Understandable, I suppose, though Apache comes with pretty safe defaults these days, run as an unprivileged user, and permissions are sane.
Even so, I'm no IIS expert, but just keeping up to date via Windows Update, and watching Buqtraq, CERT, the standard lists, gives me more than enough info to keep our ISS boxen locked down.
Ug, now if only the responses telling me I'm a jackass weren't so vitriolic...
Granted, I've more experience with Apache than IIS, so if my post was in error its certainly understandable. That was my understanding from previous IIS vs. Apache tests, was that part of IIS ran in kernel mode to serve pages faster, and that was one reason many remote exploits were so serious.
Regardless, we have 2 IIS servers here at work, that are accessible to the Internet, and that has never been a problem. We keep them up to date, run the lockdown tool, so on. It really isn't too difficult to keep secure. Same goes for Apache.
[Ignoring the fact that the bug is a bug within IIS, not an OS.]
Perhaps, but IIS runs within kernel space, which is why a remote exploit is always a big deal. Apache may be a bit slower, but runs in user space and thus a remote exploit is less dangerous. So you're right, all OSes/apps aren't equally as vulnerable, but IIS is pretty fucking vulnerable.
Exactly. Marijuana is the reason the girl's parents didn't give her condoms, get her birth control, teach her about sex in the first fucking place?
If these commercials were to show the truth, they would show a car full of stoners laughing as they wallk out of Krispy Kreme with 10 boxes of donuts... Harmless? =D
More like they (AOL-TW cable) produce a product, charge me for it, time commercials so most channels are on commercials at the same time, fill probably 30% of those spots with ads for AOL-TW services (Roadrunner, AOL highspeed, AOL 8.0, HBO on demand, movies on demand, so on...).
Then again, I can see why they don't like the commercial skip feature some PVRs have, but I don't see why its any different from getting up and using the bathroom, getting a bite to eat, changing channels, so on. Lets be fair here.
Ahh, see? Radio Two, you obviously live in a country with proper radio stations. I'm stuck getting bootleg copies of BBC Radio shows to listen to during my daily commute =).
While we're making poor analogies, it would be more like going to the store and buying a 6 pack, vs. going to a vending machine and getting a 12 oz can that cost twice as much and was half soda, half water.
If I buy an mp3 I'm not going to pay more than it would cost to buy the high quality CDDA version. And yes, I can tell the difference. Anyone with a good set of headphones or a decent hifi should be able to.
Yes, it is common sense. The wired internet has this limitation. At some point, you have to get on the backbone, right? In a true ad hoc peer to peer network, nodes are equal to one another. Need more bandwidth? Plug a backhaul into one of the nodes. Yes there is a finite amount of bandwidth, that will eventually become a bottleneck, but the same can be said of most networks.
We've done quite a bit of OPNET modeling, continue to do so, and it provides a "proving ground" for new techniques and protocols that we try. In theory, as the number of nodes increases the aggregate capacity of the network increases. This assumes each node step down its power to the minimum necessary to communicate at a high data rate, creating picocells, and allowing greater frequency reuse than a point to multipoint network. The access point will have a finite throughput, but just add backhauls to other nodes, and the network will self-balance as route propogate.
Hopefully routing protocols will prevent any one node from carrying all the packets. Our routing takes this into account, by noting which nodes are congested and routing around them, as well as considering battery life. Also, Quality of Service is implemented to make sure important packets get through first. We model this extensively before implementing it, as well as to continue to tweak things.
Yea, it is quite similar to both "p2p" and distributed/grid computing, and that makes sense. You are pushing the intelligence back out onto the edges of the mesh. I believe all 3 will have a great change on the way we compute.
These are all issues that a network of this design faces, but they are not insurmountable. As you said, the cells get smaller so you have to make multiple hops, but by doing so you can communicate at a higher data rate and maintain that rate across multiple hops. My company has a product that "meshes" 802.11, and in testing we've seen this lead to much higher aggregate throughput when compared to vanilla 802.11, some 2 to 3 times higher.
As for your other concerns, why would you need to know of all the nodes in the network? All your node should be concerned about are your "neighbors" in the immediate area, and if necessary, how to get back to a wired access point. Traditional routing protocols like RIP and OSPF don't perform well in this kind of network, and as the network grows the overhead would quickly take up all the available bandwidth. Because of this we've been moving towards on-demand protocols, and based on modeling we've done these protocols should scale well.
The other thing, and this is more my opinion than fact perhaps, is that when ad hoc peer to peer networks gain widespread use, I believe they will fundamentally change how we use networks completely. Yes, if you just went to an ad hoc network and connected it to the internet, based on the apps everyone uses today, everyone would be swamping the access points and bandwidth to the wired world would drop. But once peer to peer wireless is ubiquitous, users will have more incentive to use more peer to peer oriented applications. If 20 people on the same wireless network want to view Slashdot.org why should they have to download all the graphics 20 times? Peer to peer wireless will give rise to new implementations of applications we use today.
The biggest problem I can see is, as usual, security. IPSEC can secure the payload, but in a wireless ad hoc network it would be trivial for an attacker to inject a false routing advertisement and bring the network to its knees. Routing updates and other overhead needs to be secured for these networks to work.
Well, racism is just one of those forces. My roommate got arrested in downtown here, simply for walking through the wrong part of downtown on the way to his car. He spent a night in jail, had to pay a lawyer $3K so he didnt get charged with anything serious, and pay a fine of a few hundred bucks. All this because a group of cops were bored one night.
It does happen, despite your experiences. It is in the news all the time, though apparently people dismiss it in a similar manner to you.
The link I provided earlier, which you first responded to, drives this point home. An unarmed man was shot, for no reason whatsoever, and died. The cops say he was the antagonist, but the eyewitnesses said that was bullshit. It can, and does, happen.
We're talking about people getting arrested for no reason. And that if you are black, it seems to happen a lot more often.
I come from a middle class area, and went to school in an area that was much wealthier, and so I now a few black guys from suburbia, as it were. I've also known a few black guys from the dirt poor part of town.
I still dont see how living in a racist town, with a lot of minorities, and a high crime rate, relates to people getting arrested for no reason. Not trying to be argumentative here, just curious =).
We're talking about how "the man" treats not minorities
Hint: police == The Man®
If you'll notice, the cop that shot that guy was hispanic
If you'll notice, the man was UNARMED, and was SHOT, because he had a disagreement with some cocksuckers who tried to get him to sell them some dope. I don't see why it matters that the cop was hispanic. Oh yea, because if he was white, it would be a "hate crime"?
I know people get treated unfairly. But people aren't routinely arrested for no reason.
Then you don't know a black man who isn't from suburbia. I don't see how a high crime rate where you live, which happens to be home to a lot of minorities, causes you to draw that conclusion.
There is no difference between drinking beer or smoking pot
I'd beg to differ, and so would a few Brits. That is right, being TIRED has more adverse effects on driving.
I only bring it up because of all of the anti-marijuana ads in the papers these days. How come the Christian wrong can refuse to allow their tax dollars to aid countries that MIGHT educate people on family planning, yet it doesnt matter that I am strongly opposed to a racist war on my fellow citizens that is funded with my tax dollars?
The argument that there are huge amounts of money at stake in these industries will not sway me
Then you are ignoring the facts. Tobacco is big business, has lots of lawyers, lots of lobbyists, and diversify themselves to the point that they can weather a few years of anti-tobacco sentiment and come out unscathed.
Likewise, law enforcement/imprisonment is big business. Tell me, if there is good money in imprisoning non-violent offenders of drug-related crimes, what incentive does the prison system have to reform anyone?
nor should it be allowed to drive our national policy.
Well no kidding, but it does. These companies have money, and money talks in Washington. There are a lot of things that shouldn't be allowed in politics, but that doesn't stop them from happening.
The racial "thing" is completely justified. Look at mandatory minimum sentences for crack cocaine versus regular cocaine. It is a vicious cycle, and there is no one thing to blame, but blatently racist drug laws perpetuate this cycle.
Yet another perfect application for mesh networking! (And another oppotunity for a shameless plug, but I digress...)
One of the products my company makes is a software mesh for 802.11. We have ported this software to PocketPC, so a device like a Compag^H^H^H^H^H^HHP iPaq with a wireless card can mesh with other devices around it. As nodes go down or enter the network the devices seamlessly configure themselves and route traffic around breaks or congested areas. If the access point you were using went down, you could hop through a neighborss handheld and his neighbor's, so on, until you found an AP.
Of course, you could also do this with free software. Familiar + iPaq + AODV would be a viable open source alternative. Once you have the connectivity you could use just about any app. Gnomemeeting or OpenH323 would enable VoIP. Email apps are there too.
I got my RHCE last October. Took the RH300 course to bone up on the basics and the last day was the exam. And man, I was glad I took the course! The writeup here on/. about the RH300 course was right on the money.
The exam is 3 parts: lab, written test, lab. The first lab involves doing an install of Red Hat that conforms to a set of specs you are given. After that your instructor comes over and breaks your system, then you get to fix it. I saw a lot of my classmates struggling well after I got done with that portion of the test. Granted, I have about 3 years of professional experience admining Red Hat so I considered myself well prepared, but some of these problems were a bitch to fix. The multiple choice test covered a broad range of questions. There was some debate over the correct answer to a couple of questions, due mostly to the fact that this was the first time they were giving a Red Hat 8.0 course, but I'm sure they have worked out those kinks. The final lab involved securing your machine, only allowing access for specific services to specific machines. All in all a very thorough test.
I must admit though, I don't know how much I like the idea of a bunch of high school graduates with no security experience, or even real world experience, coming out of school RHCEs and bringing down median wages even lower. Not that I make median for what I do, but I digress.
I've been doing MIS stuff for 4 years or so now, Red Hat for 3 years pro, much longer as a hobby, and all that has taught me is that I have a LOT to learn. =)
I have a few APs here at work, a pro grade 3Com and a couple Cisco AP350s. All of them work great, great range, good data rates, the Cisco especially. I bought a 3Com "Home Wireless Gateway" about a year ago on sale for my home, and was very disappointed. I could barely get into the next room before my signal started going in and out.
Tore the AP apart to look at the antenna. It doesn't even have a diversity antenna, and the antenna as it were is a PCB that is horizontal. The connector was something proprietary.
I found an antenna with a similar connector and a length of coax from another AP at work. This is a proper antenna with a knuckle, no gain really. Just installing that on my access point gets me 5.5-11Mbps across the house. Works like a charm now.
The point? Antennas in home equipment like that Linksys gear is crap. A decent one will do wonders.
Maybe he was on an OC12, and downloaded 20 songs in 5 seconds. Using RIAA math here, it is obvious that this guy downloaded the equivalent of 600 songs downloaded with a 56K modem.
I hope you are joking and not just being an asshole =)
My main machine is my work laptop, and it has to run Windows, not because of corporate policy (hell, I'M the admin, Linux and Win2K =D) but because I need to run Windows software - reliably - and because I don't need my choice of OS getting in the way.
The Real® reason it burns me up, as I said in another post, is that some of my friends arent the type to go hacking about in the registry, and crap like StartCenter or whatever they call it just slows their machines down. Bah!
This has always bugged me about Real Player. Their newest player installs a lame little executable, that isn't easy to get rid of, that starts up their little message center in the system tray. It was bad enough with their old version which loaded RealPlayer every time you booted, but at least you could turn it off.
These days, if it is encoded in Real it isn't worth my time to watch. I make sure everyone I know is aware of this too.
Slashdot Mirror
Understandable, I suppose, though Apache comes with pretty safe defaults these days, run as an unprivileged user, and permissions are sane.
Even so, I'm no IIS expert, but just keeping up to date via Windows Update, and watching Buqtraq, CERT, the standard lists, gives me more than enough info to keep our ISS boxen locked down.
Ug, now if only the responses telling me I'm a jackass weren't so vitriolic...
Agreed, yada yada yada.
Granted, I've more experience with Apache than IIS, so if my post was in error its certainly understandable. That was my understanding from previous IIS vs. Apache tests, was that part of IIS ran in kernel mode to serve pages faster, and that was one reason many remote exploits were so serious.
Regardless, we have 2 IIS servers here at work, that are accessible to the Internet, and that has never been a problem. We keep them up to date, run the lockdown tool, so on. It really isn't too difficult to keep secure. Same goes for Apache.
Perhaps, but IIS runs within kernel space, which is why a remote exploit is always a big deal. Apache may be a bit slower, but runs in user space and thus a remote exploit is less dangerous. So you're right, all OSes/apps aren't equally as vulnerable, but IIS is pretty fucking vulnerable.
Could you afford health care without insurance? Mandatory health coverage for full time workers is a Good Thing.
Other than that I almost agree with you, but you're faith in booming business to pass their gains on to the average American is laughable.
Exactly. Marijuana is the reason the girl's parents didn't give her condoms, get her birth control, teach her about sex in the first fucking place?
If these commercials were to show the truth, they would show a car full of stoners laughing as they wallk out of Krispy Kreme with 10 boxes of donuts... Harmless? =D
More like they (AOL-TW cable) produce a product, charge me for it, time commercials so most channels are on commercials at the same time, fill probably 30% of those spots with ads for AOL-TW services (Roadrunner, AOL highspeed, AOL 8.0, HBO on demand, movies on demand, so on...).
Then again, I can see why they don't like the commercial skip feature some PVRs have, but I don't see why its any different from getting up and using the bathroom, getting a bite to eat, changing channels, so on. Lets be fair here.
Ahh, see? Radio Two, you obviously live in a country with proper radio stations. I'm stuck getting bootleg copies of BBC Radio shows to listen to during my daily commute =).
While we're making poor analogies, it would be more like going to the store and buying a 6 pack, vs. going to a vending machine and getting a 12 oz can that cost twice as much and was half soda, half water.
If I buy an mp3 I'm not going to pay more than it would cost to buy the high quality CDDA version. And yes, I can tell the difference. Anyone with a good set of headphones or a decent hifi should be able to.
Yes, it is common sense. The wired internet has this limitation. At some point, you have to get on the backbone, right? In a true ad hoc peer to peer network, nodes are equal to one another. Need more bandwidth? Plug a backhaul into one of the nodes. Yes there is a finite amount of bandwidth, that will eventually become a bottleneck, but the same can be said of most networks.
We've done quite a bit of OPNET modeling, continue to do so, and it provides a "proving ground" for new techniques and protocols that we try. In theory, as the number of nodes increases the aggregate capacity of the network increases. This assumes each node step down its power to the minimum necessary to communicate at a high data rate, creating picocells, and allowing greater frequency reuse than a point to multipoint network. The access point will have a finite throughput, but just add backhauls to other nodes, and the network will self-balance as route propogate.
Hopefully routing protocols will prevent any one node from carrying all the packets. Our routing takes this into account, by noting which nodes are congested and routing around them, as well as considering battery life. Also, Quality of Service is implemented to make sure important packets get through first. We model this extensively before implementing it, as well as to continue to tweak things.
Yea, it is quite similar to both "p2p" and distributed/grid computing, and that makes sense. You are pushing the intelligence back out onto the edges of the mesh. I believe all 3 will have a great change on the way we compute.
These are all issues that a network of this design faces, but they are not insurmountable. As you said, the cells get smaller so you have to make multiple hops, but by doing so you can communicate at a higher data rate and maintain that rate across multiple hops. My company has a product that "meshes" 802.11, and in testing we've seen this lead to much higher aggregate throughput when compared to vanilla 802.11, some 2 to 3 times higher.
As for your other concerns, why would you need to know of all the nodes in the network? All your node should be concerned about are your "neighbors" in the immediate area, and if necessary, how to get back to a wired access point. Traditional routing protocols like RIP and OSPF don't perform well in this kind of network, and as the network grows the overhead would quickly take up all the available bandwidth. Because of this we've been moving towards on-demand protocols, and based on modeling we've done these protocols should scale well.
The other thing, and this is more my opinion than fact perhaps, is that when ad hoc peer to peer networks gain widespread use, I believe they will fundamentally change how we use networks completely. Yes, if you just went to an ad hoc network and connected it to the internet, based on the apps everyone uses today, everyone would be swamping the access points and bandwidth to the wired world would drop. But once peer to peer wireless is ubiquitous, users will have more incentive to use more peer to peer oriented applications. If 20 people on the same wireless network want to view Slashdot.org why should they have to download all the graphics 20 times? Peer to peer wireless will give rise to new implementations of applications we use today.
The biggest problem I can see is, as usual, security. IPSEC can secure the payload, but in a wireless ad hoc network it would be trivial for an attacker to inject a false routing advertisement and bring the network to its knees. Routing updates and other overhead needs to be secured for these networks to work.
Well, racism is just one of those forces. My roommate got arrested in downtown here, simply for walking through the wrong part of downtown on the way to his car. He spent a night in jail, had to pay a lawyer $3K so he didnt get charged with anything serious, and pay a fine of a few hundred bucks. All this because a group of cops were bored one night.
It does happen, despite your experiences. It is in the news all the time, though apparently people dismiss it in a similar manner to you.
The link I provided earlier, which you first responded to, drives this point home. An unarmed man was shot, for no reason whatsoever, and died. The cops say he was the antagonist, but the eyewitnesses said that was bullshit. It can, and does, happen.
We're talking about people getting arrested for no reason. And that if you are black, it seems to happen a lot more often.
I come from a middle class area, and went to school in an area that was much wealthier, and so I now a few black guys from suburbia, as it were. I've also known a few black guys from the dirt poor part of town.
I still dont see how living in a racist town, with a lot of minorities, and a high crime rate, relates to people getting arrested for no reason. Not trying to be argumentative here, just curious =).
We're talking about how "the man" treats not minorities
Hint: police == The Man®
If you'll notice, the cop that shot that guy was hispanic
If you'll notice, the man was UNARMED, and was SHOT, because he had a disagreement with some cocksuckers who tried to get him to sell them some dope. I don't see why it matters that the cop was hispanic. Oh yea, because if he was white, it would be a "hate crime"?
I know people get treated unfairly. But people aren't routinely arrested for no reason.
Then you don't know a black man who isn't from suburbia. I don't see how a high crime rate where you live, which happens to be home to a lot of minorities, causes you to draw that conclusion.
There is no difference between drinking beer or smoking pot
I'd beg to differ, and so would a few Brits. That is right, being TIRED has more adverse effects on driving.
I only bring it up because of all of the anti-marijuana ads in the papers these days. How come the Christian wrong can refuse to allow their tax dollars to aid countries that MIGHT educate people on family planning, yet it doesnt matter that I am strongly opposed to a racist war on my fellow citizens that is funded with my tax dollars?
The argument that there are huge amounts of money at stake in these industries will not sway me
Then you are ignoring the facts. Tobacco is big business, has lots of lawyers, lots of lobbyists, and diversify themselves to the point that they can weather a few years of anti-tobacco sentiment and come out unscathed.
Likewise, law enforcement/imprisonment is big business. Tell me, if there is good money in imprisoning non-violent offenders of drug-related crimes, what incentive does the prison system have to reform anyone?
nor should it be allowed to drive our national policy.
Well no kidding, but it does. These companies have money, and money talks in Washington. There are a lot of things that shouldn't be allowed in politics, but that doesn't stop them from happening.
Why are these drugs treated so fundamentally differently than say, heroin, marijuana, and cocaine?
Because, there is perfectly good money to be made. Gotta love capitalism!
Right...
The racial "thing" is completely justified. Look at mandatory minimum sentences for crack cocaine versus regular cocaine. It is a vicious cycle, and there is no one thing to blame, but blatently racist drug laws perpetuate this cycle.
Yet another perfect application for mesh networking! (And another oppotunity for a shameless plug, but I digress...)
One of the products my company makes is a software mesh for 802.11. We have ported this software to PocketPC, so a device like a Compag^H^H^H^H^H^HHP iPaq with a wireless card can mesh with other devices around it. As nodes go down or enter the network the devices seamlessly configure themselves and route traffic around breaks or congested areas. If the access point you were using went down, you could hop through a neighborss handheld and his neighbor's, so on, until you found an AP.
Of course, you could also do this with free software. Familiar + iPaq + AODV would be a viable open source alternative. Once you have the connectivity you could use just about any app. Gnomemeeting or OpenH323 would enable VoIP. Email apps are there too.
I got my RHCE last October. Took the RH300 course to bone up on the basics and the last day was the exam. And man, I was glad I took the course! The writeup here on /. about the RH300 course was right on the money.
The exam is 3 parts: lab, written test, lab. The first lab involves doing an install of Red Hat that conforms to a set of specs you are given. After that your instructor comes over and breaks your system, then you get to fix it. I saw a lot of my classmates struggling well after I got done with that portion of the test. Granted, I have about 3 years of professional experience admining Red Hat so I considered myself well prepared, but some of these problems were a bitch to fix. The multiple choice test covered a broad range of questions. There was some debate over the correct answer to a couple of questions, due mostly to the fact that this was the first time they were giving a Red Hat 8.0 course, but I'm sure they have worked out those kinks. The final lab involved securing your machine, only allowing access for specific services to specific machines. All in all a very thorough test.
I must admit though, I don't know how much I like the idea of a bunch of high school graduates with no security experience, or even real world experience, coming out of school RHCEs and bringing down median wages even lower. Not that I make median for what I do, but I digress.
I've been doing MIS stuff for 4 years or so now, Red Hat for 3 years pro, much longer as a hobby, and all that has taught me is that I have a LOT to learn. =)
I have a few APs here at work, a pro grade 3Com and a couple Cisco AP350s. All of them work great, great range, good data rates, the Cisco especially. I bought a 3Com "Home Wireless Gateway" about a year ago on sale for my home, and was very disappointed. I could barely get into the next room before my signal started going in and out.
Tore the AP apart to look at the antenna. It doesn't even have a diversity antenna, and the antenna as it were is a PCB that is horizontal. The connector was something proprietary.
I found an antenna with a similar connector and a length of coax from another AP at work. This is a proper antenna with a knuckle, no gain really. Just installing that on my access point gets me 5.5-11Mbps across the house. Works like a charm now.
The point? Antennas in home equipment like that Linksys gear is crap. A decent one will do wonders.
Maybe he was on an OC12, and downloaded 20 songs in 5 seconds. Using RIAA math here, it is obvious that this guy downloaded the equivalent of 600 songs downloaded with a 56K modem.
I hope you are joking and not just being an asshole =)
My main machine is my work laptop, and it has to run Windows, not because of corporate policy (hell, I'M the admin, Linux and Win2K =D) but because I need to run Windows software - reliably - and because I don't need my choice of OS getting in the way.
The Real® reason it burns me up, as I said in another post, is that some of my friends arent the type to go hacking about in the registry, and crap like StartCenter or whatever they call it just slows their machines down. Bah!
Yea, I dug around for a bit and found the setting myself, but the fact that they remove the option from preferences really burns me up.
And that is the problem. When my friend wants to know why her computer is running so slow, and I see 20 items in the systray...
This has always bugged me about Real Player. Their newest player installs a lame little executable, that isn't easy to get rid of, that starts up their little message center in the system tray. It was bad enough with their old version which loaded RealPlayer every time you booted, but at least you could turn it off.
These days, if it is encoded in Real it isn't worth my time to watch. I make sure everyone I know is aware of this too.