1.5/256 is the current promotional $19.99/mo. deal. It's totally usable, but you can't stream multiple video sources or do a large download at the same time.
With the kids out on summer break, my nightly RSS video podcast feeds & CentOS6 downloading after 2am, etc., we're only at 150gb last month. IF you gave someone faster, they could max out the 250gb/mo. cap, but you'd have to work really hard to max out 150gb at 1.5/256.
DSL can't touch that price as you need a land line as well. Comcast doesn't require anything else for their Internet-only connection.
Hah, but the joke will be the $7/mo modem rental (clearly buying one outright for $90 is the better deal).
I'm sure one might have said the same about India 15 years ago as well. Remember, both were originally one country, until the British empire split the two and later three.
Wow, way to make sure your country can never have any outsourcing jobs. No business with a clue would ever set up operations in a country where all traffic has to be open to corporate espionage.
They're going to be in the technological dark ages forever if this persists, vs. following India into the cheap outsourcing market.
I'm fairly certain we don't have basic support, especially with this new eBilling project coming online. The fact is, our sales rep and none of the support folks we talked to even knew that this other ACS team was even available or existed, and we've been fighting to get better support for 4 months, going rounds and rounds with Oracle as this entire stack (webgate, soa, eBilling, OIM, OAM, OID, O-I-U-E-O-U, whatever) is all Oracle and we've followed the versioning requirements to the T. I believe we have over 200 support cases opened so far on this project (again, I'm not the one directly working on this project, but I've helped here and there on the generic Linux pieces that I know well, like SSL, sendmail, the load balancers, etc.). Further, this team is booked up until March, 2012, so right now we're fighting for remote/telephone support with them as much as we can get it. The point is Oracle over sold and doesn't have a single customer up on what they sold us (not all the components they sold us and their proposed design). Our bad on that, but we're already this far in and no turning back now.
Not everyone cares about SOHO users. No one is saying anyone should put up IPv6-only websites either. My point was that this article was about Enterprise plans for IPv6. Not ISPs, not SOHO users, not hosting.
Enabling IPv6 now is going to allow other enterprises who enable IPv6 to connect to my enterprise employer natively, instead of going through NAT devices (be it 4to4 NAT, 6to4 NAT, or even 4to6 NAT).
It will also allow my enterprise employer to connect natively over IPv6 to content provider services. We already do that to all Google services.
I've used sendmail + spamassassin and squid for years with IPv6 on a personal level. That's not the problem. The problem is the backend database support. While even Roaring Pengiun Software supports IPv6, where do they get their database from? No major database/lookup service supports IPv6 yet. The same is true for Squid - where are you going to get your block lists and filters for IPv6 traffic when no one is selling it?
Doesn't mean they upgrade/replace all their routers right now. They just upgrade their backbone and put in new routers for IPv6 support and move.gov customers over. Existing customers just stay on the old crud until they complain, and then use the same method - new routers for IPv6 customers. That's VZN & AT&T's present MO.
Many propose doing both. If you don't obtain PI IPv6 space from your RIR, I would highly suggest this. All internal-to-internal traffic should use your private IPv6 addresses, and the public IPv6 addresses are used just for accessing outside your networks. The advantage to this is that only your public facing services and routers have to be renumbered when you change ISPs. All your internal networking stays the same.
Uhm, you've missed the "Enterprise" topic here. SOHO has it's own problems, sure. However, most major vendors have had router and firewall support for some time.
Anyway, you can deploy it for now on the low-hanging fruit:
Get direct RIR allocation (don't wait around for your ISP). You'll be portable and never stuck to one ISP again (yeah, IPv6 makes renumbering easier, but it still isn't easy, and static addressing is not going to go way, get real).
Tunnel and run BGP to HE with your edge routers and tell your ISPs your're shopping around for a better solution.
Turn it up on your firewalls and most dns servers (leave at least one still ipv4-only in the case of someone else with broken DNS resolvers that think they have IPv6 connectivity but don't).
Regarding your firewalls, only allow access to your public-facing websites and lab networks.
Push your web and spam filter compan[y|ies] to get full IPv6 support now. Simply allowing IPv6 traffic to pass or not is not acceptable (Looking at you, Websense).
We're still missing two major components: Commercial IPv6 Web and Spam filters. Without that, I don't think you want to let your users lose on the IPv6 web or open up your MX to the new spammers.
How about this for support: Oracle support, which we pay a premium for, cannot fix their own product, so they bring in ACS to assist, but want us to pay extra for ACS. Oracle support is beyond sub-par. I'm thankful I'm not dealing with them or directly on the project, but I feel sorry for the folks who are - a project that has hit bug after bug for over a year now.
That's typically if you do it via ATM or don't ask for the funds to be available right away. My business account's limit is $1K
However, a few times I've asked for the funds to be made available right away, and the manager or assistant manager would take the check and do some magic in the back and then the funds ($3-4K) would be available.
> I'm inclined to believe it would be best to just fine software vendors, every time their software is found participating in a botnet.
Fixed that for you. So long as the end-user doesn't do something stupid (disable the OS and other software updates), the vendor should be liable. If the end-user does muck it up and their was a vendor fix available, fine the end-user.
This assumes only a few payloads. Mix a constant rate of traffic in for a constant bitrate and you'll never know. I can easily perform QoS on both end-points to give voice or streaming content a higher priority than the "background" filler data. Mix in multiple users going to multiple remote VPN hubs and you can't effectively track anything if the client tools and/or the VPN hub proxies are scrubbing it all.
I second GKG.net. I've used them for my domains. They were a little slow to add DNSSEC support for some of the gTLDs when each Registry turned up support, but once they added it, I've been in the process of moving domains back.
The only thing I see is they still don't support dot-MOBI. Not really a big deal, as that TLD domain appears to be a flop (wouldn't you want a mobile domain to be *shorter,* not longer?)
Somehow you've missed what I'm saying. This is not about leaking data. I'm not even talking about inept auditors. This is about an auditor finding problems, and management telling them to ignore them, not report them, and/or minimize them.
Perhaps you've never had to deal with management with this sort of thing? It happens all the time, but if you want to keep your job you just document it in your private files and leave it at that.
This is where whistle-blower laws need to be improved. Should a CEO or management do this, they should be financially penalized and face jail time, and the whistle blower should be financially well taken care of.
Basically, and auditor should be untouchable. They should be able to follow the rules, and if not, huge fines should face the management and a large portion of that should go to the auditor.
Auditor's personal financial records need to be an open book, otherwise this would set them up to be able to be black mailers and/or accept bribes.
Right, so management needs to be financially and criminally held liable for this sort of thing. If it affects their pocket book and they might face jail time for not following the rules, perhaps they'll be something done differently?
You can cancel your account while still paying it off. It's actually a good thing to do, as it will keep you from charging any more (and prevent fraud charges).
Just make sure you switch to paper statements first, as once you cancel/close your account, you can't access statements online anymore.
I had my CitiBank card compromised twice in one month. The first time I called and told them, and they canceled the account number and overnighted me a replacement card. It sat in the overnight envelope on my coffee table for 3 weeks until I activated it, and within a week I had more fraud charges.
As I never take the physical CitiBank card from home, and only used their Virtual credit card (where you generate a new number each time to use for online purchases), I knew there was something fishy going on. They wouldn't/couldn't tell me which place I'd used my card at had been compromised. I was very clear with them that this was unacceptable, and if I didn't get answers, I was going close my account (which I've had for most of my credit history). They couldn't do anything, and wanted to send me another card. I told them what is the point because in a week, before I even use it, it'll be compromised again. I closed my account after this in April, 2011. Now we find all this out a month or so later.
As much as I don't like BankAmerica, I have switched back to them for their Shop Safe virtual credit cards for all my online purchases. Again, my BankAmerica card never leaves my physical filing cabinet and is never used online. The BofA Shop Safe is a great system in that you can not only set the card to expire in 2 months (minimum requirement), but you can set a limit. I just round up to the nearest dollar, so each purchase "maxes out" the amount available for each Shop Safe virtual card.
I wish more places offered this sort of virtual card (even some method for your physical card to generate a virtual card so a skimmer can be traced and also limited). I wish all banks and credit cards had to offer two-channel authentication for purchases over a customer-set limit (see ING.nl's TAN codes via mobile phone). I wish I could set some cards to not be allowed without physically being present (in other words, block some cards from being able to be used over the phone or online, and require it to be in person and require ID checking), and some cards only allowed to be used online with temporary/virtual card numbers (and never allow the real/physical account number to be used).
These security protections seem so basic, and so easy to implement, and they'd totally knock out the majority of fraud.
The best card companies offer now is an email/SMS message when a purchase over a limit I set is done. That's fine for a credit card, as I'm not liable if I report it as fraud, but it's a pain for a Debit Card as I'm out that money. For that reason I canceled my Debit Cards and have ATM-only cards.
Slashdot Mirror
I think you mean methadone treatment. Those folks show up on COPS all the time trying to sell their extra tablets.
1.5/256 is the current promotional $19.99/mo. deal. It's totally usable, but you can't stream multiple video sources or do a large download at the same time.
With the kids out on summer break, my nightly RSS video podcast feeds & CentOS6 downloading after 2am, etc., we're only at 150gb last month. IF you gave someone faster, they could max out the 250gb/mo. cap, but you'd have to work really hard to max out 150gb at 1.5/256.
DSL can't touch that price as you need a land line as well. Comcast doesn't require anything else for their Internet-only connection.
Hah, but the joke will be the $7/mo modem rental (clearly buying one outright for $90 is the better deal).
I'm sure one might have said the same about India 15 years ago as well. Remember, both were originally one country, until the British empire split the two and later three.
https://secure.wikimedia.org/wikipedia/en/wiki/Partition_of_India
Wow, way to make sure your country can never have any outsourcing jobs. No business with a clue would ever set up operations in a country where all traffic has to be open to corporate espionage.
They're going to be in the technological dark ages forever if this persists, vs. following India into the cheap outsourcing market.
I'm fairly certain we don't have basic support, especially with this new eBilling project coming online. The fact is, our sales rep and none of the support folks we talked to even knew that this other ACS team was even available or existed, and we've been fighting to get better support for 4 months, going rounds and rounds with Oracle as this entire stack (webgate, soa, eBilling, OIM, OAM, OID, O-I-U-E-O-U, whatever) is all Oracle and we've followed the versioning requirements to the T. I believe we have over 200 support cases opened so far on this project (again, I'm not the one directly working on this project, but I've helped here and there on the generic Linux pieces that I know well, like SSL, sendmail, the load balancers, etc.). Further, this team is booked up until March, 2012, so right now we're fighting for remote/telephone support with them as much as we can get it. The point is Oracle over sold and doesn't have a single customer up on what they sold us (not all the components they sold us and their proposed design). Our bad on that, but we're already this far in and no turning back now.
Not everyone cares about SOHO users. No one is saying anyone should put up IPv6-only websites either. My point was that this article was about Enterprise plans for IPv6. Not ISPs, not SOHO users, not hosting.
Enabling IPv6 now is going to allow other enterprises who enable IPv6 to connect to my enterprise employer natively, instead of going through NAT devices (be it 4to4 NAT, 6to4 NAT, or even 4to6 NAT).
It will also allow my enterprise employer to connect natively over IPv6 to content provider services. We already do that to all Google services.
I've used sendmail + spamassassin and squid for years with IPv6 on a personal level. That's not the problem. The problem is the backend database support. While even Roaring Pengiun Software supports IPv6, where do they get their database from? No major database/lookup service supports IPv6 yet. The same is true for Squid - where are you going to get your block lists and filters for IPv6 traffic when no one is selling it?
Doesn't mean they upgrade/replace all their routers right now. They just upgrade their backbone and put in new routers for IPv6 support and move .gov customers over. Existing customers just stay on the old crud until they complain, and then use the same method - new routers for IPv6 customers. That's VZN & AT&T's present MO.
Many propose doing both. If you don't obtain PI IPv6 space from your RIR, I would highly suggest this. All internal-to-internal traffic should use your private IPv6 addresses, and the public IPv6 addresses are used just for accessing outside your networks. The advantage to this is that only your public facing services and routers have to be renumbered when you change ISPs. All your internal networking stays the same.
Uhm, you've missed the "Enterprise" topic here. SOHO has it's own problems, sure. However, most major vendors have had router and firewall support for some time.
s/lose/loose
Anyway, you can deploy it for now on the low-hanging fruit:
Get direct RIR allocation (don't wait around for your ISP). You'll be portable and never stuck to one ISP again (yeah, IPv6 makes renumbering easier, but it still isn't easy, and static addressing is not going to go way, get real).
Tunnel and run BGP to HE with your edge routers and tell your ISPs your're shopping around for a better solution.
Turn it up on your firewalls and most dns servers (leave at least one still ipv4-only in the case of someone else with broken DNS resolvers that think they have IPv6 connectivity but don't).
Regarding your firewalls, only allow access to your public-facing websites and lab networks.
Push your web and spam filter compan[y|ies] to get full IPv6 support now. Simply allowing IPv6 traffic to pass or not is not acceptable (Looking at you, Websense).
We're still missing two major components: Commercial IPv6 Web and Spam filters. Without that, I don't think you want to let your users lose on the IPv6 web or open up your MX to the new spammers.
Right, but in this case they are making us pay additional hourly for ACS help in this case.
How about this for support: Oracle support, which we pay a premium for, cannot fix their own product, so they bring in ACS to assist, but want us to pay extra for ACS. Oracle support is beyond sub-par. I'm thankful I'm not dealing with them or directly on the project, but I feel sorry for the folks who are - a project that has hit bug after bug for over a year now.
That's typically if you do it via ATM or don't ask for the funds to be available right away. My business account's limit is $1K
However, a few times I've asked for the funds to be made available right away, and the manager or assistant manager would take the check and do some magic in the back and then the funds ($3-4K) would be available.
Except in this case the EL6 distro is not i386, i486, or even i586 compatible. It requires i686 with PAE.
Counterfeit Cisco equipment used on US Navy Submarines
> I'm inclined to believe it would be best to just fine software vendors, every time their software is found participating in a botnet.
Fixed that for you. So long as the end-user doesn't do something stupid (disable the OS and other software updates), the vendor should be liable. If the end-user does muck it up and their was a vendor fix available, fine the end-user.
This assumes only a few payloads. Mix a constant rate of traffic in for a constant bitrate and you'll never know. I can easily perform QoS on both end-points to give voice or streaming content a higher priority than the "background" filler data. Mix in multiple users going to multiple remote VPN hubs and you can't effectively track anything if the client tools and/or the VPN hub proxies are scrubbing it all.
Not if the instructions are signed. Assuming public key encryption, you'd have to have the private key to sign the C&C messages.
The best you can do is block the C&C channel.
I second GKG.net. I've used them for my domains. They were a little slow to add DNSSEC support for some of the gTLDs when each Registry turned up support, but once they added it, I've been in the process of moving domains back.
The only thing I see is they still don't support dot-MOBI. Not really a big deal, as that TLD domain appears to be a flop (wouldn't you want a mobile domain to be *shorter,* not longer?)
Somehow you've missed what I'm saying. This is not about leaking data. I'm not even talking about inept auditors. This is about an auditor finding problems, and management telling them to ignore them, not report them, and/or minimize them.
Perhaps you've never had to deal with management with this sort of thing? It happens all the time, but if you want to keep your job you just document it in your private files and leave it at that.
This is where whistle-blower laws need to be improved. Should a CEO or management do this, they should be financially penalized and face jail time, and the whistle blower should be financially well taken care of.
Basically, and auditor should be untouchable. They should be able to follow the rules, and if not, huge fines should face the management and a large portion of that should go to the auditor.
Auditor's personal financial records need to be an open book, otherwise this would set them up to be able to be black mailers and/or accept bribes.
Right, so management needs to be financially and criminally held liable for this sort of thing. If it affects their pocket book and they might face jail time for not following the rules, perhaps they'll be something done differently?
You can cancel your account while still paying it off. It's actually a good thing to do, as it will keep you from charging any more (and prevent fraud charges).
Just make sure you switch to paper statements first, as once you cancel/close your account, you can't access statements online anymore.
I had my CitiBank card compromised twice in one month. The first time I called and told them, and they canceled the account number and overnighted me a replacement card. It sat in the overnight envelope on my coffee table for 3 weeks until I activated it, and within a week I had more fraud charges.
As I never take the physical CitiBank card from home, and only used their Virtual credit card (where you generate a new number each time to use for online purchases), I knew there was something fishy going on. They wouldn't/couldn't tell me which place I'd used my card at had been compromised. I was very clear with them that this was unacceptable, and if I didn't get answers, I was going close my account (which I've had for most of my credit history). They couldn't do anything, and wanted to send me another card. I told them what is the point because in a week, before I even use it, it'll be compromised again. I closed my account after this in April, 2011. Now we find all this out a month or so later.
As much as I don't like BankAmerica, I have switched back to them for their Shop Safe virtual credit cards for all my online purchases. Again, my BankAmerica card never leaves my physical filing cabinet and is never used online. The BofA Shop Safe is a great system in that you can not only set the card to expire in 2 months (minimum requirement), but you can set a limit. I just round up to the nearest dollar, so each purchase "maxes out" the amount available for each Shop Safe virtual card.
I wish more places offered this sort of virtual card (even some method for your physical card to generate a virtual card so a skimmer can be traced and also limited). I wish all banks and credit cards had to offer two-channel authentication for purchases over a customer-set limit (see ING.nl's TAN codes via mobile phone). I wish I could set some cards to not be allowed without physically being present (in other words, block some cards from being able to be used over the phone or online, and require it to be in person and require ID checking), and some cards only allowed to be used online with temporary/virtual card numbers (and never allow the real/physical account number to be used).
These security protections seem so basic, and so easy to implement, and they'd totally knock out the majority of fraud.
The best card companies offer now is an email/SMS message when a purchase over a limit I set is done. That's fine for a credit card, as I'm not liable if I report it as fraud, but it's a pain for a Debit Card as I'm out that money. For that reason I canceled my Debit Cards and have ATM-only cards.