Haha, I get it...one of the changes they made in their new OS is to replace a daemon which is not only not listening, but not running by default with one that is considered (among other things) more secure. Because this is a major release, and this is the only change you cared to look at, you call it paying for a security fix.
Hey, 10.3 also allows me to maintain an encrypted home directory...is that a security fix I'm paying for?
Did you know that they've been rolling out security fixes as part of their update service? You can find that out pretty easily online.
AFAIK, with virtusertable, you can't have multiple "john" accounts on the box. I could be wrong, or horribly misinformed, but to get the functionality of vpopmail in bare Postfix or Sendmail has not been done so far. In fact, you can't even get that functionality with bare Qmail either.
No it doesn't. You're stuck at the wrong layer. I did this with sendmail before I did this with postfix.
I haven't had local users on a mail server at all in many users. Why should someone have a UNIX account on my mail server just to read mail? That's a security hole in my opinion.
For example, exim has the ability to block mail by referencing the DNSBL (DNS block lists) or the RBL (realtime block lists) for hosts known for spam relays. See exim's rbl howto.
Is this supposed to be an advantage over postfix? You can use RBL type lists for general mail classification in postfix (and I do).
I'm amazed at how many people are spouting things you can't do with postfix who clearly haven't tried. Oh well, if you can't beat 'em:
I've never used postfix, primarily because I have a need for SMTP and I heard it doesn't support SMTP.
I actively use UUCP with my postfix installations have done so for years.
I also have two primary MX servers in two parts of this country routing mail using tables that exist in a replicated LDAP server...and virtuals (although I have my virtuals in just plain replicated virtuals table because I find it a bit easier to manage currently).
This is very well said. I too often hear people equate going to war as ``fighting for my country,'' or ``fighting for my freedom,'' or whatever. I suppose it's a lot easier to think something simple like that than it is to ask what's really going on.
If the deaths in Iraq in any way contributed to our safety or freedom, I'd think they'd be making a bigger deal out of it rather than trying to pretend like we went in for a different reason.
Given that the US Constitution justifies IP on the basis of promoting progress, we can't be asking the question of whether our laws actually do that, now can we?
It doesn't matter, once IPv6 comes around, we won't have to worry about justifying IPs anymore.
even with OS X, my parents would never know to click on the Apple menu to find system preferences if I didn't tell them
Do you mean to imply that the preferences are always on the desktop above all other applications so you can't possibly lose them?
The icon to get to them is always visible on a default OS X install, so the only way you could make it more obvious would be to keep it open and visible.
By definition, nothing has upgradable ROM. I've upgraded my PalmOS on machines in the past, though.
How much memory does your device have?
More than my phone, less than my powerbook. No number I could put in there makes a difference as it's all very relative. It's got more than enough for anything I've ever tried to make it do.
Does your Palm device have a CompactFlash slot? I have found CF to be VERY useful for expansion cards that let me use 802.11b networks, listen to FM radio, and even use a PCMCIA hard drive (though I haven't seen a practical use for that last one).
It's got an SD/MMC slot (much smaller). I believe SanDisk makes an SDIO 802.11b card, but I have no interest in such a thing. I get plenty of connectivity via the internal bluetooth. I have no more interest in using my PDA as a radio than I do in using my phone as a PDA. Sure, it can do it, but convergence doesn't always make sense.
Fact is, as much as we like to hate it, having Windows behind your handheld makes it much easier to expand and communicate when technology changes. Palm OSes will always be one step behind. It's Microsoft who does the innovation in handheld OSes.
Why is it that people like to prefix opinions with the word ``fact?'' There is nothing factual about anything in that statement. Especially when you talk about MS innovating something. They took their desktop OS and put it on a palmtop computer. To innovate is to ``to begin or introduce something new.'' NewtonOS was new. PalmOS was new. WinCE was just smaller.
None of this has anything to do with my question, though. What are all these wonderful things I'm missing?
less than half the processing power and half the capabilities of comparable PocketPC devices
Out of curiosity, what are these capabilities of which I only have half? I've got Internet access via bluetooth through my phone or computer which gives me IMAP and web access (and NTP). I've got a decent video player, mp3 player, several development environments, HP48/49 emulator (that one really finished up everything I needed), many books, automatic backups, syncs with all my Mac desktop software, etc...
The very first mac I ever used for any length of time was a Mac II. Just a plain Mac II (1987). This was about 1995. It was *huge*. It had ethernet, 24-bit video, running the latest MacOS at the time, and was on our IP network. It was running Netscape, photoshop, an X server, etc... I watched it boot off of a magneto-optical drive we borrowed from a local TV station to upgrade it. We also booted it off of a CD-ROM (I never knew you could do that at all before I saw this machine).
I was imagining what a PC from 1987 would be like on this network. That's when I started thinking that the Mac platform was something I should take a look at.
This argument is sad. I've got a kid in 3rd grade and a kid in Kindergarten. That pretty much gives me a minimum of about 10 years before they're likely to be using computers in the work place.
You'd have to be completely ignorant of any history of computers to assume that the computers these kids will be using in ten years will be anything like the computers they're using today.
If you want to teach the kids spreadsheets, any random spreadsheet will be fine. There's nothing particularly special about MS' spreadsheet that any school kid should care about. If they have to learn how to use a different app when they get out in the world, who cares? If they learned anything during school, the new app shouldn't be a challenge.
There's certainly no advantage to teaching kids how to use Microsoft products as if K-12 is some kind of vocational school. Give them squeak. Give them Linux. Give them whatever tool happens to help them learn whatever you're trying to teach them. Just don't hold ``computer'' classes where you teach them today's popular business programs and hope nothing changes in the industry in the next ten or twenty years.
Of course, nobody in their right mind actually takes pictures at less then full quality when one has that kind of storage, but it's still an option.
I think my Fuji got it right. When I start running low on space, I can scale down some of the images that I've already taken but am less excited about.
In this case, I am behind a NAT (my IP addresses on the LAN are in the 192.168.1.x range). The person you make the call to must not be using NAT themselves (so that you can make the call). So, the call is initiated from the person using NAT to the person not using NAT (or who has forwarded the proper ports and is using NAT, good luck though).
Yeah, so back to the original point, NAT breaks these types of applications. A lot of people are encouraging everyone to use NAT to solve the IP shortage crisis. Getting rid of NAT altogether by having enough addresses in the first place makes the world a better place.
Now, protocols do need to avoid breaking firewall configs, but that's a separate set of issues.
That's where SonicWall's One-To-One NAT feature works - for every public IP address you have, you can forward all traffic on it to a machine behind the NAT.
That's standard NAT (Network Address Translation).
Canned response 3: NAT is an easy way to secure machines.
Not suggesting that you think this is true, but it's a very wide misconception. NAT gives a lot of people a false sense of security. ``My system is on a non-routed IP address, there's no way anyone can break into it.''
The problem, of course, is that they proceed to route it through a NAT, run externally visible services on it[0], network clients that are actively connecting out on the internet--possibly introducing back doors[1], etc...
[0] I broke into a major e-commerce site where the first system I was logged into had a 10.x address.
[1] I've had people attach to my local X server on a private network from the internet riding over a bug in my ssh *client* (good thing I usually use -v, saw it right away).
I've operated two major businesses - both with over 2,000 employees - from behind proxy/nat systems.
Sure, I'm behind a NAT at work right now. That's part of the reason I can't initiate a video chat with my wife right now. I don't really expect the same freedoms on a work network as I do on a home network, so when they use NAT and it breaks stuff, I don't complain.
I think it's a good idea to make users sit behind a proxy.
NATs and proxies are unrelated. While a NAT might work around not having a proxy for a particular service, it is a completely different tool.
My personal feeling is that no device on a business network should have both direct internet access and access to other business systems. You can proxy HTTP, HTTPS, FTP, RTSP, AIM, and far more things that people probably shouldn't be doing anyway. You can require authentication on most of those things as well.
NAT coming out of a corporate network gives people the freedom to do all kinds of stupid stuff that you don't want done on your network (i.e. ssh -R) while making it very difficult to figure out who did it.
I used to get calls from management telling me that some idiot did something really bad using our corporate network (launched attacks on individuals, leaked confidential information, etc...) and that they want to know who was doing it. Of course, when nothing was going on, I couldn't prevent those types of things because management was afraid that reducing people's freedom to do whatever they felt like doing with company resources would make the workers unhappy.
Now maybe I'm gonna get flooded by a bunch of Silicon Valley engineers telling me that I get screwed with my salary... but to be honest, looking at the situation in Silicon Valley, I'm just happy I have a job.
I took a $32k paycut when I took my current job and I'm not complaining at all. It also hasn't affected my lifestyle very much at all. We spent a bit more when my wife was working, but a lot of that was long-term needs and debt reduction.
I still think I could do plenty of rearranging to get by better, as people who make less money than me keep telling me about their new houses...
Using it while sitting on the couch right beside your desk isn't exactly a revolution. Once upon a time we believed that Bluetooth would provide Internet access in trains and coffee shops -- just like WiFi does now.
Nah, I use my powerbook on the couch. I use my palm when I'm in the airport, at a restaurant, in a meeting, or wherever else I might be without a computer but wanting to check my email or look something up.
Running a full-blown C compiler in an emulated x86 on your PDA... now THAT is cool.
I run a full-blown C compiler that's not emulated on my Tungsten. I also have a pascal compiler that was written using that C compiler. I tend to do my palm development in the scheme system I've got on it, though. Look around, though. There's python, a few C systems, smalltalk, etc...
There's also a lot of good languages/dev tools/utilities/games/etc.
Have you looked around at palm software? The last time I looked, there were too many to choose from. I'm a developer, so I dig that kinda thing. I've developed complete applications (GUI and all) directly on my palm that I used to use all the time (I don't use the one app I wrote anymore because I no longer need it).
Palm's "you have no control over where files go" structure.
What do you mean? My books are in a separate directory from my movies, from my mp3s, from my applications, etc...
When I put the PocketPC in the USB cradle I can browse the PDA's memory like a normal disk and the internet connection for the PDA tunnels through the USB connection and uses the computer's internet connection seamlessly.
I have to imagine my card reader is more efficient than this.
You couldn't use the Palm's USB link for the internet connection...
I'm pretty sure I've done this before, but I just do it over bluetooth lately. I only use the cradle for charging.
Bluetooth will be useful around the same time Denmark becomes a superpower.
It's pretty useful to me. I use it to check my mail (IMAP) on the go, web browse, sync my clock (I like ntp on everything), sync my palm, sync my phone, remote control my desktop, provide a better SMS interface than what my phone provides, and probably more stuff I'm too tired to think of right now.
I think you should put the blame squarly where it belongs the applications that dont nat (pat) well are broken.
I wouldn't go as far as to suggest that something 100% compliant with internet protocols is broken because it doesn't work with a hack someone came up with in those protocols.
NAT is a hack, it breaks well designed protocols as well. Think of P2P negotiation. iChat seems to have done a somewhat decent job in working around some NAT limitations when negotiating peer to peer communication by attempting both the address that's being reported externally and the address that's being reported internally, however, I still can't talk to my wife from work because both ends are natted through a single point bastion host on the public side, and we're using similar private addresses behind the NAT.
This means that unless iChat one or both ends can negotiate with the NAT device to arrange a special port for point to point communication, it's not going to happen. No voice or video chat for me.
Is this because the protocol iChat is using is broken? Consider that, even when I'm not there, there are at least two iChat users in my house and at least two iChat users at my office. Without proper addressing, how is this supposed to work?
Slashdot Mirror
You have to pay for a security fix? fuck that
Haha, I get it...one of the changes they made in their new OS is to replace a daemon which is not only not listening, but not running by default with one that is considered (among other things) more secure. Because this is a major release, and this is the only change you cared to look at, you call it paying for a security fix.
Hey, 10.3 also allows me to maintain an encrypted home directory...is that a security fix I'm paying for?
Did you know that they've been rolling out security fixes as part of their update service? You can find that out pretty easily online.
AFAIK, with virtusertable, you can't have multiple "john" accounts on the box. I could be wrong, or horribly misinformed, but to get the functionality of vpopmail in bare Postfix or Sendmail has not been done so far. In fact, you can't even get that functionality with bare Qmail either.
No it doesn't. You're stuck at the wrong layer. I did this with sendmail before I did this with postfix.
I haven't had local users on a mail server at all in many users. Why should someone have a UNIX account on my mail server just to read mail? That's a security hole in my opinion.
For example, exim has the ability to block mail by referencing the DNSBL (DNS block lists) or the RBL (realtime block lists) for hosts known for spam relays. See exim's rbl howto.
Is this supposed to be an advantage over postfix? You can use RBL type lists for general mail classification in postfix (and I do).
I'm amazed at how many people are spouting things you can't do with postfix who clearly haven't tried. Oh well, if you can't beat 'em:
I've never used postfix, primarily because I have a need for SMTP and I heard it doesn't support SMTP.
I actively use UUCP with my postfix installations have done so for years.
I also have two primary MX servers in two parts of this country routing mail using tables that exist in a replicated LDAP server...and virtuals (although I have my virtuals in just plain replicated virtuals table because I find it a bit easier to manage currently).
No, you don't need sendmail.
This is very well said. I too often hear people equate going to war as ``fighting for my country,'' or ``fighting for my freedom,'' or whatever. I suppose it's a lot easier to think something simple like that than it is to ask what's really going on.
If the deaths in Iraq in any way contributed to our safety or freedom, I'd think they'd be making a bigger deal out of it rather than trying to pretend like we went in for a different reason.
Given that the US Constitution justifies IP on the basis of promoting progress, we can't be asking the question of whether our laws actually do that, now can we?
It doesn't matter, once IPv6 comes around, we won't have to worry about justifying IPs anymore.
even with OS X, my parents would never know to click on the Apple menu to find system preferences if I didn't tell them
Do you mean to imply that the preferences are always on the desktop above all other applications so you can't possibly lose them?
The icon to get to them is always visible on a default OS X install, so the only way you could make it more obvious would be to keep it open and visible.
Upgradable ROM?
By definition, nothing has upgradable ROM. I've upgraded my PalmOS on machines in the past, though.
How much memory does your device have?
More than my phone, less than my powerbook. No number I could put in there makes a difference as it's all very relative. It's got more than enough for anything I've ever tried to make it do.
Does your Palm device have a CompactFlash slot?
I have found CF to be VERY useful for expansion cards that let me use 802.11b networks, listen to FM radio, and even use a PCMCIA hard drive (though I haven't seen a practical use for that last one).
It's got an SD/MMC slot (much smaller). I believe SanDisk makes an SDIO 802.11b card, but I have no interest in such a thing. I get plenty of connectivity via the internal bluetooth. I have no more interest in using my PDA as a radio than I do in using my phone as a PDA. Sure, it can do it, but convergence doesn't always make sense.
Fact is, as much as we like to hate it, having Windows behind your handheld makes it much easier to expand and communicate when technology changes. Palm OSes will always be one step behind. It's Microsoft who does the innovation in handheld OSes.
Why is it that people like to prefix opinions with the word ``fact?'' There is nothing factual about anything in that statement. Especially when you talk about MS innovating something. They took their desktop OS and put it on a palmtop computer. To innovate is to ``to begin or introduce something new.'' NewtonOS was new. PalmOS was new. WinCE was just smaller.
None of this has anything to do with my question, though. What are all these wonderful things I'm missing?
less than half the processing power and half the capabilities of comparable PocketPC devices
Out of curiosity, what are these capabilities of which I only have half? I've got Internet access via bluetooth through my phone or computer which gives me IMAP and web access (and NTP). I've got a decent video player, mp3 player, several development environments, HP48/49 emulator (that one really finished up everything I needed), many books, automatic backups, syncs with all my Mac desktop software, etc...
The very first mac I ever used for any length of time was a Mac II. Just a plain Mac II (1987). This was about 1995. It was *huge*. It had ethernet, 24-bit video, running the latest MacOS at the time, and was on our IP network. It was running Netscape, photoshop, an X server, etc... I watched it boot off of a magneto-optical drive we borrowed from a local TV station to upgrade it. We also booted it off of a CD-ROM (I never knew you could do that at all before I saw this machine).
:)
I was imagining what a PC from 1987 would be like on this network. That's when I started thinking that the Mac platform was something I should take a look at.
Then OS X came out...
This argument is sad. I've got a kid in 3rd grade and a kid in Kindergarten. That pretty much gives me a minimum of about 10 years before they're likely to be using computers in the work place.
You'd have to be completely ignorant of any history of computers to assume that the computers these kids will be using in ten years will be anything like the computers they're using today.
If you want to teach the kids spreadsheets, any random spreadsheet will be fine. There's nothing particularly special about MS' spreadsheet that any school kid should care about. If they have to learn how to use a different app when they get out in the world, who cares? If they learned anything during school, the new app shouldn't be a challenge.
There's certainly no advantage to teaching kids how to use Microsoft products as if K-12 is some kind of vocational school. Give them squeak. Give them Linux. Give them whatever tool happens to help them learn whatever you're trying to teach them. Just don't hold ``computer'' classes where you teach them today's popular business programs and hope nothing changes in the industry in the next ten or twenty years.
That takes care of a single point of failure
Only if your camera has built-in RAID support and will take more than one of them at a time.
Of course, nobody in their right mind actually takes pictures at less then full quality when one has that kind of storage, but it's still an option.
I think my Fuji got it right. When I start running low on space, I can scale down some of the images that I've already taken but am less excited about.
In this case, I am behind a NAT (my IP addresses on the LAN are in the 192.168.1.x range). The person you make the call to must not be using NAT themselves (so that you can make the call). So, the call is initiated from the person using NAT to the person not using NAT (or who has forwarded the proper ports and is using NAT, good luck though).
Yeah, so back to the original point, NAT breaks these types of applications. A lot of people are encouraging everyone to use NAT to solve the IP shortage crisis. Getting rid of NAT altogether by having enough addresses in the first place makes the world a better place.
Now, protocols do need to avoid breaking firewall configs, but that's a separate set of issues.
That's where SonicWall's One-To-One NAT feature works - for every public IP address you have, you can forward all traffic on it to a machine behind the NAT.
That's standard NAT (Network Address Translation).
Canned response 3: NAT is an easy way to secure machines.
Not suggesting that you think this is true, but it's a very wide misconception. NAT gives a lot of people a false sense of security. ``My system is on a non-routed IP address, there's no way anyone can break into it.''
The problem, of course, is that they proceed to route it through a NAT, run externally visible services on it[0], network clients that are actively connecting out on the internet--possibly introducing back doors[1], etc...
[0] I broke into a major e-commerce site where the first system I was logged into had a 10.x address.
[1] I've had people attach to my local X server on a private network from the internet riding over a bug in my ssh *client* (good thing I usually use -v, saw it right away).
The only catch is that you have to initiate the call.
``you'' being which end of the NAT?
I've operated two major businesses - both with over 2,000 employees - from behind proxy/nat systems.
Sure, I'm behind a NAT at work right now. That's part of the reason I can't initiate a video chat with my wife right now. I don't really expect the same freedoms on a work network as I do on a home network, so when they use NAT and it breaks stuff, I don't complain.
I think it's a good idea to make users sit behind a proxy.
NATs and proxies are unrelated. While a NAT might work around not having a proxy for a particular service, it is a completely different tool.
My personal feeling is that no device on a business network should have both direct internet access and access to other business systems. You can proxy HTTP, HTTPS, FTP, RTSP, AIM, and far more things that people probably shouldn't be doing anyway. You can require authentication on most of those things as well.
NAT coming out of a corporate network gives people the freedom to do all kinds of stupid stuff that you don't want done on your network (i.e. ssh -R) while making it very difficult to figure out who did it.
I used to get calls from management telling me that some idiot did something really bad using our corporate network (launched attacks on individuals, leaked confidential information, etc...) and that they want to know who was doing it. Of course, when nothing was going on, I couldn't prevent those types of things because management was afraid that reducing people's freedom to do whatever they felt like doing with company resources would make the workers unhappy.
Every bit of network interface code needs to be updated.
That statement suggests you haven't used IPv6 much.
Now maybe I'm gonna get flooded by a bunch of
Silicon Valley engineers telling me that I get
screwed with my salary... but to be honest, looking at the situation in Silicon Valley, I'm just happy I have a job.
I took a $32k paycut when I took my current job and I'm not complaining at all. It also hasn't affected my lifestyle very much at all. We spent a bit more when my wife was working, but a lot of that was long-term needs and debt reduction.
I still think I could do plenty of rearranging to get by better, as people who make less money than me keep telling me about their new houses...
So the airports and restaurants you frequent actually provide Internet access via Bluetooth?
No, but my phone does, and it works in a lot don't (and probably won't) have wifi.
Some peoples minds don't seem to fit Perl 5 quite right and complain about it. Should have a lot more options of languages and style in P6.
Is that supposed to satisfy any complaints?
Using it while sitting on the couch right beside your desk isn't exactly a revolution. Once upon a time we believed that Bluetooth would provide Internet access in trains and coffee shops -- just like WiFi does now.
Nah, I use my powerbook on the couch. I use my palm when I'm in the airport, at a restaurant, in a meeting, or wherever else I might be without a computer but wanting to check my email or look something up.
Running a full-blown C compiler in an emulated x86 on your PDA... now THAT is cool.
I run a full-blown C compiler that's not emulated on my Tungsten. I also have a pascal compiler that was written using that C compiler. I tend to do my palm development in the scheme system I've got on it, though. Look around, though. There's python, a few C systems, smalltalk, etc...
There's also a lot of good languages/dev tools/utilities/games/etc.
Have you looked around at palm software? The last time I looked, there were too many to choose from. I'm a developer, so I dig that kinda thing. I've developed complete applications (GUI and all) directly on my palm that I used to use all the time (I don't use the one app I wrote anymore because I no longer need it).
Palm's "you have no control over where files go" structure.
What do you mean? My books are in a separate directory from my movies, from my mp3s, from my applications, etc...
When I put the PocketPC in the USB cradle I can browse the PDA's memory like a normal disk and the internet connection for the PDA tunnels through the USB connection and uses the computer's internet connection seamlessly.
I have to imagine my card reader is more efficient than this.
You couldn't use the Palm's USB link for the internet connection...
I'm pretty sure I've done this before, but I just do it over bluetooth lately. I only use the cradle for charging.
Bluetooth will be useful around the same time Denmark becomes a superpower.
It's pretty useful to me. I use it to check my mail (IMAP) on the go, web browse, sync my clock (I like ntp on everything), sync my palm, sync my phone, remote control my desktop, provide a better SMS interface than what my phone provides, and probably more stuff I'm too tired to think of right now.
I think you should put the blame squarly where it belongs the applications that dont nat (pat) well are broken.
I wouldn't go as far as to suggest that something 100% compliant with internet protocols is broken because it doesn't work with a hack someone came up with in those protocols.
NAT is a hack, it breaks well designed protocols as well. Think of P2P negotiation. iChat seems to have done a somewhat decent job in working around some NAT limitations when negotiating peer to peer communication by attempting both the address that's being reported externally and the address that's being reported internally, however, I still can't talk to my wife from work because both ends are natted through a single point bastion host on the public side, and we're using similar private addresses behind the NAT.
This means that unless iChat one or both ends can negotiate with the NAT device to arrange a special port for point to point communication, it's not going to happen. No voice or video chat for me.
Is this because the protocol iChat is using is broken? Consider that, even when I'm not there, there are at least two iChat users in my house and at least two iChat users at my office. Without proper addressing, how is this supposed to work?