Slashdot Mirror
Domain: senate.gov
Stories and comments across the archive that link to senate.gov.
Comments · 2,348
-
Re:Don't write your Congressmen
Or better yet, write both of them.
Polticians may seem like a waste of time, but occasionally a letter to one actually makes a difference. They may not know much about the issue, but your letter could change that. They may be keeping a tally of people who write them about an issue and your vote could push them to the threshold of actually taking an interest in the topic.
Sure, all your points about writing to CEOs are good ones. They do have more clout than politicians in some cases and would potentially take more notice of your letter. But sending an email to your senator is so easy their's no reason not to do it. Look yours up and send them an email today. http://www.senate.gov/senators/index.cfm
-
Write a letter to your representative
Listen, I know many of us are cynical, and we believe that most people in Washington are owned by corporate dollars. However, I still have a glimmer of hope for our country. Visit the U.S. House of Representatives website and the U.S. Senate website, find your representatives' e-mail addresses, and give them your opinion. Voice your concerns! If you sit idly by, and these laws get passed, then you have only yourself to blame. We sent 15,000 letters to the DOJ regarding the Microsoft antitrust settlement, and people noticed. Numbers speak to these people.
Instead of posting to slashdot, write to your representatives. We can make a difference if we all do it this weekend. You have nothing better to do. -
Do you live in South Carolina?Why don't you tell good old Senator Fritz what you think of his sellout to the major multimedia corporate interests at the expense of everybody else.
Being a trained attack dog for Disney and AOL doesn't serve anyone living in your state. It just gets him campaign money.
If you find that it's literally impossible to back up your hard drive or your company's data storage a year from now because he got those "anti-piracy" (note: in Hollings-speak, fair use = piracy) laws passed, do you think Hollings will help you? Maybe he can get a law passed making it illegal for hard drives to fail.
His public contact page is http://hollings.senate.gov/webform.html.
Be as nasty as you like, there's no possibility of working with him. He has been bought and being an honest politician, will probably stay that way.
From http://www.opensecrets.org/politicians/indus.asp?
C ID=N00002423&cycle=2002
The top industries supporting Ernest F. Hollings are:
1 Lawyers/Law Firms $1,151,134
2 TV/Movies/Music $260,034Note: you may safely assume that at least some of the law firm contributions are from organizations on media industry payrolls.
Since I don't live in South Carolina, the only way he's going to pay any attention to what I say as a non-constituent is if I send it via snailmail with a check for over $1,000 enclosed. Since hell will freeze over before I send him money, I didn't see any reason to bother writing him.
Here's a copy of the e-mail I didn't bother sending. Perhaps some of you who live in SC can get some inspiration from it. Note: URL below is
a fair usage quote from Yahoo News:
Senator rips tech fears on piracy curb
Dear Senator Hollings:
Threatens government standards to protect copyrightsBy Lisa Smith, Medill News Service
WASHINGTON (CBS.MW) -- A powerful senator criticized Silicon Valley's high-tech firms Thursday for obstructing efforts to fight movie and music piracy.
If the electronics and content industries can't agree on a solution to digital piracy, the government will step in, promised Sen. Ernest "Fritz" Hollings, D-S.C., chairman of the Senate Commerce Committee.
Hollings told Intel (INTC: news, chart, profile) executive vice president Leslie Vadasz that it was "nonsense" to say that protecting intellectual property rights would damage the high-tech industry, stifle innovation, reduce product usefulness and slow new technology investment, as Vadasz had testified.
The above comment makes you either a liar or a fool.There was a time I used to admire you. After you decided you now represent AOL/TimeWarner, the MPAA, and Disney instead of the poor suckers who voted for you, I no longer can respect you as a public leader or even a human being.
You're just another political whore. You are a disgrace to the US Senate and a living indictment of American democracy.
Of course, this is not news to any of your staff member who reads this, but if that person had any personal integrity or decency, he or she wouldn't be working for you anyway.
Hopefully, when those companies you attack finish with you, you'll be just someone who's trying to become a lobbyist and finding that nobody in politics can afford to be associated with you, instead of the "powerful senator" you are no longer fit to be.
A.Lizard
-
Senate Commerce Committee Hearings Transcripts
The transcripts (what was actually said including questions & answers) will probably be available in a couple of weeks at the Government Printing Office {check out Orrin Hatch's Judiciary Committee Hearing on Copyrights while you're there}
The submitted statements are available on the Committee's own page.
The hearing was broadcast on CapitolHearings, but they don't seem to offer archives. I ripped the stream & will post an Ogg Vorbis version soon, but the everyone must have woken up today & decided to surf porn 'cause the 16kbps stream over a well-tuned DSL connection was interrupted several times, some of which failed auto-retries (do I hate RealPlayer now?).
If anyone else has a stream rip, please post it. My favorite part is Hollings saying "son of a bitch" a couple minutes before the hearing starts. Yes, that microphone is on sir.
Did anyone else listen? I thought Eisner went off the deep end during the question & answer period. He wants to protect camcorder-at-the-movie -> DivX;-) movies from distribution (not just stuff with DRM). The Intel V.P. (who was very calm despite the verbal LSD flying around) said that wasn't possible, but I don't think he was considering the full totalitarian push. Consider a law requiring ISPs to NAT and dynamic-IP all users so no one can run a server unless registered (like guns) & authorized. All P2P traffic is illegal. The entire US is firewalled off from "rouge" nations. Sure, it sounds unlikely, but that's why Eisner sounded so wacked out. He really sounded like he either wanted the net to become cable TV or just be shut down entirely (Disney isn't making any money from abc.com or disney.com or go.com- what do they need the damned pirate club for anyway?)
You might think Eisner was talking about watermarking, but he wanted 90% of "pirate" traffic catchable. He's MORE concerned about a teenage projectionist inviting over his buddy who's dad has a 3-chip DV camcorder than DRM cracks. A 400x300 divx compress from a camcorder aimed at a screen is not going to preserve watermarks unless they really fuck up the quality. I think he's heading towards the RIAA "we want the right to snoop & crack those pirate sonofabitches" idea.
-M
-
Speak Now, or ....
-
Re:Seriously...
Also here's a link to the committee itself Commerce Committee. That has names and addresses (including email) for senators who should be at the hearing.
-
Re:err wtf..
i live in south carolina so this fucker is supposedly representing me. last time i checked digital encryption was not on my to do list... south carolina is still 49th in education, the little shit needs his priorities adjusted... all in favor of removing him from office say i. (south carolina high school student skipping school today)
Unfortunately, Senator Hollings has been bought out by corporate interests for some time now. He is basically now the elected Disney representative. He has received almost $300,000 since 1995 in "donations" from large corporations, including AOL/TW, Disney, News Corp (Fox), Viacom (CBS), and NBC. Check out this article on The Register for more info.
If you are a resident of South Carolina, then you are a constituent of Sen. Hollings. PLEASE, contact a rep at any of his offices, and tell them you are a constituent who is AGAINST the SSSCA. Be polite, be firm, give your address, make sure they know you are a citizen & a voter. Only activism by us geeks is going to get these types of things stopped. -
First Widener!!!
.I
-- Share twitter facebook linkedin
- Marco- 10th post (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:35AM (#3077644) I claim this early post for JinWicked! Share twitter facebook linkedin
- Is it as good as New Riders' MySQL book? (Score:0) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:36AM (#3077649) New Riders' MySQL book is mighty fine; if this is half as good it'll be worth reading Share twitter facebook linkedin
-
Re:Is it as good as New Riders' MySQL book?
(Score:0)
by SweetAndSourJesus ( 555410 ) writes: Alter Relationship
<JesusAndTheRobot.yahoo@com>
on Wednesday February 27, 2002 @03:44AM (#3077697)
Agreed, that was a surprisingly good book. Their php book (can't recall the title) sucked, though. They spent too much time on programming style and whatnot; things that really weren't php-specific. That's all fine and dandy, I guess, but when I buy a book about php, I'd like it to be about php.
--
--
the strongest word is still the word "free" Parent Share twitter facebook linkedin -
Re:Is it as good as New Riders' MySQL book?
(Score:0, Redundant)
by PoiBoy ( 525770 ) writes: Alter Relationship
<brian@poiholdi n g s . com>
on Wednesday February 27, 2002 @04:04AM (#3077810)
Homepage
I haven't read the New Riders' book on VPN's yet, but I have found this publisher's other books (including the one on MySQL) to be extremely well written and accessible and useable by both newbies and experienced users.
--
Sig (appended to the end of comments you post, 120 chars) Parent Share twitter facebook linkedin -
Re:Is it as good as New Riders' MySQL book?
(Score:2)
by einhverfr ( 238914 ) writes: Alter Relationship
<.moc.liamg. .ta. .srevart.sirhc.>
on Wednesday February 27, 2002 @04:29AM (#3077971)
Homepage
Journal
Not to mention their GTK/Gnome Development book.
I have as much respect for New Riders as I do for O'Reilly. --
LedgerSMB: Open source Accounting/ERP Parent Share twitter facebook linkedin
- ep (Score:-1) by bitchslapboy ( 193543 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:37AM (#3077652) Homepage This early post for Ida! --
Slashdot - contra bonos mores Share twitter facebook linkedin- first dead penis bird (Score:-1) by neal n bob ( 531011 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:38AM (#3077655) Homepage Journal man this site really, really sucks. Hardly makes it worth mentioning that you can kiss my grits. Share twitter facebook linkedin
-
Re:first dead penis bird
(Score:-1)
by Dead Penis Bird ( 524912 ) writes: Alter Relationship
on Wednesday February 27, 2002 @03:43AM (#3077687)
Homepage
You said it! Even the FP's have gotten boring. Methinks we need to spice it up a bit.
--
If I weren't nailed to the penis, I'd be pushing up the daisies!
Parent Share twitter facebook linkedin
- What's complicated about FreeSWAN? (Score:4, Interesting) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:39AM (#3077660) They have excellent documentation and they keep the documentation trees for older versions online. Installation is as complicated as running a skript and installing the recompiled kernel, if even that. I guess it never hurts to have more documentation, but saying that IPSec is "a difficult beast to ride" produces more awe than necessary. Share twitter facebook linkedin
- Re:What's complicated about FreeSWAN? (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:45AM (#3077703) Overrated, maybe. But redundant? Parent Share twitter facebook linkedin
-
Re:What's complicated about FreeSWAN?
(Score:5, Insightful)
by Starship Trooper ( 523907 ) writes: Alter Relationship
on Wednesday February 27, 2002 @03:49AM (#3077724)
Homepage
Journal
What's complicated about FreeSWAN?
Well, a LOT. Not if you're deeply involved technically in the project, but if you back out and take the perspective of someone who's never used a VPN, plenty.
A lot of people don't even think about the fact that there's a separate protocol field in IP, or that people run any IP protocol but UDP or TCP. Getting 50/51 through your existing firmware firewall can be a real trick. FreeSWAN requires you to be able have the GNU Multi-Precision library installed for the crypto calculations before you compile it. Unless your distro can with FreeSWAN, you have to recompile your kernel with modifications.
And, like many tools, there's no single graphical GUI; unlike SAMBA's excellent SWAT, there's nothing to lead you to ipsec.conf or ipsec.secrets. There's a LOT of reading to be done.
Ok, so, for you or me, it's easy. Maybe a day of reading tops. But compare that to the commercial world where an application must install and be configured from a GUI in a few hours, and FreeSWAN is... nearly a toy. It's unusable in a business environment. As soon as you say "compile", a CTO is going to turn down your volume.
It's cool, but don't call it uncomplicated. That's part of it's coolness (-;
--
Loneliness is a power that we possess to give or take away forever Parent Share twitter facebook linkedin-
Re:What's complicated about FreeSWAN?
(Score:3, Insightful)
by smcavoy ( 114157 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:30AM (#3077979)
I use Freeswan in a production environment. I have Embedded Linux routers using freeswan connecting to Linux boxes. They VPNs are relatively simple, 2 outgoing connections to central
systems. I did find there was a large learning curve at the beginning, but now it takes 5 min to setup a new vpn tunnel. The systems have been extremely reliable. I've never had a problem (other than net congestion) with keeping the tunnels up. A lot of the tunnels have 80+ days of uptime. As for compiling, most modern distros include IPSec (trustix, mandrake, etc.) or there are options like Astaro. Having a CTO "turn down your volume" based on the fact that you have to compile software, doesn't say anything about the quality or reliability of the software, that's a personal decision by CTO not to use OSS. I do agree it's not point and click, and that would be nice, but to say it's unusable in a business environment is just untrue. It's not pretty but it works, and works well. Parent Share twitter facebook linkedin -
Re:What's complicated about FreeSWAN?
(Score:0)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @04:54AM (#3078169)
How right you are. As a system admin that has always used windows or dos. I am tring to change. I want to start using some Linux servers here, but one of the things that I want to use is free/swan. It does seem great, but as a 1 person IT department I have not found the time that I need to read and understand the documentation on swan. Do I want a GUI Heck yes. Do I still want access to the
Let the flames begin!!!! Parent Share twitter facebook linkedin-
Re:What's complicated about FreeSWAN?
(Score:3, Insightful)
by disappear ( 21915 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:03AM (#3078246)
Homepage
one of the things that I want to use is free/swan. It does seem great, but as a 1 person IT department I have not found the time that I need to read and understand the documentation on swan. Do I want a GUI Heck yes.
With security software in general, and VPN software in particular, that's a very, very dangerous attitude: a GUI may fool you into thinking that you understand what's going on when in reality you haven't a clue. With most software, that's not an issue, but with security software, that can compromise the very goal you're trying to achieve.
I dont want to do away with the command line at all. I love it for a lot of what I do, but when I want to make changes or try out some new tools I dont want to have to spend 1-2 days reading ALL the docs just to know where to start.
How many days do you want to spend cleaning up after a security incident that occurred because the GUI let you get away without spending two days reading documentation? How much time will you save in the long run if every time you save two days reading documentation you spend three days cleaning up?
(We lose money on every item --- but we make it up in volume!)
Parent Share twitter facebook linkedin-
Re:What's complicated about FreeSWAN?
(Score:1)
by BeNude ( 28969 ) writes: Alter Relationship
on Wednesday February 27, 2002 @11:15AM (#3081147)
Homepage
I would disagree with you about the usefulness of a GUI to implement VPN's or firewalls.
First of all, a GUI interface, if it is well-designed, can provide every bit as much control over the underlying security behavior of a firewall as any command-line interface. Furthermore, a GUI allows an administrator to spend less time trying to deal with syntax, etc., and more time on building a ruleset that is secure.
Someone who has done the reading and understands how firewalls and VPN's work will appreciate a GUI because of this.
For those who don't fully understand how firewalls and VPN's work, a GUI at least provides a reasonable learning environment and early attempts at a ruleset will probably more secure anyhow.
Parent Share twitter facebook linkedin-
Re:What's complicated about FreeSWAN?
(Score:3, Insightful)
by disappear ( 21915 ) writes: Alter Relationship
on Wednesday February 27, 2002 @12:30PM (#3081528)
Homepage
I would disagree with you about the usefulness of a GUI to implement VPN's or firewalls.
I never said a GUI wasn't useful to implement VPNs. Just that it was dangerous to implement them without reading the documentation, a problem that a GUI makes worse only because it tricks people into thinking they can get away without it.
Parent Share twitter facebook linkedin
-
Re:What's complicated about FreeSWAN?
(Score:3, Insightful)
by disappear ( 21915 ) writes: Alter Relationship
on Wednesday February 27, 2002 @12:30PM (#3081528)
Homepage
-
Re:What's complicated about FreeSWAN?
(Score:1)
by BeNude ( 28969 ) writes: Alter Relationship
on Wednesday February 27, 2002 @11:15AM (#3081147)
Homepage
I would disagree with you about the usefulness of a GUI to implement VPN's or firewalls.
-
IANACLB
(Score:4, Interesting)
by hey! ( 33014 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:21AM (#3078804)
Homepage
Journal
IANACLB (I Am Not a Command Line Bigot), but doing better than a CLI interface in an area like this is a tall order. It's not something you can just slap onto the product in a few days (as most VPN box configuration GUIs I've seen appear to be).
The problem with the GUI interfaces I have seen is that they really don't give you any effective conceptual support. You have to figure out the topology and requirements of your network, then you do this bit of intellectual gymnastics that turns these global requirements and properties into settings for each individual box, THEN you sit down at your GUI. At that stage, the GUI can have very little benefit, since you are talking about a half dozen relatively simple commands you need to type in. In fact, typing them in means you can keep them in a little word processor file and send them to the box over and over again with little changes -- good for setting up multiple boxes or for playing around with a single box you are repeatedly pin-resetting.
To really help a person like you who doesn't have time to bone up on every box you are working with, what you really need is something that is kind of a cross between a network management system and a CAD system. You would sketch out your network, and drop little dollops of distinctively colored "paint" on each network or host that needs to participate in some virtual network. The system would then output configurations to download to each of the participating firewalls or hosts.
A GUI that just configures and individual box does practically nothing for you.
--
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure. Parent Share twitter facebook linkedin
-
Re:What's complicated about FreeSWAN?
(Score:3, Insightful)
by disappear ( 21915 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:03AM (#3078246)
Homepage
-
Where to get Freeswan packages for Red Hat
(Score:2)
by Nailer ( 69468 ) writes: Alter Relationship
on Wednesday February 27, 2002 @10:47AM (#3080965)
Unless your distro can with FreeSWAN, you have to recompile your kernel with modifications.
Non-US distributions like SuSE and Debian can include Freeswan in their list of apps. US based ones like Red Hat can't. But some lovely fellows at Steambaloon (a Linux security consulting firm - no, I work for someone else) produce source and binary packages of the original and updated Red Hat kernels (with the AC patches, extensive testing, and old 2.4 VM) with Klips, the kernel level part of ipsec, compiled in.
Parent Share twitter facebook linkedin -
How stupid is the CTO?
(Score:1)
by SharpNose ( 132636 ) writes: Alter Relationship
on Wednesday February 27, 2002 @11:21AM (#3081178)
Journal
Let's see: provided I know FreeSWAN, I can grab a machine and start setting it up immediately. If I want to get something commercial and very expensive, I have to fill out how many forms, get approval from how many people, wait for it to get ordered how long? Exactly where are you starting your clock when you say "configured from GUI in a few hours?"
Parent Share twitter facebook linkedin
-
Re:What's complicated about FreeSWAN?
(Score:3, Insightful)
by smcavoy ( 114157 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:30AM (#3077979)
I use Freeswan in a production environment. I have Embedded Linux routers using freeswan connecting to Linux boxes. They VPNs are relatively simple, 2 outgoing connections to central
-
Re:What's complicated about FreeSWAN?
(Score:3, Interesting)
by LWolenczak ( 10527 ) writes: Alter Relationship
<julia@evilcow.org>
on Wednesday February 27, 2002 @04:25AM (#3077934)
Homepage
Journal
The FreeS/WAN people don't document everything that you can do with frees/wan. Its very neat when you get down to the point where your playing with dozens of tunnels confiugred every which way.
One of the things that they don't tell you how to do, i guess so they don't get asked questions, is how to put gre traffic inside of an ipsec tunnel and make it work right. Also, it seems to have slipped by that you CAN make two linux 2.4 secure gateways talk to each other over the ipsec tunnel.
I have a couple samples of some of the neat things I have done at http://lwolenczak.net/ipsec.html Parent Share twitter facebook linkedin -
Re:What's complicated about FreeSWAN?
(Score:3, Interesting)
by Etyenne ( 4915 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:40AM (#3078498)
Complicated thing with FreeSWAN
- Client behind NAT
- Left/Right side nomenclature really confuse me; they could have used "peers" or client/server, I don't know
- Recompiling kernel; easy if you have a single box, quite hard when you manage 30+. Plus it require you to commit the sin of rebooting the machine.
At work, we have choosen CIPE for Linux-Linux VPN. It is totally userland, come stock on recent RedHat version and is available as RPM; all that make it is easy to install and upgrade on a lot of machines. Plus the config file is really dumb-proof. We are stuck using PPTP for Windows-Linux VPN because that's all the Windows monkeys know about. --
:wq Parent Share twitter facebook linkedin-
Re:What's complicated about FreeSWAN?
(Score:1)
by pivo ( 11957 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:17AM (#3078772)
From my understanding of FreeSWAN, it's not intended to connect many machines to a central point, for example a VPN for home manchines connected to a central office. It's intended to link offices together. So you should only have to install it on the specific machines that link those offices. If you're company's so big or disperse that you have thirty officies, then I guess you would have to recompile each kernel, though you'd be smarter to have identical machines and build the kernel once then distribute it to each machine.
We use PPP over SSH for our home/office VPN for Linux and Solaris. It works very well and since it was originally a skunworks project, we didn't even have to get IT to open any new ports since SSH was already supported. Parent Share twitter facebook linkedin
-
Re:What's complicated about FreeSWAN?
(Score:1)
by pivo ( 11957 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:17AM (#3078772)
From my understanding of FreeSWAN, it's not intended to connect many machines to a central point, for example a VPN for home manchines connected to a central office. It's intended to link offices together. So you should only have to install it on the specific machines that link those offices. If you're company's so big or disperse that you have thirty officies, then I guess you would have to recompile each kernel, though you'd be smarter to have identical machines and build the kernel once then distribute it to each machine.
-
Re:What's complicated about FreeSWAN?
(Score:2)
by LinuxGeek8 ( 184023 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:57AM (#3079084)
Homepage
I am struggling for some time now to get it going, but I still do not understand how it works.
On my end I have a linux firewall with iptables.
And what I could not figure out is what to do with the packet filtering, do I need to accept traffic over 50/ip on the ipsec0 interface or the eth0 interface. Same question for the 500 udp/ip traffic.
And the other part of the network is connected to a freebsd server with racoon running. That is a completely different ipsec implementation. At least for configuring it is different.
I believe running a packet filter is quite hard if you want to do it right. You have to understand networking and just play with for a few weeks just to understand it.
If anyone would tell me he has a secure packet filter running, but cannot explain how it works, I just cannot believe it. You just have to know what you are doing.
Same with ipsec.
Ipsec is not only networking, but also crypto.
So there is more you need to know about it, and it adds extra complexity to firewalling. --
Well, don't worry about that. We can get you back before you leave. (Dr. Who)
Parent Share twitter facebook linkedin-
Re:What's complicated about FreeSWAN?
(Score:1)
by pfunkmallone ( 89539 ) writes: Alter Relationship
on Thursday February 28, 2002 @09:44AM (#3086925)
On your eth0 interface of the firewall, you need to allow 500 udp, and 50 tcp (if you're using ESP which is default). This allows the IPSEC peers to setup the tunnel. http://www.freeswan.org/freeswan_trees/freeswan-1
. 95/doc/firewall.html
According to the FreeSwan folks, no firewalling NEEDS to be done on the ipsec0 interfaces, as all packets coming through this tunnel are already being disassembled and "cleaned-up" by freeswan itself. Parent Share twitter facebook linkedin
-
Re:What's complicated about FreeSWAN?
(Score:1)
by pfunkmallone ( 89539 ) writes: Alter Relationship
on Thursday February 28, 2002 @09:44AM (#3086925)
On your eth0 interface of the firewall, you need to allow 500 udp, and 50 tcp (if you're using ESP which is default). This allows the IPSEC peers to setup the tunnel. http://www.freeswan.org/freeswan_trees/freeswan-1
- Women of the world, Stop sucking dick! (Score:-1, Troll) by Anonymous Coward writes: on Wednesday February 27, 2002 @03:46AM (#3077705) Women of the world, it is time to stop sucking dick!
Sucking dick is the ultimate act of subservience;
a woman sucking dick not only gets no orgasm for
her work, but gets a mouthfull of what can only
be described as warm rancid milk for her efforts.
This sexual slavery must be stopped!
Women, reclaim your mouths, and
STOP
SUCKING
DICK! Share twitter facebook linkedin-
Re:Women of the world, Stop sucking dick!
(Score:-1)
by SweetAndSourJesus ( 555410 ) writes: Alter Relationship
<JesusAndTheRobot.yahoo@com>
on Wednesday February 27, 2002 @04:07AM (#3077832)
blasphemer.
I'm a guy. Can I still suck dick? I really enjoy sucking cock, as do many of my female friends.
--
--
the strongest word is still the word "free" Parent Share twitter facebook linkedin - Re:Women of the world, Stop sucking dick! (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:07AM (#3077834) So, this means you prefer getting your dick sucked by men, right? Parent Share twitter facebook linkedin
- Alan Thicke. DEAD. (Score:-1) by Alan_Thicke ( 553655 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:47AM (#3077709) Journal I just heard the sad news on CBC radio. Comedy actor/writer Alan Thicke was found dead in his home this morning. Even if you never liked his work, you can appreciate what he did for 80's television. Truly a Canadian icon.
He will be missed
Show me That Smile (The Growing Pains Theme Song):Show me that smile again.
--
Ooh show me that smile.
Don't waste another minute on your crying.
We're nowhere near the end.
We're nowhere near.
The best is ready to begin.
As long as we got each other
We got the world
Sitting right in our hands.
Baby rain or shine;
All the time.
We got each other
Sharing the laughter and love.
Alan Thicke's Journal
My Slashdot ads say " Share twitter facebook linkedin- why? (Score:0) by tplayford ( 308405 ) writes: Alter Relationship <tom@sai[ ]taly.com ['l-i' in gap]> on Wednesday February 27, 2002 @03:51AM (#3077734) I'm sure this book is very usefull etc. But I've set up serveral internationl linux based VPN's now and it really isn't that difficult.
I suppose this is the same for almost all computer books, easy if you know how...
Share twitter facebook linkedin-
Re:why?
(Score:2, Insightful)
by MonkeyBot ( 545313 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:09AM (#3077844)
Sometimes, there are special constraints on the networks you are working with. For instance, I need to use stuff that uses IP, but since PPP over SSH is strictly TCP, I can't use that option. Moreover, my boss is a paranoid guy that doesn't trust some 24-year-old punk (me) to run his firewalls, so both offices have managed firewalls through different ISPs, ruling out the possibility of a single ISP routing traffic over its network to the other office so that I don't have to do anything. This adds additional constraints because since I can't control the firewall without going through pains with both ISPs for several days, I can't even open a port for something like PPTP (which I really wouldn't want to do anyway). Granted, I can probably find out what I need to know from a Google search, but it would be nice to have all the common VPN solutions covered--even just introduced--in a book format. I'm buying it.
Parent Share
twitter
facebook
linkedin
-
Re:why?
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @08:10AM (#3079648)
Of course, ppp over ssh implies a full IP tunnel using ppp with ssh underneath, IP in TCP encapsulation, essentially. You get full IP functionality this way, though the architecture is horribly flawed (TCP connections run with TCP somewhere underneath, very bad when packets get loss and two layers start doing recovery).
Now ssh without ppp on top supports only TCP tunnels, I'll assume that is what you are talking about. A statement that says you need to use IP, but you only get TCP sounds really goofy, since TCP rides on top of IP, phrasing it with the protocols you need (i.e. udp, icmp, etc) would have made the post more sensible (that and omitting ppp...). If I heard someone make the statement you just made I wouldn't trust them with firewall configuration either...
--
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin -
Re:why?
(Score:2)
by Pii ( 1955 ) writes: Alter Relationship
<jedi.lightsaber@org>
on Wednesday February 27, 2002 @08:31AM (#3079810)
Journal
What do you mean, "PPP over SSH is strictly TCP?"
Are you saying that ICMP, or UDP, traffic is unable to utilize this tunnel?
That is certainly not correct. Just as PPP carries all of your IP traffic (any protocol) between your home and your ISP, a PPP over SSH tunnel will also carry whatever you need it to.
--
For those that would die defending it, Freedom
has a sweet taste that the protected will never know. Parent Share twitter facebook linkedin
-
Re:why?
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @08:10AM (#3079648)
Of course, ppp over ssh implies a full IP tunnel using ppp with ssh underneath, IP in TCP encapsulation, essentially. You get full IP functionality this way, though the architecture is horribly flawed (TCP connections run with TCP somewhere underneath, very bad when packets get loss and two layers start doing recovery).
-
Re:why?
(Score:2)
by Bender Unit 22 ( 216955 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:13AM (#3079206)
Journal
It's not when it works you need the books. It's when it doesn't work you'd wish you had the book.
I have configured a VPN with the help of a HOW-TO page and it worked. B
ut when you want to do larger setup's in the "real" world. All kinds of questions comes and demands comes to mind and it's nice to be on top of things and be able to say from the first meeting, what is possible and what is not. Parent Share twitter facebook linkedin
- Garsh (Score:-1) by Guns n' Roses Troll ( 207208 ) writes: Alter Relationship on Wednesday February 27, 2002 @03:51AM (#3077735) Homepage I never knew that a high-steppin' yella could do that.
Share twitter facebook linkedin- VPN hardware (Score:1, Troll) by pokka ( 557695 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:02AM (#3077793) Building VPNs is a pain in the ass, regardless of whether you're using windows NT/2k or linux. Microsoft's documentation is sketchy (and in some cases completely wrong), and there are very few sources for building a VPN in Linux.
This book may make it easier to build a VPN, but it's kind of obsolete, now that the Linksys VPN router has been released, making it a matter of plugging in and turning on. Of course, if you have plenty of free time, but very little money, you might go for the book instead. Share twitter facebook linkedin- Re:VPN hardware (Score:-1, Offtopic) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:17AM (#3077888) Heck of a troll. Good Job! Parent Share twitter facebook linkedin
- Re:VPN hardware (Score:2, Interesting) by Cyno ( 85911 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:38AM (#3078046) Journal ...or if you're worried about security. I never trust commercial companies to deliver secure code. Specially if they keep it closed source. Unless you want to flash the rom on this thing every few weeks I'd just read up on a linux ppp over ssh solution and write some scripts to keep that software updated. Parent Share twitter facebook linkedin
- Re:VPN hardware (Score:1) by starpool ( 562363 ) writes: Alter Relationship on Wednesday February 27, 2002 @02:12PM (#3081956) We started out making slow progress with FreeS/WAN trying to connect to a Raptor Firewall, and thought we'd try to take the easy way out and use two Linksys VPN Routers. Bottom line: the LVRs will only allow one Class C subnet access to the tunnel. Since we have multiple subnets at 4 different locations, the LVR is disqualified, at least for now. (Maybe Linksys will add this capability to future firmware.) So we're back to FreeS/WAN and Raptor...now if I can just get that book at my local BN. Parent Share twitter facebook linkedin
- What's wrong with PPTP? (Score:4, Interesting) by Jacco de Leeuw ( 4646 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:06AM (#3077826) Homepage PPTP is often used for 'road warrior' setups, i.e. people working from home or on the road. It's cheap because there are free (as in speech) PPTP servers for Linux and the Windows PPTP clients are free too (as in beer). In contrast, Windows IPSEC clients are often expensive.
So, what's wrong with it then? Well, the security of PPTP apparently depends on the password. A German student has written software which can crack the password in a couple of hours on a Pentium II.
c't (Heise) reported about this.
--
-------
Warning: Slashdot may contain traces of nuts.
Share twitter facebook linkedin- Re:What's wrong with PPTP? (Score:2, Informative) by Anonymous Coward writes: on Wednesday February 27, 2002 @04:19AM (#3077901) It's Point-to-Point Tunneling Protocol and thus more limited than IPSec which can be used in routed mode and can connect arbitrary networks. Parent Share twitter facebook linkedin
-
Re:What's wrong with PPTP?
(Score:3, Interesting)
by FallLine ( 12211 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:25AM (#3077939)
Well firstly, Microsoft's implimentation of PPTP is insecure, buggy on the client side (and the server side, where their server is used), and has a hard time supporting multiple clients in a NAT environment.
Secondly, a lot of older hardware has little to no support for the GRE protocol that PPTP depends on. Thus many people simply can't use it.
Thirdly, it's virtually impossible to get two people connecting to the same VPN behind the same NAT network on any hardware. The nature of GRE makes it very difficult since it has no concept of port to diffentiate between packets, only source and destination IP. Unfortunately, NAT is very common these days so this really does matter. Parent Share twitter facebook linkedin-
Re:What's wrong with PPTP?
(Score:0, Troll)
by icedivr ( 168266 ) writes: Alter Relationship
on Wednesday February 27, 2002 @09:44AM (#3080500)
If it's so insecure, why aren't people getting cracked all the time?
Secondly, since when does hardware support a networking protocol in the absense of software? Any machine that can run 95 or 98 can run PPTP. They have pretty modest hardware requirements by today's standards.
Thirdly, I have created multiple outbound pptp tunnels behind an ICS connection. It can be done.
Parent Share twitter facebook linkedin
-
Re:What's wrong with PPTP?
(Score:0, Troll)
by icedivr ( 168266 ) writes: Alter Relationship
on Wednesday February 27, 2002 @09:44AM (#3080500)
If it's so insecure, why aren't people getting cracked all the time?
-
Re:What's wrong with PPTP?
(Score:3, Informative)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:40AM (#3078066)
Just FYI, but Win2k and newer (at least) include native IPSEC support that can interoperate with FreeS/WAN and such. Other systems, well, they are intended for home use that doesn't need that functionality..
--
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin-
Wrong: Win2K IPSEC uses L2TP for tunneling
(Score:1)
by Xenophon Fenderson, ( 1469 ) writes: Alter Relationship
<xenophon+slashdot@irtnog.org>
on Wednesday February 27, 2002 @06:24AM (#3078826)
Homepage
Windows 2000/XP's support for IPSEC is limited to transport mode. Tunnelling is handled by Cisco's Layer 2 Tunnelling Protocol (L2TP). Unless FreeS/WAN and KAME now support L2TP, IPSEC VPNs using Windows-native clients are limited to routable IP addresses all the way around.
Now NAT is evil---ask my friends, I rant about it all the time---but in the real world, one must be able to tunnel VPN traffic at least in one direction (into the company). Without support for L2TP in FreeS/WAN or commercial IPSEC clients in Windows, one cannot currently do this.
Please, I beg you, prove me wrong. I've been struggling to get Windows IPSEC working with KAME for some time now. And my copy of Cisco's Unity VPN client doesn't work on XP.
--
I'm proud of my Northern Tibetian Heritage Parent Share twitter facebook linkedin-
Re:Wrong: Win2K IPSEC uses L2TP for tunneling
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:40AM (#3079371)
L2TPd for linux exists, separate from FreeS/WAN. Though commonly coupled with IPSEC, L2TP is separate. I have heard reports that FreeS/WAN+l2tpd can be used to provide the functionality you describe to have a pretty solid VPN with FreeS/WAN and Windows ends.
http://www.marko.net/l2tp/
A bit dated, but reportedly still functional...
Now as far as getting connectivity to Cisco with Windows with tunneling, I have no idea, never tried... --
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
-
Re:Wrong: Win2K IPSEC uses L2TP for tunneling
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:40AM (#3079371)
L2TPd for linux exists, separate from FreeS/WAN. Though commonly coupled with IPSEC, L2TP is separate. I have heard reports that FreeS/WAN+l2tpd can be used to provide the functionality you describe to have a pretty solid VPN with FreeS/WAN and Windows ends.
-
Re:What's wrong with PPTP?
(Score:2)
by Nailer ( 69468 ) writes: Alter Relationship
on Wednesday February 27, 2002 @01:37PM (#3081785)
Win2k and newer (at least) include native IPSEC support that can interoperate with FreeS/WAN and such
Excellent - do you have any documentation on how to do this? Parent Share twitter facebook linkedin-
Re:What's wrong with PPTP?
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:41PM (#3082448)
http://www.freeswan.org/freeswan_trees/freeswan-1
. 95/doc/interop.html
contains some links, right now the tripod exceeded bandwidth, and that is the one with Windows interop. instructions, but I have seen it and it looks pretty solid. --
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
-
Re:What's wrong with PPTP?
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:41PM (#3082448)
http://www.freeswan.org/freeswan_trees/freeswan-1
-
Wrong: Win2K IPSEC uses L2TP for tunneling
(Score:1)
by Xenophon Fenderson, ( 1469 ) writes: Alter Relationship
<xenophon+slashdot@irtnog.org>
on Wednesday February 27, 2002 @06:24AM (#3078826)
Homepage
-
Re:What's wrong with PPTP?
(Score:2, Informative)
by jeremiahstanley ( 473105 ) writes: Alter Relationship
<miah AT miah DOT org>
on Wednesday February 27, 2002 @04:45AM (#3078100)
Homepage
With Win2k you can get this little patch and then you have a free as in beer IPSec implementation provided by Microsoft under Win2k. It even supports x509 certs. IPSec clients are not that expensive. Look at SSH Sentinal for another option. It even supports the newer AES ciphers (which I don't expect out of Microsoft for a long time)as added security.
For all of this you have to patch the code to use the newer ciphers. You can get that here and if you need to use x509 certs you can get that stuff here. This is all pretty easy if you have you druthers about compiling new kernels and working with OpenSSL.
Why this isn't in the kernel to begin with is anybody's guess. I would guess that it has something to do with all those pesky crypto export laws. Just like everything else in the ol US of A we have to sacrifice our freedoms so that we can be safe from the KGB and that one guy from Hackers. --
Hire me... Parent Share twitter facebook linkedin -
Its damn slow
(Score:1)
by moankey ( 142715 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:08AM (#3078275)
From testimonies of traveling whatevers the people always complain that PPTP is very sloooow. They preferred using RAS in place, albeit a very expensive phone bill.
Most were of course higher level execs so their complaining actually mattered. Parent Share twitter facebook linkedin -
Re:What's wrong with PPTP?
(Score:0)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @05:19AM (#3078347)
So, what's wrong with it then? Well, the security of PPTP apparently depends on the password. A German student [uni-freiburg.de] has written software which can crack the password in a couple of hours on a Pentium II.
Thank god I'm not in Germany!!!! Parent Share twitter facebook linkedin -
Re:What's wrong with PPTP?
(Score:0)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @05:26AM (#3078396)
You can buy PGPnet (IPsec client) in most office depots , office max, or Circuit City for $39. It has the same functionality as the NAI version.
Parent Share
twitter
facebook
linkedin
-
PGPnet
(Score:3, Informative)
by Jacco de Leeuw ( 4646 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:37AM (#3078474)
Homepage
That's because NAI doesn't know what to do with it. Could they be dumping the product for $39? They want to sell off some parts currently included with PGPnet. There's some uncertainty if you buy the product. Will they update it? Will they fix bugs?
--
-------
Warning: Slashdot may contain traces of nuts.
Parent Share twitter facebook linkedin
-
PGPnet
(Score:3, Informative)
by Jacco de Leeuw ( 4646 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:37AM (#3078474)
Homepage
That's because NAI doesn't know what to do with it. Could they be dumping the product for $39? They want to sell off some parts currently included with PGPnet. There's some uncertainty if you buy the product. Will they update it? Will they fix bugs?
--
-
wireless PPTP == readable password file
(Score:1)
by nealmcb ( 125634 ) writes: Alter Relationship
on Friday March 01, 2002 @04:59AM (#3091216)
Homepage
The Heise article is in German, but refers to
the original paper which is
in English
Normally, the file
--With this said, it is clear why we believe Microsoft's PPTP implementation isn't suitable for securing wireless networks.
--Neal
Parent Share twitter facebook linkedin
Go IETF!
- Problem is getting Management to go along (Score:2, Interesting) by Cy Guy ( 56083 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:27AM (#3077946) Homepage Journal I think the priority should be getting management to understand the importance of using standard protocols instead of proprietary ones.
Having a book like this one is great if you want to familiarize yourself with the standards and how to implement them on Linux, but the much harder task is getting Management, particularly at larger companies, to see the benefit of implementing a standards based VPN where the users can use any standards based client over any TCP/IP network.
Instead what I see is managers that want to buy a single product that comes with both the server and client applications, but then doesn't work or is hard to implement when the clients are trying to access the VPN from a cablemodem, DSL, or 802.11 connected machine, and don't (God forbid) want to use MSIE and Citrix on Windows to get onto the office network.
--
Work for Change & GET PAID! Share twitter facebook linkedin-
Re:Problem is getting Management to go along
(Score:0)
by MojoReisen ( 218327 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:00PM (#3082501)
Journal
You've got that right.
We're tasked with supporting Citrix IE-ALE Windows VPN clients with FlowPoint modems or Instant Internet boxes over DSL. Of course it is completely unrealiable.
The task is truly Herculean. They (vendors)all point their fingers at each other, and I'm waist-deep in IPSec, MTU's
--
"Nothing is impossible for the man who refuses to listen to reason" Parent Share twitter facebook linkedin
- Can't beat SSH (Score:2, Insightful) by schlach ( 228441 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:27AM (#3077953) Journal for simple encrypted forwarding
LocalForward 8080 theproxy:8080
LocalForward 25 thesmtp:25
LocalForward 143 theimap:143
Don't forget your '-g' =) Share twitter facebook linkedin-
SSH != VPN. That's a good thing.
(Score:1)
by Brian Hatch ( 523490 ) writes: Alter Relationship
<<bri> <at> <ifokr.org>>
on Wednesday February 27, 2002 @06:32AM (#3078902)
Homepage
Journal
We have a section about when a VPN is not what you need, and these are the exact kind of examples when a VPN is unnecessary overkill.
As a side note, if you use '-g', make sure you have iptables/ipchains/hosts.{allow|deny} rulesets enabled to make sure that only authorized machines can use the gateway. Otherwise anyone in the world can use your encrypted tunnel.
Parent Share twitter facebook linkedin-
Re:SSH != VPN. That's a good thing.
(Score:2)
by brassrat77 ( 9533 ) writes: Alter Relationship
on Wednesday February 27, 2002 @09:33AM (#3080403)
As a side note, if you use '-g', make sure you have iptables/ipchains/hosts.{allow|deny} rulesets enabled to make sure that only authorized machines can use the gateway.
This is an EXCELLENT POINT that CANNOT BE OVEREMPHASIZED.
I recently had to set up tunnels to allow a set of NAT'd workstations (laptops runnin a mix of Linux and W2K) access a system on the inside of a remote firewall where SSH was the only available securable protocol. We needed to use the "-g" switch, and the need for filtering access was immediately apparent.
We ended up using a set of scripts to build the tunnel, including the necessary iptables rules.
As an aside, I'd check if hosts.allow|deny rules are sufficient - I think the ssh tunnel would make all connections appear to be coming from the host running the tunnel. (Can't check for myself right now)
Parent Share twitter facebook linkedin
-
Re:SSH != VPN. That's a good thing.
(Score:2)
by brassrat77 ( 9533 ) writes: Alter Relationship
on Wednesday February 27, 2002 @09:33AM (#3080403)
As a side note, if you use '-g', make sure you have iptables/ipchains/hosts.{allow|deny} rulesets enabled to make sure that only authorized machines can use the gateway.
- The main problem with IPSEC... (Score:5, Insightful) by Junta ( 36770 ) writes: Alter Relationship on Wednesday February 27, 2002 @04:48AM (#3078126) IPSEC is wonderful, but many businesses don't think things through and use it for telecommuting. Why is this bad? Well, the way this works is that someone connects to the VPN system and gets a full tunnel that allows the authorized client to behave on the internal network as if it was actually there, bypassing the firewall. The problem here is pretty obvious. The client machine is not protected by a firewall,a nd so if the client is compromised, an attacker has a clear path straight past the firewall. So the effectiveness of the firewall is greatly reduced.
Now if you don't have a firewall protectecting the network, this won't hurt, but if you do, then a solution like ssh is somewhat more secure, as you only set up the tunnels you absolutely need to very specific hosts. While there is still a risk, it is greatly reduced and strikes a good balance between usability and security.
What IPSEC *is* good for is seamlessly connecting sites together without really expensive dedicated lines securely. While it makes no guarantee as to bandwidht or availability, it does provide almost the same level of security. If a company can't afford lines to sites but still wants to expand, IPSEC is ideal. I use it to connect my home private network to a friends home private network. The key here is that not only do you have to trust the clients whose keys you permit to connect, but you must also trust that the administrator of that client machine or network is sufficiently competent to keep his network secure, as the security of the two networks is tied a lot more closely together... --
XML is like violence. If it doesn't solve the problem, use more. Share twitter facebook linkedin-
Re:The main problem with IPSEC...
(Score:1, Informative)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @04:58AM (#3078205)
Actually, this is bypassed by disabling split tunneling (allowing the client machine to access the internet "directly" and accessing the VPN tunnel).
-m
Parent Share twitter facebook linkedin-
Re:The main problem with IPSEC...
(Score:2)
by j7953 ( 457666 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:19AM (#3079240)
Actually, this is bypassed by disabling split tunneling (allowing the client machine to access the internet "directly" and accessing the VPN tunnel).
Well, but that doesn't prevent the telecommuter's computer to become compromised with some background logging software that'll collect information when connected to the company network, and send it to the attacker when connected to the internet.
Of course, using an SSH tunnel also doesn't solve that problem.
The only real option is to assign IPs from a different subnet to the telecummters' home computers, and having a firewall between that subnet and the rest of the company network that'll not allow access to certain ressources that are especially critical. And, of course, the telecommuters must be educated about the security issues.
--
Sig (appended to the end of comments I post, 54 chars) Parent Share twitter facebook linkedin
-
Re:The main problem with IPSEC...
(Score:2)
by j7953 ( 457666 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:19AM (#3079240)
-
Re:The main problem with IPSEC...
(Score:2, Informative)
by icedivr ( 168266 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:10AM (#3078285)
Your beef can be easily solved by ensuring that the remote machine's default route is down the tunnel.
As far as I'm concerned, a bigger threat is the road warrior laptop not having adequate virus protection. (VP of Sales does insist on Windows, doesn't he?) Desktops behind the firewall presumably have multiple layers of protection in front of them, the road warrior, maybe not. Parent Share twitter facebook linkedin-
Re:The main problem with IPSEC...
(Score:2)
by Jacco de Leeuw ( 4646 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:31AM (#3078432)
Homepage
... a bigger threat is the road warrior laptop not having adequate virus protection.
Agreed. Especially trojans. So, how does one secure the terminal? Boot from Read Only media? Use a thin client?
--
-------
Warning: Slashdot may contain traces of nuts.
Parent Share twitter facebook linkedin
-
Re:The main problem with IPSEC...
(Score:2)
by Jacco de Leeuw ( 4646 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:31AM (#3078432)
Homepage
... a bigger threat is the road warrior laptop not having adequate virus protection.
-
Re:The main problem with IPSEC...
(Score:2)
by Shoten ( 260439 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:29AM (#3078417)
So, you're saying the main problem with IPSEC is that it's not a magic bullet? Nothing is...get over it. I've heard people say the same about firewalls, saying how firewalls make people think that they're totally secure, so they no longer patch systems or pay attention. That may be true sometimes, but it's still not a valid argument that firewalls are flawed. Security isn't one box or one piece of software, and saying that one has a problem because it doesn't blanket everything is like criticizing deadbolts because thieves can still break a window to get into your home.
--
For your security, this post has been encrypted with ROT-13, twice. Parent Share twitter facebook linkedin-
Re:The main problem with IPSEC...
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:53AM (#3079060)
Right, but I was saying that IPSEC is not only not a magic bullet (that is to be expected) but companies outright misuse the technology without any serious thought. They invest tons in making sure they have tight firewalls and policies that prohibit people from hooking up modems to the outside world (internet without firewall), and yet repeat the mistake in a different form time and time again. It would be nice to establish trusted connections to telecommuters, but it just simply can never be secure enough (well, maybe if the telecommuter is the same person who designed the corporate security and takes home security equally seriously, but not worth finding out).
--
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin-
Re:The main problem with IPSEC...
(Score:2)
by Shoten ( 260439 ) writes: Alter Relationship
on Thursday February 28, 2002 @03:15AM (#3084102)
I see your point, but at that stage of the game, it's not the technology that is to blame. Any solid technology will be a problem if it is not part of a sound, well-thought out implementation. There are ways around the problem as well, however; for example, Checkpoint VPNs can push a security policy out to the client upon connection, enforcing a firewall policy at the end point and prohibiting network communications between that point and any node besides the VPN gateway. But that's a whole other ball of wax, and returns to the issue of making wise choices when rolling out technology.
The bottom line is, VPNs make it possible to do things in business that aren't cost-effective any other way, and businesses are there to make money, not to be secure. It's a trade-off, and if the return outweighs the risk, it's worth the risk.
--
For your security, this post has been encrypted with ROT-13, twice. Parent Share twitter facebook linkedin
-
Re:The main problem with IPSEC...
(Score:2)
by Shoten ( 260439 ) writes: Alter Relationship
on Thursday February 28, 2002 @03:15AM (#3084102)
I see your point, but at that stage of the game, it's not the technology that is to blame. Any solid technology will be a problem if it is not part of a sound, well-thought out implementation. There are ways around the problem as well, however; for example, Checkpoint VPNs can push a security policy out to the client upon connection, enforcing a firewall policy at the end point and prohibiting network communications between that point and any node besides the VPN gateway. But that's a whole other ball of wax, and returns to the issue of making wise choices when rolling out technology.
-
Re:The main problem with IPSEC...
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:53AM (#3079060)
Right, but I was saying that IPSEC is not only not a magic bullet (that is to be expected) but companies outright misuse the technology without any serious thought. They invest tons in making sure they have tight firewalls and policies that prohibit people from hooking up modems to the outside world (internet without firewall), and yet repeat the mistake in a different form time and time again. It would be nice to establish trusted connections to telecommuters, but it just simply can never be secure enough (well, maybe if the telecommuter is the same person who designed the corporate security and takes home security equally seriously, but not worth finding out).
--
-
Re:The main problem with IPSEC...
(Score:1)
by Sloppy ( 14984 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:59AM (#3078631)
Homepage
Journal
So the effectiveness of the firewall is greatly reduced
Don't you have the same exact problem with desktop machines on the LAN, inside the firewall? Seems to me that VPN-though-a-firewall doesn't introduce any vulnerabilities that you don't already have.
--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it. Parent Share twitter facebook linkedin-
Re:The main problem with IPSEC...
(Score:0)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @06:38AM (#3078946)
But LAN machines have never been exposed to the internet. I am sure somebody can put some "fun" deamons up on a machine just waiting for a VPN connection.
Parent Share
twitter
facebook
linkedin
-
Re:The main problem with IPSEC...
(Score:1)
by Sloppy ( 14984 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:18AM (#3079239)
Homepage
Journal
But LAN machines have never been exposed to the internet.
Ha hah hah ha! That's a good one.
Seriously, it must be nice to work at a place where they haven't heard of "Active Content" and no one uses products like Microsoft Word or Microsoft Outlook.
--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it. Parent Share twitter facebook linkedin-
Re:The main problem with IPSEC...
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:48AM (#3079450)
When dealing with internal systems, you can enforce all kinds of policies about virus software, etc. You can keep it relatively boxed. With telecommuting, the clients not only have relaxed restrictions, but also are vulnerable while connected to the internet to the sort of attacks firewalls are meant to keep out. Normally, this wouldn't be too bad, but with a full tunnel, that machine will probably contain sensitive information itself and, for the duration of the connection, gives full access to a corporate network if compromised.
--
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin -
Re:The main problem with IPSEC...
(Score:0)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @09:07AM (#3080140)
If you want to get legalistic about it:
Local Area Network by definition is not a Wide Area Network now is it? If you have a LAN you cannot be exposed to the internet or it is a WAN. If you run active content then you are running code on the LAN. Don't run unknown code on a LAN. If you downloading something from the internet you are using a WAN interface are you not?
The point is you have a machine that has been directly exposed to the intenet and now it is on your network and that is NOT the same thing.If I have to go to the head at a bus station I will finish my drink because I won't really know what it is when I get back. Parent Share twitter facebook linkedin
-
Re:The main problem with IPSEC...
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:48AM (#3079450)
When dealing with internal systems, you can enforce all kinds of policies about virus software, etc. You can keep it relatively boxed. With telecommuting, the clients not only have relaxed restrictions, but also are vulnerable while connected to the internet to the sort of attacks firewalls are meant to keep out. Normally, this wouldn't be too bad, but with a full tunnel, that machine will probably contain sensitive information itself and, for the duration of the connection, gives full access to a corporate network if compromised.
--
-
Re:The main problem with IPSEC...
(Score:1)
by Sloppy ( 14984 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:18AM (#3079239)
Homepage
Journal
-
Re:The main problem with IPSEC...
(Score:0)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @06:38AM (#3078946)
But LAN machines have never been exposed to the internet. I am sure somebody can put some "fun" deamons up on a machine just waiting for a VPN connection.
Parent Share
twitter
facebook
linkedin
-
Re:The main problem with IPSEC...
(Score:1)
by -audiowhore- ( 153163 ) writes: Alter Relationship
on Wednesday February 27, 2002 @11:08AM (#3081115)
Bollocks! There are quite a few commercial VPN clients out there that either have a 'stateful' firewall engine (Check Points Secure Client), and some others that support personal firewall software (the Cisco client has support for Black Ice and Zone Alarms). The Cisco client can be configured to not install or initialise *unless* the personal firewall is installed/running.
--audiowhore Parent Share twitter facebook linkedin-
Re:The main problem with IPSEC...
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:22PM (#3082392)
But then, how do you ensure the client is using approved software if you are using a standard like IPSEC? I know, corporate policy, but if people are at home, they might try more exotic things... In any event, clients configured like this are a good way to make IPSEC *better* for telecommuting, but the safest bet is to not have full network transparency, but instead only have selected services that telecommuters need and allow only those in your preferred method of access..
--
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin
-
Re:The main problem with IPSEC...
(Score:2)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:22PM (#3082392)
But then, how do you ensure the client is using approved software if you are using a standard like IPSEC? I know, corporate policy, but if people are at home, they might try more exotic things... In any event, clients configured like this are a good way to make IPSEC *better* for telecommuting, but the safest bet is to not have full network transparency, but instead only have selected services that telecommuters need and allow only those in your preferred method of access..
--
- CIPE - a better solution. (Score:3, Informative) by ion++ ( 134665 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:18AM (#3078339) I'm using CIPE for linux at work. It can be found at http://sites.inka.de/sites/bigred/devel/cipe.html or for windows at http://cipe-win32.sourceforge.net/.
It's a better solution because it doesnt run TCP over TCP, which can give a problem, when retransmission occurs. With the right ammount of bad luck, you can have double retransmission where both layers of TCP retransmit. CIPE runs completely over UDP to avoid this problem.
JonB Share twitter facebook linkedin-
Re:CIPE - a better solution.
(Score:2, Insightful)
by ion++ ( 134665 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:22AM (#3078367)
Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with.
Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.
JonB Parent Share twitter facebook linkedin-
Re:CIPE - a better solution.
(Score:1)
by The Darkness ( 33231 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:29AM (#3078878)
Homepage
Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with.
Junta already posted a valid response to this statement.Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.
FreeS/WAN works great with non-static IP addresses.For example:
conn netnet
left=theirhost.dyn.dhs.org
leftid=@theirhost.dyn.dhs.org
leftsubnet=10.1.1.0/24
right=%defaultroute
rightid=@myhost.dyn.dhs.org
rightsubnet=10.1.2.0/24
leftrsasigkey=....
rightrsasigkey=....
authby=rsasig
auto=start
And in ipsec.secrets:
@myhost.dyn.dhs.org : RSA {
}
I have been using a similar configuration since the release of FreeS/WAN v1.5.
--
There are two kinds of people: 1) those that need closure Parent Share twitter facebook linkedin
-
Re:CIPE - a better solution.
(Score:1)
by The Darkness ( 33231 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:29AM (#3078878)
Homepage
Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with.
-
Re:CIPE - a better solution.
(Score:2, Informative)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:39AM (#3078494)
Better solution than, say, ppp over ssh (a really dumb hack), but not better than IPSEC for most all applications.
IPSEC also does not run TCP over TCP, it uses udp for isakmp, and data is transmitted through custom protocols (numbers 50 and/or 51), *not* through TCP.
Another thing about IPSEC that works better than CIPE is that IPSEC more strongly authenticates the machine at the other end. This is why NAT breaks, because unlike CIPE, IPSEC works to ensure the packet has passed unmodified since leaving a known trusted host, and the very nature of NAT prevents this. Solution is simple, move the IPSEC gateway to either the NAT system or beyond. Though it is being pushed in many circles as a good solution for telecommuting, it really was never designed for that and that usage really spits in the face of firewalls.
Finally, CIPE lacks compatibility. Sure you can configure windows and linux boxes and maybe other platforms, but just try to connect to, say a CISCO router....
CIPE is a hack that creates more problems than it solves in the long run. PPP over ssh is worse, but a dumb idea, set up tunnels for specific tcp services that you need, more overhead, but security is better (not perfect, but better). For connecting networks together, a good architect can piece together an IPSEC solution that guarantees identity at other end of the pipe... CIPE offers the gaping whole that IPSEC can while not offering enough identification. So ssh or IPSEC remains the best solution, depending on the problem. --
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin - Duh, we cover cIPe in the book. (Score:2, Informative) by Brian Hatch ( 523490 ) writes: Alter Relationship <<bri> <at> <ifokr.org>> on Wednesday February 27, 2002 @06:40AM (#3078953) Homepage Journal Ummm, we cover cIPe in the book. Would be a pretty crappy job if we hadn't. Parent Share twitter facebook linkedin
- Answer? (Score:3, Funny) by sharkey ( 16670 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:29AM (#3078412) Why does every book need to include the magic 'L' word in the title nowadays?
Because they have a better chance of getting posted to the Slashdot homepage? --
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next. Share twitter facebook linkedin-
Re:Answer?
(Score:1)
by Crusty Oldman ( 249835 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:37AM (#3078476)
... Or they could just say "Perl" for a slamdunk.
Parent Share twitter facebook linkedin
- Crossplatform aspect? (Score:2, Interesting) by egghat ( 73643 ) writes: Alter Relationship on Wednesday February 27, 2002 @05:51AM (#3078571) Homepage How is the crossplatform aspect covered? There are hundreds of possible solutions for VPNs out there, but if you want something that works on *nix, Windows and Mac (Classic and X) and is free and open, the range of products to choose from gets small
For example, I couldn't find a free IPSEC client for Windows.
Any new hints from this book?
Thanks in advance.
egghat. --
-- "As a human being I claim the right to be widely inconsistent", John Peel Share twitter facebook linkedin-
Re:Crossplatform aspect?
(Score:3, Informative)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:53AM (#3078587)
IPSEC "clients" for Windows:
PGPnet- commercial and free versions. Free version doesn't do complicated routing stuff
Windows 2000 and newer have built in IPSEC capabilities.
Both these methods can interact with CISCO, OpenBSD, and FreeS/WAN.
IPSEC is the best shot you have at a cross-platform standard. --
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin -
Re:Crossplatform aspect?
(Score:1)
by Brian Hatch ( 523490 ) writes: Alter Relationship
<<bri> <at> <ifokr.org>>
on Wednesday February 27, 2002 @06:28AM (#3078871)
Homepage
Journal
Most of the VPN topics we cover translate easily and directly to other Unix systems. Some small difference are OS specific. You don't enable ip forwarding with
We discuss PPTP s.t. you can communicate with PPTP-only Windows clients. You can run IPSec software on more recent versions of Windows, however describing how to do so would probably increase the size of the book by several hundred pages, not counting the fact that we'd have lost some serious sanity in the process.
So when cross platform == unix-like systems, this book does it for you. When cross platform == non unix, you're on your own. Parent Share twitter facebook linkedin
- Semi-OT: any ISPs that route a VPN connection? (Score:1) by Sloppy ( 14984 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:06AM (#3078670) Homepage Journal
Anyone know of any ISPs (preferably outside USA) that will route stuff coming from a VPN (or any other type of encrypted tunnel) to The Internet? (i.e. from The Internet's point of view, it would be like I was a local user of that ISP, even though I'm physically somewhere else.) Doesn't have to be free beer.
--
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it. Share twitter facebook linkedin-
Re:Semi-OT: any ISPs that route a VPN connection?
(Score:2)
by disappear ( 21915 ) writes: Alter Relationship
on Wednesday February 27, 2002 @09:42AM (#3080488)
Homepage
Anyone know of any ISPs (preferably outside USA) that will route stuff coming from a VPN (or any other type of encrypted tunnel) to The Internet? (i.e. from The Internet's point of view, it would be like I was a local user of that ISP, even though I'm physically somewhere else.)
Why would you want to do that? Not only will it slow down your network connection, but I suspect that it should be fairly easy to do traffic analysis to determine which traffic was yours in the first place, even at a busy ISP...
Parent Share twitter facebook linkedin
- Has anybody used isakmpd on Linux (Score:2) by Chang ( 2714 ) writes: Alter Relationship on Wednesday February 27, 2002 @06:06AM (#3078673) Anybody out there have any success compiling and using OpenBSD's isakmpd on Linux?
I really need to use aggressive mode but the patches for freeswan are ancient/unmaintained.
A pointer would be greatly appreciated.
Share twitter facebook linkedin- ssh + ppp = vpn (Score:1) by hopeless case ( 49791 ) writes: Alter Relationship <{christopherlmarshall} {at} {gmail.com}> on Wednesday February 27, 2002 @06:11AM (#3078722) Here's this script I use to setup a quick and dirty VPN between my workstation at work and my home PC. It has to originate from work to get through the firewall but once setup, of course, packets can flow both ways. I call the script ssh-vpn.
You have to setup ssh correctly with rsa keys before it will work. You also have to download pty-redir. See the VPN mini how-to for more details.
#!/bin/bash
REMOTE_HOST=$1
REMOTE_IP=$2
LOCAL_IP=$3
if [ -z "$1" ] || [ -z "$2" ] || [ -z "$3" ] ; then
echo "usage ssh-vpn "
exit 1
fi
# this file holds the slave pty that the local pppd needs
tmpfile=/tmp/tmp$$
# start remote pppd
/usr/local/bin/pty-redir
# give the remote pppd process a little time to send its first connect request
sleep 5
#start local pppd
/usr/sbin/pppd $(cat $tmpfile) passive
# remove file that held the slave pty file name
sleep 5
rm $tmpfile
Share twitter facebook linkedin-
The pty-redir hack is dead.
(Score:1)
by Brian Hatch ( 523490 ) writes: Alter Relationship
<<bri> <at> <ifokr.org>>
on Wednesday February 27, 2002 @06:20AM (#3078799)
Homepage
Journal
No offense, but anyone still relying on pty-redir should really use a more recent version of pppd which has the '-p' option to create a pty on it's own.
The ppp over (ssh/ssl) stuff in the book is much more complete, allowing you to make more than one connection, doesn't rely on best-guess 'sleep X' timeouts, and walks you through setting up ssh securely s.t. it can only be used to create the VPN, and doesn't require logging in as root from either endpoint. Parent Share twitter facebook linkedin-
Re:The pty-redir hack is dead.
(Score:1)
by hopeless case ( 49791 ) writes: Alter Relationship
<{christopherlmarshall} {at} {gmail.com}>
on Wednesday February 27, 2002 @08:08AM (#3079628)
Thanks for the info on "-p". I didn't know about that.
You are correct, of course, about the flaws of my scheme, but you'd be amazed how well it works for my purposes. I work from home and need to get access to my work machines through the firewall.
USing my 128k DSL connection to the net, I can do a lot this way, including using VNC acceptably.
I wouldn't recommend it for any production environment, but for simple things it more than fits the bill. Parent Share twitter facebook linkedin
-
Re:The pty-redir hack is dead.
(Score:1)
by hopeless case ( 49791 ) writes: Alter Relationship
<{christopherlmarshall} {at} {gmail.com}>
on Wednesday February 27, 2002 @08:08AM (#3079628)
Thanks for the info on "-p". I didn't know about that.
-
Re:ssh + ppp = vpn
(Score:1)
by hopeless case ( 49791 ) writes: Alter Relationship
<{christopherlmarshall} {at} {gmail.com}>
on Wednesday February 27, 2002 @06:26AM (#3078840)
Here's a link to a tgz file of the pty-redir source and compiled utility:
http://www.hopelesscase.com/pty-redir.tgz
I had to modify it to get it to work so in the interests of saving time, I'm posting it here. Parent Share twitter facebook linkedin -
Re:ssh + ppp = vpn
(Score:4, Informative)
by Junta ( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:14AM (#3079217)
Of course, ppp over ssh is a bad thing, ugly and bad. For most traffic, you have this topography:
TCP over IP over ppp over ssh over TCP over IP, etc...
Note the fact that we have TCP over TCP, which is bad, very very bad. If a packet gets lost, we have two layers doing the same thing to restore a connection and things can get stalled out quickly....
ssh's built in tcp tunneling suffices for most remote access applications. For a true VPN, IPSEC is the only good way to go. Other things like CIPE certainly work better than ppp aver ssh, but still lack in certain features things that IPSEC does. Then again, if you have to build a VPN where you need to modify packets in transit (i.e. NAT), CIPE is a viable alternative if you don't mind that packets could be mangled by more than just the NAT gateways and CIPE wouldn't care, but I personally want to ensure the highest security with IPSEC... --
XML is like violence. If it doesn't solve the problem, use more. Parent Share twitter facebook linkedin-
Re:ssh + ppp = vpn
(Score:1)
by hopeless case ( 49791 ) writes: Alter Relationship
<{christopherlmarshall} {at} {gmail.com}>
on Wednesday February 27, 2002 @08:10AM (#3079657)
Yes, it leads to poor performance and an unstable link. Still, for my purposes (connecting from home to my work machines through a firewall over a DSL line at 128kbps), you'd be suprised how useful it is.
IPSec would be better but I would have a lot to learn and experiment with before I could use it. The ssh+ppp solution is much easier. Parent Share twitter facebook linkedin
-
Re:ssh + ppp = vpn
(Score:1)
by hopeless case ( 49791 ) writes: Alter Relationship
<{christopherlmarshall} {at} {gmail.com}>
on Wednesday February 27, 2002 @08:10AM (#3079657)
Yes, it leads to poor performance and an unstable link. Still, for my purposes (connecting from home to my work machines through a firewall over a DSL line at 128kbps), you'd be suprised how useful it is.
- Right in time. (Score:2) by Bender Unit 22 ( 216955 ) writes: Alter Relationship on Wednesday February 27, 2002 @07:06AM (#3079151) Journal I have just been playing with IPSec for the last couple of days and wanted to buy a book on the subject. While I managed to sucessfully make a VPN connection between 2 machine, I still need to read a great deal about what's under the hood.
So I looked at amazon also thinking that I could not go wrong with a book from O'Reilly, but after looking at the few stars it got I had been looking at this book and the one from RSA. Well, that does it. I'm getting this one.
Share twitter facebook linkedin-
Re:Right in time.
(Score:2)
by gmhowell ( 26755 ) writes: Alter Relationship
<gmhowell@gmail.com>
on Wednesday February 27, 2002 @09:44AM (#3080503)
Homepage
Journal
Ditto. Need to work from home. What I should do is wireless (only 2 miles between home and work) but the county has something against cutting down all of those trees...
--
Jesus was all right but his disciples were thick and ordinary. -John Lennon Parent Share twitter facebook linkedin
- 1 2 Related Links Top of the: day, week, month.
- 1445 commentsFewer Than Half of Young Americans Are Positive About Capitalism
- 1293 commentsMass Shooting Reported at Madden Video Game Tournament in Florida
- 985 commentsLinus Torvalds Reflects On How He's Been Hostile To Linux Community Members Over the Years, Issues Apology, and Announces He Will Be Taking Some Time Off
- 929 commentsWikileaks Co-founder Julian Assange Arrested in London
- 825 commentsSan Francisco Officials Are Planning To Ban Corporate Cafeterias, Force Tech Workers To Eat Out At Local Restaurants
Patent on Wireless Transfer of Pupil Data
27 comments previous 300 comments window._taboola = window._taboola || []; _taboola.push({ mode: 'text-links-a', container: 'taboola-below-article-text-links', placement: 'Below Article Text Links', target_type: 'mix' }); -
That's not just a problem with ICANN
It is the nature of those in authority to seek out greater power and methods of expanding their empire
For more examples see here and here and here and here. -
Re:They're not U.S. Senators
-
They're not U.S. Senators
It looks like two US senators are introducing bills that would impose recycling fees on new computer systems sold.
The two senators, Byron Sher and Gloria Romero, are California State Senators, not U.S. Senators. Huge difference.That's OK; most Californians I know can't name the two U.S. Senators they elected (Barbara Boxer and Dianne Feinstein)
-
They're not U.S. Senators
It looks like two US senators are introducing bills that would impose recycling fees on new computer systems sold.
The two senators, Byron Sher and Gloria Romero, are California State Senators, not U.S. Senators. Huge difference.That's OK; most Californians I know can't name the two U.S. Senators they elected (Barbara Boxer and Dianne Feinstein)
-
Re:Want to stop span?
The U.S. Senate is obliging and gives out the addresses in a convenient form: U.S. Senate. The U.S. House of Representatives is less so, but others have done the work: CongressMerge Contacting the Congress.
It wouldn't be difficult to comb The U.S. House of Representatives Locate Representatives' Web Sites Listed by Name for addresses. -
Where's the Bricker Amendment When you need it?
Here's an interesting little snipped from Article VI of the US Constitution that most of you probably didn't know about (emphasis mine):
This Constitution... and all treaties made, or which shall be made, under the authority of the United States, shall be the supreme law of the land.
The Supreme Court has interpreted this to mean that international treaties hold the same weight as the Constitution. This means that if a WIPO treaty trumps the First Amendment, you're up a creek.
Back in the 1950's there was a bill floating around Congress known as the Bricker Amendment that would have forbade Congress from ratifying a treaty (only requires 2/3 of the Senate) that would require a constituational amendment to do otherwise (which requires 2/3 of both houses and then 2/3 of the states). It didn't pass. Do a Google for more info.
This means that a group of people who we don't have any control over for six years at a time can trump the Constitution whenever 67 of them agree to. (Yet another reason to repeal the 17th, probably.)
There's been a new interest in the Bricker Amendment in recent years from the political right and other groups, but I don't think anything's been really done about it.
BEGIN subtleHint();
Perhaps if we all wrote to our Congresscritters and Senators and bitched about the lack of such a law protecting us from abuses in WIPO and WTO something might get done about it.
END subtleHint(); -
Real Player used to be worseRemember when Maria Cantwell and Real got caught tracking all the music that was anywhere on your computer?
The big question is, will Microsoft respond in the same way and back down?
-
lets stop this legislation.copy this letter to all
Please, Help Abolish The DMCA
The DMCA harms every American. It allows organisations and corporations to terrorize citizens of the United States with threats of jail time and fines for citizens, scientists and academians (a Princeton professor was threatened to not publish a paper) who perform math and science. The DMCA makes is a crime to "circumvent" copyright protection systems, on materials you bought and that you have a right to fair use of. Essentially the DMCA is a war on education. The DMCA, or Digital Millenium Copyright Act (United States Code, title 17, chapter 12, section 1201 http://www4.law.cornell.edu/uscode/17/1201.html), can put you in jail for creating, using, or distributing software to playback the DVD's you legitimately purchased on a computer you paid for. It can put you in jail for reading electronic books you pay for without authorisation from the publisher! In fact, Dmitri Sklyarov was arrested and imprisoned for writing such a software program. It can put you in jail for making copies of music you purchased so that you can listen to it in your car.
The DVD consortium locks each DVD disc with a key, and then gives the key to manufacturers of DVD players. The key itself is a number. With this key, one can rightfully play the DVD's one owns on his equipment. However, the DMCA makes it illegal to speak about or distribute said number! It makes it illegal to do math and science. This is a flagrant violation of your first amendment rights, which reads "Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."
Please, sign the Abolish the Digital Millenium Copyright Act: http://www.petitiononline.com/nixdmca/petition.htm l Please, write to your US senators and representatives and tell them you want abolishment of the DMCA. You can find out their mailing and e-mail addresses at http://www.senate.gov and http://www.house.gov
The DMCA harms every American. It was bought by organisations that want to be able to completely control what, when, where, and how often you use media--television, books, music, and movies. The DMCA is not a valid exercise of Congress's enumerated powers. It is unconstitutional. Please show your support to strike down the DMCA. Please forward this notice along to your friends, family and co-workers.
For futher information please see http://anti-dmca.org -
Re:The Ovens of Corporate America
You had a good idea, then you went all a-kilter there at the end.
Corporations are amoral. Their only purpose is to maximize shareholder value, i.e. sales and profits. If they act in a way that reduces their shareholder value, e.g. by acting "morally responsible", they can even be sued by their shareholders under certain circumstances.
This is true, insofar as it goes. A corporation can act in a moral way, if the corporation is set up that way, i.e. the board or CEO has decision-making powers of some latitude. If the shareholders don't like the decisions made by the board and/or CEO (e.g. they don't mind kids stiching Nikes is Absurdistan; or they are appalled at the thought).
But then you lose it altogether:
That's why corporations need to be regulated. You just can't expect them to do the right thing, that would not only be idiotically naive, it would be fatal.Speaking of idiotic naivité, assuming that the government can or will regulate a corporation any better than a corporation can regulate itself is pretty farfetched. The government can't even regulate itself, much less manhandle thousands of corporations in any sane or reasonable manner.
If you think "but we can elect representatives to enact the regulations we think are best", you're engaging in the worst form of blind faith. If you couldn't convince a few thousand shareholders to vote out a morally bankrupt CEO, what makes you think you can convice some 30 million citizens to vote for representatives that will do the "right thing"?
Luckily in the US of A, we have the protected right of free speech, and you can protest a corporation's actions in a TV or radio or newspaper ad. Though, if this is any indication, that may change at any time.
-
Re:It comes down to $$$$$
The end may not be near after all. I look at it this way. With BT jumping the Atlantic pond and asking American companies for money, legislator's may just take notice. If the cash is just moving from one American oligopoly to another, then fine, but when it flows out of this country, then those in power (might/will) take notice. There hasn't been a better time to write your congress person and vent.
Really though, there will come a point when the absolute frivoulus nature of these suits hits a nerve, where those with the power to do something are finally pushed to change the system. Perhaps this SightSound lawsuit, or maybe Microsoft suing the President for using their patented decison making process. It will happen sooner if we (/.'ers who want to make a diff) make some noise. I sent a mail to Senator Fitzgerald about the SSSCA and even though I just got a response a couple of weeks ago, it was in fact hand signed (the letter was laser printed, but you can tell the sig was done with one of those 10 cent bic pens).
My point is, there is a wall to which these lawsuits are running. How far we have to go depends on how greedy those on top are (go Enron), and how diligent those with some knowledge on the subject can be. Write your senator! Write your Representative!
-
ninth court? expect a reversal
heh, the ninth court of appeals is reversed constantly. don't be too optimistic about this ruling standing up in higher courts, since the ninth court has a particularly bad record with reversals.
some references:
"Let's say this is a court on the cutting edge of jurisprudence," Richards said of the 9th Circuit court. "It may be the most reversed court."
"Of course, this is the Ninth Circuit, the most reversed court in the country, so the road is likely to be bumpy."
"Our final area of concern is that we are talking about the Ninth Circuit. That Circuit is much too large, which has made it difficult to develop any collegiality. As a result, judges have not developed common legal approaches to their decisions, and they are often even unaware of each other's decisions. The case law that has developed from this situation is often conflicting within the Circuit. Further, as judges have learned to act as laws unto themselves, they have frequently made unconstitutional decisions. It is by far the most reversed court in the country."
jon -
Re:News
In related news, the Government also declared that the Sky is Blue, Bill Gates is Rich, and that Governments spend money on obvious surveys.
I'm sorry to disappoint you, but the Government has really done research on blue sky. Don't speak to louder or they might reconsider extending their clue finding process on why Bill Gates is so rich. -
Censorship in America these daysCensorship has been encouraged by American government leaders since the attack on New York:
"[Bill Maher's statements are] reminders to all Americans that they need to watch what they say, watch what they do. This is not a time for remarks like that; there never is."
The question would appear to be not why has Jim Robinson obeyed his government's wishes and refused to give a sounding board to people who spread anti-American disinformation (like how the CIA planned the terrorist attacks), but why other sites like Slashdot haven't followed the government's lead and censored similar material.
-- Ari Fleischer, White House Press Secretary, September 26, 2001
"To those who pit Americans against immigrants, and citizens against non-citizens; to those who scare peace-loving people with phantoms of lost liberty; my message is this: Your tactics only aid terrorists - for they erode our national unity and diminish our resolve. They give ammunition to America's enemies, and pause to America's friends. They encourage people of good will to remain silent in the face of evil. "
-- John Ashcroft, Attorney General, December 6, 2001In fact, Slashdot does censor material -- proactively, by choosing at most 1% of the submissions it receives for article status. Free Republic allows all registered users to post articles to its site; "censorship" occurs later if a browsing moderator chooses to remove an existing thread. I have yet to see a "How the CIA planned the terrorist attacks" thread on Slashdot, and in fact
If the owner of a site decides he doesn't want to use his money to pay for serving and storing anti-Semitic and anti-American diatribes, he should be able to do so. I don't think many here would disagree with this.
-
Jar-Jar is a senator?
Is this character based on a real person?
-
It's been said before...
but i'll say it again..
If you're going to bitch,
bitch productively!
If you put the same effort you do here, into legit politics (wow. now *THATS* an oxymoron), the least that's going to happen is you're voice will be heard. The most? The sky's the limit.
Just do yourself a favor. When writing your congressperson or representative:
1) Don't troll
2) Don't flame
3) Don't mention your
4) Don't start with "I didn't vote..", or, especially, "I didn't vote for you, but..."
5) Above all, write intelligently.
P.S. Inconspicuously hinting that your wealthy father could make a sizable donation to the rep's campaign wouldn't hurt. -
Musicians giving it away and making $$$$We at ibiblio host several bands who freely share their music and they still make a living.
We've hosted Roger McGuinn's Folk Den project for about 5 years. Now Roger has made a CD, Treasures from the Folk Den, which has just been nominated for a Grammy! Not bad for a rock star who told the labels to go jump in his Senate testimony.
We also host collections of tape traders, jamz and tunetree, of bands that want their fans to hear their music (and pay to come to their shows).
Eben Moglen is right (see NYTimes article on FoM); it's about love. -
Guess Harry Reid LostThere was a good article in The New Republic about this issue a couple of weeks ago.
I guess even with his position of power Harry Reid finally lost and/or the rest of congress finally got (a little) common sense. -
The root of the problem is Right Here(tm)"I have watched kids testifying before Congress. It is clear that they are completely unaware of the seriousness of their acts. There is obviously a cultural gap. The act of breaking into a computer system has to have the same social stigma as breaking into a neighbor's house. It should not matter that the neighbor's door is unlocked. The press must learn that misguided use of a computer is no more amazing than drunk driving of an automobile."
At first glance, one might attribute that statement to a computer-illiterate senator or to an incompetent journalist. You may be surprised, then, to find that this quote was from Ken Thompson in 1995. Yes, one of our own - a creator of the UNIX system and the command line we use every single day - condemned the antisocial activities of malicious computer users. Which leads me to ask: why aren't we listening, and where is our moral compass?
A few years ago, it was all the media's fault: the media gave much attention to antisocial criminals who happened to use computers. Nowadays, computer crime is rarely front-page news, especially in light of the recent terrorist attacks caused by the usual suspects. So what kind of notoriety, then, are these criminally insane geeks seeking? The fact of the matter is that the open source community here on Slashdot is not only tolerating illicit behavior; it is encouraging it. We are partially responsible for every Brian West, Eric Corley, Dmitri Skylarov, Ted Felten, Randal Schwartz,, and DrinkOrDie member. We are harboring criminals because we are glorifying their acts and lauding them for "civil disobedience." We are not unlike the Arabs who cheered as they watched the Twin Towers collapse on their (banned) TV sets. And like those ungrateful Arabs, we owe our prosperity to the American government and the capitalist society that so many users here seem to despise. We have become our own enemy.
We, as a community, need to stop tolerating this behavior. Instead of encouraging people like Jon Johansen by sending money to the EFF to help them keep these ingrates' lilly white asses out of jail, we need to send a strong message that computer crime is not consistent with our ethical standards. We need to lead by example - log off of Gnutella, start paying for software (even Windows), stop cracking your DVDs and eBooks "for fun," and start acting like an upstanding citizen. It is only then that the powers that be will start taking us seriously and repeal the DMCA/SSSCA/PATRIOT legislation, and start giving us our rights back. It is crystal clear that we will not get our rights back a moment before we get out of the business of producing criminals, and the first step is to stop empathizing with them.
freebsd guy
-
Imagine
-
Hmmm....According to his biography:
Senator Hollings is a Democrat. it is this kind of moral blindness that cripples Slashdotters when it comes to stopping legislation. I want to grab you all and shake you, the Democrats are just as bad!!!
-
Links for the motivated;
If you're inspired to become a gadfly to those who think they can turn you into a consuming conforming ruminant:
First off, check out Dennis Powell's advice on responding to the DOJ's attempt to give the Internet to MS.
Never let your senator or congressperson do anything that concerns you and your liberties without hearing from you.
I've never seen Common Cause mentioned here, but they are a real lobbying group who deserve your support and dollars, have done so for decades. -
Congressman's Mailbox
Great article. Hmm. For some reason I doubt my congressmen read Slash.
I am going to mail a copy of it with a short intro from yours truly to all my congressmen/representitives. I encourage all of you, even those not in the US to do the same. This article does a lot better in their hands than ours. For those in the US that are lazy here is a list of your House members and Senate members that has their adresses and such. -
Copy of Senate hearing speeches & press covera
-
More info on the Bono ActHere's some more information about the Sonny Bono Copyright Term Extension Act:
- Wikipedia article to which I contributed
- Everything 2 article that I wrote
- Eldred v. Ashcroft, a lawsuit to overturn the Bono Act
- House directory and Senate directory: whom to fax if you want this law repealed. Yes, fax. E-mail is assumed to be spam, while paper mail is assumed to carry anthrax.
-
Re:Well, so much for freedom.
"Get out from behind the monitor and write your congressman. No, don't e-mail him/her, they won't read it."
YES, THEY WILL. Some Senators have actually pointed out that right now electronic mail is a better way to go (For an example, CLICK HERE.) because of the Anthrax threats on Capitol Hill. I can personally vouch that politicians read email, because I have recieved multiple personal, specific replies to emails I have sent to my representatives. These were well written letters, not just a generic form letter about a topic with a fake signature stamp.
On the topic, Americans need to stop buying into the myth that politicians do not read email. This story is spread by:
1- American media corporations, who want to keep people from contacting representatives. Actually writing a letter and mailing it intimidates some people (Those who do not know how to prepare elegant business letters or have poor handwriting and lack spelling skills.), and is too time-consuming for others. By making sure that the people's thoughts are not heard, companies like AOL and Microsoft make sure that theirs ARE.
2- Old Guard politicians afraid of progress, the guys like Jesse Helms and Strom Thurmond who are afraid of change, especially one that gives a lot of voters a voice in a manner that they do not understand.
Use email to contact politicians. It works. If a politician will not care about your email, chances are that he is enough of an asshole that he would not care about a letter anyway,.And if a politician expresses disdain for email, note it, and make sure he gets voted out! -
Why is anyone surprised?
The line that best summerizes what happened here was "James had been acting real tough until now," said Robert Lande, a University of Baltimore professor of antitrust law who followed the case closely. "But when it comes down to it, Microsoft broke open the champagne when Bush was elected."
Before negotiations even get anywhere the Justice Department announces they will not seek a structural remedy. They bought a get out of jail free card because we talk to each other instead of our representatives.
Now the terms are such that MS need only hold out five years before they are no longer supervised and they can do as they please again. Who will form a business with a five year life span against MS?
Let's say you are willing to. And now MS does not release the information on interfaces as promoised? What will you do? Sue them? Go ahead, can you outlast them in court? They do not need to win they just need to delay and delay and delay. That is how they got this deal.
We can whine and complain and bitch and moan, but the fact is they have $46 billion in cash and a PR machine telling eveyone the economy is doomed if you don't settle now and it is those "technical people" like slashdot readers who are responsible for all the virus and email problems we are seeing today.
Once again, using paper and an a real envelope (or these days a post card or FAX is probably better) Senate Address Lookup and House of Representative Address Lookup
Ask the simple question of why we would accept less now than what was being offered months ago? This is a plea bargin for robbery where we agree to do 3 years in jail and at the hearing are asked to promise we won't do it again instead.
It is time to put up or recognize these are the things that will make future open source development nearly impossible. Disagree? Let's go back to passport and hailstorm. Then the presumption sold to our representatives by the MS PR machine and many of the vendors selling security software: closed source is more secure than open source.
Now DMCA stops reverse engineering and Microsoft provides an interface (but not the one they use) which is slower and convoluted. And they change is every quarter, because "their customer's demand innovation". And they release the new version as they announce the changes. Do you think "mom and dad" are going to use open source if they have issues at all?
Microsoft doeso not need to bring out the big guns, they just need to bleed us slowly one change at a time. From their side it is the best of all possible results because they are complying with the courts and are protected from further attacks. -
Re:Support his move (CONTACT URL)This is a direct link to his contact page.
This is what I wrote to him:
Senator Feingold,
I just wanted to let you know that I appreciate your vote against the anti-terrorism (USA) Act. I strongly feel that this law contains several provisions that encroach on our citizens civil liberties. I also feel that this law goes against the spirit of our Constitution.Thank you for standing by the Constitution. I am not a citizen of Wisconsin, but I appreciate your vote nonetheless. I only wish my Tennessee senators were as insightful and brave as yourself.
Sincerely...
-
Stop wondering and go do your part.
I have read many slashdot reader's comments asking how to contact their representatives (and many cynical responses as to why it is okay not to do so), so I will post this to the main message thread.
Go to www.senate.gov and look for your states senators. Call their offices. Tell them that you want to contact your representative and explain why. Ask them what the best way to contact your senator is, they will tell you. Once they do, use that medium to contact your senator.
Get all the information you can. Quote the sources you use to make your point. Make the points that this bill is contrary to the constitution (personally, I used amendment IV). Make it clear that you voted for them to protect your rights and freedoms, not give them away to Disney, et al.
The most important point is to come across as a well informed constituent. Don't write threatening, uninformed letters like some backwater rube.
If enough people put the pressure on, this bill will not pass (and we will be able to destroy laws like the DMCA)..
The time for thinking someone else will take care of it for you is over. Do your part as a member of the technology community. If every person that is against this bill (and others like the DMCA) write their senators, this bill will fail. Also, if every one of us keeps the pressure on our representatives concerning DMCA, it will also fail..
Unless you do something about this, you have no right to complain when your freedoms are stolen. Also, you can't win unless you fight..
Go write! -
Re:Feingold's comments...
According to the DMCA vote listing, Fiengold voted for the DMCA. How does this weigh in with his pro-constitution rant about the anti-terrorism vote?
-
Re:Russ has Principle
Here is Sen. Feingold's statement from the senate floor. Didn't see it anywhere else up here.
He breaks out a great quote "The condition upon which God hath given liberty to man is eternal vigilance."
-
Feingold's comments...on the Bill are here. Here's some snippits on why he voted no:
The Founders who wrote our Constitution and Bill of Rights exercised that vigilance even though they had recently fought and won the Revolutionary War. They did not live in comfortable and easy times of hypothetical enemies. They wrote a Constitution of limited powers and an explicit Bill of Rights to protect liberty in times of war, as well as in times of peace.
He voted no because he felt people were losing some of their basic constitutional rights in order to "shore up" our security. While I voted for the guy in the last election and don't agree with his Nay Vote on this Bill, at least the guy had the guts to stand up for what he believed in.
...We in this body have a duty to analyze, to test, to weigh new laws that the zealous and often sincere advocates of security would suggest to us. This is what I have tried to do with this anti-terrorism bill. And that is why I will vote against this bill when the roll is called.
Protecting the safety of the American people is a solemn duty of the Congress; we must work tirelessly to prevent more tragedies like the devastating attacks of September 11th. We must prevent more children from losing their mothers, more wives from losing their husbands, and more firefighters from losing their heroic colleagues. But the Congress will fulfill its duty only when it protects both the American people and the freedoms at the foundation of American society. So let us preserve our heritage of basic rights. Let us practice as well as preach that liberty. And let us fight to maintain that freedom that we call America.
-
Prehistoric Monster Congressman Found
-
Re:Speaking of Hollings and the SSSCA
How about a fax? That's how I make my views known to my senators and representative.
How can you easily determine one of their fax numbers? The following links will likely work, although you may have to call the listed voice number to ask for the fax number.
For the Senate, start at http://www.senate.gov/senators/senator_by_state.c
f m.For the House, start at http://www.house.gov/house/MemberWWW.html.
-
Re:Ashcroft & Fienstien like it?Look for yourself - it's a matter of public record. Every vote by every Senator and Congressman is published in the Congressional Record.google search will find dozens of sites which index the Congressional voting records. Try the National Freedom Scorecard for starters.
For a bit of enlightment on the relationship between these two chuckleheads, Read This. -
Commerce Committee LinksFor those needing to contact their senators:
- Committee Members: Voice and fax numbers, office locations and home pages.
- About the Committee: Subcommittees, jurisdiction, rules, etc.
- Commerce Committee Home Page
-
Commerce Committee LinksFor those needing to contact their senators:
- Committee Members: Voice and fax numbers, office locations and home pages.
- About the Committee: Subcommittees, jurisdiction, rules, etc.
- Commerce Committee Home Page
-
Commerce Committee LinksFor those needing to contact their senators:
- Committee Members: Voice and fax numbers, office locations and home pages.
- About the Committee: Subcommittees, jurisdiction, rules, etc.
- Commerce Committee Home Page
-
More proof that we are moving away from democracy.
In a democracy, everyone is guaranteed equal rights. There are no double standards. But what the RIAA is proposing, that for some reason, they should be given the right to do legally what is illegal for everyone else. If I were to launch a DoS attack on riaa.org, I would most surely be arrested, fined, called a terrorist, or all of the above. Yet, if things go thier way, they will have special dispensation to deny me (and others) service.
This shows that, with enough money, you can essentially buy and modify our government. Last time I checked, this is called a plutocracy. Let's stand up for democracy, and contact our senators! -
Re:What about representatives
Actually, the goal of terrorism is to get draw attention to the cause that the terrorists support, not kill large numbers of people.
Actually, (IIRC) according to traditional (Marxist) doctrine, the primary goal of terrorism is to undermine the public's faith in (and support of) the target government, thereby paving the way for revolution. The desired outcome of a terrorist act is to force the target government to pass ill-considered, repressive laws. -
Re:With all the talk of a new police state.....
Bill Maher said something I agree with on 'Politically Incorrect' (the night he got in trouble with the Whitehouse). He said, "The Governements main job is to protect us, and I think they fscked up bigtime."
I agree.
They did not test it for 2 weeks, thats a bit of a screwup, especially since that was around the time (Sept 25th) they began talking about how there may or may not be some chemical or biological attacks over that weekend. Do you remember those news reports? I sure as heck do.
My question was in that post and still is, why were they not aware? Why since they were saying there was a good chance that there may be a bio or chemical attack, were they just looking at crop dusting airplanes and not a broad spectrum of different possibilities, like for example, strange powders being sent to media figures. Heck at least the DEA could have made sure it was not coke or something.
The FBI has had a recent history of being a bunch of fsck ups.
Missing FBI stuff
Oversight Commitee
-
Proud to have voted for Feingold
Sen. Russ Feingold has never disappointed me in the six years I've followed is career. He seems to me to be the politician with more integrity than any other I know about. His vote against the "USA" act reinforces my high opinion of him.
Here's his statements about the liberty implications of the bills that are in consideration right now: feingold.senate.gov -
Cantwell's floor statement
Senator Maria Cantwell (from my state of Washington) made a great speech regarding this legislation.
However, she did vote for it. That's what gets me: if they really don't think it is a good idea, why do they vote for it? She indicates that there is still the hope that it can be blocked later if not fully addressed.
http://cantwell.senate.gov/news/releases/2001_10_1 2_01_statement.html
Have you called your senators/representatives to express your opinion?
-core