You can set one of the VPN gateways as the default gateway for the other net and OpenVPN runs on all sorts of hardware including WLAN routers and iOS devices.
I don't know much about why there are such restrictions, do they charge different amounts in different countries? Shouldn't it all be pretty much the same, money-wise? Is it an issue of censorship based on the particular country's politics?
It's all about the licenses. Most of the time a TV station with deep pockets buys the rights for a region for a given timeframe from the producers. And they wouldn't be too happy if you could binge watch a whole season on Netflix before they had time to show all the episodes on TV.
So unless Netflix outbids every TV station for the content rights all the time they will always have somebody crying for regional blocks.
Why didn't they test iPhones, too? Oh right. Because they encrypt their filesys by default and if you throw away the key before selling the buyer is locked out.
But it would be interesting to know if this really works for all the installed apps as well as for the system services.
They are not talking about prosecuting the real gamers if they violate laws or international treaties inside of a game.
They want game developers to include features in their games, that your game character has to face court martial if the gamer breaks laws or rules of engagement. So they want virtual consequenses for virtual crimes. Sounds fair enough for me.
Actually I have to thank Redhat for abandoning RHL. If they hadn't I never would have tried Debian. I am so impressed with the apt/dpkg package manager that I never want to get near an rpm based distro again. Even yum and yast can't bring an rpm distro up to par. And even Debian-testing is rock solid compared to FC1-3 which all look like betas.
I never will use Redhat again. Who knows which product they will discontinue next because it doesn't make enough profit.
Good luck Redhat, you will need it. Without a large userbase you will have no geeks left who persuade their bosses to use RHEL.
What again is the reason why ISPs don't block outgoing port 25 and only allow it to their mailserver ?
Then the only way out would be via the ISP's mailserver which could do spam and virus scanning (mailfilter.info or something similar).
The few geeks who run their own mailrelay on their home DSL could request the port to be opened (and pay all damages if they manage to screw things up), or simply use the ISP's mailserver as smarthost.
And to top it off you would have to SMTP AUTH with the ISP's mailrelay, so a spamzombie couldn't use the mailrelay at all (unless extracting the password from the mailclient)
You are right about the part, that firewalls belong on the border gateway. The truth however ist, that 99% of all privately owned windows boxes are connected to the internet directly. Be it via cable, dsl or analog modem. And thus they are not protected by a border gateway, nat or other "hardware" firewall.
And here is the catch: If you enable file and printer sharing on your home lan and you have a dsl or modem connection in your box, Windows XP SP2's firewall will open the required ports on ALL network interfaces, not only the internal LAN. And that is the bug the article ist talking about and I hardly would call that a feature.
Or why not just let a phone play a 10 second or so clip of an MP3? The decoder chips are cheap enough now.
The newest Nokia phones are able to use midi files or mp3 files as ringtones. You can load them via infrared, cable or bluetooth connection and thus don't have to pay a single cent for your new ringtones.
If your system is soooo precious that you can't apply a small patch, maybe you shouldn't let in run connected to the internet with all ports wide open without a firewal in front of it...
Too bad for you Austrialians. I really always liked you. But now that the US are going to invade you and liberate you from this government that denied them jurisdiction in your.. errr.. their country...;-)
(I really hope this is only a joke... *fingers cross*)
It's all about control. The just want to control who plays their games. They don't care if you have their client software. They even want you to get it somewhere else but not from their servers to save them bandwidth.
But on the other hand they want you to only be able to play on their servers with their serial number so they know who you are, when you play, what you do (remember Warcraft III needs local admin rights on windows, so it could theoretically read your whole harddisk and registry), and most importantly that you payed for your serial number.
And that's why they want to get rid of the free bnetd server. It lets you play without control and without a serial number.
The must be root to bind port 1024 is not as bad as it sounds. You can write a program that starts as root, binds the port and then drops the root privs and even does an chroot afterwards.
That way you are in some kind of sandbox or at least in some controlled evironment. I think apache does this in this or some similar fashion. At least it binds port 80 and runs as user nobody on my system.
ISPs will find technical solutions to this problem, because it is their backbone that gets beaten up by all this crazy stuff that's circling around.
There will come the time where outbound smtp or netbios or sql-server or whatever will be blocked for residential ip pools, so that Joe Average's PC that got infected by 17 different worms/viruses/spamproxies/whatever can't propagate them further.
If you need some of the blocked ports you will have to call support or use a webtool and let them open it up for your connection.
This way the users who don't need the ports or don't even know what ports are, can't contribute unknowingly to the problem. And you can asume that those technically literate enough to request opening some ports on the ISP firewall are responsible enough to take precautions to avoid infection with malware.
The best method of course would be to watch all traffic originating from home PCs and if virus traffic is found to cut off the connection until the PC is cleaned. But I don't know if intrusion detection systems are capable of scanning traffic in the Gbit/s range and if scanners are reliable enough to not report false positives.
And I would make it mandatory in the ISP terms of service to have a virus scanner on every PC that wants to connect to the Internet.
Then we can blacklist all ISPs that dont require their users to have clean PCs so that everyone is free to filter traffic from those sites.
Why does nobody ask how much money is earned with viruses ? McAfee, Symantec,... they all make some nice Dollars with selling their AV products and services.
BTW money is never lost... it just changes its owner. If you spend a Dollar, someone has to earn it. Many small IT shops make a living with fixing "broken" PCs, and nothing "breaks" a PC better than a worm/virus... Maybe I'm getting a little paranoid here but who knows who is writing these little buggers...
Slashdot Mirror
Maybe use a VPN? Which is a good idea on any public network anyway.
OpenVPN does exactly what you need. You can link your locations with a site-to-site tunnel and include the nets on both sides.
https://openvpn.net/index.php/...
You can set one of the VPN gateways as the default gateway for the other net and OpenVPN runs on all sorts of hardware including WLAN routers and iOS devices.
You might want to take a look at
https://www.boxcryptor.com/en/...
What exactly constitues a cyberattack? Does it count if I ping one of their IP addresses and get dropped on the firewall?
I don't know much about why there are such restrictions, do they charge different amounts in different countries? Shouldn't it all be pretty much the same, money-wise? Is it an issue of censorship based on the particular country's politics?
It's all about the licenses. Most of the time a TV station with deep pockets buys the rights for a region for a given timeframe from the producers. And they wouldn't be too happy if you could binge watch a whole season on Netflix before they had time to show all the episodes on TV.
So unless Netflix outbids every TV station for the content rights all the time they will always have somebody crying for regional blocks.
Who uses an unsecured, unencrypted wireless network without tunneling all of the traffic through a VPN anyway?
Newer Operating Systems with more features perform slower on older hardware. Who would have guessed ...
Why didn't they test iPhones, too? Oh right. Because they encrypt their filesys by default and if you throw away the key before selling the buyer is locked out.
But it would be interesting to know if this really works for all the installed apps as well as for the system services.
They are not talking about prosecuting the real gamers if they violate laws or international treaties inside of a game.
They want game developers to include features in their games, that your game character has to face court martial if the gamer breaks laws or rules of engagement. So they want virtual consequenses for virtual crimes. Sounds fair enough for me.
RedShirt
What would the world look like had he spent his money on something else?
Good question ...
http://www.youtube.com/watch?v=OGegKKF2Xpw
http://www.xkcd.com/552/
Watch out! It seems that some other malicious updaters installed IEtab and a twitter addon in your firefox, too!
FC1 -> RH10, FC2 -> RH11, FC3 -> RH12.
...
Too bad you are counting in marketing and not in technical version numbers.
There is nobody out there who wants an RH12, but I know hundreds of people who would be happy if there were a RH9.3. Think about it
RedShirt
I switched to Debian.
Actually I have to thank Redhat for abandoning RHL. If they hadn't I never would have tried Debian. I am so impressed with the apt/dpkg package manager that I never want to get near an rpm based distro again. Even yum and yast can't bring an rpm distro up to par. And even Debian-testing is rock solid compared to FC1-3 which all look like betas.
I never will use Redhat again. Who knows which product they will discontinue next because it doesn't make enough profit.
Good luck Redhat, you will need it. Without a large userbase you will have no geeks left who persuade their bosses to use RHEL.
RedShirt
What again is the reason why ISPs don't block outgoing port 25 and only allow it to their mailserver ?
Then the only way out would be via the ISP's mailserver which could do spam and virus scanning (mailfilter.info or something similar).
The few geeks who run their own mailrelay on their home DSL could request the port to be opened (and pay all damages if they manage to screw things up), or simply use the ISP's mailserver as smarthost.
And to top it off you would have to SMTP AUTH with the ISP's mailrelay, so a spamzombie couldn't use the mailrelay at all (unless extracting the password from the mailclient)
RedShirt
Could it be that your IT guys used the 48hrs of downtime to install SpamAssassin ? ;-)
Because I doubt any spammer ever used a real reply-to Address and even considered to parse the bounces to clean up their databases.
RedShirt
You are right about the part, that firewalls belong on the border gateway. The truth however ist, that 99% of all privately owned windows boxes are connected to the internet directly. Be it via cable, dsl or analog modem. And thus they are not protected by a border gateway, nat or other "hardware" firewall.
And here is the catch: If you enable file and printer sharing on your home lan and you have a dsl or modem connection in your box, Windows XP SP2's firewall will open the required ports on ALL network interfaces, not only the internal LAN. And that is the bug the article ist talking about and I hardly would call that a feature.
RedShirt
Or why not just let a phone play a 10 second or so clip of an MP3? The decoder chips are cheap enough now.
The newest Nokia phones are able to use midi files or mp3 files as ringtones. You can load them via infrared, cable or bluetooth connection and thus don't have to pay a single cent for your new ringtones.
RedShirt
Certain places can't just go and blindly patch
...
If your system is soooo precious that you can't apply a small patch, maybe you shouldn't let in run connected to the internet with all ports wide open without a firewal in front of it
RedShirt
History repeating: Who can (or can't) remember
Too bad for you Austrialians. I really always liked you. But now that the US are going to invade you and liberate you from this government that denied them jurisdiction in your .. errr .. their country ... ;-)
... *fingers cross*)
(I really hope this is only a joke
RedShirt
It's all about control. The just want to control who plays their games. They don't care if you have their client software. They even want you to get it somewhere else but not from their servers to save them bandwidth.
But on the other hand they want you to only be able to play on their servers with their serial number so they know who you are, when you play, what you do (remember Warcraft III needs local admin rights on windows, so it could theoretically read your whole harddisk and registry), and most importantly that you payed for your serial number.
And that's why they want to get rid of the free bnetd server. It lets you play without control and without a serial number.
RedShirt
The must be root to bind port 1024 is not as bad as it sounds. You can write a program that starts as root, binds the port and then drops the root privs and even does an chroot afterwards.
That way you are in some kind of sandbox or at least in some controlled evironment. I think apache does this in this or some similar fashion. At least it binds port 80 and runs as user nobody on my system.
RedShirt
ISPs will find technical solutions to this problem, because it is their backbone that gets beaten up by all this crazy stuff that's circling around.
There will come the time where outbound smtp or netbios or sql-server or whatever will be blocked for residential ip pools, so that Joe Average's PC that got infected by 17 different worms/viruses/spamproxies/whatever can't propagate them further.
If you need some of the blocked ports you will have to call support or use a webtool and let them open it up for your connection.
This way the users who don't need the ports or don't even know what ports are, can't contribute unknowingly to the problem. And you can asume that those technically literate enough to request opening some ports on the ISP firewall are responsible enough to take precautions to avoid infection with malware.
The best method of course would be to watch all traffic originating from home PCs and if virus traffic is found to cut off the connection until the PC is cleaned. But I don't know if intrusion detection systems are capable of scanning traffic in the Gbit/s range and if scanners are reliable enough to not report false positives.
And I would make it mandatory in the ISP terms of service to have a virus scanner on every PC that wants to connect to the Internet.
Then we can blacklist all ISPs that dont require their users to have clean PCs so that everyone is free to filter traffic from those sites.
RedShirt
Why does nobody ask how much money is earned with viruses ? McAfee, Symantec, ... they all make some nice Dollars with selling their AV products and services.
... it just changes its owner. If you spend a Dollar, someone has to earn it. Many small IT shops make a living with fixing "broken" PCs, and nothing "breaks" a PC better than a worm/virus ... Maybe I'm getting a little paranoid here but who knows who is writing these little buggers ...
BTW money is never lost
RedShirt