What, did the phone use hypodermics full of carcinogens as a transmission medium or massive quantities of unshielded isotopes as a kind of nuclear fuel-cell battery or something?
Please, get a grip, if anyone actually bothered to look for health threats as vague as the one you cite - nobody would have a lifespan long enough to reproduce.:P
OT: Hypochondriacs are a slight hot-button with me - since a few members of my family are practically certifiable because of it.
I give up, thanks for explaining my views for me, even though they miss the mark almost entirely.
"The other 90% of the nation doesn't think like you. They don't understand what a firewall or a port is, or how TCP/IP works, and for their everyday lives, they generally don't need to."
They don't need to think like me, they just need to click "Start | Windows Update" once a week or so and just grab everything under the "critical updates or service packs" - or just grab everything available. For those %90 of people that can't be bothered to read the just read the user-friendly descriptions of what the patches fix, applying the latest everything is prolly better than leaving things the way they are anyway...
And, by the way, by "personal responsibility", I don't mean the prototypical (and inane) attitude that the government or others should provide or legislate everything into a pulp for us...
Hrm, I'm going to quibble on something OT here for just a sec then get back to the point.
Wearing a seatbelt prevents you from being stunned when someone hits you how? You can't change mass and inertia and the adverse affects it has on the human body and brain with a seatbelt. If you're hit hard enough to be "thrown about" and not able to control your vehicle because you can't physically reach something - chances are pretty darn good you're not going to be in any condition to make split second decisions and actually act on them anyway. And this example is really getting stretched here.
Anyway, I still think the whole opt in/out idea is fundamentally flawed. Ports are supposed to enable communications effectively. There aren't any problems with the stupid ports.
The problem is with the software that's being used on them, duh. Blocking ports is like (time for another bad metaphor) blocking off roads because unsafe cars are driving on them and getting in accidents and causing traffic congestion. Sure, it's a pain in the ass to fix the huge amount of cars that are affected - but it's the only real way to address the actual problem. Blocking ports is a half assed band-aid - and a really half assed one if you're going to do it in the way that's suggested in the paper.
If we start blocking (and effectively eliminating) ports every time a virus or networking problem rears it's head and causes a few problems, what's the point of having them? Or standards on what port to use? It's only a matter of time (currently anyway) before (insert port number) will become abusable in some manner. Let's just funnel everything through port 80...
"What part of "they make the whole widget" do you not understand?"
Just that being "root" doesn't mean a thing in a well designed system. It's pretty obvious.:P
It's perfectly possible and has been done many many times before to "make a whole widget" and make it as tamperproof as the cryptographic system involved. Even better, if the entire system source is available, and signatures are available, then the entire thing is almost totally transparent while preserving privacy and security.
And, since I'm having a tough time figuring out what you're objecting to...
Since there was source code in some of the Diebold material that was leaked or insecurely stored, or whatever... - that doesn't mean that they're the only ones that could know if two way communications were possible - depending on the source. I grabbed a copy from a totally publically available site, but haven't taken the time to examine it.
At least pay attention if you're going to get belligerant will you? Jeez.
Ug, hell, 10MBit up/down? I feel insanely lucky to have fairly descent 1.5Mbit service where I'm at. Yeah, okay, I'd still be with them as long as I could opt out - and probably happy as a clam too. rofl
Would still irritate the hell out of me at the time, but I have to be honest, with that large of a pipe, my irritation would quickly get squelched by me being so spoiled when it comes to broadband... lol.
*shrugs* In my area you can only use the ISP's cable modems for "support reasons". The way they're setup, you can't even access them. This is for all broadband providers in this area also.
Sucks, but if you don't want to be on dialup, what do you do?
Arg! I don't want standard internet access to become a "value added" service!
Besides making a handshake deal with my local Charter engineer in this area on what I could do with my residental service - my ONLY other option was a business account.
In this area I pay about $40/mo for residental broadband. A business line would get me an open connection at a pitifully low speed (basically a dynamic IP and DNS) for $350 a freaking month!
ALL I wanted to do was be able to connect to my computer from the internet legally (user agreements about hosting services you know) for purely personal reasons.
Here here! I hadn't thought of the kind of processing overhead that this type of thing would reqire for some reason (being that I'm dead tired). Did sound like a good idea at the time though.;)
And yeah, I totally agree on the restricted internet labelling. It's amazing the hoops I had to jump through in my area to find an unfiltered 'net connection in this part of my state. I almost thought I'd have to just get a business account and get hosed over for 10x the cost of a regular broadband account.
Doesn't need to be that "intelligent", just make sure that the - hopefully well authenticated - user can't disconnect himself by the channel he's using to communicate to the server to in the first place. That's almost insanely simple by networking standards.
Where did all this opt-in / opt-out stuff come from?
The paper even says, "We argue in favor of limited, long term port blocking. This paper does not intend to present a balanced argument."
Nowhere does it mention opting anything.
It does state that it's meant to provoke wider discussion however.
How about, instead of blocking off ports just cause they're causing some problems - we address the real problem, which is the software using those ports and the reason this is even coming up. Those nasty, gaping, massive security concerns being produced!
Let's have some of the responsibility brought back to the people that enabled this all to happen in the first place - and start spanking them for the negative impact done to public networks due to their widespread negligence.
Yeah, I'm talking about Microsoft.:P
I'm not a bigoted MS basher, but software under their direct devolopment and control has done a majority of damage inflicted on public networks as far as I'm able to remember. You take the good and the bad for being a legally recognized monopoly.
Sure, the virus writer deserves some "credit" here too, but does anyone around here actually think it's that tough? Has anyone looked at the source for the "I love you" and other earlier macro viruses? What hackney'd jobs usually... they looked like someone basically cut/pasted parts from other "viruses" in most of the versions that I captured...
(and no I can't cite figures on the "majority statement" - I'm just going from memory and what I've personally seen)
Ug, are you insane? If an ISP just decided to randomly block ports without telling me I'd go ballistic! What if some service that is vital that you use for work (or insert anything that you use regularly here) just suddenly stopped working and could not even be worked around from the user end?
That wouldn't bother you even if there was no reason for it?
It'd sure as hell bother me, and I'd pretty much instantly ditch any ISP that pulled this type of moronic behavior.
It's not that people that who design and build networked systems want to force others to learn anything about it - or even a little for that matter - even with all our whining about stupid users and trying to educate people...
We just want established standards to be able to freakin' function reliably which is hard enough as it is without ISP's just randomly turning ports on and off. You wouldn't be able to have any standards then if people did this willy nilly - which would not enhance service.
Honestly, the fact that this got even four mods as insightful is somewhat scary to me...
Theoretically this should be true, but unfortunately this just isn't the case.
There are lots of applications out there that will expect incoming communications on completely unopen or unexpected ports.
Most stateful firewall software I know have to use specific rulesets (or have them built in) in order to accept an unrequested inbound connection.
Let's see, MSN does this, Battle.net, the service that Dungeon Siege uses, um... I can't remember any other specific examples, but I've run into a hell of a lot of them. I think Bittorrent...
Yeah, that's one of the nice things about stateful firewalling.
I miss having a dedicated linux machine so much just for that I've been trying to setup a VMWare OS inside Win2k just to run a stateful firewall cause I can't find any really decent ones I like for Windows platforms.
Most windows personal firewalls just aren't geared to work like this - or are so technical that the common user who just wants to run P2P, Battle.net, or whatever couldn't figure it out to save their life.
I'd tend to disagree with this just because I think the US tends to be so damn overprotective of it's citizens in the most insane ways. If I don't want to wear a seatbelt or wear a helmet when I go out on a motorcycle - that should be my own problem.
Dumbing things down so freaking much has caused some of us to stop caring about some of the dangers out there unless it's on a warning label. If it's not on a warning label it can't possibly happen. *snorts*
It's like we just expect everything we should know to just be handed to us on a silver platter without even thinking. And usually it does. So we stop thinking. That's what catering to the lowest common denominator can do for ya...
Now if we could get specification on any of our products at will instead of just littering them with warnings and logos...
Or maybe I'm just irked cause I didn't read the warning on the q-tip box and shoved one straight through one side of my skull and out the other cause I was so busy trying to actually find a technical specification on a piece of hardware...:P
By perm connection do you mean a static IP? 'Cos dynamic DNS services are very easy to come by / get setup / and are remarkably stable and fast to update if you're running dynamic and find the right service. Been running a dyndns account pointing to a dynamic cable modem address that changes every time the DHCP lease is up and it updates without a hitch.
Hell, you could run a domain on a dial up connection if you really wanted to as long as you had some way to trigger it to log in via phone or something similar.
Some people just happen to run NAT software on the same box as their software firewall (I'm thinking *nix gateway machines here - or hardware routers that do both things), but that's usually because you either only have one machine - or just only want to deal with one machine doing those gateway type functions.
NAT wasn't designed to block communications, it's just a side effect of how it works and what it does. Firewalls - that's all they do - block traffic.
(dealing with simple rules of thumb here guys - please don't quibble me to death)
Ug, that'd kill me, I like to network program and play with new networking stuff on a pretty much constant basis - usually during my most active time of the day which is around 10pm thru 4am local time.
Tech support for ISP's (here in the US anyway) is usually pretty non-existant about that time, and if I found up that the "Internet Access" I signed up for had all of those caveats, I'd switch fast before I ran into other such nonsense.
Of course, if it was common knowledge when signing up, I'd just have 'em unblock everything right at the start and save the hassle.;)
We get babysat from our own government here in the US enough without the ISP's adding to such nonsense...
Hard to leave applications that you have to use in the business world that use certain ports that you suddenly no longer have access to. *shrugs*
Granted, these applications are - in my opinion - inherently flawed by that certain lack of customization, but when you have software foisted off on you by an illegally perpetuated monopoly, what do you do then? (ooooh that last phrase was so flamebait, but I couldn't resist - had a bad night of dealing with MS crap and I just got home)
I do see what you're getting at though - you can always contact your ISP to enable the port. But ISP's are a pain the ass enough anyway, I don't want to have to unblock every damn port I want to use just to try some freakin' new program at 3am when tech support is either not open - or just staffed by idiots.
You're absolutely correct. Just look at the way email filtering works. Spam filters are (by default) turned on, so this could follow suit. You can always opt-out of this service, and get the full email-experience. But you don't see mass complaints about how our email rights are being restricted by the ISP. And of course, you can opt-out of email filtering.
Bullshit!
Sorry, just a turn of phrase.;)
Call Prarie Wave's Internet Technical Support number at 888-745-2888 and just ask them to stop blocking a certain address. We're not talking about just a local isp either although they aren't that big. They only service a few hundred thousand square miles or so.
Not only will they tell you they won't turn of email spam filtering for their residential customers, I've had three technicians tell me that they actually can't with the way things are setup. They can't (or won't) even whitelist.:P
Let me tell you, with only two broadband companies offered in my area, I switched to Charter damn quick 'cause I get email from all over the place and several legitimate (and very much non-pr0n) business associates have been unable to send me mail. I figure it was a misconfiguration problem, but honestly, with their service and support - I already wanted to switch anyway.
If you want to restrict who accesses the information you are specifically setting up software to share to a public medium, the onus to track and authorize users should be completely your responsibility.
I doubt he was talking about five year olds there genius. Good grief, have a little sense.
My dad took me out with his 9mm Smith and Wession auto back when I was 10-12. I didn't get to shoot it though. I just got to learn how to handle it, clean it, and make sure it was in okay condition. Unloaded. It was in a locked gun case (more like a portable safe actually) when not in use, and once trigger locks became known to him, threw one of those on too for good measure.
A few years later I actually got to shoot the damn thing. Fun! Almost broke my wrist, and I couldn't hit a damn thing. Learned a LOT of respect about guns that way, especially when I had a duff round hang in the barrel. I didn't know what was wrong, but I knew enough by then to put the safety on and check things out. Good thing I had been taught a little respect for that thing, I could've lost a hand or died.
I'm still scared of guns to this day at age 26 - if it's unfamiliar to me and I don't know how to use it. Or if it's basically in anyone else's hands.
Slashdot Mirror
rofl! After 2-3 hours of use?
:P
What, did the phone use hypodermics full of carcinogens as a transmission medium or massive quantities of unshielded isotopes as a kind of nuclear fuel-cell battery or something?
Please, get a grip, if anyone actually bothered to look for health threats as vague as the one you cite - nobody would have a lifespan long enough to reproduce.
OT: Hypochondriacs are a slight hot-button with me - since a few members of my family are practically certifiable because of it.
It really wears on the nerves after a while...
Egad, grok context you Anonymous Troll...
*sighs*
I give up, thanks for explaining my views for me, even though they miss the mark almost entirely.
"The other 90% of the nation doesn't think like you. They don't understand what a firewall or a port is, or how TCP/IP works, and for their everyday lives, they generally don't need to."
They don't need to think like me, they just need to click "Start | Windows Update" once a week or so and just grab everything under the "critical updates or service packs" - or just grab everything available. For those %90 of people that can't be bothered to read the just read the user-friendly descriptions of what the patches fix, applying the latest everything is prolly better than leaving things the way they are anyway...
And, by the way, by "personal responsibility", I don't mean the prototypical (and inane) attitude that the government or others should provide or legislate everything into a pulp for us...
Start expecting some personal responsibility from these users when what they either do or fail to do affects others?
Hrm, I'm going to quibble on something OT here for just a sec then get back to the point.
Wearing a seatbelt prevents you from being stunned when someone hits you how? You can't change mass and inertia and the adverse affects it has on the human body and brain with a seatbelt. If you're hit hard enough to be "thrown about" and not able to control your vehicle because you can't physically reach something - chances are pretty darn good you're not going to be in any condition to make split second decisions and actually act on them anyway. And this example is really getting stretched here.
Anyway, I still think the whole opt in/out idea is fundamentally flawed. Ports are supposed to enable communications effectively. There aren't any problems with the stupid ports.
The problem is with the software that's being used on them, duh. Blocking ports is like (time for another bad metaphor) blocking off roads because unsafe cars are driving on them and getting in accidents and causing traffic congestion. Sure, it's a pain in the ass to fix the huge amount of cars that are affected - but it's the only real way to address the actual problem. Blocking ports is a half assed band-aid - and a really half assed one if you're going to do it in the way that's suggested in the paper.
If we start blocking (and effectively eliminating) ports every time a virus or networking problem rears it's head and causes a few problems, what's the point of having them? Or standards on what port to use? It's only a matter of time (currently anyway) before (insert port number) will become abusable in some manner. Let's just funnel everything through port 80...
Yeah, that'd be an improvement.
"What part of "they make the whole widget" do you not understand?"
:P
Just that being "root" doesn't mean a thing in a well designed system. It's pretty obvious.
It's perfectly possible and has been done many many times before to "make a whole widget" and make it as tamperproof as the cryptographic system involved. Even better, if the entire system source is available, and signatures are available, then the entire thing is almost totally transparent while preserving privacy and security.
And, since I'm having a tough time figuring out what you're objecting to...
Since there was source code in some of the Diebold material that was leaked or insecurely stored, or whatever... - that doesn't mean that they're the only ones that could know if two way communications were possible - depending on the source. I grabbed a copy from a totally publically available site, but haven't taken the time to examine it.
At least pay attention if you're going to get belligerant will you? Jeez.
All hail salesgeek, who sees through bafflingly clouded issues!
;)
Well, on this one. Why more people are saying this I don't know.
Ug, hell, 10MBit up/down? I feel insanely lucky to have fairly descent 1.5Mbit service where I'm at. Yeah, okay, I'd still be with them as long as I could opt out - and probably happy as a clam too. rofl
Would still irritate the hell out of me at the time, but I have to be honest, with that large of a pipe, my irritation would quickly get squelched by me being so spoiled when it comes to broadband... lol.
*shrugs* In my area you can only use the ISP's cable modems for "support reasons". The way they're setup, you can't even access them. This is for all broadband providers in this area also.
Sucks, but if you don't want to be on dialup, what do you do?
Arg! I don't want standard internet access to become a "value added" service!
Besides making a handshake deal with my local Charter engineer in this area on what I could do with my residental service - my ONLY other option was a business account.
In this area I pay about $40/mo for residental broadband. A business line would get me an open connection at a pitifully low speed (basically a dynamic IP and DNS) for $350 a freaking month!
ALL I wanted to do was be able to connect to my computer from the internet legally (user agreements about hosting services you know) for purely personal reasons.
Here here! I hadn't thought of the kind of processing overhead that this type of thing would reqire for some reason (being that I'm dead tired). Did sound like a good idea at the time though. ;)
And yeah, I totally agree on the restricted internet labelling. It's amazing the hoops I had to jump through in my area to find an unfiltered 'net connection in this part of my state. I almost thought I'd have to just get a business account and get hosed over for 10x the cost of a regular broadband account.
Doesn't need to be that "intelligent", just make sure that the - hopefully well authenticated - user can't disconnect himself by the channel he's using to communicate to the server to in the first place. That's almost insanely simple by networking standards.
Where did all this opt-in / opt-out stuff come from?
:P
The paper even says, "We argue in favor of limited, long term port blocking. This paper does not intend to present a balanced argument."
Nowhere does it mention opting anything.
It does state that it's meant to provoke wider discussion however.
How about, instead of blocking off ports just cause they're causing some problems - we address the real problem, which is the software using those ports and the reason this is even coming up. Those nasty, gaping, massive security concerns being produced!
Let's have some of the responsibility brought back to the people that enabled this all to happen in the first place - and start spanking them for the negative impact done to public networks due to their widespread negligence.
Yeah, I'm talking about Microsoft.
I'm not a bigoted MS basher, but software under their direct devolopment and control has done a majority of damage inflicted on public networks as far as I'm able to remember. You take the good and the bad for being a legally recognized monopoly.
Sure, the virus writer deserves some "credit" here too, but does anyone around here actually think it's that tough? Has anyone looked at the source for the "I love you" and other earlier macro viruses? What hackney'd jobs usually... they looked like someone basically cut/pasted parts from other "viruses" in most of the versions that I captured...
(and no I can't cite figures on the "majority statement" - I'm just going from memory and what I've personally seen)
Anyway, I'm just ranting out loud...
Ug, are you insane? If an ISP just decided to randomly block ports without telling me I'd go ballistic! What if some service that is vital that you use for work (or insert anything that you use regularly here) just suddenly stopped working and could not even be worked around from the user end?
That wouldn't bother you even if there was no reason for it?
It'd sure as hell bother me, and I'd pretty much instantly ditch any ISP that pulled this type of moronic behavior.
It's not that people that who design and build networked systems want to force others to learn anything about it - or even a little for that matter - even with all our whining about stupid users and trying to educate people...
We just want established standards to be able to freakin' function reliably which is hard enough as it is without ISP's just randomly turning ports on and off. You wouldn't be able to have any standards then if people did this willy nilly - which would not enhance service.
Honestly, the fact that this got even four mods as insightful is somewhat scary to me...
Theoretically this should be true, but unfortunately this just isn't the case.
There are lots of applications out there that will expect incoming communications on completely unopen or unexpected ports.
Most stateful firewall software I know have to use specific rulesets (or have them built in) in order to accept an unrequested inbound connection.
Let's see, MSN does this, Battle.net, the service that Dungeon Siege uses, um... I can't remember any other specific examples, but I've run into a hell of a lot of them. I think Bittorrent...
Yeah, that's one of the nice things about stateful firewalling.
I miss having a dedicated linux machine so much just for that I've been trying to setup a VMWare OS inside Win2k just to run a stateful firewall cause I can't find any really decent ones I like for Windows platforms.
Most windows personal firewalls just aren't geared to work like this - or are so technical that the common user who just wants to run P2P, Battle.net, or whatever couldn't figure it out to save their life.
I'd tend to disagree with this just because I think the US tends to be so damn overprotective of it's citizens in the most insane ways. If I don't want to wear a seatbelt or wear a helmet when I go out on a motorcycle - that should be my own problem.
:P
Dumbing things down so freaking much has caused some of us to stop caring about some of the dangers out there unless it's on a warning label. If it's not on a warning label it can't possibly happen. *snorts*
It's like we just expect everything we should know to just be handed to us on a silver platter without even thinking. And usually it does. So we stop thinking. That's what catering to the lowest common denominator can do for ya...
Now if we could get specification on any of our products at will instead of just littering them with warnings and logos...
Or maybe I'm just irked cause I didn't read the warning on the q-tip box and shoved one straight through one side of my skull and out the other cause I was so busy trying to actually find a technical specification on a piece of hardware...
By perm connection do you mean a static IP? 'Cos dynamic DNS services are very easy to come by / get setup / and are remarkably stable and fast to update if you're running dynamic and find the right service. Been running a dyndns account pointing to a dynamic cable modem address that changes every time the DHCP lease is up and it updates without a hitch.
Hell, you could run a domain on a dial up connection if you really wanted to as long as you had some way to trigger it to log in via phone or something similar.
Arg! NAT is not any any type of firewall!
Some people just happen to run NAT software on the same box as their software firewall (I'm thinking *nix gateway machines here - or hardware routers that do both things), but that's usually because you either only have one machine - or just only want to deal with one machine doing those gateway type functions.
NAT wasn't designed to block communications, it's just a side effect of how it works and what it does. Firewalls - that's all they do - block traffic.
(dealing with simple rules of thumb here guys - please don't quibble me to death)
Ug, that'd kill me, I like to network program and play with new networking stuff on a pretty much constant basis - usually during my most active time of the day which is around 10pm thru 4am local time.
;)
Tech support for ISP's (here in the US anyway) is usually pretty non-existant about that time, and if I found up that the "Internet Access" I signed up for had all of those caveats, I'd switch fast before I ran into other such nonsense.
Of course, if it was common knowledge when signing up, I'd just have 'em unblock everything right at the start and save the hassle.
We get babysat from our own government here in the US enough without the ISP's adding to such nonsense...
Hard to leave applications that you have to use in the business world that use certain ports that you suddenly no longer have access to. *shrugs*
Granted, these applications are - in my opinion - inherently flawed by that certain lack of customization, but when you have software foisted off on you by an illegally perpetuated monopoly, what do you do then? (ooooh that last phrase was so flamebait, but I couldn't resist - had a bad night of dealing with MS crap and I just got home)
I do see what you're getting at though - you can always contact your ISP to enable the port. But ISP's are a pain the ass enough anyway, I don't want to have to unblock every damn port I want to use just to try some freakin' new program at 3am when tech support is either not open - or just staffed by idiots.
*cough*
;)
:P
You're absolutely correct. Just look at the way email filtering works. Spam filters are (by default) turned on, so this could follow suit. You can always opt-out of this service, and get the full email-experience. But you don't see mass complaints about how our email rights are being restricted by the ISP. And of course, you can opt-out of email filtering.
Bullshit!
Sorry, just a turn of phrase.
Call Prarie Wave's Internet Technical Support number at 888-745-2888 and just ask them to stop blocking a certain address. We're not talking about just a local isp either although they aren't that big. They only service a few hundred thousand square miles or so.
Not only will they tell you they won't turn of email spam filtering for their residential customers, I've had three technicians tell me that they actually can't with the way things are setup. They can't (or won't) even whitelist.
Let me tell you, with only two broadband companies offered in my area, I switched to Charter damn quick 'cause I get email from all over the place and several legitimate (and very much non-pr0n) business associates have been unable to send me mail. I figure it was a misconfiguration problem, but honestly, with their service and support - I already wanted to switch anyway.
I totally agree with Tokerat.
If you want to restrict who accesses the information you are specifically setting up software to share to a public medium, the onus to track and authorize users should be completely your responsibility.
And this makes it any more believable to you then?
Interesting...
I doubt he was talking about five year olds there genius. Good grief, have a little sense.
My dad took me out with his 9mm Smith and Wession auto back when I was 10-12. I didn't get to shoot it though. I just got to learn how to handle it, clean it, and make sure it was in okay condition. Unloaded. It was in a locked gun case (more like a portable safe actually) when not in use, and once trigger locks became known to him, threw one of those on too for good measure.
A few years later I actually got to shoot the damn thing. Fun! Almost broke my wrist, and I couldn't hit a damn thing. Learned a LOT of respect about guns that way, especially when I had a duff round hang in the barrel. I didn't know what was wrong, but I knew enough by then to put the safety on and check things out. Good thing I had been taught a little respect for that thing, I could've lost a hand or died.
I'm still scared of guns to this day at age 26 - if it's unfamiliar to me and I don't know how to use it. Or if it's basically in anyone else's hands.