I've had my box since Tuesday. Overall I'm very happy with it. It's inexpensive, and on my cable modem the quality is reasonable, though it will step down if I'm doing a big download.
The box works up to my expectations, with one exception... It's tied to the remote servers. In most cases, where you're watching a movie, this isn't really an issue.
However, I've had the box 5 days, and last night late the Netflix servers that hand out the video were down. We'll see how frequently that happens.
The other place it comes up is when you're seeking. It has a nice interface where you see stills go by as you are seeking forward or back, but once you select it you then have to wait for it to re-spool the data. Even if you seek forward 30 seconds (the buffer seems to hold several minutes) it will still take a while after seeking to start playing.
It's a great box, but as soon as they have one that I can stick an 8GB memory card in, or a hard drive, or the software for the PS-3, I'll be ready to switch.
By my calculations it's around 600 to 900MB/hour. So even a 2 or 4GB SD card should be able to do pretty nicely. Grab a full movie or two at full resolution, instead of having to stream it it could suck it down at a slower speed, seek more responsively, and hopefully not be so dependent on the Netflix server if it's down for a bit.
So, in short: I really like it, but I'm looking forward to the next rev.
In other words, for each internal host allow them to make 200 outbound SSH connections per minute (tracked individually). If they exceed that limit, log a message.
We then have a nagios plugin that checks for this message being in "dmesg". If it is, we get paged.
We watch the sites we host pretty closely, so we don't often run into them getting compromised. The last one was because a host admin re-enabled password logins in SSH *AND* set up a guest account with a password like "guest". Only the guest account was compromised, but I digress.
The thing is that people who compromise these hosts pretty much always use that host to scan for other hosts to attack. And looking for weak passwords on other hosts via SSH seems to be pretty common.
So, once we saw this it was a no-brainer to set up something to alert us when someone started doing it.
Ok, so I admit that my Roku box just arrived today, but it's just awesome. $9/month for the unlimited Internet watching. And then don't have to push around a bunch of plastic discs, keep discs in stock in case people want to watch them.
Netflix is positioned to become the next "cable company" without having to lay all this cable. You can pick what you want, when you want it, pause it, skip around, and given 15 seconds or so it will spool up the data and play a perfectly reasonable picture. And with no commercials...
I haven't had cable TV at home for the last decade, because it doesn't provide what I wanted. All I wanted recently was Heroes and Battlestar, but to get those two I had to buy 40 channels of other crap, including commercials.
Or I could just wait for it to come out on DVD. Or lately a bunch of us have been gathering at a friends place for it.
The installed base of DVD players is huge, but Netflix will already bring you the plastic disc, to your home, so it's only missing the ability to have an impulse buy the plastic disc.
For the $100 box, you have the ability to get what you want without having to wait for the disc to arrive, don't have to return it, and can watch all you can stand.
Netflix is poised to eat a lot of other folks lunch.
The DMCA actually encourages you to *NOT* verify the request is valid. As a service provider, the DMCA take-down basically says that if you take down the content immediately, you will be protected from being sued by the copyright holder.
You, as a service provider, probably cannot verify the claim in the time required by the take-down request. And if you do verify it and decide not to take it down, you are now opening up yourself to being sued.
So why doesn't someone send a butt-load of take-down requests to youtube? The reason is that a take-down notice requires you to swear that you have the rights to pursue legal action on the named copyrights.
If you submit a DMCA take-down for a work that you do not have copyright for, and the actual holder decides it's worth them to sue, they can get damages plus legal fees. So it's really a crap-shoot as far as whether someone actually *WILL* decide it's worth it to sue.
Now, if you do that against thousands of youtube videos, chances are that you will get sued, particularly as these people could all join forces and bring a class action suit.
Remember, the DMCA take-down notice is *SUPPOSED* to be used to say "I'm filing a suit against this guy, but having his material up is causing me harm, so you need to take it down pronto and that way you won't be open to being sued as well.
How it's *ACTUALLY* being used is to say "I want you to remove this other person's content, here's a document you'll recognize that has some legal weight behind it.
Over the last year my company has gotten two DMCA takedown notices. Neither one, as far as I can tell, actually had any intention of filing suit.
One was e-mailed to us requesting that a University site we host be removed. An Australian CMS software vendor hired someone to send out all these take-down notices. After some discussion with this person filing the take-down (it wasn't filled out properly, in a few small ways) he said he was contacting us because he couldn't contact the site owner. "You weren't able to contact a University?!?" "Well, actually, I didn't try, I can't afford to make international calls." Yes, this place filed a DMCA take-down to save the cost of a phone call.
Turns out the University *DID* have a license to the software, and had even contacted the vendor recently asking about whether they needed to renew the license and were told "no".
The other one was from a site that sells something, filed against a site we host which does reviews -- and had an unfavorable review. They claimed a copyright on the review. As far as we know, this place has never filed a suit.
Exactly who is expecting cell phone calls to be originating from Juipter? Is the government preparing to distract us with threats of terrorist activity on other planets?:-)
I propose we change the name DRM to "Digital Consumer Deterrent". I know, personally, that DRM has prevented my purchase of a whole slew of not only content, but also associated hardware. If we're going to let them change the name, let's use one that's a bit more honest.:-)
You can move a block of IP addresses, most sites will honor an advertisement of a/24 block, in my experience. With BGP you can cause this IP block to start getting routed to equipment in another part of the world. In other words, you can keep your DNS the same and cause the IP addresses to move. No DNS propagation time required. BGP changes can propagate in a minute or two, unless it's been flapping and remote routers have dampened the route.
The Wiimote is bluetooth, the PS3 controllers are bluetooth, why don't we have bowling and boxing, using the Wiimote, on the PS3? I mean, there is a driver for Linux to use the Wiimote, and the PS3 runs Linux, so...
The Wiimote and the games that use it are really the only part of the Wii that are at all interesting. The console itself is not that good, it's basically PS-2 generation horsepower and video. So why don't we have titles that support the option of using a Wiimote with the PS3?
Now, the PS3 has enough horsepower, and the Wii has little enough, that I wonder how hard it would be to build a Wii emulator for the PS3. Who would support this effort? How about the games companies who aren't selling anywhere near their potential because people like me haven't been able to get a console for the last 5 months? Seems like they'd have a pretty stong incentive...
I say this in part because in December I was quite hot to get a Wii, specifically for this set of holiday parties we have. However, I've seen a Wii in the stores *ONCE* since November. At the time (January) I thought "Oh, the supply problems are over", but I haven't seen them in the stores since then.
I run a small ISP hosting mostly dedicated servers. These servers pretty much all expect to have the ability to send outbound e-mail. We monitor and maintain these servers pretty closely, but sometimes a mistake by a client allows a machine to be used for sending spam and doing remote SSH compromise attempts. Those are our two biggest problems.
For example, one client set up a "demo" account with an extremely easy to guess password. This was compromised by a remote SSH brute-force client, and the account was then used to run that same attack program. Another instance involved awstats. A year or two ago, attackers were searching google for "awstats $VERSION", looking for specific versions that were vulnerable. We had gone through our client machines a month or two earlier looking for installed versions of awstats that were vulnerable, but this client had installed a vulnerable version after we had done the sweep.
The biggest spam problem has been with web forms that aren't properly checking their input, and can then be used to send spam to a bunch of recipients.
We act on every one of the spam reports we get that does not come from AOL. Well, except for the spamcop ones that are so vague as to be useless. We're registered with both AOL and spamcop to get alerts about problems with our IP ranges. I'm just about ready to dump AOL, because something about the AOL user interface makes users report as spam messages almost interchangably with "delete". We have clients who run legitimate e-mail lists, with double opt-in, so I'm assuming that users who start reporting these messages as spam simply are too lazy to unsubscribe from the list when they decide they no longer want to read it. Or perhaps they just are reporting messages on the list that they aren't interested in. The AOL reports produce so much noise that it's almost impossible to make use of.
But, at least the AOL reports include the full (nearly unchanged) messages that the user is reporting. Some of the spamcop reports are "We received 2 messages from this host to one of our spamtraps in the last 12 hours." Actually, they are quite a lot more terse than this. I realize why they're being vague, and this worries me, but what can I do about this sort of report? I can't even tell if the problem is originating from a list on this client's server (they host a lot of discussion lists about their mission) or if it came from an open web form. A mailing list means that somebody intentionally subscribed a list of addresses including a spamcop spamtrap, a violation of the AUP with us. A broken web form means that someone else is using the server to send spam, in a way we can shut down. Finally, it may be just a bounce message from some spam that was sent externally with the return address of this spamtrap.
I can't tell with that sort of report.
So, in short, these reports, if accurate, *ARE* acted upon by ISPs.
"Ever wanted to rip all your DVDs to a big network server [...]"
No, I want a butt-load of DVD jewel boxes occupying cabinet after cabinet in my living-room so they'll be convenient in the event I might want to watch one. This is much better than being stored in boxes in the basement, and streaming the content off a sever, also in the basement.
I have literally avoided buying DVDs in the past because I didn't want to increase the clutter of storage.
No, I'm no going to say you invoked Godwin's Law right at the top of the article...
I immediately thought of WW2 when I read the title. A Morse Code operator's style was called their "fist". German operators became quite adept at mimicing the fist of other operators, and using the fist to identify captured operators didn't work well. This is why they had other signals for identifying that an operator was not captured. Things that would look like a typographical or crypto error to a third party, but which was known to both the sender and receiver, and the absence of them would indicate capture. Of course, under stress, sometimes these were forgotten.
The book Silk and Cyanide has a great discussion of the fist and other identification techniques and how they failed and succeeded (mostly the former). Highly recommended.
The ISOs for Etch are already available at http://cdimage.debian.org/cdimage/release/4.0_r0/ Use the "bt-cd" or "bt-dvd" sub-directories for the torrents. The torrents are well seeded, I'm getting 3MB/sec (24mbps) download speeds right now.
The one thing I noticed at PyCon, where we had up to 340 people connected at one time, was that I never had to help a single person get connected who was using 802.11a. Literally not a single person. I had to help plenty of people running 802.11b/g. While 802.11a has worse propagation, it's probably worth at least trying to see how coverage is. It's definitely not true that 802.11a won't penetrate walls, because at one point we were using WDS to go from one conference room through a few walls and down a hallway to provide the back-haul for an 802.11b+g AP that was covering the bar (and lobby and restaurant, but mostly the bar:-)
One other thing to try is pushing your RTS way down. I explain more about what this does in my article on the networking at PyCon (http://www.tummy.com/Community/Articles/pycon2007 -network/), but it can really help. It's a client-side setting.
In our case, we had 24 APs in a relatively small area, serving up to 340 people at a time, so lots of people *CAN* co-exist on a wireless network at the same time, but we designed the whole network, something your neighbors may not be interested in doing. Though, if they're getting as bad service as you are, they may welcome the help in fine-tuning things.
The first thing though: Make sure you aren't running on channel 6. If you have two APs, I'd set one up for 1 and one for 11, both with the same ESSID and both on the same network. I'd use low-gain antennas, and put trivial WEP keys on them to keep other people from bringing down the upstream connection with file sharing, worms, or viruses.
In the comments are some strings that one writer of theirs expects to find on their site when searching google, but didn't. I just searched for the "jgoodies data binding" and their site comes up the 7th top level listing on the first results page.
It seems to me that google worked perfectly here. When 50,000 spam and phishing messages were posted to that site, the ranking of it went way down. When they cleaned them up, the site ranking came back.
What, would the site owners have google preserve their site ranking even though the content on the site went in the toilet? As a google user, I'm quite happy that google de-listed these folks for a bit, because otherwise these and other searches would have been severely polluted.
ZFS checksums everything on the file-system. If you are using RAID-Z with ZFS, it can detect corruption of the underlying data and correct it. For exmample, if you have a RAID-Z+ZFS with 3 drives, you can "dd if=/dev/urandom of=/dev/sdX" and then do a "zpool scan" and it will figure out what was corrupted and fix it. This is one of the standard demos they show with ZFS.
This is great. Previously I had implemented a fax archive for a client and it was getting corrupted periodically because of some ext3 file-system bugs. Luckily, I had put file checksums in place, and we could generate a report on corrupted files daily, so we could pull them back from the backups.
Have you tried installing the Debian or Fedora Service Packs?
Sean
Hardware and software...
on
Leopard Vs. Vista
·
· Score: 2, Interesting
"Windows is only half of what's wrong with the PC as a product."
Yeah, but hardware is at least half of why I haven't gotten a Mac. I don't *LIKE* the touchpad, I have both the touchpad and the clitmouse on my laptop and I finally disabled the touchpad because it got in my way more than I used it. I also have a built-in fingerprint reader, and am quite fond of using it for 2-factor authentication. For anything but play, I wouldn't go back to a machine without it. Sure, I could carry a mouse and fingerprint reader, but I don't *LIKE* mice, and really don't need more crap to carry.
Combine that with a friend with a Power Book complaining about how the pretty from part of the palm rest is too "sharp" and bothers his wrists, where mine has a nice 30 degree on-ramp, and the nifty metal cases on the Power Books significantly cuts down on WiFi range...
I know that Apple wants to both simplify their software support requirements, and continue to get revenue from hardware sales. However, they're cutting themselves off from software revenues by requiring it to be used on their hardware. I'd have bought and tried on a spare laptop already if I had the option.
It boils down to this: If Apple's hardware is so fantastic, why do they feel that the only way they can compete is by forcing people to use it? What are they afraid of?
Get a normal Linux box with 1 or maybe a few ethernet ports (you can bond them together, if you like), and then connect a 48-port switch that supports VLANing. Set up the ports to the Linux box to pass all 40+ VLANs tagged, and then set the ports that are not connected to the Linux box as untagged ports. You now have each of the switch ports effectively as an interface on the Linux machine.
I've done this for cases where I needed a small machine to run with more ethernet ports than it's actually got. Works great.
I have successfully blocked comment spam by rejecting messages with http:/// in them. Most of the spam contains links, so this can be extremely effective. Maybe on the site in question, reject anonymous posts that have http links in them, and if you have a site you need to post, you have to get an account.
For my business, we have our servers located at our class-A facility, where we run BGP and have connectivity to multiple carriers, generators, redundant A/C, etc. For our office, we have cable and DSL. We run our VoIP over the DSL, which is just a slight annoyance if it goes down. Our Internet goes over the cable, and if it goes down a simple script on the Linux firwall switches over to the DSL. I don't think we've ever had both down at the same time, though we do have a couple of outages on each every year.
I'd say that two cheap connections beat any "business class" connection, but that's only if you don't host services in-house. If you host public services in-house, stop. The majority of companies I see doing this really should not be. There are some cases where it makes sense, but a lot where it doesn't.
For example, we have a client that had a T1 that kept going down on them. We offered to host their two servers in our facility, including hardware and management, for $300/month. Instead, they added a second T1 for $500/month. But they never set up anything for doing BGP or otherwise switching between the lines because they didn't want to pay anything more. Of course, their T1 continues to go down regularly, and their second T1 does nothing for them.
So, I'd recommend cheap consumer connectivity, preferably via different sources (like cable, wireless, DSL over POTS) for diversity, and then switch between them to get to your servers.
Many, many site require that you answer some of these questions. It would
be ok if it were optional, but in many cases it's required. The thing is
that many sites really have no legitimate need to having password changing
functionality in the site.
For example, at most online shopping sites, I'm having to create an account
I don't really want, and provide this "secret" information, to a site I'll
probably never visit again. Or if I do, I'd rather enter all my shipping
information again than have to remember a password.
For most sites, if your password for the site isn't valuable enough to you
that you keep it safe, then there's probably no reason that you couldn't
just start over with a new account. For the sites that do have stuff
that's interesting enough that you need a password recovery, the security
of a password reminder probably isn't sufficient.
One thing you can do, is use a password vault and use another password for
the questions they ask. My mother's maiden name? It's "avxQta6TNIwqqKAxqOGHRo6xdZP6bJYyo3BoBRmh".
One "trick" they use is that in our area (Colorado, QWest), the DSL speed rates they quote are all the ATM frame rates. ATM has around 20% overhead, so this means that a 1.5mbps line will give you more around 1.25mbps throughput.
I don't recall that I've ever gotten anything less than that on DSL across the line. I've run routers handling the "megacentral", the ISP end of the DSL connection, and have had more than a bit of opportunity to test DSL connection performance.
As far as cable, we have Comcast in this area, and are paying for the higher service level. I do notice that when the school year starts, we tend to have performance issues for a month or two. This has happened on several occasions. So, instead of 6 to 8mbps (they recently upgraded to 8mbps, before that it was 6), we get more like 3 to 4. Annoying, but not a huge issue.
I have noticed that on the Comcast sales literature, they say "N mbps *" where the * links to something saying "No guarantees".
However, most of the time I'm able to get 8mbps, when the remote end can handle it. I have servers hosted at a location where I know I have plenty of bandwidth. I just downloaded the Ubuntu Dapper ISO over cable:
730740736 bytes transferred in 710 seconds (1005.4K/s)
So, that's right at 8mbps. This is not unusual.
It's important to realize that there are several places where there could be performance issues though. The line, the directly connected ISP bandwidth, the server you're downloading from, and everything in between.
Winging at your ISP for problems which are outside their control isn't going to be helping anyone. If you are downloading Dapper right now via FTP from the main site, the server is almost certainly not going to be able to handle 8mbps.
Another thing I'd wonder is whether maybe your grandmother might have a virus or two, or perhaps there's some file-sharing going on? All these lines have a fraction of the upstream bandwidth that they do down. If you are pushing out much data, it interferes with incoming data. If you do any performance testing, make SURE that you don't have anything else using it, either outgoing or incoming.
On production systems it's much more important that the servers are all close to each other, not so much that they are close to NIST time. So, don't care so much that your servers are stratum 2 or 3, set up a couple of sources and then sync the rest of your boxes to them. I'd rather have all my machines be one second off but the same one second off, than have them all be closer to real time with larger differences between them.
Also, one thing about the time on earth changing that I didn't realize before. Damming water is one of the few activities that has changed the rotation speed of the earth, I've been told. Because it collects large masses of water further from the equater.
And if you don't want to buy a GPS, the guy responsible for the NIST time standard at NIST Boulder says that syncing your clock once a day via phone from one of their services is good enough to be considered stratum 1.
One final time note... We used to hold our LUG meetings at NIST. One time during a meeting, their official digital clocks stopped for the better part of a minute, and then ran quickly to catch up.
Slashdot Mirror
I've had my box since Tuesday. Overall I'm very happy with it. It's inexpensive, and on my cable modem the quality is reasonable, though it will step down if I'm doing a big download.
The box works up to my expectations, with one exception... It's tied to the remote servers. In most cases, where you're watching a movie, this isn't really an issue.
However, I've had the box 5 days, and last night late the Netflix servers that hand out the video were down. We'll see how frequently that happens.
The other place it comes up is when you're seeking. It has a nice interface where you see stills go by as you are seeking forward or back, but once you select it you then have to wait for it to re-spool the data. Even if you seek forward 30 seconds (the buffer seems to hold several minutes) it will still take a while after seeking to start playing.
It's a great box, but as soon as they have one that I can stick an 8GB memory card in, or a hard drive, or the software for the PS-3, I'll be ready to switch.
By my calculations it's around 600 to 900MB/hour. So even a 2 or 4GB SD card should be able to do pretty nicely. Grab a full movie or two at full resolution, instead of having to stream it it could suck it down at a slower speed, seek more responsively, and hopefully not be so dependent on the Netflix server if it's down for a bit.
So, in short: I really like it, but I'm looking forward to the next rev.
Sean
I've been running the following iptables rules on our routers for at least the last year or two:
iptables -A ssh_attack -m hashlimit --hashlimit 200/min --hashlimit-mode srcip --hashlimit-name ssh_attack --hashlimit-htable-size 599 --hashlimit-htable-max 4096 -j RETURN
iptables -A ssh_attack -m limit --limit 1/sec --limit-burst 1 -j LOG --log-prefix "SSH-Attack:"
iptables -I FORWARD -o eth0 -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ssh_attack
In other words, for each internal host allow them to make 200 outbound SSH connections per minute (tracked individually). If they exceed that limit, log a message.
We then have a nagios plugin that checks for this message being in "dmesg". If it is, we get paged.
We watch the sites we host pretty closely, so we don't often run into them getting compromised. The last one was because a host admin re-enabled password logins in SSH *AND* set up a guest account with a password like "guest". Only the guest account was compromised, but I digress.
The thing is that people who compromise these hosts pretty much always use that host to scan for other hosts to attack. And looking for weak passwords on other hosts via SSH seems to be pretty common.
So, once we saw this it was a no-brainer to set up something to alert us when someone started doing it.
Sean
Ok, so I admit that my Roku box just arrived today, but it's just awesome. $9/month for the unlimited Internet watching. And then don't have to push around a bunch of plastic discs, keep discs in stock in case people want to watch them.
Netflix is positioned to become the next "cable company" without having to lay all this cable. You can pick what you want, when you want it, pause it, skip around, and given 15 seconds or so it will spool up the data and play a perfectly reasonable picture. And with no commercials...
I haven't had cable TV at home for the last decade, because it doesn't provide what I wanted. All I wanted recently was Heroes and Battlestar, but to get those two I had to buy 40 channels of other crap, including commercials.
Or I could just wait for it to come out on DVD. Or lately a bunch of us have been gathering at a friends place for it.
The installed base of DVD players is huge, but Netflix will already bring you the plastic disc, to your home, so it's only missing the ability to have an impulse buy the plastic disc.
For the $100 box, you have the ability to get what you want without having to wait for the disc to arrive, don't have to return it, and can watch all you can stand.
Netflix is poised to eat a lot of other folks lunch.
Sean
The DMCA actually encourages you to *NOT* verify the request is valid. As a service provider, the DMCA take-down basically says that if you take down the content immediately, you will be protected from being sued by the copyright holder.
You, as a service provider, probably cannot verify the claim in the time required by the take-down request. And if you do verify it and decide not to take it down, you are now opening up yourself to being sued.
So why doesn't someone send a butt-load of take-down requests to youtube? The reason is that a take-down notice requires you to swear that you have the rights to pursue legal action on the named copyrights.
If you submit a DMCA take-down for a work that you do not have copyright for, and the actual holder decides it's worth them to sue, they can get damages plus legal fees. So it's really a crap-shoot as far as whether someone actually *WILL* decide it's worth it to sue.
Now, if you do that against thousands of youtube videos, chances are that you will get sued, particularly as these people could all join forces and bring a class action suit.
Remember, the DMCA take-down notice is *SUPPOSED* to be used to say "I'm filing a suit against this guy, but having his material up is causing me harm, so you need to take it down pronto and that way you won't be open to being sued as well.
How it's *ACTUALLY* being used is to say "I want you to remove this other person's content, here's a document you'll recognize that has some legal weight behind it.
Over the last year my company has gotten two DMCA takedown notices. Neither one, as far as I can tell, actually had any intention of filing suit.
One was e-mailed to us requesting that a University site we host be removed. An Australian CMS software vendor hired someone to send out all these take-down notices. After some discussion with this person filing the take-down (it wasn't filled out properly, in a few small ways) he said he was contacting us because he couldn't contact the site owner. "You weren't able to contact a University?!?" "Well, actually, I didn't try, I can't afford to make international calls." Yes, this place filed a DMCA take-down to save the cost of a phone call.
Turns out the University *DID* have a license to the software, and had even contacted the vendor recently asking about whether they needed to renew the license and were told "no".
The other one was from a site that sells something, filed against a site we host which does reviews -- and had an unfavorable review. They claimed a copyright on the review. As far as we know, this place has never filed a suit.
This system is *BROKEN*.
Sean
Exactly who is expecting cell phone calls to be originating from Juipter? Is the government preparing to distract us with threats of terrorist activity on other planets? :-)
Sean
The last thing most of us need is one more damn thing that you need to keep charged.
Hello, AAA? Yeah, I'm in the supermarket parking lot and I need a jump-start...
Sean
I propose we change the name DRM to "Digital Consumer Deterrent". I know, personally, that DRM has prevented my purchase of a whole slew of not only content, but also associated hardware. If we're going to let them change the name, let's use one that's a bit more honest. :-)
Sean
You can move a block of IP addresses, most sites will honor an advertisement of a /24 block, in my experience. With BGP you can cause this IP block to start getting routed to equipment in another part of the world. In other words, you can keep your DNS the same and cause the IP addresses to move. No DNS propagation time required. BGP changes can propagate in a minute or two, unless it's been flapping and remote routers have dampened the route.
Sean
The Wiimote is bluetooth, the PS3 controllers are bluetooth, why don't we have bowling and boxing, using the Wiimote, on the PS3? I mean, there is a driver for Linux to use the Wiimote, and the PS3 runs Linux, so...
The Wiimote and the games that use it are really the only part of the Wii that are at all interesting. The console itself is not that good, it's basically PS-2 generation horsepower and video. So why don't we have titles that support the option of using a Wiimote with the PS3?
Now, the PS3 has enough horsepower, and the Wii has little enough, that I wonder how hard it would be to build a Wii emulator for the PS3. Who would support this effort? How about the games companies who aren't selling anywhere near their potential because people like me haven't been able to get a console for the last 5 months? Seems like they'd have a pretty stong incentive...
I say this in part because in December I was quite hot to get a Wii, specifically for this set of holiday parties we have. However, I've seen a Wii in the stores *ONCE* since November. At the time (January) I thought "Oh, the supply problems are over", but I haven't seen them in the stores since then.
Sean
I run a small ISP hosting mostly dedicated servers. These servers pretty much all expect to have the ability to send outbound e-mail. We monitor and maintain these servers pretty closely, but sometimes a mistake by a client allows a machine to be used for sending spam and doing remote SSH compromise attempts. Those are our two biggest problems.
For example, one client set up a "demo" account with an extremely easy to guess password. This was compromised by a remote SSH brute-force client, and the account was then used to run that same attack program. Another instance involved awstats. A year or two ago, attackers were searching google for "awstats $VERSION", looking for specific versions that were vulnerable. We had gone through our client machines a month or two earlier looking for installed versions of awstats that were vulnerable, but this client had installed a vulnerable version after we had done the sweep.
The biggest spam problem has been with web forms that aren't properly checking their input, and can then be used to send spam to a bunch of recipients.
We act on every one of the spam reports we get that does not come from AOL. Well, except for the spamcop ones that are so vague as to be useless. We're registered with both AOL and spamcop to get alerts about problems with our IP ranges. I'm just about ready to dump AOL, because something about the AOL user interface makes users report as spam messages almost interchangably with "delete". We have clients who run legitimate e-mail lists, with double opt-in, so I'm assuming that users who start reporting these messages as spam simply are too lazy to unsubscribe from the list when they decide they no longer want to read it. Or perhaps they just are reporting messages on the list that they aren't interested in. The AOL reports produce so much noise that it's almost impossible to make use of.
But, at least the AOL reports include the full (nearly unchanged) messages that the user is reporting. Some of the spamcop reports are "We received 2 messages from this host to one of our spamtraps in the last 12 hours." Actually, they are quite a lot more terse than this. I realize why they're being vague, and this worries me, but what can I do about this sort of report? I can't even tell if the problem is originating from a list on this client's server (they host a lot of discussion lists about their mission) or if it came from an open web form. A mailing list means that somebody intentionally subscribed a list of addresses including a spamcop spamtrap, a violation of the AUP with us. A broken web form means that someone else is using the server to send spam, in a way we can shut down. Finally, it may be just a bounce message from some spam that was sent externally with the return address of this spamtrap.
I can't tell with that sort of report.
So, in short, these reports, if accurate, *ARE* acted upon by ISPs.
Sean
"Ever wanted to rip all your DVDs to a big network server [...]"
No, I want a butt-load of DVD jewel boxes occupying cabinet after cabinet in my living-room so they'll be convenient in the event I might want to watch one. This is much better than being stored in boxes in the basement, and streaming the content off a sever, also in the basement.
I have literally avoided buying DVDs in the past because I didn't want to increase the clutter of storage.
Sean
No, I'm no going to say you invoked Godwin's Law right at the top of the article...
I immediately thought of WW2 when I read the title. A Morse Code operator's style was called their "fist". German operators became quite adept at mimicing the fist of other operators, and using the fist to identify captured operators didn't work well. This is why they had other signals for identifying that an operator was not captured. Things that would look like a typographical or crypto error to a third party, but which was known to both the sender and receiver, and the absence of them would indicate capture. Of course, under stress, sometimes these were forgotten.
The book Silk and Cyanide has a great discussion of the fist and other identification techniques and how they failed and succeeded (mostly the former). Highly recommended.
Sean
The ISOs for Etch are already available at http://cdimage.debian.org/cdimage/release/4.0_r0/
i 386/bt-dvd/debian-40r0-i386-DVD-1.iso.torrenti 386/bt-cd/debian-40r0-i386-CD-1.iso.torrenti 386/bt-cd/debian-40r0-i386-netinst.iso.torrent
a md64/bt-dvd/debian-40r0-amd64-DVD-1.iso.torrenta md64/bt-cd/debian-40r0-amd64-CD-1.iso.torrenta md64/bt-cd/debian-40r0-amd64-netinst.iso.torrent
Use the "bt-cd" or "bt-dvd" sub-directories for the torrents. The torrents are well seeded, I'm getting 3MB/sec (24mbps) download speeds right now.
A few useful torrent links:
i386:
http://cdimage.debian.org/cdimage/release/4.0_r0/
http://cdimage.debian.org/cdimage/release/4.0_r0/
http://cdimage.debian.org/cdimage/release/4.0_r0/
AMD 64:
http://cdimage.debian.org/cdimage/release/4.0_r0/
http://cdimage.debian.org/cdimage/release/4.0_r0/
http://cdimage.debian.org/cdimage/release/4.0_r0/
Sean
The one thing I noticed at PyCon, where we had up to 340 people connected at one time, was that I never had to help a single person get connected who was using 802.11a. Literally not a single person. I had to help plenty of people running 802.11b/g. While 802.11a has worse propagation, it's probably worth at least trying to see how coverage is. It's definitely not true that 802.11a won't penetrate walls, because at one point we were using WDS to go from one conference room through a few walls and down a hallway to provide the back-haul for an 802.11b+g AP that was covering the bar (and lobby and restaurant, but mostly the bar :-)
7 -network/), but it can really help. It's a client-side setting.
One other thing to try is pushing your RTS way down. I explain more about what this does in my article on the networking at PyCon (http://www.tummy.com/Community/Articles/pycon200
In our case, we had 24 APs in a relatively small area, serving up to 340 people at a time, so lots of people *CAN* co-exist on a wireless network at the same time, but we designed the whole network, something your neighbors may not be interested in doing. Though, if they're getting as bad service as you are, they may welcome the help in fine-tuning things.
The first thing though: Make sure you aren't running on channel 6. If you have two APs, I'd set one up for 1 and one for 11, both with the same ESSID and both on the same network. I'd use low-gain antennas, and put trivial WEP keys on them to keep other people from bringing down the upstream connection with file sharing, worms, or viruses.
Sean
In the comments are some strings that one writer of theirs expects to find on their site when searching google, but didn't. I just searched for the "jgoodies data binding" and their site comes up the 7th top level listing on the first results page.
It seems to me that google worked perfectly here. When 50,000 spam and phishing messages were posted to that site, the ranking of it went way down. When they cleaned them up, the site ranking came back.
What, would the site owners have google preserve their site ranking even though the content on the site went in the toilet? As a google user, I'm quite happy that google de-listed these folks for a bit, because otherwise these and other searches would have been severely polluted.
Sean
ZFS checksums everything on the file-system. If you are using RAID-Z with ZFS, it can detect corruption of the underlying data and correct it. For exmample, if you have a RAID-Z+ZFS with 3 drives, you can "dd if=/dev/urandom of=/dev/sdX" and then do a "zpool scan" and it will figure out what was corrupted and fix it. This is one of the standard demos they show with ZFS.
This is great. Previously I had implemented a fax archive for a client and it was getting corrupted periodically because of some ext3 file-system bugs. Luckily, I had put file checksums in place, and we could generate a report on corrupted files daily, so we could pull them back from the backups.
Sean
Have you tried installing the Debian or Fedora Service Packs?
Sean
"Windows is only half of what's wrong with the PC as a product."
Yeah, but hardware is at least half of why I haven't gotten a Mac.
I don't *LIKE* the touchpad, I have both the touchpad and the
clitmouse on my laptop and I finally disabled the touchpad because
it got in my way more than I used it. I also have a built-in
fingerprint reader, and am quite fond of using it for 2-factor
authentication. For anything but play, I wouldn't go back to a
machine without it. Sure, I could carry a mouse and fingerprint
reader, but I don't *LIKE* mice, and really don't need more crap
to carry.
Combine that with a friend with a Power Book complaining about how
the pretty from part of the palm rest is too "sharp" and bothers
his wrists, where mine has a nice 30 degree on-ramp, and the
nifty metal cases on the Power Books significantly cuts down
on WiFi range...
I know that Apple wants to both simplify their software support
requirements, and continue to get revenue from hardware sales.
However, they're cutting themselves off from software revenues
by requiring it to be used on their hardware. I'd have bought
and tried on a spare laptop already if I had the option.
It boils down to this: If Apple's hardware is so fantastic,
why do they feel that the only way they can compete is by
forcing people to use it? What are they afraid of?
Sean
Get a normal Linux box with 1 or maybe a few ethernet ports (you can bond them together, if you like), and then connect a 48-port switch that supports VLANing. Set up the ports to the Linux box to pass all 40+ VLANs tagged, and then set the ports that are not connected to the Linux box as untagged ports. You now have each of the switch ports effectively as an interface on the Linux machine.
I've done this for cases where I needed a small machine to run with more ethernet ports than it's actually got. Works great.
Sean
I have successfully blocked comment spam by rejecting messages with http:/// in them. Most of the spam contains links, so this can be extremely effective. Maybe on the site in question, reject anonymous posts that have http links in them, and if you have a site you need to post, you have to get an account.
Sean
That's one way to get around those pesky two term limits.
Sean
For my business, we have our servers located at our class-A facility, where we run BGP and have connectivity to multiple carriers, generators, redundant A/C, etc. For our office, we have cable and DSL. We run our VoIP over the DSL, which is just a slight annoyance if it goes down. Our Internet goes over the cable, and if it goes down a simple script on the Linux firwall switches over to the DSL. I don't think we've ever had both down at the same time, though we do have a couple of outages on each every year.
I'd say that two cheap connections beat any "business class" connection, but that's only if you don't host services in-house. If you host public services in-house, stop. The majority of companies I see doing this really should not be. There are some cases where it makes sense, but a lot where it doesn't.
For example, we have a client that had a T1 that kept going down on them. We offered to host their two servers in our facility, including hardware and management, for $300/month. Instead, they added a second T1 for $500/month. But they never set up anything for doing BGP or otherwise switching between the lines because they didn't want to pay anything more. Of course, their T1 continues to go down regularly, and their second T1 does nothing for them.
So, I'd recommend cheap consumer connectivity, preferably via different sources (like cable, wireless, DSL over POTS) for diversity, and then switch between them to get to your servers.
Sean
Many, many site require that you answer some of these questions. It would be ok if it were optional, but in many cases it's required. The thing is that many sites really have no legitimate need to having password changing functionality in the site.
For example, at most online shopping sites, I'm having to create an account I don't really want, and provide this "secret" information, to a site I'll probably never visit again. Or if I do, I'd rather enter all my shipping information again than have to remember a password.
For most sites, if your password for the site isn't valuable enough to you that you keep it safe, then there's probably no reason that you couldn't just start over with a new account. For the sites that do have stuff that's interesting enough that you need a password recovery, the security of a password reminder probably isn't sufficient.
One thing you can do, is use a password vault and use another password for the questions they ask. My mother's maiden name? It's "avxQta6TNIwqqKAxqOGHRo6xdZP6bJYyo3BoBRmh".
Sean
One "trick" they use is that in our area (Colorado, QWest), the DSL speed rates they quote are all the ATM frame rates. ATM has around 20% overhead, so this means that a 1.5mbps line will give you more around 1.25mbps throughput.
I don't recall that I've ever gotten anything less than that on DSL across the line. I've run routers handling the "megacentral", the ISP end of the DSL connection, and have had more than a bit of opportunity to test DSL connection performance.
As far as cable, we have Comcast in this area, and are paying for the higher service level. I do notice that when the school year starts, we tend to have performance issues for a month or two. This has happened on several occasions. So, instead of 6 to 8mbps (they recently upgraded to 8mbps, before that it was 6), we get more like 3 to 4. Annoying, but not a huge issue.
I have noticed that on the Comcast sales literature, they say "N mbps *" where the * links to something saying "No guarantees".
However, most of the time I'm able to get 8mbps, when the remote end can handle it. I have servers hosted at a location where I know I have plenty of bandwidth. I just downloaded the Ubuntu Dapper ISO over cable:
730740736 bytes transferred in 710 seconds (1005.4K/s)
So, that's right at 8mbps. This is not unusual.
It's important to realize that there are several places where there could be performance issues though. The line, the directly connected ISP bandwidth, the server you're downloading from, and everything in between.
Winging at your ISP for problems which are outside their control isn't going to be helping anyone. If you are downloading Dapper right now via FTP from the main site, the server is almost certainly not going to be able to handle 8mbps.
Another thing I'd wonder is whether maybe your grandmother might have a virus or two, or perhaps there's some file-sharing going on? All these lines have a fraction of the upstream bandwidth that they do down. If you are pushing out much data, it interferes with incoming data. If you do any performance testing, make SURE that you don't have anything else using it, either outgoing or incoming.
Hope this helps.
Sean
On production systems it's much more important that the servers are all close to each other, not so much that they are close to NIST time. So, don't care so much that your servers are stratum 2 or 3, set up a couple of sources and then sync the rest of your boxes to them. I'd rather have all my machines be one second off but the same one second off, than have them all be closer to real time with larger differences between them.
Also, one thing about the time on earth changing that I didn't realize before. Damming water is one of the few activities that has changed the rotation speed of the earth, I've been told. Because it collects large masses of water further from the equater.
And if you don't want to buy a GPS, the guy responsible for the NIST time standard at NIST Boulder says that syncing your clock once a day via phone from one of their services is good enough to be considered stratum 1.
One final time note... We used to hold our LUG meetings at NIST. One time during a meeting, their official digital clocks stopped for the better part of a minute, and then ran quickly to catch up.
Sean