sites with big middle-of-the-page ads get images blocked by squid and perl. Slashdot's ads are explicitly allowed right now, but if they get big and/or obtrusive, they will be blocked as well. As they are, I leave them in (and even click them sometimes) in order to support the dot.
(foolishly responding to an anonymous coward) I'm faulting them for trying to stop napster at the "cloudmaster's pc" level, instead of at the "napster as a company" level. I agree - Napster sucks. Feel free to check out my mp3 collection, then walk over to my stack of CDs. Every copyrighted mp3 in my collection has a corresponding CD in the stack. None of the free mp3s came [directly] from napster.
When Sony as a company decides that their consumers are relevent, I'll consider giving them my money again. Until that time, however, Sony is just another big music company that wants to trample all over a bunch of my rights in some feeble attempt to stop one possible form of copyright violation (napster, in this particular case). There are legitimate uses for Napster (and clones), and there are better ways to "combat" file sharing.
The article was somewhat deceptive in titling, and the author did give the nod on the server side. But you're right, it essentially re-hashed the same thing we keep eharing (and doing nothing about), like the way developers will come up with a whole bunch of programs doing the same thing (KDE, gnome, etc, etc) instead of working together. I know, different goals, slightly different niche. I tend to write my own code when I need to do something, even if a program already exists to do pretty much what I want. Anyway, I'm not sure those points needed hashing out over the 6 or 7 pages that they gave to it. Then again, I don't think that the whole lord of the rings thing they did in that issue needed to be as long as it was either. Heck, I don't think the *magazine* needs to be so damned long.
That reminds me, is anyone else who got 1 trial issue of "maximum linux" now apperently getting Wired for free? I've gotten the last 3 or 4 issues now, and have never even suggested that I'd like to subscribe...
You don't even have to do *that* on most systems. All you do is
install the kernel-source package from your distrib
copy ".config" from the distrib's kernel-source dir (/usr/src/linux-dist or similar) somewhere (like $HOME)
download the new kernel source and unpack it
copy the.config file back into your new kernel source tree (probably/usr/src/linux/
type "make dep; make bzLilo; make modules modules_install" in the new kernel directory
Viola.:) New kernel with the same options that your distrib's kernel came with - and if your distrib doesn't suck, lilo will have been set up for you too. That seems pretty darned easy to me. Even if you have to change/etc/lilo.conf around a little bit to pick up the new kernel, that's *still* pretty easy, and something that anyone adminning a box important enough to worry about should already know how to do (or should know how to find out how to do).
I got that on an earlier post, too. I figured it was a result of the flood of postings to a "something wrong with linux" message from the over-zealous linux fans and the over-excited linux-bashers. The new slashcode seems to have been buckling just a little under the tremendous loads that are placed on it... (not that I could quickly write anything better, mind you)
Precisely the point I was goint to make. We've got several linux boxes here, but only one has user accounts on it that could be used for this kind of exploit. The other boxes have several accounts, but the only ones that can be logged into are me (the admin), root (also me), and, on a couple of them, the guy who was the admin a few years ago (who I would trust with root and who still works for the company in a different capacity).
Guess what, I'm not real worried about this bug. I suppose it's time to upgrade the kernel anyway, though - it's been a few months. Wake me up if someone finds a *remotely* executable bug with any of my customized Linuxen. 'Till then, Windows' are *still* less secure than Linux.
So, what happens when you have a request coming from behind an iptables firewall (or something else that does this) using "iptables -A POSTROUTING -s $INTERNAL -j SNAT --to 10.1.1.1-50" (assuming I didn't mangle the syntax) and thus have requests that rotate through the 10.1.1.1 to 10.1.1.50 IP range? This is fairly common, and breaks things that depend on the remote IP for session tracking.
This technology would likely induce road rage in me, what with the crying and picture taking. Besides, my cars already display too many emotions (mad, irritated, lazy, etc).
My cat will also fetch things. He generally prefers the little safety rings off of gallon jugs, because he can step on the side and flip them up, then hook them over his lower teeth. He'll either run and chase the things or jump and grab them out of the air over his head, depending on how high/hard you throw them; then he'll trot back and drop them in my hand. He'll do that for *hours* - I usually get tired of it well before he does. To offset that entertaining talent, he'll occasionally jump headlong into the screen door thinking he's gonna nab a bird outside.:)
Log out and check your profile from everyone else's point of view - your address isn't visible.:) It is on your web page, however... I'll see if I can find a copy of that message. Hmm, maybe "cat/dev/null | mutt matt" will get the message back...
The incomming traffic is mainly getting a directory listings and requesting files, this is by nature small stuff. Look at the top of your web browser you send maybe 100 bytes to request most webpage and the server sends back about 100K.
Umm, that was my point. If the firewall works, then it will stop requests from ever getting to the server. All the RIAA can do is send a lot of small requests to the server, which will never get past the firewall that's blocking all traffic from them. I suppose that you'd have a point if this hypothetical firewall didn't actually stop any traffic, but then it wouldn't be a firewall. I made the asusmption that, when the poster said "block at my firewall", his firewall would actually block the traffic.
imap provides for sharable folders, wherin everyone could keep some randomly standardized text document with a schedule, and every mail client worth a damn supports many-user and single-user address books stored on an LDAP server. As with most good protocols, IMAP does one thing and does it well.
Re:Yet another good reason to use IP Tables....
on
RIAA to DoS Pirates?
·
· Score: 3, Interesting
So the incoming traffic is slowed down. You're still just sending out a little packet to the RIAA, while your legitimate users are barely affected once they manage to connect. I agree, though, your service provider (and all others) should ban traffic originating from anything controlled by the RIAA/MPAA/whatever. Just think how nice it'd be to globally block verbal and written communication from them too.
Yes, ha ha, that document created in one crappy program doesn't open right in another program. Ha ha ha. Ha ha.
Maybe they'll laugh hard at the people who created the docs in a non-portable format instead. Maybe they'll require that documents get converted to a useful standard. Yeah, that's what will happen.
Pine used to do this when you first started it. I don't know if it still does, since I've graduated to mutt, but a few years ago I remember sending a bunch of "new linux box" mails to the pine counter. I wonder if those stats are available anywhere...
I'm #108731. I only received mail when I realised that the email I signed up with had gone away years ago, and had to send a few messages back and forth to establish my identity and get the entry corrected. Since I *asked* them to mail me, I guess that was acceptable. Oh, and I got the confirmation mail, too.:)
Oh. Well, that's a sensible way for it to behave in most situations, though I guess that's less than helpful in the poster's. Bringing the interface up and down every 20 seconds wouldn't be terribly efficient load-balancing...:)
Thanks. It sure is rare that I learn something useful from Slashdot...
Don't walk on eggshells. You aren't doing anybody any favors.
He's doing himself a favor, by not having to deal with the issues presented in the FAQ. Unfortunately for those who think otherwise, the site operator's opinion is all that matters.
That said, I think that setting up squid and pointing links through a slashdot-operated caching proxy would be a good idea. Not that I see it happening anytime soon...
You've got round-robin for the outside coming in, that's about as good as you'll probably get without some specialized hardware. For the outbound traffic, you could use iptables' round-robin masquerading. Set up your gateway so that all outbound traffic goes into it. Then set up a rule to masquerade a range of IPs - 2 IPs, in this case. So all of your outgoing traffic appears to have one of 2 source addresses.
This is where I get kinda fuzzy on the setup. You have to figure out a way to send traffic with source address 1 out the cable side while traffic with source address 2 goes out the DSL side. I'm not sure exactly how to do so, but at least that gets you to the point where you just have to filter on one of two source addresses...
Alternatively, what happens when you add 2 default gateways to your routing table? Can you just stick one machine on each cable/dsl connect, and have your network gateway use those 2 machines as its default gateways? That'd be cool if it worked...:)
Bah, I just changed my A/C filter for the first time in over a year, and it looks like it needed changed before I moved in. That Anthrax would belong dead before I got it.
I still wish someone would send me a copy of Anthrax's "Attack of the Killer B's", though, or perhaps "Return of the Killer A's", as I don't yet have those two albums... (yes, "Keep it in the Family" keeps running through my head whenever a new Anthrax infection shows up).
Slashdot Mirror
sites with big middle-of-the-page ads get images blocked by squid and perl. Slashdot's ads are explicitly allowed right now, but if they get big and/or obtrusive, they will be blocked as well. As they are, I leave them in (and even click them sometimes) in order to support the dot.
(foolishly responding to an anonymous coward) I'm faulting them for trying to stop napster at the "cloudmaster's pc" level, instead of at the "napster as a company" level. I agree - Napster sucks. Feel free to check out my mp3 collection, then walk over to my stack of CDs. Every copyrighted mp3 in my collection has a corresponding CD in the stack. None of the free mp3s came [directly] from napster.
When Sony as a company decides that their consumers are relevent, I'll consider giving them my money again. Until that time, however, Sony is just another big music company that wants to trample all over a bunch of my rights in some feeble attempt to stop one possible form of copyright violation (napster, in this particular case). There are legitimate uses for Napster (and clones), and there are better ways to "combat" file sharing.
Unfortunately for Sony, they're still firewalled at my wallet, due to the article at http://slashdot.org/article.pl?sid=00/08/23/021223 2
Wake me when some other company starts selling these.
The article was somewhat deceptive in titling, and the author did give the nod on the server side. But you're right, it essentially re-hashed the same thing we keep eharing (and doing nothing about), like the way developers will come up with a whole bunch of programs doing the same thing (KDE, gnome, etc, etc) instead of working together. I know, different goals, slightly different niche. I tend to write my own code when I need to do something, even if a program already exists to do pretty much what I want. Anyway, I'm not sure those points needed hashing out over the 6 or 7 pages that they gave to it. Then again, I don't think that the whole lord of the rings thing they did in that issue needed to be as long as it was either. Heck, I don't think the *magazine* needs to be so damned long.
That reminds me, is anyone else who got 1 trial issue of "maximum linux" now apperently getting Wired for free? I've gotten the last 3 or 4 issues now, and have never even suggested that I'd like to subscribe...
Viola.
(remark aside: why do I get these 'key' errors?)
I got that on an earlier post, too. I figured it was a result of the flood of postings to a "something wrong with linux" message from the over-zealous linux fans and the over-excited linux-bashers. The new slashcode seems to have been buckling just a little under the tremendous loads that are placed on it... (not that I could quickly write anything better, mind you)
Precisely the point I was goint to make. We've got several linux boxes here, but only one has user accounts on it that could be used for this kind of exploit. The other boxes have several accounts, but the only ones that can be logged into are me (the admin), root (also me), and, on a couple of them, the guy who was the admin a few years ago (who I would trust with root and who still works for the company in a different capacity).
Guess what, I'm not real worried about this bug. I suppose it's time to upgrade the kernel anyway, though - it's been a few months. Wake me up if someone finds a *remotely* executable bug with any of my customized Linuxen. 'Till then, Windows' are *still* less secure than Linux.
So, what happens when you have a request coming from behind an iptables firewall (or something else that does this) using "iptables -A POSTROUTING -s $INTERNAL -j SNAT --to 10.1.1.1-50" (assuming I didn't mangle the syntax) and thus have requests that rotate through the 10.1.1.1 to 10.1.1.50 IP range? This is fairly common, and breaks things that depend on the remote IP for session tracking.
This technology would likely induce road rage in me, what with the crying and picture taking. Besides, my cars already display too many emotions (mad, irritated, lazy, etc).
I wish that wasn't insightful, but it's true. :( Stupid real world, not working the way it theoretically should...
Bah. Ignore the newcomers, what could they possibly contribute? ;)
My cat will also fetch things. He generally prefers the little safety rings off of gallon jugs, because he can step on the side and flip them up, then hook them over his lower teeth. He'll either run and chase the things or jump and grab them out of the air over his head, depending on how high/hard you throw them; then he'll trot back and drop them in my hand. He'll do that for *hours* - I usually get tired of it well before he does. To offset that entertaining talent, he'll occasionally jump headlong into the screen door thinking he's gonna nab a bird outside. :)
I need to get him to open the fridge door now...
I bought nero. Nero rocks. You, too, should buy Nero. :)
Log out and check your profile from everyone else's point of view - your address isn't visible. :) It is on your web page, however... I'll see if I can find a copy of that message. Hmm, maybe "cat /dev/null | mutt matt" will get the message back...
The incomming traffic is mainly getting a directory listings and requesting files, this is by nature small stuff. Look at the top of your web browser you send maybe 100 bytes to request most webpage and the server sends back about 100K.
Umm, that was my point. If the firewall works, then it will stop requests from ever getting to the server. All the RIAA can do is send a lot of small requests to the server, which will never get past the firewall that's blocking all traffic from them. I suppose that you'd have a point if this hypothetical firewall didn't actually stop any traffic, but then it wouldn't be a firewall. I made the asusmption that, when the poster said "block at my firewall", his firewall would actually block the traffic.
imap provides for sharable folders, wherin everyone could keep some randomly standardized text document with a schedule, and every mail client worth a damn supports many-user and single-user address books stored on an LDAP server. As with most good protocols, IMAP does one thing and does it well.
So the incoming traffic is slowed down. You're still just sending out a little packet to the RIAA, while your legitimate users are barely affected once they manage to connect. I agree, though, your service provider (and all others) should ban traffic originating from anything controlled by the RIAA/MPAA/whatever. Just think how nice it'd be to globally block verbal and written communication from them too.
Since you didn't provide an email address, I sent a message to /dev/null.
Yes, ha ha, that document created in one crappy program doesn't open right in another program. Ha ha ha. Ha ha.
Maybe they'll laugh hard at the people who created the docs in a non-portable format instead. Maybe they'll require that documents get converted to a useful standard. Yeah, that's what will happen.
Pine used to do this when you first started it. I don't know if it still does, since I've graduated to mutt, but a few years ago I remember sending a bunch of "new linux box" mails to the pine counter. I wonder if those stats are available anywhere...
I'm #108731. I only received mail when I realised that the email I signed up with had gone away years ago, and had to send a few messages back and forth to establish my identity and get the entry corrected. Since I *asked* them to mail me, I guess that was acceptable. Oh, and I got the confirmation mail, too. :)
:)
The image has been on my personal page (http://www.cloudmaster.com/cloudmaster/)
for a long time... Oh, the memories. Sniff.
Oh. Well, that's a sensible way for it to behave in most situations, though I guess that's less than helpful in the poster's. Bringing the interface up and down every 20 seconds wouldn't be terribly efficient load-balancing... :)
Thanks. It sure is rare that I learn something useful from Slashdot...
Don't walk on eggshells. You aren't doing anybody any favors.
He's doing himself a favor, by not having to deal with the issues presented in the FAQ. Unfortunately for those who think otherwise, the site operator's opinion is all that matters.
That said, I think that setting up squid and pointing links through a slashdot-operated caching proxy would be a good idea. Not that I see it happening anytime soon...
You've got round-robin for the outside coming in, that's about as good as you'll probably get without some specialized hardware. For the outbound traffic, you could use iptables' round-robin masquerading. Set up your gateway so that all outbound traffic goes into it. Then set up a rule to masquerade a range of IPs - 2 IPs, in this case. So all of your outgoing traffic appears to have one of 2 source addresses.
:)
This is where I get kinda fuzzy on the setup. You have to figure out a way to send traffic with source address 1 out the cable side while traffic with source address 2 goes out the DSL side. I'm not sure exactly how to do so, but at least that gets you to the point where you just have to filter on one of two source addresses...
Alternatively, what happens when you add 2 default gateways to your routing table? Can you just stick one machine on each cable/dsl connect, and have your network gateway use those 2 machines as its default gateways? That'd be cool if it worked...
Bah, I just changed my A/C filter for the first time in over a year, and it looks like it needed changed before I moved in. That Anthrax would belong dead before I got it.
I still wish someone would send me a copy of Anthrax's "Attack of the Killer B's", though, or perhaps "Return of the Killer A's", as I don't yet have those two albums... (yes, "Keep it in the Family" keeps running through my head whenever a new Anthrax infection shows up).