Well, if I'd known Alan Cox was going to make such risky and suggestive public comments I'd have slapped him with a DMCA suit of my own so as to shut him up : Charge - accessory to Large Corporations in a conspiracy to violate the security and integrity of my systems and networks, copyright materials and trade secrets by method of concealment of tangible Risk Evaluation Information perpetrated by speaking aloud about the one evil use of this act that once said was too obviously juicy for the Corps not to use.:-)
I wonder if I could use the DMCA to sue HP or whoever for abetting and encouraging black - hat hackers, and effectively concealing from me the information and tools required to defend myself . . . only partially joking, i'm afraid . .
Overlooking Elementary Security
on
Triangle Boy Lives
·
· Score: 5, Insightful
. . .
Boy does this sort of advisory wind me up. FUD about users downloading applications, I've seen this on almost every pitch for expensive firwalls and security consultancy recently.
This ought to be so simple - do not allow users to have sufficient priviledges to install software!
Problem solved.
Okay, before I get flamed, this won't work for developer teams or your admins - for whom I merely suggest you can implement a draconian contract - i.e. fire anyone using any software not explicitly authorised (a minimum policy imo) and have a regular *external* audit.
Neither will this work for networks of Win9x clients, because you can't set appropriate secuirity policies. However you could always get SMS from M$$$$ or write your own scripts to call registry entries and check them against a permitted template so as to flag suspicious installations. At the end of the day it may even be worth upgrading your clients. Or just installing Linux and StarOffice, if you can, he he:). But with respect to upgrading even say from Win9x to Win2k, which ain't cheap, it's still probably less expensive than all the FUD claims - even the reality - of lost security and lost productivity from unauthorised use of your network resources and manpower.
Oh yeah, and you *do* only open ports explicitly at your firewall, not close off ports in response to the latest "advisory" don't you:-)
And I thought that Win2k support for smartcards was especially for remote authentication, say on a laptop. I'm not sure what you mean by physical access, perhaps local access?
You are partly right, no CAL is required for _anonymous_ access to Win2k. Reassuring isn't it?:-)
I should have clarified my point a bit - in a heterogenous LAN / WAN it's not always practical to use Win2k services for all authentication. Quite apart from the expense of CALs, replicating ActiveDirectory to LDAP is a complete PITA. At a considerable price you can buy meta - directory products e.g. from SUN One and Novell to accomplish this more easily. For many instances you simply do not need to deliver NT services such as file and print or authentication to _everyone_ so then a meta - directory starts to feel like over - kill. Having *nix based smartcard tools, sans CAL costs can be a major project boon, for obvious reasons.
Microsoft® Windows® 2000 Certificate Services offers customers an integrated public key infrastructure (PKI) that enables the secure exchange of information across the Internet, extranets, and intranets. Certificate Services verifies and authenticates the validity of each party involved in an electronic transaction and lets domain users log on to a domain using the additional security provided by smart cards.
And some evidence that they are inseparable can be found by a search for KB Q228831 "Cannot Overwrite Smart Card Key During Certificate Services Setup" at their site, which appears broken now.
A Laptop would not normally remote authenicate,except for web e.g., when on the move, so I don't see your point exactly, unless you mean that the laptop should be forced to call home to auth for OS login (useful to reduce risk damage from theft, and quite possible under Win2k). Smartcards are very useful for local access control under Win2k Workstation, standalone, which was my point. It's possible to use EFS to encrypt your data and locally install a X.509 cert locally to a machine, use that cert to authenticate your SSH sessions (hah!, finally back on topic:) and then use _without_ paying for more CAL's a neato smart card to secure _remote_ device access. Yup, there are subtle potential security flaws in that, as with any chain - of - systems but if your interest is not to move from machine to machine, and you keep an aggressive CRL for use with your SSH accounts, this idea is fairly useful, and way better than standard SSH + login and password. On a laptop especially you need every protection you can get:)
Hope that clears up any confusion arising from my tiredness last night. If you simply want to manage X.509 and CRLs, there are many third party or free tools to accomplish this. If you're just setting out, I recommend you spend your money and time learning how the infrastructure works, then worry about implementations later. Knowledge wil make you free of any ties to a particular OS, or at least save you from the worst rent charges;) For certs, he "X.509 style Guide" (sorry no link, Google is there for you), is a fine place to start. For some Smartcard background, take a gander here, for example : http://www.citi.umich.edu/projects/smartcard/
I'm curious as to why you went with 3rd party solutions for encryption and smartcard support instead of using Windows Server, which has those capabilities built in. Mostly I'm curious about the limitations of Windows Server products
Well for one thing, for every client that uses Windows Server for _authentication_ you have to pay up for an extra internet Client Access License. As far as I understand this (and I re- read the terms not so long back) that's each _individual_ client, not concurrent or pooled / proxied clients.
Win2k has excellent smartcard suport, out of the box, highly recommended to lock down _physical access_. But, if like me, you're interested in smartcard authentication for a fair number of users _remotely_ it may not be the best solution to work with your existing toolchain (e.g. Cygwin, OpenSSH etc.)
That's just what comes immediately to mind. I've not delved all I should, so further comment very welcome.
I'll just part with the thought that in your example of installing Certificate Services, if you used this to authenticate users for a web site in even a small installation, you could be talking about hundreds of required licenses. Up to you, though, of course:)
From that pdf you linked above, page 3, penultimate paragraph, er . . . I cite verbatim :
"It is all about transferring low-level intelligence to everyday products," says Friend, adding that in the not-too-distant-future,
"Your yogurt container will be able to tell the yogurt it should have been eaten a few days ago."
wtf is the yogurt supposed to do, complain to the person who bought it?
Beats the crap out of reading up on LEP display tech just thinking about that one . . .
I don't want to disagree with you - us Brits imo do seem to take a while to get stirred up, often too late, and often I look across the pond, enviously, at the sheer range of public interest activity . .
_but_ to some of us, nay a whole deal of us, the simple absense of constitution and connected individual rights is enough to scare up some action . .
However a fair deal of the action I am seeing now is Brit businesses looking to relocate (at least some, occasionally critical, functions) to jurisdictions with more enlightened or less draconian surveillance / privacy / censorship legal infrastructures. . .
I'm conscious that I am being deliberately provocative now, but if as a foreign national you wished to do something independantly, the best I can think of in real terms is to withold investment from the country, or lobby your business bureau to state its disinterest in trading with UK counterparties whose data, and consequently data concerning your business, is vulnerable to potentially arbitrary executive branch intercepts.
Investigative powers as they are proposed affect business, overseas subsidiaries, and potentially all data traversing or transiting the UK. The Gvmt here fails to realise, imo, the negative effect proposed legislation will have, risking economic pain and potential brain - drain.
The current Gvmt (Labour, since '97, and due an election, if you need the info) is especially fond of transferring legislative power to the executive. One only needs to cursorily observe the declining depth of parliamentary debates, and the increasing frequency of Statutory Instruments (executive or civil service rulings) which are utilised to specify the implementation of law which is only very broadly debated. In the absense of a bicameral system, the legislature and executive branches are vertically integrated - civil servants theoretically subordinate to the gvmt ministers are historically intentionally neutral. Current gvmt has been very keen to augment or replace these ranks with political appointees. The RIP Act is merely a function of a wider situation (undue political influence over executive) which is at last suddenly becoming sujet du jour in the UK, brought to light by some outstandingly dumb and offensive scandals, particularly in the transport department.
If you really want to help, there are many ways to lobby and assist, in however small a way it might result. In the sphere of electronic communications I should have thought (global transit wise at very least) that US enterprise should have some clout.
. .
Central Cooling?
on
Extreme Cooling
·
· Score: 3, Interesting
. . .
At work, people I know are more interested in the water cooling scene, hoping one day for quieter machines. . .
But now, with an external *piped* cooling device on the market, we're just waiting for the advent of building facility CPU cooling ducts, just like the air - con.
Yup, rent new office, bring in desk, plug CPU into cooling duct (obviously with your case and machine coming standard with a nice clean bit of plumbing), connect cat5 (or fiber, come on this is an _ideal_ office:) and go . ..
Final thought, is there any reliability gain to be had from using such a cooler and _not_ overclocking? Okay, I could probably answer that one if I tried, but it's breakfast time and I'm hungry . . .
What strikes me is that this settlement is irrelevant :
From discussion above, (Settlement - Legal Fees) / Complainants does not amount to a whole hill of beans for any individual, let alone even real compensation for the time and effort involved in fixing the settings which were hijacked. I agree also that the way that the complainants have to get a "receipt" for their troubles from another ISP is bumkum.
Okay, that notwithstanding, none of this has any benefit to the consuer _at large_ because it was a settlement between private parties.
If it had been a _ruling_ and some case law / precedent were set, then other companies planning this might have to take note and stop hijacking people's configurations.
Maybe I'm missing something about US law, but this strikes me as just a payoff to a few lawyers and a bunch of complainants who bothered to do their (pretty ridiculous) paperwork. If it's just a private settlement, there's nothing to say it will discourage anyone from using the same unplesant practises in future.
Oh well, since when did "public good" pay anyone's bills . . . .
Nice link, that Time.com article. Especially the bit about AOL-TW stock effectively valuing the AOL compnent at ZERO:) Just repeating some thoughts below, which seem on topic here and worth reposting :
To me it was always a story of AOL cashing out its funny money stock at the height of the internet boom. Many manias have come and passed, leaving a scorched trail of people who bought in too close to the last hurrah. My guess (since largely vindicated) was that Time - Warner was one such sucker.
Nevertheless, TW was desperately seeking growth, as a mature massive media business. It's much harder to grow incrementally the larger you get and still hit that year on year percentage target for your shareholders. TW's growth prospects were heavily tied to, e.g., newsprint subscriptions, and the internet boom looked then to be able to run and run.
As many corporations who have been out of fashion have found (think banks during the '70s, when all the "smart" money was in the conglomerate boom) out of fashion can quickly mean out of access to capital too, and print and press is desperately cyclical, and very capital intensive - worse even, tied to the sharp acceleration and decelleration of advertising which behaves exaggeratedly in synch with that most nebulous of economic indicators - sentiment.
Things change, and may get better for AOL - TW, but boy does it look tough for them for the forseeable.
Here's some selected quotes from recent Financial Times articles :
It's a sad indictment of much of mainstream press that which was - to me at least (and allowing I spend a good deal of my time studying speculative bubbles) - plain dang obvious, is only talked about now - after we've all been hit by the train. But then it's easy to go with the flow, ain't it?
P.S. Maybe someone still holding the stock should buy Gerald Levin (CEO at time of merger) a t-shirt with a slogan such as "I bought into the biggest merger ever, and all I got was this lousy CD-ROM". Okay, that's enough lame jokes from me . ..
To me it was always a story of AOL cashing out its funny money stock at the height of the internet boom. Many manias have come and passed, leaving a scorched trail of people who bought in too close to the last hurrah. My guess (since largely vindicated) was that Time - Warner was one such sucker.
Nevertheless, TW was desperately seeking growth, as a mature massive media business. It's much harder to grow incrementally the larger you get and still hit that year on year percentage target for your shareholders. TW's growth prospects were heavily tied to, e.g., newsprint subscriptions, and the internet boom looked then to be able to run and run.
As many corporations who have been out of fashion have found (think banks during the '70s, when all the "smart" money was in the conglomerate boom) out of fashion can quickly mean out of access to capital too, and print and press is desperately cyclical, and very capital intensive - worse even, tied to the sharp acceleration and decelleration of advertising which behaves exaggeratedly in synch with that most nebulous of economic indicators - sentiment.
Things change, and may get better for AOL - TW, but boy does it look tough for them for the forseeable.
Here's some selected quotes from recent Financial Times articles :
It's a sad indictment of much of mainstream press that which was - to me at least (and allowing I spend a good deal of my time studying speculative bubbles) - plain dang obvious, is only talked about now - after we've all been hit by the train. But then it's easy to go with the flow, ain't it?
Which piece of the original computer does the license go with, the hard drive?
I can answer that first one straight up : MS licenses software according to a complete configuration, usually specified according to model number.
Moreover, as I understand it, if Dell or whoever change *any* component specification, they have to seek a *new* license _every_ time this results in a materially different *system*. I understand that system is defined as mobo + processor, disks and ram et.c. don't have any effect. The system system (are you with me?:) is not mutually exclusive with the model number system of licensing - both seem to have simultaneous effect.
How do I know this?
Well a year or so back, I ordered up a bunch of IBM "M Pro" dual PIII/i840 machines for my company. Firstly, IBM were sharp enough to take our cash (yup that's cash by direct transfer to their account) stating they had shippable product. Rubbish. Weeks later we were still being fobbed off. So at that point I called the legal department at their regional HQ and pointed that they had a material breach of contract and had better sharpen up. We got our boxes pretty darn quick. But with NT4 loaded instead of Win2k. (we'd ordered W2k)
In trying to fix our fulfillment problems I had a direct line to their assembly/engineering management, so this info is near as dang it from the horses mouth. IBM couldn't just switch us a new license for Win2k. Moreover, once an OEM license is accepted by the end user (like when you power up and configure:) , you're bound by the same OEM terms. You are *supposed* to keep the base system.
Yup that sucks. FYI IBM set us up with a bunch of nice SCSI 18Gb 10k drives by way of apology, and the machines are rock solid, service since then good et.c. It was an interesting education.
As far as the real world goes - not that I advocate this - how exactly is MS going to be able to tell you replaced the whole underlying System?
If that made any sense to you, I guess it's a result! I'm too tired to unravel the rest of the gobbledygook that was pumped into my mind when I got irate and pressed for answers why I couldn't just get IBM to hand us the licenses we originally ordered.
Good luck to ya, hope the BSA doesn't catch you at anything you shouldn't be doing:-0
Well, I'm currently downloading the VMWare Virtual Disk Image of Plan 9. It says it's the latest version, let's see . . But at least that ought to solve any hcl problems;)
Erm, not really, there's AUX, oh and a little thing called NeXTStep and even UNIX for the Lisa (mention only). You might add MAE the Macintosh Application Environment which was written for Solaris and HP/UX, or to a far lesser extent (because it's hard to say that this was other than a split away organisation eventually subsumed by IBM and turned into frameworks for VisualAge amongst other things), the Taligent OO-OS initiative, which was targetted to interoperate with AIX at least at one stage in its life.
Since Jobs left Apple - 1988 iirc - Job's has been involved in UNIX on the desktop. It's no secret that the NeXT technologists / staffers supplanted the previous Apple corporate hierarchy.
My point is that Apple has a fair deal of relevant experience, and the NeXT - Apple merger is almost distant history, in corporate terms, when Be Inc. seemed to have a chance. And man, that feels a long time ago, even though it isn't _that_ long:)
is it only me, but when I clicked through to the frontpage link PerlBox.org I'm getting redirected to http://www.camelotnaturals.com/ a site selling herbal bath salts????
seriously, mod me down if I'm wrong (I can take it:) but this is silly, has someone effectively spammed the front page?
Can someone else check?
Could someone have switched on a redirect after the editors posted the story, for profit? Did the editors check?
Somehow I've checked this now 6 times, and I still have a problem with disbelief . . .
I once thought about what you say - same disks, different interfaces. Still, this doesn't explain the price differential, which is substantial between IDE and SCSI.
I've two answers to my own dilemma - either SCSI interface drives undergo far better tolerance checks and testing before they ship, which might explain a good deal of reliability or the drive manufacturers are gouging their SCSI customers.
I think that the real answer is a combination of the two factors. There's nothing wrong with many IDE drives (except the interface, for SCSI afficionados, of course) but SCSI drives have a much better record with everyone I've ever talked to. I bet most people with an important workstation of server consider the cost of SCSI (or FC/AL for that matter)drives a no - brainer as well as a small part of the overall machine cost / work performed value in any event. Companies and serious individuals are natural "suckers" for being sold robust but expensive kit. Just think in comparison a P4 Intel box versus a SUN Sunblade 2000. I know from experience that buying or building really nice Intel boxes soon shaves a whole load from the price advantage Intel has over other architectures.
I think the main comment I have is that IDE drives are majority sold to consumer markets (though I'd be interested to be corrected on that) whereas SCSI drives are mainly sold to a "professional" market. This really affects the whole price / quality focus of the manufacturers.
If I read this correctly, the reason why the EU local registries don't have their own root servers, and hence control over service levels is a historical issue.
Excerpting from the Internet Software Consortium's page, linked above - and please allow me to state that such a reference is anecdotal rather than given fact,
We then discussed potential candidates and found no volunteers in the AsiaPacific region, none in Africa and only one in Europe.
The "one in Europe" btw was NOT Nominet or another registrar, it was a guy working for LINX, the London INternet eXchange.
There's good reason for this, as late as the early 1990s, Europe was still thinking that X.500 was the way forward, and a large amount of resources from universities, telcos and local standards agencies was devoted to "interoperability" testing of X.500 directory services. What really happened was the standards lagged the implementations so badly that vendors and implementors went ahead and did their own thing, creating, as anyone who has dealt with X.500, a nightmare for inter -vendor interoperability. That created the space in which the InterNet and DNS / BIND could flourish. FWIW, LDAP is a (nor precisely, so please don't flame me, too large a subject for absolute accuracy here) derivative of X.400, itself a cut down form of X.500. Novell's eDirectory, which runs some of the largest sites (CNN.com, AOL messenger services) is itself a souped up LDAP implementation.
You can find a brief overview of X.500 and what the "authorities" in Europe were up to as late as 1990 and beyond in this history of X.500
I'm British born myself, but this all seems to me to be Euro - Whining. Particularly the UK's Nominet making an issue of this is absolutely BS. Nominet has, IMO, very sharp practises. If you "buy" a domain in the UK (domain.co.uk) via an ISP, Nominet maintains a "tag" linking your domain to the "provding" ISP, until another ISP takes it over. Domains _never_ go back into circulation when they expire. Nominet refuses, on the whole, unless you threaten or cajoule them with considerable effort, to "release" your domain because it states it will not get involved in contractual disputes between you and your ISP. Most UK ISPs make contracts which lock you in to your services and charge a considerable and hefty severance fee, usually buried in the small print. You _can_ get a "Neutral Tag" applied to a UK domain, if you pay GBP £80 for two years, which fee goes back to the ISPs who are members of Nominet, which is a for profit company, limited by guarantee, a rare form of UK company which offers very lax statutory reporting. Even though you _can_ do all this, I've had several clients now who've complained to Nominet, e.g. when their ISP is TU and no longer provides service, and Nominet tells them anyway that they can only deal with an ISP who is a member of Nominet. Obviously that's BS. But you can't register a domain in the UK for.co.uk and run your own DNS and maintain it under your own authority without a *lot* of expensive hassle, and possibly an attoney. You could hire me, of course, but this kind of work sucks, so I wouldn't offer it generally.
Sorry for that rant against Nominet, but it's Crocodile Tears time again and minus several million points for the Brits, as per usual.
Please follow the links above, investigate yourself . . .
Hey, flame / mod me away here - I deserve it because I've been looking for a thread in which to post this rejected story sub from a week ago . . But what the heck here it is anyway :
( I was originally going to say this post is well OT because of the distance limitations of the below, but what about using this transmission in a PA system at a stadium, or a train station, where volumes and hence transmission possibilities are greater / farther? And just how much is over the air networking really explored by companies? This story is already dang good and right where it hurts for community and campus networks, but if I were building this kit for business I'd be thinking that planning permission would be the area I'd be researching most. In other words, do the "amateurs" have a real chance at a lead in this technology, especially price / performance wise? After all, you and I personally *don't* have to make budgets for contingent liability just in case the town planning dept. gets difficult. I'm all for guerilla networks - take a look at the below . . )
Aerial Acoustic Communications
Network with just a pair of pc speakers and a $5 mic! This recent paper explains the theory and writes up the experiment.
This may not be the answer to all your needs - 1000bps was one of the best results - but the authors talk about short distance communications for PDAs, or a television using sound for remote control. The environmental noise against which the authors deployed Spread Spectrum techniques, and a reference to audio steganography make for interesting reading, and radio hams may appreciate the use of FSK. Is this the future, or just a hint that playing albums backwards wasn't really the way to get the message?
There's also a lecture video here which was held at PARC on 11/8/01. You can grab the stream as a file using ASF Recorder or you can read up on some applications musings here. Happy Listening . .
I don't see my email contact on any of/.s pages or my info page suddenly, even when I log out. So my email address is new500 at hotmail.com in case you need it:)
What exactly do you consider good, cheap or reliable?
Firstly though, how are those emails being "forwarded"? I presume they're just being relayed on from someone's MTA via an existing MX records in an active zone file, but I can't tell.
The cheapest service for this I've found comes bundled with registration from www.GANDI.net, a French company (good English though:) run by Linux geeks who'll charge you c. $17 p.a. for registration and mail / web forwarding. GANDI are primarily registrars, I've plugged them elsewhere, and recently I've been playing with their newly added service features as you'll see below . .
Beware email forwarding! The GANDI service, along with others puts a *limit* on the size of emails to be forwarded. GANDI limits to a useless 800k, other providers such as DomainDirect limit at 2MB, which is also often quite hopeless.
I really don't recommend DomainDirect now because they never respond to real obvious security concerns, such as passing clear text usr / pwd combinations via urls from non ssl pages. I have to deal with them for a client who is stuck with them pro - tem due to them being his OpenSRS reseller. I used to use them a while back, and until they started to be unresponsive, causing International direct calls to discover and resolve problems I liked these guys a lot. Heck, I even endorsed them for their testimonials page. Meanwhile, I'm just moving the OpenSRS domains bought via them to another registrar.
However if you really wanted to you could sign up to DomainDirect without them having control over your domain. Let them assign themselves as tech contact, add their nameservers and zone files for your domain, then replace their tech contact authority.
Doing something like I just suggested has pitfalls though, depending on how your registrar maintains NS entries. Here I have to give some respect to Network Solutions - they have the cleanest wasy to maintain NS entries because you can update these with them as you would like without any bother from your ISP or service provider. Don't flame me now, I *know* how hard it is to change authorities with NetSol registered domains if you're not the right contact! But other instances, such as the DomainDirect situation,, where they are also your OpenSRS reseller, and you're locked in to that arrangement because OpenSRS won't let you renew directly with them, only via your reseller, or even GANDI, are less good in actual fact than NetSol. This is because you can find yourself locked into a game of NS delegation. If you have a link between a registrar and a service provider, they seem always to play tricks to keep you using _them_ and only _them_ - or b*&^er off. I could go on, but I need to get to the beef in this post.
GANDI now throw in a DNS service, which appears reliable, and I've been testing what can be done with this - you can never have enough nameservers, even if like me, you'll have DNS hosted elsewhere as well!:) But beware, once you take up their "forwarding" option (you@yourdomain.com to you@yourisp.com) , the only way _after_this_ to correctly mod your DNS entries, say by adding an MX 20 or extra nameserver, appears to require taking yourself out their DNS, by *removing* their zone files, then starting again. So you'd get in the way of propagation delays whilst you make the change, with no chance to add extra NS in the meantime to pick up the traffic.
Naturally I'm contacting them to let them know my experience, and I guess they may correct this sharpish, but I was up _very_ late last night doing just that for a new domain - actually going the whole hog and just replacing their nameservers with mine in frustration, having not found my way to navigate how their web interface wants to do things. That kinda sucks, and I'd even say this was brain-dead, but otherwise their interface is really simple, and you can add A, MX, CNAME, NS entries straight up.
So another question is clearly : are you hosting your own DNS? And do you want more than one mailserver / MX entry? (for redundancy)
I really don't think that there's any possibility to just point an MX record at a regular ISP MTA, as sendmail or whatever is being used needs to accept mail from you@yourdomain.com and I take a bet no average ISP will do that for you.
Since you can tell I've been doing this recently, I have to say that I can fix something admirable for you if you mail me your situation, requests, number of accounts et.c.
This could be done two ways, I can get you hosted for POP3 and simple (not many entries) DNS for c. $95 pa This via my buddy who's helping me out installing and provisioning a nice new server for me. For a bit more, but not massively more, I could put you on my own host (which lives - or is to live, see below - on my associate's network, fire-walled yada yadda) and on iPlanet Messaging Server, which is one darn nice MTA and does IMAP, S/MIME CERT-auth, webmail over SSL with tricks like synching address books between MTA and webmail via ldap. iPlanet even does WAP for mobile phone access, but I'm only just looking into this option, and requirements for gateways, WML etc. right now. Cosmetic options can be added for a little more too - you could have your logos splattered on the webmail interface, since this appears doable according to the manuals (and I have a background in design so it'd look okay:)
If you don't know already, IMAP rocks as you're not forced to download every email to your client, your mail is kept in a database on the server, so you can use different clients with some impunity, not worrying to manually synch your inbox / outbox etc. However this means server storage space, so that would have to be agreed and set, and aspects such as this will affect the price to you. As we've not yet set any commercial pricing policy, this would have to be worked out ad hoc right now.
There is a caveat with the iPlanet arrangement - 1. Host arriving today, 2. being based in the UK, where corps honestly make it *hard* for you to buy stuff from them, I'm forced to wait for a physical delivery of media to get the serial number for iPlanet so as to generate a license. This crap wouldn't have happened if I'd been in the US, but SUN refuse Intl. customers from their online store. Gripe, grumble, rant. Seriously, I should have not bothered to get tangled with the UK sales outfits. For clarity, I'm London UK based (shortly to set up a coupla' small hosts here to replicate, provide fail-over for mail etc.) and my associate is in Virginia USA. So you can have two geographic points of contact for support / accounts / admin!:)
So to sum up, if you want quick and cheerful, maybe DNS also but happy with POP3, I'll pass you straight to my buddy. You'l have no problems, he's a true uber- geek with plenty years designing and managing large networks. That'll certainly be cheapest, and almost instant. For this I'll not get myself in the loop on that more than is necessary.
If you want something _nicer_ (iPlanet) you can have that too, and I'll go ahead and see how best I can arrange things for you. But what with Christmas business and all you may have to wait a moment. Or you could go the simple option and upgrade when everything is set, and we know your requirements.
Without a doubt, I had the same dang problem as you're asking about for a _long_ while, and the only way forward was to team up and - in the New Year - offer decent email on a small scale commercial basis, initially to people we know by reference.
Heck, I hope that answered some of your questions!:) Anything else just mail me (you'll have to edit my mail to get through, but I check that Hotmail account regularly, and will come back to you with my corp email address if you're serious) I'd post our website, but the dang thing is still getting it's zone files about the place, and it's premature to put up some promotional blurb. Good luck, however you choose!
Which is some company trying to make money from doing this. See the next page in their pitch : http://webprominence.co.uk/promotion/costs.htm
No w, if cloaking is easily defeated by a second bot, and the Googlebot has this, shouldn't they at least put _their_ own_ link in top slot just saying, "by the way, this kind of stuff is dishonest, misleading and doesn't work" [and thus possibly a fraud?]
Yeah, sure, no - one's going to do this for the n categories across 1.6bln indexed pages for every possible scam scam, but I'd have thought this kind of thing would be obvious "customer protection / advice" on Google's part. I'd _want_ people to know my search engine couldn't be scammed (at the very least by techniques I could defeat and I was indexing for a possible cheater)
On second thoughts, I'd be just as happy to let the lame would - be tricksters / cloakers whatever waste their money.
On the other hand, isn't it that kind of thought (as I just had) which has left the whole web / Internet up for grabs by the slickest over the dumbest and ultimately hurt the bright people who cared?
Moderation and meta - mod on the scale of the *web*???!!! Man, that'd sounds crazy to me. Slashdot scaled n - fold . . . Can't bear to think about it . . gotta go . . .
sincerest apologies for this, I got so carried away with the post above I somehow posted links for a different product's manuals:(.
by way of excuses, if you go here http://manuals.fujitsu-siemens.com/workstation.htm l to find the right bits and pieces they make you use some annoying java applet (where i clicked on the wrong fiddly bit), then (i double checked now, okay?:-) only offer the "Easy Guide" and "Getting Started" manuals in the end. Dang, I found the proper manual the other day, no idea how to find the link again. Didn't mean to get your hopes up there'd be some juicy info in the intended link, but I read the manual anyway and no mention of encrypting disks. sorry again if you looked in vain
But if you go to their rather elegant, but annoyingly Flash only presentation and click on "product" at the right and then "security" at the middle, up pops the words "Encrypted Hard Disk : The information stored on the hard disks cannot be read elsewhere even when connected to another computer"
This is one mean machine : 1.13GHz Mobile PIII - M, 5 Channel Dolby Digital out, Quadro 2 Go w/ 64MB vram and TwinView, 15.1" 1600*1200 display, firewire (but annoyingly as an either / or option for ethernet and modem), Detachable wireless keyboard which uses Bluetooth (but annoyingly it seems a proprietary conection), Smartcard reader, and so on.
Do check it out, however I've not even been able to get their UK branch to tell me how the encryption works, if hardware or software - whether EFS under Win00 add to this or make things worse e.g. and what to do if you absolutely *must* do a data recovery job, let alone for someone to quote me. Nor is there any info about the crypto disks in the manual [pdf] or the bios setup guide [pdf]
I've heard estimates this thing is $5K, and not likely to be sold direct in the US. Which is sad and silly of them. I figure more than a few people would get these, despite the tag and the relative bulk and weight.It looks darn good for its size ..
Even allowing for disk i/o being waay down on my UltraSCSI 160 desktop (but 1GB RAM might compensate a little:), in other aspects this is the first time I've though of a laptop as an *upgrade* (and I have a Quadro based Elsa card to boot, and _need_ that card to be there).
So someone get one to review or something. Laptop security is on of the most important issues out there for businesses. It's why Win 2000 Pro get's some respect in this field (EFS as standard), but laptop security in general is rarely well thought out or just plain hard to do.
This an option / aspect / feature I bet plenty other prople than just me want to know more about. It gets me wondering if this encrypted drive and access features (card and fingerprint) are bios level (there seem to be some bios only related aspects to protect bootup) and whether we migh see some *nix running happily on hardware like this, or whether there some annoying custom driver set involved. And no I've not found any drivers on the support site which look like they're suspects as of yet . . Man, would I like to talk to someone who actually has one of these blah blah rant etc.
== Idle Random Thoughts. Usual Disclaimer Apply ==
UnixHub also has relevant short pieces e.g. on SparcBooks which may also be of interest. Look a little down the main page past the updates to the links on the left.
Disclaimer - I know the guy who runs the site.
Disclaimer - I hope he's not/.'d. You can read the reasons why (SDSL) on his site;)
Just in case no one's already mentioned it SunHelp.org is also a very handy site.
Slashdot Mirror
. . .
might already be redundant, but here goes :
A US university is investigating claims a porn film was shot in one of its halls of residence.
. . .
. . .
Well, if I'd known Alan Cox was going to make such risky and suggestive public comments I'd have slapped him with a DMCA suit of my own so as to shut him up : Charge - accessory to Large Corporations in a conspiracy to violate the security and integrity of my systems and networks, copyright materials and trade secrets by method of concealment of tangible Risk Evaluation Information perpetrated by speaking aloud about the one evil use of this act that once said was too obviously juicy for the Corps not to use. :-)
I wonder if I could use the DMCA to sue HP or whoever for abetting and encouraging black - hat hackers, and effectively concealing from me the information and tools required to defend myself . . . only partially joking, i'm afraid . .
. . .
Boy does this sort of advisory wind me up. FUD about users downloading applications, I've seen this on almost every pitch for expensive firwalls and security consultancy recently.
This ought to be so simple - do not allow users to have sufficient priviledges to install software!
Problem solved.
Okay, before I get flamed, this won't work for developer teams or your admins - for whom I merely suggest you can implement a draconian contract - i.e. fire anyone using any software not explicitly authorised (a minimum policy imo) and have a regular *external* audit.
Neither will this work for networks of Win9x clients, because you can't set appropriate secuirity policies. However you could always get SMS from M$$$$ or write your own scripts to call registry entries and check them against a permitted template so as to flag suspicious installations. At the end of the day it may even be worth upgrading your clients. Or just installing Linux and StarOffice, if you can, he he :). But with respect to upgrading even say from Win9x to Win2k, which ain't cheap, it's still probably less expensive than all the FUD claims - even the reality - of lost security and lost productivity from unauthorised use of your network resources and manpower.
Oh yeah, and you *do* only open ports explicitly at your firewall, not close off ports in response to the latest "advisory" don't you :-)
. . .
You are partly right, no CAL is required for _anonymous_ access to Win2k. Reassuring isn't it? :-)
I should have clarified my point a bit - in a heterogenous LAN / WAN it's not always practical to use Win2k services for all authentication. Quite apart from the expense of CALs, replicating ActiveDirectory to LDAP is a complete PITA. At a considerable price you can buy meta - directory products e.g. from SUN One and Novell to accomplish this more easily. For many instances you simply do not need to deliver NT services such as file and print or authentication to _everyone_ so then a meta - directory starts to feel like over - kill. Having *nix based smartcard tools, sans CAL costs can be a major project boon, for obvious reasons.
As I understand it, contrary to your asertion, Cert Services under Win2k offers X.509 support for the web _and_ smartcard services. Integration is the key - either a massive boon if you wish to standardise, or a liability with the licensing cops if you mix up your distinctions :). Here's a quote http://www.microsoft.com/technet/treeview/default. asp?url=/TechNet/prodtechnol/windows2000serv/deplo y/depopt/2000cert.asp :
And some evidence that they are inseparable can be found by a search for KB Q228831 "Cannot Overwrite Smart Card Key During Certificate Services Setup" at their site, which appears broken now.
A Laptop would not normally remote authenicate,except for web e.g., when on the move, so I don't see your point exactly, unless you mean that the laptop should be forced to call home to auth for OS login (useful to reduce risk damage from theft, and quite possible under Win2k). Smartcards are very useful for local access control under Win2k Workstation, standalone, which was my point. It's possible to use EFS to encrypt your data and locally install a X.509 cert locally to a machine, use that cert to authenticate your SSH sessions (hah!, finally back on topic :) and then use _without_ paying for more CAL's a neato smart card to secure _remote_ device access. Yup, there are subtle potential security flaws in that, as with any chain - of - systems but if your interest is not to move from machine to machine, and you keep an aggressive CRL for use with your SSH accounts, this idea is fairly useful, and way better than standard SSH + login and password. On a laptop especially you need every protection you can get :)
Hope that clears up any confusion arising from my tiredness last night. If you simply want to manage X.509 and CRLs, there are many third party or free tools to accomplish this. If you're just setting out, I recommend you spend your money and time learning how the infrastructure works, then worry about implementations later. Knowledge wil make you free of any ties to a particular OS, or at least save you from the worst rent charges ;) For certs, he "X.509 style Guide" (sorry no link, Google is there for you), is a fine place to start. For some Smartcard background, take a gander here, for example : http://www.citi.umich.edu/projects/smartcard/
. . .
Well for one thing, for every client that uses Windows Server for _authentication_ you have to pay up for an extra internet Client Access License. As far as I understand this (and I re- read the terms not so long back) that's each _individual_ client, not concurrent or pooled / proxied clients.
Win2k has excellent smartcard suport, out of the box, highly recommended to lock down _physical access_. But, if like me, you're interested in smartcard authentication for a fair number of users _remotely_ it may not be the best solution to work with your existing toolchain (e.g. Cygwin, OpenSSH etc.)
That's just what comes immediately to mind. I've not delved all I should, so further comment very welcome.
I'll just part with the thought that in your example of installing Certificate Services, if you used this to authenticate users for a web site in even a small installation, you could be talking about hundreds of required licenses. Up to you, though, of course :)
. . .
From that pdf you linked above, page 3, penultimate paragraph, er . . . I cite verbatim :
wtf is the yogurt supposed to do, complain to the person who bought it?
Beats the crap out of reading up on LEP display tech just thinking about that one . . .
. .
I don't want to disagree with you - us Brits imo do seem to take a while to get stirred up, often too late, and often I look across the pond, enviously, at the sheer range of public interest activity . .
_but_ to some of us, nay a whole deal of us, the simple absense of constitution and connected individual rights is enough to scare up some action . .
However a fair deal of the action I am seeing now is Brit businesses looking to relocate (at least some, occasionally critical, functions) to jurisdictions with more enlightened or less draconian surveillance / privacy / censorship legal infrastructures. . .
I'm conscious that I am being deliberately provocative now, but if as a foreign national you wished to do something independantly, the best I can think of in real terms is to withold investment from the country, or lobby your business bureau to state its disinterest in trading with UK counterparties whose data, and consequently data concerning your business, is vulnerable to potentially arbitrary executive branch intercepts.
Investigative powers as they are proposed affect business, overseas subsidiaries, and potentially all data traversing or transiting the UK. The Gvmt here fails to realise, imo, the negative effect proposed legislation will have, risking economic pain and potential brain - drain.
The current Gvmt (Labour, since '97, and due an election, if you need the info) is especially fond of transferring legislative power to the executive. One only needs to cursorily observe the declining depth of parliamentary debates, and the increasing frequency of Statutory Instruments (executive or civil service rulings) which are utilised to specify the implementation of law which is only very broadly debated. In the absense of a bicameral system, the legislature and executive branches are vertically integrated - civil servants theoretically subordinate to the gvmt ministers are historically intentionally neutral. Current gvmt has been very keen to augment or replace these ranks with political appointees. The RIP Act is merely a function of a wider situation (undue political influence over executive) which is at last suddenly becoming sujet du jour in the UK, brought to light by some outstandingly dumb and offensive scandals, particularly in the transport department.
If you really want to help, there are many ways to lobby and assist, in however small a way it might result. In the sphere of electronic communications I should have thought (global transit wise at very least) that US enterprise should have some clout.
. .
. . .
At work, people I know are more interested in the water cooling scene, hoping one day for quieter machines. . .
But now, with an external *piped* cooling device on the market, we're just waiting for the advent of building facility CPU cooling ducts, just like the air - con.
Yup, rent new office, bring in desk, plug CPU into cooling duct (obviously with your case and machine coming standard with a nice clean bit of plumbing), connect cat5 (or fiber, come on this is an _ideal_ office :) and go . . .
Final thought, is there any reliability gain to be had from using such a cooler and _not_ overclocking? Okay, I could probably answer that one if I tried, but it's breakfast time and I'm hungry . . .
. .
Okay, it's 5am and I may not be 100% :)
What strikes me is that this settlement is irrelevant :
From discussion above, (Settlement - Legal Fees) / Complainants does not amount to a whole hill of beans for any individual, let alone even real compensation for the time and effort involved in fixing the settings which were hijacked. I agree also that the way that the complainants have to get a "receipt" for their troubles from another ISP is bumkum.
Okay, that notwithstanding, none of this has any benefit to the consuer _at large_ because it was a settlement between private parties.
If it had been a _ruling_ and some case law / precedent were set, then other companies planning this might have to take note and stop hijacking people's configurations.
Maybe I'm missing something about US law, but this strikes me as just a payoff to a few lawyers and a bunch of complainants who bothered to do their (pretty ridiculous) paperwork. If it's just a private settlement, there's nothing to say it will discourage anyone from using the same unplesant practises in future.
Oh well, since when did "public good" pay anyone's bills . . . .
. . .
Yup, an Antonov is what you want to ship your new toy :
This page shows an Antonov ASTC actually carrying piggy-back a CCCR / USSR Shuttle.
Think your shuttle is big, then check the relative size of the An-225 Super Heavy Transport.
Happy shopping!
. . .
Nice link, that Time.com article. Especially the bit about AOL-TW stock effectively valuing the AOL compnent at ZERO :) Just repeating some thoughts below, which seem on topic here and worth reposting :
To me it was always a story of AOL cashing out its funny money stock at the height of the internet boom. Many manias have come and passed, leaving a scorched trail of people who bought in too close to the last hurrah. My guess (since largely vindicated) was that Time - Warner was one such sucker.
Nevertheless, TW was desperately seeking growth, as a mature massive media business. It's much harder to grow incrementally the larger you get and still hit that year on year percentage target for your shareholders. TW's growth prospects were heavily tied to, e.g., newsprint subscriptions, and the internet boom looked then to be able to run and run.
As many corporations who have been out of fashion have found (think banks during the '70s, when all the "smart" money was in the conglomerate boom) out of fashion can quickly mean out of access to capital too, and print and press is desperately cyclical, and very capital intensive - worse even, tied to the sharp acceleration and decelleration of advertising which behaves exaggeratedly in synch with that most nebulous of economic indicators - sentiment.
Things change, and may get better for AOL - TW, but boy does it look tough for them for the forseeable.
Here's some selected quotes from recent Financial Times articles :
But broadband is different. Anyone buying a high-speed internet access over a cable system, for instance, will already be paying for the cable company's own ISP. Why pay for AOL as well
The logic of the synergies, and the merger itself, have failed. . . . shareholders consistently fail to restrain management from empire-building. . . a fine example of hope triumphing over reason . . .AOL used its overvalued paper to buy some real assets . . .Those loyal to Time Warner shares have underperformed the media sector by more than 60 per cent.
It's a sad indictment of much of mainstream press that which was - to me at least (and allowing I spend a good deal of my time studying speculative bubbles) - plain dang obvious, is only talked about now - after we've all been hit by the train. But then it's easy to go with the flow, ain't it?
P.S. Maybe someone still holding the stock should buy Gerald Levin (CEO at time of merger) a t-shirt with a slogan such as "I bought into the biggest merger ever, and all I got was this lousy CD-ROM". Okay, that's enough lame jokes from me . . .
. . .
To me it was always a story of AOL cashing out its funny money stock at the height of the internet boom. Many manias have come and passed, leaving a scorched trail of people who bought in too close to the last hurrah. My guess (since largely vindicated) was that Time - Warner was one such sucker.
Nevertheless, TW was desperately seeking growth, as a mature massive media business. It's much harder to grow incrementally the larger you get and still hit that year on year percentage target for your shareholders. TW's growth prospects were heavily tied to, e.g., newsprint subscriptions, and the internet boom looked then to be able to run and run.
As many corporations who have been out of fashion have found (think banks during the '70s, when all the "smart" money was in the conglomerate boom) out of fashion can quickly mean out of access to capital too, and print and press is desperately cyclical, and very capital intensive - worse even, tied to the sharp acceleration and decelleration of advertising which behaves exaggeratedly in synch with that most nebulous of economic indicators - sentiment.
Things change, and may get better for AOL - TW, but boy does it look tough for them for the forseeable.
Here's some selected quotes from recent Financial Times articles :
But broadband is different. Anyone buying a high-speed internet access over a cable system, for instance, will already be paying for the cable company's own ISP. Why pay for AOL as well
The logic of the synergies, and the merger itself, have failed. . . . shareholders consistently fail to restrain management from empire-building. . . a fine example of hope triumphing over reason . . .AOL used its overvalued paper to buy some real assets . . .Those loyal to Time Warner shares have underperformed the media sector by more than 60 per cent.
It's a sad indictment of much of mainstream press that which was - to me at least (and allowing I spend a good deal of my time studying speculative bubbles) - plain dang obvious, is only talked about now - after we've all been hit by the train. But then it's easy to go with the flow, ain't it?
. . .
Which piece of the original computer does the license go with, the hard drive?
I can answer that first one straight up : MS licenses software according to a complete configuration, usually specified according to model number.
Moreover, as I understand it, if Dell or whoever change *any* component specification, they have to seek a *new* license _every_ time this results in a materially different *system*. I understand that system is defined as mobo + processor, disks and ram et.c. don't have any effect. The system system (are you with me? :) is not mutually exclusive with the model number system of licensing - both seem to have simultaneous effect.
How do I know this?
Well a year or so back, I ordered up a bunch of IBM "M Pro" dual PIII/i840 machines for my company. Firstly, IBM were sharp enough to take our cash (yup that's cash by direct transfer to their account) stating they had shippable product. Rubbish. Weeks later we were still being fobbed off. So at that point I called the legal department at their regional HQ and pointed that they had a material breach of contract and had better sharpen up. We got our boxes pretty darn quick. But with NT4 loaded instead of Win2k. (we'd ordered W2k)
In trying to fix our fulfillment problems I had a direct line to their assembly/engineering management, so this info is near as dang it from the horses mouth. IBM couldn't just switch us a new license for Win2k. Moreover, once an OEM license is accepted by the end user (like when you power up and configure :) , you're bound by the same OEM terms. You are *supposed* to keep the base system.
Yup that sucks. FYI IBM set us up with a bunch of nice SCSI 18Gb 10k drives by way of apology, and the machines are rock solid, service since then good et.c. It was an interesting education.
As far as the real world goes - not that I advocate this - how exactly is MS going to be able to tell you replaced the whole underlying System?
If that made any sense to you, I guess it's a result! I'm too tired to unravel the rest of the gobbledygook that was pumped into my mind when I got irate and pressed for answers why I couldn't just get IBM to hand us the licenses we originally ordered.
Good luck to ya, hope the BSA doesn't catch you at anything you shouldn't be doing:-0
. .
Well, I'm currently downloading the VMWare Virtual Disk Image of Plan 9. It says it's the latest version, let's see . . But at least that ought to solve any hcl problems ;)
. . .
Apple's a little new to this UNIX desktop thing.
Erm, not really, there's AUX, oh and a little thing called NeXTStep and even UNIX for the Lisa (mention only). You might add MAE the Macintosh Application Environment which was written for Solaris and HP/UX, or to a far lesser extent (because it's hard to say that this was other than a split away organisation eventually subsumed by IBM and turned into frameworks for VisualAge amongst other things), the Taligent OO-OS initiative, which was targetted to interoperate with AIX at least at one stage in its life.
Since Jobs left Apple - 1988 iirc - Job's has been involved in UNIX on the desktop. It's no secret that the NeXT technologists / staffers supplanted the previous Apple corporate hierarchy.
Some interesting reading is this USENIX paper The Challenges of Integrating the UNIX and Mac OS environments.
My point is that Apple has a fair deal of relevant experience, and the NeXT - Apple merger is almost distant history, in corporate terms, when Be Inc. seemed to have a chance. And man, that feels a long time ago, even though it isn't _that_ long :)
. .
is it only me, but when I clicked through to the frontpage link PerlBox.org I'm getting redirected to http://www.camelotnaturals.com/ a site selling herbal bath salts????
seriously, mod me down if I'm wrong (I can take it :) but this is silly, has someone effectively spammed the front page?
Can someone else check?
Could someone have switched on a redirect after the editors posted the story, for profit? Did the editors check?
Somehow I've checked this now 6 times, and I still have a problem with disbelief . . .
. . .
I once thought about what you say - same disks, different interfaces. Still, this doesn't explain the price differential, which is substantial between IDE and SCSI.
I've two answers to my own dilemma - either SCSI interface drives undergo far better tolerance checks and testing before they ship, which might explain a good deal of reliability or the drive manufacturers are gouging their SCSI customers.
I think that the real answer is a combination of the two factors. There's nothing wrong with many IDE drives (except the interface, for SCSI afficionados, of course) but SCSI drives have a much better record with everyone I've ever talked to. I bet most people with an important workstation of server consider the cost of SCSI (or FC/AL for that matter)drives a no - brainer as well as a small part of the overall machine cost / work performed value in any event. Companies and serious individuals are natural "suckers" for being sold robust but expensive kit. Just think in comparison a P4 Intel box versus a SUN Sunblade 2000. I know from experience that buying or building really nice Intel boxes soon shaves a whole load from the price advantage Intel has over other architectures.
I think the main comment I have is that IDE drives are majority sold to consumer markets (though I'd be interested to be corrected on that) whereas SCSI drives are mainly sold to a "professional" market. This really affects the whole price / quality focus of the manufacturers.
.
. .
If I read this correctly, the reason why the EU local registries don't have their own root servers, and hence control over service levels is a historical issue.
Excerpting from the Internet Software Consortium's page, linked above - and please allow me to state that such a reference is anecdotal rather than given fact,
The "one in Europe" btw was NOT Nominet or another registrar, it was a guy working for LINX, the London INternet eXchange.
There's good reason for this, as late as the early 1990s, Europe was still thinking that X.500 was the way forward, and a large amount of resources from universities, telcos and local standards agencies was devoted to "interoperability" testing of X.500 directory services. What really happened was the standards lagged the implementations so badly that vendors and implementors went ahead and did their own thing, creating, as anyone who has dealt with X.500, a nightmare for inter -vendor interoperability. That created the space in which the InterNet and DNS / BIND could flourish. FWIW, LDAP is a (nor precisely, so please don't flame me, too large a subject for absolute accuracy here) derivative of X.400, itself a cut down form of X.500. Novell's eDirectory, which runs some of the largest sites (CNN.com, AOL messenger services) is itself a souped up LDAP implementation.
You can find a brief overview of X.500 and what the "authorities" in Europe were up to as late as 1990 and beyond in this history of X.500
I'm British born myself, but this all seems to me to be Euro - Whining. Particularly the UK's Nominet making an issue of this is absolutely BS. Nominet has, IMO, very sharp practises. If you "buy" a domain in the UK (domain.co.uk) via an ISP, Nominet maintains a "tag" linking your domain to the "provding" ISP, until another ISP takes it over. Domains _never_ go back into circulation when they expire. Nominet refuses, on the whole, unless you threaten or cajoule them with considerable effort, to "release" your domain because it states it will not get involved in contractual disputes between you and your ISP. Most UK ISPs make contracts which lock you in to your services and charge a considerable and hefty severance fee, usually buried in the small print. You _can_ get a "Neutral Tag" applied to a UK domain, if you pay GBP £80 for two years, which fee goes back to the ISPs who are members of Nominet, which is a for profit company, limited by guarantee, a rare form of UK company which offers very lax statutory reporting. Even though you _can_ do all this, I've had several clients now who've complained to Nominet, e.g. when their ISP is TU and no longer provides service, and Nominet tells them anyway that they can only deal with an ISP who is a member of Nominet. Obviously that's BS. But you can't register a domain in the UK for
Sorry for that rant against Nominet, but it's Crocodile Tears time again and minus several million points for the Brits, as per usual.
Please follow the links above, investigate yourself . . .
. .
Hey, flame / mod me away here - I deserve it because I've been looking for a thread in which to post this rejected story sub from a week ago . . But what the heck here it is anyway :
( I was originally going to say this post is well OT because of the distance limitations of the below, but what about using this transmission in a PA system at a stadium, or a train station, where volumes and hence transmission possibilities are greater / farther? And just how much is over the air networking really explored by companies? This story is already dang good and right where it hurts for community and campus networks, but if I were building this kit for business I'd be thinking that planning permission would be the area I'd be researching most. In other words, do the "amateurs" have a real chance at a lead in this technology, especially price / performance wise? After all, you and I personally *don't* have to make budgets for contingent liability just in case the town planning dept. gets difficult. I'm all for guerilla networks - take a look at the below . . )
.. .
I don't see my email contact on any of /.s pages or my info page suddenly, even when I log out. So my email address is new500 at hotmail.com in case you need it :)
. .
What exactly do you consider good, cheap or reliable?
Firstly though, how are those emails being "forwarded"? I presume they're just being relayed on from someone's MTA via an existing MX records in an active zone file, but I can't tell.
The cheapest service for this I've found comes bundled with registration from www.GANDI.net, a French company (good English though:) run by Linux geeks who'll charge you c. $17 p.a. for registration and mail / web forwarding. GANDI are primarily registrars, I've plugged them elsewhere, and recently I've been playing with their newly added service features as you'll see below . .
Beware email forwarding! The GANDI service, along with others puts a *limit* on the size of emails to be forwarded. GANDI limits to a useless 800k, other providers such as DomainDirect limit at 2MB, which is also often quite hopeless.
I really don't recommend DomainDirect now because they never respond to real obvious security concerns, such as passing clear text usr / pwd combinations via urls from non ssl pages. I have to deal with them for a client who is stuck with them pro - tem due to them being his OpenSRS reseller. I used to use them a while back, and until they started to be unresponsive, causing International direct calls to discover and resolve problems I liked these guys a lot. Heck, I even endorsed them for their testimonials page. Meanwhile, I'm just moving the OpenSRS domains bought via them to another registrar.
However if you really wanted to you could sign up to DomainDirect without them having control over your domain. Let them assign themselves as tech contact, add their nameservers and zone files for your domain, then replace their tech contact authority.
Doing something like I just suggested has pitfalls though, depending on how your registrar maintains NS entries. Here I have to give some respect to Network Solutions - they have the cleanest wasy to maintain NS entries because you can update these with them as you would like without any bother from your ISP or service provider. Don't flame me now, I *know* how hard it is to change authorities with NetSol registered domains if you're not the right contact! But other instances, such as the DomainDirect situation,, where they are also your OpenSRS reseller, and you're locked in to that arrangement because OpenSRS won't let you renew directly with them, only via your reseller, or even GANDI, are less good in actual fact than NetSol. This is because you can find yourself locked into a game of NS delegation. If you have a link between a registrar and a service provider, they seem always to play tricks to keep you using _them_ and only _them_ - or b*&^er off. I could go on, but I need to get to the beef in this post.
GANDI now throw in a DNS service, which appears reliable, and I've been testing what can be done with this - you can never have enough nameservers, even if like me, you'll have DNS hosted elsewhere as well! :) But beware, once you take up their "forwarding" option (you@yourdomain.com to you@yourisp.com) , the only way _after_this_ to correctly mod your DNS entries, say by adding an MX 20 or extra nameserver, appears to require taking yourself out their DNS, by *removing* their zone files, then starting again. So you'd get in the way of propagation delays whilst you make the change, with no chance to add extra NS in the meantime to pick up the traffic.
Naturally I'm contacting them to let them know my experience, and I guess they may correct this sharpish, but I was up _very_ late last night doing just that for a new domain - actually going the whole hog and just replacing their nameservers with mine in frustration, having not found my way to navigate how their web interface wants to do things. That kinda sucks, and I'd even say this was brain-dead, but otherwise their interface is really simple, and you can add A, MX, CNAME, NS entries straight up.
So another question is clearly : are you hosting your own DNS? And do you want more than one mailserver / MX entry? (for redundancy)
I really don't think that there's any possibility to just point an MX record at a regular ISP MTA, as sendmail or whatever is being used needs to accept mail from you@yourdomain.com and I take a bet no average ISP will do that for you.
Since you can tell I've been doing this recently, I have to say that I can fix something admirable for you if you mail me your situation, requests, number of accounts et.c.
This could be done two ways, I can get you hosted for POP3 and simple (not many entries) DNS for c. $95 pa This via my buddy who's helping me out installing and provisioning a nice new server for me. For a bit more, but not massively more, I could put you on my own host (which lives - or is to live, see below - on my associate's network, fire-walled yada yadda) and on iPlanet Messaging Server, which is one darn nice MTA and does IMAP, S/MIME CERT-auth, webmail over SSL with tricks like synching address books between MTA and webmail via ldap. iPlanet even does WAP for mobile phone access, but I'm only just looking into this option, and requirements for gateways, WML etc. right now. Cosmetic options can be added for a little more too - you could have your logos splattered on the webmail interface, since this appears doable according to the manuals (and I have a background in design so it'd look okay:)
If you don't know already, IMAP rocks as you're not forced to download every email to your client, your mail is kept in a database on the server, so you can use different clients with some impunity, not worrying to manually synch your inbox / outbox etc. However this means server storage space, so that would have to be agreed and set, and aspects such as this will affect the price to you. As we've not yet set any commercial pricing policy, this would have to be worked out ad hoc right now.
There is a caveat with the iPlanet arrangement - 1. Host arriving today, 2. being based in the UK, where corps honestly make it *hard* for you to buy stuff from them, I'm forced to wait for a physical delivery of media to get the serial number for iPlanet so as to generate a license. This crap wouldn't have happened if I'd been in the US, but SUN refuse Intl. customers from their online store. Gripe, grumble, rant. Seriously, I should have not bothered to get tangled with the UK sales outfits. For clarity, I'm London UK based (shortly to set up a coupla' small hosts here to replicate, provide fail-over for mail etc.) and my associate is in Virginia USA. So you can have two geographic points of contact for support / accounts / admin! :)
So to sum up, if you want quick and cheerful, maybe DNS also but happy with POP3, I'll pass you straight to my buddy. You'l have no problems, he's a true uber- geek with plenty years designing and managing large networks. That'll certainly be cheapest, and almost instant. For this I'll not get myself in the loop on that more than is necessary.
If you want something _nicer_ (iPlanet) you can have that too, and I'll go ahead and see how best I can arrange things for you. But what with Christmas business and all you may have to wait a moment. Or you could go the simple option and upgrade when everything is set, and we know your requirements.
Without a doubt, I had the same dang problem as you're asking about for a _long_ while, and the only way forward was to team up and - in the New Year - offer decent email on a small scale commercial basis, initially to people we know by reference.
Heck, I hope that answered some of your questions! :) Anything else just mail me (you'll have to edit my mail to get through, but I check that Hotmail account regularly, and will come back to you with my corp email address if you're serious) I'd post our website, but the dang thing is still getting it's zone files about the place, and it's premature to put up some promotional blurb. Good luck, however you choose!
. .
Hmm, well, before you posted with a description of "cloaking" I ran a Google search on - web page cloaking - and got this result as the first hit :
Website,web page cloaking and stealth technology
Which is some company trying to make money from doing this. See the next page in their pitch : http://webprominence.co.uk/promotion/costs.htm
No w, if cloaking is easily defeated by a second bot, and the Googlebot has this, shouldn't they at least put _their_ own_ link in top slot just saying, "by the way, this kind of stuff is dishonest, misleading and doesn't work" [and thus possibly a fraud?]
Yeah, sure, no - one's going to do this for the n categories across 1.6bln indexed pages for every possible scam scam, but I'd have thought this kind of thing would be obvious "customer protection / advice" on Google's part. I'd _want_ people to know my search engine couldn't be scammed (at the very least by techniques I could defeat and I was indexing for a possible cheater)
On second thoughts, I'd be just as happy to let the lame would - be tricksters / cloakers whatever waste their money.
On the other hand, isn't it that kind of thought (as I just had) which has left the whole web / Internet up for grabs by the slickest over the dumbest and ultimately hurt the bright people who cared?
Moderation and meta - mod on the scale of the *web*???!!! Man, that'd sounds crazy to me. Slashdot scaled n - fold . . . Can't bear to think about it . . gotta go . . .
. .
sincerest apologies for this, I got so carried away with the post above I somehow posted links for a different product's manuals :(.
by way of excuses, if you go here http://manuals.fujitsu-siemens.com/workstation.htm l to find the right bits and pieces they make you use some annoying java applet (where i clicked on the wrong fiddly bit), then (i double checked now, okay? :-) only offer the "Easy Guide" and "Getting Started" manuals in the end. Dang, I found the proper manual the other day, no idea how to find the link again. Didn't mean to get your hopes up there'd be some juicy info in the intended link, but I read the manual anyway and no mention of encrypting disks. sorry again if you looked in vain
. .
btw this one has a smart card reader to boot ;) ..
Okay, gotta add this, because this beast, the Fujitsu Siemens Celsuis Mobile H apparently has encypted disks as standard.
You can't see it from the spec sheet from this linked pdf spec sheet sorry no Google text cache :(
But if you go to their rather elegant, but annoyingly Flash only presentation and click on "product" at the right and then "security" at the middle, up pops the words "Encrypted Hard Disk : The information stored on the hard disks cannot be read elsewhere even when connected to another computer"
This is one mean machine : 1.13GHz Mobile PIII - M, 5 Channel Dolby Digital out, Quadro 2 Go w/ 64MB vram and TwinView, 15.1" 1600*1200 display, firewire (but annoyingly as an either / or option for ethernet and modem), Detachable wireless keyboard which uses Bluetooth (but annoyingly it seems a proprietary conection), Smartcard reader, and so on.
Do check it out, however I've not even been able to get their UK branch to tell me how the encryption works, if hardware or software - whether EFS under Win00 add to this or make things worse e.g. and what to do if you absolutely *must* do a data recovery job, let alone for someone to quote me. Nor is there any info about the crypto disks in the manual [pdf] or the bios setup guide [pdf]
I've heard estimates this thing is $5K, and not likely to be sold direct in the US. Which is sad and silly of them. I figure more than a few people would get these, despite the tag and the relative bulk and weight.It looks darn good for its size . .
Even allowing for disk i/o being waay down on my UltraSCSI 160 desktop (but 1GB RAM might compensate a little :), in other aspects this is the first time I've though of a laptop as an *upgrade* (and I have a Quadro based Elsa card to boot, and _need_ that card to be there).
So someone get one to review or something. Laptop security is on of the most important issues out there for businesses. It's why Win 2000 Pro get's some respect in this field (EFS as standard), but laptop security in general is rarely well thought out or just plain hard to do.
This an option / aspect / feature I bet plenty other prople than just me want to know more about. It gets me wondering if this encrypted drive and access features (card and fingerprint) are bios level (there seem to be some bios only related aspects to protect bootup) and whether we migh see some *nix running happily on hardware like this, or whether there some annoying custom driver set involved. And no I've not found any drivers on the support site which look like they're suspects as of yet . . Man, would I like to talk to someone who actually has one of these blah blah rant etc.
== Idle Random Thoughts. Usual Disclaimer Apply ==
. . .
You can find a catalogue of recent Sun reference prices at UnixHub.com
UnixHub also has relevant short pieces e.g. on SparcBooks which may also be of interest. Look a little down the main page past the updates to the links on the left.
Disclaimer - I know the guy who runs the site.
Disclaimer - I hope he's not /.'d. You can read the reasons why (SDSL) on his site ;)
Just in case no one's already mentioned it SunHelp.org is also a very handy site.