We researched both products before we bought the PS. We relied heavily on the experiences from our peer regent's Unvs. The killer was one regents Unv in particular that first tested the Allot. It died. It couldn't remotely keep up with their pipe. It couldn't do time sensitive rules either. It also was very dumb, only filtering on basic TCP/UDP port numbers. That same Unv tried a PS that wasn't rated for their pipe and it mananged to keep up. That was about 2 years ago (1.5 years before we bought a PS). They've greatly expanded their product line for fatter pipes since. We also couldn't find any users of Allot anywhere nearby. In the end it was unamimous that we go with a PacketShaper.
Now this isn't to say that the NetEnforcer won't be able to do these things in the future or even that it can't right now. It just means that their initial offerings failed to satisfy our peers that tried them and ourselves. If they can catch up a little bit, I'd bet they'd have a fine product. A little competition in this new branch of the tech sector is welcome. Keeps prices competitive.
Might be. I asked one of our techs after lunch and he thought it did ask. I've heard from others that said it didn't though. I'm not sure what the difference was though.
He was an NT admin. I'm assuming he did it to his server farm. The guy was a Windows God. He's the only person I know that could actually keep an NT server up long enough to have over a year of up time AND actually be in use during that time. I'm a Linux/Solaris/Mac guy myself. I've contemplated trying that on Linux before; removing root. I always work with my own root user rather than root itself. It has it's pros. However things like vlock require *root's* password for unlocking and wouldn't work on my root user's password.
Well, prioritization along doesn't work that well. I tried that initially. Didn't work too well. By the time the P2P flows that were already consuming the link were slowed, you've already added latency to the legit traffic trying to get through. Plus allowing all the P2P at an unchecked "speed" will cost you big $$ in bandwidth. If you're big enough to afford (or need) 2 PS 8500's, you probably have +60Mbps links for your campus. I have a PS 4545 for my campus. Take the advice of the existing PS users (join packeteer-edu mailing list), use a partition to limit a folder class full of P2P apps besides applying priority policies. You'll like it better in the long run. I don't block P2P. I don't want to block it either (well, today I do after dealing with the KaZaA v2 problems but..). I do want to keep it down to a reasonable level. Also, I suggest you also use dynamic partitioning to allocate a small slice (16kbps or so) to outbound P2P connections. Otherwise the harsh restrictions you'll eventually levy on outbound P2P will keep inbound P2P connections from happening. In other words, if the request can't get off the campus because of your outbound rules, inbound isn't going to happen either. Slice it up to allow it to continue working. Oh, and one last thing. Let the PS's simply discover traffic for a while. Take the time to organize your class trees. Then after a couple weeks of that, run a whole bunch of reports. Show how much of your bandwidth is P2P at various times of the day. Then enable shaping. Wait 30 minutes and run the reports again. Keep those 1 hour graphs (half on/half off) for future presentations. You'll want them. I forgot to do that. I let it classify for 1.5 days before I decided I was ready to shape. I was ready but I didn't think to get the graphs before hand so I couldn't use them later for presentations to suits and techs. Good luck. Don't be a stranger now.
See my previous comment on blank passwords and how they've affected my campus.
To the best of my knowledge Windows installer doesn't ask you to set an admin password durnig or after installation. I've heard this from numerous people now. That's bad practice if you ask me.
Also the last time I checked all versions of Exchange that were installed were by default an open relay. If I were keeping track of how many of the IPs I tested to see if they were open relays were Exchange boxes, I think the percentage of hirs would be around 80%.
I whole-heartedly agree. I have found 10 compromised machines on campus this past month. All are running Me or 2k. All of them had null Admin passwords. All of them were compromised on July 9th. Most of them had Serv-u FTP server installed and sharing French movies. All of them had a VNC server of some sort running. VNC is what I scanned the campus for to find potential compromised machines. The list was pretty darned accurate.
A friend of mine who used to work for K-State did something that's I'd love to require of all PCs on campus. The first thing he did was create an admin account of his own. The second thing he did was DELETE Administrator. He said he rarely had security issues with his machines.
You can't fault the PacketShaper for your delays though. The person that administrates it really needs to learn more about it. I run a large PS myself, a 4545, and have eliminated latency issues by setting the PS up correctly. Using tcp/80 for P2P applications WILL NOT fool the PS into thinking it's HTTP traffic. The PS uses all 7 layers of the OSI model to classify traffic (yes, it can even classify by MAC). The PS can and will find KaZaA traffic on whatever port it wants to use. It can't hide. Now if the administrator took matters into his/her own hands and wrote really generic rules that used the default ports for various P2P apps, then yes moving to port 80 will save your ass. The admin needs to spend some more time with his/her PS.
Prior to installing the PS, a political decision was made to cap the dorm subnets via our provider's onsite router. This did NOTHING but hurt our residence halls. P2P apps were still used and they consumed every last bit within the cap as expected. Dorm residents couldn't load simple webpages. ICQ couldn't even maintain a connection. It did nothing but penalize those in the cap. Meanwhile the P2P usage by faculty/staff grew immensely. Go figure.
Yes and no. The problem isn't just with users sharing files. It's also has a great deal to do with them downloading files. Not from a piracy/copyright standpoint but from bandwidth standpoint. P2P consume an ungodly amount of network bandwidth if left unchecked. I have yet to run across a P2P app that can limit the speed at which it downloads. I've yet to run across a run of the mill user that can set up QoS on their local desktop to limit how much their system consumes. P2P is a major problem. Frankly we universities don't give a damn if you download copyrighted material. We do give a damn when a handful of users collectively consume all availabe I1 resources, costing us big $$ in fatter pipes.
How do I know all this? This is the job I do. I spent all of yesterday and this morning working on a Packeteer Packetshaper 4545. We don't block P2P. That's not the stance we felt we should take. We do however greatly limit the amount of bandwidth P2P applications can consume. We allot more to P2P after business hours. It's really interesting to watch response times plummet when I reboot the PS. For about 20 seconds, ping times climb to 800-1000ms. If I disable bandwidth shaping (which I did for about 10 minutes this summer to make a point during a meeting about the PS) P2P apps climb to the top and sufficate everything else. I can tell you that every regent's Unv in my state that is using a PS is severely limiting the amount of outbound bandwidth that's alloted to applications like P2P. Here at this Unv I give a average priority of 3 to all traffic classes that have known uses on campus. I set the default priorities to 2. I then raised the priority on HTTP and FTP to make them more responsive. I also gave a high priority to terminal emulators like SSH, telnet, and tn3270. Time sensitive applications like NTP and DNS were given a higher then average priority. I use garunteed partitions on different classes or groups of classes to kick start them or limit their consumption. It has worked extremely well for us.
P2P is a major thorn in our collective sides when it comes to the network. I don't think it should be blocked. I don't think that at all. I've gone to great lengths to ensure that it isn't entirely blocked and that other applications have the resources they need. I do think it needs to be kept under control so it doesn't hurt everyone else, those few students that actually use their connections to research and learn. Users that try to get around our bandwidth shaping by setting up tunnels to their buddies cable modem, using NNTP, HTTP, or FTP simply aggravate us and push closer to charging per megabyte transferred. I hope that day never comes.
IANAL but it occurs to me that if the CEO thinks that an email From: is accurate enough for the basis of a lawsuit, write up a nice death threat using racial and sexist remarks, address it to yourself, and make the From: be the CEO's. Now either file a counter-suit with that as the basis for your case or at least confront the CEO with the evidence in hand. The look on his face should at least be priceless.:-) If the CEO can do it, why can't you?
...is a server with LOTS of REDUNDANT drive space. I've had 3 drive failures since January of this year. I am sick to death of losing data. I want a Linux box with dedundant drives that I can mount locally. I have 480GBs in the PC I just built. It doesn't need that much space. I do need enough to save most anything I'll ever write though.
For one thing a single button makes it easier for little kids and extreme novices. The "puck" and the new Pro Mouse are meant to have you hand and arm in line with the mouse, not to the side like most of us users use them. This allows your palm to rest on the back of the mouse and 3 or four fingers rest on the single button end of the mouse. Frankly the single button mouse has never bothered me and I'm a diehard Mac/Linux guru. Now when I'm using a GUI in Linux (rare) I want two buttons, mainly for copy/paste function since the WMs I use lack the ability to handle it on their own with simple key commands. In Mac world, we use modifier keys to bring up contextual menus and do various things with files/folders. At home on my AMD I use a Microsoft Optical Intellimouse w/ wheel (the only thing I ever give M$ money for is mice). I do miss the scroll wheel at work. It only takes about 30 seconds to adjust though.
Was the card a Visa or Mastercard? If so, call them, not you bank. Banks have had their credit card privelges revoked (and all cards cancelled) because of shit like this. I know Ford and Dodge dealers that have had the service centers shutdown and dealership stuff put under a microscope because of the same type of things but with cars. Also, go to the bank in person WITH ANYONE PERSON and speak to the big cheese himself. Be prepared with the reciepts. Know exactly how long you and your family has been a customer and how many accounts your family has conbined. Be nice but very firm. If they don't act, file a BBB complaint and contact you AG. They can't weasel out of it for ever.
In my EECE courses, the intro in fact EECE 241, spent a great deal of time talking about this very thing. IIRC, they told us that all it takes to damages eletronics is +5v, well below what we can actually feel. They showed a video that demonstrated this. A guy wearing a simple blue color button down and tie stood in place. His static electricity was measured. His tie was then raised to his shoulder and dropped against his shirt, sliding down to the middle again. This tiny bit of movement created a large amount of static electricity, more than enough to damage parts. ESD damage can't always be seen right away. In fact only the most servere cases cause instant death to electronics. The damage is usually very slight. It's why RAM sometimes dies after 4-5 years or that nic that has been moved from machine to machine over and over again just died. Take ESP seriously. Good luck
PS, taking the Intro to Computer Engineering course at you local Unv might prove useful.
I second this. When I was in high school we had to keep a plant or animal alive for the entire year or lose a large amount of credit in some science class (I've tried to forget and I think I've succeded!). My mother got me a pothos. I watered once or twice a month and it thrived. It was a hardy little devil too. Over X-mas I dangled a couple of the runners into the aquarium next to my plant. (I've seen pothos spread all the way around a room when there was half a dozen aquariums to dangle in along the way) Well school started up again 2-3 weeks later. On the first day back, the teacher asked me why I was trying to kill my plant. She said that the aquarium was full of bleach (trying to cleanse it from the dead fish that were once in it). Sure enough when I went over to it, there was a very strong smell of bleach. The leaves of my pothos were cool as hell. Everywhere there was a vein, it was snow white. It looked awesome. I still have that plant back home all these years later. Stout little bugger. On a side note, there was no bleach in the aquarium before X-mas. I have an excellent nose and would have noticed that. I'm convinced that the bitch teacher did that. grrr.... Now I'm starting to remember!
I'm n ot bitching about buying 10.2. I buy every other RH release just to help support the cause. I don't think it's right that someone who bought their machine less than a year ago that came with 9 has to pay full price for an upgrade. That's not right.
I agree, you're getting hosed. My Unv bought a number of Macs recently too. They are also pissed about getting hosed. I recommended that they talk to their sales rep and be pissy with him. If that doesn't work, they'll probably prirate 10.2 and I can't blame them a bit given their situation.
Actually I meant it the way it was worded but not the way you or the idiot you're responding to read it (not inferring you're an idiot, just the other guy). MacOS 9 is still a "recent version" of the MacOS as far as I'm concerned. I could buy it direct from Apple not that long ago. Machines still shipped with it until, what May, with the default being X since March and OS X being the secondary option since March of the year before? I think all users that own 9.x or 10.x deserve an upgrade price. Many users (including myself!) have not made the switch to OS X. I bought 10.1.4 and I preordered 10.2 (hoping Jaguar would fix some of the things that I hate about X). I haven't switched though. I'm still using 9.2.2.
Just to clarify it again, I think all users that own 9.x or 10.x deserve an upgrade price because that vast majority of the Mac userbase is still using 9. I can somewhat understand the lack of a discount because of how much of an upgrade 10.2 is supposed to be. Still there should be a discount in my book.
What the hell are you ranting about? Your damned rant doesn't even make sense. First you're talking about existing MacOS users getting a discount, then you're talking about your bro and his Windows box and a discount. Read you're damned posts before you waste our time.
Slashdot Mirror
Now this isn't to say that the NetEnforcer won't be able to do these things in the future or even that it can't right now. It just means that their initial offerings failed to satisfy our peers that tried them and ourselves. If they can catch up a little bit, I'd bet they'd have a fine product. A little competition in this new branch of the tech sector is welcome. Keeps prices competitive.
Might be. I asked one of our techs after lunch and he thought it did ask. I've heard from others that said it didn't though. I'm not sure what the difference was though.
He was an NT admin. I'm assuming he did it to his server farm. The guy was a Windows God. He's the only person I know that could actually keep an NT server up long enough to have over a year of up time AND actually be in use during that time. I'm a Linux/Solaris/Mac guy myself. I've contemplated trying that on Linux before; removing root. I always work with my own root user rather than root itself. It has it's pros. However things like vlock require *root's* password for unlocking and wouldn't work on my root user's password.
Well, prioritization along doesn't work that well. I tried that initially. Didn't work too well. By the time the P2P flows that were already consuming the link were slowed, you've already added latency to the legit traffic trying to get through. Plus allowing all the P2P at an unchecked "speed" will cost you big $$ in bandwidth. If you're big enough to afford (or need) 2 PS 8500's, you probably have +60Mbps links for your campus. I have a PS 4545 for my campus. Take the advice of the existing PS users (join packeteer-edu mailing list), use a partition to limit a folder class full of P2P apps besides applying priority policies. You'll like it better in the long run. I don't block P2P. I don't want to block it either (well, today I do after dealing with the KaZaA v2 problems but..). I do want to keep it down to a reasonable level. Also, I suggest you also use dynamic partitioning to allocate a small slice (16kbps or so) to outbound P2P connections. Otherwise the harsh restrictions you'll eventually levy on outbound P2P will keep inbound P2P connections from happening. In other words, if the request can't get off the campus because of your outbound rules, inbound isn't going to happen either. Slice it up to allow it to continue working. Oh, and one last thing. Let the PS's simply discover traffic for a while. Take the time to organize your class trees. Then after a couple weeks of that, run a whole bunch of reports. Show how much of your bandwidth is P2P at various times of the day. Then enable shaping. Wait 30 minutes and run the reports again. Keep those 1 hour graphs (half on/half off) for future presentations. You'll want them. I forgot to do that. I let it classify for 1.5 days before I decided I was ready to shape. I was ready but I didn't think to get the graphs before hand so I couldn't use them later for presentations to suits and techs. Good luck. Don't be a stranger now.
To the best of my knowledge Windows installer doesn't ask you to set an admin password durnig or after installation. I've heard this from numerous people now. That's bad practice if you ask me.
Also the last time I checked all versions of Exchange that were installed were by default an open relay. If I were keeping track of how many of the IPs I tested to see if they were open relays were Exchange boxes, I think the percentage of hirs would be around 80%.
A friend of mine who used to work for K-State did something that's I'd love to require of all PCs on campus. The first thing he did was create an admin account of his own. The second thing he did was DELETE Administrator. He said he rarely had security issues with his machines.
I think the award for First Automotive Easter Egg definitely goes to Ford for the Pinto.
Prior to installing the PS, a political decision was made to cap the dorm subnets via our provider's onsite router. This did NOTHING but hurt our residence halls. P2P apps were still used and they consumed every last bit within the cap as expected. Dorm residents couldn't load simple webpages. ICQ couldn't even maintain a connection. It did nothing but penalize those in the cap. Meanwhile the P2P usage by faculty/staff grew immensely. Go figure.
How do I know all this? This is the job I do. I spent all of yesterday and this morning working on a Packeteer Packetshaper 4545. We don't block P2P. That's not the stance we felt we should take. We do however greatly limit the amount of bandwidth P2P applications can consume. We allot more to P2P after business hours. It's really interesting to watch response times plummet when I reboot the PS. For about 20 seconds, ping times climb to 800-1000ms. If I disable bandwidth shaping (which I did for about 10 minutes this summer to make a point during a meeting about the PS) P2P apps climb to the top and sufficate everything else. I can tell you that every regent's Unv in my state that is using a PS is severely limiting the amount of outbound bandwidth that's alloted to applications like P2P. Here at this Unv I give a average priority of 3 to all traffic classes that have known uses on campus. I set the default priorities to 2. I then raised the priority on HTTP and FTP to make them more responsive. I also gave a high priority to terminal emulators like SSH, telnet, and tn3270. Time sensitive applications like NTP and DNS were given a higher then average priority. I use garunteed partitions on different classes or groups of classes to kick start them or limit their consumption. It has worked extremely well for us.
P2P is a major thorn in our collective sides when it comes to the network. I don't think it should be blocked. I don't think that at all. I've gone to great lengths to ensure that it isn't entirely blocked and that other applications have the resources they need. I do think it needs to be kept under control so it doesn't hurt everyone else, those few students that actually use their connections to research and learn. Users that try to get around our bandwidth shaping by setting up tunnels to their buddies cable modem, using NNTP, HTTP, or FTP simply aggravate us and push closer to charging per megabyte transferred. I hope that day never comes.
IANAL but it occurs to me that if the CEO thinks that an email From: is accurate enough for the basis of a lawsuit, write up a nice death threat using racial and sexist remarks, address it to yourself, and make the From: be the CEO's. Now either file a counter-suit with that as the basis for your case or at least confront the CEO with the evidence in hand. The look on his face should at least be priceless. :-) If the CEO can do it, why can't you?
...is a server with LOTS of REDUNDANT drive space. I've had 3 drive failures since January of this year. I am sick to death of losing data. I want a Linux box with dedundant drives that I can mount locally. I have 480GBs in the PC I just built. It doesn't need that much space. I do need enough to save most anything I'll ever write though.
For one thing a single button makes it easier for little kids and extreme novices. The "puck" and the new Pro Mouse are meant to have you hand and arm in line with the mouse, not to the side like most of us users use them. This allows your palm to rest on the back of the mouse and 3 or four fingers rest on the single button end of the mouse. Frankly the single button mouse has never bothered me and I'm a diehard Mac/Linux guru. Now when I'm using a GUI in Linux (rare) I want two buttons, mainly for copy/paste function since the WMs I use lack the ability to handle it on their own with simple key commands. In Mac world, we use modifier keys to bring up contextual menus and do various things with files/folders. At home on my AMD I use a Microsoft Optical Intellimouse w/ wheel (the only thing I ever give M$ money for is mice). I do miss the scroll wheel at work. It only takes about 30 seconds to adjust though.
Was the card a Visa or Mastercard? If so, call them, not you bank. Banks have had their credit card privelges revoked (and all cards cancelled) because of shit like this. I know Ford and Dodge dealers that have had the service centers shutdown and dealership stuff put under a microscope because of the same type of things but with cars. Also, go to the bank in person WITH ANYONE PERSON and speak to the big cheese himself. Be prepared with the reciepts. Know exactly how long you and your family has been a customer and how many accounts your family has conbined. Be nice but very firm. If they don't act, file a BBB complaint and contact you AG. They can't weasel out of it for ever.
PS, taking the Intro to Computer Engineering course at you local Unv might prove useful.
...a mute button for the wife and a pause button for the kids!
Then I guess that means Jan "The Man" Reno can't get AIDS.
I second this. When I was in high school we had to keep a plant or animal alive for the entire year or lose a large amount of credit in some science class (I've tried to forget and I think I've succeded!). My mother got me a pothos. I watered once or twice a month and it thrived. It was a hardy little devil too. Over X-mas I dangled a couple of the runners into the aquarium next to my plant. (I've seen pothos spread all the way around a room when there was half a dozen aquariums to dangle in along the way) Well school started up again 2-3 weeks later. On the first day back, the teacher asked me why I was trying to kill my plant. She said that the aquarium was full of bleach (trying to cleanse it from the dead fish that were once in it). Sure enough when I went over to it, there was a very strong smell of bleach. The leaves of my pothos were cool as hell. Everywhere there was a vein, it was snow white. It looked awesome. I still have that plant back home all these years later. Stout little bugger. On a side note, there was no bleach in the aquarium before X-mas. I have an excellent nose and would have noticed that. I'm convinced that the bitch teacher did that. grrr.... Now I'm starting to remember!
You just might be right!
I'm n ot bitching about buying 10.2. I buy every other RH release just to help support the cause. I don't think it's right that someone who bought their machine less than a year ago that came with 9 has to pay full price for an upgrade. That's not right.
With that much $$$ this guy could afford to purchase Iridium. Finally, free satellite Internet access for everyone! ;-)
I agree, you're getting hosed. My Unv bought a number of Macs recently too. They are also pissed about getting hosed. I recommended that they talk to their sales rep and be pissy with him. If that doesn't work, they'll probably prirate 10.2 and I can't blame them a bit given their situation.
Just to clarify it again, I think all users that own 9.x or 10.x deserve an upgrade price because that vast majority of the Mac userbase is still using 9. I can somewhat understand the lack of a discount because of how much of an upgrade 10.2 is supposed to be. Still there should be a discount in my book.
What the hell are you ranting about? Your damned rant doesn't even make sense. First you're talking about existing MacOS users getting a discount, then you're talking about your bro and his Windows box and a discount. Read you're damned posts before you waste our time.