I'm reminded of a day at the beach a few years ago where I watched a father and his son build a sand castle. When the finished, the father said to his son, "Do you know what the the best part of this is, David? It's WRECKING the castle!" and then the boy proceded to kick and batter the towers while his father laughed encouragingly.
What the hell's wrong with that? If that were my son and I, I would do the same. My son, depending on his mood, would either protest furoiusly or he would dust the castle in a split second.
Why let someone else destroy your hard work? Why let the tide take it out? Go down in a blaze of glory if you want to get rid of it! It's nice to create but if you want to build something else you usually have to destroy something in the process. There's a zillion reasons for destruction, the least of which is "just because I want to."
Now, if that were someone else's sand castle and he went to tear it down, I'd tear a strip off of him, whether they were around or not. It's called respecting other's work and realizing that you can do what you like with yours. If he didn't want to kick it down, I wouldn't encourage him to. However, if after spending all that time and effort he did want to destroy his sand castle, that's his perogative. When he wants to tell someone else what he built and they want to see it and he can't show them, he'll learn a little something. Yes destruction is fun, but it also ruins your ability to share it/show off/etc.
Script kiddies actually enjoy destroying other people's work.
Yes, but what does destroying other's work have to do with destroying your own?
Reboot? You're joking, aren't you? I left Windows to escape the "Move the mouse, reboot the computer" syndrome.
I've used Slack since '96. No it's not the prettiest, it doesn't autodetect shit and it doesn't have pretty packages. But it is a nice flexible and (can be) lean distro. And you can't beat the packages: tgz.:-)
The simplest solution would be to drop ALL packets on the local network interface for which the source is NOT in the subnet defined for it. In addition, you would also want/need to drop ALL packets on the WAN interface for which the destination is NOT in the subnet defined for the local network.
I would like my 2610/AS5200 to tell me the originating MAC addy/async interface of that packet. Any ideas?
My last bit of a rant here has to do with HTML editors. Why don't we have any decent ones for Linux yet. No, EMACS ain't what I'm talking about either. Most notably over on NT in my mind is Dreamweaver, which aside from being an outstanding GUI for HTML it's also one hell of a site manager. As someone who not only codes the back end of web sites, but also has to do layout and design not having a tool like Dreamweaver around is a serious handicap.
Agreed. 100%. I would love to have DreamWeaver for Linux. Love it to death. It doesn't fux with my code, it understands and can clean up Word (gak!) HTML, it doesn't touch PHP, does all the layers and best of all, it spits out clean HTML. How do we get Macromedia to release this beauty under Linux? I haven't tried it under WINE yet, perhaps I'll give it a shot this afternoon.
There are only a handful of apps I use under Win95/98/NT:
ICQ: kicq (even though I love afterstep and gnome) is still the smallest and best little ICQ client for Linux. Too bad it hasn't been updated in so long.
IE: Netscape/Mozilla/Opera... yuck. I used to use NS until I got sick of it crashing on Javascript all the time and just plain old not being nice to me. (one POP account but unlimited IMAP? Put your political agenda aside, NS!) NS doesn't render bad HTML nicely, handles only a fraction of a subset of CSS, I just grew sick of trying to work around it because I didn't like IE's integration.
CodeWright: Beautiful code editor. I normally hate IDEs but CW is actually really really nice. I haven't used it long enough to really get into it but I'd like to see this on Linux as well.
VNC: already got it for Linux.
SecureCRT: Got native SSH.
Acrobat Reader: Got it. Not as nice for X but good enough for me.
OrCAD: Oregano is very nice but not even close to being finished for schematic entry. (an aside: I love gnome's overall layout, it's very clean and easy on the eyes compared to KDE/Win32) I've tried Eagle for capture and layout and while functional it's clunky compared to Oregano. OrCAD SDT/386 was the best OrCAD version out. The Win32 version blows due to total lack of keyboard shortcuts.
Paint Shop Pro: Got GIMP. Love it. Hell got it for Win32 too.:-)
MPLAB and/or Rice17: These are IDEs for the ICEs for Microchip's PIC family of processors. Advanced Transdata won't give me specs on their protocol but it would be easy enough to reverse engineer. Same with MPLAB ICE2000. They both work over the parallel port.
Office. KOffice, StarOffice, Abiword... until they get it at least as good as Microsoft's office they haven't got a prayer. It's been so long since I've used WordPerfect I'll have to give it a shot under Linux. WP5.1 used to be a godsend.
MPLAB/Rice17 are probably the reason I don't give up Win32 totally. I can work around the rest, but my work depends on being able to use the ICE software.
I agree with you totally on the anti-aliased fonts: Something must be done. If it breaks X compatibility, it's gotta happen. I think it could probably be done without breaking X though. Perhaps an alternate font server which, if given 1-bit fonts, fakes an anti-alias, but if presented with truetype-style fonts performes proper antialiasing. Maybe even with subpixel antialising for my laptop.:-)
Is there a wharf app which gives me 9 places where KDE/Gnome "systray" icons get captured? I can't stand the bar along the bottom but a single 64x64 square with 9 possible systray icons (KICQ, etc.) can go would be the cat's meow. I've searched at different times but haven't found anything useful. Tons of launchers but nothing which can replace a systray. WindowMaker has panel/KDM simulation so the apps think they have a systray, I just need to find/make an app that uses it for a wharf icon.:-) Too bad I can't code apps to save my skin. Embedded, sure, but apps? ugh.
Oh yeah, and something needs to be done or a howto written about Motif-style file selection boxes. If I use NS or Moz and want to save a file, I have to remember the filename because if I change directories, it forgets the filename. How stupid is that? And the fact that I can't highlight something (select), move to where I want to replace text (by highlighting the text to remove) and the pasting... is there a way around this without having to select what I want gone, erasing it, then slecting what I want, going to where I want it and pasting?
X is wonderful because it's network transparent and when tunnelled through SSH, secure and pretty snappy. But as you'd mentioned there are a few shortcomings (which are really simplistic compared to some of the things people want) which make it totally unusable.
Compared to my V. I had the Palm Pro originally, looked at the III but the case was still too thick and bulky, and it was still plastic and creaked if I pressed on it. The V is thinner, smaller and "solid"
I agree that when compared to a Newton or most of the CE devices, the Palms are about as un-pigly as they come. But I was comparing amongst versions of the Palm.
Actually, the 2600 used a 6502-related microcontroller, the 6510 I believe. Contemplate, for a moment, a chip even less capable than the 6502! (The 6502 can address 64KB, and I believe the 6510 can only address 4KB.)
Pardon? The 6502 was also in the VIC-20, but they used the 6510 in the C-64. There was something funny about the 6510 when compared to the earlier 6502, but addressing wasn't it. The 6510 could address 64k just as easily as the 6502.
Palm V: Cute leather cover that turns the unit on when in your pocked due to bad design!
Get PalmV ButtonGuard v2. It turns off the button interrupts so even if you press it for a week the Palm won't drain the battery any harder. Much better improvement over the AlwaysOff hack.
Also about that leather case: I've had no trouble with it. It seems to displace the force against the screen very well. You could always get a PalmV RhinoSkin. I had one for my Palm Professional. Love it. Want one for the V.
Palm III: Flash upgradable Palm V: Nope Winner: Palm III
My PalmV seems to be flash upgradeable. Went from 3.0 to 3.3 (I think those were the version #s), and I have about 800K of apps in flash.
Palm V: Digs into the edge of my hand and has a habit of sliding out of my hand and plummeting to the floor.
You must have a very strange way of holding it, or you hold it too tight and have sweaty palms. I've never dropped my V because of the form factor. My Palm Pro, OTOH...
Palm V: Hot Sync contacts not compatible (won't even sync on an old Palm/Palm III cradle!!!!!)
Do you want backwards compatibility with everything? You can get a small device that connects your V serial port to any III-style accessory. Can't remember the name offhand but I believe someone has already replied with the link
For me, the V won. I needed something that was sturdy ((thin) aluminum beats plastic IMO), thin (the III is a pig) and wouldn't keep eating batteries. I get about 3 weeks out of my PalmV. I use it for appointments, phone #s, a programmable calculator (sorry can't find the link, it's by Gary Desrosiers), notes (and also BrainForest), DopeWars, diagnostic platform for the equipment I design, password storage, billing... It's a well used device.
BTW: All the apps mentioned which are replacements for standard PalmOS apps use the standard databases so I don't lose compatibility. Kudos to Iambic and Standalone Software for that feature, it was a big deciding factor when I chose their products.
So, what does that mean for the average user? Does this make the MSCHAPv2 authentication mechanism less secure than other password based protocols - let's say ssh?
Probably on the same as password-based protocols. As I said in a few earlier posts the PPTP configuration I've chosen is to force MSCHAPV2 and 128-bit encryption.
Hi, I'd like to move a server from NT4 to Linux. I'd like to stress that it is a server that is extremely vital to my company's business.
Actually the linux fileserver I'd installed performs much better and is far more reliable than the NT4 box we have here doing nothing but PDC. It used to run Exchange Server 5 (P2-233 I think) and crashed regularly. Meanwhile the poor linux box gets pounded for ever file and db access the office generates. Damn, I wish I had stayed with NT.
Just because it costs money doesn't mean it is better. The reverse of your little translation is just as true.
1) Kernel patches (yay). There seem to be problems getting these patches to work with some distros (read: Red Hat) that have slightly-customized kernels
Only if you're dealing with some bonehead distribution that customizes the kernel instead of using kernel modules and a userland (or at least non-invasive) process to do whatever the hell it is they think is so important they should modify the kernel in the first place.
2) Windows only supports some real lame encryption out-of-the-box. To get 128 bit, you have to go through some real hoops to get the software from Microsoft, only to find it doesn't work.
Got some proof? I downloaded an easily-found file from MS' site, installed it and while I have not verified that it is indeed spitting out 128-bit encryption (anyone know a good way to actually test the wire?) pptpd/pppd won't talk to the client if I force 128-bit encryption on the server side and use weak encryption on the client.
3) Firewall/IPMasq causes even more fun, depending on which side of the firemasq the PPTP server is on.
Come on. This is getting silly. In my case I put the pptpd server on the firewall. I figure a VPN is an integral part of a firewall. Then I set aside a block of IPs and set up your masquerade rules to match. The hardest part of my whole firewall was making sure that my input chain didn't kill packets I didn't want gone. The forward chain is only three lines long.
4) Browsing windows shares over a VPN link is akin to black magic and seldom works.
I haven't had too much trouble. You mention that you're on the PoPToP list. Check out the Samba lists as well and read up on Samba and WINS. The key is a WINS server which is accessible to everyone (internal and VPN).
The rabbit I'm gonna have to pull out of my hat involves setting up a VPN'd subnet (using FreeS/WAN, pptpd is useless here) and making a couple servers on the inside of each end appear in the subnet as well, without munging things up too badly and without having each server step too much into the VPN. I may just set up coda and Samba on the firewalls and "fake" that they're the servers in question. It'll make security tighter in the end, I think.
I've heard very bad things about pptp, which PoPTop implments.
I believe the FAQ is talking about the MSCHAPV1 protocol, which is indeed very poor. You can convince the server to drop encryption altogether. I have -mschap_v1 in my options.pptpd file.
I also believe that the FAQ speaks about the Microsoft PPTP server, although looking through it again doesn't specifically say. I am confident that the PoPToP pptpd does not allow the clients to "talk it down" as the MS server allowed. To quote the article:
Passwords are protected by hash functions so badly that most can be easily recovered. And the control channel is so sloppily designed that anyone can cause a Microsoft PPTP server to go belly up.
These problems are allievated by MSCHAPV2 and PoPToP, this much I do know for sure.:-)
I too scoured all kinds of messages on PPTP security and came to the conclusion that it was all in lieu of MSCHAPV1 and not MSCHAPV2. The latter does allow provisions to fall back to MSCHAPV1 but I do not allow this in my configuration, as I have stated above.
Moretonbay, the company who gave us so much work on uCLinux has PoPToP, a Linux PPTP server.
I have set it up personally and included the MPPE and stateless patches which give excellent performance and 128-bit encryption.
You mentioned that immature code need not apply. I can't say how mature this code is but I have not had any problem with the encryption nor the actual VPN going down or otherwise futzing up.
PoPToP uses pppd + openssl with a custom daemon to set up Windows VPN connections. You can force MSCHAPV2 (V1 has problems with security, what else is new?:-), enforce 128-bit encryption, use PAP or CHAP, whatever you please. Since it is pppd which is authenticating, you can use PAM or whatever authentication methods you can use with pppd. Another important feature is that you can configure pptpd to assin IPs or have pppd do it for you. Configuring for MPPE and stateless compression was a bit of a pain but in reality it involved scanning the already big mailing list and applying the correct version of the patches.
Overall I am very pleased with PoPToP, even if my typing slows to 10WPM when I have to type the name.:-)
There is nothing at all wrong with an Open Relay in fact if we had less spammers there would probably be many more available for legitimate use.
What, praytell, is a legitimate use for an open relay? If you have internet access you have a server or two you should be sending your mail through. MTA software like qmail have "relay-after-pop check" methods which allow roaming users to send email from anywhere after a valid POP3 mail check.
I've spent a few minutes trying to find a single reason to have an open relay. I can't think of one. Your turn.
though I always hate the 20 minute reboots to fsck 30GB of storage:-(
Try reiserfs. I run it on top of a 40G U2 hardware RAID-5, a 4G SCSI-1 hardware RAID-1 and a 30G linear software raid with no problems. fs integrity check takes < 3s.
... of browsers like Opera, a new version of which was released... yesterday. Download it now. You know it makes sense.
It'll make sense when they lose the god-awful MDI design. Or at least allow me to tear off windows. I hate Excel for this, I hate Word for this, I hate Access for this, I hate mIRC for this and I hate my ICE software for this.
Linux's networking features etc. make a great deal of sense to this.
As does PalmOS, QNX, EPOC, blah, blah, blah..
I'm waiting to see how big the RTKernel is and what its requirements are before I make a final judgement, but it has to be small and light or you're just wasting your time.
fun fact: marijuana is a stimulant, and a halucinogen - although most people think it's a "downer" - it increases your blood pressure and heart rate. Many people also hear things and see things on pot. you can read more that the lycaeum.
My first experience with marijuana wasn't very memorable... the most obvious effect it had on me was that it made my beer taste absolutely awful, so I quit drinking for the night and went to bed. It was raining outside and I could hear incredible melodies in the rain.
My third experience with marijuana was the memorable one. I didn't come down from that for a good 6 hours, and I wasn't myself for 24. The guy swears up and down that it was local stuff, nothing added, not high THC, nada. I trust him, but I wonder what the fuck it was that made it last so long.
Linux in cellphones and pagers and cars and industrial machinery? WHY?
Why bog down the processor with a full embedded operating system? I don't understand this. I design embedded systems for a living and I'd say a full 90% of the systems out there have absolutely no need for a full (or even stripped down) Linux (or anything else) kernel. Cellphones?! gimme a break!
I'm happy and all to see Linux move out into every corner of the market but isn't this a little like porting Linux to the Commodore 64? "Big Iron" in the sense of embedded systems may be perfect for Linux (cell tower stations, control systems for industrial machinery, etc.) but why would you want Linux running in the mouse you're using or the cellphone or pager you're wearing?
I can't get in to the English article and I can't read Japanese but unless they are talking about providing a RT scheduler and not a whole lot else this isn't making any sense. Hell if they only provide the scheduler and a few services it isn't even Linux IMO. "Based on" yes but not "is".
Essentially that gives us a list of which IPs are in communication with our own, and a list of who was on what IP at the time the communication occurred. We keep our RADIUS log for 6 months for billing purposes and dispute settlements over billing, and our tcplogs are kept for one month.
Replacing a disk drive isn't nearly as big a deal as upgrading a CPU (realistically, this almost always involves a motherboard swap and replacement of other components, as well). It is also quite likely to happen in the course of warranty repair of mass market PCs.
Doesn't matter, in my mind... A serial number is already available on a component of a PC and vendors aren't locking to it, why would they lock to a CPU serial number? Overclockers fry CPUs, people move from Celeron to P2 or P3s... Personally the fact that the components are serialized is meaningless to me. If I sell, upgrade or move to another computer I should be able to migrate my software. Why should my audio CD only play on my one deck?
Also, given Microsoft's recent penchant for "recovery" CD's that arelocked to at least a single computer model, being able to rely on a CPU serial number would give them the hammer to enforce an intellectual property "right" they already believe they have--to keep the user from transferring the license they legitimately purchased to another PC upon removal of the software from the old.
This kind of bonehead move would be defeated in court long before it became a problem, just as most shrinkwrap licensing is just usless words, so would their argument that it's for a particular PC. I'm sure of it.
the dominant vendor (i.e. Microsoft) would lock the software to a given CPU
I don't believe they would do such a thing. I am usually pretty cynical but I just don't see it happenning. Why hasn't Sun locked their software to a CPU? I believe the alpha processors have been serialized since day one.
You can already easily get the IDE/SCSI serial numbers and nobody is locking to it.
How do you allow people to overclock their own systems, but prevent 2 bit computer stores from overclocking systems and selling them as the faster system. I would not be happy to find out that that 800mhz system I just bought was an overclocked 500mhz system.
Processor serial numbers.
Oops did I say something wrong?
There is no reason not to have a unique number assigned to every CPU manufactured. If companies lock their software to a CPU serial number that's their own perogative but I certainly wouldn't be buying software from them. A unique ID which could be fed into a CGI script at AMD.COM and return what it was desgined to run at would be the best by far.
Slashdot Mirror
I'm reminded of a day at the beach a few years ago where I watched a father and his son build a sand castle. When the finished, the father said to his son, "Do you know what the the best part of this is, David? It's WRECKING the castle!" and then the boy proceded to kick and batter the towers while his father laughed encouragingly.
What the hell's wrong with that? If that were my son and I, I would do the same. My son, depending on his mood, would either protest furoiusly or he would dust the castle in a split second.
Why let someone else destroy your hard work? Why let the tide take it out? Go down in a blaze of glory if you want to get rid of it! It's nice to create but if you want to build something else you usually have to destroy something in the process. There's a zillion reasons for destruction, the least of which is "just because I want to."
Now, if that were someone else's sand castle and he went to tear it down, I'd tear a strip off of him, whether they were around or not. It's called respecting other's work and realizing that you can do what you like with yours. If he didn't want to kick it down, I wouldn't encourage him to. However, if after spending all that time and effort he did want to destroy his sand castle, that's his perogative. When he wants to tell someone else what he built and they want to see it and he can't show them, he'll learn a little something. Yes destruction is fun, but it also ruins your ability to share it/show off/etc.
Script kiddies actually enjoy destroying other people's work.
Yes, but what does destroying other's work have to do with destroying your own?
edit a couple of config files and reboot.
Reboot? You're joking, aren't you? I left Windows to escape the "Move the mouse, reboot the computer" syndrome.
I've used Slack since '96. No it's not the prettiest, it doesn't autodetect shit and it doesn't have pretty packages. But it is a nice flexible and (can be) lean distro. And you can't beat the packages: tgz. :-)
The simplest solution would be to drop ALL packets on the local network interface for which the source is NOT in the subnet defined for it. In addition, you would also want/need to drop ALL packets on the WAN interface for which the destination is NOT in the subnet defined for the local network.
I would like my 2610/AS5200 to tell me the originating MAC addy/async interface of that packet. Any ideas?
My last bit of a rant here has to do with HTML editors. Why don't we have any decent ones for Linux yet. No, EMACS ain't what I'm talking about either. Most notably over on NT in my mind is Dreamweaver, which aside from being an outstanding GUI for HTML it's also one hell of a site manager. As someone who not only codes the back end of web sites, but also has to do layout and design not having a tool like Dreamweaver around is a serious handicap.
Agreed. 100%. I would love to have DreamWeaver for Linux. Love it to death. It doesn't fux with my code, it understands and can clean up Word (gak!) HTML, it doesn't touch PHP, does all the layers and best of all, it spits out clean HTML. How do we get Macromedia to release this beauty under Linux? I haven't tried it under WINE yet, perhaps I'll give it a shot this afternoon.
There are only a handful of apps I use under Win95/98/NT:
MPLAB/Rice17 are probably the reason I don't give up Win32 totally. I can work around the rest, but my work depends on being able to use the ICE software.
I agree with you totally on the anti-aliased fonts: Something must be done. If it breaks X compatibility, it's gotta happen. I think it could probably be done without breaking X though. Perhaps an alternate font server which, if given 1-bit fonts, fakes an anti-alias, but if presented with truetype-style fonts performes proper antialiasing. Maybe even with subpixel antialising for my laptop. :-)
Is there a wharf app which gives me 9 places where KDE/Gnome "systray" icons get captured? I can't stand the bar along the bottom but a single 64x64 square with 9 possible systray icons (KICQ, etc.) can go would be the cat's meow. I've searched at different times but haven't found anything useful. Tons of launchers but nothing which can replace a systray. WindowMaker has panel/KDM simulation so the apps think they have a systray, I just need to find/make an app that uses it for a wharf icon. :-) Too bad I can't code apps to save my skin. Embedded, sure, but apps? ugh.
Oh yeah, and something needs to be done or a howto written about Motif-style file selection boxes. If I use NS or Moz and want to save a file, I have to remember the filename because if I change directories, it forgets the filename. How stupid is that? And the fact that I can't highlight something (select), move to where I want to replace text (by highlighting the text to remove) and the pasting... is there a way around this without having to select what I want gone, erasing it, then slecting what I want, going to where I want it and pasting?
X is wonderful because it's network transparent and when tunnelled through SSH, secure and pretty snappy. But as you'd mentioned there are a few shortcomings (which are really simplistic compared to some of the things people want) which make it totally unusable.
The III is a pig?
A pig?
Compared to what?
Compared to my V. I had the Palm Pro originally, looked at the III but the case was still too thick and bulky, and it was still plastic and creaked if I pressed on it. The V is thinner, smaller and "solid"
I agree that when compared to a Newton or most of the CE devices, the Palms are about as un-pigly as they come. But I was comparing amongst versions of the Palm.
Actually, the 2600 used a 6502-related microcontroller, the 6510 I believe. Contemplate, for a moment, a chip even less capable than the 6502! (The 6502 can address 64KB, and I believe the 6510 can only address 4KB.)
Pardon? The 6502 was also in the VIC-20, but they used the 6510 in the C-64. There was something funny about the 6510 when compared to the earlier 6502, but addressing wasn't it. The 6510 could address 64k just as easily as the 6502.
I don't know where you're getting your data.
Palm V: Cute leather cover that turns the unit on when in your pocked due to bad design!
Get PalmV ButtonGuard v2. It turns off the button interrupts so even if you press it for a week the Palm won't drain the battery any harder. Much better improvement over the AlwaysOff hack.
Also about that leather case: I've had no trouble with it. It seems to displace the force against the screen very well. You could always get a PalmV RhinoSkin. I had one for my Palm Professional. Love it. Want one for the V.
Palm III: Flash upgradable
Palm V: Nope
Winner: Palm III
My PalmV seems to be flash upgradeable. Went from 3.0 to 3.3 (I think those were the version #s), and I have about 800K of apps in flash.
Palm V: Digs into the edge of my hand and has a habit of sliding out of my hand and plummeting to the floor.
You must have a very strange way of holding it, or you hold it too tight and have sweaty palms. I've never dropped my V because of the form factor. My Palm Pro, OTOH...
Palm V: Hot Sync contacts not compatible (won't even sync on an old Palm/Palm III cradle!!!!!)
Do you want backwards compatibility with everything? You can get a small device that connects your V serial port to any III-style accessory. Can't remember the name offhand but I believe someone has already replied with the link
For me, the V won. I needed something that was sturdy ((thin) aluminum beats plastic IMO), thin (the III is a pig) and wouldn't keep eating batteries. I get about 3 weeks out of my PalmV. I use it for appointments, phone #s, a programmable calculator (sorry can't find the link, it's by Gary Desrosiers), notes (and also BrainForest), DopeWars, diagnostic platform for the equipment I design, password storage, billing... It's a well used device.
BTW: All the apps mentioned which are replacements for standard PalmOS apps use the standard databases so I don't lose compatibility. Kudos to Iambic and Standalone Software for that feature, it was a big deciding factor when I chose their products.
So, what does that mean for the average user? Does this make the MSCHAPv2 authentication mechanism less secure than other password based protocols - let's say ssh?
Probably on the same as password-based protocols. As I said in a few earlier posts the PPTP configuration I've chosen is to force MSCHAPV2 and 128-bit encryption.
Hi, I'd like to move a server from NT4 to Linux. I'd like to stress that it is a server that is extremely vital to my company's business.
Actually the linux fileserver I'd installed performs much better and is far more reliable than the NT4 box we have here doing nothing but PDC. It used to run Exchange Server 5 (P2-233 I think) and crashed regularly. Meanwhile the poor linux box gets pounded for ever file and db access the office generates. Damn, I wish I had stayed with NT.
Just because it costs money doesn't mean it is better. The reverse of your little translation is just as true.
BTW, Google had 60,000 hits for "linux vpn".
Yeah, but "linux vpn pptp" had only 5000 :-)
1) Kernel patches (yay). There seem to be problems getting these patches to work with some distros (read: Red Hat) that have slightly-customized kernels
Only if you're dealing with some bonehead distribution that customizes the kernel instead of using kernel modules and a userland (or at least non-invasive) process to do whatever the hell it is they think is so important they should modify the kernel in the first place.
2) Windows only supports some real lame encryption out-of-the-box. To get 128 bit, you have to go through some real hoops to get the software from Microsoft, only to find it doesn't work.
Got some proof? I downloaded an easily-found file from MS' site, installed it and while I have not verified that it is indeed spitting out 128-bit encryption (anyone know a good way to actually test the wire?) pptpd/pppd won't talk to the client if I force 128-bit encryption on the server side and use weak encryption on the client.
3) Firewall/IPMasq causes even more fun, depending on which side of the firemasq the PPTP server is on.
Come on. This is getting silly. In my case I put the pptpd server on the firewall. I figure a VPN is an integral part of a firewall. Then I set aside a block of IPs and set up your masquerade rules to match. The hardest part of my whole firewall was making sure that my input chain didn't kill packets I didn't want gone. The forward chain is only three lines long.
4) Browsing windows shares over a VPN link is akin to black magic and seldom works.
I haven't had too much trouble. You mention that you're on the PoPToP list. Check out the Samba lists as well and read up on Samba and WINS. The key is a WINS server which is accessible to everyone (internal and VPN).
The rabbit I'm gonna have to pull out of my hat involves setting up a VPN'd subnet (using FreeS/WAN, pptpd is useless here) and making a couple servers on the inside of each end appear in the subnet as well, without munging things up too badly and without having each server step too much into the VPN. I may just set up coda and Samba on the firewalls and "fake" that they're the servers in question. It'll make security tighter in the end, I think.
I've heard very bad things about pptp, which PoPTop implments.
I believe the FAQ is talking about the MSCHAPV1 protocol, which is indeed very poor. You can convince the server to drop encryption altogether. I have -mschap_v1 in my options.pptpd file.
I also believe that the FAQ speaks about the Microsoft PPTP server, although looking through it again doesn't specifically say. I am confident that the PoPToP pptpd does not allow the clients to "talk it down" as the MS server allowed. To quote the article:
Passwords are protected by hash functions so badly that most can be easily recovered. And the control channel is so sloppily designed that anyone can cause a Microsoft PPTP server to go belly up.
These problems are allievated by MSCHAPV2 and PoPToP, this much I do know for sure. :-)
I too scoured all kinds of messages on PPTP security and came to the conclusion that it was all in lieu of MSCHAPV1 and not MSCHAPV2. The latter does allow provisions to fall back to MSCHAPV1 but I do not allow this in my configuration, as I have stated above.
Moretonbay, the company who gave us so much work on uCLinux has PoPToP, a Linux PPTP server.
I have set it up personally and included the MPPE and stateless patches which give excellent performance and 128-bit encryption.
You mentioned that immature code need not apply. I can't say how mature this code is but I have not had any problem with the encryption nor the actual VPN going down or otherwise futzing up.
PoPToP uses pppd + openssl with a custom daemon to set up Windows VPN connections. You can force MSCHAPV2 (V1 has problems with security, what else is new? :-), enforce 128-bit encryption, use PAP or CHAP, whatever you please. Since it is pppd which is authenticating, you can use PAM or whatever authentication methods you can use with pppd. Another important feature is that you can configure pptpd to assin IPs or have pppd do it for you. Configuring for MPPE and stateless compression was a bit of a pain but in reality it involved scanning the already big mailing list and applying the correct version of the patches.
Overall I am very pleased with PoPToP, even if my typing slows to 10WPM when I have to type the name. :-)
There is nothing at all wrong with an Open Relay in fact if we had less spammers there would probably be many more available for legitimate use.
What, praytell, is a legitimate use for an open relay? If you have internet access you have a server or two you should be sending your mail through. MTA software like qmail have "relay-after-pop check" methods which allow roaming users to send email from anywhere after a valid POP3 mail check.
I've spent a few minutes trying to find a single reason to have an open relay. I can't think of one. Your turn.
Is there an easy way to convert ext2 to Reizer FS? I think I might have to finally get a tape drive.....
Not that I know of.
I did the backup thing and format.
Warning: Resierfs is incompatible with software RAID 5.
You're entirely correct. I don't see it as a major problem though because if you're doing software RAID you're not interested in performance. :-)
I should have probably made that warning as well when I suggested it. Thanks for bringing it up.
though I always hate the 20 minute reboots to fsck 30GB of storage :-(
Try reiserfs. I run it on top of a 40G U2 hardware RAID-5, a 4G SCSI-1 hardware RAID-1 and a 30G linear software raid with no problems. fs integrity check takes < 3s.
It'll make sense when they lose the god-awful MDI design. Or at least allow me to tear off windows. I hate Excel for this, I hate Word for this, I hate Access for this, I hate mIRC for this and I hate my ICE software for this.
Lose MDI. You know it makes sense.
Linux's networking features etc. make a great deal of sense to this.
As does PalmOS, QNX, EPOC, blah, blah, blah..
I'm waiting to see how big the RTKernel is and what its requirements are before I make a final judgement, but it has to be small and light or you're just wasting your time.
fun fact: marijuana is a stimulant, and a halucinogen - although most people think it's a "downer" - it increases your blood pressure and heart rate. Many people also hear things and see things on pot. you can read more that the lycaeum.
My first experience with marijuana wasn't very memorable... the most obvious effect it had on me was that it made my beer taste absolutely awful, so I quit drinking for the night and went to bed. It was raining outside and I could hear incredible melodies in the rain.
My third experience with marijuana was the memorable one. I didn't come down from that for a good 6 hours, and I wasn't myself for 24. The guy swears up and down that it was local stuff, nothing added, not high THC, nada. I trust him, but I wonder what the fuck it was that made it last so long.
Linux in cellphones and pagers and cars and industrial machinery? WHY?
Why bog down the processor with a full embedded operating system? I don't understand this. I design embedded systems for a living and I'd say a full 90% of the systems out there have absolutely no need for a full (or even stripped down) Linux (or anything else) kernel. Cellphones?! gimme a break!
I'm happy and all to see Linux move out into every corner of the market but isn't this a little like porting Linux to the Commodore 64? "Big Iron" in the sense of embedded systems may be perfect for Linux (cell tower stations, control systems for industrial machinery, etc.) but why would you want Linux running in the mouse you're using or the cellphone or pager you're wearing?
I can't get in to the English article and I can't read Japanese but unless they are talking about providing a RT scheduler and not a whole lot else this isn't making any sense. Hell if they only provide the scheduler and a few services it isn't even Linux IMO. "Based on" yes but not "is".
... consists of tcplog and our RADIUS log.
Essentially that gives us a list of which IPs are in communication with our own, and a list of who was on what IP at the time the communication occurred. We keep our RADIUS log for 6 months for billing purposes and dispute settlements over billing, and our tcplogs are kept for one month.
Replacing a disk drive isn't nearly as big a deal as upgrading a CPU (realistically, this almost always involves a motherboard swap and replacement of other components, as well). It is also quite likely to happen in the course of warranty repair of mass market PCs.
Doesn't matter, in my mind... A serial number is already available on a component of a PC and vendors aren't locking to it, why would they lock to a CPU serial number? Overclockers fry CPUs, people move from Celeron to P2 or P3s... Personally the fact that the components are serialized is meaningless to me. If I sell, upgrade or move to another computer I should be able to migrate my software. Why should my audio CD only play on my one deck?
Also, given Microsoft's recent penchant for "recovery" CD's that arelocked to at least a single computer model, being able to rely on a CPU serial number would give them the hammer to enforce an intellectual property "right" they already believe they have--to keep the user from transferring the license they legitimately purchased to another PC upon removal of the software from the old.
This kind of bonehead move would be defeated in court long before it became a problem, just as most shrinkwrap licensing is just usless words, so would their argument that it's for a particular PC. I'm sure of it.
the dominant vendor (i.e. Microsoft) would lock the software to a given CPU
I don't believe they would do such a thing. I am usually pretty cynical but I just don't see it happenning. Why hasn't Sun locked their software to a CPU? I believe the alpha processors have been serialized since day one.
You can already easily get the IDE/SCSI serial numbers and nobody is locking to it.
How do you allow people to overclock their own systems, but prevent 2 bit computer stores from overclocking systems and selling them as the faster system. I would not be happy to find out that that 800mhz system I just bought was an overclocked 500mhz system.
Processor serial numbers.
Oops did I say something wrong?
There is no reason not to have a unique number assigned to every CPU manufactured. If companies lock their software to a CPU serial number that's their own perogative but I certainly wouldn't be buying software from them. A unique ID which could be fed into a CGI script at AMD.COM and return what it was desgined to run at would be the best by far.