Please don't make the mistake of treating a specific IP address in a huge address space as a secret of some sort. I wouldn't ever compare an IPv6 address with a password. If you plan to keep your address secret and never connect anywhere from it, then that's ok. But an address that's actually used is in effect public. Relaxing the security of the box because it has a hard-to-hit-randomly address would be foolish.
The WRT54G might be a nice piece of hardware. But I still like my WRAP more. It has a Compact Flash slot and, most importantly, a serial port.
I find a WRT54G extremely cumbersome to use without a low level access port and the danger of wrecking the device by uploading a wrong firmware.
With the WRAP, I can prepare "firmware" images on an extra computer, I can even test-boot them in a virtual machine and then transfer them straight to a CF card knowing that there is no way the device will ever get inoperable due to a bad OS image (except flashing a wrong BIOS, which sits in a separate area outside of any compact flash card).
Speaking of BIOS, there even is a BIOS update for WRAP with included Etherboot to boot an OS over the net, yay!
Finally, switching to IPv6 cuts off one of the major ways worms propagate. The Sapphire worm, for example, worked by picking a random IP address and trying to infect it, repeating for a whole bunch of IPs, and it was able to double every 7 seconds. That works because the odds of finding a computer (not necessarily a vulnerable computer) is about 10%. With IPv6, that changes to 10^-28% - instead of doubling the number of infected computers every 7 seconds, it would've scanned for a few years, never find a single computer, and get disinfected.
This might be true, but you can't make claims like "IPv6 prevents worm spreading" or that IPv6 "cuts off one of the major ways worms propagate". The effect might be the same, but relying on it would be security by obscurity. The only secure way is to secure the boxes, not "hide" them in vast address space.
ExitPolicy policy,policy,...
Set an exit policy for this server. Each policy is of the form "accept|reject ADDR[/MASK]:PORT". If/MASK is omitted then this policy just applies to the host given. Instead of giving a host or network you can also use "*" to denote the universe (0.0.0.0/0). PORT can be a single port number, an interval of ports "FROM_PORT-TO_PORT", or "*".
So, yes, you can filter what people can connect to from your node. This can range from middleman-only mode with a reject *:* to a conservative acceptance of some select SSL-only services or port 80 if you can take the heat. Or you could restrict the nets that people can connect to.
Let's assume that a modern PC with a CRT takes a constant 100 watts. (On the high side, I know.)
You've got to be kidding. 100W is on the low side for a modern PC without a CRT. A PC with a P4 (Northwood core) and a GF3TI200 consumes about 90W when idle. That's without monitor and without a "modern" graphics card which requires extra power.
When playing a 3D shooter that system draws around 150W, still without monitor.
How mature, really. Let's try for the NetBSD source: Some occurences of " fuck" in games/fortune/datfiles/, understandable since these are quotes and not code comments. Some are in share/misc/acronyms/, again not code comments.
In fact, the only occurences of " fuck" that are actually comments on code are in the gnu/dist/ subtree. Surprised? Me?
Grepping for " shit" reveals files in mostly the same locations as above, except for the following:
crypto/dist/openssl/CHANGES: *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another dist/ntp/ntpd/refclock_msfees.c:/* Oh shit. Just close and return. */ dist/tcpdump/print-isoclns.c: max_area = 3;/* silly shit */ dist/tcpdump/print-isoclns.c: id_length = 6;/* silly shit again */ doc/CHANGES.prev: ethernet: fixed the amazingly shitty ethernet performance with cheap sys/netiso/if_cons.c: case 0x47:/* CUG shit */ sys/netiso/if_cons.c: case 0x41:/* bilateral CUG shit */
Looks like there's much more frustration going on when coding for Linux *snicker*
Geez, what's so bad about developing the requirement after the possibility is there?
I had a small home network with a small dumb switch. It was kinda ugly since I had to run PPPoE over the switch which sucks. So I thought, hmm, a smarter switch with VLAN-support and more ports would be cool. I didn't need the new switch, since everything "worked" as it was. Now that I have it I find myself doing more complicated VLAN stuff and learning more about network topologies etc.
Is it even theoretically possible to embed computer code in a JPEG file and execute it through the viewer? No, this is not even theoretically possible.
Yes, but the difference is that the differentiation whether that object is a file or a symlink is done in the filesystem itself, transparent to apps. Shortcuts on the other hand _are_ files with an extension of.lnk. The transparency only exists in Explorer and other Windows apps, not in scripts or when mounting the filesystem on another system for example.
And how is this "rendering" done? Without code? So what if I make a user download some malicious file for which there is no thumbnail in the metadata?
This dumbing down gets annoying. "Oh, we will make the user's experience so much better by assuming what he wants and doing tons of stuff in the background." If I download a file from who knows where, I surely don't want any code processing its contents without my knowledge.
Look what they did with SP2's IE. AFAIK there is a "feature" that tags downloaded files as "untrusted" or simliar. So if you download an.exe and try to execute it, you get a warning. This approach is totally backwards and screams of ugly design. I don't expect anything from them to be different.
"It just works" doesn't make me comfortable. It rings alarm bells.
"Shortcuts" are in no way similar to symlinks. Shortcuts are a disgutingly ugly hack. Ever tried to look how shortcuts are implemented? Yep, they are _files_ themselves with a.lnk extension that you never see in Explorer. Ever tried handling a shortcut in a script?
I feel insulted by "microsoft has symlinks already, they are just called shortcuts".
Longhorn doesn't just show you an icon for a document, for example, but rather an itsy-bitsy picture of the first page.
Is it just me or does anyone else see a whole new can of worms (heh) open up here? So by default all files are processed by some code even if you just want to see what files are there? Great.
Slashdot Mirror
Please don't make the mistake of treating a specific IP address in a huge address space as a secret of some sort. I wouldn't ever compare an IPv6 address with a password. If you plan to keep your address secret and never connect anywhere from it, then that's ok. But an address that's actually used is in effect public. Relaxing the security of the box because it has a hard-to-hit-randomly address would be foolish.
The WRT54G might be a nice piece of hardware. But I still like my WRAP more. It has a Compact Flash slot and, most importantly, a serial port.
I find a WRT54G extremely cumbersome to use without a low level access port and the danger of wrecking the device by uploading a wrong firmware.
With the WRAP, I can prepare "firmware" images on an extra computer, I can even test-boot them in a virtual machine and then transfer them straight to a CF card knowing that there is no way the device will ever get inoperable due to a bad OS image (except flashing a wrong BIOS, which sits in a separate area outside of any compact flash card).
Speaking of BIOS, there even is a BIOS update for WRAP with included Etherboot to boot an OS over the net, yay!
Finally, switching to IPv6 cuts off one of the major ways worms propagate. The Sapphire worm, for example, worked by picking a random IP address and trying to infect it, repeating for a whole bunch of IPs, and it was able to double every 7 seconds. That works because the odds of finding a computer (not necessarily a vulnerable computer) is about 10%. With IPv6, that changes to 10^-28% - instead of doubling the number of infected computers every 7 seconds, it would've scanned for a few years, never find a single computer, and get disinfected.
This might be true, but you can't make claims like "IPv6 prevents worm spreading" or that IPv6 "cuts off one of the major ways worms propagate". The effect might be the same, but relying on it would be security by obscurity. The only secure way is to secure the boxes, not "hide" them in vast address space.
These days, isn't there already a law (as in Godwin's law) that states:
"Anyone who brings up the 'You must be hiding something if you encrypt' argument in a discussion automatically loses."?
Because there should be.
RTFM:
/MASK is omitted then this policy just applies to the host given. Instead of giving a host or network you can also use "*" to denote the universe (0.0.0.0/0). PORT can be a single port number, an interval of ports "FROM_PORT-TO_PORT", or "*".
ExitPolicy policy,policy,...
Set an exit policy for this server. Each policy is of the form "accept|reject ADDR[/MASK]:PORT". If
So, yes, you can filter what people can connect to from your node. This can range from middleman-only mode with a reject *:* to a conservative acceptance of some select SSL-only services or port 80 if you can take the heat. Or you could restrict the nets that people can connect to.
4: criminal/terrorist/pedophile activity
What disturbs me the most is that you had to tear out the terrorists and pedophiles separately. Are they not criminal or somewhat special criminals?
Ah right, they hit a nerve. My bad. </sarcasm>
possibly having to press reload a few times to make it work
. pl and pick a node in a preferred region and then use that node as a preferred exit node. Check the TOR manual.
You can visit http://serifos.eecs.harvard.edu:8000/cgi-bin/exit
...NetBSD?
While you're there, check out the plush daemon. Your girlfriends will love it :D
Do they make hand puppets now as well?
*runs*
Better a renegade programmer than a redneck DBA. Or something.
What the matter? 3Gb are just around 350MB, I download that daily. Oh wait, you meant 3Gb per second?
As if technical incompetence wasn't bad enough. What's the next step? "Threatining" "buisnesses" with bad spelling all day?
Hmm, what could happen? Some healthy reduction in stupidity perhaps?
You can hold IRC conversations with people not online at the time? Impressive.
You can hold conversations with people who aren't even online with IM? That's even more impressive.
Seriously, that's the purpose of e-mail then, isn't it?
It doesn't require you to sync up.
You can hold multiple conversations at the same time.
It indicates if somebody is in, without disturbing them like a phone call does.
I can deal with them in the order I choose, unlike phone calls.
Ah, you mean IRC.
Let's assume that a modern PC with a CRT takes a constant 100 watts. (On the high side, I know.)
You've got to be kidding. 100W is on the low side for a modern PC without a CRT. A PC with a P4 (Northwood core) and a GF3TI200 consumes about 90W when idle. That's without monitor and without a "modern" graphics card which requires extra power.
When playing a 3D shooter that system draws around 150W, still without monitor.
With a torrent I can become a mirror myself if I want to donate some bandwidth.
How mature, really. Let's try for the NetBSD source: Some occurences of " fuck" in games/fortune/datfiles/, understandable since these are quotes and not code comments. Some are in share/misc/acronyms/, again not code comments.
/* Oh shit. Just close and return. */ /* silly shit */ /* silly shit again */ /* CUG shit */ /* bilateral CUG shit */
In fact, the only occurences of " fuck" that are actually comments on code are in the gnu/dist/ subtree. Surprised? Me?
Grepping for " shit" reveals files in mostly the same locations as above, except for the following:
crypto/dist/openssl/CHANGES: *) Deal with irritating shit to do with dependencies, in YAAHW (Yet Another
dist/ntp/ntpd/refclock_msfees.c:
dist/tcpdump/print-isoclns.c: max_area = 3;
dist/tcpdump/print-isoclns.c: id_length = 6;
doc/CHANGES.prev: ethernet: fixed the amazingly shitty ethernet performance with cheap
sys/netiso/if_cons.c: case 0x47:
sys/netiso/if_cons.c: case 0x41:
Looks like there's much more frustration going on when coding for Linux *snicker*
Geez, what's so bad about developing the requirement after the possibility is there?
I had a small home network with a small dumb switch. It was kinda ugly since I had to run PPPoE over the switch which sucks. So I thought, hmm, a smarter switch with VLAN-support and more ports would be cool. I didn't need the new switch, since everything "worked" as it was. Now that I have it I find myself doing more complicated VLAN stuff and learning more about network topologies etc.
Open your mind a bit.
Is it even theoretically possible to embed computer code in a JPEG file and execute it through the viewer? No, this is not even theoretically possible.
I must have dreamed then when this came up.
Thanks for clearing that up Mr. Troll Coward, Sir.
Yes, but the difference is that the differentiation whether that object is a file or a symlink is done in the filesystem itself, transparent to apps. Shortcuts on the other hand _are_ files with an extension of .lnk. The transparency only exists in Explorer and other Windows apps, not in scripts or when mounting the filesystem on another system for example.
And how is this "rendering" done? Without code? So what if I make a user download some malicious file for which there is no thumbnail in the metadata?
.exe and try to execute it, you get a warning. This approach is totally backwards and screams of ugly design. I don't expect anything from them to be different.
This dumbing down gets annoying. "Oh, we will make the user's experience so much better by assuming what he wants and doing tons of stuff in the background." If I download a file from who knows where, I surely don't want any code processing its contents without my knowledge.
Look what they did with SP2's IE. AFAIK there is a "feature" that tags downloaded files as "untrusted" or simliar. So if you download an
"It just works" doesn't make me comfortable. It rings alarm bells.
"Shortcuts" are in no way similar to symlinks. Shortcuts are a disgutingly ugly hack. Ever tried to look how shortcuts are implemented? Yep, they are _files_ themselves with a .lnk extension that you never see in Explorer. Ever tried handling a shortcut in a script?
I feel insulted by "microsoft has symlinks already, they are just called shortcuts".
Longhorn doesn't just show you an icon for a document, for example, but rather an itsy-bitsy picture of the first page.
Is it just me or does anyone else see a whole new can of worms (heh) open up here? So by default all files are processed by some code even if you just want to see what files are there? Great.
Splendid, Mr. Data. Continue with your research. Dismissed.
Wrong. See my post below.