those 4 additional Earths, so there can be enough natural resources for everyone to be able to get online!

  4. Dear troll, by Commienst · · Score: -1 · on Linuxcare Founders Go Wireless

    Dear Troll,

    We are sad to inform you that, after careful consideration , we have rejected your troll submission from the Troll Library.

    You show a a poor skill at trolling. Please go read Troll Howto, and try again. Either that, or stick to adequacy.

  5. Sexual Problems by Metrollica · · Score: -1, Troll · on Anti-anti-cd-copying Legislation?

    I am having problems maintaining an erection. Do you think a cock ring and some porn would help?

  6. Greetings. by Anonymous Coward · · Score: 5, Informative · on Xft Hack Improves Antialiased Font Rendering


    Here's another mirror. Sorry about those stupid ads.

    I also want emphasize one thing that I say on the website. I can't take a whole lot of credit for the improvement. For sure, the freetype project and Keith Packard, author of XRender and Xft did all of the hard work. I just tweaked a few settings (adjusted glyph proportions and turned off hinting).

    David Chester

  7. Difference in the polls by Special+Ed · · Score: 1 · on Lots of Ice On Mars

    I could be wrong (and please feel free to correct me!) but there is a pretty big difference between the northern and southern hemispheres on Mars.

    The northern hemisphere is much lower. A hypothetical ocean on Mars would cover much of the northern hemisphere while leaving the south high and dry.

    Also the polls themselves have different amounts CO2 ("dry") ice.

  8. Civilian? by Rand+Race · · Score: 2 · on Open Source Intelligence

    CNN has been caught employing CIA agents and many accuse the CIA of employing CNN reporters.

  9. Re:BIG banner ads by SweetAndSourJesus · · Score: 0 · on Open Source Intelligence

    looking good from here

  10. Cold fusion was BS by Jesse+Duke · · Score: 2, Insightful · on Table Top Fusion Courtesy of Tiny Bubbles
    When The University of Utah came out with the cold fusion story, it was at best bad science, at worst a scam comparable to the memory of water, to get funds or to serve some industry's interests.

    I believe that anything related to tabletop fusion coming from Pons and Fleischmann should be treated with the highest circumspection, bearing in mind that those two might have an agenda. I doubt very much top-class scientists around the world would have been trying to build Tokamaks at the cost of billions of dollars, and been through so much frustration with them, if it was even remotely possible to do fusion with a pyrex full of deuterium and a paladium electrode in a second grade lab in Utah.

    So, even though there is an infinitesimal chance that P. and F. have stumbled on something legit and promising, there a much greater chance that they're crooked scientists, and an even greater chance that they're just plain crackpots.

  11. Re:It's our own fault... by belgar · · Score: 1 · on Disney Blames Apple For Music Piracy
    This whole problem is a result of bad word choice by the folks that coined the term for digital audio extraction. If they would have called it "extraction" or "transformation", Disney wouldn't be able to criticize Apple this way.

    So now the advertising line would be "Transform. Mix. Burn." Would that make me Soundwave?

    What bitrate does he encode at, anyways?

  12. Re:Asia Problem by mccalli · · Score: 1 · on Looping E-mails Beat The Net Down
    ...but at least they speak English, lah

    You very bad lah. So can cannot?

    Cheers,
    Ian

    (More Singlish here.)

  13. Re:Grokster w/o spyware by Constrain_Me · · Score: 4, Informative · on Morpheus DOS'd and Moving to Gnutella

    Since you mentioned it... here's Clean LimeWire Limewire without Spyware.

    features include
    * No spyware, trojans, or viruses
    * No advertisements
    * Bleeding edge core LimeWire components
    * LimeWire setup window during first launch for optimum performance
    * Small installer size (Clean LimeWire=2.1 MBs vs Official LimeWire=3.8 MBs)
    * Clean, friendly installation
    * No registry entries
    * Simple uninstaller included
    * Fully compatible with official LimeWire release.
    * Tested for compatibility within the new Windows XP operating system
    * Fixed several bugs: German install compatibility (includes other countries now, too), improved LimeWire execution, corrected desktop icon, failure of LW to minimize to system tray, & more.

  14. Re:klerck talks page widening posts by RMSIsAnIdiot · · Score: -1, Offtopic · on Jef Raskin Talks Skins

    do you even fucking realize that the slashdot editors, whether you know it or not, are encouraging page widening posts? since they all use that piece of monkey shit mozilla under linux they are not affected. you are making life bad for the rest of us. fuck off.

    that is all.

  15. Other ways to stream video on linux? by gigi · · Score: 1 · on Windows Media Player in Linux

    I'm trying to find ways to stream video, without relying on the wine library. I am looking for video players that run on linux, ideally embedded linux with framebuffer (without XFree86).

    XINE: I saw that Xine should do that, but when I run it, the open menu cannot open anything besides local files. here is the link for Xine's MMS plugin: MajorMMS

    OGG TARKIN is not even started yet.
    3iVX: anyone using their protocol/codec?
    AVIFILE and MPLAYER - do you know if they can play back video streams aside from crazy ideas such as this asfrecorder-mplayer hack?
    And any users of linux4TV codecs?
    Thanks for any help - gigi

  16. Re:Just like a car.. by guttentag · · Score: 2 · on Who Is Liable For Software With Security Holes?
    Software bugs cost money to fix. Car bugs kill people. The tobacco industry gets sued because they kill their own customers, but I don't think software companies do the same.
    So you're saying we should wait until Windows starts killing people before we can sue Microsoft?

    "At first I wondered why I needed to register my toaster with Windows XP, but the computer wouldn't let me on the Internet until I brought it the toaster! Things were fine for a while, until someone hacked into my computer and took control of my toaster! I tried to sue Microsoft, but the courts ruled that Windows didn't kill my boy, the TOASTER did!"

  17. Re:interesting by russellh · · Score: 1 · on T-Rex A Slow Mover
    I find it interesting how much of hollywood tries to portray dinosaurs as savage beasts.

    it's a good guess, if you've seen salt water crocodiles (sorry about the geocities link)

  18. Re:what's the attraction by Sexual+Asspussy · · Score: -1 · on Legal Analysis Critical of Blizzard v Bnetd

    Hey Sexual Asspussy, I've always wanted to know: what's the attraction of your particular lifestyle (so to speak)? Why do you troll? What's the aim?

    i started trolling slashdot when i noticed that the trolls were the only people posting comments i enjoyed. i troll mainly because it makes me giggle.

    Also, how the hell do you manage to post so much? What do you do with your time?

    sheesh, i've posted 184 comments since i created the account last summer. that's really not all that many, especially considering that there were bursts of 10 or 20 per article. even when you factor in the posts from my other accounts i'm not posting unreasonably.

    and really, how much time does it take to post one-line bullshit?

    thanks for the support; emad spends even more time at interstate rest stops than he does on IRC.

    8==D( * )sexxxualasspussy

  19. More Windows Media by Anonymous Coward · · Score: 1, Informative · on Windows Media Player in Linux

    There's lots of windows media options in Linux now, it seems. Xine has a windows media streaming plugin that doesn't work so hot for me, but it works, and it's native linux. I've never been able to get the codeweaver stuff to install on my machine without crashing halfway, and it makes me nervous as hell when those microsoft installs take over my machine. Onward, majorMMS!

  20. First Widener!!! by CmderTaco · · Score: -1 · on Building Linux Virtual Private Networks
    .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't --
    - Marco     Share twitter facebook linkedin
  21. 10th post (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:35AM (#3077644) I claim this early post for JinWicked! Share twitter facebook linkedin
  22. Is it as good as New Riders' MySQL book? (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:36AM (#3077649) New Riders' MySQL book is mighty fine; if this is half as good it'll be worth reading Share twitter facebook linkedin
  23. ep (Score:-1) by bitchslapboy ( 193543 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:37AM (#3077652) Homepage This early post for Ida! --

    Slashdot - contra bonos mores Share twitter facebook linkedin
  24. first dead penis bird (Score:-1) by neal n bob ( 531011 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:38AM (#3077655) Homepage Journal man this site really, really sucks. Hardly makes it worth mentioning that you can kiss my grits. Share twitter facebook linkedin
  25. What's complicated about FreeSWAN? (Score:4, Interesting) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:39AM (#3077660) They have excellent documentation and they keep the documentation trees for older versions online. Installation is as complicated as running a skript and installing the recompiled kernel, if even that. I guess it never hurts to have more documentation, but saying that IPSec is "a difficult beast to ride" produces more awe than necessary. Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:45AM (#3077703) Overrated, maybe. But redundant? Parent Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:5, Insightful) by Starship Trooper ( 523907 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:49AM (#3077724) Homepage Journal What's complicated about FreeSWAN?

      Well, a LOT. Not if you're deeply involved technically in the project, but if you back out and take the perspective of someone who's never used a VPN, plenty.

      A lot of people don't even think about the fact that there's a separate protocol field in IP, or that people run any IP protocol but UDP or TCP. Getting 50/51 through your existing firmware firewall can be a real trick. FreeSWAN requires you to be able have the GNU Multi-Precision library installed for the crypto calculations before you compile it. Unless your distro can with FreeSWAN, you have to recompile your kernel with modifications.

      And, like many tools, there's no single graphical GUI; unlike SAMBA's excellent SWAT, there's nothing to lead you to ipsec.conf or ipsec.secrets. There's a LOT of reading to be done.

      Ok, so, for you or me, it's easy. Maybe a day of reading tops. But compare that to the commercial world where an application must install and be configured from a GUI in a few hours, and FreeSWAN is... nearly a toy. It's unusable in a business environment. As soon as you say "compile", a CTO is going to turn down your volume.

      It's cool, but don't call it uncomplicated. That's part of it's coolness (-;

      --
      Loneliness is a power that we possess to give or take away forever Parent Share twitter facebook linkedin
      • Re:What's complicated about FreeSWAN? (Score:3, Insightful) by smcavoy ( 114157 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:30AM (#3077979) I use Freeswan in a production environment. I have Embedded Linux routers using freeswan connecting to Linux boxes. They VPNs are relatively simple, 2 outgoing connections to central
        systems. I did find there was a large learning curve at the beginning, but now it takes 5 min to setup a new vpn tunnel. The systems have been extremely reliable. I've never had a problem (other than net congestion) with keeping the tunnels up. A lot of the tunnels have 80+ days of uptime. As for compiling, most modern distros include IPSec (trustix, mandrake, etc.) or there are options like Astaro. Having a CTO "turn down your volume" based on the fact that you have to compile software, doesn't say anything about the quality or reliability of the software, that's a personal decision by CTO not to use OSS. I do agree it's not point and click, and that would be nice, but to say it's unusable in a business environment is just untrue. It's not pretty but it works, and works well. Parent Share twitter facebook linkedin
      • Re:What's complicated about FreeSWAN? (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:54AM (#3078169) How right you are. As a system admin that has always used windows or dos. I am tring to change. I want to start using some Linux servers here, but one of the things that I want to use is free/swan. It does seem great, but as a 1 person IT department I have not found the time that I need to read and understand the documentation on swan. Do I want a GUI Heck yes. Do I still want access to the .conf file Heck yes. These problems are around a lot in the Linux community. The people that have always used linux do see it as hard and some dont want us new people to whine because it is not "dumb down", but on the other hand they want all of us to switch to it. I dont want to do away with the command line at all. I love it for a lot of what I do, but when I want to make changes or try out some new tools I dont want to have to spend 1-2 days reading ALL the docs just to know where to start. Just my 2 cents.
        Let the flames begin!!!! Parent Share twitter facebook linkedin
        • Re:What's complicated about FreeSWAN? (Score:3, Insightful) by disappear ( 21915 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:03AM (#3078246) Homepage
          one of the things that I want to use is free/swan. It does seem great, but as a 1 person IT department I have not found the time that I need to read and understand the documentation on swan. Do I want a GUI Heck yes.

          With security software in general, and VPN software in particular, that's a very, very dangerous attitude: a GUI may fool you into thinking that you understand what's going on when in reality you haven't a clue. With most software, that's not an issue, but with security software, that can compromise the very goal you're trying to achieve.

          I dont want to do away with the command line at all. I love it for a lot of what I do, but when I want to make changes or try out some new tools I dont want to have to spend 1-2 days reading ALL the docs just to know where to start.

          How many days do you want to spend cleaning up after a security incident that occurred because the GUI let you get away without spending two days reading documentation? How much time will you save in the long run if every time you save two days reading documentation you spend three days cleaning up?

          (We lose money on every item --- but we make it up in volume!)

          Parent Share twitter facebook linkedin
          • Re:What's complicated about FreeSWAN? (Score:1) by BeNude ( 28969 ) writes: Alter Relationship on Wednesday February 27, 2002 @11:15AM (#3081147) Homepage I would disagree with you about the usefulness of a GUI to implement VPN's or firewalls.

            First of all, a GUI interface, if it is well-designed, can provide every bit as much control over the underlying security behavior of a firewall as any command-line interface. Furthermore, a GUI allows an administrator to spend less time trying to deal with syntax, etc., and more time on building a ruleset that is secure.

            Someone who has done the reading and understands how firewalls and VPN's work will appreciate a GUI because of this.

            For those who don't fully understand how firewalls and VPN's work, a GUI at least provides a reasonable learning environment and early attempts at a ruleset will probably more secure anyhow. :)

            Parent Share twitter facebook linkedin
        • IANACLB (Score:4, Interesting) by hey! ( 33014 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:21AM (#3078804) Homepage Journal IANACLB (I Am Not a Command Line Bigot), but doing better than a CLI interface in an area like this is a tall order. It's not something you can just slap onto the product in a few days (as most VPN box configuration GUIs I've seen appear to be).

          The problem with the GUI interfaces I have seen is that they really don't give you any effective conceptual support. You have to figure out the topology and requirements of your network, then you do this bit of intellectual gymnastics that turns these global requirements and properties into settings for each individual box, THEN you sit down at your GUI. At that stage, the GUI can have very little benefit, since you are talking about a half dozen relatively simple commands you need to type in. In fact, typing them in means you can keep them in a little word processor file and send them to the box over and over again with little changes -- good for setting up multiple boxes or for playing around with a single box you are repeatedly pin-resetting.

          To really help a person like you who doesn't have time to bone up on every box you are working with, what you really need is something that is kind of a cross between a network management system and a CAD system. You would sketch out your network, and drop little dollops of distinctively colored "paint" on each network or host that needs to participate in some virtual network. The system would then output configurations to download to each of the participating firewalls or hosts.

          A GUI that just configures and individual box does practically nothing for you.
          --
          Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure. Parent Share twitter facebook linkedin
      • Where to get Freeswan packages for Red Hat (Score:2) by Nailer ( 69468 ) writes: Alter Relationship on Wednesday February 27, 2002 @10:47AM (#3080965) Unless your distro can with FreeSWAN, you have to recompile your kernel with modifications.

        Non-US distributions like SuSE and Debian can include Freeswan in their list of apps. US based ones like Red Hat can't. But some lovely fellows at Steambaloon (a Linux security consulting firm - no, I work for someone else) produce source and binary packages of the original and updated Red Hat kernels (with the AC patches, extensive testing, and old 2.4 VM) with Klips, the kernel level part of ipsec, compiled in.

        Parent Share twitter facebook linkedin
      • How stupid is the CTO? (Score:1) by SharpNose ( 132636 ) writes: Alter Relationship on Wednesday February 27, 2002 @11:21AM (#3081178) Journal Let's see: provided I know FreeSWAN, I can grab a machine and start setting it up immediately. If I want to get something commercial and very expensive, I have to fill out how many forms, get approval from how many people, wait for it to get ordered how long? Exactly where are you starting your clock when you say "configured from GUI in a few hours?"

        Parent Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:3, Interesting) by LWolenczak ( 10527 ) writes: Alter Relationship <julia@evilcow.org> on Wednesday February 27, 2002 @04:25AM (#3077934) Homepage Journal The FreeS/WAN people don't document everything that you can do with frees/wan. Its very neat when you get down to the point where your playing with dozens of tunnels confiugred every which way.

      One of the things that they don't tell you how to do, i guess so they don't get asked questions, is how to put gre traffic inside of an ipsec tunnel and make it work right. Also, it seems to have slipped by that you CAN make two linux 2.4 secure gateways talk to each other over the ipsec tunnel.

      I have a couple samples of some of the neat things I have done at http://lwolenczak.net/ipsec.html Parent Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:3, Interesting) by Etyenne ( 4915 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:40AM (#3078498) Complicated thing with FreeSWAN :

      - Client behind NAT

      - Left/Right side nomenclature really confuse me; they could have used "peers" or client/server, I don't know

      - Recompiling kernel; easy if you have a single box, quite hard when you manage 30+. Plus it require you to commit the sin of rebooting the machine.

      At work, we have choosen CIPE for Linux-Linux VPN. It is totally userland, come stock on recent RedHat version and is available as RPM; all that make it is easy to install and upgrade on a lot of machines. Plus the config file is really dumb-proof. We are stuck using PPTP for Windows-Linux VPN because that's all the Windows monkeys know about. --
      :wq Parent Share twitter facebook linkedin
      • Re:What's complicated about FreeSWAN? (Score:1) by pivo ( 11957 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:17AM (#3078772) From my understanding of FreeSWAN, it's not intended to connect many machines to a central point, for example a VPN for home manchines connected to a central office. It's intended to link offices together. So you should only have to install it on the specific machines that link those offices. If you're company's so big or disperse that you have thirty officies, then I guess you would have to recompile each kernel, though you'd be smarter to have identical machines and build the kernel once then distribute it to each machine.

        We use PPP over SSH for our home/office VPN for Linux and Solaris. It works very well and since it was originally a skunworks project, we didn't even have to get IT to open any new ports since SSH was already supported. Parent Share twitter facebook linkedin
    • Re:What's complicated about FreeSWAN? (Score:2) by LinuxGeek8 ( 184023 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:57AM (#3079084) Homepage I am struggling for some time now to get it going, but I still do not understand how it works.
      On my end I have a linux firewall with iptables.
      And what I could not figure out is what to do with the packet filtering, do I need to accept traffic over 50/ip on the ipsec0 interface or the eth0 interface. Same question for the 500 udp/ip traffic.

      And the other part of the network is connected to a freebsd server with racoon running. That is a completely different ipsec implementation. At least for configuring it is different.

      I believe running a packet filter is quite hard if you want to do it right. You have to understand networking and just play with for a few weeks just to understand it.
      If anyone would tell me he has a secure packet filter running, but cannot explain how it works, I just cannot believe it. You just have to know what you are doing.
      Same with ipsec.
      Ipsec is not only networking, but also crypto.
      So there is more you need to know about it, and it adds extra complexity to firewalling. --
      Well, don't worry about that. We can get you back before you leave. (Dr. Who)
      Parent Share twitter facebook linkedin
      • Re:What's complicated about FreeSWAN? (Score:1) by pfunkmallone ( 89539 ) writes: Alter Relationship on Thursday February 28, 2002 @09:44AM (#3086925) On your eth0 interface of the firewall, you need to allow 500 udp, and 50 tcp (if you're using ESP which is default). This allows the IPSEC peers to setup the tunnel. http://www.freeswan.org/freeswan_trees/freeswan-1. 95/doc/firewall.html

        According to the FreeSwan folks, no firewalling NEEDS to be done on the ipsec0 interfaces, as all packets coming through this tunnel are already being disassembled and "cleaned-up" by freeswan itself. Parent Share twitter facebook linkedin
  26. Women of the world, Stop sucking dick! (Score:-1, Troll) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:46AM (#3077705) Women of the world, it is time to stop sucking dick!

    Sucking dick is the ultimate act of subservience;
    a woman sucking dick not only gets no orgasm for
    her work, but gets a mouthfull of what can only
    be described as warm rancid milk for her efforts.

    This sexual slavery must be stopped!
    Women, reclaim your mouths, and

    STOP
    SUCKING
    DICK! Share twitter facebook linkedin
  27. Alan Thicke. DEAD. (Score:-1) by Alan_Thicke ( 553655 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:47AM (#3077709) Journal I just heard the sad news on CBC radio. Comedy actor/writer Alan Thicke was found dead in his home this morning. Even if you never liked his work, you can appreciate what he did for 80's television. Truly a Canadian icon.
    He will be missed :(



    Show me That Smile (The Growing Pains Theme Song):

    Show me that smile again.
    Ooh show me that smile.
    Don't waste another minute on your crying.
    We're nowhere near the end.
    We're nowhere near.
    The best is ready to begin.

    As long as we got each other
    We got the world
    Sitting right in our hands.
    Baby rain or shine;
    All the time.
    We got each other
    Sharing the laughter and love.

    --
    Alan Thicke's Journal
    My Slashdot ads say " Share twitter facebook linkedin
  28. why? (Score:0) by tplayford ( 308405 ) writes: Alter Relationship <tom@sai[ ]taly.com ['l-i' in gap]> on Wednesday February 27, 2002 @03:51AM (#3077734) I'm sure this book is very usefull etc. But I've set up serveral internationl linux based VPN's now and it really isn't that difficult.

    I suppose this is the same for almost all computer books, easy if you know how...

    Share twitter facebook linkedin
    • Re:why? (Score:2, Insightful) by MonkeyBot ( 545313 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:09AM (#3077844) Sometimes, there are special constraints on the networks you are working with. For instance, I need to use stuff that uses IP, but since PPP over SSH is strictly TCP, I can't use that option. Moreover, my boss is a paranoid guy that doesn't trust some 24-year-old punk (me) to run his firewalls, so both offices have managed firewalls through different ISPs, ruling out the possibility of a single ISP routing traffic over its network to the other office so that I don't have to do anything. This adds additional constraints because since I can't control the firewall without going through pains with both ISPs for several days, I can't even open a port for something like PPTP (which I really wouldn't want to do anyway). Granted, I can probably find out what I need to know from a Google search, but it would be nice to have all the common VPN solutions covered--even just introduced--in a book format. I'm buying it. Parent Share twitter facebook linkedin
      • Re:why? (Score:2) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @08:10AM (#3079648) Of course, ppp over ssh implies a full IP tunnel using ppp with ssh underneath, IP in TCP encapsulation, essentially. You get full IP functionality this way, though the architecture is horribly flawed (TCP connections run with TCP somewhere underneath, very bad when packets get loss and two layers start doing recovery).

        Now ssh without ppp on top supports only TCP tunnels, I'll assume that is what you are talking about. A statement that says you need to use IP, but you only get TCP sounds really goofy, since TCP rides on top of IP, phrasing it with the protocols you need (i.e. udp, icmp, etc) would have made the post more sensible (that and omitting ppp...). If I heard someone make the statement you just made I wouldn't trust them with firewall configuration either...
        --
        XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
      • Re:why? (Score:2) by Pii ( 1955 ) writes: Alter Relationship <jedi.lightsaber@org> on Wednesday February 27, 2002 @08:31AM (#3079810) Journal What do you mean, "PPP over SSH is strictly TCP?"

        Are you saying that ICMP, or UDP, traffic is unable to utilize this tunnel?

        That is certainly not correct. Just as PPP carries all of your IP traffic (any protocol) between your home and your ISP, a PPP over SSH tunnel will also carry whatever you need it to.

        --
        For those that would die defending it, Freedom
        has a sweet taste that the protected will never know.         Parent Share twitter facebook linkedin
    • Re:why? (Score:2) by Bender Unit 22 ( 216955 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:13AM (#3079206) Journal It's not when it works you need the books. It's when it doesn't work you'd wish you had the book.
      I have configured a VPN with the help of a HOW-TO page and it worked. B
      ut when you want to do larger setup's in the "real" world. All kinds of questions comes and demands comes to mind and it's nice to be on top of things and be able to say from the first meeting, what is possible and what is not. Parent Share twitter facebook linkedin
  29. Garsh (Score:-1) by Guns n' Roses Troll ( 207208 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:51AM (#3077735) Homepage I never knew that a high-steppin' yella could do that.
    Share twitter facebook linkedin
  30. VPN hardware (Score:1, Troll) by pokka ( 557695 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:02AM (#3077793) Building VPNs is a pain in the ass, regardless of whether you're using windows NT/2k or linux. Microsoft's documentation is sketchy (and in some cases completely wrong), and there are very few sources for building a VPN in Linux.

    This book may make it easier to build a VPN, but it's kind of obsolete, now that the Linksys VPN router has been released, making it a matter of plugging in and turning on. Of course, if you have plenty of free time, but very little money, you might go for the book instead. Share twitter facebook linkedin
    • Re:VPN hardware (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:17AM (#3077888) Heck of a troll. Good Job! Parent Share twitter facebook linkedin
    • Re:VPN hardware (Score:2, Interesting) by Cyno ( 85911 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:38AM (#3078046) Journal ...or if you're worried about security. I never trust commercial companies to deliver secure code. Specially if they keep it closed source. Unless you want to flash the rom on this thing every few weeks I'd just read up on a linux ppp over ssh solution and write some scripts to keep that software updated. Parent Share twitter facebook linkedin
    • Re:VPN hardware (Score:1) by starpool ( 562363 ) writes: Alter Relationship on Wednesday February 27, 2002 @02:12PM (#3081956) We started out making slow progress with FreeS/WAN trying to connect to a Raptor Firewall, and thought we'd try to take the easy way out and use two Linksys VPN Routers. Bottom line: the LVRs will only allow one Class C subnet access to the tunnel. Since we have multiple subnets at 4 different locations, the LVR is disqualified, at least for now. (Maybe Linksys will add this capability to future firmware.) So we're back to FreeS/WAN and Raptor...now if I can just get that book at my local BN. Parent Share twitter facebook linkedin
  31. What's wrong with PPTP? (Score:4, Interesting) by Jacco de Leeuw ( 4646 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:06AM (#3077826) Homepage PPTP is often used for 'road warrior' setups, i.e. people working from home or on the road. It's cheap because there are free (as in speech) PPTP servers for Linux and the Windows PPTP clients are free too (as in beer). In contrast, Windows IPSEC clients are often expensive.

    So, what's wrong with it then? Well, the security of PPTP apparently depends on the password. A German student has written software which can crack the password in a couple of hours on a Pentium II.

    c't (Heise) reported about this.

    --
    -------
    Warning: Slashdot may contain traces of nuts.
    Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:2, Informative) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:19AM (#3077901) It's Point-to-Point Tunneling Protocol and thus more limited than IPSec which can be used in routed mode and can connect arbitrary networks. Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:3, Interesting) by FallLine ( 12211 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:25AM (#3077939) Well firstly, Microsoft's implimentation of PPTP is insecure, buggy on the client side (and the server side, where their server is used), and has a hard time supporting multiple clients in a NAT environment.

      Secondly, a lot of older hardware has little to no support for the GRE protocol that PPTP depends on. Thus many people simply can't use it.

      Thirdly, it's virtually impossible to get two people connecting to the same VPN behind the same NAT network on any hardware. The nature of GRE makes it very difficult since it has no concept of port to diffentiate between packets, only source and destination IP. Unfortunately, NAT is very common these days so this really does matter. Parent Share twitter facebook linkedin
      • Re:What's wrong with PPTP? (Score:0, Troll) by icedivr ( 168266 ) writes: Alter Relationship on Wednesday February 27, 2002 @09:44AM (#3080500) If it's so insecure, why aren't people getting cracked all the time?

        Secondly, since when does hardware support a networking protocol in the absense of software? Any machine that can run 95 or 98 can run PPTP. They have pretty modest hardware requirements by today's standards.

        Thirdly, I have created multiple outbound pptp tunnels behind an ICS connection. It can be done.

        Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:3, Informative) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:40AM (#3078066) Just FYI, but Win2k and newer (at least) include native IPSEC support that can interoperate with FreeS/WAN and such. Other systems, well, they are intended for home use that doesn't need that functionality.. --
      XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:2, Informative) by jeremiahstanley ( 473105 ) writes: Alter Relationship <miah AT miah DOT org> on Wednesday February 27, 2002 @04:45AM (#3078100) Homepage With Win2k you can get this little patch and then you have a free as in beer IPSec implementation provided by Microsoft under Win2k. It even supports x509 certs. IPSec clients are not that expensive. Look at SSH Sentinal for another option. It even supports the newer AES ciphers (which I don't expect out of Microsoft for a long time)as added security.

      For all of this you have to patch the code to use the newer ciphers. You can get that here and if you need to use x509 certs you can get that stuff here. This is all pretty easy if you have you druthers about compiling new kernels and working with OpenSSL.

      Why this isn't in the kernel to begin with is anybody's guess. I would guess that it has something to do with all those pesky crypto export laws. Just like everything else in the ol US of A we have to sacrifice our freedoms so that we can be safe from the KGB and that one guy from Hackers. --
      Hire me... Parent Share twitter facebook linkedin
    • Its damn slow (Score:1) by moankey ( 142715 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:08AM (#3078275) From testimonies of traveling whatevers the people always complain that PPTP is very sloooow. They preferred using RAS in place, albeit a very expensive phone bill.

      Most were of course higher level execs so their complaining actually mattered. Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @05:19AM (#3078347) So, what's wrong with it then? Well, the security of PPTP apparently depends on the password. A German student [uni-freiburg.de] has written software which can crack the password in a couple of hours on a Pentium II.

      Thank god I'm not in Germany!!!! Parent Share twitter facebook linkedin
    • Re:What's wrong with PPTP? (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @05:26AM (#3078396) You can buy PGPnet (IPsec client) in most office depots , office max, or Circuit City for $39. It has the same functionality as the NAI version. Parent Share twitter facebook linkedin
    • wireless PPTP == readable password file (Score:1) by nealmcb ( 125634 ) writes: Alter Relationship on Friday March 01, 2002 @04:59AM (#3091216) Homepage The Heise article is in German, but refers to the original paper which is in English
      Normally, the file /etc/shadow (or /etc/password on old systems) is regarded one of the most vulnerable points of an unix system [Uni99]. If an attacker can obtain the information in this file, the system is nearly hacked. Using Microsoft's PPTP protocol, information about your passwords is not only publicly available, you also provide additional hints about the passwords, which allow to speed-up the attack by a factor of up to 2^16 .

      With this said, it is clear why we believe Microsoft's PPTP implementation isn't suitable for securing wireless networks.

      --

      --Neal
      Go IETF!

      Parent Share twitter facebook linkedin
  32. Problem is getting Management to go along (Score:2, Interesting) by Cy Guy ( 56083 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:27AM (#3077946) Homepage Journal I think the priority should be getting management to understand the importance of using standard protocols instead of proprietary ones.

    Having a book like this one is great if you want to familiarize yourself with the standards and how to implement them on Linux, but the much harder task is getting Management, particularly at larger companies, to see the benefit of implementing a standards based VPN where the users can use any standards based client over any TCP/IP network.

    Instead what I see is managers that want to buy a single product that comes with both the server and client applications, but then doesn't work or is hard to implement when the clients are trying to access the VPN from a cablemodem, DSL, or 802.11 connected machine, and don't (God forbid) want to use MSIE and Citrix on Windows to get onto the office network.

    --
    Work for Change & GET PAID! Share twitter facebook linkedin
  33. Can't beat SSH (Score:2, Insightful) by schlach ( 228441 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:27AM (#3077953) Journal for simple encrypted forwarding

    LocalForward 8080 theproxy:8080
    LocalForward 25 thesmtp:25
    LocalForward 143 theimap:143

    Don't forget your '-g' =) Share twitter facebook linkedin
    • SSH != VPN. That's a good thing. (Score:1) by Brian Hatch ( 523490 ) writes: Alter Relationship <<bri> <at> <ifokr.org>> on Wednesday February 27, 2002 @06:32AM (#3078902) Homepage Journal We have a section about when a VPN is not what you need, and these are the exact kind of examples when a VPN is unnecessary overkill.

      As a side note, if you use '-g', make sure you have iptables/ipchains/hosts.{allow|deny} rulesets enabled to make sure that only authorized machines can use the gateway. Otherwise anyone in the world can use your encrypted tunnel.

      Parent Share twitter facebook linkedin
      • Re:SSH != VPN. That's a good thing. (Score:2) by brassrat77 ( 9533 ) writes: Alter Relationship on Wednesday February 27, 2002 @09:33AM (#3080403) As a side note, if you use '-g', make sure you have iptables/ipchains/hosts.{allow|deny} rulesets enabled to make sure that only authorized machines can use the gateway.

        This is an EXCELLENT POINT that CANNOT BE OVEREMPHASIZED.

        I recently had to set up tunnels to allow a set of NAT'd workstations (laptops runnin a mix of Linux and W2K) access a system on the inside of a remote firewall where SSH was the only available securable protocol. We needed to use the "-g" switch, and the need for filtering access was immediately apparent.

        We ended up using a set of scripts to build the tunnel, including the necessary iptables rules.

        As an aside, I'd check if hosts.allow|deny rules are sufficient - I think the ssh tunnel would make all connections appear to be coming from the host running the tunnel. (Can't check for myself right now)

        Parent Share twitter facebook linkedin
  34. The main problem with IPSEC... (Score:5, Insightful) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:48AM (#3078126) IPSEC is wonderful, but many businesses don't think things through and use it for telecommuting. Why is this bad? Well, the way this works is that someone connects to the VPN system and gets a full tunnel that allows the authorized client to behave on the internal network as if it was actually there, bypassing the firewall. The problem here is pretty obvious. The client machine is not protected by a firewall,a nd so if the client is compromised, an attacker has a clear path straight past the firewall. So the effectiveness of the firewall is greatly reduced.

    Now if you don't have a firewall protectecting the network, this won't hurt, but if you do, then a solution like ssh is somewhat more secure, as you only set up the tunnels you absolutely need to very specific hosts. While there is still a risk, it is greatly reduced and strikes a good balance between usability and security.

    What IPSEC *is* good for is seamlessly connecting sites together without really expensive dedicated lines securely. While it makes no guarantee as to bandwidht or availability, it does provide almost the same level of security. If a company can't afford lines to sites but still wants to expand, IPSEC is ideal. I use it to connect my home private network to a friends home private network. The key here is that not only do you have to trust the clients whose keys you permit to connect, but you must also trust that the administrator of that client machine or network is sufficiently competent to keep his network secure, as the security of the two networks is tied a lot more closely together... --
    XML is like violence. If it doesn't solve the problem, use more. Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:1, Informative) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:58AM (#3078205) Actually, this is bypassed by disabling split tunneling (allowing the client machine to access the internet "directly" and accessing the VPN tunnel).

      -m

      Parent Share twitter facebook linkedin
      • Re:The main problem with IPSEC... (Score:2) by j7953 ( 457666 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:19AM (#3079240)
        Actually, this is bypassed by disabling split tunneling (allowing the client machine to access the internet "directly" and accessing the VPN tunnel).

        Well, but that doesn't prevent the telecommuter's computer to become compromised with some background logging software that'll collect information when connected to the company network, and send it to the attacker when connected to the internet.

        Of course, using an SSH tunnel also doesn't solve that problem.

        The only real option is to assign IPs from a different subnet to the telecummters' home computers, and having a firewall between that subnet and the rest of the company network that'll not allow access to certain ressources that are especially critical. And, of course, the telecommuters must be educated about the security issues.

        --
        Sig (appended to the end of comments I post, 54 chars) Parent Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:2, Informative) by icedivr ( 168266 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:10AM (#3078285) Your beef can be easily solved by ensuring that the remote machine's default route is down the tunnel.

      As far as I'm concerned, a bigger threat is the road warrior laptop not having adequate virus protection. (VP of Sales does insist on Windows, doesn't he?) Desktops behind the firewall presumably have multiple layers of protection in front of them, the road warrior, maybe not. Parent Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:2) by Shoten ( 260439 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:29AM (#3078417) So, you're saying the main problem with IPSEC is that it's not a magic bullet? Nothing is...get over it. I've heard people say the same about firewalls, saying how firewalls make people think that they're totally secure, so they no longer patch systems or pay attention. That may be true sometimes, but it's still not a valid argument that firewalls are flawed. Security isn't one box or one piece of software, and saying that one has a problem because it doesn't blanket everything is like criticizing deadbolts because thieves can still break a window to get into your home.
      --

      For your security, this post has been encrypted with ROT-13, twice. Parent Share twitter facebook linkedin
      • Re:The main problem with IPSEC... (Score:2) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:53AM (#3079060) Right, but I was saying that IPSEC is not only not a magic bullet (that is to be expected) but companies outright misuse the technology without any serious thought. They invest tons in making sure they have tight firewalls and policies that prohibit people from hooking up modems to the outside world (internet without firewall), and yet repeat the mistake in a different form time and time again. It would be nice to establish trusted connections to telecommuters, but it just simply can never be secure enough (well, maybe if the telecommuter is the same person who designed the corporate security and takes home security equally seriously, but not worth finding out). --
        XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
        • Re:The main problem with IPSEC... (Score:2) by Shoten ( 260439 ) writes: Alter Relationship on Thursday February 28, 2002 @03:15AM (#3084102) I see your point, but at that stage of the game, it's not the technology that is to blame. Any solid technology will be a problem if it is not part of a sound, well-thought out implementation. There are ways around the problem as well, however; for example, Checkpoint VPNs can push a security policy out to the client upon connection, enforcing a firewall policy at the end point and prohibiting network communications between that point and any node besides the VPN gateway. But that's a whole other ball of wax, and returns to the issue of making wise choices when rolling out technology.

          The bottom line is, VPNs make it possible to do things in business that aren't cost-effective any other way, and businesses are there to make money, not to be secure. It's a trade-off, and if the return outweighs the risk, it's worth the risk.

          --

          For your security, this post has been encrypted with ROT-13, twice. Parent Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:1) by Sloppy ( 14984 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:59AM (#3078631) Homepage Journal

      So the effectiveness of the firewall is greatly reduced

      Don't you have the same exact problem with desktop machines on the LAN, inside the firewall? Seems to me that VPN-though-a-firewall doesn't introduce any vulnerabilities that you don't already have.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it. Parent Share twitter facebook linkedin
      • Re:The main problem with IPSEC... (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @06:38AM (#3078946) But LAN machines have never been exposed to the internet. I am sure somebody can put some "fun" deamons up on a machine just waiting for a VPN connection. Parent Share twitter facebook linkedin
        • Re:The main problem with IPSEC... (Score:1) by Sloppy ( 14984 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:18AM (#3079239) Homepage Journal

          But LAN machines have never been exposed to the internet.

          Ha hah hah ha! That's a good one.

          Seriously, it must be nice to work at a place where they haven't heard of "Active Content" and no one uses products like Microsoft Word or Microsoft Outlook. :-)

          --
          As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it. Parent Share twitter facebook linkedin
          • Re:The main problem with IPSEC... (Score:2) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:48AM (#3079450) When dealing with internal systems, you can enforce all kinds of policies about virus software, etc. You can keep it relatively boxed. With telecommuting, the clients not only have relaxed restrictions, but also are vulnerable while connected to the internet to the sort of attacks firewalls are meant to keep out. Normally, this wouldn't be too bad, but with a full tunnel, that machine will probably contain sensitive information itself and, for the duration of the connection, gives full access to a corporate network if compromised. --
            XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
          • Re:The main problem with IPSEC... (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @09:07AM (#3080140) If you want to get legalistic about it:

            Local Area Network by definition is not a Wide Area Network now is it? If you have a LAN you cannot be exposed to the internet or it is a WAN. If you run active content then you are running code on the LAN. Don't run unknown code on a LAN. If you downloading something from the internet you are using a WAN interface are you not?

            The point is you have a machine that has been directly exposed to the intenet and now it is on your network and that is NOT the same thing.If I have to go to the head at a bus station I will finish my drink because I won't really know what it is when I get back. Parent Share twitter facebook linkedin
    • Re:The main problem with IPSEC... (Score:1) by -audiowhore- ( 153163 ) writes: Alter Relationship on Wednesday February 27, 2002 @11:08AM (#3081115) Bollocks! There are quite a few commercial VPN clients out there that either have a 'stateful' firewall engine (Check Points Secure Client), and some others that support personal firewall software (the Cisco client has support for Black Ice and Zone Alarms). The Cisco client can be configured to not install or initialise *unless* the personal firewall is installed/running.

      --audiowhore Parent Share twitter facebook linkedin
      • Re:The main problem with IPSEC... (Score:2) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:22PM (#3082392) But then, how do you ensure the client is using approved software if you are using a standard like IPSEC? I know, corporate policy, but if people are at home, they might try more exotic things... In any event, clients configured like this are a good way to make IPSEC *better* for telecommuting, but the safest bet is to not have full network transparency, but instead only have selected services that telecommuters need and allow only those in your preferred method of access.. --
        XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
  35. CIPE - a better solution. (Score:3, Informative) by ion++ ( 134665 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:18AM (#3078339) I'm using CIPE for linux at work. It can be found at http://sites.inka.de/sites/bigred/devel/cipe.html or for windows at http://cipe-win32.sourceforge.net/.
    It's a better solution because it doesnt run TCP over TCP, which can give a problem, when retransmission occurs. With the right ammount of bad luck, you can have double retransmission where both layers of TCP retransmit. CIPE runs completely over UDP to avoid this problem.

    JonB Share twitter facebook linkedin
    • Re:CIPE - a better solution. (Score:2, Insightful) by ion++ ( 134665 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:22AM (#3078367) Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with.
      Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.

      JonB Parent Share twitter facebook linkedin
      • Re:CIPE - a better solution. (Score:1) by The Darkness ( 33231 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:29AM (#3078878) Homepage Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with.
        Junta already posted a valid response to this statement.

        Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.
        FreeS/WAN works great with non-static IP addresses.

        For example:

        /etc/ipsec.conf

        conn netnet
        left=theirhost.dyn.dhs.org
        leftid=@theirhost.dyn.dhs.org
        leftsubnet=10.1.1.0/24
        right=%defaultroute
        rightid=@myhost.dyn.dhs.org
        rightsubnet=10.1.2.0/24
        leftrsasigkey=....
        rightrsasigkey=....
        authby=rsasig
        auto=start

        And in ipsec.secrets:

        @myhost.dyn.dhs.org : RSA {
        ...
        }

        I have been using a similar configuration since the release of FreeS/WAN v1.5.

        --
        There are two kinds of people: 1) those that need closure Parent Share twitter facebook linkedin
    • Re:CIPE - a better solution. (Score:2, Informative) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:39AM (#3078494) Better solution than, say, ppp over ssh (a really dumb hack), but not better than IPSEC for most all applications.

      IPSEC also does not run TCP over TCP, it uses udp for isakmp, and data is transmitted through custom protocols (numbers 50 and/or 51), *not* through TCP.

      Another thing about IPSEC that works better than CIPE is that IPSEC more strongly authenticates the machine at the other end. This is why NAT breaks, because unlike CIPE, IPSEC works to ensure the packet has passed unmodified since leaving a known trusted host, and the very nature of NAT prevents this. Solution is simple, move the IPSEC gateway to either the NAT system or beyond. Though it is being pushed in many circles as a good solution for telecommuting, it really was never designed for that and that usage really spits in the face of firewalls.

      Finally, CIPE lacks compatibility. Sure you can configure windows and linux boxes and maybe other platforms, but just try to connect to, say a CISCO router....

      CIPE is a hack that creates more problems than it solves in the long run. PPP over ssh is worse, but a dumb idea, set up tunnels for specific tcp services that you need, more overhead, but security is better (not perfect, but better). For connecting networks together, a good architect can piece together an IPSEC solution that guarantees identity at other end of the pipe... CIPE offers the gaping whole that IPSEC can while not offering enough identification. So ssh or IPSEC remains the best solution, depending on the problem. --
      XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
    • Duh, we cover cIPe in the book. (Score:2, Informative) by Brian Hatch ( 523490 ) writes: Alter Relationship <<bri> <at> <ifokr.org>> on Wednesday February 27, 2002 @06:40AM (#3078953) Homepage Journal Ummm, we cover cIPe in the book. Would be a pretty crappy job if we hadn't. Parent Share twitter facebook linkedin
  36. Answer? (Score:3, Funny) by sharkey ( 16670 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:29AM (#3078412) Why does every book need to include the magic 'L' word in the title nowadays?

    Because they have a better chance of getting posted to the Slashdot homepage? --

    --
    "Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next. Share twitter facebook linkedin
  37. Crossplatform aspect? (Score:2, Interesting) by egghat ( 73643 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:51AM (#3078571) Homepage How is the crossplatform aspect covered? There are hundreds of possible solutions for VPNs out there, but if you want something that works on *nix, Windows and Mac (Classic and X) and is free and open, the range of products to choose from gets small ...

    For example, I couldn't find a free IPSEC client for Windows.

    Any new hints from this book?

    Thanks in advance.

    egghat. --
    -- "As a human being I claim the right to be widely inconsistent", John Peel Share twitter facebook linkedin
  38. Semi-OT: any ISPs that route a VPN connection? (Score:1) by Sloppy ( 14984 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:06AM (#3078670) Homepage Journal

    Anyone know of any ISPs (preferably outside USA) that will route stuff coming from a VPN (or any other type of encrypted tunnel) to The Internet? (i.e. from The Internet's point of view, it would be like I was a local user of that ISP, even though I'm physically somewhere else.) Doesn't have to be free beer.

    --
    As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it. Share twitter facebook linkedin
    • Re:Semi-OT: any ISPs that route a VPN connection? (Score:2) by disappear ( 21915 ) writes: Alter Relationship on Wednesday February 27, 2002 @09:42AM (#3080488) Homepage
      Anyone know of any ISPs (preferably outside USA) that will route stuff coming from a VPN (or any other type of encrypted tunnel) to The Internet? (i.e. from The Internet's point of view, it would be like I was a local user of that ISP, even though I'm physically somewhere else.)

      Why would you want to do that? Not only will it slow down your network connection, but I suspect that it should be fairly easy to do traffic analysis to determine which traffic was yours in the first place, even at a busy ISP...

      Parent Share twitter facebook linkedin
  39. Has anybody used isakmpd on Linux (Score:2) by Chang ( 2714 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:06AM (#3078673) Anybody out there have any success compiling and using OpenBSD's isakmpd on Linux?

    I really need to use aggressive mode but the patches for freeswan are ancient/unmaintained.

    A pointer would be greatly appreciated.
    Share twitter facebook linkedin
  40. ssh + ppp = vpn (Score:1) by hopeless case ( 49791 ) writes: Alter Relationship <{christopherlmarshall} {at} {gmail.com}> on Wednesday February 27, 2002 @06:11AM (#3078722) Here's this script I use to setup a quick and dirty VPN between my workstation at work and my home PC. It has to originate from work to get through the firewall but once setup, of course, packets can flow both ways. I call the script ssh-vpn.

    You have to setup ssh correctly with rsa keys before it will work. You also have to download pty-redir. See the VPN mini how-to for more details.

    #!/bin/bash

    REMOTE_HOST=$1
    REMOTE_IP=$2
    LOCAL_IP=$3

    if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] ; then
    echo "usage ssh-vpn "
    exit 1
    fi

    # this file holds the slave pty that the local pppd needs
    tmpfile=/tmp/tmp$$

    # start remote pppd
    /usr/local/bin/pty-redir /usr/bin/ssh -1 -o 'Batchmode yes' -t -l root $REMOTE_HOST /usr/sbin/pppd local ${REMOTE_IP}:${LOCAL_IP} 2> $tmpfile

    # give the remote pppd process a little time to send its first connect request
    sleep 5

    #start local pppd
    /usr/sbin/pppd $(cat $tmpfile) passive

    # remove file that held the slave pty file name
    sleep 5
    rm $tmpfile

    Share twitter facebook linkedin
  41. Right in time. (Score:2) by Bender Unit 22 ( 216955 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:06AM (#3079151) Journal I have just been playing with IPSec for the last couple of days and wanted to buy a book on the subject. While I managed to sucessfully make a VPN connection between 2 machine, I still need to read a great deal about what's under the hood.
    So I looked at amazon also thinking that I could not go wrong with a book from O'Reilly, but after looking at the few stars it got I had been looking at this book and the one from RSA. Well, that does it. I'm getting this one. :)
    Share twitter facebook linkedin
  42. 1 2 Related Links Top of the: day, week, month. next

    Patent on Wireless Transfer of Pupil Data

    27 comments previous

    Piro On Why .Coms Don't Work

    300 comments window._taboola = window._taboola || []; _taboola.push({ mode: 'text-links-a', container: 'taboola-below-article-text-links', placement: 'Below Article Text Links', target_type: 'mix' });
  43. Turing Completeness and Virtual Machines by Baldrson · · Score: 4, Insightful · on The Problem Of Developing
    People forget that a machine/language that is Turing Complete can emulate any other machine/language that is Turing Complete.

    The most widely deployed Turing Complete machine/language is a close race beteween Javascript and the Wintel machine code, with Java a distant 3rd. Since there is a problem with reliance on machine code for dynamic installation of software over the network, that leaves Javascript the most obvious candidate in which to write other languages. Most people never thought of Javascript as anything but an afterthought to HTML so they might have their eyes opened a bit to the power of Turing Completeness by seeing the TIBET virtual machine written in about a 100K Javascript embeded in a web site's (gzipped) HTML. It gets away with this by dynamically patching (Perl-config style) Javascript incompatibilities and building out from the set of features thereby supported cross-browser.

    As I've written elsewhere, this isn't the ultimate language by any means -- but it is a critically needed repair to the foundation of the web that can be followed by more advanced VM's later on.

  44. Hi my name is emad! Here's a picture of me! by Anonymous Coward · · Score: -1, Flamebait · on Plastic LEDs Break Telecommunications Barrier

    * e m a d * e m a d * e m a d * e e m ..x######x. m a ############# a d x############## d * ############''## * e # ''''' ``` '## e m # ,,,,. ,,,,. ## m a / #/ \.--- ##\ a d | $ \o/ \O| $ | d * | | | | | * e \| (..) |/ e m | | m a \ <UUUUUU> | a d \ \AAAA/ / d * /\ / * e / '..'| e m .-'( | ''--. m a.-' '. \../ / '-a d '-..' d * * e e m m a NEVER SURPRISED BY COCK a d d * e m a d * e m a d * e m a d *

    Cum visit my website!

  45. Re:Captain America by LMariachi · · Score: 1 · on Marvel Universe Is Almost Like *Real Life* Society
    Only Human Torch (October 1939) and Sub-Mariner are older.

    That was a different "Human Torch" than the Fantastic Four member, though.

  46. From Taxes to Use Fees by Baldrson · · Score: 2, Interesting · on Every Road a Toll Road
    Since I helped design and wrote the distributed "transaction file manager" system that archives, replicated in geographically distributed vaults, all movements for the most widely deployed toll road system in the US (not that that qualifies me for a job outside of Starbucks these days) I had to do a good deal of thinking about the social impact of what I was being paid to create. Guys in my position are tempted to rationalize what they do, so I do recognize the ethical problem of this sort of discussion.

    The basic problem with systems like this is not that they violate your privacy, nor that they cost money, but that they privatize public assets without, at the same time, shifting the tax base to net assets rather than economic activities.

    Governments defend legally defined rights. Why, then, aren't those in posession of said rights paying for the cost of protecting them? If I have title to an asset, that title is worthless to me without enforcement of the entitlement to the asset. Why should some kid who is trying to get a family together be potentially subject to the draft at the same time that he is paying taxes on everything from income to capital gains to groceries to pay for enforcement of my title with his money as well as his blood?

    There are alternatives. Just before the time I worked on the toll road archive system, I was politically active and my last ditch attempt to address via political reform the core problems I saw was a proposed net asset tax reform based on risk-adjusted net present value calculation (arguably the most fundamental business calculation of all). Since then I've become very disenchanted with politics as a viable route to reform and come to a more radical proposal I have called warrior's insurance where governments and international mutual defense treaties are replaced by reinsurance networks that indemnify in the event of loss of asset value due to force or fraud. The insurance premiums would usually be paid in scrip issued by the insurance companies, thereby displacing fiat currencies. The insurance companies could adjust their premiums to account for risky behavior by their clients (like building huge fixed assets in placed like NYC for people who go around the world tormenting Muslims). Global markets trading varieties of scrip would naturally turn into a reinsurance network supporting emergency action by groups of warrior insurers.

    Said insurance premiums and their risk-adjustment are the way guys who own lots titles that need enforcement can pay younger guys who put their lives on the line to protect those entitlements -- and pay them something that might be remotely called fair compensation -- all without resorting to rhetoric about how "we're all one big happy clan around here". Of course, the warrior insurers themselves may be very clanish, but that's their business. Clans -- real clans -- do have a place in the foundation of such a reinsurance network. Clans are, after all, highly territorial.

  47. From Taxes to Use Fees by Baldrson · · Score: 2, Interesting · on Every Road a Toll Road
    Since I helped design and wrote the distributed "transaction file manager" system that archives, replicated in geographically distributed vaults, all movements for the most widely deployed toll road system in the US (not that that qualifies me for a job outside of Starbucks these days) I had to do a good deal of thinking about the social impact of what I was being paid to create. Guys in my position are tempted to rationalize what they do, so I do recognize the ethical problem of this sort of discussion.

    The basic problem with systems like this is not that they violate your privacy, nor that they cost money, but that they privatize public assets without, at the same time, shifting the tax base to net assets rather than economic activities.

    Governments defend legally defined rights. Why, then, aren't those in posession of said rights paying for the cost of protecting them? If I have title to an asset, that title is worthless to me without enforcement of the entitlement to the asset. Why should some kid who is trying to get a family together be potentially subject to the draft at the same time that he is paying taxes on everything from income to capital gains to groceries to pay for enforcement of my title with his money as well as his blood?

    There are alternatives. Just before the time I worked on the toll road archive system, I was politically active and my last ditch attempt to address via political reform the core problems I saw was a proposed net asset tax reform based on risk-adjusted net present value calculation (arguably the most fundamental business calculation of all). Since then I've become very disenchanted with politics as a viable route to reform and come to a more radical proposal I have called warrior's insurance where governments and international mutual defense treaties are replaced by reinsurance networks that indemnify in the event of loss of asset value due to force or fraud. The insurance premiums would usually be paid in scrip issued by the insurance companies, thereby displacing fiat currencies. The insurance companies could adjust their premiums to account for risky behavior by their clients (like building huge fixed assets in placed like NYC for people who go around the world tormenting Muslims). Global markets trading varieties of scrip would naturally turn into a reinsurance network supporting emergency action by groups of warrior insurers.

    Said insurance premiums and their risk-adjustment are the way guys who own lots titles that need enforcement can pay younger guys who put their lives on the line to protect those entitlements -- and pay them something that might be remotely called fair compensation -- all without resorting to rhetoric about how "we're all one big happy clan around here". Of course, the warrior insurers themselves may be very clanish, but that's their business. Clans -- real clans -- do have a place in the foundation of such a reinsurance network. Clans are, after all, highly territorial.

  48. From Taxes to Use Fees by Baldrson · · Score: 2, Interesting · on Every Road a Toll Road
    Since I helped design and wrote the distributed "transaction file manager" system that archives, replicated in geographically distributed vaults, all movements for the most widely deployed toll road system in the US (not that that qualifies me for a job outside of Starbucks these days) I had to do a good deal of thinking about the social impact of what I was being paid to create. Guys in my position are tempted to rationalize what they do, so I do recognize the ethical problem of this sort of discussion.

    The basic problem with systems like this is not that they violate your privacy, nor that they cost money, but that they privatize public assets without, at the same time, shifting the tax base to net assets rather than economic activities.

    Governments defend legally defined rights. Why, then, aren't those in posession of said rights paying for the cost of protecting them? If I have title to an asset, that title is worthless to me without enforcement of the entitlement to the asset. Why should some kid who is trying to get a family together be potentially subject to the draft at the same time that he is paying taxes on everything from income to capital gains to groceries to pay for enforcement of my title with his money as well as his blood?

    There are alternatives. Just before the time I worked on the toll road archive system, I was politically active and my last ditch attempt to address via political reform the core problems I saw was a proposed net asset tax reform based on risk-adjusted net present value calculation (arguably the most fundamental business calculation of all). Since then I've become very disenchanted with politics as a viable route to reform and come to a more radical proposal I have called warrior's insurance where governments and international mutual defense treaties are replaced by reinsurance networks that indemnify in the event of loss of asset value due to force or fraud. The insurance premiums would usually be paid in scrip issued by the insurance companies, thereby displacing fiat currencies. The insurance companies could adjust their premiums to account for risky behavior by their clients (like building huge fixed assets in placed like NYC for people who go around the world tormenting Muslims). Global markets trading varieties of scrip would naturally turn into a reinsurance network supporting emergency action by groups of warrior insurers.

    Said insurance premiums and their risk-adjustment are the way guys who own lots titles that need enforcement can pay younger guys who put their lives on the line to protect those entitlements -- and pay them something that might be remotely called fair compensation -- all without resorting to rhetoric about how "we're all one big happy clan around here". Of course, the warrior insurers themselves may be very clanish, but that's their business. Clans -- real clans -- do have a place in the foundation of such a reinsurance network. Clans are, after all, highly territorial.

  49. Re:Why Europeans ban 'hate speech' by Baldrson · · Score: 2 · on Europe Continues Work on Cybercrime Treaty
    You may or may not agree with these laws, but in Europe there seems to be a broad majority in favor of these laws, mainly because of WWII.

    Yes, they favor them because Germany lost the war and the winners decided to go beyond mere reparations ala the Versailles Treaty and pursue a Romanesque "salted earth" policy by attacking anything that might contribute to another resurgence of Naziism -- like racism, antisemitism, xenophobia, sexism, homophobia, nationalism, isolationism and economic independence. I suppose they'd make sure food, water and air were all under the control of central banking authorities if they could since that, too, would decrease the chance of a resurgence of Naziism. In fact, why don't we just get rid of humans? Seems they're nothing but trouble anyway.

  50. Re:Coming soon to the battlefield by sharkey · · Score: 2 · on The Future of MREs

    Give it a look here. Picture linked to from this page, but the page size is huge, more than a MB.

  51. Re:Coming soon to the battlefield by sharkey · · Score: 2 · on The Future of MREs

    Give it a look here. Picture linked to from this page, but the page size is huge, more than a MB.

  52. Duck Amuck: I remember that! by bigdreamer · · Score: 3, Interesting · on That's All Folks: Chuck Jones RIP

    I'm just a yungin' (20), but I always preferred older cartoons to the stuff that comes out these days. My all-time favorite short cartoon is Duck Amuck.

    Apparently, Chuck Jones did a lot of cool stuff besides Bugs Bunny & Co. His biography says he directed another of my favorite cartoons, How the Grinch Stole Christmas.

    Interestingly enough, my interest in science came from one of his cartoons. You know, the one with the mad scientist and his gigantic red hairy monster. Bugs Bunny outwitted them both, of course. But I was so impressed with the gadgetry that I declared to my folks that I would be a Mad Scientist when I grew up. I would even find empty bottles, "mix" their contents, and drink the "potion." In my head I was Jekyll and Hyde. But now I'm way OT...*Reminiscing for a moment*

    [rant]
    How come they didn't advertise this when he was still alive? Why all this list of achievements after I can't write him a letter to thank him? I know the answers, 1) The info is already out there and 2) Dead people make more news. But still, he'll never know how much I appreciated his work. Chuck Jones taught me what humor is. 1337 skillz are nice, but laughter is priceless.
    [/rant]

  53. PayPal Works for Shareware by Anonymous Coward · · Score: 0 · on Class Action Lawsuit Says PayPal Restricted Funds

    Well, we've been using PayPal for a while now to accept payments for our software, Notmad Explorer, which is Windows Shell integration software for Creative Nomad MP3 players, and we haven't had any problems yet.

    In fact, PayPal's steps to verify identity and prevent fraud make us feel more secure. Of course, we don't have $30k in our account so maybe we don't make them nervous to the point where they put weird restrictions on our account, but it seems to work pretty well for small software publishers who need something that is extremely simple to set up, easy for customers to pay, and doesn't cost a lot.

  54. Re:The TRUTH about that Mulder by GigsVT · · Score: 1, Redundant · on David Duchovny In The X-Files Finale

    Actually This picture shows DD during his brief role as a boy toy for Hitler. This was before the greys abducted him, and warped him 40 years into the future.

  55. Asset Centralization vs Asset Tax by Baldrson · · Score: 2 · on More Media Consolidation Coming Soon
    Governments defend legally defined rights. Why, then, aren't those in posession of said rights paying for the cost of protecting them?

    If you want to know where this unbridled centralization comes from, it is the fact that economic activity is being taxed rather than net assets.

    Why not warriors insurance where governments and international mutual defense treaties are replaced by reinsurance networks that indemnify in the event of loss of asset value due to force or fraud? The insurance premiums could be paid in scrip issued by the insurance companies, the insurance companies could adjust their premiums to account for risky behavior by their clients (like building huge fixed assets in placed like NYC for people who go around the world tormenting Muslims), and the global markets including varieties of scrip would naturally turn into a reinsurance network supporting emergency action by groups of said warrior insurers.

  56. Re:Everything old is new again... by ahde · · Score: 2 · on Supreme Court Accepts Eldred Case

    the Heirs of the Grail Kings are going to be knocking at your door.

  57. Re:Everything old is new again... by ahde · · Score: 2 · on Supreme Court Accepts Eldred Case

    the Heirs of the Grail Kings are going to be knocking at your door.

  58. Re:Jews Had To Be Good For Something by October_30th · · Score: -1 · on Disinformation.com
    Sure. Check out our website for more information.

    You can mail me too.

  59. Spina Bifida / Hydrocephalus Info by cybrpnk · · Score: 4, Insightful · on Highbrow Highjinks Come to an End

    Here's more than you ever want to know about spina bifida / hydrocephalus and how it generally affects those who have it - one of whom talks about it here. One study on IQ follow-up is here but it only says the expected problems result. My wife is a labor / delivery nurse and sees this pretty frequently, it's not pretty and just about always causes neurological damage....

  60. Re:Can we trick the harvesters/spammers? by Shiny+Metal+S. · · Score: 2 · on DSLReports Study: 8 Hours 'til the Spam Hits
    I wonder how well the harvesters have thought out their coding in order to NOT spam the .gov addresses.
    I'll tell you how I did it in my harvester. ;) I'm kidding. But I sometimes wonder how much money I could make in the spamming business if I had no moral objections. Damn you moral objections!

    But seriously, I suppose they don't remove anything from harvested addresses. There are lots of obfuscated emails on the web, like user-no@spam.please-example.com or "contact shiny at key dot salt after cracking crypt(3)'ed plfeY04jaJnYI", where it would be almost impossible to to make a working algorithm understanding every method. But what is possible is collecting such addresses with SPAM in them for future manual processing, it could be even quite fast, if done well. However I don't thing they do this, for a simple reason: they don't want trouble makers. Trouble makers won't buy anything anyway and can cost them problems with ISPs, when they report every abuse. For the same reason there's no spam in my admin@ mailboxes.

    This is a slogan from Spam-Free Emailing Service : "No need to worry about losing your ISP or getting into trouble, we do the mailing to safe email addresses only." So i think they don't want to spam people who have NOSPAM in their email.

    For more spamming services, search Overture for "bulk email" and see such matches as e.g. "Increase Sales in 2002 with Bulk Email! 33-million e-mail addresses with order. Send up to 50,000 e-mails per hour with Prospect Mailer. Prospect Finder collects e-mail addresses based on keyword, profile or location. Free demos." for which people selling those emails are paying Overture $5.15/click (so don't forget to click them all every day!).

    (if you want to automate clicking check out the Spam Victims Revenge, a little script which search Overture and click links with random delays. I don't know if it works, I suppose that Overture has more sophisticated methods to count clicks, but it's a cool idea anyway. However the manual method has to work, so imagine slashdotting these paid links... it could be the end of spam forever...)

    But here's an idea: we can just call 1-800-359-0156 and ask if they have trouble makers on their lists...

  61. Re:Color blindness by Dynamoo · · Score: 1 · on Determining Color Difference Using the CIELAB Model?
    Absolutely, it doesn't matter what modelling system you use 4-5% of your visitors will have different colour perception from the "norm".

    This is a great page - Ocular Times.

    The bottom line is dichromats and anomalous trichomats (such as myself) really screw up complex color models, and ultimately the best designs tend to be those that concentrate on providing a really high contrast, and never, ever use colour as the primary way of conveying information (e.g. press the GREEN button for this, RED button for that).

    It's quite easy to test a color scheme to see if it's readable across all types of colour perception, simply load a sample into your favourite paint or photo editing package and test the colours with each of the RGB elements removed in turn.. then try it in monochrome to check that it's still readable. If you try this with Slashdot you'll find that the colour scheme is great :)

    Now if only those b*stards who make kit with Red/Orange/Green LEDs took the same amount of care the world would be a happier place!

  62. Walmart, huh? by filtersweep · · Score: 5, Informative · on Wal-Mart, Moore's Law and Open Source

    "When it comes to managing high-impact innovation, there is no contest--Sam Walton still matters more than Bill Gates. "

    What the article doesn't mention is that many metro and suburban communities VIGOROUS oppose (if not block) the openings of new Walmarts.

    There have been huge union issues related to Walmarts the sell groceries.

    At a more immediate level, it is downright depressing seeing retirees slaving away minimum wage.

    There are a TON of sites about the evils of Walmart:

    Walmart Memoirs

    Walmart Trash Page

    Yahoo stuff

    And lest you forget all the censorship that Walmart does regarding music....Censorship at Walmart on Yahoo

    I could go on and on about their business practices.

    Not to mention that you could hold Jerry Springer auditions at almost any Walmart in the US...

    I fundamentally find it ironic that Walmart is used as an example... a very profitable retail chain that is widely hated... that has many questionable business practices... that crushes and destroys the small "mom and pop" retailers in smaller communities.... then again, maybe it is the perfect example?

  63. Think of the advertising possiblilites... by BCoates · · Score: 1 · on Humans Will Sail To The Stars

    'COKE ADDS LIFE!'

    The few primitive tribes still untouched by civilization in the jungles of South America would look up at the heavens, and certainly not think about Pepsi.

    --
    Benjamin Coates

    If that doesn't make any sense, search for "Naylor" on this page.

  64. Re:Bullshit by kevcol · · Score: 1 · on Tandys Never Die

    Can you help me read this box label? I am having trouble with it...

    http://www.geocities.com/~compcloset/TRS-80Model10 0_Boxed.jpg

  65. Model 100 by jACL · · Score: 3, Interesting · on Tandys Never Die

    Yes, I lusted after a Model 100 when they came out (this is what they looked like if you've never seen one...) but I ended up buying the even more useful Tandy PC-2 pocket computer. It was amazing how many Physics and Chemistry equations you could store in 3.5K. Never would have made it through the core curriculum in college without my artificial memory...;)

  66. Re:You are wrong. Video is the future... by Gumshoe · · Score: 3, Informative · on Lack of Digital Screens for Attack of the Clones

    Ebert's been pushing that 48 fps film for years now. 48 fps means the film is running through the camera/projector twice as fast. If the image size is the same, that means you're burning film twice as fast, which means your film costs are twice as high.

    Not quite true. More film is used, but not twice as much.

    Regular 35mm film wastes a lot of film anyway, simply because of having to crop the academy ratio to 2.35:1. MaxiVision48, which is the "new" medium we're talking about, theoriseses that nobody uses academy format anymore and "squeezes" the 2.35:1 frames as closely as possible. As a result, MaxiVision uses less space per frame and more frames per second, but vanilla 35mm uses more film per frame - which almost evens out.

    MaxiVision24 definately uses less film and has many advantages depsite being only 24fps.

    I've not explained that very well, I'm sure, so I'll point to this page for a better explanation.

  67. Re:What's the advantage? by Gumshoe · · Score: 3, Informative · on Lack of Digital Screens for Attack of the Clones

    The idea of having 60fps instead of the usual 24fps already has a solution - although it settles for 48 rather than 60.

    I won't go into too much detail as there's a perfectly good explanation here.

  68. Re:Deep Bass by frozenray · · Score: 1, Flamebait · on Will Barry White Songs Help Sharks Get Down?

    May I kindly suggest that you research the facts more carefully before you accuse others of heresy?

    The earth is flat.

    Voilà, I give you The Flat Earth Society - quote: "Deprogramming the masses since 1547". Granted, those dudes are a little short on evidence right now, but I'm sure they'll come up with something as soon as they find a way to escape their comfortably padded cells.

    The moon is cheese.

    Green cheese, to be exact. Here's the scientific evidence, complete with lots of important looking numbers.

    Pi is 3.

    "Scripture (I Kings 7:23) clearly declares that the value of pi (the ratio of the circumference of a circle to its diameter) is 3, not the secular humanist value of 3.14 taught in every school in Lawrence." Source: this page. (I believe the author might be counseling the prestigious Kansas Education Board. He also has something to say about that ridiculous round earth theory)

    By the way, in my day we didn't have those newfangled processors with floating point units you kids have today, so we had to make do with "PI EQU 3" and we got along with it just fine, thank you very much.

    And whales are fish.

    Yeah, and spiders are not insects, right? Let me quote from this page: "Pure nonsense. Either whales are fish or sharks aren't. I'd say whales are fish." There are more interestings facts to be found on this page, but I have to take my medication now.

  69. Re:Yes you get price by blibbleblobble · · Score: 1 · on Philips vs Unlicensed DVD Players

    US prison labour

  70. Re:leela by ckedge · · Score: 2 · on Concerning The Cancellation of Futurama


    http://www.geocities.com/payndz2/amywears.html

    http://www.leela.com.ar/fanart/rpeckett.shtml

    http://www.portalmix.com/futurama/downloads/leela2 .jpg

    Awwwwwww yeahhh baby...

  71. Bounty Hunter Deflation effect by StefanJ · · Score: 5, Funny · on Star Wars: Galaxies Preview
    I predict that about one in three characters will look like Boba Fett, and a hell of a lot of others will be bounty hunters of various sorts.

    As a result, bounty hunting will be an incredibly low-wage job. The streets will be thicker with desperate BHs than San Francisco is with pinkslipped web designers . . . begging for a chance to work, perhaps even carrying around WILL KILL FOR FOOD or WILL CAPTURE FOE FOR ROCKET PACK FUEL signs.

    -- Stefan Jones

  72. Goodbye, and good riddance. by The_Messenger · · Score: -1 · on OpenMosix

    Slashdot died in 1999, and, only now, has it realized that it is dead. The Slashdot janitors have finally proven themselves to be children that we trolls always knew they were. The sun rises, the day begins anew, and the posters and moderators slowly wander out of Slash-town, blinking in the glorious sunlight. They shout, tears streaming down their pale cheeks in happiness, "I can see again... how could I have wasted so much of my time, for so long, on such a crappy weblog?"

    The janitors stumble out of their Greek bathhouse, unable to believe their eyes as the banner advertising revenue hits the ground hard, like a WTC roofdiver. "What will be do now," they ask. "VA Software is a sham, and this awful Perl script was all we had. Shall we be forced to go out into the Real World, where our lack of social skills and laughable technical skills will force us to learn Visual Basic.NET in order to eke out a simple living?"

    It will be difficult for the janitors to survive in a world not built upon hypocrisy and unwarranted arrogance. Malda still doesn't see what's wrong with dissing the MPAA while hyping DVDs, slandering the RIAA while pirating MP3s, and mocking Micosoft while playing games on a Windows 98 machine. Michael still doesn't understand that large corporations make the world go 'round, and will only find refuge in a backwoods white-supremacist militia, where his anti-government attitude and NAZI censorship experience will be heartily accepted. JonKatz doesn't understand the fact that he can't write, but that doesn't mean he won't get plenty of experience scrawling requests for help on pieces of cardboard with a magic marker. (Such signs are highly valued by the homeless population, for they are believed to increase the chance of donation while wandering the highway median by almost 7%.) Jeff doesn't understand that there just aren't many "armchair scientist" employment opportunities available in today's world. And Gay Nik, poor fellow, will finally have to come to terms with the fact that *BSD is dying.

    Only Pater, who has enough energy and heat reserves stored in his belly to survive the next ice age, will live to see the Itanium released. He will be employed as a clown at an amusement park for disabled children. But he will be a sad clown, forever doomed to remember his friends and the stupid way in which they wasted their lives. "God, why have you forsaken me," he will scream, "why am I alone, doomed to wander the earth like a shade, remembering the sins of my compatriots? How I crave the sweet release of death! For to burn for all eternity in Hades with Malda by my side cannot hurt as much as living without him!" (One of the disabled children will then shit on Pater's floppy clown shoe.)

    AOL chatrooms, instant messaging applications, USENET, and other weblogs will soak up Slashdot's newly forum-less users, who will rediscover the joy of communicating without the constant worry of being censored by someone who disagrees with them. The evilest users, unable to abandon their moderator ways, may become IRC operators, but are easily ignored.

    Slashdot, you will not be missed. From the very first days of your existence, you were doomed to an anticlimactic end. Your fame and userbase are unwarranted. Your success was undeserved. You have fucked your users in so many ways, from editorial moderation abuse to allowing Katz to profit from users' comments, that it is unbelievable that you were able to stay alive as long as you did. Perhaps it is a testament to the parasitic, viral nature of the GPL, and the blindness of the Cheap Software community. But, enough -- we know your crimes. The real mistake was not shutting this shithole down when it died in 1999. Since then, it has only rotted and festered and stank as the trolls ate its carcass. You will never be able to walk in public without people pointing and laughing as recognize you and remember your embarrassing Internet identity.

    The things you have done are unforgivable, and finally your bad karma has returned to take its toll. Slashdot is doomed to the ultimate punishment: it will not be remembered well. You won't burn out; you will fade away, and the very last memory of your existence will probably be a goatse.cx hyperlink.

    Goodbye, Slashdot, and good riddance.

    -- The_Messenger
    User #110966. Now crashing at TRoLLaXoR's place. Please visit the Slashback homepage and the Troll Tuesday 2k1 memorial.