[Disclaimer: I am a pfSense developer, so I'm a bit biased. For those of you who don't know what pfSense is, it's a BSD-based firewall distribution.]
pfSense 2.0 won't officially support IPv6, but there is a branch available that does IPv6 which will later become 2.1. I'm running it on my home router with a GIF tunnel to Hurricane Electric ( http://he.net/http://tunnelbroker.net/) to get IPv6 even though my ISPs do not have any native IPv6 support yet. The IPv6 support is a work in progress but is complete enough that it will do what most people want/need.
I get a 10/10 on the IPv6 tests from http://test-ipv6.com/ on all my PCs as well as my Droid X running 2.3.3. If you're already using pfSense 2.0, give the IPv6 code a try, setup a tunnel to he.net, and enjoy. Doesn't take too long at all to setup.
See my comment later in the post here. You can get a free IPv6 tunnel from http://tunnelbroker.net/ if you have a router/firewall capable of establishing a GIF tunnel. pfSense (2.0 with the IPv6 code branch), m0n0wall, and DD-WRT and friends can do this.
I posted a comment much like this in the last IPv6 thread, but here it goes again.:-)
[Disclaimer: I am a pfSense developer, so I'm a bit biased. For those of you who don't know what pfSense is, it's a BSD-based firewall distribution.]
pfSense 2.0 won't officially support IPv6, but there is a branch available that does IPv6 which will later become 2.1. I'm running it on my home router with a GIF tunnel to Hurricane Electric (http://he.net, http://tunnelbroker.net/) to get IPv6 even though my ISPs do not have any native IPv6 support yet. The IPv6 support is a work in progress but is complete enough that it will do what most people want/need.
[pre-comment disclaimer: I am a pfSense developer] I am running the IPv6 branch of pfSense 2.0 on my home router and I have v6 connectivity via he.net's tunnelbroker service. It works nicely, most devices on my LAN are happily preferring v6 over v4 for connections where it's possible, though it is rather limited at the moment. While the IPv6 code won't be included in the 2.0 release when it ships, it's easy to overlay on top and run it now. It will make it into the 2.1 release for sure. It's making great progress but it's not yet 100%.
Checking my RRD graphs I see that on one graph it showed a total of around 2GB of IPv4 transferred and for the same period, 30MB of IPv6, so somewhere near 1.5% of my traffic is ipv6 for that period.
If you are an existing developer of client apps, you can continue to serve your user base, but we will be holding you to high standards to ensure you do not violate users’ privacy, that you provide consistency in the user experience, and that you rigorously adhere to all areas of our Terms of Service. We have spoken with the major client applications in the Twitter ecosystem about these needs on an ongoing basis, and will continue to ensure a high bar is maintained.
Seems to me that's saying that clients still exist, they're just being held to stricter standards. They'll only be discarding ones that don't follow their guidelines. Now I'm sure that means foisting all kinds of undesirable promotional crap on clients that can't be ignored, but it's not making clients obsolete.
So what is Blockbuster doing to appease the studio execs?
There is a Blockbuster app to stream movies on my Droid X, but I won't use it. They want to charge per movie instead of including access as part of my Blockbuster-by-mail subscription.
Seems Netflix is caving in more and more to the studios lately, between the delays in some new releases and this mess. I find it hard to believe this is a technical problem, someone is probably paying them to not do it.
There are some problems with certain equipment, but it can usually be sorted out.
You can get an ALIX with no moving parts and only draws about 5W of power for under $200, but probably couldn't run snort. They make great firewalls though for most cases. An atom 330-based 1U Supermicro server barebones kit can be found at Newegg for about $280 or so. Those only draw about 35W.
A lot cheaper than replacing them with a desktop-class PC, unless you have spare parts laying around.:-)
You're probably paying more in electricity to run that old box than it's worth:-)
There are DNS rebinding attack protections in pfSense 2.0, but it's still in beta. The changes may be backported or at least show up as a "package" that can be installed, but that would still require being on at least 1.2.3.
The code for the different pfSense branches is also there, as well as the code for the livecd repo based on freesbie2.
If you have a spare FreeBSD box (or a VM) it isn't too hard to follow the how-to and make an image, but the instructions only cover a fraction of what it is capable of doing. That one tools repo contains the scripts to build everything: LiveCD ISOs, Firmware update files, Embedded images, you name it.
If you want to know more, check out the forums or ask on freenode, someone is usually around who is familiar with the process.
The DNS issue sounds like a good question for the pfSense forums (http://forum.pfsense.org) or if you are on freenode, try ##pfSense.
A little more information about your setup would be needed to say much of anything for certain (e.g. DNS configuration on pfSense, use of the DNS forwarder, DNS servers specified in the DHCP config, etc.)
crunchgen is not used anywhere in pfSense (in fact the crunchgen binary is removed as part of its build process).
Yes, you can get the same functionality by manually installing all of the included software on a bare OS, but you lose the GUI, configuration code, backup system, ease of use, extra patches used by pfSense, and lots of other functionality. Incidentally you also gain other functionality by using the base OS, but it's always a trade-off.
I'm not saying pfSense is the answer to everything, but it's been more than capable of anything I've tossed at it from lots of wacky scenarios, and then some.
(As stated elsewhere in this topic, I am one of many pfSense developers, so I am a little biased:-)
They're good in the EU, and if you are in the US, http://www.netgate.com/ also sells systems pre-loaded with pfSense or m0n0wall.
I typically prefer the build-it-myself path for the larger systems, but we've bought several ALIX kits from Netgate. Their ALIX cases are nice (reversible lid that can hide/expose antenna holes for wifi is a nice touch)
pfSense 2.0 will solve the multi-wan traffic shaping limitation, and it's in beta right now. As for the multi-wan glitches, I'm not sure when the last time you tried it was, but the outbound load balancer was redone in 1.2.3 and 2.0 will have even more changes as well.
I run an ISP and we use a pfSense CARP cluster in front of our servers and it's worked great for us, but admittedly we are a small ISP. We also use it at more than a dozen customer sites. Everyone loves it.
You can have low-cost commercial grade services run using off-the-shelf hardware.
pfSense includes support for CARP, which lets you build high-availablity failover clusters. You can have two (or three or four...) cheap systems and if one dies, just fix/replace it as needed. The backup system(s) automatically take over and nobody would likely even notice the changeover.
When it's cheap, that is much easier to consider.
If you want no moving parts, you can use an ALIX box, Soekris, or perhaps even some atom-based boards. If you want to use server-grade boxes to make yourself feel warm and fuzzy, you can do that too. Supermicro even has a server-class atom board in a 1U rack which runs pfSense very well for us.
And if you've read "In the beginning was the command line", he comments about how he has changed computers quite a bit, DOS/Windows, Mac, Linux, and so on. I wonder if even he knows which computers his various works were written upon.
I am inclined to side with you, and The Wiki, and the Dictionary, and the Coiner of the word.
I really prefer "meem", as the other pronunciations all sound weird. Well, more weird than "meem".
I was hoping this was not a case like Giga, where it is really supposed to be pronounced like "Gigantic" (Or if you're Doc Brown, "Jigga"), but culturally so many people say "gig-ah" that the real pronunciation has been all but lost.
Very commonly this happens when a hard drive reverts to PIO mode after Windows decides it has seen a few errors from the drive. You can verify this by looking at the properties of the IDE Controller to which the drive is connected in device manager. (IDE ATA/ATAPI Controllers/Primary IDE Channel/Advanced Settings tab, for example)
There is a VBScript that resets the drive back to DMA mode, and is effective if that is indeed the case.
This could also be an early sign of hard drive failure. I've seen plenty of drives that passed diagnostics but were very, very slow. Try checking the SMART data with something like HDTune.
I also have a Leatherman Wave but I would consider that overkill and dangerous compared to the OpenX. It's rather difficult to accidentally hurt yourself with the OpenX, but I've come close to hurting myself trying to open packaging with my Leatherman.
It does get the job done, though. The OpenX isn't exactly something I'd want to carry around all the time. I have one at home, and one at work, but my Leatherman is always on my belt (right next to the onion).
Slashdot Mirror
[Disclaimer: I am a pfSense developer, so I'm a bit biased. For those of you who don't know what pfSense is, it's a BSD-based firewall distribution.]
pfSense 2.0 won't officially support IPv6, but there is a branch available that does IPv6 which will later become 2.1. I'm running it on my home router with a GIF tunnel to Hurricane Electric ( http://he.net/ http://tunnelbroker.net/) to get IPv6 even though my ISPs do not have any native IPv6 support yet. The IPv6 support is a work in progress but is complete enough that it will do what most people want/need.
Instructions for the setup and more info can be found on the pfSense IPv6 board here: http://forum.pfsense.org/index.php/board,52.0.html
I get a 10/10 on the IPv6 tests from http://test-ipv6.com/ on all my PCs as well as my Droid X running 2.3.3. If you're already using pfSense 2.0, give the IPv6 code a try, setup a tunnel to he.net, and enjoy. Doesn't take too long at all to setup.
See my comment later in the post here. You can get a free IPv6 tunnel from http://tunnelbroker.net/ if you have a router/firewall capable of establishing a GIF tunnel. pfSense (2.0 with the IPv6 code branch), m0n0wall, and DD-WRT and friends can do this.
I posted a comment much like this in the last IPv6 thread, but here it goes again. :-)
[Disclaimer: I am a pfSense developer, so I'm a bit biased. For those of you who don't know what pfSense is, it's a BSD-based firewall distribution.]
pfSense 2.0 won't officially support IPv6, but there is a branch available that does IPv6 which will later become 2.1. I'm running it on my home router with a GIF tunnel to Hurricane Electric (http://he.net, http://tunnelbroker.net/) to get IPv6 even though my ISPs do not have any native IPv6 support yet. The IPv6 support is a work in progress but is complete enough that it will do what most people want/need.
Instructions for the setup and more info can be found on the pfSense IPv6 board here: http://forum.pfsense.org/index.php/board,52.0.html
I get a 10/10 on the IPv6 tests from http://test-ipv6.com/ on all my PCs as well as my Droid X running 2.3.3.
[pre-comment disclaimer: I am a pfSense developer]
I am running the IPv6 branch of pfSense 2.0 on my home router and I have v6 connectivity via he.net's tunnelbroker service. It works nicely, most devices on my LAN are happily preferring v6 over v4 for connections where it's possible, though it is rather limited at the moment. While the IPv6 code won't be included in the 2.0 release when it ships, it's easy to overlay on top and run it now. It will make it into the 2.1 release for sure. It's making great progress but it's not yet 100%.
Checking my RRD graphs I see that on one graph it showed a total of around 2GB of IPv4 transferred and for the same period, 30MB of IPv6, so somewhere near 1.5% of my traffic is ipv6 for that period.
Check the pfSense IPv6 board for more info and a howto.
FTA:
Seems to me that's saying that clients still exist, they're just being held to stricter standards. They'll only be discarding ones that don't follow their guidelines. Now I'm sure that means foisting all kinds of undesirable promotional crap on clients that can't be ignored, but it's not making clients obsolete.
So what is Blockbuster doing to appease the studio execs?
There is a Blockbuster app to stream movies on my Droid X, but I won't use it. They want to charge per movie instead of including access as part of my Blockbuster-by-mail subscription.
Seems Netflix is caving in more and more to the studios lately, between the delays in some new releases and this mess. I find it hard to believe this is a technical problem, someone is probably paying them to not do it.
We've got lots of good suggestions up here:
http://doc.pfsense.org/index.php/Boot_Troubleshooting
There are some problems with certain equipment, but it can usually be sorted out.
You can get an ALIX with no moving parts and only draws about 5W of power for under $200, but probably couldn't run snort. They make great firewalls though for most cases. An atom 330-based 1U Supermicro server barebones kit can be found at Newegg for about $280 or so. Those only draw about 35W.
A lot cheaper than replacing them with a desktop-class PC, unless you have spare parts laying around. :-)
You're probably paying more in electricity to run that old box than it's worth :-)
There are DNS rebinding attack protections in pfSense 2.0, but it's still in beta. The changes may be backported or at least show up as a "package" that can be installed, but that would still require being on at least 1.2.3.
More info in the forum: http://forum.pfsense.org/index.php/topic,26368.0.html
The act of building your own CD or install image is covered here:
http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso
If you're just interested in the tools, patches, and scripts that build the system, they can be found in the pfSense "tools" repo here:
https://rcs.pfsense.org/
The code for the different pfSense branches is also there, as well as the code for the livecd repo based on freesbie2.
If you have a spare FreeBSD box (or a VM) it isn't too hard to follow the how-to and make an image, but the instructions only cover a fraction of what it is capable of doing. That one tools repo contains the scripts to build everything: LiveCD ISOs, Firmware update files, Embedded images, you name it.
If you want to know more, check out the forums or ask on freenode, someone is usually around who is familiar with the process.
Jar,
The DNS issue sounds like a good question for the pfSense forums (http://forum.pfsense.org) or if you are on freenode, try ##pfSense.
A little more information about your setup would be needed to say much of anything for certain (e.g. DNS configuration on pfSense, use of the DNS forwarder, DNS servers specified in the DHCP config, etc.)
crunchgen is not used anywhere in pfSense (in fact the crunchgen binary is removed as part of its build process).
Yes, you can get the same functionality by manually installing all of the included software on a bare OS, but you lose the GUI, configuration code, backup system, ease of use, extra patches used by pfSense, and lots of other functionality. Incidentally you also gain other functionality by using the base OS, but it's always a trade-off.
I'm not saying pfSense is the answer to everything, but it's been more than capable of anything I've tossed at it from lots of wacky scenarios, and then some.
(As stated elsewhere in this topic, I am one of many pfSense developers, so I am a little biased :-)
They're good in the EU, and if you are in the US, http://www.netgate.com/ also sells systems pre-loaded with pfSense or m0n0wall.
I typically prefer the build-it-myself path for the larger systems, but we've bought several ALIX kits from Netgate. Their ALIX cases are nice (reversible lid that can hide/expose antenna holes for wifi is a nice touch)
pfSense 2.0 will solve the multi-wan traffic shaping limitation, and it's in beta right now. As for the multi-wan glitches, I'm not sure when the last time you tried it was, but the outbound load balancer was redone in 1.2.3 and 2.0 will have even more changes as well.
I run an ISP and we use a pfSense CARP cluster in front of our servers and it's worked great for us, but admittedly we are a small ISP. We also use it at more than a dozen customer sites. Everyone loves it.
There are several reasons to go with FreeBSD (Though OpenBSD is great in its own regard).
The reasons given by the pfSense project are here:
http://doc.pfsense.org/index.php/Why_did_you_choose_FreeBSD_instead_of_%27insert_OS_here%27%3F
I should add this:
Disclaimer: I am a pfSense developer, documentation writer, and co-author of pfSense: The Definitive Guide. :-)
You can have low-cost commercial grade services run using off-the-shelf hardware.
pfSense includes support for CARP, which lets you build high-availablity failover clusters. You can have two (or three or four...) cheap systems and if one dies, just fix/replace it as needed. The backup system(s) automatically take over and nobody would likely even notice the changeover.
When it's cheap, that is much easier to consider.
If you want no moving parts, you can use an ALIX box, Soekris, or perhaps even some atom-based boards. If you want to use server-grade boxes to make yourself feel warm and fuzzy, you can do that too. Supermicro even has a server-class atom board in a 1U rack which runs pfSense very well for us.
Am I the only one that misread that as "Deep Fried" and expected a completely different kind of story?
A similar but not quite the same choice is available.
When viewing a message, click "other actions" then "show in conversation"
Your replies are threaded in when viewing a message this way, but it opens in a new tab.
This story is not the "whole" story.
Basically the author of FreeNAS is going to start over doing it on Linux, but some other group is taking over the FreeBSD portion of FreeNAS:
http://www.freebsdnews.net/2009/12/05/freenas-ready-step/
And if you've read "In the beginning was the command line", he comments about how he has changed computers quite a bit, DOS/Windows, Mac, Linux, and so on. I wonder if even he knows which computers his various works were written upon.
There's the answer to rising sea levels... Divert the water into what will eventually become an ocean basin anyway.
I am inclined to side with you, and The Wiki, and the Dictionary, and the Coiner of the word.
I really prefer "meem", as the other pronunciations all sound weird. Well, more weird than "meem".
I was hoping this was not a case like Giga, where it is really supposed to be pronounced like "Gigantic" (Or if you're Doc Brown, "Jigga"), but culturally so many people say "gig-ah" that the real pronunciation has been all but lost.
The real question remains unanswered: Just how do you pronounce "meme"?
The dictionary says "meem", but I hear "may-may" and "me-me" often.
Very commonly this happens when a hard drive reverts to PIO mode after Windows decides it has seen a few errors from the drive. You can verify this by looking at the properties of the IDE Controller to which the drive is connected in device manager. (IDE ATA/ATAPI Controllers/Primary IDE Channel/Advanced Settings tab, for example)
There is a VBScript that resets the drive back to DMA mode, and is effective if that is indeed the case.
This could also be an early sign of hard drive failure. I've seen plenty of drives that passed diagnostics but were very, very slow. Try checking the SMART data with something like HDTune.
I also have a Leatherman Wave but I would consider that overkill and dangerous compared to the OpenX. It's rather difficult to accidentally hurt yourself with the OpenX, but I've come close to hurting myself trying to open packaging with my Leatherman.
It does get the job done, though. The OpenX isn't exactly something I'd want to carry around all the time. I have one at home, and one at work, but my Leatherman is always on my belt (right next to the onion).