Uhm, I'm was a homebrew virgin before this weekend. I followed one guide and extracted 1 zip file on an SD card and had homebrew up and working, then backed up my NAND (system memory), and started downloading all the GPL free (non-pirated) games for the HBC via the Homebrew Browser. Backing up my NAND took more time than anything, and I think I was done in less than 30 minutes and trying out everything available via the Homebrew Browser.
It may have been hard before some of the current tools, but literally it was following a guide of 10 steps, dragging and dropping files to an SD card, and then pointing with my Wiimote.
I won't download any games I don't own, mostly because I need to be an example for my kids, and also because if I want a game that bad, I will prioritize it before other games and buy it. We're the type of household that waits a year or so and picks up games for $15-20 at Costco or used at Gamestop. My kids have paid for one Wiiware download game themselves from their allowance money (3 of my 4 kids all chipped in).
I've seen the videos and the steps for getting all the "backup" stuff going to play all the games from USB HDD, seen the huge sites with all the Wiiware and Virtual console and full disc games, but I won't touch it. It's far to easy to go down that road, and once you do, there is no turning back.
However, I am still tempted to get the backup stuff working on an old USB HDD and putting all of our games on it. It's not like we have a ton of games (maybe 20), but I'm mostly concerned about wear and tear on the discs. My kids are pretty well trained in handling DVDs, CDs, game discs, but company often is not. I'd only backup and run from USB HDD the stuff I own, but the problem with that I hear is that the way those loaders work is "illegal" even if you are using it for backup. Somehow the HBC claims not to be "illegal," but it still voids your warranty.
I'm also fine with downloading any emulator games that we find at used game stores or whatever and buy. First sale doctrine keeps that legal (I'm not a lawyer), and basically having the physical media legally purchased in hand allows me to play it however I want.
Perhaps the ad above is legit, but most likely those 40+ games and all the other games are pirated. Only Nintendo could prove that based on online sales records (or if the person had their credit card statements showing those dollar amounts paid to Nintendo for all the downloaded games).
Nintendo has the money and the lawyer muscle and could help the Homebrew Channel go after the folks selling their tools (the HBC is not GPL, but is free, but as it is not GPL you may not sell it). Nintendo probably can't sue the folks selling the HBC and tools (since they don't own the copywrite on that software), but they would be happy to see those places shut down since they're all about promoting piracy (and don't really care about homebrew), but the HBC folks can sue them (since it is their code illegally for sale), but don't have the time or lawyer/money to do it.
My kids are younger, so perhaps older kids wouldn't like the free homebrew games, but we've been enjoying Horror Vacui, Mahjongg Wii, Yahtzwii, Helium boy, Super Mario War Wii, Masteroids, Kobo Deluxe (my current addiction, stuck on Stage 50, the huge cube), OpenTyrianWii, and WiiSPACE.
Playing DVDs and watching Youtube is cool on the Wii. I don't get why Nintendo doesn't license that and blow AppleTV and that sort out of the water since they've got a huge marketshare? I don't have a major need for this as we've already got a killer MythTV
So in short, if we the united states was under some kind of Cyber attack, the President could not turn off (Slashdot.org, digg.com, weather.com) but they could control the networks of those that are government related.
I disagree.
(6) may order the disconnection of any Federal Government or United States critical infrastructure information systems or networks in the interest of national security"....
I read that as any US critical infrastructure network can be disconnected - but from what? There are a huge amount of "critical" things are done online - the buying and selling of power, the conducting of communication between Law Enforcement Agencies (encrypted, but still, using VPNs and other internet-based methods to connect). They use "United States critical [private]... networks" to connect. I would say that this can and would be interpreted as giving power to disconnect anything interfering with the government's use of the internet through these "United States critical... [internet] networks".
One could say that a news or political agency that is causing a "panic" might be disconnected to "protect" us "in the interest of national security."
Never read a law with the good intent in mind - always read it with the worst intent with the worst dictator-like President in charge - how far can they bend this?
If it is really meant to protect Fed networks and order them to disconnect, spell it at explicitly and furthermore limit (by explicitly stating) that non-Federal internet and private sector networks will not be disconnected from each other nor interfered with by the Government.
To take it one step further, the public switched telephone network (aka PSTN, your cell, your land line) is also a "United States critical [private]... networks". Might need to disconnect a few of those numbers to "protect" us "in the interest of national security."
Ah, very nice. Then the only problem is getting/keeping the signatures on the stubs updated. You have a bootstrapping problem that is a chicken-in-the-egg problem if you want to auto-update a host that has been offline for some time, or after a fresh install that contains old signatures.
DNSSEC only helps you if you run your own DNS resolver. 99% of the population uses their ISP's resolver. The exception are corporate networks, etc. DNSSEC does nothing to protect or help the end-user know that queries are good. The data from the resolver to client isn't signed or authenticated in any way, so even if you ask for the +adflag, etc., if someone has a way to mess with your DNS queries with MitM, they can add the "ad" (authenticated data) flag so your client would thing the data had been verified by DNSSEC.
DNSSEC isn't hardly deployed either. Not even in the.GOV TLD domains, which has a mandate that all domains be signed by the end of this year.
Query Comcast's test DNSSEC resolver: dig +adflag +dnssec gov @68.87.69.154
You get back NSEC3 keys and RRSIGs, and the "ad" flag will be set (meaning it is authenticated data). Try it again with just about any domain: dig +adflag +dnssec whitehouse.gov @68.87.69.154 dig +adflag +dnssec fbi.gov @68.87.69.154 dig +adflag +dnssec cia.gov @68.87.69.154 dig +adflag +dnssec nsa.gov @68.87.69.154
Nah, none of them have deployed DNSSEC. Less than 3 months to go and they'll all slip past the mandate.
DNSSEC is a good step in the right direction, but it's not a magic bullet. Perhaps if there were some client apps that act as DNS resolvers and verify all DNSSEC keys and sigs (the same as resolvers do), but that's going to slow down the user experience with many queries before even requesting content. Further, how are end-user apps like this going to be kept up to date with new signatures that have to roll (yearly, I believe)? No magic bullet, that is for sure.
Eventually all failed non-existant domains that are queried through Comcast's servers, where the query begins with www., will get redirected. They just haven't phased that in, yet: DomainHelperLogic:
We will eventually phase in the following pattern matches to enhance this service in the future:
(1) www.SOME-INVALID-NAME.cmm or
(2) www.SOME-INVALID-NAME
- The entry must include "www" followed by a dot ("www.")
Reading further on, they will eventually be phasing in the hijacking of bogus TLD (like.internal) as well as all-around bogus stuff (like mycompany). So that would affect your www.intranet, etc.
I think this is a bad idea. Still, they will justify it as they're only doing it for lookups starting with www.
Look at the DomainHelperLogic and the only thing it hijacks are DNS lookups that begin with www and end with a valid TLD (.com, a ccTLD like.us, etc.).
While I think this still stinks that they are hijacking DNS at all, and as a Comcast customer I will complain and opt-out, I think they're doing it in a fairly logical way.
But it's not that bad. If you do a DNS lookup for any domain (say for an MX or NS record) you're never going to see this. Your lookups will only be affected if the query starts with www, followed by a domain, ending with a valid TLD (.com, a CC, etc.).
If your internal office uses something such as mycompany.internal, then even a www.mycompany.internal query isn't going to get hijacked since.internal isn't a valid TLD. If you are using mycompany.com for internal use, you should own mycompany.com externally, and negative replies will still work and not get hijacked.
Again, while I oppose monkeying with DNS, this appears to be fairly well thought out and not anywhere near as bad as most other implementations.
The developers we and are available and that never changed. Lance hadn't contributed in some time, and was really just wearing the "founder hat" and keys to the centos.org domain, irc found status, and paypal account.
Ditto. I take it a step further. For one, I SSH to my own box for which I've got the public key for already and if it is changed the SSH will fail and throw nasty "someone changed the key" errors. For two, I go into "silent" mode where I firewall and block all inbound connections and silently drop them (even ping) and even more I firewall and block all outbound connections except my one ssh connection. My ssh script connects to my IP, so no need to use DNS either. All traffic is proxied through my ssh connection and out my server, and anything that would somehow evade my proxy (java and javascript sometimes somehow have a hack around method to bypass a proxy setting on a host) - it doesn't matter because iptable is going to drop that outbound traffic and never allow it to leave my box.
The only thing I usually have to do is first give a thumbs-up. For that, I have my usual locked-down inbound mode, all a "guest" Firefox profile that is set to no proxy and connect to hit the authentication/agreement terms page (for Starbucks, hotel wireless, etc.), and then once I get past that I flip my ssh script on which locks down my firewall and sshs to my system as described above.
I'm not sure about how easy that'd be to do on a Windows box. Can you firewall a Windows box from not making any outbound connections? It's been a while since I ran Windows as a Host (when I must, I run them as VM guests). But that would be my recommendation to anyone.
The problem with this is many folks have soho l2l vpn connections, so their PCs don't have to run clients. If you use the VPN-only DNS, then if the VPN is down or has problems, the "internet" is broken.
I used unzip and it kept the +x permission just fine. I have a different error: $./crx./crx: error while loading shared libraries: libopenal.so.1: cannot open shared object file: No such file or directory
I have openal installed (and installed the openal-devel package just to test): $ rpm -qa | grep openal openal-devel-0.0.9-0.17.20060204cvs.fc11.i586 openal-0.0.9-0.17.20060204cvs.fc11.i586
Looks like F11 doesn't have the latest/right version of libopenal: $ locate libopenal.so/usr/lib/libopenal.so.0/usr/lib/libopenal.so.0.0.0
I'm sure any calls between Google VOIP customers will be VOIP on the backend. I'm sure they'll integrate it into Google Talk as well, and then your end could be totally VOIP, and if the other party uses Google Talk it would be VOIP end-to-end. Further, if they're smart, they'll let you use your SIP-based "hard" phones with the service as well.
Second, ENUM is already standard that allows you to use DNS to direct your calls wherever you want (voice or fax - see fax could just go direct from mail server to mail server over SMTP, and if not available use the traditional number). However, guess who has to implement ENUM? The local telco providers who have been assigned numbers have to implement it - and guess what, none of the traditional Bell companies have done that or will do that anytime soon because it allows you to bypass their services and control how your number is called. I could see Google changing all this (at least between VOIP-enabled providers). TPC has tried to make this happen, but really it needs to be done at your service-provider level so you don't have to manage DNS: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_5-2/enum.html.
Regarding revenue, I'm sure it'll be the same as Google Apps. Free for certain features, pay for other. Perhaps Google will make it free for all at first, get folks hooked, and then pay.
Competing in the corporate world will be hard, however. All of these features I've heard of, you can do with a Cisco CallManager/Unity platform. One-reach number forwarding, listening to calls as the caller leaves the message (plus telling the system to take the call, which prompts the person calling with, "Your party can take your call now, please stand by," and then two-way voice goes through), per-number-filtering (profiles, etc.), initiating calls from your cell's smart-app (this is really SIP, and what occurs is Google would place a call out to your cell and the party you wish to call at the same time, presenting you with the caller's number on your callerid, and presenting them with your Google number on their callerid, thus "masking" the phone you calling from), text to speed (read your email to you), speech to text (convert speech to text), fax to email, email to fax, SIP VOIP to your telco so no need for a PRI or analog trunks. All that, and you don't have to worry about Google turning "evil."
However, I, as a small business owner, I cannot afford the hardware and licensing to do this. I'd love to pay Google for such a feature without a huge capital investment. I'm sure others would too.
Further, if Google's smart-app running on the phones do this right, you'll be able to seamlessly transfer a call that you answered on you cell on your desk (plus all the other features). In the Cisco world, you just hang up the cell call and it's still there for 2 seconds and you can pick it up on your desk. Or, if you were on your desk and needed to step away, you just press "Mobile" and the system dials your cell (but the desk call isn't affected at all) and as soon as you hang up your desk phone the two-way audio cuts through on your cell. While on a traditional phone system you could just transfer your call to your cell, the advantage is you can drop back to your desk phone (or any other office phone that you log into) without having to transfer it from your cell (thus tying up two voice paths and running up your cell minutes).
Anyway, it is cool tech, and I'm glad to see Google bringing it to the masses.
While a cell-phone solution might work for a teen, I don't think that's going to get held on to by a kindergarten aged kid.
There are a number of wristwatch solutions out there. One that I saw (but couldn't locate quickly) made it so that you could not remove the watch w/o the right pin - the idea being that if the child was kidnapped you would not want the watch removed easily.
I thought one feature of TrueCrypt was the ability to have two passwords. One password unlocks your "non-secret" data. The other password unlocks your "secret" data in a hidden volume.
The point is both sets of data are stored in one big binary blob. It'll all look like one big fat encrypted mess. In fact, if you are not careful, your non-secret data can overrun your secret data.
To get around this "randomness" problem, after creating your non-secret partition, fill the partition completely with something (copy a few public domain books over and over until the partition is full). All the "randomness" will be gone with encrypted data. Then delete everything and put back in just the smallest amount of non-secret data you need to store in order to appear legit. The "randomness" is still there, as only the FAT entries are deleted, but all the encrypted data is still filling up that whole binary blob.
Now, create your secret partition and use it. Be sure to use it just short of the non-secret data's amount (as they fill from the opposite end), otherwise your non-secret partition will be corrupted.
The one downside is that the non-secret side, if it fills up with too much data, will override your secret side. That's why your have backups and this is just for transport anyway, right?
Get the best bang for your buck. Set up a proxy (IPCop + Squid + SquidGuard). You'll block 95% of the ads and save on bandwidth from that and the proxying, plus you can track your bandwidth usage for yourself.
Just make sure you can return the modem and cancel service with a full refund if the service is cruddy. MetroPCS' data service for the BlackBerry Curve 8330 was the worst. Horrible beyond compare, but they didn't have EVDO service, but even the service they had was horrible and spotty and would work one minute at a location and not the next. I was able to return the BlackBerry to BestBuy for a full refund (they'd seen a ton of them returned) and MetroPCS gave the first month "free" so I was out nothing, other than my wasted time and bad bandwidth service. $50/month for unlimited horrible voice+data service with Metro isn't worth it (I only wanted it for data anyway).
I believe Cricket does have EVDO service. I have no idea how fast or good their data service is. I do know their voice service is great, as my Wife and I have had them for the last 3 years, no land line, for $35/month unlimited voice, message, voicemail, long distance.
I ended up getting a BlackBerry Storm 9530 with Verizon for 66% less than the Curve. I love that the CPU on this phone is so much faster, I can actually use the data service to sync contacts, email, calendaring reliably, and the perks are I get Youtube and streaming music as well. It was $20/month more for unlimited data ($70 total) than Metro - but it just works, 100% solid service and very fast.
If I wanted data service for my PC, I'd just pay $30/more a month for a tethered modem to my "phone" as I'm so pleased with Verizon's coverage. I had the service before with an 8830 World Edition with my last employer, and it was more than worth while when I was stranded at a place that didn't have internet (typically because I was turning up their internet and/or mpls/private network).
You might look into what Verizon's service offerings are for pure data.
Wow, that is scary. All the more ammo to preach to people to use unique passwords.
Of course, even if you can train those folks to use unique passwords, you still have to train them not to give out account info where it doesn't belong. They'd probably just as easily give out the email account password unless educated. Gmail, etc., needs to add to their EULA that it is against their policy for you to share you account password.
What they (Google, etc.) should set up is a "safe" way to allow you to let sites get access to your address book (should you choose to allow them to).
One concern I'd have is that people often use the same password for all of their accounts. Skimming through the list of usernames and passwords that were released, it's amazing to me how simplistic the passwords are that people use. Straight-up dictionary works, nothing appended. Or just a dictionary word plus a digit or two.
I just have a blank WinXP VM image I give them access to full-screen and in bridged mode. They want local admin access to do their thing, and no way would I give them that even in my WinXP regular personal VM images.
No big deal, it just worked and let them do what they needed to do. When they were done, I just nuked the VM image.
NoScript is a nice extra safety net for Firefox. It is a bit of a pain on some sites, but if I trust the site I allow it permanently (banking, etc.), if I just want to read a news article I allow it temp. If a plugin/map/whatever still doesn't work on a page, I just allow all on page temp and it works.
Slashdot Mirror
Anyone following any NERC guidelines knows this. Anyone not only needs an audit and millions in fines (per day).
Uhm, I'm was a homebrew virgin before this weekend. I followed one guide and extracted 1 zip file on an SD card and had homebrew up and working, then backed up my NAND (system memory), and started downloading all the GPL free (non-pirated) games for the HBC via the Homebrew Browser. Backing up my NAND took more time than anything, and I think I was done in less than 30 minutes and trying out everything available via the Homebrew Browser.
It may have been hard before some of the current tools, but literally it was following a guide of 10 steps, dragging and dropping files to an SD card, and then pointing with my Wiimote.
I won't download any games I don't own, mostly because I need to be an example for my kids, and also because if I want a game that bad, I will prioritize it before other games and buy it. We're the type of household that waits a year or so and picks up games for $15-20 at Costco or used at Gamestop. My kids have paid for one Wiiware download game themselves from their allowance money (3 of my 4 kids all chipped in).
I've seen the videos and the steps for getting all the "backup" stuff going to play all the games from USB HDD, seen the huge sites with all the Wiiware and Virtual console and full disc games, but I won't touch it. It's far to easy to go down that road, and once you do, there is no turning back.
However, I am still tempted to get the backup stuff working on an old USB HDD and putting all of our games on it. It's not like we have a ton of games (maybe 20), but I'm mostly concerned about wear and tear on the discs. My kids are pretty well trained in handling DVDs, CDs, game discs, but company often is not. I'd only backup and run from USB HDD the stuff I own, but the problem with that I hear is that the way those loaders work is "illegal" even if you are using it for backup. Somehow the HBC claims not to be "illegal," but it still voids your warranty.
I'm also fine with downloading any emulator games that we find at used game stores or whatever and buy. First sale doctrine keeps that legal (I'm not a lawyer), and basically having the physical media legally purchased in hand allows me to play it however I want.
What I wish Nintendo and Homebrew would pair up and go after is the folks selling the stuff, or the folks selling Wii loaded with all sorts of "hot" stuff:
http://washingtondc.kijiji.com/c-For-sale-Video-games-consoles-Nintendo-Wii-Homebrew-TONS-OF-ACCESSORIES-GAMES-W0QQAdIdZ146395948
Perhaps the ad above is legit, but most likely those 40+ games and all the other games are pirated. Only Nintendo could prove that based on online sales records (or if the person had their credit card statements showing those dollar amounts paid to Nintendo for all the downloaded games).
Nintendo has the money and the lawyer muscle and could help the Homebrew Channel go after the folks selling their tools (the HBC is not GPL, but is free, but as it is not GPL you may not sell it). Nintendo probably can't sue the folks selling the HBC and tools (since they don't own the copywrite on that software), but they would be happy to see those places shut down since they're all about promoting piracy (and don't really care about homebrew), but the HBC folks can sue them (since it is their code illegally for sale), but don't have the time or lawyer/money to do it.
My kids are younger, so perhaps older kids wouldn't like the free homebrew games, but we've been enjoying Horror Vacui, Mahjongg Wii, Yahtzwii, Helium boy, Super Mario War Wii, Masteroids, Kobo Deluxe (my current addiction, stuck on Stage 50, the huge cube), OpenTyrianWii, and WiiSPACE.
Playing DVDs and watching Youtube is cool on the Wii. I don't get why Nintendo doesn't license that and blow AppleTV and that sort out of the water since they've got a huge marketshare? I don't have a major need for this as we've already got a killer MythTV
I disagree.
I read that as any US critical infrastructure network can be disconnected - but from what? There are a huge amount of "critical" things are done online - the buying and selling of power, the conducting of communication between Law Enforcement Agencies (encrypted, but still, using VPNs and other internet-based methods to connect). They use "United States critical [private] ... networks" to connect. I would say that this can and would be interpreted as giving power to disconnect anything interfering with the government's use of the internet through these "United States critical ... [internet] networks".
One could say that a news or political agency that is causing a "panic" might be disconnected to "protect" us "in the interest of national security."
Never read a law with the good intent in mind - always read it with the worst intent with the worst dictator-like President in charge - how far can they bend this?
If it is really meant to protect Fed networks and order them to disconnect, spell it at explicitly and furthermore limit (by explicitly stating) that non-Federal internet and private sector networks will not be disconnected from each other nor interfered with by the Government.
To take it one step further, the public switched telephone network (aka PSTN, your cell, your land line) is also a "United States critical [private] ... networks". Might need to disconnect a few of those numbers to "protect" us "in the interest of national security."
Ah, very nice. Then the only problem is getting/keeping the signatures on the stubs updated. You have a bootstrapping problem that is a chicken-in-the-egg problem if you want to auto-update a host that has been offline for some time, or after a fresh install that contains old signatures.
DNSSEC only helps you if you run your own DNS resolver. 99% of the population uses their ISP's resolver. The exception are corporate networks, etc. DNSSEC does nothing to protect or help the end-user know that queries are good. The data from the resolver to client isn't signed or authenticated in any way, so even if you ask for the +adflag, etc., if someone has a way to mess with your DNS queries with MitM, they can add the "ad" (authenticated data) flag so your client would thing the data had been verified by DNSSEC.
DNSSEC isn't hardly deployed either. Not even in the .GOV TLD domains, which has a mandate that all domains be signed by the end of this year.
Query Comcast's test DNSSEC resolver:
dig +adflag +dnssec gov @68.87.69.154
You get back NSEC3 keys and RRSIGs, and the "ad" flag will be set (meaning it is authenticated data). Try it again with just about any domain:
dig +adflag +dnssec whitehouse.gov @68.87.69.154
dig +adflag +dnssec fbi.gov @68.87.69.154
dig +adflag +dnssec cia.gov @68.87.69.154
dig +adflag +dnssec nsa.gov @68.87.69.154
Nah, none of them have deployed DNSSEC. Less than 3 months to go and they'll all slip past the mandate.
DNSSEC is a good step in the right direction, but it's not a magic bullet. Perhaps if there were some client apps that act as DNS resolvers and verify all DNSSEC keys and sigs (the same as resolvers do), but that's going to slow down the user experience with many queries before even requesting content. Further, how are end-user apps like this going to be kept up to date with new signatures that have to roll (yearly, I believe)? No magic bullet, that is for sure.
Here are my tests:
www.blahblahblahblahblah.com
Bogus redirect page.
www.blahblahblahblahblah
NX
blahblahblahblahblah.com
NX
www.blahblahblahblahblah.ner
NX
Eventually all failed non-existant domains that are queried through Comcast's servers, where the query begins with www., will get redirected. They just haven't phased that in, yet: DomainHelperLogic:
We will eventually phase in the following pattern matches to enhance this service in the future:
(1) www.SOME-INVALID-NAME.cmm or
(2) www.SOME-INVALID-NAME
- The entry must include "www" followed by a dot ("www.")
...
Slashdot ate my reply - It's not that bad - yet.
Reading further on, they will eventually be phasing in the hijacking of bogus TLD (like .internal) as well as all-around bogus stuff (like mycompany). So that would affect your www.intranet, etc.
I think this is a bad idea. Still, they will justify it as they're only doing it for lookups starting with www.
Look at the DomainHelperLogic and the only thing it hijacks are DNS lookups that begin with www and end with a valid TLD (.com, a ccTLD like .us, etc.).
While I think this still stinks that they are hijacking DNS at all, and as a Comcast customer I will complain and opt-out, I think they're doing it in a fairly logical way.
But it's not that bad. If you do a DNS lookup for any domain (say for an MX or NS record) you're never going to see this. Your lookups will only be affected if the query starts with www, followed by a domain, ending with a valid TLD (.com, a CC, etc.).
If your internal office uses something such as mycompany.internal, then even a www.mycompany.internal query isn't going to get hijacked since .internal isn't a valid TLD. If you are using mycompany.com for internal use, you should own mycompany.com externally, and negative replies will still work and not get hijacked.
Again, while I oppose monkeying with DNS, this appears to be fairly well thought out and not anywhere near as bad as most other implementations.
The developers we and are available and that never changed. Lance hadn't contributed in some time, and was really just wearing the "founder hat" and keys to the centos.org domain, irc found status, and paypal account.
I'd love to see this app for the Blackberry Storm. I'd even pay a few bucks for it too.
Ditto. I take it a step further. For one, I SSH to my own box for which I've got the public key for already and if it is changed the SSH will fail and throw nasty "someone changed the key" errors. For two, I go into "silent" mode where I firewall and block all inbound connections and silently drop them (even ping) and even more I firewall and block all outbound connections except my one ssh connection. My ssh script connects to my IP, so no need to use DNS either. All traffic is proxied through my ssh connection and out my server, and anything that would somehow evade my proxy (java and javascript sometimes somehow have a hack around method to bypass a proxy setting on a host) - it doesn't matter because iptable is going to drop that outbound traffic and never allow it to leave my box.
The only thing I usually have to do is first give a thumbs-up. For that, I have my usual locked-down inbound mode, all a "guest" Firefox profile that is set to no proxy and connect to hit the authentication/agreement terms page (for Starbucks, hotel wireless, etc.), and then once I get past that I flip my ssh script on which locks down my firewall and sshs to my system as described above.
I'm not sure about how easy that'd be to do on a Windows box. Can you firewall a Windows box from not making any outbound connections? It's been a while since I ran Windows as a Host (when I must, I run them as VM guests). But that would be my recommendation to anyone.
The problem with this is many folks have soho l2l vpn connections, so their PCs don't have to run clients. If you use the VPN-only DNS, then if the VPN is down or has problems, the "internet" is broken.
I used unzip and it kept the +x permission just fine. I have a different error: ./crx ./crx: error while loading shared libraries: libopenal.so.1: cannot open shared object file: No such file or directory
$
I have openal installed (and installed the openal-devel package just to test):
$ rpm -qa | grep openal
openal-devel-0.0.9-0.17.20060204cvs.fc11.i586
openal-0.0.9-0.17.20060204cvs.fc11.i586
Looks like F11 doesn't have the latest/right version of libopenal: /usr/lib/libopenal.so.0 /usr/lib/libopenal.so.0.0.0
$ locate libopenal.so
I'm sure any calls between Google VOIP customers will be VOIP on the backend. I'm sure they'll integrate it into Google Talk as well, and then your end could be totally VOIP, and if the other party uses Google Talk it would be VOIP end-to-end. Further, if they're smart, they'll let you use your SIP-based "hard" phones with the service as well.
Second, ENUM is already standard that allows you to use DNS to direct your calls wherever you want (voice or fax - see fax could just go direct from mail server to mail server over SMTP, and if not available use the traditional number). However, guess who has to implement ENUM? The local telco providers who have been assigned numbers have to implement it - and guess what, none of the traditional Bell companies have done that or will do that anytime soon because it allows you to bypass their services and control how your number is called. I could see Google changing all this (at least between VOIP-enabled providers). TPC has tried to make this happen, but really it needs to be done at your service-provider level so you don't have to manage DNS: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_5-2/enum.html.
Regarding revenue, I'm sure it'll be the same as Google Apps. Free for certain features, pay for other. Perhaps Google will make it free for all at first, get folks hooked, and then pay.
Competing in the corporate world will be hard, however. All of these features I've heard of, you can do with a Cisco CallManager/Unity platform. One-reach number forwarding, listening to calls as the caller leaves the message (plus telling the system to take the call, which prompts the person calling with, "Your party can take your call now, please stand by," and then two-way voice goes through), per-number-filtering (profiles, etc.), initiating calls from your cell's smart-app (this is really SIP, and what occurs is Google would place a call out to your cell and the party you wish to call at the same time, presenting you with the caller's number on your callerid, and presenting them with your Google number on their callerid, thus "masking" the phone you calling from), text to speed (read your email to you), speech to text (convert speech to text), fax to email, email to fax, SIP VOIP to your telco so no need for a PRI or analog trunks. All that, and you don't have to worry about Google turning "evil."
However, I, as a small business owner, I cannot afford the hardware and licensing to do this. I'd love to pay Google for such a feature without a huge capital investment. I'm sure others would too.
Further, if Google's smart-app running on the phones do this right, you'll be able to seamlessly transfer a call that you answered on you cell on your desk (plus all the other features). In the Cisco world, you just hang up the cell call and it's still there for 2 seconds and you can pick it up on your desk. Or, if you were on your desk and needed to step away, you just press "Mobile" and the system dials your cell (but the desk call isn't affected at all) and as soon as you hang up your desk phone the two-way audio cuts through on your cell. While on a traditional phone system you could just transfer your call to your cell, the advantage is you can drop back to your desk phone (or any other office phone that you log into) without having to transfer it from your cell (thus tying up two voice paths and running up your cell minutes).
Anyway, it is cool tech, and I'm glad to see Google bringing it to the masses.
Doh, scratch the C+ part, meant C#.
No mono/C+ in evolution, but there is in tomboy.
$ cat /etc/redhat-release
Fedora release 11 (Leonidas)
$ yum deplist evolution
Loaded plugins: refresh-packagekit
Finding dependencies:
package: evolution.i586 2.26.2-1.fc11
dependency: libatk-1.0.so.0
provider: atk.i586 1.25.2-2.fc11
dependency: libgio-2.0.so.0
provider: glib2.i586 2.20.1-1.fc11
dependency: libessmime.so.0
provider: evolution.i586 2.26.1-2.fc11
provider: evolution.i586 2.26.2-1.fc11
dependency: libsmime3.so(NSS_3.4)
provider: nss.i586 3.12.3-4.fc11
dependency: libglib-2.0.so.0
provider: glib2.i586 2.20.1-1.fc11
dependency: libetimezonedialog.so.0
provider: evolution.i586 2.26.1-2.fc11
provider: evolution.i586 2.26.2-1.fc11
dependency: libplc4.so
provider: nspr.i586 4.7.3-5.fc11
dependency: libICE.so.6
provider: libICE.i586 1.0.4-7.fc11
dependency: libart_lgpl_2.so.2
provider: libart_lgpl.i586 2.3.20-4.fc11
dependency: libedataserverui-1.2.so.8
provider: evolution-data-server.i586 2.26.1-1.fc11
provider: evolution-data-server.i586 2.26.2-1.fc11
dependency: libnsl.so.1
provider: glibc.i586 2.10.1-2
provider: glibc.i686 2.10.1-2
dependency: libgweather.so.1
provider: libgweather.i586 2.26.1-1.fc11
dependency: gnome-themes
provider: gnome-themes.noarch 2.26.1-1.fc11
dependency: libegroupwise-1.2.so.13
provider: evolution-data-server.i586 2.26.1-1.fc11
provider: evolution-data-server.i586 2.26.2-1.fc11
dependency: libc.so.6(GLIBC_2.2)
provider: glibc.i586 2.10.1-2
provider: glibc.i686 2.10.1-2
dependency: libnss3.so(NSS_3.3)
provider: nss.i586 3.12.3-4.fc11
dependency: libicalvcal.so.0
provider: libical.i586 0.43-4.fc11
dependency: libdl.so.2
provider: glibc.i586 2.10.1-2
provider: glibc.i686 2.10.1-2
dependency: libexchange-storage-1.2.so.3
provider: evolution-data-server.i586 2.26.1-1.fc11
provider: evolution-data-server.i586 2.26.2-1.fc11
dependency: libgdata-google-1.2.so.1
provider: evolution-data-server.i586 2.26.1-1.fc11
provider: evolution-data-server.i586 2.26.2-1.fc11
dependency: libpango-1.0.so.0
provider: pango.i586 1.24.1-1.fc11
dependency: libfilter.so.0
provider: evolution.i586 2.26.1-2.fc11
provider: evolution.i586 2.26.2-1.fc11
dependency: libgmodule-2.0.so.0
provider: glib2.i586 2.20.1-1.fc11
dependency: libpthread.so.0(GLIBC_2.3.2)
provider: glibc.i586 2.10.1-2
provider: glibc.i686 2.10.1-2
dependency: libX11.so.6
provider: libX11.i586 1.2-3.fc11
dependency: libc.so.6
provider: glibc.i586 2.10.1-2
provider: glibc.i686 2.10.1-2
dependency: libedataserver-1.2.so.11
provider: evolution-data-server.i586 2.26.1-1.fc11
provider: evolution-data-serve
While a cell-phone solution might work for a teen, I don't think that's going to get held on to by a kindergarten aged kid.
There are a number of wristwatch solutions out there. One that I saw (but couldn't locate quickly) made it so that you could not remove the watch w/o the right pin - the idea being that if the child was kidnapped you would not want the watch removed easily.
Here is one solution that I found: lok8u.com
Ah, here is another, which requires a remote device to unlock the wristwatch: www.brickhousesecurity.com/wf200.html
I thought one feature of TrueCrypt was the ability to have two passwords. One password unlocks your "non-secret" data. The other password unlocks your "secret" data in a hidden volume.
http://www.truecrypt.org/docs/plausible-deniability
The point is both sets of data are stored in one big binary blob. It'll all look like one big fat encrypted mess. In fact, if you are not careful, your non-secret data can overrun your secret data.
To get around this "randomness" problem, after creating your non-secret partition, fill the partition completely with something (copy a few public domain books over and over until the partition is full). All the "randomness" will be gone with encrypted data. Then delete everything and put back in just the smallest amount of non-secret data you need to store in order to appear legit. The "randomness" is still there, as only the FAT entries are deleted, but all the encrypted data is still filling up that whole binary blob.
Now, create your secret partition and use it. Be sure to use it just short of the non-secret data's amount (as they fill from the opposite end), otherwise your non-secret partition will be corrupted.
This link helps with the graphics:
http://www.truecrypt.org/docs/hidden-volume
The one downside is that the non-secret side, if it fills up with too much data, will override your secret side. That's why your have backups and this is just for transport anyway, right?
Get the best bang for your buck. Set up a proxy (IPCop + Squid + SquidGuard). You'll block 95% of the ads and save on bandwidth from that and the proxying, plus you can track your bandwidth usage for yourself.
Just make sure you can return the modem and cancel service with a full refund if the service is cruddy. MetroPCS' data service for the BlackBerry Curve 8330 was the worst. Horrible beyond compare, but they didn't have EVDO service, but even the service they had was horrible and spotty and would work one minute at a location and not the next. I was able to return the BlackBerry to BestBuy for a full refund (they'd seen a ton of them returned) and MetroPCS gave the first month "free" so I was out nothing, other than my wasted time and bad bandwidth service. $50/month for unlimited horrible voice+data service with Metro isn't worth it (I only wanted it for data anyway).
I believe Cricket does have EVDO service. I have no idea how fast or good their data service is. I do know their voice service is great, as my Wife and I have had them for the last 3 years, no land line, for $35/month unlimited voice, message, voicemail, long distance.
I ended up getting a BlackBerry Storm 9530 with Verizon for 66% less than the Curve. I love that the CPU on this phone is so much faster, I can actually use the data service to sync contacts, email, calendaring reliably, and the perks are I get Youtube and streaming music as well. It was $20/month more for unlimited data ($70 total) than Metro - but it just works, 100% solid service and very fast.
If I wanted data service for my PC, I'd just pay $30/more a month for a tethered modem to my "phone" as I'm so pleased with Verizon's coverage. I had the service before with an 8830 World Edition with my last employer, and it was more than worth while when I was stranded at a place that didn't have internet (typically because I was turning up their internet and/or mpls/private network).
You might look into what Verizon's service offerings are for pure data.
I think what you fail to understand is that you may trust the current president, but what about in 4 or 8 years?
You need to think of your worst nightmare president having this power, not your most trusted president.
Further, take that to your worst nightmare VP who may become president.
Wow, that is scary. All the more ammo to preach to people to use unique passwords.
Of course, even if you can train those folks to use unique passwords, you still have to train them not to give out account info where it doesn't belong. They'd probably just as easily give out the email account password unless educated. Gmail, etc., needs to add to their EULA that it is against their policy for you to share you account password.
What they (Google, etc.) should set up is a "safe" way to allow you to let sites get access to your address book (should you choose to allow them to).
One concern I'd have is that people often use the same password for all of their accounts. Skimming through the list of usernames and passwords that were released, it's amazing to me how simplistic the passwords are that people use. Straight-up dictionary works, nothing appended. Or just a dictionary word plus a digit or two.
I just have a blank WinXP VM image I give them access to full-screen and in bridged mode. They want local admin access to do their thing, and no way would I give them that even in my WinXP regular personal VM images.
No big deal, it just worked and let them do what they needed to do. When they were done, I just nuked the VM image.
NoScript is a nice extra safety net for Firefox. It is a bit of a pain on some sites, but if I trust the site I allow it permanently (banking, etc.), if I just want to read a news article I allow it temp. If a plugin/map/whatever still doesn't work on a page, I just allow all on page temp and it works.
Bus lines often have a flat rate pass. In my town it is $41/month for regular and $31/month for students. The only thing cheaper is a bike.