OK - this is a troll - but could someone explain whether VPNs have any real uses apart from working around insecure servers which trust the network too much. QoS is one thing perhaps, but it seems like overkill for that.
There are MANY things that you cannot use an SSH tunnel or SSL for. Anything that uses UDP, for instance. This leaves out nearly all video conferencing software, and many other apps as well.
See my post below where I mention using keychain. Basically if you have an agent loaded, you can easily attach to it in a cronjob (by sourcing a file that sets a couple of variables) and do what ever you want.
the only downside is that you need to feed a password:
Not if you use the ssh-agent, and maybe keychain. Before you run that command in a script, put this code previous to it:
keychain -q/root/.ssh/id_dsa ./root/.ssh-agent-box750 tar cvzf - $1 | ssh $2 '( cd $3; tar xvzf - )'
Now the first time you run the command, it will ask you for your key passphrase, but any subsequent runs will work passwordlessly.
I use a similar script with rsync and it works great. Set up a cron job to automatically do the backup, and once after the box boots start a manual bkup (thus loading the key), and it'll work automatically from there.
Keychain can be found here: http://www.gentoo.org/projects/keychain.html
I just heated up a knife and used that to melt the ears off so I could get at the audio jack-- never bothered with the pen hole. Was able to make it nice and smooth too.
What didn't you like? I use it daily and it works wonderfully (at least in the latest version, running on 1.1b). Even my tech-challenged wife is able to sign and encrypt emails to others without my help.
With the 1.0 release I cannot grab video cleanly without dropping hundreds of frames like I could with beta2. with 1.0 I can convert to opendivx though, which would crash on beta 2. Anybody else seen this?
It works well on my dual PIII 866, but I'm only dealing with 640x480 video. This box is less than half the speed of what it could be. I like the fact that I can actually see significant CPU usage on BOTH CPU's when capturing video:-)
I thought this was a serious post until I read the last line.
Just spotted on Freshmeat today! 0-day exploit!
on
Shattering Windows
·
· Score: 1
Well, what do you know, a "0-day exploit":-) Ok, not really, but could generate some/. hooplah anyway;-)
http://hoopajoo.net/projects/xautomation.html
xautomation
Control X from the command line for scripts, and do "visual scraping" to find things on the screen. The conrol interface allows mouse movement, clicking, button up/down, key up/down, etc, and uses the XTest extension so you don't have the annoying problems that xse has when apps ignore sent events. The visgrep program find images inside of images and reports the coordinates, allowing progams to find buttons, etc, on the screen to click on....what could ANYBODY *ever* do with such a tool!?!..sarcasm, for those lacking.
Big Trak! Oh, the amount of times I've had it roll up to the dog and flash it's light.... I don't remember the commercials, but mine when down a few stairs once:-)
> Personally I prefer IPSec to be on for all communications throughout the entire organization (versus just "from the Internet in". I'd do that via a L2TP VPN server).
I too would agree with this statement-- in an ideal world with mixed platforms (Solaris, Linux, Windows, HPUX) IPSEC everywhere would be ideal, I just fear that cross platform management would be a nightmare. One of the most attractive aspects of using IPSEC is as you mention, that you can do all of this without you users even being aware of it, and no tool changes are required. I'm speaking out of my ass in a certain respect, as I haven't configured IPSEC on a mass scale for multiple platforms (but I have with SSH), but I'm not aware of any multiplatform (as mentioned above, all of them, not just a couple) IPSEC products where changes can be easily made by one person on one platform. Again, these may exist, and if you know of any, I'd be interested in hearing about them.
Of course I understand that IPSEC is fully documented and heavily deployed (I work at a company that makes many IPSEC products), I was just speaking about the ease of ssh implementation and light weight of the required apps. I'm not aware of any Java or Regarding compression, authentication, etc: These are all separate elements of the communications layers, and personally I don't LIKE to see them all slammed together in some emacs type "cater to everyone" combination.
It's all about what you want to use it for. Even in an all IPSEC environment, SSH is still very usefull ON TOP of it all for things like transparent X forwarding between machines (no more setting your $DISPLAY), authentication, etc.
As I mentioned, I wouldn't use SSH for a VPN, although I specifically DO use SSH instead of a VPN for telecommuting-- and I work from home 4 days a week.
I've been thinking of hacking together a somewhat simple system that would randomly generate WEP keys, use tcl/expect/perl-expect whatever to control lynx-ssl to connect to my AP, set up a new WEP key on the AP (it can have multiple keys), then ssh to my laptops and change the wep keys on them. One could easily write small scripts for whatever AP or system you wanted to reconfig, assuming you can do 'em from a command line.
The problem with using things like IPSEC is that you need IPSEC servers which are your choke points, unless you want to have a configuration nightmare and manage thousands of independant IPSEC configs on thousands of machines-- totally not practical. SSH gives you many handy things like X forwarding/arbitrary port forwarding, the ability to load a password into memory (via ssh-agent) and use it for automatic, passwordless authentication, file transfers (both with things like scp and sftp, and it can be used for a transport agent for things like rsync/unison, etc). It's easier to poke a SINGLE hole through a firewall on any port you want, with no compatability issues. Built in (variable) compression, very handy for speeding up your X sessions, as well as things like IMAP/POP mail transfers, etc. Using something like IPSEC, how can you say "I want to compress all IMAP and POP mail to hostA, but not web traffic on hostA, and I want X compressed to hostB, but not to hostC?" All of these things are easy to do with SSH.
With SSH I can use one standard protocol/app set that will run on everything from cell phones to PDAs to huge servers, running all kinds of OS's, generally at little to no cost. Show me an IPSEC solution that can do that. SSH requires no kernal mods, or even anything that must be installed as a root/administrator on any platform. The code is open, and free for you to mod as well. If you must have VPN type functionality you CAN do things like PPP over SSH if you must, although this isn't the highest performing option, it is possible. The one thing SSH *IS* missing is the ability to forward UDP traffic.
I've played the snes emulator on my z with a ton of games. Some, like Micro Machines work perfectly, others like Micro Machines 2 are a little slow. Cannon Fodder on the Z is pretty cool though!
http://www.turbotax.intuit.com/welcome/perm/turb ot axcom/welcome.htm
I just moved from Canada to the US, and the ever so sharp people at H&R block couldn't do my simple taxes for only 3 paychecks in 2001! No problems at the above site.
>do you think so many computers would be in homes right now if they were still so hard to use for the average dummy out there like back in the days of DOS?
They haven't been hard to use since the Mac/Amiga/Atari ST came out. your point is??
Slashdot Mirror
Maybe I'm a dumbass, but dosen't MAC address filtering address most of the security issues related to Wi-Fi?
:-)
Well, I wouldn't say you're a dumbass, but no, it does not address most of the security issues
It is trivial to sniff a valid MAC address, and then set your card to be that address.
OK - this is a troll - but could someone explain whether VPNs have any real uses apart from working around insecure servers which trust the network too much. QoS is one thing perhaps, but it seems like overkill for that.
There are MANY things that you cannot use an SSH tunnel or SSL for. Anything that uses UDP, for instance. This leaves out nearly all video conferencing software, and many other apps as well.
I've copied over all the files, but it segfaults.
At one time I saw a link to a howto, but can't find it now of course
..yes and when you tell them that Windsor, Ontario is SOUTH of Detroit, MI they don't believe that either! 'tis true.
See my post below where I mention using keychain. Basically if you have an agent loaded, you can easily attach to it in a cronjob (by sourcing a file that sets a couple of variables) and do what ever you want.
the only downside is that you need to feed a password:
/root/.ssh/id_dsa /root/.ssh-agent-box750
Not if you use the ssh-agent, and maybe keychain.
Before you run that command in a script, put this code previous to it:
keychain -q
.
tar cvzf - $1 | ssh $2 '( cd $3; tar xvzf - )'
Now the first time you run the command, it will ask you for your key passphrase, but any subsequent runs will work passwordlessly.
I use a similar script with rsync and it works great. Set up a cron job to automatically do the backup, and once after the box boots start a manual bkup (thus loading the key), and it'll work automatically from there.
Keychain can be found here: http://www.gentoo.org/projects/keychain.html
Corel changed their logo sometime ago to some wierd head thing, time for a new /. logo.
I just heated up a knife and used that to melt the ears off so I could get at the audio jack-- never bothered with the pen hole. Was able to make it nice and smooth too.
What didn't you like? I use it daily and it works wonderfully (at least in the latest version, running on 1.1b). Even my tech-challenged wife is able to sign and encrypt emails to others without my help.
Scratch what I said. I rebooted to activate a new kernel, and it works fine now :-)
I hope to try the plugins tonight.
With the 1.0 release I cannot grab video cleanly without dropping hundreds of frames like I could with beta2. with 1.0 I can convert to opendivx though, which would crash on beta 2.
Anybody else seen this?
It works well on my dual PIII 866, but I'm only dealing with 640x480 video. This box is less than half the speed of what it could be. I like the fact that I can actually see significant CPU usage on BOTH CPU's when capturing video :-)
I thought this was a serious post until I read the last line.
Well, what do you know, a "0-day exploit"
http://hoopajoo.net/projects/xautomation.html
xautomation
Control X from the command line for scripts, and do "visual scraping" to find things on the screen. The conrol interface allows mouse movement, clicking, button up/down, key up/down, etc, and uses the XTest extension so you don't have the annoying problems that xse has when apps ignore sent events. The visgrep program find images inside of images and reports the coordinates, allowing progams to find buttons, etc, on the screen to click on.
Big Trak! Oh, the amount of times I've had it roll up to the dog and flash it's light.... :-)
I don't remember the commercials, but mine when down a few stairs once
> Personally I prefer IPSec to be on for all communications throughout the entire organization (versus just "from the Internet in". I'd do that via a L2TP VPN server).
I too would agree with this statement-- in an ideal world with mixed platforms (Solaris, Linux, Windows, HPUX) IPSEC everywhere would be ideal, I just fear that cross platform management would be a nightmare. One of the most attractive aspects of using IPSEC is as you mention, that you can do all of this without you users even being aware of it, and no tool changes are required.
I'm speaking out of my ass in a certain respect, as I haven't configured IPSEC on a mass scale for multiple platforms (but I have with SSH), but I'm not aware of any multiplatform (as mentioned above, all of them, not just a couple) IPSEC products where changes can be easily made by one person on one platform. Again, these may exist, and if you know of any, I'd be interested in hearing about them.
Of course I understand that IPSEC is fully documented and heavily deployed (I work at a company that makes many IPSEC products), I was just speaking about the ease of ssh implementation and light weight of the required apps. I'm not aware of any Java or Regarding compression, authentication, etc: These are all separate elements of the communications layers, and personally I don't LIKE to see them all slammed together in some emacs type "cater to everyone" combination.
It's all about what you want to use it for. Even in an all IPSEC environment, SSH is still very usefull ON TOP of it all for things like transparent X forwarding between machines (no more setting your $DISPLAY), authentication, etc.
As I mentioned, I wouldn't use SSH for a VPN, although I specifically DO use SSH instead of a VPN for telecommuting-- and I work from home 4 days a week.
I've been thinking of hacking together a somewhat simple system that would randomly generate WEP keys, use tcl/expect/perl-expect whatever to control lynx-ssl to connect to my AP, set up a new WEP key on the AP (it can have multiple keys), then ssh to my laptops and change the wep keys on them.
One could easily write small scripts for whatever AP or system you wanted to reconfig, assuming you can do 'em from a command line.
Comments?
The problem with using things like IPSEC is that you need IPSEC servers which are your choke points, unless you want to have a configuration nightmare and manage thousands of independant IPSEC configs on thousands of machines-- totally not practical. SSH gives you many handy things like X forwarding/arbitrary port forwarding, the ability to load a password into memory (via ssh-agent) and use it for automatic, passwordless authentication, file transfers (both with things like scp and sftp, and it can be used for a transport agent for things like rsync/unison, etc). It's easier to poke a SINGLE hole through a firewall on any port you want, with no compatability issues. Built in (variable) compression, very handy for speeding up your X sessions, as well as things like IMAP/POP mail transfers, etc. Using something like IPSEC, how can you say "I want to compress all IMAP and POP mail to hostA, but not web traffic on hostA, and I want X compressed to hostB, but not to hostC?" All of these things are easy to do with SSH.
With SSH I can use one standard protocol/app set that will run on everything from cell phones to PDAs to huge servers, running all kinds of OS's, generally at little to no cost. Show me an IPSEC solution that can do that. SSH requires no kernal mods, or even anything that must be installed as a root/administrator on any platform. The code is open, and free for you to mod as well. If you must have VPN type functionality you CAN do things like PPP over SSH if you must, although this isn't the highest performing option, it is possible.
The one thing SSH *IS* missing is the ability to forward UDP traffic.
...we dropped both telnet AND ftp actually. I'm the one doing the change actually :-)
...and the email/news client is (AFAIK) only included in the Windows version..
I've played the snes emulator on my z with a ton of games. Some, like Micro Machines work perfectly, others like Micro Machines 2 are a little slow.
Cannon Fodder on the Z is pretty cool though!
I did my taxes online here:
b ot axcom/welcome.htm
http://www.turbotax.intuit.com/welcome/perm/tur
I just moved from Canada to the US, and the ever so sharp people at H&R block couldn't do my simple taxes for only 3 paychecks in 2001! No problems at the above site.
Holy shit! That asshole! Even I had to stoop to his level and rant a bit because I couldn't take his idiocy anymore!
A blast from the past!
>do you think so many computers would be in homes right now if they were still so hard to use for the average dummy out there like back in the days of DOS?
They haven't been hard to use since the Mac/Amiga/Atari ST came out. your point is??