Check out the netfilter/iptables documentation. It does not advise using the REJECT target over DROP in most configuration examples. Most examples given use the DROP target, simply dropping packets without a rejection notification. Note that the DENY target is the same as DROP.
I believe that the correct action would be to use a target of "REJECT".
Note that --reject-with icmp-port-unreachable is the default for the REJECT target, so stating it is superfluous.
http://www.netfilter.org/documentation/index.htm l
You are correct, but the bad behavior is encouraged everywhere, not just for Windows users.
If you have a GNU/Linux implementation, I encourage you to use the REJECT --reject-with icmp-port-unreachable target to cover your host ports rather than DROP, unless performance or true security reasons prevent you from doing so. Note that LIMITing your replies is probably a good idea at perhaps 10% of the link total bandwidth, or something reasonable.
I must agree with this post. I have an Olympus C-3000 that uses SmartMedia, and have seen a number of friend's cameras and how they operate. I have seen and experienced more problems with SmartMedia than any other. Ironically the problem it's with the media but with the devices that write to the media.
The reason for this is that "SmartMedia" is actually "ReallyDumbMedia", in that it doesn't have any embedded controller intelligence. This resulted in a bunch of problems with early SmartMedia devices which were programmed badly and could not have their firmware updated. If the devices writing to the card fail to behave and all conform to the exact format standards, the card becomes corrupt and all data is lost. For applications where you might take you card from your camera, to your computer, and then your PDA, this spells real trouble.
The only advantage to all of this is that SmartMedia is cheaper to manufacture due to it's dumbness.
These problems are why Olympus and Fuji have dumped SmartMedia and came out with the XD card -- to fix some of the problems that SmartMedia had. I have not had any experience with XD yet though.
SmartMedia is physically pretty tough, completely protected to submersion in liquid, and it's very very thin (credit card thin). It's good for write few/read many applications, but not for writing in different devices that don't have good operating systems.
The original post is off topic and troll. I don't see why this was moderated up. If you want to discuss the issue, take it elsewhere. The fact that it was a government in Arizona that's doing it was accidental.
Note that I live in the Phoenix metro area. The gas, electrical, and water supply issues are interesting, but this isn't about that.
I have a Sun SparcStation 10 sitting behind me. It was manufactured in 1993. SparcStations of that time used something called a "Framebuffer", which was a sort of integrated video card and serial port for the monitor, keyboard, and optional mouse. I believe they support something like 3-4 framebuffers, so that means 3-4 monitor, keyboard, and mouse combinations with one single SparcStation. The SparcStation 2, 10, 20, and several others all supported this kind of configuration. You connect the keyboard and mouse into the monitor rather than the system itself.
I still use this SparcStation today. It has a HUGE 128MB of RAM (all eight 200pin SIMM slots filled), a 50Mhz processor, a 2GB hard drive, 19" monitor, and a 10baseT build in Ethernet port. I even have the speaker and microphone parts.
I have several Diamond MX300, Aureal2 chipset, sound cards. I tried to use ALSA to get support. I gave up out of frustration and used an OSS driver. After much frustration, I was able to get it to work for my desktop.
Even the latest Knoppix (2004-02-16) CD doesn't support my Aureal2 card. Yes, support sucks because Creative Labs bought Aureal and has refused to release support info for the cards, but there are drivers that work. The problem isn't the code, it's the documentation.
While looking for documentation on ALSA, I found this gem;
Intel could really help by releasing information about old equipment so that the community can develop drivers for equipment.
For example, I have an Intel 2200 ADSL PCI card that doesn't have any drivers for Linux or BSD. This card was given out by the Qwest ILEC in the last few years and there are a lot of them out there. I can't do anything with mine though. I hang onto it hoping that someone out there will be more resourceful than I am.
I hear the same thing happened with EA killing off Westwood not too long ago. They had just finished a couple of profitable games and then they fired everyone and shut the studio down. The money kept coming in after the title was released.
EA's cheap labor studios are Vancouver Canada and Orlando Florida. EARS is the exception -- hey, the executives have to work somewhere!
For the endless hordes of entry-level fools who think that the gaming industry is any fun; you are mistaken. It's hard core work, the chances of a payoff are slim, and most ventures end in chapter 7 -- just like my last one.
I am not against making the exploit public at all -- just not within the first few days of the exploit discovery. Considering the quantity of systems effected and the fact that many Cisco devices are remote makes patching difficult.
Personally, I want to throw the exploit against some of my own equipment just for fun too.
There will be Cisco devices vulnerable to this exploit for years to come. As a consultant, I commonly come across old Cisco routers that have not had their software upgraded in years. Not every sysadmin knows how to deal with a Cisco -- they just pass traffic through it.
Importance of shaming those who published this exploit
There was very little time to act upon the new IOS version that Cisco provided to the public. The software upgrades were available to the public on Thursday morning at 00:00. CERT made their announcement about 15 minutes later. Today, the exploit is public. That is less than 48 hours to upgrade the hundreds of thousands (if not million+) Cisco routers across the world.
This is the most important security event effecting the Internet since the root DNS server attacks some time back, and this one is potentially much more severe. I have been surprised at the lack of media attention of this issue, or how some of my technical colleges have treated it. They don't seem to understand how many Cisco routers are out there.
It needs to be shown that by making the exploit of this vulnerability public so soon, the persons who did this only did so for publicity gain at the expense of others.
They hurt others to profit themselves, and that is no more cool than slavery is. And what did they get out of it? "My dick is bigger than yours."
I just don't want this to pass over and the people who made this exploit public think that what they did was cool, or that they are going to get a lot of admiration or karma for it. If they like the Internet, which they probably do, they just did the most harmful thing to it as they could have possibly done.
You wrote; > If you want to run a real mail server, perhaps > you should get a real internet conenction, like > Colocation or T1.
I hope that you get fired from your job at your ISP. I hope that your employer, ATGI.NET, Advanced TelCom Group Inc., knows that you are using their equipment and resources for your PERSONAL use, as indicated below.
Then and only then will you knocked out of your warm chair and understand the pain that persons like myself and others have to deal with because of people like you and your high and mighty attitudes.
What do you do for your customers who are sysadmins or geeks who want to run a server off of their DSL line? Do you say, "Pay me more money for the HONOR of being delegated reverse DNS, bitch!" or do you give them a viable option to use a service which every host on the Internet should have -- a forward and reverse DNS entry? I doubt you would lift your NOC living, phone-droid answering, disservice providing ass to help the Internet. But I am sure you want your DNS server to work that way.
--
Whois info for, DEVOLUTION.COM:
Registrant:
Devolutional Studies
1073 Mohr Lane
#B
Concord, CA 94518
US
Domain name: DEVOLUTION.COM
Administrative Contact:
Call, Scott scall@devolution.com
1073 Mohr Lane
#B
Concord, CA 94518
US
925-212-2200
Technical Contact:
Call, Scott scall@atgi.net
110 Stony Point Rd
2nd Floor
Santa Rosa, CA 95401
US
707-284-5000 Fax: 707-284-5001
Registration Service Provider:
Advanced Telcom Group, hostmaster@atgi.net
707-284-5000
This company may be contacted for domain login/passwords, DNS/Nameserver changes, and general domain support questions.
Registrar of Record: TUCOWS, INC.
Record last updated on 09-Mar-2003.
Record expires on 08-Apr-2004.
Record Created on 07-Apr-1995.
> Blocking reverse is fine; make your ignorant ISP fix your service.
Please read my original post. My ISP *is* ignorant *and* stupid. They are also the *only* ISP from which I can obtain service. My other choice is Adelphia cable, and they block port tcp 25 inbound. They also explicitly prohibit servers.
I can't get my ISP to do the reverse DNS. I can't get them to delegate it, or even set it on their own servers. I have called and requested this service. They will not support my needs.
Blocking reverse DNS is not fine, unless blocking legitimate non-spam mail is okay for you.
My only option to conform to your ideal is to move to a new location that has an ISP that will provide the needs which I have. That is absurd.
> Sometimes, as is in my case, the ISP wants money for an RDNS service. I can't afford to pay it.
Paying for DNS would be okay, if it was an option at all. Paying an absurd about for delegation of reverse DNS should be criminal. A reverse DNS delegation is as much as right as having a public IP address.
It is more ignorance of ISPs, and persons like yourself, poster, who have caused this problem.
Where is your mail server? You don't have one? Please withhold your opinion until you have experienced the establishment of a mail server, only to have your mail blocked by over zealous administrators. Or is it at work? I wish you fired from your job and then feel the pain that I do. I wish you to get a clue and understand that I don't like spam, but blocking those with a legitimate message to send is extreme.
I would have no problem with this, if I just had viable options. I would even pay DOUBLE what I pay now, if there was just a provider who could provide me with the services that I want, but there isn't, so I can't, so I don't.
This issue is somewhat related, and is just another part of the big issue of preventing users from setting up their own services upon their Internet connections. If you can't send an receive any data that you want, it's not true Internet access. Now, I am not talking about setting up a mail server at work behind the corporate firewall, or on the college LAN. I am talking about the DSL line that I pay $55 to $150 a month for.
Recently I put up a personal mail server off of my DSL line. It uses Courier for the MTA. I am able to send and receive mail to most hosts on the internet, but a few will not accept messages from my mail server. I was curious as to why, so I did an investigation.
It turns out that these mail servers check reverse DNS for the IP address that I am using for a mail server. Doing a forward DNS check would be just fine, but a reverse DNS check? It does not stop spam, and worse, it blocks legitimate mail servers.
My ISP is pretty stupid on the technical wise. They use EIGRP as their IGP and they leave their customers on a live EIGRP enabled interface. I could inject routes into their IGP if I wanted to. Most of their Cisco routers also have HTTP and finger enabled. They definitely don't do anything about reverse DNS. There is no way that I can register my mail server (mail.opendreams.net) with the IP that I use (66.192.31.140).
The mail servers that I have so far discovered block mail from me include;
The University of Central Florida, @pegasus.cc.ucf.edu, pegasus.cc.ucf.edu
Datanomix Inc, @datanomix.com, mail.datanomix.com
How did I find out? Here is an example of a telnet to port 25 that I did...
user@sorrows-->telnet pegasus.cc.ucf.edu 25 Trying 132.170.240.30... Connected to Pegasus.cc.ucf.edu. Escape character is '^]'. EHLO mail.opendreams.net 450 Client host rejected: cannot find your hostname, [66.192.31.140] QUIT 221 Bye Connection closed by foreign host.
The mail server won't even talk to me.
Issues like this will make mail on the Internet no longer a sure thing. There will be mail routing and blocking issues all over, and you can't be sure that one mail server will talk to another. This is not acceptable.
I personally think that there needs to be U.S. Federal laws made to protect the rights of Internet users. The reason that I think that law is necessary is that there is no competition in many areas for internet access. If there was, I could just switch carriers, but I have no options.
Number Portability A Bad Idea That You Get To Pay For Anyway
--
Number portability was always a bad idea. Everyone here should know of the concepts of IP addressing, routing tables, and DNS. DNS you take with you. You can change your ISP, and all of your IP addresses, but the names (DNS names) of hosts stay the same. IP addresses, such as those who Quest, AT&T, or WCOM might have provided to you, are non portable. You can't take them with you if you leave the provider providing the addresses (unless you bought them from ARIN/RIPE/APNIC directly).
IP network engineers know about bloat in routing tables, and how the efficient allocation of IP addresses to carriers and customers saves the day through route aggregation. That is, the route 10.0.1.0/24 and route 10.0.2.0/24 can be summarized as 10.0.1.0/23. Now, what would happen if you had to have a route for every single IP address? It would be impossible to maintain routing tables. That is why concurrent blocks are assigned to ISPs and organizations (or at least they try to). It takes at least 128MB of RAM to get BGP routing tables these days, and it could get worse over time. IPv6 might save the day, because of efficient allocation though. When IP addresses were initially given out without regard to the effects towards routing tables -- they had no idea.
But phone numbers are addresses! There is no concept of DNS, which would provide an abstract later. The result is that number portability will ruin the calling table that voice switches have. Area codes defined geographical areas, and NPA-XXX defined a central office, (such as 1-602-555-1234, 555 would be for the central office). But now, that will not be possible.
Thus, number portability is the road to ruin for voice networks. And that is why, in the future, a completely new dialing scheme will be necessary.
But the really really bad news is that you have been paying for number portability for YEARS, and getting nothing. And in the future, you will just get a bigger bill because of the costs that number portability is going to cause for voice providers.
Number portability is a bad idea, top to bottom. But I am just an IP engineer. I would love to hear what a telco/voice engineer has to say about this.
Poor managment. You are right. Their products were pretty good. They could have been making Nvidia based video cards these days, but being bought by a stupid compnay like S3 killed them. S3 has only made poor performing video chipset in the last few years.
I am located in Orlando Florida and have been looking for work over the last six months or so. I have been checking job ads within the Titusville, Melbourne, Orlando, and Tampa metro areas. This excludes Miami and Jacksonville metros.
I have seen a few ads requesting GNU/Linux experience. Only one or two mentioned FreeBSD, which is a real shame. A lot request Solaris, AIX, and HPUX. By far, the most significant requests are for Microsoft systems administrators though (75% or greater) You have to consider that this is not Silicon Valley over here. There are a lot of government contractors, call centers, real estate business, health care, and banking. Almost all of the companies that requested GNU/Linux experience were small or had been in business for less than 20 years.
I would say that out of the last 100 unique job posts that I have seen, 10 have requested GNU/Linux experience. One even requested that you had to submit your resume in Open Office format, which I think is a great way to weed out some of the fools.
One ad requested Debian. The rest were Red Hat. I do not recall requests for any other distributions.
It is of worthy note that Largo Florida is part of the Tampa metro area. You may remember some stories on Slashdot about how the local government of Largo uses GNU/Linux. And yes, I have seen several requests for GNU/Linux over in the Tampa metro area. A few in Orlando, and few to none in Titusville and Melbourne.
Hi to anyone in Orlando who go to hear John Hall speak about a week ago! I was there, and was the one that stole the last chocolate cookie! Ha ha!
I bought a SoundBlaster Audigy card the last time that I upgraded my computer. I thought that Creative would have learned the lessons from making the SB 64, 128, and Live! cards, but no. My SoundBlaster Audigy makes a huge pop sound whenever the system is powered on or off. The sound also sometimes goes away while playing certain games. The AWE 32 Gold really was the last great Creative sound card -- trust those other posters who say so, they know it.
If it was not for the fact that Aureal went out of business. and driver support under Windows 2000 and XP was so poor (or at least was the last time I knew), I would have never stopped using the Diamond MX300 Audigy 2 chipset based cards that I have. I even use one of the two cards that I have on my GNU/Linux desktop, which gives fantastic sound!
As a systems administrator who is often purchasing hardware, Creative as a company does a really poor job. The driver nightmare is the worst. You find one of their cards, it has a model number on it, and the Creative website fails to list it -- it is like they don't support it. Sometimes you can find the product by name, but finding the drivers that you need on their website is a terrible. Just figuring out what product you have based upon their model numbers is a real challenge.
Creative sound cards are heavy on the marketing. What the hell can the justification for a consumer, NOT professional (Ask a pro, they will tell you, Creative = bad) sound card that costs over $80 be?
Creative is a really good example of a company marketing strategy though. They have really managed to build a demand for a product. It is like printing money, once you convince people that your product is worth more than it really is for the sake of status or whatever the reason is that people continue to buy Creative sound cards.
You then might decide that you want to make games because it is challenging and fun.
And then you will find that there are 100,000 screaming children at your door about how your games suck, they want a job "playing games all day, and how they want.... blah blah bla blah my-little-feature-that's-stupid in 'their' game that has no chance of being marketable.
And then the process will have gone full circle.
I work in the gaming industry as a network engineer/sysadmin.
Imperator said: Is it just me or is this guy subtly looking for a job?
--
You know damn right!
Yes, the shameless plug is that I am looking for a job. The good news is that I have a phone interview with a major computer gaming software developer come Monday. Wish me luck.
I worked for a computer gaming software development company called Maximum Charisma Studios in 2001-2002. I was the systems and network engineer, doing all of the production and corporate infrastructure -- desktops, servers, Microsoft, GNU/Linux, WAN and LAN networking.
Maximum Charisma actually produced their first software title called Fighting Legends to store shelves, which was a huge accomplishment considering that we were independent. We had Sony manufacture the CDs and a few other things, but we handled distribution. We outsourced some customer service agents for the anticipated needs of customers, but that was about it. The company consisted of about 30 people at it's height.
Fighting Legends was supposed to be a Multiplayer Online Real Time Strategy (MMORTS) game. It required a network connection that I metered out to be an average of something like 25Kbps bursting to 80Kbps per user for the persistent connection. Latency was a big issue, with the edge of enjoyment being about 250ms.
There was trouble with Fighting Legends. The big mistake was design. The game was designed poorly because the company was inexperienced. It lacked story, it lacked refinement of play, and it lacked fun. The game was not fun, so nobody played it. I know the actual statistics of how many players we had, how many at one time, etcetera, but I am not going to quote them. Instead I will just say that we didn't have enough.
The overhead to keep the company going without the subscription cost meeting the break even point is what killed the company. We could have gotten more money, we could have really cut down on spending, we could have probably made it for the second title if it was not for the overhead costs of Fighting Legends. It was the data center costs that were the killer -- $900 per month per cabinet, and about $5K+ per month for power data and other service costs.
Maximum Charisma took about 2.5 years of development time. The product was on the shelf on November 1st of 2001. The company called it quits on January 29th 2002, even though the servers stayed up for almost two months after.
Here are is a picture from Maximum Charisma Studios of our data cabinets. This is off of a 1.5Mbps VDSL line, so be wary. And don't even tell me about cable management. We got those 65 some odd servers out of box, software loaded, and in the rack within 72 hours. It was a break neck operation. As for the hardware costs of all of this equipment that you see, it was something like $450K -- I still have the receipts to prove it. http://www.Opendreams.net/jesse/images/Maximu m_Cha risma_Studios/20011030_MaxCha/P1010045.JPG
Here is the Maximum Charisma death notice; http://pc.ign.com/articles/354/354578p1.h tml
Slashdot Mirror
Check out the netfilter/iptables documentation. It does not advise using the REJECT target over DROP in most configuration examples. Most examples given use the DROP target, simply dropping packets without a rejection notification. Note that the DENY target is the same as DROP.
m l
I believe that the correct action would be to use a target of "REJECT".
Note that --reject-with icmp-port-unreachable is the default for the REJECT target, so stating it is superfluous.
http://www.netfilter.org/documentation/index.ht
You are correct, but the bad behavior is encouraged everywhere, not just for Windows users.
If you have a GNU/Linux implementation, I encourage you to use the REJECT --reject-with icmp-port-unreachable target to cover your host ports rather than DROP, unless performance or true security reasons prevent you from doing so. Note that LIMITing your replies is probably a good idea at perhaps 10% of the link total bandwidth, or something reasonable.
Corrections to my comments welcome.
I must agree with this post. I have an Olympus C-3000 that uses SmartMedia, and have seen a number of friend's cameras and how they operate. I have seen and experienced more problems with SmartMedia than any other. Ironically the problem it's with the media but with the devices that write to the media.
The reason for this is that "SmartMedia" is actually "ReallyDumbMedia", in that it doesn't have any embedded controller intelligence. This resulted in a bunch of problems with early SmartMedia devices which were programmed badly and could not have their firmware updated. If the devices writing to the card fail to behave and all conform to the exact format standards, the card becomes corrupt and all data is lost. For applications where you might take you card from your camera, to your computer, and then your PDA, this spells real trouble.
The only advantage to all of this is that SmartMedia is cheaper to manufacture due to it's dumbness.
These problems are why Olympus and Fuji have dumped SmartMedia and came out with the XD card -- to fix some of the problems that SmartMedia had. I have not had any experience with XD yet though.
SmartMedia is physically pretty tough, completely protected to submersion in liquid, and it's very very thin (credit card thin). It's good for write few/read many applications, but not for writing in different devices that don't have good operating systems.
I am with you. I have a Nokia 8290 with TMobile as my carrier. I like small.
The original post is off topic and troll. I don't see why this was moderated up. If you want to discuss the issue, take it elsewhere. The fact that it was a government in Arizona that's doing it was accidental.
Note that I live in the Phoenix metro area. The gas, electrical, and water supply issues are interesting, but this isn't about that.
I have a Sun SparcStation 10 sitting behind me. It was manufactured in 1993. SparcStations of that time used something called a "Framebuffer", which was a sort of integrated video card and serial port for the monitor, keyboard, and optional mouse. I believe they support something like 3-4 framebuffers, so that means 3-4 monitor, keyboard, and mouse combinations with one single SparcStation. The SparcStation 2, 10, 20, and several others all supported this kind of configuration. You connect the keyboard and mouse into the monitor rather than the system itself.
I still use this SparcStation today. It has a HUGE 128MB of RAM (all eight 200pin SIMM slots filled), a 50Mhz processor, a 2GB hard drive, 19" monitor, and a 10baseT build in Ethernet port. I even have the speaker and microphone parts.
For Win32, there is ESBUnitConv. It's free for non-commercial use. No source, binary-only. It's useful.
http://www.esbconsult.com/esbcalc/esbunitconv.htm
For unix, there is "units", but it's a little too hard-core for the average user.
Even the latest Knoppix (2004-02-16) CD doesn't support my Aureal2 card. Yes, support sucks because Creative Labs bought Aureal and has refused to release support info for the cards, but there are drivers that work. The problem isn't the code, it's the documentation.
While looking for documentation on ALSA, I found this gem;
http://alsa.opensrc.org/index.php?page=AlsaComplai nt
To this day, I won't even look at ALSA. As long as this OSS driver is working, I have no motivation to change.
I don't like the idea of a GNU/Linux exclusive sound system anyway. I use BSD too.
Intel could really help by releasing information about old equipment so that the community can develop drivers for equipment.
For example, I have an Intel 2200 ADSL PCI card that doesn't have any drivers for Linux or BSD. This card was given out by the Qwest ILEC in the last few years and there are a lot of them out there. I can't do anything with mine though. I hang onto it hoping that someone out there will be more resourceful than I am.
http://www.intel.com/network/broadband/modems/d
Thank you Nathan. -- echo what he said
Same here -- run a mail server, it's Courier on Debian GNU/Linux.
I hear the same thing happened with EA killing off Westwood not too long ago. They had just finished a couple of profitable games and then they fired everyone and shut the studio down. The money kept coming in after the title was released.
EA's cheap labor studios are Vancouver Canada and Orlando Florida. EARS is the exception -- hey, the executives have to work somewhere!
For the endless hordes of entry-level fools who think that the gaming industry is any fun; you are mistaken. It's hard core work, the chances of a payoff are slim, and most ventures end in chapter 7 -- just like my last one.
I like full disclosure -- just not within 48 hours of such a major vulnerability.
Almost two days is not sufficient time given the quantity of systems that this problem effects and the severity of the problem.
I am not against making the exploit public at all -- just not within the first few days of the exploit discovery. Considering the quantity of systems effected and the fact that many Cisco devices are remote makes patching difficult.
Personally, I want to throw the exploit against some of my own equipment just for fun too.
There will be Cisco devices vulnerable to this exploit for years to come. As a consultant, I commonly come across old Cisco routers that have not had their software upgraded in years. Not every sysadmin knows how to deal with a Cisco -- they just pass traffic through it.
Importance of shaming those who published this exploit
There was very little time to act upon the new IOS version that Cisco provided to the public. The software upgrades were available to the public on Thursday morning at 00:00. CERT made their announcement about 15 minutes later. Today, the exploit is public. That is less than 48 hours to upgrade the hundreds of thousands (if not million+) Cisco routers across the world.
This is the most important security event effecting the Internet since the root DNS server attacks some time back, and this one is potentially much more severe. I have been surprised at the lack of media attention of this issue, or how some of my technical colleges have treated it. They don't seem to understand how many Cisco routers are out there.
It needs to be shown that by making the exploit of this vulnerability public so soon, the persons who did this only did so for publicity gain at the expense of others.
They hurt others to profit themselves, and that is no more cool than slavery is. And what did they get out of it? "My dick is bigger than yours."
I just don't want this to pass over and the people who made this exploit public think that what they did was cool, or that they are going to get a lot of admiration or karma for it. If they like the Internet, which they probably do, they just did the most harmful thing to it as they could have possibly done.
You wrote;
> If you want to run a real mail server, perhaps
> you should get a real internet conenction, like
> Colocation or T1.
I hope that you get fired from your job at your ISP. I hope that your employer, ATGI.NET, Advanced TelCom Group Inc., knows that you are using their equipment and resources for your PERSONAL use, as indicated below.
Then and only then will you knocked out of your warm chair and understand the pain that persons like myself and others have to deal with because of people like you and your high and mighty attitudes.
What do you do for your customers who are sysadmins or geeks who want to run a server off of their DSL line? Do you say, "Pay me more money for the HONOR of being delegated reverse DNS, bitch!" or do you give them a viable option to use a service which every host on the Internet should have -- a forward and reverse DNS entry? I doubt you would lift your NOC living, phone-droid answering, disservice providing ass to help the Internet. But I am sure you want your DNS server to work that way.
--
Whois info for, DEVOLUTION.COM:
Registrant:
Devolutional Studies
1073 Mohr Lane
#B
Concord, CA 94518
US
Domain name: DEVOLUTION.COM
Administrative Contact:
Call, Scott scall@devolution.com
1073 Mohr Lane
#B
Concord, CA 94518
US
925-212-2200
Technical Contact:
Call, Scott scall@atgi.net
110 Stony Point Rd
2nd Floor
Santa Rosa, CA 95401
US
707-284-5000 Fax: 707-284-5001
Registration Service Provider:
Advanced Telcom Group, hostmaster@atgi.net
707-284-5000
This company may be contacted for domain login/passwords, DNS/Nameserver changes, and general domain support questions.
Registrar of Record: TUCOWS, INC.
Record last updated on 09-Mar-2003.
Record expires on 08-Apr-2004.
Record Created on 07-Apr-1995.
Domain servers in listed order:
NS1.ATGI.NET 216.174.194.53
NS2.ATGI.NET 216.174.194.54
NS3.ATGI.NET 216.174.194.41
--
You wrote;
> Blocking reverse is fine; make your ignorant ISP fix your service.
Please read my original post. My ISP *is* ignorant *and* stupid. They are also the *only* ISP from which I can obtain service. My other choice is Adelphia cable, and they block port tcp 25 inbound. They also explicitly prohibit servers.
I can't get my ISP to do the reverse DNS. I can't get them to delegate it, or even set it on their own servers. I have called and requested this service. They will not support my needs.
Blocking reverse DNS is not fine, unless blocking legitimate non-spam mail is okay for you.
My only option to conform to your ideal is to move to a new location that has an ISP that will provide the needs which I have. That is absurd.
> Sometimes, as is in my case, the ISP wants money for an RDNS service. I can't afford to pay it.
Paying for DNS would be okay, if it was an option at all. Paying an absurd about for delegation of reverse DNS should be criminal. A reverse DNS delegation is as much as right as having a public IP address.
It is more ignorance of ISPs, and persons like yourself, poster, who have caused this problem.
Where is your mail server? You don't have one? Please withhold your opinion until you have experienced the establishment of a mail server, only to have your mail blocked by over zealous administrators. Or is it at work? I wish you fired from your job and then feel the pain that I do. I wish you to get a clue and understand that I don't like spam, but blocking those with a legitimate message to send is extreme.
Thanks a lot, bastard.
Read the post that I just made about blocking IPs that don't have reverse DNS;
http://slashdot.org/comments.pl?sid=60679&cid=5
I would have no problem with this, if I just had viable options. I would even pay DOUBLE what I pay now, if there was just a provider who could provide me with the services that I want, but there isn't, so I can't, so I don't.
Blocking Mail Servers that don't have Reverse DNS
This issue is somewhat related, and is just another part of the big issue of preventing users from setting up their own services upon their Internet connections. If you can't send an receive any data that you want, it's not true Internet access. Now, I am not talking about setting up a mail server at work behind the corporate firewall, or on the college LAN. I am talking about the DSL line that I pay $55 to $150 a month for.
Recently I put up a personal mail server off of my DSL line. It uses Courier for the MTA. I am able to send and receive mail to most hosts on the internet, but a few will not accept messages from my mail server. I was curious as to why, so I did an investigation.
It turns out that these mail servers check reverse DNS for the IP address that I am using for a mail server. Doing a forward DNS check would be just fine, but a reverse DNS check? It does not stop spam, and worse, it blocks legitimate mail servers.
My ISP is pretty stupid on the technical wise. They use EIGRP as their IGP and they leave their customers on a live EIGRP enabled interface. I could inject routes into their IGP if I wanted to. Most of their Cisco routers also have HTTP and finger enabled. They definitely don't do anything about reverse DNS. There is no way that I can register my mail server (mail.opendreams.net) with the IP that I use (66.192.31.140).
The mail servers that I have so far discovered block mail from me include;
The University of Central Florida, @pegasus.cc.ucf.edu, pegasus.cc.ucf.edu
Datanomix Inc, @datanomix.com, mail.datanomix.com
How did I find out? Here is an example of a telnet to port 25 that I did...
user@sorrows-->telnet pegasus.cc.ucf.edu 25
Trying 132.170.240.30...
Connected to Pegasus.cc.ucf.edu.
Escape character is '^]'.
EHLO mail.opendreams.net
450 Client host rejected: cannot find your hostname, [66.192.31.140]
QUIT
221 Bye
Connection closed by foreign host.
The mail server won't even talk to me.
Issues like this will make mail on the Internet no longer a sure thing. There will be mail routing and blocking issues all over, and you can't be sure that one mail server will talk to another. This is not acceptable.
I personally think that there needs to be U.S. Federal laws made to protect the rights of Internet users. The reason that I think that law is necessary is that there is no competition in many areas for internet access. If there was, I could just switch carriers, but I have no options.
Number Portability A Bad Idea That You Get To Pay For Anyway
--
Number portability was always a bad idea. Everyone here should know of the concepts of IP addressing, routing tables, and DNS. DNS you take with you. You can change your ISP, and all of your IP addresses, but the names (DNS names) of hosts stay the same. IP addresses, such as those who Quest, AT&T, or WCOM might have provided to you, are non portable. You can't take them with you if you leave the provider providing the addresses (unless you bought them from ARIN/RIPE/APNIC directly).
IP network engineers know about bloat in routing tables, and how the efficient allocation of IP addresses to carriers and customers saves the day through route aggregation. That is, the route 10.0.1.0/24 and route 10.0.2.0/24 can be summarized as 10.0.1.0/23. Now, what would happen if you had to have a route for every single IP address? It would be impossible to maintain routing tables. That is why concurrent blocks are assigned to ISPs and organizations (or at least they try to). It takes at least 128MB of RAM to get BGP routing tables these days, and it could get worse over time. IPv6 might save the day, because of efficient allocation though. When IP addresses were initially given out without regard to the effects towards routing tables -- they had no idea.
But phone numbers are addresses! There is no concept of DNS, which would provide an abstract later. The result is that number portability will ruin the calling table that voice switches have. Area codes defined geographical areas, and NPA-XXX defined a central office, (such as 1-602-555-1234, 555 would be for the central office). But now, that will not be possible.
Thus, number portability is the road to ruin for voice networks. And that is why, in the future, a completely new dialing scheme will be necessary.
But the really really bad news is that you have been paying for number portability for YEARS, and getting nothing. And in the future, you will just get a bigger bill because of the costs that number portability is going to cause for voice providers.
Number portability is a bad idea, top to bottom. But I am just an IP engineer. I would love to hear what a telco/voice engineer has to say about this.
Poor managment. You are right. Their products were pretty good. They could have been making Nvidia based video cards these days, but being bought by a stupid compnay like S3 killed them. S3 has only made poor performing video chipset in the last few years.
Mismanagment.
I am located in Orlando Florida and have been looking for work over the last six months or so. I have been checking job ads within the Titusville, Melbourne, Orlando, and Tampa metro areas. This excludes Miami and Jacksonville metros.
I have seen a few ads requesting GNU/Linux experience. Only one or two mentioned FreeBSD, which is a real shame. A lot request Solaris, AIX, and HPUX. By far, the most significant requests are for Microsoft systems administrators though (75% or greater) You have to consider that this is not Silicon Valley over here. There are a lot of government contractors, call centers, real estate business, health care, and banking. Almost all of the companies that requested GNU/Linux experience were small or had been in business for less than 20 years.
I would say that out of the last 100 unique job posts that I have seen, 10 have requested GNU/Linux experience. One even requested that you had to submit your resume in Open Office format, which I think is a great way to weed out some of the fools.
One ad requested Debian. The rest were Red Hat. I do not recall requests for any other distributions.
It is of worthy note that Largo Florida is part of the Tampa metro area. You may remember some stories on Slashdot about how the local government of Largo uses GNU/Linux. And yes, I have seen several requests for GNU/Linux over in the Tampa metro area. A few in Orlando, and few to none in Titusville and Melbourne.
Hi to anyone in Orlando who go to hear John Hall speak about a week ago! I was there, and was the one that stole the last chocolate cookie! Ha ha!
I bought a SoundBlaster Audigy card the last time that I upgraded my computer. I thought that Creative would have learned the lessons from making the SB 64, 128, and Live! cards, but no. My SoundBlaster Audigy makes a huge pop sound whenever the system is powered on or off. The sound also sometimes goes away while playing certain games. The AWE 32 Gold really was the last great Creative sound card -- trust those other posters who say so, they know it.
If it was not for the fact that Aureal went out of business. and driver support under Windows 2000 and XP was so poor (or at least was the last time I knew), I would have never stopped using the Diamond MX300 Audigy 2 chipset based cards that I have. I even use one of the two cards that I have on my GNU/Linux desktop, which gives fantastic sound!
As a systems administrator who is often purchasing hardware, Creative as a company does a really poor job. The driver nightmare is the worst. You find one of their cards, it has a model number on it, and the Creative website fails to list it -- it is like they don't support it. Sometimes you can find the product by name, but finding the drivers that you need on their website is a terrible. Just figuring out what product you have based upon their model numbers is a real challenge.
Creative sound cards are heavy on the marketing. What the hell can the justification for a consumer, NOT professional (Ask a pro, they will tell you, Creative = bad) sound card that costs over $80 be?
Creative is a really good example of a company marketing strategy though. They have really managed to build a demand for a product. It is like printing money, once you convince people that your product is worth more than it really is for the sake of status or whatever the reason is that people continue to buy Creative sound cards.
Try programming. You might find it entertaining.
You then might decide that you want to make games because it is challenging and fun.
And then you will find that there are 100,000 screaming children at your door about how your games suck, they want a job "playing games all day, and how they want.... blah blah bla blah my-little-feature-that's-stupid in 'their' game that has no chance of being marketable.
And then the process will have gone full circle.
I work in the gaming industry as a network engineer/sysadmin.
old CIO article, it includes a computer gaming firm, EA Tiburon of Orlando Florida
http://www.cio.com/archive/030100/intern_conten
Imperator said: Is it just me or is this guy subtly looking for a job?
--
You know damn right!
Yes, the shameless plug is that I am looking for a job. The good news is that I have a phone interview with a major computer gaming software developer come Monday. Wish me luck.
This guy has got this issue right on.
I worked for a computer gaming software development company called Maximum Charisma Studios in 2001-2002. I was the systems and network engineer, doing all of the production and corporate infrastructure -- desktops, servers, Microsoft, GNU/Linux, WAN and LAN networking.
Maximum Charisma actually produced their first software title called Fighting Legends to store shelves, which was a huge accomplishment considering that we were independent. We had Sony manufacture the CDs and a few other things, but we handled distribution. We outsourced some customer service agents for the anticipated needs of customers, but that was about it. The company consisted of about 30 people at it's height.
Fighting Legends was supposed to be a Multiplayer Online Real Time Strategy (MMORTS) game. It required a network connection that I metered out to be an average of something like 25Kbps bursting to 80Kbps per user for the persistent connection. Latency was a big issue, with the edge of enjoyment being about 250ms.
There was trouble with Fighting Legends. The big mistake was design. The game was designed poorly because the company was inexperienced. It lacked story, it lacked refinement of play, and it lacked fun. The game was not fun, so nobody played it. I know the actual statistics of how many players we had, how many at one time, etcetera, but I am not going to quote them. Instead I will just say that we didn't have enough.
The overhead to keep the company going without the subscription cost meeting the break even point is what killed the company. We could have gotten more money, we could have really cut down on spending, we could have probably made it for the second title if it was not for the overhead costs of Fighting Legends. It was the data center costs that were the killer -- $900 per month per cabinet, and about $5K+ per month for power data and other service costs.
Maximum Charisma took about 2.5 years of development time. The product was on the shelf on November 1st of 2001. The company called it quits on January 29th 2002, even though the servers stayed up for almost two months after.
Here are is a picture from Maximum Charisma Studios of our data cabinets. This is off of a 1.5Mbps VDSL line, so be wary. And don't even tell me about cable management. We got those 65 some odd servers out of box, software loaded, and in the rack within 72 hours. It was a break neck operation. As for the hardware costs of all of this equipment that you see, it was something like $450K -- I still have the receipts to prove it.
http://www.Opendreams.net/jesse/images/Maxim
Here is the Maximum Charisma death notice;
http://pc.ign.com/articles/354/354578p1.