Well, why not join the KDE and help the marketing effort then? See, that's the thing with open source projects, if there is something you don't like you can help to change it.
There are of course serveral ways that this could be implimented by @home, priority queueing - correct spelling:), policy based routing, route maps, MPLS....
I wonder if they are using anything based on the type of service field in the IP header, this is very possible and combined with route maps its easy to impliment per (extra paying) customer. So, @Home customers, why not set your own TOS bits and see if it makes any difference?
Under WINNT (and I guess most MS OSes?) Edit the registry to add:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Serv ices\Tcpip\Parameters. Use the "Edit->New->DWORD Value" menu selection and type in "defaultTOS" without the "s." Double-click on the new defaultTOS value and enter 20 (make sure the units are set to HEX). Exit the registry and reboot the system. A value of 20 sets the TOS to "priority."
With a Cisco.... add to your outbound interface: ip route-cache policy (of course depends on IOS / if CEF is used etc) ip policy route-map settos
Global conf: access-list 1 permit ip any any
Make the route map: route-map settos permit 10 match ip-address 1 set ip precedence 1
The above might be a bit wrong but you get the idea. 1 is the second lowest precedence, with 7 being the highest, 0 the lowest. Both of these will of course only work for traffic in the out bound direction.
OK, is this possible under Linux I guess so, but how?
Should be appiled to every real interface on the router.
Just to qualify this better in case any CCNAs feel like correcting me:
This will not filter any traffic intended for a downstream host i.e. block traffic to the victim of a smurf attack. It will cause no slow down in routing as it blocks only traffic where the amplifier subnet is locally connected, i.e. it'll only help if the initial directed broadcast packet's target subnet address is connect to the interface with this command applied.
Not really any use on point to point links but a must for any interface that has a largish subnet attached to it that contains public Internet addresses. For example: CMTS subnets from cable ISPs, virtual dialer interfaces from dial in ISP etc...
In IOS 12.0 the command is added automatically to the configuration for you but as a lot of ISPs are running older IOS revisions, this is worth mentioning.
Smurf attacks *should* be a thing of the past for the majority of the internet as these directed broadcasts *should* be filtered on all Internet routers.
As smurf attacks of course cost bandwidth of the amplifying subnet as well. So, if any router admins read this, please filter this traffic.
On a Cisco, the command:
no ip directed-broadcast
Should be appiled to every real interface on the router.
I'm sure the admin / his or hers manager would take action if this server found it's way on to the ORBS database, taken from their web sire (www.orbs.org)
"ORBS, or the Open Relay Behaviour-modification System, is a database for tracking SMTP servers that have been confirmed to permit third-party relay. These servers permit spammers to connect to them from anywhere in the world, usually from a modem connection, and then forward the spam to its intended victims. It also tracks networks that prevent ORBS from verifying whether or not their SMTP servers continue to permit third-party relay - it is fairly common for inept administrators to try blocking the ORBS testers rather than to actually fix their security problems."
If the problem doesn't get sorted once ORBS has contacted the admin, it'll find it's way on to MAPS RBL list.
http://www.mail-abuse.org/rbl/
I really feel that all abuse@ supervisor should be aware of these two services.
Arrghh this got moderated up?? Oh come one, these are just the source address, routing is based on destination address. Simply: when the post service delivers a letter, they are only interested in who its too unless it can't be delivered.
These RFC 1918 addresses:
10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
are filtered by all ISPs execpt the ones with no good networking people, it standard practice.
It is of course NOT up to router manufactures to block these addresses, it kind of worries me that you think every router made is going to be on the net. Even so, many ISPs use these addresses internally for such things as cable modems so they can be managed.
I'd say that my.mp3.com was doing the exact same thing for people wishing to record their own CDs.
Also as the net is global, recordtv will without any doubt be encroaching on country specific distribution rights. For example here in Holland friends is very popular, as one series ends, the next series is released on VHS before it's shown on TV. You guys in the US are naturally ahead of us with this series so it would be possible to see the program here when only the VHS tapes are availible thus, lost VHS sales. In theory anyway, I guess recordtv is not great quality?
And maybe Apple are correct, Linux is a threat? Just look at the discussions here: Although the competition if from a Mac site and even one of the prizes is a MAC, more people here are getting excited regarding a linux version of the finished code than a Mac version. Maybe this is just because more/.'s run Linux however?
I can testify that the Divx codec is very good quality, of course its not DVD quality as compressing and already compressed format down 10 times is never going to retain 100% quality. If you watch a DVD and then a Divx, then yeah, anybody can see the difference.
Where Divx really shines is if you put it against the current situation of movie piracy: Video CDs are normally 2 disks of Mpeg 1 per movie so, twice the size and lower quality. The.asf's that are floating around GNUtella are a little smaller than Divx files but FAR lower quality, most are just about watchable. Watch one of these and then a Divx and the difference is amazing.
I remember the good old days where as long as no Microsoft code used, this would be counted as just basic reverse engineering and covered by fair use. BUT along came the DMCA so that might screw things up a bit?? Maybe not; the way I see it the coders would have to take a Divx file and figure out what it does in the exactly the same way the Bleem! guys took PS games and made an emulator and thats still legal. What I really don't understand is this: How can some guys (one guy?) take an average MS codec and without access source and make it so sweet? What are MS doing?? Why, with there massive R&D resources couldn't they get the same results?
I feel that bad OS design has assisted the virus and also the fact that Windows scripting host is installed by default. OS design: because any OS that lets a regular user change files globally within a files system & startup files is, I feel, flawed. Of course Linux is open to such attacks as is any desktop OS maybe to a lesser extent but thats not my point and has been covered already I guess. What does worry me is that IT managers are again ignoring the issues of security with CYA comments like "It happened to everyone else as well" or "dumb users caused it". I really do feel that users should be able to trust the systems they use and not have to worry too much about what email they read / attachments that they open; CEOs have a company to run and should be able to get on and do this without worring about email issues. It does really bug me that MS bullshit corporate IT directors about the total cost of ownership of MS OS's being so low, this virus alone must have cost oranisations worldwide millions of dollars at a guess. If Linux was hit by a shell script attachment virus, a few newbies ran it and say only a few hundread mails were caused by it, I'm sure that the MS FUD machine would be working overtime with outlandish claims which, IT directors would of course believe. I'm not really anti-ms nor a member of the Linux world domination club but it does annoy me that despite hugh press coverage regarding this virus nothing much will change. Instead of IT staff blaming dumb users, they should be protecting them and surely the OS vendor should assist in this? All that I can see happening is virus scanners being updated and a few lame emails being sent to corporate mailing lists warning people about running attachments. This action didn't work after Mellisa and won't stop the next ILOVEYOU.
"I'm thinking of buying an Apple Airport for home, maybe I'll set mine up to let anyone with 802.11 use it. Anyone in and around my apartment building will have access...
:-) no they won't unless the sat outside your door. I'm running 3 elsa 802.11 cards (lucent orinoco's) and the range on out of the box 802.11 isn't very good at all. I can use my laptop to surf in bed and that's about it. I think you'd have to boost the signal as well as stick an antenna of your roof?
OK, I'm far from an expert on 802.11, it suits my purposes (no cables runing through the flat) but I feel the guys in London doing the community wireless network must have to do some hacking to get long distance out of 802.11?
If anyone is in the center of Amsterdam (Rembrants plein area) and has 802.11, feel free to try and reach my box, NAT is enabled, the network name is "dolphin", encryption is disabled. Chose an IP address in the 192.168.0.128/25 range (I'll keep the lower half for my machines). The mask is/24 and the gateway is 192.168.0.1.
I seriously doubt that you'll be able to reach it but its there if you want to try it and you never know?
What's wrong with/. these days? *Some* of these posts are a little disturbing, it a work in progress and a damm fine idea, please try and be supportive.
I read the info on freenet when it was first announced and thought "great idea, hope it works out". Now it seems there is code behind the idea, I'm going to do my tiny bit to help, I got a machine here with a load of freedisk space that's always online so I'm setting up a node. I've also got a box at work with a lot of free space and massive bandwidth (I work for a large ISP) so, that's getting a node installed too.
No content, no users? Its just a catch 22 situation but as the software is free, download it and run a node. Regardless of the other pieces of the pie that freenet *currently* doesn't have, running a node will help. Once there is a large enough network, the content, the extra developers and the users will come. As well as the warez traders & kiddie fiddlers no doubt but hey, there on the net already.
I highly recommend devfs also but please read the doco as you need to run a deamon for it to function correctly. Also not that not all drivers support it however, everything on my main machine and my laptop works flawlessly so, I have no idea what devices these might be.
"Correct Translation: The whole concept of "intellectual property" is damaging to humanity as a whole and should be done away with.",/i> I actually claped when I read that. I of course wondered what I was doing once I realised that I was clapping at a/. post but regardless, totally concur with your views here.
Slashdot Mirror
I want to connect my 3 PCs at home via wireless, two PIII workstations and one laptop, can you recommend a product?
As long as they don't try and give linux the AIX printing system :-)
Well, why not join the KDE and help the marketing effort then? See, that's the thing with open source projects, if there is something you don't like you can help to change it.
There are of course serveral ways that this could be implimented by @home, priority queueing - correct spelling :), policy based routing, route maps, MPLS....
v ices\Tcpip\Parameters.
I wonder if they are using anything based on the type of service field in the IP header, this is very possible and combined with route maps its easy to impliment per (extra paying) customer. So, @Home customers, why not set your own TOS bits and see if it makes any difference?
Under WINNT (and I guess most MS OSes?)
Edit the registry to add:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Ser
Use the "Edit->New->DWORD Value" menu selection and type in "defaultTOS" without the "s."
Double-click on the new defaultTOS value and enter 20 (make sure the units are set to HEX).
Exit the registry and reboot the system.
A value of 20 sets the TOS to "priority."
With a Cisco....
add to your outbound interface:
ip route-cache policy (of course depends on IOS / if CEF is used etc)
ip policy route-map settos
Global conf:
access-list 1 permit ip any any
Make the route map:
route-map settos permit 10
match ip-address 1
set ip precedence 1
The above might be a bit wrong but you get the idea. 1 is the second lowest precedence, with 7 being the highest, 0 the lowest. Both of these will of course only work for traffic in the out bound direction.
OK, is this possible under Linux I guess so, but how?
Should be appiled to every real interface on the router.
Just to qualify this better in case any CCNAs feel like correcting me:
This will not filter any traffic intended for a downstream host i.e. block traffic to the victim of a smurf attack. It will cause no slow down in routing as it blocks only traffic where the amplifier subnet is locally connected, i.e. it'll only help if the initial directed broadcast packet's target subnet address is connect to the interface with this command applied.
Not really any use on point to point links but a must for any interface that has a largish subnet attached to it that contains public Internet addresses. For example: CMTS subnets from cable ISPs, virtual dialer interfaces from dial in ISP etc...
In IOS 12.0 the command is added automatically to the configuration for you but as a lot of ISPs are running older IOS revisions, this is worth mentioning.
Smurf attacks *should* be a thing of the past for the majority of the internet as these directed broadcasts *should* be filtered on all Internet routers.
As smurf attacks of course cost bandwidth of the amplifying subnet as well. So, if any router admins read this, please filter this traffic.
On a Cisco, the command:
no ip directed-broadcast
Should be appiled to every real interface on the router.
Just wondering if it worth registering slashporn.net??
I'm sure the admin / his or hers manager would take action if this server found it's way on to the ORBS database, taken from their web sire (www.orbs.org)
"ORBS, or the Open Relay Behaviour-modification System, is a database for tracking SMTP servers that have been confirmed to permit third-party relay. These servers permit spammers to connect to them from anywhere in the world, usually from a modem connection, and then forward the spam to its intended victims. It also tracks networks that prevent ORBS from verifying whether or not their SMTP servers continue to permit third-party relay - it is fairly common for inept administrators to try blocking the ORBS testers rather than to actually fix their security problems."
If the problem doesn't get sorted once ORBS has contacted the admin, it'll find it's way on to MAPS RBL list.
http://www.mail-abuse.org/rbl/
I really feel that all abuse@ supervisor should be aware of these two services.
I used to work for an ISP only a short while ago. The marketing department of the ISP actually spams its own users, ironic really.
"What about spammers outside US jurisdiction?"
I rember reading a few weeks back that either Norway or Sweden has just passed a law that makes spamming legal.
Does anyone have any more details?
Hmmm, maybe, just maybe because it's in release 12.1 ??
/. or any real production site use IOS 12.1
As you work for Cisco would you *really* recommend that a site like
Arrghh this got moderated up?? Oh come one, these are just the source address, routing is based on destination address. Simply: when the post service delivers a letter, they are only interested in who its too unless it can't be delivered.
/8 /12 /16
These RFC 1918 addresses:
10.0.0.0
172.16.0.0
192.168.0.0
are filtered by all ISPs execpt the ones with no good networking people, it standard practice.
It is of course NOT up to router manufactures to block these addresses, it kind of worries me that you think every router made is going to be on the net. Even so, many ISPs use these addresses internally for such things as cable modems so they can be managed.
Yeap, you're correct.
I'd say that my.mp3.com was doing the exact same thing for people wishing to record their own CDs.
Also as the net is global, recordtv will without any doubt be encroaching on country specific distribution rights. For example here in Holland friends is very popular, as one series ends, the next series is released on VHS before it's shown on TV. You guys in the US are naturally ahead of us with this series so it would be possible to see the program here when only the VHS tapes are availible thus, lost VHS sales. In theory anyway, I guess recordtv is not great quality?
And maybe Apple are correct, Linux is a threat? Just look at the discussions here: Although the competition if from a Mac site and even one of the prizes is a MAC, more people here are getting excited regarding a linux version of the finished code than a Mac version. Maybe this is just because more /.'s run Linux however?
I can testify that the Divx codec is very good quality, of course its not DVD quality as compressing and already compressed format down 10 times is never going to retain 100% quality. If you watch a DVD and then a Divx, then yeah, anybody can see the difference.
.asf's that are floating around GNUtella are a little smaller than Divx files but FAR lower quality, most are just about watchable. Watch one of these and then a Divx and the difference is amazing.
Where Divx really shines is if you put it against the current situation of movie piracy: Video CDs are normally 2 disks of Mpeg 1 per movie so, twice the size and lower quality. The
I remember the good old days where as long as no Microsoft code used, this would be counted as just basic reverse engineering and covered by fair use. BUT along came the DMCA so that might screw things up a bit?? Maybe not; the way I see it the coders would have to take a Divx file and figure out what it does in the exactly the same way the Bleem! guys took PS games and made an emulator and thats still legal. What I really don't understand is this: How can some guys (one guy?) take an average MS codec and without access source and make it so sweet? What are MS doing?? Why, with there massive R&D resources couldn't they get the same results?
I feel that bad OS design has assisted the virus and also the fact that Windows scripting host is installed by default. OS design: because any OS that lets a regular user change files globally within a files system & startup files is, I feel, flawed. Of course Linux is open to such attacks as is any desktop OS maybe to a lesser extent but thats not my point and has been covered already I guess. What does worry me is that IT managers are again ignoring the issues of security with CYA comments like "It happened to everyone else as well" or "dumb users caused it". I really do feel that users should be able to trust the systems they use and not have to worry too much about what email they read / attachments that they open; CEOs have a company to run and should be able to get on and do this without worring about email issues. It does really bug me that MS bullshit corporate IT directors about the total cost of ownership of MS OS's being so low, this virus alone must have cost oranisations worldwide millions of dollars at a guess. If Linux was hit by a shell script attachment virus, a few newbies ran it and say only a few hundread mails were caused by it, I'm sure that the MS FUD machine would be working overtime with outlandish claims which, IT directors would of course believe. I'm not really anti-ms nor a member of the Linux world domination club but it does annoy me that despite hugh press coverage regarding this virus nothing much will change. Instead of IT staff blaming dumb users, they should be protecting them and surely the OS vendor should assist in this? All that I can see happening is virus scanners being updated and a few lame emails being sent to corporate mailing lists warning people about running attachments. This action didn't work after Mellisa and won't stop the next ILOVEYOU.
OK, I'm far from an expert on 802.11, it suits my purposes (no cables runing through the flat) but I feel the guys in London doing the community wireless network must have to do some hacking to get long distance out of 802.11?
If anyone is in the center of Amsterdam (Rembrants plein area) and has 802.11, feel free to try and reach my box, NAT is enabled, the network name is "dolphin", encryption is disabled. Chose an IP address in the 192.168.0.128/25 range (I'll keep the lower half for my machines). The mask is /24 and the gateway is 192.168.0.1.
I seriously doubt that you'll be able to reach it but its there if you want to try it and you never know?
What's wrong with /. these days? *Some* of these posts are a little disturbing, it a work in progress and a damm fine idea, please try and be supportive.
I read the info on freenet when it was first announced and thought "great idea, hope it works out". Now it seems there is code behind the idea, I'm going to do my tiny bit to help, I got a machine here with a load of freedisk space that's always online so I'm setting up a node. I've also got a box at work with a lot of free space and massive bandwidth (I work for a large ISP) so, that's getting a node installed too.
No content, no users? Its just a catch 22 situation but as the software is free, download it and run a node. Regardless of the other pieces of the pie that freenet *currently* doesn't have, running a node will help. Once there is a large enough network, the content, the extra developers and the users will come. As well as the warez traders & kiddie fiddlers no doubt but hey, there on the net already.
Do ya bit, run a node.
I highly recommend devfs also but please read the doco as you need to run a deamon for it to function correctly. Also not that not all drivers support it however, everything on my main machine and my laptop works flawlessly so, I have no idea what devices these might be.
"Correct Translation: The whole concept of "intellectual property" is damaging to humanity as a whole and should be done away with.",/i> I actually claped when I read that. I of course wondered what I was doing once I realised that I was clapping at a /. post but regardless, totally concur with your views here.