Re:The window
on
Due Diligence?
·
· Score: 3, Informative
I've had up2date break a ton of things when it installs a newer version. ypbind and xinetd are two that bit us recently. They both installed and initially tested fine, but there were subtle changes that broke other things (securenets on ypbind, and all our ssl-based email services like spop3 and simap with xinetd). Easy enough to fix, but not something you want automated when you're on vacation.
We have a cron job at 4am that mirrors the RH update directories (only downloads changes) and then emails us if there are changes. Then we install and test them on a test non-production server to verify first, then install on the production boxes, plus we already have the update(s) on a local box so 'rpm -Fvh ftp://localupdateserver/whatever.rpm' goes really fast (especially when you have a couple dozen boxes to maintain).
With a DirecTiVo you get your programming from the dish, so no call home is required to TiVo except for software updates (this can be disabled).
You can pop a modified NIC into a [Direc]TiVo and have it use your broadband to "call" into TiVo and not use a phone line. Still need a phone line if you do "impulse" PPV ordering to call DirecTV once a month (I do my ordering via the web so no phone needed).
You can hack NTP updates out of the call (I did, I find my local NTP server at home more reliable as it polls Stratum 2 clocks).
Manual record works just great if you want to use it as a "dumb vcr" and not have any scheduling info (if it's a Stand-Alone TiVo, but remember you get free scheduling from a DirecTiVo).
Best thing about DirecTiVo - No $12.95 TiVo subscription fee anymore. You just pay $4.95/receiver (same as any other DirecTV device). Actually, you get the second of the Dual Tuners in a DirecTiVo for free. Bad news about DirecTiVo - no Lifetime anymore, but at $250 it would take you 4.2 years to even break even vs the $4.95 fee. Odds are your PVR won't last that long.
Ditto, I find myself wanting this feature with humans (radio or otherwise). Heh, even at the IMAX for SW2 I found myself almost reaching for my remote to zap back and rewatch a scene (damn!).
My favorite DirecTiVo feature? Dual tuners! You can switch back and forth between tuners by pressing down on the round navigation button at the top.
What's the big deal? When you change channels you lose your 30-minute buffer. However, if you switch tuners and then change channels you keep your buffer on the other channel (in other words, you have a 30-minute buffer for each tuner).
Say you want to watch something, but don't feel the need to record it, but want to surf during the commercials, but want to be able to rewind back if you switch back too late - simple, just switch tuners and surf.
I used this a lot with MTV as well. I'll watch a show on one tuner and have MTV on the other, then flip to MTV during a commercial and scan the 30 minute buffer for a good video (more and more rare these days, heh), and then switch tuners back to the show I'm watching after I'm done.
Oh, and Dual Tuners also rock for scheduling conflicts as you can record two shows at once (occurs 2-3 times a week for me).
Bad news about PVRs: I watch more TV than before. Partly becauase I didn't have DirecTV before as well (OTA barely gets 4 non-Spanish networks, missing CBS). However, I do find that for the most part I just watch my shows that are recorded and don't surf much (most of the time, heh, but now that I've found the dual tuner feature, I watch a bit more)...
ACL isn't correct. Cisco devices parse from the start to finish and exit at the first match (with an implied "deny any" at the end). Your ACL would match any ICMP packets with the first line, deny it, and exit the ACL.
permit icmp any any ttl-exceeded
permit icmp any any parameter-problem
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any host-unknown
This would allow the above and block all else (probably bad, since your data wouldn't get through).
permit icmp any any ttl-exceeded
permit icmp any any parameter-problem
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any host-unknown
deny icmp any any
This is probably what you want, but remember there is still an implicit deny any at the end (unless you've got the firewall feature-set which dynamically opens things up as needed).
Most likely you want something like this on a border router:
permit icmp any any ttl-exceeded
permit icmp any any parameter-problem
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any host-unknown
deny icmp any any
permit ip any any
Then firewall elsewhere (initial firewalling on your exterior router is ok, but use a dedicated firewall if possible).
Re:The Change is not reflected at WHOIS
on
Root Zone Changed
·
· Score: 1
I'm sure they'll get to it eventually. But as you may know, WHOIS data isn't what matters and is solely for informational reference.
The statement "The root name servers have records for.com,.org, and the national (.uk,.dk etc.) etc. DNS servers." is correct. He was stating that the root name servers have the NS records for the DNS servers of.com, etc., which they do. If the root nameservers didn't know the NS records for the.com DNS servers, you'd never know how to get there. These records are AKA "glue" records. The actual SOA are the.com, etc. DNS servers, but the root still has the glue to get you to that NS.
What you should have clarified is that the actual records in the.com, etc. zones are not in the root servers, other than the NS records glue.
Re:Apparently there was also a change today
on
Root Zone Changed
·
· Score: 1
The root zone SOA is incremented EVERY day. The zone itself is rather stable (how often do new CC or domains come into existance or need to get removed?). It was the root.hints file that was updated on the 5th as the actual J root server IP changed, and this is the rare occurance.
It would have been better to say, "To find the owner of the netblock." That's the important info anyway, for tracking folks down. ARIN/RIPE/APNIC WHOIS hold this info.
Domain WHOIS is really only useful for researching forward resolving information.
No one is blocking PTR records, they're just not giving out the entire in-addr zone so you can see all of the NS delegations (which you could quickly grep for.gov, etc). Interesting thing is that there are no.GOV NS for in-addr zones, so it's a mute point, but there are plenty of.MIL.
Futher, PTR records can be completely false, and the real useful data for finding a bad host is often found in ARIN/RIPE/APNIC local IP Registry database.
However, the in-addr zone is still online (but.gov is not): ftp://ftp.rs.internic.net/domain/inaddr.zon e.gz
Free Radio Berkeley has plenty of links and info on setting up your own low-power radio station. Including why you don't need an FCC license, and what do to when they hassle you. FRB has been online w/o an FCC license since at least 1993.
Or if you're too lazy to cable from the front of your house to a back bedroom, but have more than one node in each room. I did this for 6 months before I finally cabled things.
Now I use my WAP11s at each end of the house as APs.
As others have said, why hack together this box when you can get a PIX 501 or 506 for less than or equal to the cost of the 16mb flash part, and you'd be legal. Plenty of eBay Buy-It-Nows for $439.
Second, I did a search on PIX-FLASH-16MB= (Cisco part number for the required 16mb flash), and couldn't find it for less than US$688 using Nextag.
Great advice! The only remaining upside to the FrankenPix for study would them be to learn how to handle 3+ interfaces (multiple firewalled DMZs, etc).
That's ok, they won't be for long. I've reported them to Cisco's legal department and eBays DCMA contact. This is clearly illegal activity pirating Cisco's life blood.
That's like saying what if Microsoft goes bankrupt, or the US Government goes under. Anything is possible, but it's very, very unlikely. Last I heard Cisco had something like $40B in cash/liquid assets.
If your hardware were to fail, you could legally replace it yourself (we replaced a power supply in our PIX 520 when Cisco wanted $1K to fix it), but you can't duplicate the whole thing and legally run the same software on the other box (although to have a duplicate of the same hardware available wouldn't be a bad idea).
Cisco IOS is inheirently more vulernable than the PIX OS (it is not IOS-based). Furthermore, the PIX 520, which is being copied here, is capable of 6 100mbit NICs, whereas the Cisco 806 router only has two 10mbit ports. Lastly, the two are completely different beasts.
Both are great suggestions to learn Cisco IOS and PIX OS. Which, if one were just building such a box to LEARN on, where does that fall in the morals/ethics realm? Most folks have no problems "borrowing" a copy of different products to learn on (MCSE is the main thing that comes to mind). You either have to fork out a ton of money to go to a tech school, or otherwise you'd be ethically bound to buy it all yourself, OR "borrow" it while you study and practice for the certification tests, and then get a decent job supporting that product (which helps the company you were "borrowing" from in the first place).
I'd love to see a PC-based hack like this for Cisco's IOS (simulators are ok, but typically don't have half the commands). But since I know the hardware in a Cisco router isn't anything like what the PIX is based on, it's not going to happen (and thus 2500s and 4000s still sell a bit on eBay for folks practicing for labs).
With DirecTV and TiVo (aka DTiVo), I get this sort of service for $.40/day, but only on the days I choose to watch a movie.
Basically, you can turn on HBO, Cinemax, Showtime, etc. for a day, and you're only charged the pro-rated cost ($12 / 30 days = $.40). If I want to watch a movie on any one of them, I hit their website, turn on that package (typically in the morning before I leave for work) and have TiVo record all the decent movies on that premium channels half dozen channels that will be on that day (typically not more than 1 other movie is worth seeing, tho), and then turn off the package at the end of the day before I head to bed. Net charge, $.40.
How to bring that to the masses? Let me do that with my remote (but since I have an Audrey right next to my couch, it's not that hard to turn on an extra package). Plus, turn it off automatically at the end of the day for me.
I'd never pay $80+/month for all premium channels, but I would pay $.40 on the days I want to see a movie on one of them.
It's simply a matter of getting the correct URL. Back when the first trailer came out, someone posted this. It worked just fine to let you grab it. Anyone know where the new URL of the clone_wars 640 version is?
Supposedly MPEG and DIVX5 versions will be posted here, but it'll be a bit if they're uploading with 128kbps.
I'll mirror them as fast as I can get them (along with the rest of the trailers I already have) here.
Slashdot Mirror
I've had up2date break a ton of things when it installs a newer version. ypbind and xinetd are two that bit us recently. They both installed and initially tested fine, but there were subtle changes that broke other things (securenets on ypbind, and all our ssl-based email services like spop3 and simap with xinetd). Easy enough to fix, but not something you want automated when you're on vacation.
We have a cron job at 4am that mirrors the RH update directories (only downloads changes) and then emails us if there are changes. Then we install and test them on a test non-production server to verify first, then install on the production boxes, plus we already have the update(s) on a local box so 'rpm -Fvh ftp://localupdateserver/whatever.rpm' goes really fast (especially when you have a couple dozen boxes to maintain).
Same as sellng ice to eskimos - revenue and nothing more. They were squeezing the last ounce of blood out of the Win9x code base.
With a DirecTiVo you get your programming from the dish, so no call home is required to TiVo except for software updates (this can be disabled).
You can pop a modified NIC into a [Direc]TiVo and have it use your broadband to "call" into TiVo and not use a phone line. Still need a phone line if you do "impulse" PPV ordering to call DirecTV once a month (I do my ordering via the web so no phone needed).
You can hack NTP updates out of the call (I did, I find my local NTP server at home more reliable as it polls Stratum 2 clocks).
Manual record works just great if you want to use it as a "dumb vcr" and not have any scheduling info (if it's a Stand-Alone TiVo, but remember you get free scheduling from a DirecTiVo).
Best thing about DirecTiVo - No $12.95 TiVo subscription fee anymore. You just pay $4.95/receiver (same as any other DirecTV device). Actually, you get the second of the Dual Tuners in a DirecTiVo for free. Bad news about DirecTiVo - no Lifetime anymore, but at $250 it would take you 4.2 years to even break even vs the $4.95 fee. Odds are your PVR won't last that long.
Ditto, I find myself wanting this feature with humans (radio or otherwise). Heh, even at the IMAX for SW2 I found myself almost reaching for my remote to zap back and rewatch a scene (damn!).
My favorite DirecTiVo feature? Dual tuners! You can switch back and forth between tuners by pressing down on the round navigation button at the top.
What's the big deal? When you change channels you lose your 30-minute buffer. However, if you switch tuners and then change channels you keep your buffer on the other channel (in other words, you have a 30-minute buffer for each tuner).
Say you want to watch something, but don't feel the need to record it, but want to surf during the commercials, but want to be able to rewind back if you switch back too late - simple, just switch tuners and surf.
I used this a lot with MTV as well. I'll watch a show on one tuner and have MTV on the other, then flip to MTV during a commercial and scan the 30 minute buffer for a good video (more and more rare these days, heh), and then switch tuners back to the show I'm watching after I'm done.
Oh, and Dual Tuners also rock for scheduling conflicts as you can record two shows at once (occurs 2-3 times a week for me).
Bad news about PVRs: I watch more TV than before. Partly becauase I didn't have DirecTV before as well (OTA barely gets 4 non-Spanish networks, missing CBS). However, I do find that for the most part I just watch my shows that are recorded and don't surf much (most of the time, heh, but now that I've found the dual tuner feature, I watch a bit more)...
ACL isn't correct. Cisco devices parse from the start to finish and exit at the first match (with an implied "deny any" at the end). Your ACL would match any ICMP packets with the first line, deny it, and exit the ACL.
permit icmp any any ttl-exceeded
permit icmp any any parameter-problem
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any host-unknown
This would allow the above and block all else (probably bad, since your data wouldn't get through).
permit icmp any any ttl-exceeded
permit icmp any any parameter-problem
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any host-unknown
deny icmp any any
This is probably what you want, but remember there is still an implicit deny any at the end (unless you've got the firewall feature-set which dynamically opens things up as needed).
Most likely you want something like this on a border router:
permit icmp any any ttl-exceeded
permit icmp any any parameter-problem
permit icmp any any host-unreachable
permit icmp any any port-unreachable
permit icmp any any packet-too-big
permit icmp any any host-unknown
deny icmp any any
permit ip any any
Then firewall elsewhere (initial firewalling on your exterior router is ok, but use a dedicated firewall if possible).
I'm sure they'll get to it eventually. But as you may know, WHOIS data isn't what matters and is solely for informational reference.
The statement "The root name servers have records for .com,.org, and the national (.uk,.dk etc.) etc. DNS servers." is correct. He was stating that the root name servers have the NS records for the DNS servers of .com, etc., which they do. If the root nameservers didn't know the NS records for the .com DNS servers, you'd never know how to get there. These records are AKA "glue" records. The actual SOA are the .com, etc. DNS servers, but the root still has the glue to get you to that NS.
.com, etc. zones are not in the root servers, other than the NS records glue.
What you should have clarified is that the actual records in the
The root zone SOA is incremented EVERY day. The zone itself is rather stable (how often do new CC or domains come into existance or need to get removed?). It was the root.hints file that was updated on the 5th as the actual J root server IP changed, and this is the rare occurance.
If you're looking at RedHat and old hardware, you should look at the RULE (Run Up2date Linux Everywhere) project.
You can achieve a very limited install, but still get and keep up to date software.
It's as simple as listing a bogus address (real street and zip, tho, in case they cross reference it).
Better yet, list your registry's address so they can see all the lovely spam you get.
Standard thing I do at Rat Shack, etc., when they ask for my address. I just look at a business card on the desk and give them the info from there.
It would have been better to say, "To find the owner of the netblock." That's the important info anyway, for tracking folks down. ARIN/RIPE/APNIC WHOIS hold this info.
Domain WHOIS is really only useful for researching forward resolving information.
No one is blocking PTR records, they're just not giving out the entire in-addr zone so you can see all of the NS delegations (which you could quickly grep for .gov, etc). Interesting thing is that there are no .GOV NS for in-addr zones, so it's a mute point, but there are plenty of .MIL.
.gov is not):n e.gz
Futher, PTR records can be completely false, and the real useful data for finding a bad host is often found in ARIN/RIPE/APNIC local IP Registry database.
However, the in-addr zone is still online (but
ftp://ftp.rs.internic.net/domain/inaddr.zo
Free Radio Berkeley has plenty of links and info on setting up your own low-power radio station. Including why you don't need an FCC license, and what do to when they hassle you. FRB has been online w/o an FCC license since at least 1993.
;-)
Oh, bring a lawyer
Or if you're too lazy to cable from the front of your house to a back bedroom, but have more than one node in each room. I did this for 6 months before I finally cabled things.
Now I use my WAP11s at each end of the house as APs.
freenet.artoo.net/
Glad you caught it. When in doubt:
/. "Lameness filter encountered. Post aborted! Reason: Please use fewer 'junk' characters."
dig mx ftc.gov - if you've got newer bind tools.
or
nslookup -q=mx ftc.gov - if you've got NT/2K/XP or older *nix
I'd post what the output looks like, but the
Ah, gotta love clueless filters.
As others have said, why hack together this box when you can get a PIX 501 or 506 for less than or equal to the cost of the 16mb flash part, and you'd be legal. Plenty of eBay Buy-It-Nows for $439.
Second, I did a search on PIX-FLASH-16MB= (Cisco part number for the required 16mb flash), and couldn't find it for less than US$688 using Nextag.
To clarify what the Private Link card does - it's basically Cisco's proprietary PIX-to-PIX VPN tunneling method, before IPSEC was out.
Great advice! The only remaining upside to the FrankenPix for study would them be to learn how to handle 3+ interfaces (multiple firewalled DMZs, etc).
That's ok, they won't be for long. I've reported them to Cisco's legal department and eBays DCMA contact. This is clearly illegal activity pirating Cisco's life blood.
That's like saying what if Microsoft goes bankrupt, or the US Government goes under. Anything is possible, but it's very, very unlikely. Last I heard Cisco had something like $40B in cash/liquid assets.
If your hardware were to fail, you could legally replace it yourself (we replaced a power supply in our PIX 520 when Cisco wanted $1K to fix it), but you can't duplicate the whole thing and legally run the same software on the other box (although to have a duplicate of the same hardware available wouldn't be a bad idea).
Cisco IOS is inheirently more vulernable than the PIX OS (it is not IOS-based). Furthermore, the PIX 520, which is being copied here, is capable of 6 100mbit NICs, whereas the Cisco 806 router only has two 10mbit ports. Lastly, the two are completely different beasts.
Both are great suggestions to learn Cisco IOS and PIX OS. Which, if one were just building such a box to LEARN on, where does that fall in the morals/ethics realm? Most folks have no problems "borrowing" a copy of different products to learn on (MCSE is the main thing that comes to mind). You either have to fork out a ton of money to go to a tech school, or otherwise you'd be ethically bound to buy it all yourself, OR "borrow" it while you study and practice for the certification tests, and then get a decent job supporting that product (which helps the company you were "borrowing" from in the first place).
I'd love to see a PC-based hack like this for Cisco's IOS (simulators are ok, but typically don't have half the commands). But since I know the hardware in a Cisco router isn't anything like what the PIX is based on, it's not going to happen (and thus 2500s and 4000s still sell a bit on eBay for folks practicing for labs).
With DirecTV and TiVo (aka DTiVo), I get this sort of service for $.40/day, but only on the days I choose to watch a movie.
Basically, you can turn on HBO, Cinemax, Showtime, etc. for a day, and you're only charged the pro-rated cost ($12 / 30 days = $.40). If I want to watch a movie on any one of them, I hit their website, turn on that package (typically in the morning before I leave for work) and have TiVo record all the decent movies on that premium channels half dozen channels that will be on that day (typically not more than 1 other movie is worth seeing, tho), and then turn off the package at the end of the day before I head to bed. Net charge, $.40.
How to bring that to the masses? Let me do that with my remote (but since I have an Audrey right next to my couch, it's not that hard to turn on an extra package). Plus, turn it off automatically at the end of the day for me.
I'd never pay $80+/month for all premium channels, but I would pay $.40 on the days I want to see a movie on one of them.
Oops Generate stats from your webserver's logs not silly img tags ;-p
http://node2.callihq.net/ep2_clone_war_p640.avi
6 40.avi
http://jason.roysdon.net/starwars/ep2_clone_war_p
I've got the rest of the trailers as well:
http://jason.roysdon.net/starwars/
It's simply a matter of getting the correct URL. Back when the first trailer came out, someone posted this. It worked just fine to let you grab it. Anyone know where the new URL of the clone_wars 640 version is?
Supposedly MPEG and DIVX5 versions will be posted here, but it'll be a bit if they're uploading with 128kbps.
I'll mirror them as fast as I can get them (along with the rest of the trailers I already have) here.