For security reasons, most name servers won't allow zone transfers to slave servers in non trusted domains. If your host has a problem allowing custom DNS configuration, chances are they aren't going to allow a zone transfer to another domain, let alone one that is not trusted.
I suppose you could hand seed your slave name servers, but a key ingredient of DNS is dynamic updates between the primary and slave name server. If for some reason your host was to change IP addresses for your site, or the email server, then those changes wouldn't be reflected in the slave name servers record. If your primary name server went down, your slave wouldn't have the right data in the zone file.
With cable modems and some RBOCS there is that restriction, but with most CLECs, like Covad, you can indeed get an SDSL (or other DSL) and host your own servers.
Part of the problem is when your telco bundles the DSL with ISP services, they can't handle it. What you have to do, is get your DSL as a curcuit only, then sign up with an ISP that will allow hosted servers. You can't do that in every city, but you can in several.
Even with my USWorst DSL at home, I'm able to host servers, because our upstream provides the pipes on the other side of the DSLAM. I have a 2GB/month limit imposed by the ISP, and only a single IP address, but I'm able to purchase more of either, if I desire.
In this case, it's just like a regular data curcuit, where the telco provides the curcuit, and the ISP determines the extent of the usage.
The way the case is being portrayed by the MPAA, is that without DeCSS, piracy can't exist. That's a pretty big leap in logic. Right now, if I choose, I could copy as many DVDs as I want, not a problem, no DeCSS involved, all bit for bit copies. All able to be played back on ANY DVD player.
When you think about it from a commercial standpoint, who will pirates sell the copied DVDs to? Well, people that own DVD players, of course. Since the players will play back ANY bit for bit DVD, the example of the debit card is dubious, at best.
The MPAA presents a strawman argument. Reverse engineering for interoperability is indeed legal under the Digital Millenium Copyright Act. That's what this is, nothing more, nothing less.
Yes, there has been a significant investment in technology regarding DVD. It's a fallacy to believe that breaking the encryption technology will lead to more pirating, because the encryption technology DOES NOT prevent pirated copies, in and of itself. You need the access control mechanism, which anyone that owns a DVD already has. The pirate market for mass produced DVD copies is home theater and people that already own a DVD player, not Linux geeks.
Think about it, as a mass market pirate why would one target people that don't own DVD players? You wouldn't, no more than software piracy appeals to people that don't own computers. CSS does not protect against copies made by or for those with DVD players, which is the bulk of the potential pirate audience.
It's not about freedom, but it's not about piracy, either. Some of it is possibly due to the embarassment factor due to the fairly weak and easily broken encryption scheme. If anyone should be sued by the MPAA and studios, it should be Mitsubishi for selling it to them in the first place. Caveat Emptor...
In case you haven't noticed, the encryption DOES NOT prevent pirate copies. I can make thousands of bit for bit DVD copies without any reference, using, or even thinking about encryption.
What is does do, is allow me to play DVDs (I legally own more than 50 DVD) on hardware like a Sun or Linux box. The encryption only prevents playback on certain hardware, it does not prevent piracy.
If @Home users are using servers that aren't properly configured, for example one has a Linux box (or whatever OS) with the newsserver not filtering which posts to propagate, it is able to be used by a spammer as a "pass through" gateway to the main @Home newsservers.
The same thing IS possible for using someone else's sendmail to relay mail if they don't disallow replying.
This particular case, however, is only related to USENET.
The @Home response to the UDP reminds me of the movie "Cousin Vinnie", where Vinnie looks at the judge and says "Oh, you were serious about that?..."
As for backups, you should have your own off-site backups, and if it's e-commerce related, you should damn well have your OWN disaster recovery plan. Your own backups. Your own copy of the records, either that, or contractual obligations that your provider will supply those services.
While I agree with what you are saying, unfortunately it doesn't work that way at some low budget hosts. Many don't allow shell access, or the ability to run even a simple cron job to tar the site. The best many can do is to ftp the complete site every time there is a change, or data is added.
Data from customer databases is another issue. With most of these CSP type e commerce accounts, you have no access to the data, except via the browser front end. That means no backups, no queries other than the ones built into the app.
You get what you pay for, and anyone that is trying to run even a small business on a 20 dollar a month e commerce account has to realize that there may be some problems. We started co locating a year ago after our host was purchased by Verio, who then went on to destroy the level of service to which we had become accustomed. My only question now is, why didn't I start hosting my own servers, sooner.
Most of the web hosts I've seen offered up as alternatives want over $100 a month for the same features I get for $28 at cihost. Well.....you get what you pay for. We decided last year to move most of our Internet services to our own servers, co located in the data center of well known ISPs. Dave
He was refering to the International Date Line, which is in the Pacific Ocean. From there, "it" will pass west through Asia, Europe, and finally, the Americas. Just like every morning.........
Simply changing the zone files from the previous name server won't do the trick. One must register the new name server as a host, then modify the domains to include the new hosts info. In order for the change to be real, you HAVE to do the paperwork. There is no way around it, that is how the system works.
That was the RTM, or release to manufacturing. It won't be available to the general public until Feb. Only MSDN wonks such as us will get it before then.
He will be able to understand the totally point and click/wizard environment of Windows NT.
Concepts of secure networks and computers span far beyond the graphic interface of a "wizard". An administrator has to be able to know what to do, and what might be ramifications of particular choices. It's about knowledge of systems security, not point and click.
But Windows NT was designed with the network in mind.
But there are several shortcomings to NT in this regard. The most prevelent, is the fact that ANY user can execute code to potentially damage the system. That's the primary reason that viri and trojans such as Melissa are able to be readily spread among users.
If one were to look at the initial C2 rating afforded to NT, it was rated when it was NOT connected to the network. Pretty poor for what at the time was bragged by MS to be the most secure, capable NOS.
FWIW, the majority of corp desktops (according to IDG) are running Win 9x of some sort, not NT. As such, they don't have the granularity of permissions that NT offers with NTFS.
I'll leave the NT domain structure and lack of directory services for another time. Those are issues of poor design, and not necessarily related to security.
Linux isn't perfect, either, no OS is. But the security and flexibility of NT is often overstated by MS, when compared to other NOS'es.
How does asking a child in the street have anything to do with the GPL?
If you are going to argue about the restrictions of the GPL, then do so. Equating what you feel wrong with the GPL to asking children what they preceive a word to mean, is meaningless.
By your interpretation and comments here, it doesn't seem as though you have even read the GPL.
For users of GPL licensed software, there are NO restrictions. (except for the dev tools) The few restrictions (compared to closed source software) invoked in the GPL are for the redistribution and modifications to the source.
Instead of debating semantics over the definition of the word "free", why don't you enlighten all us old guys as to the specific problems with the terms of the GPL. According to my copy of the OED, there are 17 definitions for the word "free".
etoy content is protected in the US as free speech.
etoys does not own the domain name, that's owned by NSI. As such, etoys can't trademark the domain name, so the requirement to defend the mark is moot. Besides, the etoy use predates the toy seller by two years.
I'd be more inclinded to judge a company or a person by their actions, rather than the type of server software they use. The "sharp fanged lawyers" are controlled by the CEO and/or Board of the company. Generally, they do not operate autonomously, particularly in matters of this scope.
The point of the excercise was that the USERS ask the questions, not the editors. To me, the entire episode shows me that Vranesevich is mearly an immature young man, with poor social skills and a propensity to mislead or exagerate certain facts and statements. Dave
Until a few months ago, it was standard talk coming from MS that the Win9x and NT products would merge. It's only because the scale of joining the two is so great, that they haven't yet.
You only have the freedom to patch or extend that software, if you have the ability to write the code. Having source code is one thing. Actually being able to do something with it is another. Dave
It looks like the thread is about to scroll off, so thanks to all for the opinions and information. It was most informative. One thing that has been clear for a while, we need to get off the MIPS box and onto an Intel box. Using the MIPS box adds a level of complexity to the deployments that aren't quite justified.
We've narrowed it down to a few options, in order of preference.....except for Zope, they are all operating on a testing system, still behind the firewall. Zope will go up in the next few hours (if I can get it to run on the RaQ2.... =:-0 )
1)Zope based Squishdot/Confra/Zthreads type solution. Probably the best bet for the future. If I get stuck, I can hire DC to help. Anyone that might disagree, I'd love to hear your opinion. Downside, I don't know Python....but that will change. Time for another visit to Fatbrain.......
2)Bazaar, rewriten from GPL W3T. Still largely alpha. Has a long way to go, and a limited development community. If I were a better coder (or even could be considered a coder), this might make more sense.
3)RPGBoard. Best of the non data base perl scripts, without a doubt. Fast, well documented, good feature set. I could deploy in just a few hours, and have a robust working site. Downside, I'd perfer something with a more broad developer base, extensable in a more modular fashion.(though SineSweeper seems like a cool guy)On the plus side, depending on how well Zope and Bazaar do in the next few weeks of testing, RPG may very well get the nod. It's mature, and stable with solid performance. Though might not be the best long term solution, it works well, right now.
Out of the running.......
Slash....poorly documented, not updated in a timely fashion, and it looks like there might be a fork coming. This is a caveat of Open Source where the community is more into public development than the maintainers. Attitudes from the maintainer (that would be Taco) such as "everytime someone asks about the next release, I delay it another day", speak volumes. I wish the forkers much luck, though I'd be inclined to use a Zope based solution for this type of thing. Instead of forking something that the maintainer isn't really interested in, a better use of energy would be to devote it to another project.....like Zope.
W3T....Scream seems like a cool guy, but the performance is anything but fast. I applaud the work he has done, but based on the comments of others here, and some DBAs I know, W3T code is still too bloated and not optimized, causing performance issues on busy sites. Maybe now that it's commercial, some of these issues can be addressed.
Slashdot Mirror
For security reasons, most name servers won't allow zone transfers to slave servers in non trusted domains. If your host has a problem allowing custom DNS configuration, chances are they aren't going to allow a zone transfer to another domain, let alone one that is not trusted.
I suppose you could hand seed your slave name servers, but a key ingredient of DNS is dynamic updates between the primary and slave name server. If for some reason your host was to change IP addresses for your site, or the email server, then those changes wouldn't be reflected in the slave name servers record. If your primary name server went down, your slave wouldn't have the right data in the zone file.
Dave
With cable modems and some RBOCS there is that restriction, but with most CLECs, like Covad, you can indeed get an SDSL (or other DSL) and host your own servers.
Part of the problem is when your telco bundles the DSL with ISP services, they can't handle it. What you have to do, is get your DSL as a curcuit only, then sign up with an ISP that will allow hosted servers. You can't do that in every city, but you can in several.
Even with my USWorst DSL at home, I'm able to host servers, because our upstream provides the pipes on the other side of the DSLAM. I have a 2GB/month limit imposed by the ISP, and only a single IP address, but I'm able to purchase more of either, if I desire.
In this case, it's just like a regular data curcuit, where the telco provides the curcuit, and the ISP determines the extent of the usage.
Dave
The way the case is being portrayed by the MPAA, is that without DeCSS, piracy can't exist. That's a pretty big leap in logic. Right now, if I choose, I could copy as many DVDs as I want, not a problem, no DeCSS involved, all bit for bit copies. All able to be played back on ANY DVD player.
When you think about it from a commercial standpoint, who will pirates sell the copied DVDs to? Well, people that own DVD players, of course. Since the players will play back ANY bit for bit DVD, the example of the debit card is dubious, at best.
The MPAA presents a strawman argument. Reverse engineering for interoperability is indeed legal under the Digital Millenium Copyright Act. That's what this is, nothing more, nothing less.
Yes, there has been a significant investment in technology regarding DVD. It's a fallacy to believe that breaking the encryption technology will lead to more pirating, because the encryption technology DOES NOT prevent pirated copies, in and of itself. You need the access control mechanism, which anyone that owns a DVD already has. The pirate market for mass produced DVD copies is home theater and people that already own a DVD player, not Linux geeks.
Think about it, as a mass market pirate why would one target people that don't own DVD players? You wouldn't, no more than software piracy appeals to people that don't own computers. CSS does not protect against copies made by or for those with DVD players, which is the bulk of the potential pirate audience.
It's not about freedom, but it's not about piracy, either. Some of it is possibly due to the embarassment factor due to the fairly weak and easily broken encryption scheme. If anyone should be sued by the MPAA and studios, it should be Mitsubishi for selling it to them in the first place. Caveat Emptor...
Dave
In case you haven't noticed, the encryption DOES NOT prevent pirate copies. I can make thousands of bit for bit DVD copies without any reference, using, or even thinking about encryption.
What is does do, is allow me to play DVDs (I legally own more than 50 DVD) on hardware like a Sun or Linux box. The encryption only prevents playback on certain hardware, it does not prevent piracy.
Dave
If @Home users are using servers that aren't properly configured, for example one has a Linux box (or whatever OS) with the newsserver not filtering which posts to propagate, it is able to be used by a spammer as a "pass through" gateway to the main @Home newsservers.
The same thing IS possible for using someone else's sendmail to relay mail if they don't disallow replying.
This particular case, however, is only related to USENET.
The @Home response to the UDP reminds me of the movie "Cousin Vinnie", where Vinnie looks at the judge and says "Oh, you were serious about that?..."
Dave
While I agree with what you are saying, unfortunately it doesn't work that way at some low budget hosts. Many don't allow shell access, or the ability to run even a simple cron job to tar the site. The best many can do is to ftp the complete site every time there is a change, or data is added.
Data from customer databases is another issue. With most of these CSP type e commerce accounts, you have no access to the data, except via the browser front end. That means no backups, no queries other than the ones built into the app.
You get what you pay for, and anyone that is trying to run even a small business on a 20 dollar a month e commerce account has to realize that there may be some problems. We started co locating a year ago after our host was purchased by Verio, who then went on to destroy the level of service to which we had become accustomed. My only question now is, why didn't I start hosting my own servers, sooner.
Dave
Most of the web hosts I've seen offered up as alternatives want over $100 a month for the same features I get for $28 at cihost.
Well.....you get what you pay for. We decided last year to move most of our Internet services to our own servers, co located in the data center of well known ISPs.
Dave
He was refering to the International Date Line, which is in the Pacific Ocean. From there, "it" will pass west through Asia, Europe, and finally, the Americas. Just like every morning.........
Dave
Simply changing the zone files from the previous name server won't do the trick. One must register the new name server as a host, then modify the domains to include the new hosts info. In order for the change to be real, you HAVE to do the paperwork. There is no way around it, that is how the system works.
Dave
That was the RTM, or release to manufacturing. It won't be available to the general public until Feb. Only MSDN wonks such as us will get it before then.
Dave
Netcraft requires that one purchase the SSL report, to the tune of about US$2000 a year.
Having seen said report, IIS commands a lead of about twice the nearest competitor. There is a sample report at Netcraft.
Dave
Checking mail under Win, *nix or Mac isn't hard with a mail client. God knows there are SEVERAL!! It's got nothing to do with telnet or IP addresses.
Get some facts before you spout.........
Dave
It won't be available to the public until Feb.
Dave
NT doesn't get owned, it just gets crashed.
That's not true at all. There have been several documented incidents of compromised NT servers. BO2k is just a small example.
Dave
He will be able to understand the totally point and click/wizard environment of Windows NT.
Concepts of secure networks and computers span far beyond the graphic interface of a "wizard". An administrator has to be able to know what to do, and what might be ramifications of particular choices. It's about knowledge of systems security, not point and click.
Dave
But Windows NT was designed with the network in mind.
But there are several shortcomings to NT in this regard. The most prevelent, is the fact that ANY user can execute code to potentially damage the system. That's the primary reason that viri and trojans such as Melissa are able to be readily spread among users.
If one were to look at the initial C2 rating afforded to NT, it was rated when it was NOT connected to the network. Pretty poor for what at the time was bragged by MS to be the most secure, capable NOS.
FWIW, the majority of corp desktops (according to IDG) are running Win 9x of some sort, not NT. As such, they don't have the granularity of permissions that NT offers with NTFS.
I'll leave the NT domain structure and lack of directory services for another time. Those are issues of poor design, and not necessarily related to security.
Linux isn't perfect, either, no OS is. But the security and flexibility of NT is often overstated by MS, when compared to other NOS'es.
Dave
How does asking a child in the street have anything to do with the GPL?
If you are going to argue about the restrictions of the GPL, then do so. Equating what you feel wrong with the GPL to asking children what they preceive a word to mean, is meaningless.
By your interpretation and comments here, it doesn't seem as though you have even read the GPL.
Dave
For users of GPL licensed software, there are NO restrictions. (except for the dev tools) The few restrictions (compared to closed source software) invoked in the GPL are for the redistribution and modifications to the source.
Instead of debating semantics over the definition of the word "free", why don't you enlighten all us old guys as to the specific problems with the terms of the GPL. According to my copy of the OED, there are 17 definitions for the word "free".
Dave
etoy content is protected in the US as free speech.
etoys does not own the domain name, that's owned by NSI. As such, etoys can't trademark the domain name, so the requirement to defend the mark is moot. Besides, the etoy use predates the toy seller by two years.
I'd be more inclinded to judge a company or a person by their actions, rather than the type of server software they use. The "sharp fanged lawyers" are controlled by the CEO and/or Board of the company. Generally, they do not operate autonomously, particularly in matters of this scope.
Dave
Cher's new boyfriend is Bruce Perens........
Dave
The point of the excercise was that the USERS ask the questions, not the editors.
To me, the entire episode shows me that Vranesevich is mearly an immature young man, with poor social skills and a propensity to mislead or exagerate certain facts and statements.
Dave
Until a few months ago, it was standard talk coming from MS that the Win9x and NT products would merge. It's only because the scale of joining the two is so great, that they haven't yet.
Dave
You only have the freedom to patch or extend that software, if you have the ability to write the code. Having source code is one thing. Actually being able to do something with it is another.
Dave
We've narrowed it down to a few options, in order of preference.....except for Zope, they are all operating on a testing system, still behind the firewall. Zope will go up in the next few hours (if I can get it to run on the RaQ2.... =:-0 )
1)Zope based Squishdot/Confra/Zthreads type solution. Probably the best bet for the future. If I get stuck, I can hire DC to help. Anyone that might disagree, I'd love to hear your opinion. Downside, I don't know Python....but that will change. Time for another visit to Fatbrain.......
2)Bazaar, rewriten from GPL W3T. Still largely alpha. Has a long way to go, and a limited development community. If I were a better coder (or even could be considered a coder), this might make more sense.
3)RPGBoard. Best of the non data base perl scripts, without a doubt. Fast, well documented, good feature set. I could deploy in just a few hours, and have a robust working site. Downside, I'd perfer something with a more broad developer base, extensable in a more modular fashion.(though SineSweeper seems like a cool guy)On the plus side, depending on how well Zope and Bazaar do in the next few weeks of testing, RPG may very well get the nod. It's mature, and stable with solid performance. Though might not be the best long term solution, it works well, right now.
Out of the running.......
Slash....poorly documented, not updated in a timely fashion, and it looks like there might be a fork coming. This is a caveat of Open Source where the community is more into public development than the maintainers. Attitudes from the maintainer (that would be Taco) such as "everytime someone asks about the next release, I delay it another day", speak volumes. I wish the forkers much luck, though I'd be inclined to use a Zope based solution for this type of thing. Instead of forking something that the maintainer isn't really interested in, a better use of energy would be to devote it to another project.....like Zope.
W3T....Scream seems like a cool guy, but the performance is anything but fast. I applaud the work he has done, but based on the comments of others here, and some DBAs I know, W3T code is still too bloated and not optimized, causing performance issues on busy sites. Maybe now that it's commercial, some of these issues can be addressed.
Thanks again, you've all been a big help.
Dave