And besides, if you want to start writing your own browser to compete with the big guys, do you want to pay $6.5 million? Or even $1,000? This would effectively cut out grassroots development of anything that could compete with the big boys, wouldn't it? That alone is worth not having the "feature".
The licensing isn't as simple as that for the guys writing their "own browser" as they are not forced to simply fork over any monies, it by no means cuts out grass roots development and shouldn't scare anyone away. As a small "grassroots" company I spent a bit of time digging into it and called MPEG-LA, they were actually more reasonable then even my best guess and told us to toss the licensing fees we thought we might pay for H.264 decoding as they aren't required due to our implementation.
The disappointing theme your comment highlights is your lack of appreciation for the very thing we are supposedly fighting for, the right to democracy and freedom which at their heart value human life. This type of war includes a significant amount of urban warfare and at times collateral damage however regardless of how fatigued one is it is inexcusable to brush off these types of events as mistakes grouped in with the more mundane things we all do when tired. Mistake or not if I fall asleep at the wheel and take someone's life I will be held accountable for it, albeit not the same as if I take a life on purpose but none the less I will be held accountable.
In addition to the points I made above let's discuss one of the issues that applies to your position equally as well as mine. If "mistakes" were made and innocent people died why the obvious cover-up by the military when it was apparent they could not hide the truth?
Although the technology itself is not very new the packaging (behind the ear or in ear hearing aids are purpose built devices) is left to a few specialized companies. That in addition to the fact that the market will bear these prices, assuming statistically older people with generally more resources are buying, and you are left with the prices you are running into. I recently had a similar experience with a good friends mother and after 6K for the pair with a fairly heavy hit on the savings account she is happy as can be and would do it again in a heartbeat.
Actually the port was changed before posting to protect the innocent:). Sounds like you have a good combination of tools that will significantly limit your SSH attack vectors.
I have a similar situation and cannot limit to very specific IP ranges. I have done the following with good success. I pulled some examples from my configuration that can be tweaked for yours if you like.
1. Limit incoming SSH attempts to a low number. In my case I limit to 2 connections in 60 seconds. I can tighten it even more but this did a lot to kill brute force attempts. iptables -I INPUT -p tcp -i vlan1 --dport 2242 -j DROP iptables -I INPUT -p tcp -i vlan1 --dport 2242 -m state --state NEW -m limit --limit 2/min -j ACCEPT iptables -I INPUT -p tcp -i vlan1 --dport 2242 -m state --state RELATED,ESTABLISHED -j ACCEPT
2. Automatic blacklist via DenyHosts. This helps cut down attempts from known ranges without even giving them the chance even at a slow rate. http://denyhosts.sourceforge.net/
I have experience with a number NAS solutions and if cost wasn't or reliability/throughput was paramount I would continue to purchase them (e.g., Netapp). Depending on the environment they are being installed in the (perceived) liability and additional complexity can be challenging to overcome.
With that said for places where rolling your own is an option I would keep your eye out for a good deal on drives and you will be able to build one much less expensive. I put together a new Myth backend with the following:
Antec Sonata II - $65 (rebate) Asus M2N32-Vista addition (it's running Liux but the vista addition has an LIRC supported IR receiver) - $210 AMD 4200+ X2 - $96 2GB RAM - $55 Nvidia 7600 with HDMI out - $110 6 x 500GB Maxtor SATA II HDDs - $600
It's not RAID-Z but with a standard RAID-5 I have 2.5TB usable storage with HDTV output and ATA/iSCSI targets for $1136. Not bad and Linux SW RAID-5 write speed actually screams these days, with this setup I expect 200MB write throughput.
One word of caution with RAID-Z, although writes are extremely fast there is a performance issue around reads if they are small and random because there will be a lot of cache misses. Relatively speaking it's not that bad but something to kep in mind when looking at the workload you will be supporting.
You are correct in your assertion that the "opposing forces" are not receiving the same level of review. I cannot go into great detail but I can say based on public information that one of those opposing forces is RSA, it is definitely in their interest to not see a free software model reach a level 1 certification because they turn some serious revenue over with their product. Instead of producing a product that provides a value add that makes the purchase worth the money they, as well as a few other vendors are playing dirty pool by using NIST's process to send complaint after compliant over the wall. NIST is obligated to research each complaint however the motivation is extremely questionable.
From time to time there are valid uses of this type of authentication, I used something similar a few months ago where JAAS can compliment the solution but JAAS itself isn't the solution.
I had a server on an external DMZ that is back-ended by Windows 2000 AD domain with external user accounts. I also had a requirement to authenticate internal AD users that are only accessible via the external domain and a one way trust. When using LDAP I correctly get a referral to the internal domain however I cannot contact the internal domain myself. I ended up writing a jBoss authentication module and windbind from Samba to make a usable solution.
The communications path is as follows
jboss auth-->local PAM-->Windows RPC using winbind to external AD-->windows RPC to internal AD
This problem had stumped the vendor of the package we are using a number of times, in the end it was Java/PAM to the rescue.
I wasn't however trying to say that HCI experts can't be good programmers as your first link argues. My reply was to the first post stating that they should have a "strong background in programming" to perform their duties.
I disagree with the fact that you think it's the HCI expert that should also have a strong background in programming to know what is and isn't possible. I agree they need to be informed about technolgoies but they are HCI experts and not programmers. If they need to focus on improving interactions with computers they shouldn't be considering at the programming level what is and isn't possible, it can hurt HCI innovation. That's why you have a team of poeple and a design process.
I've actually seen quite a bit come out of MS Reseach. Before anyone jumps the gun, no it's not all Windows specific. They have produced a lot looking at effecient algorithm design, UI interfaces, future networking, etc.
Apple builds an experience, and they want to keep building it. You know... I never would have thought it, but the first time I was peeking into a Mercedes at the Mercedes-Nissan dealership that serviced my Nissan, the salespeople knew exactly what they were doing when they handed me the keys to an $80,000 S-class sedan with only these words, "Just bring it back before we close." That's all it took... I was hooked by the experience of driving that thing and could never be the same. Next car I got was a Mercedes C240 with a very competitive lease. Why? Oh, come on... they know I'll be back for more.
That's an interesting approach. To put it another way...
Here's the $1000 dollar an hour call girl, she'll take you out back and let you look at her tits for a little while.
Now you're hooked and want to buy so you purchase some time with the overpriced fat girl with buckteeth.
What a deal...:) Just having some fun.
I currently own a CLK430 and my wife worked at a Mercedes dealership up until just recently so I'm pretty informed when it comes to their model lines. An S 430/500 is a completely different car then a C240, about the only thing they have in common is the symbol on the hood. The people I've seen make the plunge actually remind me of the Nike Swoosh phenomenon, that logo turns your basic white Tee into a high line exercise shirt:).
Bottom line, a Motorola-iTunes phone means co-branding and although Apple knows how to sell computers Motorola knows how to sell phones. In an environment where people are not buying on impulse but rather based generally on contract renewals and through a cell carrier product awareness is important to line things up. Motorola's Razor phone was announced for months before it hit the streets and it did a lot better on launch then it would have if it were just dropped on the street. A number of people I know planned for it so that when their contract renewal came through they could grab it.
I don't know about you but I generate about 6GB of email archives per year. Besides that having my email potentially available for searching doesn't sit well with me. I'm not sure where it stands now but there were a lot of potential privacy issues with Gmail.
No I don't receive hords of email, just a lot of engineering related with source code,research, white papers attached. If you do anything business related it's important to keep all of the original emails received so there is an electronic paper trail.
I've been wanting a site for a while where I can aggregate my research, solutions, discussions, etc. so that it benefits not only me but the community at large.
Coincidently I just this week setup XWiki to try and finally make it a reality. It's still a work in progress but one of the things I'm trying to do is exactly what you are talking about.
It's rough around the edges but I'm going to start populating it with my data real soon, I'm currently trying to figure out how to organize. Come check it out if you would like.
http://pad-linux.no-ip.org/
The problem with VoIP cutting out isn't latency, it's jitter and packet loss. Jitter being the delta between the difference in arrivial time between packets. For example if you have the following
Packets:
1 - 200ms 2 - 180ms 3 - 240ms
You have a maximum of 60ms of jitter between 2 and 3.
If there is consistent latency but low jitter and loss packet rate will still be smooth and the voice quality will be as well, minus the general delay from sending to receiving. Any VoIP solution accounts for jitter and decent ones have dynamic jitter buffers which can stretch out pretty good on poor quality lines. Still nothing's perfect.
I've been involved with a few VoIP deployments using INMRASAT satellite connections and have been successful. Average RTT 1.2s and over 2s if it's a double hop, say from the US to the middle east (needs to go through Germany).
To help with the original question, adding QoS to the line isn't going to change the BW requirements, what it should do is keep the packet loss and jitter down depending on the queuing mechanisms used. I wouldn't however count on your satellite provider handling QoS, or for that matter the public backbone.
Go find someone with this setup. Try it. It sucks.
I have this very setup with a series 2 and my MPEG quality issues are from the Tivo and not the cable box itself. Tivo's encoding has what I would call fairly poor color depth. Turns out per Tivo having it encode at the "highest quality" isn't as good as the signal coming off of my box to begin with.
You are correct, HP licensed the iPod. However they didn't license the technology itself to use in their OWN music player. It's still an iPod, still controlled by Apple.
I imagine a lot of people will say it's just a case of the "little" guy making a superior product (Apple is very small when compared to MS).
That said Apple is enforcing a product lock-in the same way MS has done in the past by not licensing key technologies needed to make compatible products. They have the choice to license FairPlay to competitors and I know a number would do it if given the opportunity, but they have not so they can maintain control.
Ask yourself this; if Microsoft came out with a proprietary DRM scheme as Apple has and only allowed it to work with a Player they produced wouldn't it just be a case of MS abusing their monopoly yet again?
I've done similar things in the past and currently I run my print and file servers on Linux quite seamlessly. All of the Windows admins and users don't know any different.
Samba + PAM + CUPS gives you integrated authentication, SMB/CIFS file serving (Windows file sharing protocol), as well as SMB and IPP printing.
I don't know of any tutorials off the top of my head but Google gave me all I needed to figure it out.
The Evolution connector uses OWA (Outlook Web Access) to get it's job done. Outlook Web Access is actually IIS handling WebDaV requests with stylesheets for access so it makes third party access easy. Microsoft's own Entourage connector on OSX does the very same thing along with LDAP for address lookups.
It's not pretty but you can for example on any Exchange 2000+ server mount your mailbox as a WebDAV share.
I've run into a few environments where either OWA is turned off and IMAP/POP are not turned on. Which leaves everyone stuck with a MAPI client. Granted the MAPI object is a *fairly* well documented API however it does limit the client to a Windows platform with MAPI installed. There is some value in it but with MS pulling away from MAPI as well in favor of more flexible HTTP based protocols it's getting long in the tooth.
The data on the card itself is encrypted and protected by your PIN. Access via the pin cannot be brute forced because the card locks itself after just a handful of tries. Even if it's lost the chances or someone getting the data off while the data is still valuable to the adversary is slim.
Slashdot Mirror
And besides, if you want to start writing your own browser to compete with the big guys, do you want to pay $6.5 million? Or even $1,000? This would effectively cut out grassroots development of anything that could compete with the big boys, wouldn't it? That alone is worth not having the "feature".
The licensing isn't as simple as that for the guys writing their "own browser" as they are not forced to simply fork over any monies, it by no means cuts out grass roots development and shouldn't scare anyone away. As a small "grassroots" company I spent a bit of time digging into it and called MPEG-LA, they were actually more reasonable then even my best guess and told us to toss the licensing fees we thought we might pay for H.264 decoding as they aren't required due to our implementation.
When I was a kid I remember watching Richie Rich, including swimming in and counting money, seems he knew what he was doing :)
The disappointing theme your comment highlights is your lack of appreciation for the very thing we are supposedly fighting for, the right to democracy and freedom which at their heart value human life. This type of war includes a significant amount of urban warfare and at times collateral damage however regardless of how fatigued one is it is inexcusable to brush off these types of events as mistakes grouped in with the more mundane things we all do when tired. Mistake or not if I fall asleep at the wheel and take someone's life I will be held accountable for it, albeit not the same as if I take a life on purpose but none the less I will be held accountable.
In addition to the points I made above let's discuss one of the issues that applies to your position equally as well as mine. If "mistakes" were made and innocent people died why the obvious cover-up by the military when it was apparent they could not hide the truth?
Although the technology itself is not very new the packaging (behind the ear or in ear hearing aids are purpose built devices) is left to a few specialized companies. That in addition to the fact that the market will bear these prices, assuming statistically older people with generally more resources are buying, and you are left with the prices you are running into. I recently had a similar experience with a good friends mother and after 6K for the pair with a fairly heavy hit on the savings account she is happy as can be and would do it again in a heartbeat.
Actually the port was changed before posting to protect the innocent :). Sounds like you have a good combination of tools that will significantly limit your SSH attack vectors.
I have a similar situation and cannot limit to very specific IP ranges. I have done the following with good success. I pulled some examples from my configuration that can be tweaked for yours if you like.
1. Limit incoming SSH attempts to a low number. In my case I limit to 2 connections in 60 seconds. I can tighten it even more but this did a lot to kill brute force attempts.
iptables -I INPUT -p tcp -i vlan1 --dport 2242 -j DROP
iptables -I INPUT -p tcp -i vlan1 --dport 2242 -m state --state NEW -m limit --limit 2/min -j ACCEPT
iptables -I INPUT -p tcp -i vlan1 --dport 2242 -m state --state RELATED,ESTABLISHED -j ACCEPT
2. Automatic blacklist via DenyHosts. This helps cut down attempts from known ranges without even giving them the chance even at a slow rate. http://denyhosts.sourceforge.net/
I have experience with a number NAS solutions and if cost wasn't or reliability/throughput was paramount I would continue to purchase them (e.g., Netapp). Depending on the environment they are being installed in the (perceived) liability and additional complexity can be challenging to overcome.
With that said for places where rolling your own is an option I would keep your eye out for a good deal on drives and you will be able to build one much less expensive. I put together a new Myth backend with the following:
Antec Sonata II - $65 (rebate)
Asus M2N32-Vista addition (it's running Liux but the vista addition has an LIRC supported IR receiver) - $210
AMD 4200+ X2 - $96
2GB RAM - $55
Nvidia 7600 with HDMI out - $110
6 x 500GB Maxtor SATA II HDDs - $600
It's not RAID-Z but with a standard RAID-5 I have 2.5TB usable storage with HDTV output and ATA/iSCSI targets for $1136. Not bad and Linux SW RAID-5 write speed actually screams these days, with this setup I expect 200MB write throughput.
One word of caution with RAID-Z, although writes are extremely fast there is a performance issue around reads if they are small and random because there will be a lot of cache misses. Relatively speaking it's not that bad but something to kep in mind when looking at the workload you will be supporting.
5 points...
You are correct in your assertion that the "opposing forces" are not receiving the same level of review. I cannot go into great detail but I can say based on public information that one of those opposing forces is RSA, it is definitely in their interest to not see a free software model reach a level 1 certification because they turn some serious revenue over with their product. Instead of producing a product that provides a value add that makes the purchase worth the money they, as well as a few other vendors are playing dirty pool by using NIST's process to send complaint after compliant over the wall. NIST is obligated to research each complaint however the motivation is extremely questionable.
From time to time there are valid uses of this type of authentication, I used something similar a few months ago where JAAS can compliment the solution but JAAS itself isn't the solution.
I had a server on an external DMZ that is back-ended by Windows 2000 AD domain with external user accounts. I also had a requirement to authenticate internal AD users that are only accessible via the external domain and a one way trust. When using LDAP I correctly get a referral to the internal domain however I cannot contact the internal domain myself. I ended up writing a jBoss authentication module and windbind from Samba to make a usable solution.
The communications path is as follows
jboss auth-->local PAM-->Windows RPC using winbind to external AD-->windows RPC to internal AD
This problem had stumped the vendor of the package we are using a number of times, in the end it was Java/PAM to the rescue.
Interesting reading..
I wasn't however trying to say that HCI experts can't be good programmers as your first link argues. My reply was to the first post stating that they should have a "strong background in programming" to perform their duties.
I disagree with the fact that you think it's the HCI expert that should also have a strong background in programming to know what is and isn't possible. I agree they need to be informed about technolgoies but they are HCI experts and not programmers. If they need to focus on improving interactions with computers they shouldn't be considering at the programming level what is and isn't possible, it can hurt HCI innovation. That's why you have a team of poeple and a design process.
I've actually seen quite a bit come out of MS Reseach. Before anyone jumps the gun, no it's not all Windows specific. They have produced a lot looking at effecient algorithm design, UI interfaces, future networking, etc.
Microsoft Research
P.S. I use OSX and Linux so I'm not a "Microsoft lover" but they have some real good reads.
Apple builds an experience, and they want to keep building it. You know... I never would have thought it, but the first time I was peeking into a Mercedes at the Mercedes-Nissan dealership that serviced my Nissan, the salespeople knew exactly what they were doing when they handed me the keys to an $80,000 S-class sedan with only these words, "Just bring it back before we close." That's all it took... I was hooked by the experience of driving that thing and could never be the same. Next car I got was a Mercedes C240 with a very competitive lease. Why? Oh, come on... they know I'll be back for more.
:) Just having some fun.
:).
That's an interesting approach. To put it another way...
Here's the $1000 dollar an hour call girl, she'll take you out back and let you look at her tits for a little while.
Now you're hooked and want to buy so you purchase some time with the overpriced fat girl with buckteeth.
What a deal...
I currently own a CLK430 and my wife worked at a Mercedes dealership up until just recently so I'm pretty informed when it comes to their model lines. An S 430/500 is a completely different car then a C240, about the only thing they have in common is the symbol on the hood. The people I've seen make the plunge actually remind me of the Nike Swoosh phenomenon, that logo turns your basic white Tee into a high line exercise shirt
Bottom line, a Motorola-iTunes phone means co-branding and although Apple knows how to sell computers Motorola knows how to sell phones. In an environment where people are not buying on impulse but rather based generally on contract renewals and through a cell carrier product awareness is important to line things up. Motorola's Razor phone was announced for months before it hit the streets and it did a lot better on launch then it would have if it were just dropped on the street. A number of people I know planned for it so that when their contract renewal came through they could grab it.
- Brian
Gmail?
I don't know about you but I generate about 6GB of email archives per year. Besides that having my email potentially available for searching doesn't sit well with me. I'm not sure where it stands now but there were a lot of potential privacy issues with Gmail.
No I don't receive hords of email, just a lot of engineering related with source code,research, white papers attached. If you do anything business related it's important to keep all of the original emails received so there is an electronic paper trail.
That didn't last long.. Cox is blocking the incoming port now.
- Brian
I've been wanting a site for a while where I can aggregate my research, solutions, discussions, etc. so that it benefits not only me but the community at large.
Coincidently I just this week setup XWiki to try and finally make it a reality. It's still a work in progress but one of the things I'm trying to do is exactly what you are talking about.
It's rough around the edges but I'm going to start populating it with my data real soon, I'm currently trying to figure out how to organize. Come check it out if you would like.
http://pad-linux.no-ip.org/
The problem with VoIP cutting out isn't latency, it's jitter and packet loss. Jitter being the delta between the difference in arrivial time between packets. For example if you have the following
Packets:
1 - 200ms
2 - 180ms
3 - 240ms
You have a maximum of 60ms of jitter between 2 and 3.
If there is consistent latency but low jitter and loss packet rate will still be smooth and the voice quality will be as well, minus the general delay from sending to receiving. Any VoIP solution accounts for jitter and decent ones have dynamic jitter buffers which can stretch out pretty good on poor quality lines. Still nothing's perfect.
I've been involved with a few VoIP deployments using INMRASAT satellite connections and have been successful. Average RTT 1.2s and over 2s if it's a double hop, say from the US to the middle east (needs to go through Germany).
To help with the original question, adding QoS to the line isn't going to change the BW requirements, what it should do is keep the packet loss and jitter down depending on the queuing mechanisms used. I wouldn't however count on your satellite provider handling QoS, or for that matter the public backbone.
Go find someone with this setup. Try it. It sucks.
I have this very setup with a series 2 and my MPEG quality issues are from the Tivo and not the cable box itself. Tivo's encoding has what I would call fairly poor color depth. Turns out per Tivo having it encode at the "highest quality" isn't as good as the signal coming off of my box to begin with.
You are correct, HP licensed the iPod. However they didn't license the technology itself to use in their OWN music player. It's still an iPod, still controlled by Apple.
I imagine a lot of people will say it's just a case of the "little" guy making a superior product (Apple is very small when compared to MS).
That said Apple is enforcing a product lock-in the same way MS has done in the past by not licensing key technologies needed to make compatible products. They have the choice to license FairPlay to competitors and I know a number would do it if given the opportunity, but they have not so they can maintain control.
Ask yourself this; if Microsoft came out with a proprietary DRM scheme as Apple has and only allowed it to work with a Player they produced wouldn't it just be a case of MS abusing their monopoly yet again?
You should have gone to the site, it's called out on the system requirements page.
I've done similar things in the past and currently I run my print and file servers on Linux quite seamlessly. All of the Windows admins and users don't know any different.
Samba + PAM + CUPS gives you integrated authentication, SMB/CIFS file serving (Windows file sharing protocol), as well as SMB and IPP printing.
I don't know of any tutorials off the top of my head but Google gave me all I needed to figure it out.
The Evolution connector uses OWA (Outlook Web Access) to get it's job done. Outlook Web Access is actually IIS handling WebDaV requests with stylesheets for access so it makes third party access easy. Microsoft's own Entourage connector on OSX does the very same thing along with LDAP for address lookups.
It's not pretty but you can for example on any Exchange 2000+ server mount your mailbox as a WebDAV share.
I've run into a few environments where either OWA is turned off and IMAP/POP are not turned on. Which leaves everyone stuck with a MAPI client. Granted the MAPI object is a *fairly* well documented API however it does limit the client to a Windows platform with MAPI installed. There is some value in it but with MS pulling away from MAPI as well in favor of more flexible HTTP based protocols it's getting long in the tooth.
The data on the card itself is encrypted and protected by your PIN. Access via the pin cannot be brute forced because the card locks itself after just a handful of tries. Even if it's lost the chances or someone getting the data off while the data is still valuable to the adversary is slim.