It's my understanding that blocking email from IPs that are part the DUL will only block email from people that are running *their own* SMTP server off of their dial up connection. Since most (I'd guess well over 95% of the people that use dial up) people use their ISP's SMTP server to send email, this should not block much useful email.
To disable the 'auto search' (that's what I call it, probably not the proper name) in MSIE 5.5 (that's what I've got on my win2k box) go to 'Internet Options', either from Tools -> Internet Options or Control Panel -> Interent Options, then go to the 'Advanced tab' then scroll down to the 'Search from the address bar' section, and choose one of the other options (like "Do not search from the address bar")
Here in Edmonotn, Alberta, Canada, I have a 10Megabit / 768Kilobit cable connection, for only $40 CDN per month (probably going to change soon, my cable company just got bought out by an @Home partner).
As for transfer speeds, I can normally sustain 50KB/s (that's Bytes) upstream, and I have managed close to 980KB/s downstream (going through my firewall, an AMD 486/80 running linux).
My only complaint about my ISP is: If you exceed their "Transfer allowances", you get charged extra (not too bad, 10GB down, 1 GB up per month).
---
William
These are my personal opinions, not those of my employer.
Just thought that I should mention it, but Win2k doesn't need to use drive letters for anything other than the "root" drive (c:\). Win2k also lets you mount a partition to a path, AND assign a drive letter to it (but I really don't see why you'd want to do that). IIRC this feature has been in win2k since NT 5.0 Beta 2 (that was the first win2k beta that I played with.)
Re:guessing a tcp sequence isnt *THAT* hard...
on
Security Hole In TCP
·
· Score: 1
Did you really run nmap against a win2k box, or just a win9x/NT(no service pack) box? When I scan a win98 box I get the same results that you attribute to a win2k box.
When I scan a win2k box I get:
[root@yoink root]# nmap -O c6
Starting nmap V. 2.3BETA14 by fyodor@insecure.org ( www.insecure.org/nmap/ )
I was interprating the parent post as "Why don't ISPs filter packets as they are leaving the ISP's network." If the majority of ISPs drop outgoing packets that don't have valid source/destination headers (if you are an ISP, and you all your equipment/customers are using the 1.2.3.4/24 IP block, why would you let packets that have a source of 7.8.9.3 out? Or would you want to allow packets addressed to non-routable IPs to go out?) then you would have stopped most DDoS attacks that use forged source headers.
If that didn't make any sense, I mean: If every ISP would configure their routers to block outgoing packets that didn't originate from their IP block, and block all packets that are going to non-routable IPs. Wouldn't this solve most of the problems?
I normally image win9x machines this way, but I don't see why it wouldn't work for linux...
After building the first machine the way that I want it, I basically create a tarball of everything (except/proc, etc.). Then you just have to boot the client machine up, partition / format the HDD, then connect to your server, and uncompress the tarball. For linux, I'd assume that you would need to run lilo manually or make a sh script that does everything. ie. the mount command, the format, the tar -zxvvspf, then I'd just finish the script off with the lilo command (something like: `/mnt/sbin/lilo -C/mnt/etc/lilo.conf -r/mnt`)
For cloning disks, I normally use a boot disk (with Samba/NFS compiled in the kernel, as appropriate), then use tar (if you are setting up a bunch of machines at the same time, this seems to be verry fast, as long as you can start the untar process on all the machines at basically the same time so that all the clients are asking for the same portion of the tar file while the server has that part in cache)
Re:ILM's Linux distro?
on
Linux in 3D
·
· Score: 2
You forgot to mention the Next sentence:
"For our renderfarm, we're also generally looking for larger, more scalable machines than Linux can offer right now. But I think it will come to maturity in time."
-- Andy Henderickson, ILM
I think that the point was supposed to be: Why use USB speakers when you allready have a Hi-Fi stereo hooked up to your computer? Somehow, I don't think that any USB speakers (that are available now) will really compare to my setup (about $2,000+ for my speakers, $1,500 for the amp, etc.)
a) I do consider it to partly be Microsoft's fault because of the default behavior of their software (like outlook's "you got an executable as an attachment, can I please run it for you?"). If Look Out! (I consider outlook to be the worst offender) had a sane default behavior like, tell the user that attachments can do bad things, or if it was easier to change the behavior to "don't run executable attachments", then I wouldn't blame M$ anymore.
b) I think that most companies should have a policy of "educating the user about potential dangers of running attachments." That coupled with M$ fixing the default behavior of Look out! would really make it hard for a.VBS virus to replicate
c) I'm not disputing that virii cost money, but 17Billion dollars? I think that the monetary cost has been pulled out of thin air (just like the monetary cost of spam) to scare people.
Example: At my last job, I was a "Network Admin", and when the Melissa virus hit it didn't directly cost us anything (I was working for the Territorial government up in the Yukon at the time, and we had around 2500 users.) When we got the first call from an user about a "strange email", I got to go and talk to the client, and look at the message, while another admin checked to see if there was a new set of virus definitions for Exchange scan. After I determined that the user had received a copy of the Melissa virus (but the antivirus definitions on her machine were up to date, and the virus got cleaned), all that we had to do was change the logon scripts to do an update of the AV definitions for everyone. Total time spent dealing with that virus: 2 people for 1 hour (and dealing with virii was included as part of my job description, so there was "no real cost" other than the 15 minutes it took me to visit the user, and look at her computer (while she took her coffee break.))
Slashdot Mirror
It's my understanding that blocking email from IPs that are part the DUL will only block email from people that are running *their own* SMTP server off of their dial up connection. Since most (I'd guess well over 95% of the people that use dial up) people use their ISP's SMTP server to send email, this should not block much useful email.
To disable the 'auto search' (that's what I call it, probably not the proper name) in MSIE 5.5 (that's what I've got on my win2k box) go to 'Internet Options', either from Tools -> Internet Options or Control Panel -> Interent Options, then go to the 'Advanced tab' then scroll down to the 'Search from the address bar' section, and choose one of the other options (like "Do not search from the address bar")
Hope this helps
Here in Edmonotn, Alberta, Canada, I have a 10Megabit / 768Kilobit cable connection, for only $40 CDN per month (probably going to change soon, my cable company just got bought out by an @Home partner).
As for transfer speeds, I can normally sustain 50KB/s (that's Bytes) upstream, and I have managed close to 980KB/s downstream (going through my firewall, an AMD 486/80 running linux).
My only complaint about my ISP is: If you exceed their "Transfer allowances", you get charged extra (not too bad, 10GB down, 1 GB up per month).
---
William
These are my personal opinions, not those of my employer.
Just thought that I should mention it, but Win2k doesn't need to use drive letters for anything other than the "root" drive (c:\). Win2k also lets you mount a partition to a path, AND assign a drive letter to it (but I really don't see why you'd want to do that). IIRC this feature has been in win2k since NT 5.0 Beta 2 (that was the first win2k beta that I played with.)
Did you really run nmap against a win2k box, or just a win9x/NT(no service pack) box? When I scan a win98 box I get the same results that you attribute to a win2k box.
When I scan a win2k box I get:
[root@yoink root]# nmap -O c6
Starting nmap V. 2.3BETA14 by fyodor@insecure.org ( www.insecure.org/nmap/ )
TCP Sequence Prediction: Class=random positive increments
Difficulty=8134 (Worthy challenge)
Remote operating system guess: Windows 2000 RC1-RC3
and a linux box (kernel 2.2.18): (nmap -O localhost)
TCP Sequence Prediction: Class=random positive increments
Difficulty=4570289 (Good luck!)
Remote operating system guess: Linux 2.1.122 - 2.2.13
I was interprating the parent post as "Why don't ISPs filter packets as they are leaving the ISP's network." If the majority of ISPs drop outgoing packets that don't have valid source/destination headers (if you are an ISP, and you all your equipment/customers are using the 1.2.3.4/24 IP block, why would you let packets that have a source of 7.8.9.3 out? Or would you want to allow packets addressed to non-routable IPs to go out?) then you would have stopped most DDoS attacks that use forged source headers.
If that didn't make any sense, I mean: If every ISP would configure their routers to block outgoing packets that didn't originate from their IP block, and block all packets that are going to non-routable IPs. Wouldn't this solve most of the problems?
ps. Ignore all the spelling mistakes, please.
I normally image win9x machines this way, but I don't see why it wouldn't work for linux...
/proc, etc.). Then you just have to boot the client machine up, partition / format the HDD, then connect to your server, and uncompress the tarball. For linux, I'd assume that you would need to run lilo manually or make a sh script that does everything. ie. the mount command, the format, the tar -zxvvspf, then I'd just finish the script off with the lilo command (something like: `/mnt/sbin/lilo -C /mnt/etc/lilo.conf -r /mnt`)
After building the first machine the way that I want it, I basically create a tarball of everything (except
For cloning disks, I normally use a boot disk (with Samba/NFS compiled in the kernel, as appropriate), then use tar (if you are setting up a bunch of machines at the same time, this seems to be verry fast, as long as you can start the untar process on all the machines at basically the same time so that all the clients are asking for the same portion of the tar file while the server has that part in cache)
You forgot to mention the Next sentence:
"For our renderfarm, we're also generally looking for larger, more scalable machines than Linux can offer right now. But I think it will come to maturity in time."
-- Andy Henderickson, ILM
I think that the point was supposed to be: Why use USB speakers when you allready have a Hi-Fi stereo hooked up to your computer? Somehow, I don't think that any USB speakers (that are available now) will really compare to my setup (about $2,000+ for my speakers, $1,500 for the amp, etc.)
a) I do consider it to partly be Microsoft's fault because of the default behavior of their software (like outlook's "you got an executable as an attachment, can I please run it for you?"). If Look Out! (I consider outlook to be the worst offender) had a sane default behavior like, tell the user that attachments can do bad things, or if it was easier to change the behavior to "don't run executable attachments", then I wouldn't blame M$ anymore.
.VBS virus to replicate
b) I think that most companies should have a policy of "educating the user about potential dangers of running attachments." That coupled with M$ fixing the default behavior of Look out! would really make it hard for a
c) I'm not disputing that virii cost money, but 17Billion dollars? I think that the monetary cost has been pulled out of thin air (just like the monetary cost of spam) to scare people.
Example: At my last job, I was a "Network Admin", and when the Melissa virus hit it didn't directly cost us anything (I was working for the Territorial government up in the Yukon at the time, and we had around 2500 users.) When we got the first call from an user about a "strange email", I got to go and talk to the client, and look at the message, while another admin checked to see if there was a new set of virus definitions for Exchange scan. After I determined that the user had received a copy of the Melissa virus (but the antivirus definitions on her machine were up to date, and the virus got cleaned), all that we had to do was change the logon scripts to do an update of the AV definitions for everyone. Total time spent dealing with that virus: 2 people for 1 hour (and dealing with virii was included as part of my job description, so there was "no real cost" other than the 15 minutes it took me to visit the user, and look at her computer (while she took her coffee break.))
I'm going to leave off here (I have to leave now)
Up here in Canada, Photo Radar tickets are just fines, no points on your license.
What about the Mirrors?
I was getting around 4 Mbit/s while I got it.