Neither of these cards support Channilization (at least as far as the linked text mentions)
As an ISP, I know the temptation to save $30,000 dollers seems like a good idea, but running a linux box with 28 routed interfaces (or more) seems like a recipe for disaster. I'd be more tempted to stick with a solution that works.
Thats not to say that Linux doesn't scale as a router. I know some people are routing OC3's (and possibly higher) with Linux, but thats usually not dealing with all the headaches of end users. EBGP, and the policies associated with it, QOS (which is a nightmare to the untrained on Linux, but relatively easy on Cisco), access-list setup (which may not be a problem, but would need to be handled by iptables. Your forwarding rules might run you into problems too. Too many rules and you might kill your CPU with higher traffic loads)
I'm amazed your even looking down this path. Most ISP's start with UNIX based solutions and move to "real" routers when things stop scaling properly. You've just about reached the limit on things scaling properly:)
We have one of those "premium" support contracts at work. One day CDE stopped working (something a about tooltalk libraries) so I logged in under openlook and started searching around to find answers. I found a guide for ways to fix it, tried everything in it and failed. Called sun for support.
The first guy asked me to do the same things I'd already done (fair enough, he can read from a guide too). Then when I told him I'd done all that he told me to try it and call him back if I still had the same problem.
I told him I'd like a callback in 30 min to f/u. Just in case he couldn't get in touch with me, I asked for his phone number. So basically, even though I knew his fix wouldn't help I gave him the benifit of the doubt. Or at least the chance to get off the phone and do more research.
I email him immediately to tell him things don't work. Nothing. 30 minutes passes. Nothing. 1 hour passes. Nothing.
I call him back and he's gone for the day (of course). I speak with one of his fellow tech support guys and he basically asks the same questions then gives me a few things that might work (at this point I'm away from my computer)
So I tell him I'll try the new stuff and f/u via email. When I get back I imediately try things and send him an email saying it didn't work.
Never get a response.
These were simple procedures to follow. No driver level debugging. This is deleting cache files, editing conf files and restarting deamons. Nothing that takes rocket scientists. But they still don't have an answer. To this day, if I still had the error message I'd like to know why Solaris broke in that particular way, and why it's not fixable.
So I endure the crap that is openlook for one week, then sit down and reinstall the machine. This fixes the problem of course.
But I don't tell Sun that. I figure I'd still like some help via email. So I wait. 2 months later I get an email from a Sun relationship manager asking if it's ok to close the case.
I write back and tell them "No it's not ok to close the case. You've not supported me at all in over 2 months."
So they immediately try to call me to try to resolve the issue. (As much good as calling does. I requested email).
Finally after explaining that I had to reinstall I closed the case. They apparently didn't care that their expensive contract just netted them good money and the customer got nothing out of it.
This is just story number 1. I've had to call them twice more and ended up giving up both times. Sun support doesn't understand software problems.
Sure if you have a problem on an E10k and need faulty hardware replaced, it might be worth it.
But in general the support contracts are overpriced. You can usually buy 2 of every machine for what it costs you to buy a 1 year support contract. As long as you have an employee that doesn't mind opening boxes, swapping hardware is easy. And thats all Sun will do for you.
Why is it you think telcos have insane profit margins? Aren't you paying 2.5c a minute, or whatever the crazy rate is that everyones paying now?
If not, why aren't you dialing 10-10-whatever.
Telcos are underpaid for "expansion costs" and overpaid for "maintenance cost". Maintenance costs next to nothing (things work right half the time, and when it doesn't at least people know what to repair) but expansion is an incredible expense with no garuntee of return on investment.
So telcos aren't expanding now, they're just trying to hold on to every customer they can.
Pay attention, because this is why you don't have fiber to your pee-pee yet. It's coming, but like everything else you'll have to pay "INSANE" profit margins for it.
As to CEO's making too much money. We live in a capitalist society. If you can find someone really smart who's fully qualified to run your company and only wants $35k per year, then go ahead and hire them. But you won't. CEO's make the money they do because people offer it to them. Complaining doesn't make it wrong, or right. It's just the way it is.
> I had to write some XML processing in PHP and used the PHP XPath class from sf.net (since my ISP did not enable the built-in XML extensions). In most cases my pages timed out, PHP was not able to complete processing the XML file within 30 seconds (!). Java's JDOM did the same in 3-4 seconds.
Obviously this is a troll, but I'll poke at it anyway.
So you're saying that your ISP wouldn't enable a builtin feature of PHP that would make things faster for you, so you switched development languages?
Wouldn't you have to get them to install tomcat?
Why not switch ISP's? Seems just as easy, if not easier than switching languages. Or hell, a linux-capable PC can be had for $100 now. Why not install PHP at home and benchmark it with all the options turned on.
And we can do this and make our own security better, but most security incidents today happen because of compromised windows machines. So we have two problems:
1. These machines are generally easy to upgrade but admins are lazy (what makes you think people will upgrade even if we tell them the next version is safer)
2. What makes you think Microsoft would recode their apps using these products (or anything similar) anyway?
If we make UNIX machines harder to break into people will just move on to easier targets. I think every little bit helps, the UNIX machines might as well be secure, but it won't do you any good if someone targets you're DSL router or your active directory server.
So whats it going to take? Large corporations standing up in meetings saying they will not buy products unless security has been reviewed? Think about the SQL slammer worm which completely screwed up parts of the Internet for 4 hours or more. Is anyone reacting? Anyone saying "well damn, guess I'd better not use MSSQL." or "hell, guess I better put a firewall in front of this thing." Anyones corporate security policy change at all? Maybe, but did your software standards change?
There are hundreds of things that need to change before things get better. How about securing open proxys? Stopping open mail relays. Getting rid of every old and insecure version of bind, sendmail, and apache thats still running somewhere on the internet. Rewriting insecure webpage forms so they don't allow db access to everyone. Turning off telnet in a bunch of places. Same with FTP. Turn off unencrypted IMAP and POP3.
Turn off open wireless networks, convince cable and DSL companies that despite whatever cost savings or easy configurating they get from it, putting everyone on the same network is a bad idea.
So if I could wave a magic wand and all this stuff got taken care of, tomorrow we'd see a slashdot post saying that a fatal flaw in Ethernet causes everyone to be vunerable to any attack, nobody is upgrading because it's too expensive and there is no software fix for it.
Unfortunatly, the easiest and quickest way to make these things stop is to put alot of people in jail for a very long time. Corporations (who have the money and the government backing) don't think it's very funny when people target their 10 year old sparc 5 thats acting as a webserver and break in. To them it doesn't matter that it's really their fault, they want some revenge, and a call to their government friends gets it for them.
We the people of the United States can't change a damn thing, even if we want to (Apologies to non-US citizens who've read this far, I'll shutup in a minute). Changing our coding standards (while amusing to some of the true crackers that are still out there) won't change anything for the thousands of script kiddies who target year-old exploits and scan the entire internet for more boxes to compromise.
Those of you who are not cynical feel free to respond and send solutions.
So I read this article thinking "Hey, someone wrote a guide on securing 802.11" completely forgetting that I'd seen one of those before.
The problem with these guides is that they all look the same, they all recommend the same course of action, but they provide no details as to how you run security.
For my wireless network I run mac address filtering, have the SSID set to not broadcast (and not accept ANY) and run these behind a firewall that only sends DHCP and only accepts encrypted PPTP traffic. (Not because PPTP is good, but because it's easy to setup in Linux and clients are free for windows). You can debate about DHCP being a good idea or not, but I like being able to take my laptop to other networks and not have to reconfigure.
So obviously I've given some thought to securing the LAN, but I don't think my answer is the best one and it's sure not the only one. What I want out of a "guide to securing 802.11" is some comments from the front line. I want to know what works and what doesn't. If checkpoint secureremote is what everyone uses, then I'd like to hear about it. If everyones using ipsec tunnels in freeswan, or Nortel Contivity stuff then great. Let us know what works and what doesn't.
I've tested Dragon on gigabit networks. As long as you have a big machine it should do alright. Use Linux because the Solaris kernel sucks for packet performance.
I'd expect FreeBSD would also have good performance, but they didn't produce a 6.0.1 build for FreeBSD (they told me its around the corner, but theres not much demand for it. I'm running the Solaris variant at work)
Ultimately, I'd say contact Enterasys and ISS with you're needs and ask for a demo license. Everyones situations are different. You may decide snort fits you're needs, or you may need something else.
P2P is a horrible way to distribute programs if you actually care about getting your file from point A to point B in one piece, unmolested. So, obviously, no legitimate company would use it to distribute software.
This is just plain incorrect.
point to point systems work just fine and can garuntee file integrity by providing a file signiture on the "download" page and verifying that it's correct once the file is downloaded.
You could argue that the webpage might be compromised and the signiture changed, but normal websites have this same problem.
In microsofts case, with Win2k and XP they sign ALL their updates, so your machine can automatically verify the signitures without even having to query a webpage. This doesn't mean you can trust all files you download. Since signitures can be wrong and people often overlook "this document is not signed" or "the signiture for this file is incorrect" messages you could argue that file integrity is not something people are crying for right now or that anyone cares.
In any case, P2P networks are perfectly safe for business file transport if thats something a business wants to participate in. The fact that companies are more likely to use fileplanet or game-whatever rather than p2p to release demos and patches just shows that 1. Companies don't get "it", and 2. Companies would rather take ad revenue from their site or partnered sites than dump their files on public networks (thus proving more-so that they don't get it. They can write their own "download manager" clients which show whatever ads they want)
I guess the point of my rambling is that p2p sharing is a remarkable concept whos time has come. With a few more advanced features (preferring downloads from "close" users to save backbone costs) it'll be even better.
But it's bad reputation may be the killing factor in the long run.
I noticed this two years ago when I went to work for a responsible employer. I wondered about it for a while and then reached the natural conclusion that these people would've reached if they weren't stupid.
SPAM isn't prevented in the workplace because of diligant admins or hard working filters. It's prevented because companies don't sell their email addresses.
Point:
I signed up for flash.net a few years ago and was getting spam within the first 4 hours of having an account. This was using a new email address that wasen't easily guessable and probably wasen't given out before. This was also before spammers learned about dictionary attacks. How did they get my email? Someone at flash.net gave it to them.
Nowadays, after having some 3 letter email addresses for a few years dictionary attackers finally decided to probe our domain at work and found me, now I get about 1 spam a week.
My other account which uses first.middle.last@my.work.com notation hasen't been found yet and probably never will be, unless my company sells out and gives their email list away, or I screw up and sign myself up for spam.
SPAM is pretty much only a problem now because people are selling email addresses.
Experiment:
pick a hotmail address with totally random characters that nobody would pick before and see if you get spammed. If you do, then Microsoft is selling your email address.
Hotmail doesn't care though because you're an individual, it's not a corporate account and they don't lose revenue.
Point 2:
People with publicly visable email addresses get spammed all the time.
Apparently this survey was only on email addresses of people who barely use email. Have these people put their email address on a corperate webpage and see how much spam they get in a few weeks.
Think about how much spam you get. Then ask yourself "How did these motherfuckers get my email address?"
Sometimes it's obvious. I went to a conference one year and gave them my email address, which they posted on a webpage. Two years later someone sent an email to 3 people in my group at work, guess which 3 people were at a conference? Somebody had probed the webpage.
If you don't want spam, don't give you're email address out to ANYBODY you don't know. Use throwaway accounts for any online purchases.
If you already get spam without giving out your email address well then switch providers, because obviously the dickfucks at your ISP sold your account to a spam list.
This is caused by providers not charging what bandwidth costs them. Major ISPs are not overutilized or oversubscribed, all the "problems" of p2p are happening on the edge networks. Why is this? Because nobody wants to pay to upgrade.
These providers are oversubscribing their networks by sometimes 6x their upstream capacity or more (3 is the norm). They do this so they can charge customers less for the bandwidth. Why would they want to charge less? Because they're in a price war with the cable modem company down the road.
They can't afford to stay in the market because they're in over their heads, so they switch tactics. Instead of fixing the problem, they blame the customer (a common solution nowadays).
So as someone said earlier, vote with you're money. If someone starts changing you're service in ways you don't like just go to their competitior. Saying "oh well, thats just the way it is" will only succeed in making this the standard practice for every provider.
In my opinion bandwidth caps are ok as long as they're agreed upon when you signup for service (i.e. you ask for 500kbps down, and thats what you get). Per byte charges are historically disfavored for home users even though businesses like the idea. When's the last time you paid per minute on local calls? How many of you would accept a cell phone plan that provided no free minutes to call anywhere? Nobody likes it when the phone company changes their plan. Nobody would accept a new phone plan that was worse than the old one. Hows this sound: "Hey, we're lowering the amount of calls you can make on you're phone. If you go over 70 calls a month we'll charge you 45c a minute"
Would you accept it? No. So why accept their proposed plan for new cable modem caps? Find a new provider, and let Chapter 11 convince these people not to play in a market they don't understand.
If you telecommute, then having business grade service at home is one of the costs of doing business. It may not make sense, but the only reason the phone company charges more for business lines is because of the higher SLA for downtime. Businesses lose money if their phones/data lines don't work, residents are just inconvieninced. Thats the way the phone company looks at it.
So if you professionally telecommute, the company you work for should consider the type of service you need for the home. Personally, if I plan to telecommute all the time, I request a T1 or frac-T1, not because I need the circuit (DSL is just as good) but because I need the SLA's.
If I'm just telecommuting part of the time, and have the option of going in to the office, then a regular phone line and DSL is fine for the home, because I have a backup plan for internet access.
Personally I think this is one more thing "Ask Slashdot" really won't have an answer for. The answer is to "Ask Your Boss" and see what they say.
People who are not market analysts and who don't really understand the market at all seem to know so much about why the internet won't work. (Yes, I've been guilty of this as well, but in my hastily constructed defense I'll say that I'm a bit closer to it all than most people:)
The reason it's hard to compete on the internet is because it's a perfect market. Need web space? There's some guy who will sell it to you for $50 a month. Someone else will give you a fully redundent air-cooled super-backed-up buzzword compliant solution for $5000. Still others will give you the same thing for $3k, and others will give you slightly less for $2k, $1k, and $500, or perhaps $100 or $50. Ever looked around at just how many people provide webhosting?
When you have thousands of companies competing for business in a market that may only have 100k real customers you get to a saturation point where you can't lower your price anymore or you don't make money, but your competitor still is pricing his service $50 less. People got into price wars with each other and dropped prices until they went right out of business. Ethier they got scared and stopped dropping their price early (and thus lost customers to people who'd continue to drop their prices) or they dropped their price too low and couldn't make a profit.
This doesn't just apply to webhosting. Think about EBay, Yahoo Auctions, Amazon auctions, etc. Or Amazon books, borders.com, barnesandnoble.com, etc..
You have 8-10 different companies to choose from when making an online purchase, and these are just the large ones.. think about all the companies you can purchase computer gear from online? There is no way to compete unless you're selling an original product that can't be bought elsewhere.
These are some of the prime reasons that very large companies are going out of business right now. Think the Internet caused it or started it? No, obviously (Enron) there were other market problems as well. The phone companies were doing the same thing for the last few years.. "3 cents a minute.. no 2 cents a minute. Actually, we're paying you to use our service.."
It's stupid, and hopefully the mess will clean itself up.
Where upgradestatus would be a perl script that takes the output of "dpkg -l" and formats it in some intelligent way, then uploads it to an SQL server.
I would think that would give you awesome centralized package management, and you'd immediately know when systems are out of date, or when they fail their upgrades.
You may be saying "well, I don't want to write it myself, it should come with the OS!" and that may be true. But if it did, do you think you would use it the way it was? Or would you customize it to suit your own needs?
Maybe theres a reason nobody has done this yet. Probably because everyone already does it in their own way.
BTW, instead of pushing the status to a central server, I push out all my changes with an expect script. Even with 650 machines, I'd rather watch them as they get upgraded to make sure there isn't a failure. If theres too many machines, then you can devide the work up between several people and have them all watch upgrades.
The internet stopped doubling in speed sometime last year. Everyone was banking on having OC48's to large customers (and OC3's to everyone else). One year later and most people are still using NxT1 options, and the core isn't anywhere near overutilized (not anywhere near 10gig. Or 30 gig for that matter, which you can get by running multiple OC-192s in parallel)
So their product is worth about as much as their nearest competitor (Juniper, if they've written their software properly) and they're two years late to the market.
Personally I consider commercials, unsoliciated emails and phone calls all to be a waste of my time. Considering that your time on earth is a (relatively) constant value, and there is nothing the corporations can do to give you back the time they waste, use of your time should be billable at whatever rate you specify (up front, through some means).
Corporations won't like it.. but this only applies to targeted ads. Billboards are still usable, but ads while you withdrawn money from an ATM are not.
Think of the last time you were forced to waste 30 seconds of your day listening or watching someones advertisement for a product you didn't want. Think about something else you could have been doing and ask yourself, how much was that 30 seconds worth to me? Be reasonable. I don't think you could honestly ask for more than your salary, but you should at least be able to ask for compensation.
I chose not to finish college because I was pressured by my parents to find a job. Several times since then I've thought about going back, but I'm making good money now and I'm pretty sucessful. I don't want to go back to school full time (and give up my job), and I don't want to spend 20 years getting a degree ethier.
So I'm in the exact same situation our "Ask Slashdot" person is in (I'm even the same age.. scary..:)
Reading through this I was hoping to find insite into ways to get a degree fast, or what you can do instead of getting a degree. Instead I find two camps of people. People who don't have a degree, and are proud of that fact, and people who have a degree and defend it with words like "It's not just programming" and "You want a degree in one year? You arrogant bastard."
Between this and my observations at work, I've decided that a degree isn't worth it. Several of my friends have degrees from Georgia Tech in EE or CS. Most of these guys are fast learners (they'd have to be, to survive Georgia Tech) but they ethier can't program at all, or don't program very well. The guys with EE backgrounds don't understand circuit design.
Luckily they're in networking so they don't need these skills as much, but if someone comes to me and says "I have a CS degree." I expect them to be able to answer basic CS questions. Now I get responses like "Oh, well, I got my CS with a focus in telecommunications." (Which apparently means you can pick the words 'T1' and 'CSU' out of a quiz and you understand search engines)
Is this what the best schools are teaching their students? Is this what I have to expect if I go and get a degree?
Thats why I've decided not to go back for a degree. I can already give presentations, do research, and troubleshoot problems. I can already manage people and program. What will finishing college give me (I've very proud of my two years.:) and is it worth going to night school for 7 years for it?
I think alot of you are 50k in debt with student loans and you want someone to say "you're smart, and your peice of paper is worth the price."
The truth is, for those of you still in school, that the job market is dead now, you'll be lucky if you can find a helpdesk job, much less something in programming. You'll probably spend 10 years looking for a comfortable job, and the rest of your life paying off those student loans. I hope thats what you were looking for.
As for me I plan to retire at 35 (maybe sooner or later, depending on how my plans go).
This only works on routers which run CEF and have only one egress point. In other words, it's basically useless, since it won't work on a 2500 and nobody is going to buy a 3600 and run only 1 T1 off of it.
The reason it breaks with multiple egress points is because of assymetric routing. What "ip verify unicast reverse-path" does is makes sure that the path back to the source goes throgh the same interface as this packet coming in. Since you can have multiple paths back to a source on a core router, this doesn't work.
If you are using the router as a firewall or a bastion host then this works ok.
"back of the bus" was never censorship, it was racism, and no matter how you try to sell it I don't see how moderation equates to racism. Comments are moderated by real-life people, they aren't infallible, but I think that most people try hard to be fair when moderating. I also think, that like the BBSs of old days, this is a free site with free access. On most BBS use was a privilege, not a right, and even though Slashdot now runs on Andover's hardware, I still think it's a privlidge extended to all of us to be here. In other words, free speech, censorship, and racism be damned, if you don't like the opinions expressed here, you can go elsewhere. If the community, or the site administrator doesn't like those opinions, they can moderate them down.
I also think that its common curtosy to express opinions such as these to CmdrTaco and Hemos via email instead of publiclly flaming their ability to moderate. I seem to recall months of open-forum discussions regarding the best way to moderate, and who should moderate, or if moderation should be practised at all. They have put alot of time and thought into this system, but I believe they would still be open to ideas for improvements.
Having said all that, I usually have moderation set to -1 so that I can see all of whats said in a discussion. Sometimes things are mis-moderated, and sometimes I find little pearls of wisdom in what is otherwise pure flamebait.
I have to say that after being a long-time Linux user I've just recently had the chance to really play with KDE.
My review of it so far?
Its still slower than CDE and windows, though it has become far more integrated than I remembered it. Over the past two days while I've been fighting with a new install, and a completely new X interface I was bouncing up and down whenever something worked right, and frowning and scratching my head whenever it didn't.
I was scratching my head because KDE has become windows to a certian extent. Programs don't give error messages anymore, they just die silently, or worse, they never start at all. Searching my harddrive for clues turns up lots of core files, some of them with info, some of them 0 byte. I never used to have core files on my old install, and I'm not sure the prettiness is worth not knowing what the hell is going on.
Back to the original point, "Time for war...":
speaking from a warriors point of view, I can understand why they've said for years "We don't want your newbie questions, go away." I've said exactly the same thing quite a few times. This isn't just being a general bastard towards someone, its fighting the urge to give in and use a pretty desktop with pretty features, because once you've surrounded yourself with a pretty interface and you have no idea how the underlying system works, you've lost your ability to keep your own system running.
*shrug*, thats the way I see it anyway. Happy day to the KDE users, I'll probably switch back to WindowMaker.
Slashdot Mirror
Neither of these cards support Channilization (at least as far as the linked text mentions)
:)
As an ISP, I know the temptation to save $30,000 dollers seems like a good idea, but running a linux box with 28 routed interfaces (or more) seems like a recipe for disaster. I'd be more tempted to stick with a solution that works.
Thats not to say that Linux doesn't scale as a router. I know some people are routing OC3's (and possibly higher) with Linux, but thats usually not dealing with all the headaches of end users. EBGP, and the policies associated with it, QOS (which is a nightmare to the untrained on Linux, but relatively easy on Cisco), access-list setup (which may not be a problem, but would need to be handled by iptables. Your forwarding rules might run you into problems too. Too many rules and you might kill your CPU with higher traffic loads)
I'm amazed your even looking down this path. Most ISP's start with UNIX based solutions and move to "real" routers when things stop scaling properly. You've just about reached the limit on things scaling properly
Whois
We have one of those "premium" support contracts at work. One day CDE stopped working (something a about tooltalk libraries) so I logged in under openlook and started searching around to find answers. I found a guide for ways to fix it, tried everything in it and failed. Called sun for support.
The first guy asked me to do the same things I'd already done (fair enough, he can read from a guide too). Then when I told him I'd done all that he told me to try it and call him back if I still had the same problem.
I told him I'd like a callback in 30 min to f/u. Just in case he couldn't get in touch with me, I asked for his phone number. So basically, even though I knew his fix wouldn't help I gave him the benifit of the doubt. Or at least the chance to get off the phone and do more research.
I email him immediately to tell him things don't work. Nothing.
30 minutes passes. Nothing.
1 hour passes. Nothing.
I call him back and he's gone for the day (of course). I speak with one of his fellow tech support guys and he basically asks the same questions then gives me a few things that might work (at this point I'm away from my computer)
So I tell him I'll try the new stuff and f/u via email. When I get back I imediately try things
and send him an email saying it didn't work.
Never get a response.
These were simple procedures to follow. No driver level debugging. This is deleting cache files, editing conf files and restarting deamons. Nothing that takes rocket scientists. But they still don't have an answer. To this day, if I still had the error message I'd like to know why Solaris broke in that particular way, and why it's not fixable.
So I endure the crap that is openlook for one week, then sit down and reinstall the machine. This fixes the problem of course.
But I don't tell Sun that. I figure I'd still like some help via email. So I wait. 2 months later I get an email from a Sun relationship manager asking if it's ok to close the case.
I write back and tell them "No it's not ok to close the case. You've not supported me at all in over 2 months."
So they immediately try to call me to try to resolve the issue. (As much good as calling does. I requested email).
Finally after explaining that I had to reinstall I closed the case. They apparently didn't care that their expensive contract just netted them good money and the customer got nothing out of it.
This is just story number 1. I've had to call them twice more and ended up giving up both times. Sun support doesn't understand software problems.
Sure if you have a problem on an E10k and need faulty hardware replaced, it might be worth it.
But in general the support contracts are overpriced. You can usually buy 2 of every machine for what it costs you to buy a 1 year support contract. As long as you have an employee that doesn't mind opening boxes, swapping hardware is easy. And thats all Sun will do for you.
Why is it you think telcos have insane profit margins? Aren't you paying 2.5c a minute, or whatever the crazy rate is that everyones paying now?
If not, why aren't you dialing 10-10-whatever.
Telcos are underpaid for "expansion costs" and overpaid for "maintenance cost". Maintenance costs next to nothing (things work right half the time, and when it doesn't at least people know what to repair) but expansion is an incredible expense with no garuntee of return on investment.
So telcos aren't expanding now, they're just trying to hold on to every customer they can.
Pay attention, because this is why you don't have fiber to your pee-pee yet. It's coming, but like everything else you'll have to pay "INSANE" profit margins for it.
As to CEO's making too much money. We live in a capitalist society. If you can find someone really smart who's fully qualified to run your company and only wants $35k per year, then go ahead and hire them. But you won't. CEO's make the money they do because people offer it to them. Complaining doesn't make it wrong, or right. It's just the way it is.
> I had to write some XML processing in PHP and used the PHP XPath class from sf.net (since my ISP did not enable the built-in XML extensions). In most cases my pages timed out, PHP was not able to complete processing the XML file within 30 seconds (!). Java's JDOM did the same in 3-4 seconds.
Obviously this is a troll, but I'll poke at it anyway.
So you're saying that your ISP wouldn't enable a builtin feature of PHP that would make things faster for you, so you switched development languages?
Wouldn't you have to get them to install tomcat?
Why not switch ISP's? Seems just as easy, if not easier than switching languages. Or hell, a linux-capable PC can be had for $100 now. Why not install PHP at home and benchmark it with all the options turned on.
And we can do this and make our own security better, but most security incidents today happen because of compromised windows machines. So we have two problems:
1. These machines are generally easy to upgrade but admins are lazy (what makes you think people will upgrade even if we tell them the next version is safer)
2. What makes you think Microsoft would recode their apps using these products (or anything similar) anyway?
If we make UNIX machines harder to break into people will just move on to easier targets. I think every little bit helps, the UNIX machines might as well be secure, but it won't do you any good if someone targets you're DSL router or your active directory server.
So whats it going to take? Large corporations standing up in meetings saying they will not buy products unless security has been reviewed? Think about the SQL slammer worm which completely screwed up parts of the Internet for 4 hours or more. Is anyone reacting? Anyone saying "well damn, guess I'd better not use MSSQL." or "hell, guess I better put a firewall in front of this thing." Anyones corporate security policy change at all? Maybe, but did your software standards change?
There are hundreds of things that need to change before things get better. How about securing open proxys? Stopping open mail relays. Getting rid of every old and insecure version of bind, sendmail, and apache thats still running somewhere on the internet. Rewriting insecure webpage forms so they don't allow db access to everyone. Turning off telnet in a bunch of places. Same with FTP. Turn off unencrypted IMAP and POP3.
Turn off open wireless networks, convince cable and DSL companies that despite whatever cost savings or easy configurating they get from it, putting everyone on the same network is a bad idea.
So if I could wave a magic wand and all this stuff got taken care of, tomorrow we'd see a slashdot post saying that a fatal flaw in Ethernet causes everyone to be vunerable to any attack, nobody is upgrading because it's too expensive and there is no software fix for it.
Unfortunatly, the easiest and quickest way to make these things stop is to put alot of people in jail for a very long time. Corporations (who have the money and the government backing) don't think it's very funny when people target their 10 year old sparc 5 thats acting as a webserver and break in. To them it doesn't matter that it's really their fault, they want some revenge, and a call to their government friends gets it for them.
We the people of the United States can't change a damn thing, even if we want to (Apologies to non-US citizens who've read this far, I'll shutup in a minute). Changing our coding standards (while amusing to some of the true crackers that are still out there) won't change anything for the thousands of script kiddies who target year-old exploits and scan the entire internet for more boxes to compromise.
Those of you who are not cynical feel free to respond and send solutions.
So I read this article thinking "Hey, someone wrote a guide on securing 802.11" completely forgetting that I'd seen one of those before.
The problem with these guides is that they all look the same, they all recommend the same course of action, but they provide no details as to how you run security.
For my wireless network I run mac address filtering, have the SSID set to not broadcast (and not accept ANY) and run these behind a firewall that only sends DHCP and only accepts encrypted PPTP traffic. (Not because PPTP is good, but because it's easy to setup in Linux and clients are free for windows). You can debate about DHCP being a good idea or not, but I like being able to take my laptop to other networks and not have to reconfigure.
So obviously I've given some thought to securing the LAN, but I don't think my answer is the best one and it's sure not the only one. What I want out of a "guide to securing 802.11" is some comments from the front line. I want to know what works and what doesn't. If checkpoint secureremote is what everyone uses, then I'd like to hear about it. If everyones using ipsec tunnels in freeswan, or Nortel Contivity stuff then great. Let us know what works and what doesn't.
Doesn't mean it's not useful.
And you can always remap the commands you need onto keys you don't use.
I've tested Dragon on gigabit networks. As long as you have a big machine it should do alright. Use Linux because the Solaris kernel sucks for packet performance.
I'd expect FreeBSD would also have good performance, but they didn't produce a 6.0.1 build for FreeBSD (they told me its around the corner, but theres not much demand for it. I'm running the Solaris variant at work)
Ultimately, I'd say contact Enterasys and ISS with you're needs and ask for a demo license. Everyones situations are different. You may decide snort fits you're needs, or you may need something else.
90 percent of the protocols the phone uses are UDP anyway. Possibly 100%
This is just plain incorrect.
point to point systems work just fine and can garuntee file integrity by providing a file signiture on the "download" page and verifying that it's correct once the file is downloaded.
You could argue that the webpage might be compromised and the signiture changed, but normal websites have this same problem.
In microsofts case, with Win2k and XP they sign ALL their updates, so your machine can automatically verify the signitures without even having to query a webpage. This doesn't mean you can trust all files you download. Since signitures can be wrong and people often overlook "this document is not signed" or "the signiture for this file is incorrect" messages you could argue that file integrity is not something people are crying for right now or that anyone cares.
In any case, P2P networks are perfectly safe for business file transport if thats something a business wants to participate in. The fact that companies are more likely to use fileplanet or game-whatever rather than p2p to release demos and patches just shows that 1. Companies don't get "it", and 2. Companies would rather take ad revenue from their site or partnered sites than dump their files on public networks (thus proving more-so that they don't get it. They can write their own "download manager" clients which show whatever ads they want)
I guess the point of my rambling is that p2p sharing is a remarkable concept whos time has come. With a few more advanced features (preferring downloads from "close" users to save backbone costs) it'll be even better.
But it's bad reputation may be the killing factor in the long run.
I noticed this two years ago when I went to work for a responsible employer. I wondered about it for a while and then reached the natural conclusion that these people would've reached if they weren't stupid.
SPAM isn't prevented in the workplace because of diligant admins or hard working filters. It's prevented because companies don't sell their email addresses.
Point:
I signed up for flash.net a few years ago and was getting spam within the first 4 hours of having an account. This was using a new email address that wasen't easily guessable and probably wasen't given out before. This was also before spammers learned about dictionary attacks. How did they get my email? Someone at flash.net gave it to them.
Nowadays, after having some 3 letter email addresses for a few years dictionary attackers finally decided to probe our domain at work and found me, now I get about 1 spam a week.
My other account which uses first.middle.last@my.work.com notation hasen't been found yet and probably never will be, unless my company sells out and gives their email list away, or I screw up and sign myself up for spam.
SPAM is pretty much only a problem now because people are selling email addresses.
Experiment:
pick a hotmail address with totally random characters that nobody would pick before and see if you get spammed. If you do, then Microsoft is selling your email address.
Hotmail doesn't care though because you're an individual, it's not a corporate account and they don't lose revenue.
Point 2:
People with publicly visable email addresses get spammed all the time.
Apparently this survey was only on email addresses of people who barely use email. Have these people put their email address on a corperate webpage and see how much spam they get in a few weeks.
Think about how much spam you get. Then ask yourself "How did these motherfuckers get my email address?"
Sometimes it's obvious. I went to a conference one year and gave them my email address, which they posted on a webpage. Two years later someone sent an email to 3 people in my group at work, guess which 3 people were at a conference? Somebody had probed the webpage.
If you don't want spam, don't give you're email address out to ANYBODY you don't know. Use throwaway accounts for any online purchases.
If you already get spam without giving out your email address well then switch providers, because obviously the dickfucks at your ISP sold your account to a spam list.
Thats all...
No this is not the real cost of point to point.
This is caused by providers not charging what bandwidth costs them. Major ISPs are not overutilized or oversubscribed, all the "problems" of p2p are happening on the edge networks. Why is this? Because nobody wants to pay to upgrade.
These providers are oversubscribing their networks by sometimes 6x their upstream capacity or more (3 is the norm). They do this so they can charge customers less for the bandwidth. Why would they want to charge less? Because they're in a price war with the cable modem company down the road.
They can't afford to stay in the market because they're in over their heads, so they switch tactics. Instead of fixing the problem, they blame the customer (a common solution nowadays).
So as someone said earlier, vote with you're money. If someone starts changing you're service in ways you don't like just go to their competitior. Saying "oh well, thats just the way it is" will only succeed in making this the standard practice for every provider.
In my opinion bandwidth caps are ok as long as they're agreed upon when you signup for service (i.e. you ask for 500kbps down, and thats what you get). Per byte charges are historically disfavored for home users even though businesses like the idea. When's the last time you paid per minute on local calls? How many of you would accept a cell phone plan that provided no free minutes to call anywhere? Nobody likes it when the phone company changes their plan. Nobody would accept a new phone plan that was worse than the old one. Hows this sound: "Hey, we're lowering the amount of calls you can make on you're phone. If you go over 70 calls a month we'll charge you 45c a minute"
Would you accept it? No. So why accept their proposed plan for new cable modem caps? Find a new provider, and let Chapter 11 convince these people not to play in a market they don't understand.
If you telecommute, then having business grade service at home is one of the costs of doing business. It may not make sense, but the only reason the phone company charges more for business lines is because of the higher SLA for downtime. Businesses lose money if their phones/data lines don't work, residents are just inconvieninced. Thats the way the phone company looks at it.
So if you professionally telecommute, the company you work for should consider the type of service you need for the home. Personally, if I plan to telecommute all the time, I request a T1 or frac-T1, not because I need the circuit (DSL is just as good) but because I need the SLA's.
If I'm just telecommuting part of the time, and have the option of going in to the office, then a regular phone line and DSL is fine for the home, because I have a backup plan for internet access.
Personally I think this is one more thing "Ask Slashdot" really won't have an answer for. The answer is to "Ask Your Boss" and see what they say.
People who are not market analysts and who don't really understand the market at all seem to know so much about why the internet won't work. (Yes, I've been guilty of this as well, but in my hastily constructed defense I'll say that I'm a bit closer to it all than most people :)
The reason it's hard to compete on the internet is because it's a perfect market. Need web space? There's some guy who will sell it to you for $50 a month. Someone else will give you a fully redundent air-cooled super-backed-up buzzword compliant solution for $5000. Still others will give you the same thing for $3k, and others will give you slightly less for $2k, $1k, and $500, or perhaps $100 or $50. Ever looked around at just how many people provide webhosting?
When you have thousands of companies competing for business in a market that may only have 100k real customers you get to a saturation point where you can't lower your price anymore or you don't make money, but your competitor still is pricing his service $50 less. People got into price wars with each other and dropped prices until they went right out of business. Ethier they got scared and stopped dropping their price early (and thus lost customers to people who'd continue to drop their prices) or they dropped their price too low and couldn't make a profit.
This doesn't just apply to webhosting. Think about EBay, Yahoo Auctions, Amazon auctions, etc. Or Amazon books, borders.com, barnesandnoble.com, etc..
You have 8-10 different companies to choose from when making an online purchase, and these are just the large ones.. think about all the companies you can purchase computer gear from online? There is no way to compete unless you're selling an original product that can't be bought elsewhere.
These are some of the prime reasons that very large companies are going out of business right now. Think the Internet caused it or started it? No, obviously (Enron) there were other market problems as well. The phone companies were doing the same thing for the last few years.. "3 cents a minute.. no 2 cents a minute. Actually, we're paying you to use our service.."
It's stupid, and hopefully the mess will clean itself up.
Umm.. nobody does this well.
But if I was going to do it, I'd do it with debian.
0 4 * * * apt-get update && apt-get upgrade && upgradestatus
Where upgradestatus would be a perl script that takes the output of "dpkg -l" and formats it in some intelligent way, then uploads it to an SQL server.
I would think that would give you awesome centralized package management, and you'd immediately know when systems are out of date, or when they fail their upgrades.
You may be saying "well, I don't want to write it myself, it should come with the OS!" and that may be true. But if it did, do you think you would use it the way it was? Or would you customize it to suit your own needs?
Maybe theres a reason nobody has done this yet. Probably because everyone already does it in their own way.
BTW, instead of pushing the status to a central server, I push out all my changes with an expect script. Even with 650 machines, I'd rather watch them as they get upgraded to make sure there isn't a failure. If theres too many machines, then you can devide the work up between several people and have them all watch upgrades.
But thats just me.
The internet stopped doubling in speed sometime last year. Everyone was banking on having OC48's to large customers (and OC3's to everyone else). One year later and most people are still using NxT1 options, and the core isn't anywhere near overutilized (not anywhere near 10gig. Or 30 gig for that matter, which you can get by running multiple OC-192s in parallel)
So their product is worth about as much as their nearest competitor (Juniper, if they've written their software properly) and they're two years late to the market.
Personally I consider commercials, unsoliciated emails and phone calls all to be a waste of my time. Considering that your time on earth is a (relatively) constant value, and there is nothing the corporations can do to give you back the time they waste, use of your time should be billable at whatever rate you specify (up front, through some means).
Corporations won't like it.. but this only applies to targeted ads. Billboards are still usable, but ads while you withdrawn money from an ATM are not.
Think of the last time you were forced to waste 30 seconds of your day listening or watching someones advertisement for a product you didn't want. Think about something else you could have been doing and ask yourself, how much was that 30 seconds worth to me? Be reasonable. I don't think you could honestly ask for more than your salary, but you should at least be able to ask for compensation.
I chose not to finish college because I was pressured by my parents to find a job. Several times since then I've thought about going back, but I'm making good money now and I'm pretty sucessful. I don't want to go back to school full time (and give up my job), and I don't want to spend 20 years getting a degree ethier.
:)
:) and is it worth going to night school for 7 years for it?
So I'm in the exact same situation our "Ask Slashdot" person is in (I'm even the same age.. scary..
Reading through this I was hoping to find insite into ways to get a degree fast, or what you can do instead of getting a degree. Instead I find two camps of people. People who don't have a degree, and are proud of that fact, and people who have a degree and defend it with words like "It's not just programming" and "You want a degree in one year? You arrogant bastard."
Between this and my observations at work, I've decided that a degree isn't worth it. Several of my friends have degrees from Georgia Tech in EE or CS. Most of these guys are fast learners (they'd have to be, to survive Georgia Tech) but they ethier can't program at all, or don't program very well. The guys with EE backgrounds don't understand circuit design.
Luckily they're in networking so they don't need these skills as much, but if someone comes to me and says "I have a CS degree." I expect them to be able to answer basic CS questions. Now I get responses like "Oh, well, I got my CS with a focus in telecommunications." (Which apparently means you can pick the words 'T1' and 'CSU' out of a quiz and you understand search engines)
Is this what the best schools are teaching their students? Is this what I have to expect if I go and get a degree?
Thats why I've decided not to go back for a degree. I can already give presentations, do research, and troubleshoot problems. I can already manage people and program. What will finishing college give me (I've very proud of my two years.
I think alot of you are 50k in debt with student loans and you want someone to say "you're smart, and your peice of paper is worth the price."
The truth is, for those of you still in school, that the job market is dead now, you'll be lucky if you can find a helpdesk job, much less something in programming. You'll probably spend 10 years looking for a comfortable job, and the rest of your life paying off those student loans. I hope thats what you were looking for.
As for me I plan to retire at 35 (maybe sooner or later, depending on how my plans go).
I wonder if I'll finally be taken off the Compaq spam-mail lists, or just added to all the HP ones...
The reason it breaks with multiple egress points is because of assymetric routing. What "ip verify unicast reverse-path" does is makes sure that the path back to the source goes throgh the same interface as this packet coming in. Since you can have multiple paths back to a source on a core router, this doesn't work.
If you are using the router as a firewall or a bastion host then this works ok.
"back of the bus" was never censorship, it was racism, and no matter how you try to sell it I don't see how moderation equates to racism. Comments are moderated by real-life people, they aren't infallible, but I think that most people try hard to be fair when moderating. I also think, that like the BBSs of old days, this is a free site with free access. On most BBS use was a privilege, not a right, and even though Slashdot now runs on Andover's hardware, I still think it's a privlidge extended to all of us to be here. In other words, free speech, censorship, and racism be damned, if you don't like the opinions expressed here, you can go elsewhere. If the community, or the site administrator doesn't like those opinions, they can moderate them down.
I also think that its common curtosy to express opinions such as these to CmdrTaco and Hemos via email instead of publiclly flaming their ability to moderate. I seem to recall months of open-forum discussions regarding the best way to moderate, and who should moderate, or if moderation should be practised at all. They have put alot of time and thought into this system, but I believe they would still be open to ideas for improvements.
Having said all that, I usually have moderation set to -1 so that I can see all of whats said in a discussion. Sometimes things are mis-moderated, and sometimes I find little pearls of wisdom in what is otherwise pure flamebait.
whois
I have to say that after being a long-time Linux user I've just recently had the chance to really play with KDE.
My review of it so far?
Its still slower than CDE and windows, though it has become far more integrated than I remembered it. Over the past two days while I've been fighting with a new install, and a completely new X interface I was bouncing up and down whenever something worked right, and frowning and scratching my head whenever it didn't.
I was scratching my head because KDE has become windows to a certian extent. Programs don't give error messages anymore, they just die silently, or worse, they never start at all. Searching my harddrive for clues turns up lots of core files, some of them with info, some of them 0 byte. I never used to have core files on my old install, and I'm not sure the prettiness is worth not knowing what the hell is going on.
Back to the original point, "Time for war...":
speaking from a warriors point of view, I can understand why they've said for years "We don't want your newbie questions, go away." I've said exactly the same thing quite a few times. This isn't just being a general bastard towards someone, its fighting the urge to give in and use a pretty desktop with pretty features, because once you've surrounded yourself with a pretty interface and you have no idea how the underlying system works, you've lost your ability to keep your own system running.
*shrug*, thats the way I see it anyway.
Happy day to the KDE users, I'll probably switch back to WindowMaker.
whois
---