It's been mentioned already by many posters that WEP is insecure. Take a look at AirSnort for details, but basically, depending on the traffic of your network, you can be cracked in as little time as under a day.
Talk about a false sense of security.
WEP is completely disabled to reduce needless overhead on my AP. But I do run a certificate based relaying (See http://vpn.ebootis.de/ & http://www.freeswan.ca/ for details. So if you don't have the right certificate, you can't route any packets in or out of my wireless network.
This kind of a thing is nothing new. People have been taking stereoscopic photos for years. Actually the craze was back in the 50's. Most of the stereoscopic cameras you can still buy are mostly made in the 50's with a very few exceptions.
Redhat = Samuel Adams. - Why would anyone with any knowledge of beer pick a brit brew for an American distro? Commonly available and well known. Not the best amber in its class, but certainly deserves (great nose - aromatic hops) to be mentioned on anyone's best ale list.
Debian = Celis White. - I'll continue on the wheat beer theme, and this is a great wheat beer. It's hard to get your hands on one. It's cloudy and has yeast on the bottom so it may scare the first timers. But once you get to know it well, you come to love it for its quirkiness.
Slackware = Anchor Old Foghorn. - No casual weekend drinker's beer. If this is your first time, order yourself a half-pint. You don't know what you're getting yourself into.
SuSE = Erdinger Weissbier Dunkel. - Another wheat beer, but darker and full. Meticulously brewed like the distro. Despite being a great beer, few people in the US will ever try it.
MacOS = Smirnoff Ice. - This one's for the hip and groovy image conscious crowd. No one who actually likes beer would ever drink this.
Well, Norway has a brew call Aass beer. It also comes in a stronger Aass Bock, which is the version that's actually worth drinking.
The best thing about drinking beer in Norway though (definitely not the price, which is about $7 per glass), is the Chillinotters (breaded peanuts with spices). You can't ask for a better beer nut. Oh, that and the fact that Norwegians love to get stumbling drunk.
There are other Norwegian beers, but they mostly taste like ass. =)
I used to use dnsbls. When it was clear that blacklists weren't sufficient, I used them in conjunction with filtering. Then I had trouble with false positives of various dnsbls to the point where I'm now only using the filters. Of course, simply filtering doesn't solve the network and computing resources problem. So I had hatched Yet Another Plan for Spam a while back (had mucked around a bit with implementing it but got distracted).
The plan is essentially to use bayesian analysis of incoming mail to detect "open relays" and maintaining a personalized dnsbl. Initially every piece of incoming mail is analyzed. Upon being tagged spam, the connecting IP is added to the dnsbl preventing additional relaying of messages.
Pros:
1. No external testing/probing is required. All blacklisted IP's have been known to be an originator/relay point of spam. 2. A copy of the spam message can be retained in case of any dispute. 3. It's a personalized dnsbl so that it is generally immune to becoming a target by spammers (either ddosed or litigation). 4. A false positive does not impact systems not directly under your control. 5. Corrections to the dnsbl can be made as urgently as your time would allow. 6. Saves network and cpu resources due to rejection of additional messages from blacklisted IPs.
Cons: 1. Bayesian filter requires training and maintenance. 2. Personal dnsbl also means personal attention. More time and resources required to manage. 3. Not immune to false positives (actually amplifies the effect).
I'm sure I've missed some points on both the pros and cons, but it's a start.
Additional details of the plan had included a web interface for the blacklisted IP's delist the IP. The scheme works on a token system. Each IP is given a configured number of tokens per a configured period. Each delisting requires a token and is subtracted. Hopefully, this will minimize manual effort as it's trivially easy to get delisted (only requiring the blacklisted admin to visit a page and click on a button). However, if the problem is not fixed and the same IP continues to get listed and runs out of tokens, then my plan was to have the blacklisted party to purchase more tokens (something like the same webpage generating a tracking number linked to a paypal account). That way, there would also be financial incentives for the admin to fix their open relays.
My intention with the personal dnsbl was to reject future SMTP relay attempts based on IPs that have been known to relay spam. It doesn't exist to identify every open relay or proxy, but simply to deny those hosts the opportunity to send me more spam. I could careless if someone is running an open relay as long as it doesn't send me spam. So my plan is to only reject mail from people that have actually spammed me, and not in theory of being capable of spamming me. And the reason to use the connecting IP instead of any content in the email is to prevent junk data (too easily spoofed).
Anyhow, that was my YAPS. If enough people used such a system, it would probably put a decent dent in spam and open relays.
I'm not disagreeing with the posters that stated that he has low sample size. It might be one of the problems why he doesn't have a higher catch or recall rate.
The main problem I see with bayesian filters is that they are complicated and nontrivial to set up. I've been playing with Bogofilter for several months. And even with sub 1000 corpuses, I get a very high catch rate (greater than 90-some %, though I don't have exact numbers).
The method that I've employed is start with a small set of three hundred or so ham and spam corpuses, then to train on error over time. It's a pain in the ass because I still have to continually inspect the results and tweak the databases.
In addition to that, there are at least a half a dozen parameters that contribute to the success or error rates. So much so that bogofilter actually comes with bogotune to analyze the corpuses to suggest optimal parameters.
So give the guy a break. I wouldn't say his results are robust enough for an academic publication, but it isn't worthless. It's interesting enough for a read. It's more work than many of us are willing to do.
Size isn't an issue, my current MP3 player being a MP3-CD player. The big thing is price. In the US the 30GB Zen costs $300, the 30GB iPod costs $500.
So the difference is $200 give or take. The Zen NX isn't quite as small as the new iPod, but it's much smaller than the original Zen.
One of the coolest things about the Nomad's is Notmad Explorer, or more specifically, the Notweb Explorer. It's a cool web interface to your mp3 player. You can browse it, search it, download or stream your mp3's. Very cool.
The battery life is significantly longer on the Zen NX (and the battery is user removable). Also very cool.
Bleem did as much to kill themselves as anything Sony could have done. First they were late on their shipping date for something like a year. Then instead of releasing a single disc that could be used for all games, they released four separate discs that were tweaked for only certain titles, etc.
And this is not to mention that the controllers weren't compatible (two analog sticks on the Sony, only one on the Dreamcast).
It all became such a pain in the ass, that it was simply easier to pick up a PSX1 on the cheap if you really wanted to play PSX1 games.
Disclaimer: The tech scene in Ghana was and is probably changing at a phenomonal pace. Anything I say below could be wrong not only because it might be completely outdated, but also because it's a complicated place both politically and technologically. But to the best of my knowledge, the information below is accurate.
I was in Ghana as a volunteer last August, and I actually worked for a Ghanaian ISP that terminated VOIP calls, in addition to consulting and helping other "ISP's" set up VOIP gateways.
The legality was murky at best. Everyone gave me conflicting answers about whether it was legal or not. From the prevalence (I'll explain later), I would say that it's certainly tolerated. Few people (if any) ever got busted for doing VOIP. Part of the reason is that corruption is so rampant, you can easily dash (bribe) your way out of any trouble if you're willing to pay up.
Most "Internet Cafe's" or ISP there (most) with their own satellite were doing VOIP. The math was easy. A 512 down/384 up connection were costing about $8,000 U.S. per month (this is before fiber became available). You can't sign up any decent amount of dialup customers because most people didn't have phonelines and GT (Ghana Telecom) would take its sweet time pulling lines.
In fact, it took something like 18 months I believe for the NGO that I was volunteering for to get two lines (and I believe they had to totally work their connections). Almost all businesses and expats resorted to cellphones (the dominate player was Spacefon, I believe it's actually a scandinavian company that worked out some sort of a sweet deal that can't be revoked). But it's almost impossible to call a cellphone from a landline or vice versa (another long story, also has to do with the fact that GT is a government owned monopoly).
Internet Cafe's were a joke. They typical charge was something like 4,000 cedis to 10,000 cedis per hour. That translates to about 40 cents to just over a dollar. Nevermind whether the typical Ghanaian can afford those prices, if you have to pay out something like $8,000 per month just for the bandwidth, you simply can't make your money back.
So instead, what you do is to set up an "ISP/Internet Cafe" and you really do sign up customers and such. But what you really do is to get GT to pull a bunch of phonelines to your premises. Then you install a VOIP gateway and negotiate with western telecomms to terminate calls to those phonelines. That was the only way that they can pay for the bandwidth. Even in the U.S., voice services are much more lucrative than data services.
The "ISP" that I worked for not only terminated calls of their own, they also helped other places set them up as well (they charged a consult fee in addition to getting some sort of kick back from the bandwidth provider). I personally help with a couple of those and helped setting up a traffic shaper/bandwidth limiter.
They were actually in negotiations with GT to help them set up a prepaid card system that used VOIP. But I don't believe it ever got anywhere. The trouble with GT is that they had a monopoly and didn't have any incentive to be competitive. And because long distance voice services profits are very high, they have almost no reason why they want to change things.
So while private companies are definitely adopting VOIP, I don't believe GT is actually taking advantage of the technology. I actually sat in on a meeting with some higher-ups at GT. They didn't seem to care that it's a good technology or it would be the right thing to do. The primary interest definitely seemed to focus on how they (personally) would benefit. It's not out in the open of course. And they would never mention it. Only how there are little things that are wrong on your applications and paperwork, and how they just haven't had to chance to pass it on to the right person yet.
Either way, it was certainly flourishing. Just about every client visit where the "ISP/Internet Cafe" that had a satellite, there were VOIP gateways terminating calls.
It seems odd that people are leaving out this very important fact. Sure, you can build faster PC's for just a tad over the price of the Xbox. But what you can't do on your spiffy new PC is to play the console games that you can on your modded Xbox.
So with a modded Xbox, you get a pretty decent gaming console (with a game controller - no one seemed to factor this into their price either), a multimedia system (especially if you buy the remote), or a Linux box (probably for playing MAME games - 64MB of RAM isn't spiff-o-riffic if you plan to run X).
This is not even mentioning the "sticking it to Microsoft" coolness factor too.
Either way, there are reason why you might consider modding a Xbox instead of building a PC.
Slight correction - this is for cleanly tearing down established connections - if you suddenly impose a -j drop rule on a connection, that connection *will* be torn down, just not as cleanly
"-j DROP" does no such thing. DROP does exactly as it implies. It silently drops packets with no acknowledgement.
The cutter project injects RST packets into an established connection causing aborts on both end nodes. Cleanly tearing down a TCP connection would be to do a 4-way TCP handshake by sending ACK-FIN packets.
Man, I hope I don't get flamed by some newbie for this. This post and all of the subthread posts are wrong.
The "-j DROP" target is (mostly) unrelated to the project highlighted by this thread. Please let me explain.
The great advance of the Netfilter/Iptables code is the connection tracking table (ergo Iptables). The problem is that once the connection (not simply TCP, but UDP, and possibly other protocols as well) has been "ESTABLISHED", the firewalling code no longer examines the packets. See the packet traversal diagram for details.
Basically, the earliest place you can have access to the packet and dropping it is in the mangle table in PREROUTING. However, if a packet belongs to a previously established connection, it would already be matched by the conntrack table in PREROUTING. Therefore, it becomes impossible to drop packets belonging to that connection. This _is_ precisely the reason why the aforementioned project was created, to deal with this problem.
Of course, if Netfilter/Iptables had the ability to remove specific entries from the connection tracking table, none of this would be necessary (but that's already the subject of another post).
Though I haven't taken a careful look at the project, but this project exposes one major flaw of the Netfilter/Iptables firewalling code. Namely, it's impossible to flush the kernel connection tracking table without a reboot (or a complete unload of the Netfilter modules).
Connection tracking is a wonderful thing, and if you can flush out certain connections, this project wouldn't be necessary at at. Instead, there's no mechanism for aborting connections other than by injecting packets into a connection and getting both sides to abort.
This is probably a bad idea as well as RST packets don't have to be acknowledged (that's why they're RST, and not FIN). I might be completely wrong here, but this most likely leaves the connection in the tracking table alone to timeout on its own (which according to/usr/src/linux/net/ipv4/netfilter/ip_conntrack_pro to_tcp.c is 5 days!).
And speaking of the timeouts, there are no sysctl adjustments possible. If you want to change the timeouts, you'd have to edit the kernel source and recompile. How's that for a giant pain?
Don't get me wrong, I like plenty of things about Netfilter/Iptables. But it's not "enterprise ready" yet.
Clearly both writers had the same source to work with, but the sfgate article was much more researched, thought-out, and nicely tied together. Even when I had only read the BBC article, I was shocked at how poorly structured the article was.
If you're only going to read one of the two, read the sfgate piece.
Something about that struck me. If the natural state of affairs is for a wide genetic diversity even in a small group - such as the chimps, then why wasn't there a similar diversity in the 2000 people who went on to sire the rest of us.
IANAG(eneticist), but I would say that this is most likely due to a concept known as founder's effect in population genetics. There looks like there's an interesting page curtesy of googlecache.
Think of it in these terms. Whatever your genetic diversity happens to be, if you reduce a population from two million down for two thousand, you're going to lose a lot of diversity. Further, especially that population reduction was due to some selection pressure (may immunity to some disease), you're going to target a very select subset of the population (known as hard selection). So what happens is that you end up with much less genetic diversity than you would have otherwise (diversity takes time to build up).
In the case of the chimps, if they've not gone through a recent "extinction" scare, and have had a long, long time for their genome to diverge and mutate, even if you just sample a small group of 60 or so chimps, they're going to exhibit much more diversity simply because they've had so much more time for their genome to wander or drift.
I don't know what you mean when you say high volume, but...
If you're not having a speed of printing issue, but are having trouble with the printer jamming, what you should look into is getting a good service contract. No matter what kind of "high volume" printer you get, excessive printing will wear down the rollers and cause a lot of paper dust to accumulate. The only way to keep them going is by cleaning them and replacing the rollers when they wear out.
I worked at a place that had 12 printer on a single floor that printed between 5,000 to 10,000 pages per printer per month. They were all great printers, but on average needed to be serviced ever six to eight weeks to keep working.
I'd recommend getting an additional printer, and getting a service contract on both printers when one needs to be serviced.
Keep in mind that the PowerPC architecture can do quite a bit more per clock tick than x86 hardware, so a 1.33 GHz PowerPC can probably perform about the same as at least a 2 GHz Pentium 4.
I get tired of hearing this. Real world performance is a complicated thing. Nevermind the raw computing power of the CPU (how are you going to determine this?), there's OS overhead, application optimization, compiler optimization, etc. that would significantly impact the end performance. Of course there's plenty of finger pointing when that happens.
Of course, this would vary quite a bit depending on the task at hand; only benchmarks will show the real numbers.
*ahem* Benchmarks? Only real world performance will show real world performance. =)
It seems to me that Apple is looking to move back to the older concept of the UNIX server: a high-end server and a (mostly) proprietary UNIX operating system sold together as a unit. For a while, it seemed like Linux and cheap-as-dirt x86 hardware were going to do away with this; now Apple is trying to introduce it as a product, albeit with more of an open soure component. Only time will tell if they can make money on this. My guess? They'll get a steady but not dominating niche market, much like they have with home computers (and for that matter, much as "big iron" UNIX still has.)
My guess is that unless a particular company needs a powerpc processor for a very specific reason, there's almost no way anyone would pick the Xserver over cheap commodity x86 hardware running Linux (despite the SCO clown show). The reason? Total control. The hardware is available anywhere (don't have to rely on any single company). The software isn't an issue. At worst, you'd have to develop your own custom Linux app to serve your needs. Either way, it's a lot safer than to tie my company's future to Apple.
This only works until the protocols become smarter.
This post is definitely right on and deserve to be modded up.
Basically, the l7-filter project is a pattern identifier based on packet payload (data) and not simply the headers. What this allows you to do is to generate signatures of protocols you wish to match.
This works right now because most firewalls and shapers do not look at the packet payload for shaping, and the applications AREN'T trying to foil that. But pattern based packet payload analysis becomes common enough, you can bet that certain protocols will start to masquerade as others to try and get through filters.
Just take Spamassain or other Bayesian based spam filters for example. Spammers are already modifying the contents of emails and inserting extraneous words to evade matches.
This is not to say that layer 7 filtering isn't worth doing. It just means that like the previous poster said, it'll be an arms race until it becomes too tough to distinguish legitimate traffic from masqueraded traffic that it won't be worth doing anymore.
If I remember correctly, some enterprising folks managed to do this a couple of years ago when hacking Virgin's Webplayer. I can't find any archives, but Google's cache (http://216.239.53.100/search?q=cache:nFk2b5yLOY8J:snoopy.net/pipermail/iopener/2000-May/thread.html +16mb+flash+webplayer&hl=en&ie=UTF-8) shows that someone managed to get WinMe to fit under 16MB back in May of 2000.
Slashdot Mirror
It's been mentioned already by many posters that WEP is insecure. Take a look at AirSnort for details, but basically, depending on the traffic of your network, you can be cracked in as little time as under a day.
Talk about a false sense of security.
WEP is completely disabled to reduce needless overhead on my AP. But I do run a certificate based relaying (See http://vpn.ebootis.de/ & http://www.freeswan.ca/ for details. So if you don't have the right certificate, you can't route any packets in or out of my wireless network.
Have fun cracking a 1024-bit RSA key.
This kind of a thing is nothing new. People have been taking stereoscopic photos for years. Actually the craze was back in the 50's. Most of the stereoscopic cameras you can still buy are mostly made in the 50's with a very few exceptions.
http://home.att.net/~drt-3d/toys/bogen/index.htm.
David Burder made a custom stereoscopic digital camera, but as far as I know, it's not really for sale.
There's a page that describes the mod at http://www.llamma.com/xbox/Mods/xbox_controller_to _pc_usb.htm.
The driver is available at http://sourceforge.net/projects/xboxhid/.
Redhat = Samuel Adams. - Why would anyone with any knowledge of beer pick a brit brew for an American distro? Commonly available and well known. Not the best amber in its class, but certainly deserves (great nose - aromatic hops) to be mentioned on anyone's best ale list.
Debian = Celis White. - I'll continue on the wheat beer theme, and this is a great wheat beer. It's hard to get your hands on one. It's cloudy and has yeast on the bottom so it may scare the first timers. But once you get to know it well, you come to love it for its quirkiness.
Slackware = Anchor Old Foghorn. - No casual weekend drinker's beer. If this is your first time, order yourself a half-pint. You don't know what you're getting yourself into.
SuSE = Erdinger Weissbier Dunkel. - Another wheat beer, but darker and full. Meticulously brewed like the distro. Despite being a great beer, few people in the US will ever try it.
MacOS = Smirnoff Ice. - This one's for the hip and groovy image conscious crowd. No one who actually likes beer would ever drink this.
Well, Norway has a brew call Aass beer. It also comes in a stronger Aass Bock, which is the version that's actually worth drinking.
The best thing about drinking beer in Norway though (definitely not the price, which is about $7 per glass), is the Chillinotters (breaded peanuts with spices). You can't ask for a better beer nut. Oh, that and the fact that Norwegians love to get stumbling drunk.
There are other Norwegian beers, but they mostly taste like ass. =)
I used to use dnsbls. When it was clear that blacklists weren't sufficient, I used them in conjunction with filtering. Then I had trouble with false positives of various dnsbls to the point where I'm now only using the filters. Of course, simply filtering doesn't solve the network and computing resources problem. So I had hatched Yet Another Plan for Spam a while back (had mucked around a bit with implementing it but got distracted).
The plan is essentially to use bayesian analysis of incoming mail to detect "open relays" and maintaining a personalized dnsbl. Initially every piece of incoming mail is analyzed. Upon being tagged spam, the connecting IP is added to the dnsbl preventing additional relaying of messages.
Pros:
1. No external testing/probing is required. All blacklisted IP's have been known to be an originator/relay point of spam.
2. A copy of the spam message can be retained in case of any dispute.
3. It's a personalized dnsbl so that it is generally immune to becoming a target by spammers (either ddosed or litigation).
4. A false positive does not impact systems not directly under your control.
5. Corrections to the dnsbl can be made as urgently as your time would allow.
6. Saves network and cpu resources due to rejection of additional messages from blacklisted IPs.
Cons:
1. Bayesian filter requires training and maintenance.
2. Personal dnsbl also means personal attention. More time and resources required to manage.
3. Not immune to false positives (actually amplifies the effect).
I'm sure I've missed some points on both the pros and cons, but it's a start.
Additional details of the plan had included a web interface for the blacklisted IP's delist the IP. The scheme works on a token system. Each IP is given a configured number of tokens per a configured period. Each delisting requires a token and is subtracted. Hopefully, this will minimize manual effort as it's trivially easy to get delisted (only requiring the blacklisted admin to visit a page and click on a button). However, if the problem is not fixed and the same IP continues to get listed and runs out of tokens, then my plan was to have the blacklisted party to purchase more tokens (something like the same webpage generating a tracking number linked to a paypal account). That way, there would also be financial incentives for the admin to fix their open relays.
My intention with the personal dnsbl was to reject future SMTP relay attempts based on IPs that have been known to relay spam. It doesn't exist to identify every open relay or proxy, but simply to deny those hosts the opportunity to send me more spam. I could careless if someone is running an open relay as long as it doesn't send me spam. So my plan is to only reject mail from people that have actually spammed me, and not in theory of being capable of spamming me. And the reason to use the connecting IP instead of any content in the email is to prevent junk data (too easily spoofed).
Anyhow, that was my YAPS. If enough people used such a system, it would probably put a decent dent in spam and open relays.
Any volunteers?
There's actually been quite a bit of research to do motion blending so that the transition between states are not noticeably unnatural.
So the real answer is, it's not a limitation of mocap, but current application of the technology.
I'm not disagreeing with the posters that stated that he has low sample size. It might be one of the problems why he doesn't have a higher catch or recall rate.
The main problem I see with bayesian filters is that they are complicated and nontrivial to set up. I've been playing with Bogofilter for several months. And even with sub 1000 corpuses, I get a very high catch rate (greater than 90-some %, though I don't have exact numbers).
The method that I've employed is start with a small set of three hundred or so ham and spam corpuses, then to train on error over time. It's a pain in the ass because I still have to continually inspect the results and tweak the databases.
In addition to that, there are at least a half a dozen parameters that contribute to the success or error rates. So much so that bogofilter actually comes with bogotune to analyze the corpuses to suggest optimal parameters.
So give the guy a break. I wouldn't say his results are robust enough for an academic publication, but it isn't worthless. It's interesting enough for a read. It's more work than many of us are willing to do.
Also an interesting read is Comparing Bayes Chain Rule with Fisher's Method for Combining Probabilities.
Lest you might have to constantly fight strangers dressed in karate outfits only to walk into the bedroom and get kicked in the head by your girlfriend.
It's way more stylish (aka chicks dig it)
*shaking head* You'd have better luck spending the extra $200 you saved on hookers if that's what's important to you.
Size isn't an issue, my current MP3 player being a MP3-CD player. The big thing is price. In the US the 30GB Zen costs $300, the 30GB iPod costs $500.
So the difference is $200 give or take. The Zen NX isn't quite as small as the new iPod, but it's much smaller than the original Zen.
One of the coolest things about the Nomad's is Notmad Explorer, or more specifically, the Notweb Explorer. It's a cool web interface to your mp3 player. You can browse it, search it, download or stream your mp3's. Very cool.
The battery life is significantly longer on the Zen NX (and the battery is user removable). Also very cool.
Bleem did as much to kill themselves as anything Sony could have done. First they were late on their shipping date for something like a year. Then instead of releasing a single disc that could be used for all games, they released four separate discs that were tweaked for only certain titles, etc.
And this is not to mention that the controllers weren't compatible (two analog sticks on the Sony, only one on the Dreamcast).
It all became such a pain in the ass, that it was simply easier to pick up a PSX1 on the cheap if you really wanted to play PSX1 games.
Disclaimer: The tech scene in Ghana was and is probably changing at a phenomonal pace. Anything I say below could be wrong not only because it might be completely outdated, but also because it's a complicated place both politically and technologically. But to the best of my knowledge, the information below is accurate.
I was in Ghana as a volunteer last August, and I actually worked for a Ghanaian ISP that terminated VOIP calls, in addition to consulting and helping other "ISP's" set up VOIP gateways.
The legality was murky at best. Everyone gave me conflicting answers about whether it was legal or not. From the prevalence (I'll explain later), I would say that it's certainly tolerated. Few people (if any) ever got busted for doing VOIP. Part of the reason is that corruption is so rampant, you can easily dash (bribe) your way out of any trouble if you're willing to pay up.
Most "Internet Cafe's" or ISP there (most) with their own satellite were doing VOIP. The math was easy. A 512 down/384 up connection were costing about $8,000 U.S. per month (this is before fiber became available). You can't sign up any decent amount of dialup customers because most people didn't have phonelines and GT (Ghana Telecom) would take its sweet time pulling lines.
In fact, it took something like 18 months I believe for the NGO that I was volunteering for to get two lines (and I believe they had to totally work their connections). Almost all businesses and expats resorted to cellphones (the dominate player was Spacefon, I believe it's actually a scandinavian company that worked out some sort of a sweet deal that can't be revoked). But it's almost impossible to call a cellphone from a landline or vice versa (another long story, also has to do with the fact that GT is a government owned monopoly).
Internet Cafe's were a joke. They typical charge was something like 4,000 cedis to 10,000 cedis per hour. That translates to about 40 cents to just over a dollar. Nevermind whether the typical Ghanaian can afford those prices, if you have to pay out something like $8,000 per month just for the bandwidth, you simply can't make your money back.
So instead, what you do is to set up an "ISP/Internet Cafe" and you really do sign up customers and such. But what you really do is to get GT to pull a bunch of phonelines to your premises. Then you install a VOIP gateway and negotiate with western telecomms to terminate calls to those phonelines. That was the only way that they can pay for the bandwidth. Even in the U.S., voice services are much more lucrative than data services.
The "ISP" that I worked for not only terminated calls of their own, they also helped other places set them up as well (they charged a consult fee in addition to getting some sort of kick back from the bandwidth provider). I personally help with a couple of those and helped setting up a traffic shaper/bandwidth limiter.
They were actually in negotiations with GT to help them set up a prepaid card system that used VOIP. But I don't believe it ever got anywhere. The trouble with GT is that they had a monopoly and didn't have any incentive to be competitive. And because long distance voice services profits are very high, they have almost no reason why they want to change things.
So while private companies are definitely adopting VOIP, I don't believe GT is actually taking advantage of the technology. I actually sat in on a meeting with some higher-ups at GT. They didn't seem to care that it's a good technology or it would be the right thing to do. The primary interest definitely seemed to focus on how they (personally) would benefit. It's not out in the open of course. And they would never mention it. Only how there are little things that are wrong on your applications and paperwork, and how they just haven't had to chance to pass it on to the right person yet.
Either way, it was certainly flourishing. Just about every client visit where the "ISP/Internet Cafe" that had a satellite, there were VOIP gateways terminating calls.
It seems odd that people are leaving out this very important fact. Sure, you can build faster PC's for just a tad over the price of the Xbox. But what you can't do on your spiffy new PC is to play the console games that you can on your modded Xbox.
So with a modded Xbox, you get a pretty decent gaming console (with a game controller - no one seemed to factor this into their price either), a multimedia system (especially if you buy the remote), or a Linux box (probably for playing MAME games - 64MB of RAM isn't spiff-o-riffic if you plan to run X).
This is not even mentioning the "sticking it to Microsoft" coolness factor too.
Either way, there are reason why you might consider modding a Xbox instead of building a PC.
Slight correction - this is for cleanly tearing down established connections - if you suddenly impose a -j drop rule on a connection, that connection *will* be torn down, just not as cleanly
"-j DROP" does no such thing. DROP does exactly as it implies. It silently drops packets with no acknowledgement.
The cutter project injects RST packets into an established connection causing aborts on both end nodes. Cleanly tearing down a TCP connection would be to do a 4-way TCP handshake by sending ACK-FIN packets.
Man, I hope I don't get flamed by some newbie for this. This post and all of the subthread posts are wrong.
The "-j DROP" target is (mostly) unrelated to the project highlighted by this thread. Please let me explain.
The great advance of the Netfilter/Iptables code is the connection tracking table (ergo Iptables). The problem is that once the connection (not simply TCP, but UDP, and possibly other protocols as well) has been "ESTABLISHED", the firewalling code no longer examines the packets. See the packet traversal diagram for details.
Basically, the earliest place you can have access to the packet and dropping it is in the mangle table in PREROUTING. However, if a packet belongs to a previously established connection, it would already be matched by the conntrack table in PREROUTING. Therefore, it becomes impossible to drop packets belonging to that connection. This _is_ precisely the reason why the aforementioned project was created, to deal with this problem.
Of course, if Netfilter/Iptables had the ability to remove specific entries from the connection tracking table, none of this would be necessary (but that's already the subject of another post).
Though I haven't taken a careful look at the project, but this project exposes one major flaw of the Netfilter/Iptables firewalling code. Namely, it's impossible to flush the kernel connection tracking table without a reboot (or a complete unload of the Netfilter modules).
/usr/src/linux/net/ipv4/netfilter/ip_conntrack_pro to_tcp.c is 5 days!).
Connection tracking is a wonderful thing, and if you can flush out certain connections, this project wouldn't be necessary at at. Instead, there's no mechanism for aborting connections other than by injecting packets into a connection and getting both sides to abort.
This is probably a bad idea as well as RST packets don't have to be acknowledged (that's why they're RST, and not FIN). I might be completely wrong here, but this most likely leaves the connection in the tracking table alone to timeout on its own (which according to
And speaking of the timeouts, there are no sysctl adjustments possible. If you want to change the timeouts, you'd have to edit the kernel source and recompile. How's that for a giant pain?
Don't get me wrong, I like plenty of things about Netfilter/Iptables. But it's not "enterprise ready" yet.
Go to http://www.ict.usc.edu/disp.php?bd=proj_games_fsw for some screenshots and video.
It's shocking how much better the San Francisco Chronicle article is to the BBC article.
Clearly both writers had the same source to work with, but the sfgate article was much more researched, thought-out, and nicely tied together. Even when I had only read the BBC article, I was shocked at how poorly structured the article was.
If you're only going to read one of the two, read the sfgate piece.
Something about that struck me. If the natural state of affairs is for a wide genetic diversity even in a small group - such as the chimps, then why wasn't there a similar diversity in the 2000 people who went on to sire the rest of us.
IANAG(eneticist), but I would say that this is most likely due to a concept known as founder's effect in population genetics. There looks like there's an interesting page curtesy of googlecache.
Think of it in these terms. Whatever your genetic diversity happens to be, if you reduce a population from two million down for two thousand, you're going to lose a lot of diversity. Further, especially that population reduction was due to some selection pressure (may immunity to some disease), you're going to target a very select subset of the population (known as hard selection). So what happens is that you end up with much less genetic diversity than you would have otherwise (diversity takes time to build up).
In the case of the chimps, if they've not gone through a recent "extinction" scare, and have had a long, long time for their genome to diverge and mutate, even if you just sample a small group of 60 or so chimps, they're going to exhibit much more diversity simply because they've had so much more time for their genome to wander or drift.
Does that make more sense?
I don't know what you mean when you say high volume, but...
If you're not having a speed of printing issue, but are having trouble with the printer jamming, what you should look into is getting a good service contract. No matter what kind of "high volume" printer you get, excessive printing will wear down the rollers and cause a lot of paper dust to accumulate. The only way to keep them going is by cleaning them and replacing the rollers when they wear out.
I worked at a place that had 12 printer on a single floor that printed between 5,000 to 10,000 pages per printer per month. They were all great printers, but on average needed to be serviced ever six to eight weeks to keep working.
I'd recommend getting an additional printer, and getting a service contract on both printers when one needs to be serviced.
Keep in mind that the PowerPC architecture can do quite a bit more per clock tick than x86 hardware, so a 1.33 GHz PowerPC can probably perform about the same as at least a 2 GHz Pentium 4.
I get tired of hearing this. Real world performance is a complicated thing. Nevermind the raw computing power of the CPU (how are you going to determine this?), there's OS overhead, application optimization, compiler optimization, etc. that would significantly impact the end performance. Of course there's plenty of finger pointing when that happens.
There was a benchmark recently that showed Intel PC's trouncing Mac on video editing and Adobe expressing its preference.
Of course, this would vary quite a bit depending on the task at hand; only benchmarks will show the real numbers.
*ahem* Benchmarks? Only real world performance will show real world performance. =)
It seems to me that Apple is looking to move back to the older concept of the UNIX server: a high-end server and a (mostly) proprietary UNIX operating system sold together as a unit. For a while, it seemed like Linux and cheap-as-dirt x86 hardware were going to do away with this; now Apple is trying to introduce it as a product, albeit with more of an open soure component. Only time will tell if they can make money on this. My guess? They'll get a steady but not dominating niche market, much like they have with home computers (and for that matter, much as "big iron" UNIX still has.)
My guess is that unless a particular company needs a powerpc processor for a very specific reason, there's almost no way anyone would pick the Xserver over cheap commodity x86 hardware running Linux (despite the SCO clown show). The reason? Total control. The hardware is available anywhere (don't have to rely on any single company). The software isn't an issue. At worst, you'd have to develop your own custom Linux app to serve your needs. Either way, it's a lot safer than to tie my company's future to Apple.
This only works until the protocols become smarter.
This post is definitely right on and deserve to be modded up.
Basically, the l7-filter project is a pattern identifier based on packet payload (data) and not simply the headers. What this allows you to do is to generate signatures of protocols you wish to match.
This works right now because most firewalls and shapers do not look at the packet payload for shaping, and the applications AREN'T trying to foil that. But pattern based packet payload analysis becomes common enough, you can bet that certain protocols will start to masquerade as others to try and get through filters.
Just take Spamassain or other Bayesian based spam filters for example. Spammers are already modifying the contents of emails and inserting extraneous words to evade matches.
This is not to say that layer 7 filtering isn't worth doing. It just means that like the previous poster said, it'll be an arms race until it becomes too tough to distinguish legitimate traffic from masqueraded traffic that it won't be worth doing anymore.
If I remember correctly, some enterprising folks managed to do this a couple of years ago when hacking Virgin's Webplayer. I can't find any archives, but Google's cache (http://216.239.53.100/search?q=cache:nFk2b5yLOY8J :snoopy.net/pipermail/iopener/2000-May/thread.html +16mb+flash+webplayer&hl=en&ie=UTF-8) shows that someone managed to get WinMe to fit under 16MB back in May of 2000.