Detainment does NOT necessarily mean a ride in the back of a police car and put in jail.
If you are arrested, you are formally charged with a crime. If you are detained, you are not, and must be released in a reasonable amount of time, whether they can figure out who you are or not.
In many places, the maximum detainment time is 24 hours. In many others, it's more or less.
I don't know what kind of cop you were talking to, but you don't need a piece of paper to prove your identification. Stating your name and a way for them to check is just fine.
Either that, or your part of Oregon is different than my part of Oregon.
They CAN detain you, if they have probable cause, and hold you until they figure out who you are. That is NOT the same as an arrest, and you MUST be released in a certain amount of time, unless you give them good reason to not.
For those interested, the Oregon Revised Statutes are located here.
I did know that particular fact... and I agree, there isn't much a shuttle launch adds, considering all the power plants out there that dump their steam right into the atmosphere right after it goes through the turbines.
My uncle was a NASA engineer who built devices to study the ozone layer and the greenhouse effect. His team's opinions were a bit different than the doomsayers regarding the greenhouse effect. Mainly, that the Earth cycles through periods of greenhousing followed by glaciation, and that we are on a warming trend anyway.
The amount of greenhouse gases emitted by humans is comparatively low compared to some natural sources like volcanic eruptions.
Interestingly enough, the Mt. Pinnatubo eruption in the early '90s (was 91 or 92,..) spilled more CO2 into the air than people could imagine, but the dust it spilled into the air lowered the average temperature of the northern hemisphere about.5 degrees for almost a year.
It was very noticable, too. We had snow in August, which is normally our hottest month here. (Normally hits near 100 degrees.) There was basically no summer that year.
If lowering the Earth's temperature by.5 degrees has that effect, I would welcome a few more degrees increase! I'd like the safety margin. I really hate the cold!
actually, Printed Circuit Boards ARE toxic... they contain fiberglass embedded in epoxy, and as we all know, prolonged exposure to fiberglass dust is believed to cause lung cancer.
The bandwidth wasted by a successful worm is gigantic. To say nothing of time and disk space.
In terms of bandwidth/time/storage space, which is worse for the net as a whole, then? Is it successful worms, or is it really the spam?
I think it's the spam... and since I've never been directly affected by a successful worm, I most certainly would rather see spammers get jailtime rather than worm writers, if I had to choose one or the other.
Yeah, that makes sense. Though, if you wanted to NOT use QNX et al., it's a good use for that Zilog Z80 update with the built in TCP/IP stack...
Some friends of mine went to the Oregon Institute of Technology, and International Gaming Technologies is a BIG corporate donor to them, so the students have projects usually involving slot machine design/programming... I should ask one of them how they'd do it.
You know, if I was making a slot machine, I probably wouldn't be running ANY OS like XP, Linux, QNX, or anything. I'd probably write in C and do EVERYTHING myself.
Slot machines are not complicated enough to need a full OS...
Re:Separation of firewall and application duties
on
Home Server Rooms?
·
· Score: 2
a. make mistakes in configurations and accidentilly misconfigure a server
Not terribly easy to do if you've got a long-established routing, as I do. Also, your biggest friends are nmap and SATAN.
b. the application has a bug in it that causes it to bind all interfaces.
Use IPtables to drop packets directed to that port on the interfaces you don't want it listening to.
c. the package manager changes your configuration to the default and you don't notice it.
Thus why it is important when upgrading to check ALL important configuration files touched by the installer. There is software that keeps track of this sort of thing for ALL installation methods under Linux.
It seems I have solutions to all your problems. You will need to find new ones.
Sorry two systems are *ALWAYS* more secure than one if they are both configured correctly and preferrably running different OSs.
I will give that a SLIGHT advantage, but not more. For the record, I have *NEVER* had a machine I configured ever get cracked, script kiddies or otherwise.
Your argument is that PHYSICAL separation of duties makes a system more secure. I disagree. Separation is important, but it can be VIRTUAL as opposed to physical. As far as running two OS's on two machines, sorry, but I only run Linux.
But, I guess it's all irrelevant. Some people still swear by Windows, and their opinion is perfectly valid from their point of view.
I have been configuring Linux systems since kernel 0.99.something, and there is no substitute for thoroughness when configuring systems, and that thoroughness can make my setup secure.
Well, what I was saying is merely that the firewall and the internal services could be on the same machine.
It's a no brainer that a machine providing external services should NOT be the same as the firewall, by definition.
I DID say that I would have another machine if I could ever come up with a good reason to have a web server at my house. I assumed that you and everyone else would read between the lines and think "external" there. Perhaps I should have said that instead of giving a specific example.
You list four machines: router, WinNT, external server, and internal server. I say you can do this with TWO, and you even admit it can be done with three, if you get comfortable with Samba.
You see, your internal server and your router/firewall can be the SAME machine, as I am set up here. It deosn't offer external services on the interface that's connected to the outside world. Furthermore, if you connect your DSL/Cable modem directly to the same hub/switch that your internal network is on, you deserve all the trouble you are going to get. Your external services are, of course, on a different machine and outside the firewall. I would do that too, if I offered the world any services.
Two machines still doesn't really make enough heat to have cooling be a concern, which is the original topic of this entire article.
Three might be... four machines and I'd definitely be thinking about cooling whatever room they are in if it was smaller than say... 50 sq. ft. with no draft ventilation.
But the original article was asking about cooling, and to recap, I failed to see the need for enough machines to where that's a problem, keeping in mind that this is for a "home network."
Your case is rather special at having even 4... and you could easily reduce that to three.
Combining your router/firewall and internal server is a perfectly valid solution, and if a "hax0r" gets into your internal network, then it was misconfigured.
Configuring a machine that way is as trivial as adding a second NIC, and configuring all services (except maybe SSH) to bind ONLY to the card on the internal network. No services to the external network... That is handled by a separate machine, if you want external services.
I maintain that this setup is cheaper, smaller, quieter, cooler, and as secure as your four machines, provided you migrated to Samba over WinNT.
It's really quite simple. TWO interface cards. Damn near all server software lets you bind to just ONE interface. Therefore, you hook one ethernet card to the external network, with no services running on it, and you have the other supporting your internal network.
Just because you install Samba doesn't mean you need it listening on ALL your interfaces.
Furthermore, advanced inetd daemons, like xinetd, allow you to define which interfaces that it listens on for each service. Consequently, you can have ZERO open ports presented to the outside world.
Thus, the principle of the entire firewall concept is NOT defeated.
Re:Separation of firewall and application duties
on
Home Server Rooms?
·
· Score: 2
Except that most server software lets you bind to a specific interface, therefore you can choose what services to make externally available. There isn't any reason to have ANY services externally available for a typical home network. What good is it? I can MAYBE see SSH, but I never have need of logging into my home network from elsewhere.
The other thing is the money factor... sorry, but I just can't have two machines in that position when one will suffice.
There is absolutely no reason that having one machine with two NICs can't be as secure as two separate machines. One NIC goes to the DSL modem and has NO services listening there (except SSH if you need it)... the other NIC goes inside, and runs whatever you want.
Simple, cost effective, and not likely to be cracked. Perfect for a home network.
I still maintain that if you aren't putting lots of equipment in to just geek out... you are overkilling.
On that, we agree, and I admit that's what's usually going on, but as per what I have that's "normal" for my fiancee to use the 'net and keep her files on the server and keep the LAN safe from crackers is all as I described in my original post.
Now, my "computer room" is different from my "server room"... the computer room has a dozen external SCSI cases strewn about, 2 printers that are on ethernet, 4 computers that run, about 10 that don't... three different platforms and 4 operating systems run here... I've got cables strewn all over the place... and no less than 20 surge-protected outlets...
It doesn't look cool though, it looks like a mess:)
You know, geeking out now and then is cool and all, but why, exactly, do you need this much server equipment for a "home network?"
Personally, I have ONE well-configured machine acting as the firewall, the router, and the file server. There would be a seperate machine providing external 'net service (HTTP) if I could think of any damn good reason I needed a web server at my house.
So, one well-configured machine with 2 NICs, one 8-port ethernet switch and a DSL modem equals: one short Cat5 cable to the DSL modem, 4 power cables (one for the seldom-used monitor), and 8 Cat5 cables run to the rest of the house.
What you and almost everyone else is describing here is more of what you'd find in much more commercial places, and a bit overkill if you ask me. My single-machine setup works just fine, and the advantage of one machine is that you DON'T need any additional cooling.
All of it fits in a closet, and I can work with the server from any part of the house with a tektronix X-terminal, or the computer that happens to be there.
So, I guess I wonder where the advantage is of having enough machines to have to design it so that people get a "feeling" of what my machines' duties are visually? What's the point of having a huge NOC in your house?
Is there a point, or is it just merely to geek-out to the point of overkill, which I can also respect, but can't logically submit myself to?
The local Costco has a VAIO ultra-mini Crusoe-based laptop... 1024x480 screen, built-in camera... for $1,899. I have no idea if that's a good price.
I think the speed was 650MHz.
Right next to it was a big P3 based VAIO with a bigger screen, docking station, and all the other perks for the same price. To be honest, I'd rather have the P3-based one out of screen size alone.
I'll have to ammend that... I heard about it at 8PM on the radio (KUGN) and 10PM on KEZI news. They really didn't say much, though.
(RANT: ATTN: Taco: Goddamnit, I am not a fscking cowboy, and my comments are perfectly valid no matter how fast I send them!!! The 2-minute delay is NOT a good way to make things "fair"... saying it's "fair" is a cop-out.)
Actually, I had a friend encounter a little problem at the UofO for some piracy issues a few years back... made me glad I was already using all legitamitly(sp?) free (speech & beer) software instead of his products!
For Slashdot readers too young to have seen one, a pinball machine was a mechanical device involving a steel ball, some solenoid actuated bumpers...
Wonderful way to put it. Don't be such a condescending asshole. Anyone who doesn't know what a pinball machine is could easily look it up, but your post assumes most people are ignorant, especially the young.
Most arcades still have pinball machines, and they are among my favorite things to play with.
I can walk probably up to a 10 year old and ask him what a pinball machine is, and get a correct answer.
For the record, I'm over the U.S. legal drinking age.
This is a group giving advice to the people that listen to it. Clearly, most of us don't, and never would listen to such a group.
The simple fact is, while YOU may not agree with them, there are many people who do. You really can't change the organization (lionlamb) and expect the followers to change. You have to change the followers.
I find it interesting that this got so much attention here on slashdot in the "your rights online" topic. It's silly, and they are any of dozens of so-called consumer groups that make these sort of recommendations.
Who cares what their opinion is? You aren't going to go with it, right? It's not forced on you, so how is it affecting your rights online?
I think we should worry about more pressing matters that really do concern our rights online, such as new copyright laws and treaties, not some stupid misguided group giving it's opinion. (They certainly aren't the only one in that category, you know.)
Slashdot Mirror
Detainment does NOT necessarily mean a ride in the back of a police car and put in jail.
If you are arrested, you are formally charged with a crime. If you are detained, you are not, and must be released in a reasonable amount of time, whether they can figure out who you are or not.
In many places, the maximum detainment time is 24 hours. In many others, it's more or less.
I don't know what kind of cop you were talking to, but you don't need a piece of paper to prove your identification. Stating your name and a way for them to check is just fine.
Either that, or your part of Oregon is different than my part of Oregon.
They CAN detain you, if they have probable cause, and hold you until they figure out who you are. That is NOT the same as an arrest, and you MUST be released in a certain amount of time, unless you give them good reason to not.
For those interested, the Oregon Revised Statutes are located here.
I did know that particular fact... and I agree, there isn't much a shuttle launch adds, considering all the power plants out there that dump their steam right into the atmosphere right after it goes through the turbines.
.5 degrees for almost a year.
.5 degrees has that effect, I would welcome a few more degrees increase! I'd like the safety margin. I really hate the cold!
My uncle was a NASA engineer who built devices to study the ozone layer and the greenhouse effect. His team's opinions were a bit different than the doomsayers regarding the greenhouse effect. Mainly, that the Earth cycles through periods of greenhousing followed by glaciation, and that we are on a warming trend anyway.
The amount of greenhouse gases emitted by humans is comparatively low compared to some natural sources like volcanic eruptions.
Interestingly enough, the Mt. Pinnatubo eruption in the early '90s (was 91 or 92,..) spilled more CO2 into the air than people could imagine, but the dust it spilled into the air lowered the average temperature of the northern hemisphere about
It was very noticable, too. We had snow in August, which is normally our hottest month here. (Normally hits near 100 degrees.) There was basically no summer that year.
If lowering the Earth's temperature by
let's hope that the Navy research gets us a step closer to not burning all that Oxygen and Hydrogen to get to space...
...We wouldn't want all the resulting water vapor polluting our atmosphere, and our poor mother earth.
actually, Printed Circuit Boards ARE toxic... they contain fiberglass embedded in epoxy, and as we all know, prolonged exposure to fiberglass dust is believed to cause lung cancer.
The rule... when cutting them, use a dust mask.
I'll have to ask a cop I know about that.
I have never heard of such a thing, however.
The bandwidth wasted by a successful worm is gigantic. To say nothing of time and disk space.
In terms of bandwidth/time/storage space, which is worse for the net as a whole, then? Is it successful worms, or is it really the spam?
I think it's the spam... and since I've never been directly affected by a successful worm, I most certainly would rather see spammers get jailtime rather than worm writers, if I had to choose one or the other.
Both would certainly be acceptable.
Yeah, that makes sense. Though, if you wanted to NOT use QNX et al., it's a good use for that Zilog Z80 update with the built in TCP/IP stack...
Some friends of mine went to the Oregon Institute of Technology, and International Gaming Technologies is a BIG corporate donor to them, so the students have projects usually involving slot machine design/programming... I should ask one of them how they'd do it.
You know, if I was making a slot machine, I probably wouldn't be running ANY OS like XP, Linux, QNX, or anything. I'd probably write in C and do EVERYTHING myself.
Slot machines are not complicated enough to need a full OS...
a. make mistakes in configurations and accidentilly misconfigure a server
Not terribly easy to do if you've got a long-established routing, as I do. Also, your biggest friends are nmap and SATAN.
b. the application has a bug in it that causes it to bind all interfaces.
Use IPtables to drop packets directed to that port on the interfaces you don't want it listening to.
c. the package manager changes your configuration to the default and you don't notice it.
Thus why it is important when upgrading to check ALL important configuration files touched by the installer. There is software that keeps track of this sort of thing for ALL installation methods under Linux.
It seems I have solutions to all your problems. You will need to find new ones.
Sorry two systems are *ALWAYS* more secure than one if they are both configured correctly and preferrably running different OSs.
I will give that a SLIGHT advantage, but not more. For the record, I have *NEVER* had a machine I configured ever get cracked, script kiddies or otherwise.
Your argument is that PHYSICAL separation of duties makes a system more secure. I disagree. Separation is important, but it can be VIRTUAL as opposed to physical. As far as running two OS's on two machines, sorry, but I only run Linux.
But, I guess it's all irrelevant. Some people still swear by Windows, and their opinion is perfectly valid from their point of view.
I have been configuring Linux systems since kernel 0.99.something, and there is no substitute for thoroughness when configuring systems, and that thoroughness can make my setup secure.
Well, what I was saying is merely that the firewall and the internal services could be on the same machine.
It's a no brainer that a machine providing external services should NOT be the same as the firewall, by definition.
I DID say that I would have another machine if I could ever come up with a good reason to have a web server at my house. I assumed that you and everyone else would read between the lines and think "external" there. Perhaps I should have said that instead of giving a specific example.
You list four machines: router, WinNT, external server, and internal server. I say you can do this with TWO, and you even admit it can be done with three, if you get comfortable with Samba.
You see, your internal server and your router/firewall can be the SAME machine, as I am set up here. It deosn't offer external services on the interface that's connected to the outside world. Furthermore, if you connect your DSL/Cable modem directly to the same hub/switch that your internal network is on, you deserve all the trouble you are going to get. Your external services are, of course, on a different machine and outside the firewall. I would do that too, if I offered the world any services.
Two machines still doesn't really make enough heat to have cooling be a concern, which is the original topic of this entire article.
Three might be... four machines and I'd definitely be thinking about cooling whatever room they are in if it was smaller than say... 50 sq. ft. with no draft ventilation.
But the original article was asking about cooling, and to recap, I failed to see the need for enough machines to where that's a problem, keeping in mind that this is for a "home network."
Your case is rather special at having even 4... and you could easily reduce that to three.
Combining your router/firewall and internal server is a perfectly valid solution, and if a "hax0r" gets into your internal network, then it was misconfigured.
Configuring a machine that way is as trivial as adding a second NIC, and configuring all services (except maybe SSH) to bind ONLY to the card on the internal network. No services to the external network... That is handled by a separate machine, if you want external services.
I maintain that this setup is cheaper, smaller, quieter, cooler, and as secure as your four machines, provided you migrated to Samba over WinNT.
It's really quite simple. TWO interface cards. Damn near all server software lets you bind to just ONE interface. Therefore, you hook one ethernet card to the external network, with no services running on it, and you have the other supporting your internal network.
Just because you install Samba doesn't mean you need it listening on ALL your interfaces.
Furthermore, advanced inetd daemons, like xinetd, allow you to define which interfaces that it listens on for each service. Consequently, you can have ZERO open ports presented to the outside world.
Thus, the principle of the entire firewall concept is NOT defeated.
Except that most server software lets you bind to a specific interface, therefore you can choose what services to make externally available. There isn't any reason to have ANY services externally available for a typical home network. What good is it? I can MAYBE see SSH, but I never have need of logging into my home network from elsewhere.
The other thing is the money factor... sorry, but I just can't have two machines in that position when one will suffice.
There is absolutely no reason that having one machine with two NICs can't be as secure as two separate machines. One NIC goes to the DSL modem and has NO services listening there (except SSH if you need it)... the other NIC goes inside, and runs whatever you want.
Simple, cost effective, and not likely to be cracked. Perfect for a home network.
I still maintain that if you aren't putting lots of equipment in to just geek out... you are overkilling.
Umm, no, it's a Linux box.
On that, we agree, and I admit that's what's usually going on, but as per what I have that's "normal" for my fiancee to use the 'net and keep her files on the server and keep the LAN safe from crackers is all as I described in my original post.
:)
Now, my "computer room" is different from my "server room"... the computer room has a dozen external SCSI cases strewn about, 2 printers that are on ethernet, 4 computers that run, about 10 that don't... three different platforms and 4 operating systems run here... I've got cables strewn all over the place... and no less than 20 surge-protected outlets...
It doesn't look cool though, it looks like a mess
You know, geeking out now and then is cool and all, but why, exactly, do you need this much server equipment for a "home network?"
Personally, I have ONE well-configured machine acting as the firewall, the router, and the file server. There would be a seperate machine providing external 'net service (HTTP) if I could think of any damn good reason I needed a web server at my house.
So, one well-configured machine with 2 NICs, one 8-port ethernet switch and a DSL modem equals: one short Cat5 cable to the DSL modem, 4 power cables (one for the seldom-used monitor), and 8 Cat5 cables run to the rest of the house.
What you and almost everyone else is describing here is more of what you'd find in much more commercial places, and a bit overkill if you ask me. My single-machine setup works just fine, and the advantage of one machine is that you DON'T need any additional cooling.
All of it fits in a closet, and I can work with the server from any part of the house with a tektronix X-terminal, or the computer that happens to be there.
So, I guess I wonder where the advantage is of having enough machines to have to design it so that people get a "feeling" of what my machines' duties are visually? What's the point of having a huge NOC in your house?
Is there a point, or is it just merely to geek-out to the point of overkill, which I can also respect, but can't logically submit myself to?
No, No... you use a heat pump. Some systems are designed to work with ground temperature differential vs. coolant temperature.
I'm a student at LCC who might dual-enroll into the U if I get enough financial aid next year...
The local Costco has a VAIO ultra-mini Crusoe-based laptop... 1024x480 screen, built-in camera... for $1,899. I have no idea if that's a good price.
I think the speed was 650MHz.
Right next to it was a big P3 based VAIO with a bigger screen, docking station, and all the other perks for the same price. To be honest, I'd rather have the P3-based one out of screen size alone.
I'll have to ammend that... I heard about it at 8PM on the radio (KUGN) and 10PM on KEZI news. They really didn't say much, though.
(RANT: ATTN: Taco: Goddamnit, I am not a fscking cowboy, and my comments are perfectly valid no matter how fast I send them!!! The 2-minute delay is NOT a good way to make things "fair"... saying it's "fair" is a cop-out.)
hahaha no kidding.
Actually, I had a friend encounter a little problem at the UofO for some piracy issues a few years back... made me glad I was already using all legitamitly(sp?) free (speech & beer) software instead of his products!
Hmmm interesting... I've seen those, too... but never heard them called "pinball machines"...
Well, I'll apologize for the flame if that's what was being referred to...
I didn't see/hear about it at all on local news or in the Eugene Register-Guard.... hmmm....
For Slashdot readers too young to have seen one, a pinball machine was a mechanical device involving a steel ball, some solenoid actuated bumpers...
Wonderful way to put it. Don't be such a condescending asshole. Anyone who doesn't know what a pinball machine is could easily look it up, but your post assumes most people are ignorant, especially the young.
Most arcades still have pinball machines, and they are among my favorite things to play with.
I can walk probably up to a 10 year old and ask him what a pinball machine is, and get a correct answer.
For the record, I'm over the U.S. legal drinking age.
This is a group giving advice to the people that listen to it. Clearly, most of us don't, and never would listen to such a group.
The simple fact is, while YOU may not agree with them, there are many people who do. You really can't change the organization (lionlamb) and expect the followers to change. You have to change the followers.
I find it interesting that this got so much attention here on slashdot in the "your rights online" topic. It's silly, and they are any of dozens of so-called consumer groups that make these sort of recommendations.
Who cares what their opinion is? You aren't going to go with it, right? It's not forced on you, so how is it affecting your rights online?
I think we should worry about more pressing matters that really do concern our rights online, such as new copyright laws and treaties, not some stupid misguided group giving it's opinion. (They certainly aren't the only one in that category, you know.)