Right now the market appears to be stagnating some, sure.
At some point though, probably not too far down the line, another revolution in computing will happen whereby we are more interactive with our machines. This might entail more accurate voice-recognition software, LAN/WAN seamless audio/video conferencing, who knows what.
When that happens, the rush for more storage and faster speeds will resume.
In the meantime gaming requirements will continue to push the clock cycles slowly up.
People unwilling to educate themselves in even the most basic way about the safety of online transactions where either MONEY or confidential information is concerned will never have my sympathy.
Browsers can only go *so* far with something like this - the end-user has to be educated enough to understand the realm in which they're working and the implications of their actions.
Uh..DNS *queries* are UDP. Only TCP has this 'issue'.
And if you order something online w/o verifying HTTPS, you're a moron. Plain and simple. If you *were* DNS spoofed, hopefully your browser would issue a warning that the Cert was invalid.
DNS has its problems, yes...But they have nothing to do with ISNs.
Isn't "commercial free" one of the major points for moving away from a free service like FM? Sure, it isn't the only reason, but if I'm shelling out $10/month (whatever it is), I am going to have very high expectations for the service.
Back in around '90-91, DEC was building SMP (up to 4-way) 486's that used a 'corollary-bus'. There were somewhere between 16 and 20 slots on a *VERY* sparse motherboard. Each card had a specific purpose: CPU cards (up to 4), memory cards (also up to 4 I think, possibly 8) and the rest were general-purpose EISA slots IIRC. Typically you'd have SCSI and something akin to a Digiboard for your pre-TCP/IP network.:-)
BTW - didn't Digiboard RULE?! Best products and support I've ever come across.
SecureTrendz is a company that does exactly this with the benefit of having a lot of expertise in other related areas. (LAN/WAN, Unix/NT SA, Backup/Recovery)
Assessments can range from a simple Internet presence audit, to a full-blown enterprise assessment, including policy review and design. All projects are tailored to the customer's needs, goals and expectations. There are no 'cookie-cutter' solutions. Knowledge-transfer is a key component of ST projects. They really endeavor to educate their clients rather than keep them dependent.
ST's engineers are outstanding. Where many assessments stop at simply finding vulnerabilities, the team at ST are often able to leverage access against other systems on a network to provide a very realistic idea of how vulnerable you may be. From both a network/systems and business perspective, they simply have a deep understanding of weakness, vulnerability and risk management.
I know a few people who work there and I highly recommend them.
Re:Right. Animal Cruelty is a Laugh a Minute.
on
Rubber Band Machine Gun
·
· Score: 5, Insightful
Man lighten the fuck up. Just because we joke about something like that certainly doesn't mean someone intends to do it.
And no, shooting a rubber band at a cat isn't funny.
However...Firing a fully-automatic rubberband chaingun at a cat strikes so many comic images in one's head that you can't help but crack a smile. It's comic in it's absurdity.
I wish I had one of these guns to shoot at you, because I would do it, and I'd think it's funny.
There are a *LOT* of redundancies and unoptimized rules in his firewall ruleset. For example, you only need to keep state once for a connection, either in or out. Both is pointless. Firewall ruleset design (via ipf or pf) is better documented in the FAQ, although the documentation for pf is terse generally assumes a working knowledge of ipf. The rulesets could have been collapsed down into less than half of what is listed.
Also he should have either used OpenBSD 2.9, or moved to 3.0 and done this based on pf, which has a more elegant syntax. Although the IPF syntax doesn't change between 2.8 and 2.9, 2.9 represents a newer versin of IPF, and why on earth would you not just use it instead?
It's too bad there isn't more BSD news - this really isn't something worth being posted to slashdot.:-(
Yes, but that doesn't have anything to do with the article...or were you responding to a thread but hit the wrong button?;-)
Back to the article -
I don't honestly see this being a very valuable feature, unless you were able to move things like syslogd (for logging) into kernel space, and provide a mechanism to allow for some kind of management.
The *only* trouble I've had with my PS2KVM4 is that certain optical wheelmice won't work. I got my PS2KVM4 almost two years ago, I think right as they first came out, so perhaps mine isn't as robust as newer ones?
As for keyboard repeat? Try using xset. My settings *ALWAYS* change with a machine being booted while active on the KVM.
I've used FreeBSD, OpenBSD, Linux and Win98/2k without trouble.
MAC addresses are only visible to hosts on the same segment. Once your 'firewall' NATs and then forwards the packet, it gets sent out the firewall's outside interface and the packet header now contains the firewall's external MAC address. Once the first router gets the packet, that MAC is no longer seen. The only MAC anybody will ever see is the one of the external interface of your firewall. (unless you just plug two machines directly to the cable modem and skip doing NAT)
For each hop between the source and destination only the MACs of the routers are known.
I hate to break it to you, but by the time Unreal 2 hits the shelves, a 1Ghz Duron and GF2 *will* be considered the lower-end for FPS, if they aren't already.
Hell, I have a 1Ghz TBird with a GF2, and usually the max res I can use (to maintain > ~60 fps) is 800x600. I don't expect the next generation of 3d engines to be able to run at or even near the levels of current engines WRT hardware.
The remote end needs to know *NOTHING* about the sender other than the routable IP. You need to look at nothing more than what already works through NAT and what does not.
HTTP - You can use it for browsing pages and even downloading files. There isn't anything beyond this type of functionality in any application that doesn't specifically use any lower-level network protocools.
Telnet/rsh/rlogin/rexec/smtp/snmp/quake2-3 and a plenitude of others are all single-port, unidirectionally-established connections. (application protocols) Your NAT device only needs to create a 'state' entry for each connection created to understand how to route the return packets coming back from the remote side. There is absolutely no reason why something as trivial as a chat client software would need to even know its own IP, much less transmit that to the server. Doing it is a STUPID design, and creates weakness and vulnerability where there isn't one...as evidenced by this MORONIC vulnerability.
(although certainly filtering and NAT have their share of problems as well)
While I can certainly see your point, I think the parent poster is thinking more along the lines of filesystem protection(s), including multi-user logins/sessions, and protection of/from things like ActiveX, Java, et al.
Without starting a flame-war, one can certainly see the benefits and drawbacks to having security from malicious apps.
In a perfect world this would be a non-issue. However, we are replete with examples of why it is important to most of us.
I'm not sure how much monitor bandwidth you need, but the linksys 4-port kvm I have has worked wonderfully, and allows resolutions up to 1920x1440. It's the tiny one that has two sets of ports on opposite sides.
All KVMs seem to have quirks and this one does too, (newer ps2/usb optical mice don't seem to work) but all in all it works well and I haven't regretted purchasing it at all.
sedawkgrep
Slashdot Mirror
QUERIES I SAID. JESUS READ MY POST.
Only DNS transactions that happen over TCP are zone transfers.
Right now the market appears to be stagnating some, sure.
At some point though, probably not too far down the line, another revolution in computing will happen whereby we are more interactive with our machines. This might entail more accurate voice-recognition software, LAN/WAN seamless audio/video conferencing, who knows what.
When that happens, the rush for more storage and faster speeds will resume.
In the meantime gaming requirements will continue to push the clock cycles slowly up.
sedawkgrep
People unwilling to educate themselves in even the most basic way about the safety of online transactions where either MONEY or confidential information is concerned will never have my sympathy.
Browsers can only go *so* far with something like this - the end-user has to be educated enough to understand the realm in which they're working and the implications of their actions.
sedawkgrep
If you are directing this at me, yes I know it is outside the scope; that's why I said what I said. (DNS is UDP, etc)
Uh..DNS *queries* are UDP. Only TCP has this 'issue'.
And if you order something online w/o verifying HTTPS, you're a moron. Plain and simple. If you *were* DNS spoofed, hopefully your browser would issue a warning that the Cert was invalid.
DNS has its problems, yes...But they have nothing to do with ISNs.
I haven't tried running Linux compatibility under FreeBSD, but it looks like you're simply missing a required library.
I would imagine the error would be something different than "No such file or directory" which is a standard error if it truly wasn't working.
Um....
Isn't "commercial free" one of the major points for moving away from a free service like FM? Sure, it isn't the only reason, but if I'm shelling out $10/month (whatever it is), I am going to have very high expectations for the service.
sedawkgrep
I've seen old boxes like this.
:-)
Back in around '90-91, DEC was building SMP (up to 4-way) 486's that used a 'corollary-bus'. There were somewhere between 16 and 20 slots on a *VERY* sparse motherboard. Each card had a specific purpose: CPU cards (up to 4), memory cards (also up to 4 I think, possibly 8) and the rest were general-purpose EISA slots IIRC. Typically you'd have SCSI and something akin to a Digiboard for your pre-TCP/IP network.
BTW - didn't Digiboard RULE?! Best products and support I've ever come across.
sedawkgrep
SecureTrendz is a company that does exactly this with the benefit of having a lot of expertise in other related areas. (LAN/WAN, Unix/NT SA, Backup/Recovery)
Assessments can range from a simple Internet presence audit, to a full-blown enterprise assessment, including policy review and design. All projects are tailored to the customer's needs, goals and expectations. There are no 'cookie-cutter' solutions. Knowledge-transfer is a key component of ST projects. They really endeavor to educate their clients rather than keep them dependent.
ST's engineers are outstanding. Where many assessments stop at simply finding vulnerabilities, the team at ST are often able to leverage access against other systems on a network to provide a very realistic idea of how vulnerable you may be. From both a network/systems and business perspective, they simply have a deep understanding of weakness, vulnerability and risk management.
I know a few people who work there and I highly recommend them.
www.securetrendz.com
sedawkgrep
A friend of mine uses this on his laptop and now swears by it. It takes a little getting used-to, but it is apparently very fast and very lightweight.
There is a *LOT* more at stake here than just x86 servers. I don't think Carly realizes this.
IMO, this will kill the name/identity of Compaq and seriously weaken HP.
can't we filter out these damned "XXX is dying" posts? JEESH.
fast
Man lighten the fuck up. Just because we joke about something like that certainly doesn't mean someone intends to do it.
And no, shooting a rubber band at a cat isn't funny.
However...Firing a fully-automatic rubberband chaingun at a cat strikes so many comic images in one's head that you can't help but crack a smile. It's comic in it's absurdity.
I wish I had one of these guns to shoot at you, because I would do it, and I'd think it's funny.
sedawkgrep
Agreed...I actually laughed out loud at this.
Actually the subject is a bit harsh. It *is* worth reading - just keep in mind that this shouldn't be a reference on good rule construction or design.
There are a *LOT* of redundancies and unoptimized rules in his firewall ruleset. For example, you only need to keep state once for a connection, either in or out. Both is pointless. Firewall ruleset design (via ipf or pf) is better documented in the FAQ, although the documentation for pf is terse generally assumes a working knowledge of ipf. The rulesets could have been collapsed down into less than half of what is listed.
:-(
Also he should have either used OpenBSD 2.9, or moved to 3.0 and done this based on pf, which has a more elegant syntax. Although the IPF syntax doesn't change between 2.8 and 2.9, 2.9 represents a newer versin of IPF, and why on earth would you not just use it instead?
It's too bad there isn't more BSD news - this really isn't something worth being posted to slashdot.
sedawkgrep
Yes, but that doesn't have anything to do with the article...or were you responding to a thread but hit the wrong button? ;-)
Back to the article -
I don't honestly see this being a very valuable feature, unless you were able to move things like syslogd (for logging) into kernel space, and provide a mechanism to allow for some kind of management.
sedawkgrep
agree 100%.
The *only* trouble I've had with my PS2KVM4 is that certain optical wheelmice won't work. I got my PS2KVM4 almost two years ago, I think right as they first came out, so perhaps mine isn't as robust as newer ones?
As for keyboard repeat? Try using xset. My settings *ALWAYS* change with a machine being booted while active on the KVM.
I've used FreeBSD, OpenBSD, Linux and Win98/2k without trouble.
sedawkgrep
MAC addresses are only visible to hosts on the same segment. Once your 'firewall' NATs and then forwards the packet, it gets sent out the firewall's outside interface and the packet header now contains the firewall's external MAC address. Once the first router gets the packet, that MAC is no longer seen. The only MAC anybody will ever see is the one of the external interface of your firewall. (unless you just plug two machines directly to the cable modem and skip doing NAT)
For each hop between the source and destination only the MACs of the routers are known.
sedawkgrep
I hate to break it to you, but by the time Unreal 2 hits the shelves, a 1Ghz Duron and GF2 *will* be considered the lower-end for FPS, if they aren't already.
Hell, I have a 1Ghz TBird with a GF2, and usually the max res I can use (to maintain > ~60 fps) is 800x600. I don't expect the next generation of 3d engines to be able to run at or even near the levels of current engines WRT hardware.
sedawkgrep
No.
The remote end needs to know *NOTHING* about the sender other than the routable IP. You need to look at nothing more than what already works through NAT and what does not.
HTTP - You can use it for browsing pages and even downloading files. There isn't anything beyond this type of functionality in any application that doesn't specifically use any lower-level network protocools.
Telnet/rsh/rlogin/rexec/smtp/snmp/quake2-3 and a plenitude of others are all single-port, unidirectionally-established connections. (application protocols) Your NAT device only needs to create a 'state' entry for each connection created to understand how to route the return packets coming back from the remote side. There is absolutely no reason why something as trivial as a chat client software would need to even know its own IP, much less transmit that to the server. Doing it is a STUPID design, and creates weakness and vulnerability where there isn't one...as evidenced by this MORONIC vulnerability.
(although certainly filtering and NAT have their share of problems as well)
sedawkgrep
If what you're reading is truly accurate, then you have the coolest running 'modern' system I've ever heard of in my experience.
29C = 84F
That's only about 10-15 degrees above room temperature.
sedawkgrep
While I can certainly see your point, I think the parent poster is thinking more along the lines of filesystem protection(s), including multi-user logins/sessions, and protection of/from things like ActiveX, Java, et al.
Without starting a flame-war, one can certainly see the benefits and drawbacks to having security from malicious apps.
In a perfect world this would be a non-issue. However, we are replete with examples of why it is important to most of us.
sedawkgrep
I'm not sure how much monitor bandwidth you need, but the linksys 4-port kvm I have has worked wonderfully, and allows resolutions up to 1920x1440. It's the tiny one that has two sets of ports on opposite sides.
All KVMs seem to have quirks and this one does too, (newer ps2/usb optical mice don't seem to work) but all in all it works well and I haven't regretted purchasing it at all.
sedawkgrep