But I challenge you to find one single hardware product for sale today in a consumer electronics retailer that meets your definition of "NAT by itself"
I have one in my cube at work...it's called a LocalDirector.
I agree that not every system should be able to access, or be accessble from the Internet. However, NAT is not the solution to this, your firewall is. Ingress and egress filtering should be used. For example, my network has egress filtering on port 80. If you want to go to a web page, you have to go through a proxy.
I have to disagree with this point. I find it rather inconvenient.
Consider my IPv6 network. I get all of the benefits you describe (plugging in a new machine and having it magically appear on the network), except it does so with real, routable addresses.
No, troll, people love it because it adds security, it's easy to do, and it's already built-in to many consumer devices.
NAT does not in any way add security. The last two sites I've broken into (one was a shell, the next was an entire fvwm setup) were on RFC1918 addresses. I just convinced the system to make a connection back to me.
If you don't want connections coming into your network, don't allow them at the firewall. That's the security. Disallow everything you don't know you need. NAT is not a replacement for a firewall, even if you do end up with a side-effect that appears to be similar.
"Hee hee, my ISP doesn't realise I'm connecting more than one PC" BONK. Yes they do.
And with that, your credibility rating drops to zero. Thanks for playing; have a nice day.
Apparently you missed the research that went into this. There are multiple ways. There are some basic packet sniffing mechanisms that can tell how many systems are initiating the connections as well as other methods.
File sharing is the only reason to have broadband.
I had broadband before ``filesharing'' as we know it, and file sharing continues to be mostly irrelevant to me. I do a lot of open source development and I like sharing things I create. I suppose those things might be considered files, but that's a stretch. I've got a pretty large photo album that friends and family look at. Those aren't exactly files (just crap in a DB), but I guess I share them. I access and host arch and CVS repositories. I create VPNs for various things like audio and video chats with friends in.au.
But filesharing is a pretty boring and specific use case.
Word of mouth doesn't really work, since my friends are as clueless as I am.
Get more friends.:)
There are awesome bands out there, and I'm not sure what their status is as far as mass-market appeal, but most of my favorite bands are things friends have had me listen to. NOFX is a good example. I've heard them on local college radio, but pretty much nowhere else. Every album they press is awesome.
Last week, a younger relative made me buy a Modest Mouse CD from iTMS. It was well worth the money, even though I did hear part of it played on a Nissan commercial tonight.
Then again, I've heard Combustible Edison on a commercial out here. What non-anonymous coward could say Combustible Edison isn't awesome?:)
dustin2wti:~ 503% telnet www.microsoft-antitrust.gov 80 Trying 167.10.5.164... Connected to www.microsoft-antitrust.gov. Escape character is '^]'. HEAD / HTTP/1.0
My database dumps are encrypted on the fly (pgdump | gpg > disk). Most other things are not encrypted there (CVS repository, etc... My mail should be).
But yeah, there's a shell script on the ipod that does some rsyncs.
On OSX, it's pretty easy to make an encrypted filesystem in a file...I don't really want to do that, though.
For whatever reason, I was copying files around on my powerbook hdd before using mkisofs to master the UDF. mkisofs took about 20mins, I think (mainly reading and writing to the same slowish disk). I did the burn at 1x on an RW.
I'm not exactly sure how long it took because I wasn't there when it finished, but it's a lot more than the 10 minutes or so it takes me to copy the stuff to the iPod.
It just a couple of minutes to copy it all to an old Pentium 133 box over in the corner that was pried open to shove a cheap 40 gig HD in.
A lot of good it would do me to keep my backups in the same house as the original data. Onsite backups don't make me feel as comfortable as having my data with me...right now. If my entire house was burned to the ground right now, I could access all of my important data right now.
You don't copy your 'nightly really-important-to-me backups on a little bitty iPod, do you? Really?
Not every night, more like weekly. It's just a shell script, but I don't hook it up to a computer that frequently.
Do you have the iPod glued to a big piece of plexiglass so it doesn't get knocked around and your 'really-important' backups wiped out?
Part of good design is durability. I keep it in my pocket. It hits stuff a lot when I walk. I've broken *other* things with it, but it holds up pretty well itself. I think the biggest drop it's taken was off a PA at a show I was DJing (probably four feet).
This is, of course, not my only copy of this data. I have on-site backups (rsync to another system) as well. It would take a combination of catastrophic events for me to lose the majority of my data.
The big selling point for me was being able to use it for backups. My nightly really-important-to-me backups are far too big to fit on a CD. They do fit on a DVD if I want to wait a couple of hours to master and burn it. It's just a couple of minutes to copy it all to the iPod, though.
Oh, and I get to carry a crapload of my music around at the same time, which means I'm more likely to actually have the thing with me most of the time.
I run several GB of postgres dumps through GPG before they hit the disk every night. They are then shipped off with rsync. Anyone want to receive a copy of my sensitive databases periodically (just over 2GB nightly)?:)
And no, I don't believe it's impossible to break GPG, but the goal was to be able to put them wherever I wanted them without worrying much about how they got there or whether they leaked.
However, PostgreSQL still has problems with native distros for both Windows and OSX. Perhaps Apple should help with PostgreSQL in OSX - they usually love BSDL more than GPL (read: they love to rip without contributing back).
What problems does Postgres have on OS X? All of my reasonably large (12M row) databases are on a G4 cube.
I'm not sure what you're talking about not contributing back, they contribute plenty back. However, you're correct, the BSD license is preferable over GPL for many because it offers more freedom.
Sorry, but this argument holds no water and you are doing a disservice to Open Source by propagating it. It is equivalent to saying "if you are doing nothing illegal, why don't you let the government track your movements via an electronic tag, otherwise obviously you have something to hide".
Well, this is not entirely accurate. In this case, I'm buying something to solve a particular problem I have, but am forbidden from knowing how that problem is solved.
There are certain aspects of an application that make me less interested in using it when I see how it's implemented. I.e. is it well designed, or does it happen to work by trial and error?
Most of the worm/virus issues exist b/c of code written in c rather than in a safer high level oop language where you don't get buffer overflows, sloppy use of pointers, etc.
Just a nit, there are plenty of high level languages well suited for application development that are not OO that apply to this. OO doesn't give you safety, the higher level constructs do.
You *can* make Windows as secure as any other OS out there, because there are counter-measures to the _known_ exploits in Windows.
Known exploits are not the problem. I have protected myself from many *unknown* exploits on my UNIX systems (layers of stateful ingress *and* egress filtering, chroot jails, system-level IDS, etc...). There is a lot of research taking that even further.
Besides, I wouldn't say something's securable just because fixes to previous problems have been easy with filtering or provided in a timely manner. Luck is not security.
I suggest MySQL to new users because it is simple to setup the first time. You dont have to go create a seperate database directory structure, fewer commands to initialize the database and the command lines need fewer arguments for the very first database for the joe user.
I don't quite understand this. It's make install, initdb and then you start it. It's probably a good idea to run a createuser and createdb as well. Installation isn't complex enough to be relevant. It's straightforward and done once.
As far as connecting, what are all of these commandline arguments you're referring to?
rubik:~ 502% psql Welcome to psql 7.3.4, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit
dustin=#
Now you cannot ask a newbie who basically wants to learn SQL commands by practice, to install Oracle on a Solaris partition on an enterprise server, load balanced with other servers, to start learning SELECT, INSERT and CREATE TABLE
Postgres is similar in Oracle in operation, not installation. This is a bad example, however, it leads to my point...there are many elements of select that will be unavailable, and there are plenty of things you have to learn the mySQL way which is just stuff that has to be unlearned when you proceed to something else.
I've not seen anything about mySQL that is any easier than postgres, but I'm open to specific examples so I can understand why people would want to use mySQL.
You don't have to do that much work, you just need the one rule. For example:
create view money_transactions_reconciled as
select transaction_id, user_id, acct_id, cat_id, reconciled
from money_transactions ; create rule money_transactions_reconciled_u as
on update
to money_transactions_reconciled
do instead
update money_transactions
set reconciled=new.reconciled
where transaction_id=new.transaction_id ; grant select, update on money_transactions_reconciled to nobody;
The nice thing here is that I only want *one* column to be updatable in my view update.
First, I don't think the postgres team really considers mySQL competition. I.e. they don't need to look at what they're doing because they're behind in pretty much every area.
Secondly, you mentioned that you suggest mySQL for all new learners when it deviates from the SQL standard in many areas. Why do you feel that mySQL is an appropriate learning tool?
Honestly, has no one ever written code like this? I cannot be the first person on the planet to have decided that letting the system decide how I might want to approach data integrety was a bad thing....
Yeah, I think you might be alone here. I cannot imagine how I could safely update records in my database safely without transactions. It's not unusual for me to have 25 or so dependent queries from eight application servers (plus external sources) that absolutely must be done atomically. No amount of coding at the application level could get this done safely.
RDBMS theory works, and people spend a lot of time at that layer making it work so you don't have to.
Similarly, filesystems work, and people spend a lot of time at that layer making it work so you don't have to (but you wouldn't be the first person to use a raw partition on a UNIX system thinking you could do better than a filesystem).
No source code packages. You can't create a library, like you would in oracle.
I'm not sure what this means. You can create everything from basic queries to languages that are used to implement stored procedures and ship them with your product.
When you have an sql error, it tells you the char it occured at, and not much more. Quite annoying if oyu miss a , in a multiline query and have to paste it back.
If you find this to be inappropriate, perhaps you should file a bug or offer a better error message handler. The source code is available, and they do amazing things with it.
You can't network two instances so to speak. You can't say.. "select * from slashdot.messages, freshmeat.list where..." Bloody useful for running remote queries over a dedicated line, w/o dump-replicationg stuff.
That sounds like dblink, which is included in the distribution (contrib).
Not easy to see, verbatim, what queries are running.
Check out all of the pg_stat views. In particular (slightly modified to avoid lameness filter):
cms_log=# select usename, current_query from pg_stat_activity;
usename | current_query
It adds a whole new dimension of customizability to Mac OS X; now you can script your Mac to the same level you can script Linux/*BSD/Unix. =)
I'm not sure I get what you mean. OS X ships with python, bourne shell, perl, tcl, and who knows what else (oh, and applescript). I would hardly say that the GUI scripting catches up to what you can do in any other UNIX since:
a) this *is* any other UNIX
b) I've not seen anything like GUI scripting on any other UNIX.
Scripting a GUI application is a very unpleasant thing to have to do, but a nice thing to be able to do if it's your only option.
Slashdot Mirror
But I challenge you to find one single hardware product for sale today in a consumer electronics retailer that meets your definition of "NAT by itself"
I have one in my cube at work...it's called a LocalDirector.
I agree that not every system should be able to access, or be accessble from the Internet. However, NAT is not the solution to this, your firewall is. Ingress and egress filtering should be used. For example, my network has egress filtering on port 80. If you want to go to a web page, you have to go through a proxy.
What NAT is, is convenient.
I have to disagree with this point. I find it rather inconvenient.
Consider my IPv6 network. I get all of the benefits you describe (plugging in a new machine and having it magically appear on the network), except it does so with real, routable addresses.
No, troll, people love it because it adds security, it's easy to do, and it's already built-in to many consumer devices.
NAT does not in any way add security. The last two sites I've broken into (one was a shell, the next was an entire fvwm setup) were on RFC1918 addresses. I just convinced the system to make a connection back to me.
If you don't want connections coming into your network, don't allow them at the firewall. That's the security. Disallow everything you don't know you need. NAT is not a replacement for a firewall, even if you do end up with a side-effect that appears to be similar.
"Hee hee, my ISP doesn't realise I'm connecting more than one PC" BONK. Yes they do.
And with that, your credibility rating drops to zero. Thanks for playing; have a nice day.
Apparently you missed the research that went into this. There are multiple ways. There are some basic packet sniffing mechanisms that can tell how many systems are initiating the connections as well as other methods.
File sharing is the only reason to have broadband.
.au.
I had broadband before ``filesharing'' as we know it, and file sharing continues to be mostly irrelevant to me. I do a lot of open source development and I like sharing things I create. I suppose those things might be considered files, but that's a stretch. I've got a pretty large photo album that friends and family look at. Those aren't exactly files (just crap in a DB), but I guess I share them. I access and host arch and CVS repositories. I create VPNs for various things like audio and video chats with friends in
But filesharing is a pretty boring and specific use case.
Word of mouth doesn't really work, since my friends are as clueless as I am.
:)
:)
Get more friends.
There are awesome bands out there, and I'm not sure what their status is as far as mass-market appeal, but most of my favorite bands are things friends have had me listen to. NOFX is a good example. I've heard them on local college radio, but pretty much nowhere else. Every album they press is awesome.
Last week, a younger relative made me buy a Modest Mouse CD from iTMS. It was well worth the money, even though I did hear part of it played on a Nissan commercial tonight.
Then again, I've heard Combustible Edison on a commercial out here. What non-anonymous coward could say Combustible Edison isn't awesome?
dustin2wti:~ 503% telnet www.microsoft-antitrust.gov 80
:)
Trying 167.10.5.164...
Connected to www.microsoft-antitrust.gov.
Escape character is '^]'.
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Fri, 12 Sep 2003 16:33:20 GMT
Connection: Keep-Alive
Content-Length: 9967
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSCQTCCQR=IKALKJLDHBPCPBAGBGIOLCDP; path=/
Cache-control: private
There were days when you could find out what a site was running without Netcraft.
But seriously, though, why is this IIS?
My database dumps are encrypted on the fly (pgdump | gpg > disk). Most other things are not encrypted there (CVS repository, etc... My mail should be).
But yeah, there's a shell script on the ipod that does some rsyncs.
On OSX, it's pretty easy to make an encrypted filesystem in a file...I don't really want to do that, though.
For whatever reason, I was copying files around on my powerbook hdd before using mkisofs to master the UDF. mkisofs took about 20mins, I think (mainly reading and writing to the same slowish disk). I did the burn at 1x on an RW.
I'm not exactly sure how long it took because I wasn't there when it finished, but it's a lot more than the 10 minutes or so it takes me to copy the stuff to the iPod.
It just a couple of minutes to copy it all to an old Pentium 133 box over in the corner that was pried open to shove a cheap 40 gig HD in.
A lot of good it would do me to keep my backups in the same house as the original data. Onsite backups don't make me feel as comfortable as having my data with me...right now. If my entire house was burned to the ground right now, I could access all of my important data right now.
You don't copy your 'nightly really-important-to-me backups on a little bitty iPod, do you? Really?
Not every night, more like weekly. It's just a shell script, but I don't hook it up to a computer that frequently.
Do you have the iPod glued to a big piece of plexiglass so it doesn't get knocked around and your 'really-important' backups wiped out?
Part of good design is durability. I keep it in my pocket. It hits stuff a lot when I walk. I've broken *other* things with it, but it holds up pretty well itself. I think the biggest drop it's taken was off a PA at a show I was DJing (probably four feet).
This is, of course, not my only copy of this data. I have on-site backups (rsync to another system) as well. It would take a combination of catastrophic events for me to lose the majority of my data.
The big selling point for me was being able to use it for backups. My nightly really-important-to-me backups are far too big to fit on a CD. They do fit on a DVD if I want to wait a couple of hours to master and burn it. It's just a couple of minutes to copy it all to the iPod, though.
Oh, and I get to carry a crapload of my music around at the same time, which means I'm more likely to actually have the thing with me most of the time.
So my question is: Do *you* encrypt your backups?
:)
I run several GB of postgres dumps through GPG before they hit the disk every night. They are then shipped off with rsync. Anyone want to receive a copy of my sensitive databases periodically (just over 2GB nightly)?
And no, I don't believe it's impossible to break GPG, but the goal was to be able to put them wherever I wanted them without worrying much about how they got there or whether they leaked.
However, PostgreSQL still has problems with native distros for both Windows and OSX. Perhaps Apple should help with PostgreSQL in OSX - they usually love BSDL more than GPL (read: they love to rip without contributing back).
What problems does Postgres have on OS X? All of my reasonably large (12M row) databases are on a G4 cube.
I'm not sure what you're talking about not contributing back, they contribute plenty back. However, you're correct, the BSD license is preferable over GPL for many because it offers more freedom.
Sorry, but this argument holds no water and you are doing a disservice to Open Source by propagating it. It is equivalent to saying "if you are doing nothing illegal, why don't you let the government track your movements via an electronic tag, otherwise obviously you have something to hide".
Well, this is not entirely accurate. In this case, I'm buying something to solve a particular problem I have, but am forbidden from knowing how that problem is solved.
There are certain aspects of an application that make me less interested in using it when I see how it's implemented. I.e. is it well designed, or does it happen to work by trial and error?
Most of the worm/virus issues exist b/c of code written in c rather than in a safer high level oop language where you don't get buffer overflows, sloppy use of pointers, etc.
Just a nit, there are plenty of high level languages well suited for application development that are not OO that apply to this. OO doesn't give you safety, the higher level constructs do.
You *can* make Windows as secure as any other OS out there, because there are counter-measures to the _known_ exploits in Windows.
Known exploits are not the problem. I have protected myself from many *unknown* exploits on my UNIX systems (layers of stateful ingress *and* egress filtering, chroot jails, system-level IDS, etc...). There is a lot of research taking that even further.
Besides, I wouldn't say something's securable just because fixes to previous problems have been easy with filtering or provided in a timely manner. Luck is not security.
I can sense your bias towards PostgreSQL
My bias is towards correctness and standards.
I suggest MySQL to new users because it is simple to setup the first time. You dont have to go create a seperate database directory structure, fewer commands to initialize the database and the command lines need fewer arguments for the very first database for the joe user.
I don't quite understand this. It's make install, initdb and then you start it. It's probably a good idea to run a createuser and createdb as well. Installation isn't complex enough to be relevant. It's straightforward and done once.
As far as connecting, what are all of these commandline arguments you're referring to?
rubik:~ 502% psql
Welcome to psql 7.3.4, the PostgreSQL interactive terminal.
Type: \copyright for distribution terms
\h for help with SQL commands
\? for help on internal slash commands
\g or terminate with semicolon to execute query
\q to quit
dustin=#
Now you cannot ask a newbie who basically wants to learn SQL commands by practice, to install Oracle on a Solaris partition on an enterprise server, load balanced with other servers, to start learning SELECT, INSERT and CREATE TABLE
Postgres is similar in Oracle in operation, not installation. This is a bad example, however, it leads to my point...there are many elements of select that will be unavailable, and there are plenty of things you have to learn the mySQL way which is just stuff that has to be unlearned when you proceed to something else.
I've not seen anything about mySQL that is any easier than postgres, but I'm open to specific examples so I can understand why people would want to use mySQL.
See also: http://pljava.sf.net/
You don't have to do that much work, you just need the one rule. For example:
create view money_transactions_reconciled as
select transaction_id, user_id, acct_id, cat_id, reconciled
from money_transactions
;
create rule money_transactions_reconciled_u as
on update
to money_transactions_reconciled
do instead
update money_transactions
set reconciled=new.reconciled
where transaction_id=new.transaction_id
;
grant select, update on money_transactions_reconciled to nobody;
The nice thing here is that I only want *one* column to be updatable in my view update.
Two comments:
First, I don't think the postgres team really considers mySQL competition. I.e. they don't need to look at what they're doing because they're behind in pretty much every area.
Secondly, you mentioned that you suggest mySQL for all new learners when it deviates from the SQL standard in many areas. Why do you feel that mySQL is an appropriate learning tool?
Honestly, has no one ever written code like this? I cannot be the first person on the planet to have decided that letting the system decide how I might want to approach data integrety was a bad thing....
Yeah, I think you might be alone here. I cannot imagine how I could safely update records in my database safely without transactions. It's not unusual for me to have 25 or so dependent queries from eight application servers (plus external sources) that absolutely must be done atomically. No amount of coding at the application level could get this done safely.
RDBMS theory works, and people spend a lot of time at that layer making it work so you don't have to.
Similarly, filesystems work, and people spend a lot of time at that layer making it work so you don't have to (but you wouldn't be the first person to use a raw partition on a UNIX system thinking you could do better than a filesystem).
Sure there is:
http://pljava.sourceforge.net/
Either way, it's easy to implement that kind of thing. Everyone's favorite language can be used to write stored procedures.
No source code packages. You can't create a library, like you would in oracle.
I'm not sure what this means. You can create everything from basic queries to languages that are used to implement stored procedures and ship them with your product.
When you have an sql error, it tells you the char it occured at, and not much more. Quite annoying if oyu miss a , in a multiline query and have to paste it back.
If you find this to be inappropriate, perhaps you should file a bug or offer a better error message handler. The source code is available, and they do amazing things with it.
You can't network two instances so to speak. You can't say.. "select * from slashdot.messages, freshmeat.list where..." Bloody useful for running remote queries over a dedicated line, w/o dump-replicationg stuff.
That sounds like dblink, which is included in the distribution (contrib).
Not easy to see, verbatim, what queries are running.
Check out all of the pg_stat views. In particular (slightly modified to avoid lameness filter):
cms_log=# select usename, current_query from pg_stat_activity;
usename | current_query
dustin | <IDLE>
cms13 | select count(*) from gateway_log;
cms37 | <IDLE>
It adds a whole new dimension of customizability to Mac OS X; now you can script your Mac to the same level you can script Linux/*BSD/Unix. =)
I'm not sure I get what you mean. OS X ships with python, bourne shell, perl, tcl, and who knows what else (oh, and applescript). I would hardly say that the GUI scripting catches up to what you can do in any other UNIX since:
a) this *is* any other UNIX
b) I've not seen anything like GUI scripting on any other UNIX.
Scripting a GUI application is a very unpleasant thing to have to do, but a nice thing to be able to do if it's your only option.