Hot gel-showering hot chicks aside.. I kinda like the series. I do think a "change of direction" would be an improvement though.. you can only go so far in space with that naive "we're from earth.. please don't kill us" thing. Maybe they'll develop some better weapons and grow some larger space nuts too!.. and MAYBE... just MAYBE... we'll get the scoop on this whole Klingon forehead thing.. No ridges... Ridges... That's a choice in potato chips, not aliens dammit!
Disk space aside... think about the bandwidth used.. I admin the firewall and internet connection for my employer, who has a total of ~5 megabits/sec of connectivity. Recently we've had problems with users sending very large attachments to large lists of internal users. This normally isn't an issue, but several of these users have set up rules to forward all of their work email to their home accounts. So one user sends a 200+ meg attachment to 35 other users, 20 of which have these forward-home rules.. alluva sudden we're trying to send 4 gigs of email attachements to residential broadband and dial-up ISP's... they transfer for a while... the remote host gags on the incoming mail and drops the connection... our servers try to resend. The result is HUGE consumption of our very expensive bandwidth and an imparement of legitimate traffic. If I had a choice, we'd limit everyone to 5-10 megs.. or less.. but the politics of our company won't allow this..::sigh::
Hey Bri..
No sweat bro.. there was really still a few kb/s there for me . The hardware looks fsckin' great btw!.. Glad to see you're still having fun:) Drop me a line sometime and let me know what *else* you've been up to!
Ack! I can't get to my server that's sitting on the rack beside bri's machine (rm-r.net). Y'all stop trying to get there for a few minutes so I can retrieve my email.. ok? Thanks:)
I'd have to agree.. I downloaded smoothwall 0.9.9SE a few months ago while searching for a low/no cost site-to-site VPN solution. The install was quick and easy, and although I needed to modify some of the scripts to make the Free-S/WAN VPN components interoperate with my Checkpoint FireWall-1/VPN-1 gateway at work, the end result is a secure and stable firewall with the desired full-time encrypted connection to the office. Now I've seen Mr. Morrell's postings to the "gpl" mailing list, and I don't think he's going to win any awards for open-source customer service, but his product delivers as advertised and then some. It's certainly worth the download to try it out, and most likely will be worth a nominal donation to most users. Features include statically or DHCP assigned external address, modem support with dial-on-demand, Intrusion detection (snort), web and DNS proxies, DMZ interface support, IPSec comliant VPN, traffic logging with nifty graphs, an easy-to-use SSL web interface and a few other little goodies.
The Linksys-type devices are normally pretty basic appliances that offer filtering, port forwarding, NAT, etc.. and often include a small hub for a few machines. They're inexpensive and quite effective for the intended use.
IPCHAINS/IPTABLES on a linux box is generally far more configurable than the afore mentioned appliances, and in many cases, more stable (I know of several linksys-type devices that crash several times/week.. Mileage may vary.) The Linux-based solutions can be configured to produce far more traffic logging, shaping (bandwidth control), etc. and can easily include great intrusion detection utilities like snort. The Linux way can also be used for true IPSec compliant VPN's with Free-S/WAN. ("Appliances" that offer IPSec start at between $500-$1000).
The big-bucks "enterprise" solutions offer similar firewalling features to linux with IPtables, but often include a nifty managaement tool that can control several such devices. They also support IPSec VPNs and can generally do so at high bandwidth (it takes a few CPU cycles to pump out 3DES encrypted packets). Many of the high-end devices are actually routers at heart, so they can also do intelligent routing.
Summary: the linksys-type things are great for non-techie type users (or lazy folks:P). The Linux firewalls offer far more power and flexibility, but require some techincal savvy. The enterprise class devices just cost too damn much:)
Hope this helps.. and tell your friend for me that linux firewalls kick much ass:)
Being a geek *and* the firewall/vpn admin for a large network I was compelled by geekiness to set up a tunnel between the corporate network and my home network. The lack of desire to spend way too much money for an IPSec compliant appliance I opted to try numberous open source solutions, including Smoothwall 0.9.9se. Despite a few shortcomings, I found the "Smoothie" to be quite impressive. A 23 Meg ISO image yielded a bootable CD that installed without a hitch, identified all the hardware and prompted well for install input (reading the install docs is of course advisable). The box was online is just about 10 minutes with internal clients playing quake and surfing for porn. A quick, yet educated review of the default configurations and a nmap scan and I was confortable with the security... onto the VPN config: A straight forward, web based config menu has fields for all the usual Free-S/WAN VPN stuff, like gateway IP's, site network IP's, next-route-hop IPs, preshared secret, but lacked some specific config options that are needed to create a tunnel with a Checkpoint FW-1/VPN-1 gateway (the reason I was trying this product). Manually adding these config options to the ipsec.conf file was easy enough and in just a short while I was enjoying an IKE/3DES/MD5 tunnel into work.. well.. maybe "enjoying" isn't the right word. My next step was to add a few additional work subnets to the tunnel. This is done by creating an additional connection.. like a second tunnel with the same addresses and preshared secret.. piece of cake.. except, adding more info to the VPN configuration overwrites the ipsec.conf file with a newly created one. Doh!. Fortunately, the web interface is well written and it was pretty easy to add some code to make the admin script create the new ipsec.conf file with the Checkpoint specific changes. Total time invested for a fully functional, easily configurable firewall/VPN: just a few hours. Satisfaction level: 90% Summary: It's easy, fast and works as advertised. Pros: Fast install, Works with Static or dynamic IP's, Many other good features (check the website for details)., Easy to customize the code for personal gratification. Cons: it could offer more flexible IP chains config thru the web interface, Could use those additional VPN options for Checkpoint interoperability. I like it and the smoothwall folks can expect documentation of checkpoint compat. fixes along with a PayPal donation very soon.
Well.. I liked the first 5 or 6 items I saw, but after closing the 8 or 9 pop-up windows that followed, I opted to stop looking at toys.. Damn I hate pop-up ads.
My experiences with the Maxtor 30 gig 7200rpm drives have caused me to scratch Maxtor off my "approved vendor" list. When he first one failed (6 weeks after install), they tried to tell me my warranty was void because I was running it in a Linux server (the first contact there didn't know what linux was). They *finally* sent a refurb to replace it, complete with dented case... it lasted 5 days.. to make a long, painful story short.. I went through EIGHT drives in less than one year. Odds are that it was just a problem with that particular model, but the level of service I received made me vow to never give them another penny..
A really good book, but needs a few updates
on
Managing Mailing Lists
·
· Score: 4, Informative
I maintain several mailing lists for both work and non-work related topics.. This is the book that taught me how to do it. It certainly gets a thumbs-up from me. It does, however, need a little updating. Maybe the next revision will include some of the newer MLM's.. like Mailman.. that'd be nice.. Also, for security reasons, newer versions of Sendmail want nothing to do with directories that are "group writable". This was a small headache until I decyphered the error messages, but should be taken into account in the next revision of the book. (yes.. I did send e-mail to O'Reilley about this one). Still, like most O'Reilley books... it's worth buying!
Being in my mid-40's. it's sometimes difficult to remember what my school daze were like.. I do, however, remember that there was no fear, violence, bullying, etc. Why? That's an easy question to answer.. We were all too damned stoned to be violent!! We now live in the D.A.R.E era.. and as a result, kids just aren't smoking enough pot. Without the *clouds* to shelter them from reality, today's kids are realizing what a screwed up world we really live in, hence the tendency to go a little crazy. So is the answer to this problem going to be mandatory weed for high school kids? maybe.. it would certainly mellow them out... and we don't really need to worry about a generation of "dumber" kids.. windows(tm) is already seeing to that for us. Then there's the issue of "mood altering" drugs.. you know.. those nasty little pills that are being pushed on our kids by every scumbag counselor that can't deal with kids problems the good old fashioned way (patience and understanding). Do you want your kids to be dependent on a Pfizer(tm) product to make them socially acceptable? Hell.. I'd rather see my kids smoke a joint. (Disclaimer- this post is meant to impart a bit of humor on an otherwise serious subject. Flaming me re: the content of this post will only cause me to laugh at you.)
roadrunner in Maine (one of the first two rr.com systems in the US) pretty much kicks a$$, IMHO.
They spec the service as 8Mbits/sec downstream and 2Mbits/sec upstream. The various "speed test" websites never seem to give me any useable info, so I'll cite more realistic references.. from ftp.netscape.com I normally get anywhere from 3 to 6 Mbits/sec... consistantly. Upstream speeds are equally acceptable, regularly in the 1.5Mbit/sec range.. occasionally hitting 2.5 to 3Mbit/sec.
The cost is $35.00 and includes 5 dynamic IP's which seldom change (I've got 3 IP's that haven't changed in over a year).
Now if only their customer support was as impressive as the performance.
The idea of dual purpose machines is a good one.. Using PC's both as workstations and nodes of a cluster not only shows that clustering doesn't really require any special hardware, but it makes it easier to justify the money for somewhat decent machines. There's no real difference in clustering dedicated nodes or making a "Cluster of Workstations"... essentially instead of headless boxes on a shelf, you're just using complete PC's (monitors, keyboards, etc). It's easy enough to set the PC's up for dual-booting, say between Linux and some other (*cough*) operating system, and since recent versions of Red Hat (and others) now support clustering right out of the box, most of the work has already been done for you. As for how many boxes you need, you can prove the concept with as little as two or three.. adding more later on is no problem at all. You will want good networking between the machines.. definitely 100Mbit switched or better. Point your favorite search engine towards the phrase "Cluster of Workstations" and you're bound to find plenty of examples. Good luck and don't forget to post your results soomewhere !
If you put lots of explosions, flames, and glowing, rotating skulls on your page, the cute little H4X0R kiddies will phear and respect you and leave you alone cuz they'll think you're "l33t".. If that's not an option, clear information in a sanely organized layout often makes for a useful website.. no flash, low bandwidth images (if any at all), little or no java to save us linux/netscape users from aggrivation and keep the content current. Simple, but effective.
With all the DoS activity that's been going on for the past year or two, I have to wonder when the ISP's are going to take it seriously enough to filter "spoofed IP" packets originating from their customers. If the packet-stormers are denied the veil of spoofing, they should be easy enough to deal with... assuming of course that the upstream providers actually give a sh*t. (I've been ignored by several large ISP's when offering logs of their users attacking my servers). Unfortunately, the rapid growth of broadband internet access hasn't been accompanied by an equal growth of responsibility... hence the script kiddies can play their games::sigh:: (disclaimer: I refer to them as "kiddies" to reflect the aparent level of maturity, NOT age.. my 14 year old son is far more mature than these bastards)
Just as they cannot hide activities such as this, they cannot escape the consequences... Sooner or later they'll be forced to eat the gelatinous residue that comes in EVERY can of SPAM®
-Whoppo-
============
I had a clever.sig, but I lost it in the divorce.
============
Kinda reminds me of the SouthPark episode where Chef battles the "Big Record Company".. Perhaps Napster should hire Johnny Cochrane for his famous "Chewbaka" defense ?
----------------------------------------------
Slashdot Mirror
good point... maybe I'll start a "best of" collection, featuring nothing but hot gel-showering hot chicks. ...stay tuned!
Hot gel-showering hot chicks aside.. I kinda like the series. I do think a "change of direction" would be an improvement though.. you can only go so far in space with that naive "we're from earth.. please don't kill us" thing. Maybe they'll develop some better weapons and grow some larger space nuts too!.. and MAYBE... just MAYBE... we'll get the scoop on this whole Klingon forehead thing.. No ridges... Ridges... That's a choice in potato chips, not aliens dammit!
Disk space aside... think about the bandwidth used.. I admin the firewall and internet connection for my employer, who has a total of ~5 megabits/sec of connectivity. Recently we've had problems with users sending very large attachments to large lists of internal users. This normally isn't an issue, but several of these users have set up rules to forward all of their work email to their home accounts. So one user sends a 200+ meg attachment to 35 other users, 20 of which have these forward-home rules.. alluva sudden we're trying to send 4 gigs of email attachements to residential broadband and dial-up ISP's... they transfer for a while... the remote host gags on the incoming mail and drops the connection... our servers try to resend. The result is HUGE consumption of our very expensive bandwidth and an imparement of legitimate traffic. If I had a choice, we'd limit everyone to 5-10 megs.. or less.. but the politics of our company won't allow this.. ::sigh::
But VeriSign is kind enough to send me reminders for ALL of my domains.. even the ones registered elsewhere.. They're so nice :)
So... with VeriSign out of the .org biz, who will send me "domain renewal" reminders 11 months before my .org domains are due to expire?
Hey Bri.. :) Drop me a line sometime and let me know what *else* you've been up to!
No sweat bro.. there was really still a few kb/s there for me . The hardware looks fsckin' great btw!.. Glad to see you're still having fun
Ack! I can't get to my server that's sitting on the rack beside bri's machine (rm-r.net). Y'all stop trying to get there for a few minutes so I can retrieve my email.. ok? Thanks :)
and you won't have a problem with downstream traffic :)
Haven't they had "Surprise Inside" printed on the box since the Intel lawyers were runny-nosed kids hoping for a toy whisle ?
I'd have to agree.. I downloaded smoothwall 0.9.9SE a few months ago while searching for a low/no cost site-to-site VPN solution. The install was quick and easy, and although I needed to modify some of the scripts to make the Free-S/WAN VPN components interoperate with my Checkpoint FireWall-1/VPN-1 gateway at work, the end result is a secure and stable firewall with the desired full-time encrypted connection to the office. Now I've seen Mr. Morrell's postings to the "gpl" mailing list, and I don't think he's going to win any awards for open-source customer service, but his product delivers as advertised and then some. It's certainly worth the download to try it out, and most likely will be worth a nominal donation to most users. Features include statically or DHCP assigned external address, modem support with dial-on-demand, Intrusion detection (snort), web and DNS proxies, DMZ interface support, IPSec comliant VPN, traffic logging with nifty graphs, an easy-to-use SSL web interface and a few other little goodies.
The Linksys-type devices are normally pretty basic appliances that offer filtering, port forwarding, NAT, etc.. and often include a small hub for a few machines. They're inexpensive and quite effective for the intended use. :P). The Linux firewalls offer far more power and flexibility, but require some techincal savvy. The enterprise class devices just cost too damn much :)
:)
IPCHAINS/IPTABLES on a linux box is generally far more configurable than the afore mentioned appliances, and in many cases, more stable (I know of several linksys-type devices that crash several times/week.. Mileage may vary.) The Linux-based solutions can be configured to produce far more traffic logging, shaping (bandwidth control), etc. and can easily include great intrusion detection utilities like snort. The Linux way can also be used for true IPSec compliant VPN's with Free-S/WAN. ("Appliances" that offer IPSec start at between $500-$1000).
The big-bucks "enterprise" solutions offer similar firewalling features to linux with IPtables, but often include a nifty managaement tool that can control several such devices. They also support IPSec VPNs and can generally do so at high bandwidth (it takes a few CPU cycles to pump out 3DES encrypted packets). Many of the high-end devices are actually routers at heart, so they can also do intelligent routing.
Summary: the linksys-type things are great for non-techie type users (or lazy folks
Hope this helps.. and tell your friend for me that linux firewalls kick much ass
product (proh dukt)
:-)
n.
1.Something produced by human or mechanical effort or by a natural process.
Sure looks like a product to me
Being a geek *and* the firewall/vpn admin for a large network I was compelled by geekiness to set up a tunnel between the corporate network and my home network. The lack of desire to spend way too much money for an IPSec compliant appliance I opted to try numberous open source solutions, including Smoothwall 0.9.9se. Despite a few shortcomings, I found the "Smoothie" to be quite impressive. A 23 Meg ISO image yielded a bootable CD that installed without a hitch, identified all the hardware and prompted well for install input (reading the install docs is of course advisable). The box was online is just about 10 minutes with internal clients playing quake and surfing for porn. A quick, yet educated review of the default configurations and a nmap scan and I was confortable with the security... onto the VPN config: A straight forward, web based config menu has fields for all the usual Free-S/WAN VPN stuff, like gateway IP's, site network IP's, next-route-hop IPs, preshared secret, but lacked some specific config options that are needed to create a tunnel with a Checkpoint FW-1/VPN-1 gateway (the reason I was trying this product). Manually adding these config options to the ipsec.conf file was easy enough and in just a short while I was enjoying an IKE/3DES/MD5 tunnel into work.. well.. maybe "enjoying" isn't the right word. My next step was to add a few additional work subnets to the tunnel. This is done by creating an additional connection.. like a second tunnel with the same addresses and preshared secret.. piece of cake.. except, adding more info to the VPN configuration overwrites the ipsec.conf file with a newly created one. Doh!. Fortunately, the web interface is well written and it was pretty easy to add some code to make the admin script create the new ipsec.conf file with the Checkpoint specific changes. Total time invested for a fully functional, easily configurable firewall/VPN: just a few hours. Satisfaction level: 90% Summary: It's easy, fast and works as advertised. Pros: Fast install, Works with Static or dynamic IP's, Many other good features (check the website for details)., Easy to customize the code for personal gratification. Cons: it could offer more flexible IP chains config thru the web interface, Could use those additional VPN options for Checkpoint interoperability. I like it and the smoothwall folks can expect documentation of checkpoint compat. fixes along with a PayPal donation very soon.
Well.. I liked the first 5 or 6 items I saw, but after closing the 8 or 9 pop-up windows that followed, I opted to stop looking at toys.. Damn I hate pop-up ads.
My experiences with the Maxtor 30 gig 7200rpm drives have caused me to scratch Maxtor off my "approved vendor" list. When he first one failed (6 weeks after install), they tried to tell me my warranty was void because I was running it in a Linux server (the first contact there didn't know what linux was). They *finally* sent a refurb to replace it, complete with dented case... it lasted 5 days.. to make a long, painful story short.. I went through EIGHT drives in less than one year. Odds are that it was just a problem with that particular model, but the level of service I received made me vow to never give them another penny..
I maintain several mailing lists for both work and non-work related topics.. This is the book that taught me how to do it. It certainly gets a thumbs-up from me. It does, however, need a little updating. Maybe the next revision will include some of the newer MLM's.. like Mailman.. that'd be nice.. Also, for security reasons, newer versions of Sendmail want nothing to do with directories that are "group writable". This was a small headache until I decyphered the error messages, but should be taken into account in the next revision of the book. (yes.. I did send e-mail to O'Reilley about this one). Still, like most O'Reilley books... it's worth buying!
Being in my mid-40's. it's sometimes difficult to remember what my school daze were like.. I do, however, remember that there was no fear, violence, bullying, etc. Why? That's an easy question to answer.. We were all too damned stoned to be violent!! We now live in the D.A.R.E era.. and as a result, kids just aren't smoking enough pot. Without the *clouds* to shelter them from reality, today's kids are realizing what a screwed up world we really live in, hence the tendency to go a little crazy. So is the answer to this problem going to be mandatory weed for high school kids? maybe.. it would certainly mellow them out... and we don't really need to worry about a generation of "dumber" kids.. windows(tm) is already seeing to that for us. Then there's the issue of "mood altering" drugs.. you know.. those nasty little pills that are being pushed on our kids by every scumbag counselor that can't deal with kids problems the good old fashioned way (patience and understanding). Do you want your kids to be dependent on a Pfizer(tm) product to make them socially acceptable? Hell.. I'd rather see my kids smoke a joint. (Disclaimer- this post is meant to impart a bit of humor on an otherwise serious subject. Flaming me re: the content of this post will only cause me to laugh at you.)
roadrunner in Maine (one of the first two rr.com systems in the US) pretty much kicks a$$, IMHO. They spec the service as 8Mbits/sec downstream and 2Mbits/sec upstream. The various "speed test" websites never seem to give me any useable info, so I'll cite more realistic references.. from ftp.netscape.com I normally get anywhere from 3 to 6 Mbits/sec... consistantly. Upstream speeds are equally acceptable, regularly in the 1.5Mbit/sec range.. occasionally hitting 2.5 to 3Mbit/sec. The cost is $35.00 and includes 5 dynamic IP's which seldom change (I've got 3 IP's that haven't changed in over a year). Now if only their customer support was as impressive as the performance.
The idea of dual purpose machines is a good one.. Using PC's both as workstations and nodes of a cluster not only shows that clustering doesn't really require any special hardware, but it makes it easier to justify the money for somewhat decent machines. There's no real difference in clustering dedicated nodes or making a "Cluster of Workstations"... essentially instead of headless boxes on a shelf, you're just using complete PC's (monitors, keyboards, etc). It's easy enough to set the PC's up for dual-booting, say between Linux and some other (*cough*) operating system, and since recent versions of Red Hat (and others) now support clustering right out of the box, most of the work has already been done for you. As for how many boxes you need, you can prove the concept with as little as two or three.. adding more later on is no problem at all. You will want good networking between the machines.. definitely 100Mbit switched or better. Point your favorite search engine towards the phrase "Cluster of Workstations" and you're bound to find plenty of examples. Good luck and don't forget to post your results soomewhere !
Quake Server
If you put lots of explosions, flames, and glowing, rotating skulls on your page, the cute little H4X0R kiddies will phear and respect you and leave you alone cuz they'll think you're "l33t".. If that's not an option, clear information in a sanely organized layout often makes for a useful website.. no flash, low bandwidth images (if any at all), little or no java to save us linux/netscape users from aggrivation and keep the content current. Simple, but effective.
With all the DoS activity that's been going on for the past year or two, I have to wonder when the ISP's are going to take it seriously enough to filter "spoofed IP" packets originating from their customers. If the packet-stormers are denied the veil of spoofing, they should be easy enough to deal with... assuming of course that the upstream providers actually give a sh*t. (I've been ignored by several large ISP's when offering logs of their users attacking my servers). Unfortunately, the rapid growth of broadband internet access hasn't been accompanied by an equal growth of responsibility... hence the script kiddies can play their games ::sigh:: (disclaimer: I refer to them as "kiddies" to reflect the aparent level of maturity, NOT age.. my 14 year old son is far more mature than these bastards)
For what it's worth, this book is only $58.95 (US) at http://www.bookpool.com.
Just as they cannot hide activities such as this, they cannot escape the consequences... Sooner or later they'll be forced to eat the gelatinous residue that comes in EVERY can of SPAM® -Whoppo- ============ I had a clever .sig, but I lost it in the divorce.
============
Kinda reminds me of the SouthPark episode where Chef battles the "Big Record Company".. Perhaps Napster should hire Johnny Cochrane for his famous "Chewbaka" defense ? ----------------------------------------------