I've suffered through 7 years of waiting for something to come from the cable company.. through 3 different owners not investing in the infrastructure, until finally Comcast comes along and even installed me before they were taking orders.. and this happens four weeks later.
This has been a horrible, bastardly tease, but at least it only cost me $54 for setup and one month. Good thing I never removed the modem from my perimeter firewall. Time to reinstall Diald.. dammit.
Yes, or you could replace both of them with webdav.
I just spent a week playing with WebDAV, investigating it as a possible solution for a customer looking for secure Internet file access. Anyone please correct me if my findings are incorrect.
For the unitiated, WebDAV is the protocol name for the "web folders" feature of IE5.5 and up. I ran it as an Apache module. It was incredibly easy to setup. HOWEVER.. Under WinNT, you can only copy files to and from the web folder, not open or edit them directly. With Win2k and up you can open and edit files directly in the web folder without needing to transfer them to your local PC first, which is much nicer.
The reason I wouldn't recommend it for my customer is that AFAICT the reads and writes on the server side are done with the user and group that the web server runs as. While it does indeed support ACL's, the ACL's are just for the web server protecting the file space in general, and do not maintain the uid/gid of the web-authenticated user down to the file level. It would be sufficient for providing a "common" drive for all the authorized users with no file-level ACL's. You would need to create a new VirtualHost for each file area that needs its own ACL (think home directories).
Imagine 100 users. That would require 100 VirtualHost blocks with independent htaccess files and at the filesystem level, every file and every directory would still be owned by the web server! Not exactly a suitable solution for a client to implent his own in-house version of WebDrive.
In addition, I repeatedly experienced "this operation could not be completed due to an unexpected error" in Windows NT when trying to traverse certain directories of MP3's. If it doesn't work for me in certain situations, it would be disastrous for the customer looking for a "highly available" solution. More like "barely available". I can't architect a solution around something like that.
Having said that, I would love to see a major web archive like ibiblio.org set this up for easy file browsing and access. That would also give the WebDAV team an enormous amount of feedback from a single site, and hopefully iron out more of the issues that keep this unsuitable as an enterprise-class solution.
The quickest way to secure a box is to run a firewall script. Even though its a script for building ipchains-based firewalls, I still use PMFirewall on all the boxes I want to tighten.
It wants to have two interfaces, an external one and an internal one. On boxes with only one NIC, I specify the LAN-connected interface as the external one, and loopback as the internal one.
Just today someone at work emailed those of us on some Linux contact list, asking for suggestions from us on how we secure wu-ftpd. I replied that it's a lost cause. For authenticated ftp, I do scp now, even with Windows clients, and for unauthenticated ftp, I just do http. Its an easier workload for the system and its much easier to cluster for higher availability.
I have too much of a migraine to look this up right now, but there's a special coax designed for 802.11. It has holes in the shielding. Yes, it's true that there's definitely signal loss over distance down the copper, but this stuff is designed for wireless-enabling hallways and rooms separated by concrete, such as classrooms.
You can run this stuff all along the walkways and gutters of buildings to fill in most of the dead spots in the open areas.
There's no way that Disney wouldn't take network security VERY seriously for this project. Although it does make me a bit nervous they placed so much emphasis on the 128-bit encryption.
I tcpdumped about 10 megs of data snarfed from the most wirelessly connected university in America, and besides broadcast queries for NT servers and floods of IPX SAP frames coming from network printers, the *only* packet of interest I got was the output of a finger some guy ran against his own OpenBSD box on campus. And I later found plenty of security-related posts from this guy on usenet, too. How's that for irony?
I went home and reviewed web pages describing their security infrastructure due to the weakness of 802.11b, and it was very intense. Beyond Kerberos. If Disney's doing this specifically to mobilize credit card readers, I've gotta say that wireless has been weakened long enough for them to not have any excuse to do it right.
Not to mention, with IBM's Tomorrow World being such a big hit in Epcot (and Disney closing DIG, their Internet venture), I'm SURE we had something to do with their planning and deployment. And I totally agree with the others who have said that enabling wireless PDA's such as line checking, maps, and restaurant reservations.
Don't bother taking it offline, just set up your web server so it only responds to the google indexing server. Cache stays up all the time, but no one else can (easily) see that you are serving it.
Oooh.. that's a particularly good one.. kinda like getting high-bandwidth web service FOC, if you build your site URLs to ride along the google cache instead of your own... (gears cranking)..
The more people get milked, the more they consider their alternatives
+1, perfect quote.
I started planting the seeds of doubt with my uncle. He recently sold a tax prep biz which required windows. Now he just surfs and emails. I explained to him how much he should really be spending for his MS software on each PC. He got sircam this year and started emailing out files from his tax directory (not customer's returns that I could tell, thank god) and he left his pc off for weeks until he could be sure it was cleaned.
I wrapped up the cleanup session with, "now think about how much MS expected you to PAY for this kind of software!" I said, "you let me know when you're really done with your tax work, and I'll load up some much safer software for you to use." I suppose I could dual-boot him and tell him to boot to Windows only to do taxes, but I'd have to see how well he takes to that.
Re:Microsoft can't be to happy about this...
on
XBox Netplay Already
·
· Score: 5, Informative
don't you think that it might be a good thing for them, since if it becomes this open, then more people will buy them
I think you've read enough replies to your post, but I wanted to add this. I saw the Microsoft "CXO" being interviewed on CBNC, and Mark Haines *grilled* him about, "how do you expect to make any money if you're losing big bucks on every single unit?" The CXO replied that the unit ships ready for broadband access, and they plan make all their money selling online services.
I say be prepared for MSFT to attack anything and everything threatening their main source of income. They're banking on it.
I get tech books from work, so now my family has tried some non-tech books on me.
I can really use some 1U rackmount cases. Not full servers, just cases. I have a RaQ-4 and love their case. With integrated audio, one of those with the built-in LCD panel and navigator would be great for an MP3 player to add to a component stereo system.
Bought mine on the employee purchase website at IBM. 8MB module for $21 just to play with it. Comes with a 98 driver disk. Didn't work under Win2k or Linux but I didn't build a new kernel to support it yet. Bought one for my friend, too, and it worked out of the box on his XP laptop. I think they go up to 128MB now, with 256MB and 512MB modules coming next year. Half a gig on your keychain.
I plan to keep mission critical documentation for my assignments and my GnuPG secret key on it. It is definitely cool. And the IBM logo on it goes so well with my Pentium keychain.
Re:A/V R/C Helicopter w/ long range capabilities
on
Geek Gift Ideas 2001
·
· Score: 2
I've often wondered if a PIC controller could be hacked up to maintain controlled flight of a helo. GPS will provide position, altitude, and direction. Then, using APRS and amateur radio you (could) fly over the horizon by sending "fly to these coordinates" commands. The tough part would be getting the video back over the horizon, unless you run a 1.2GHz transmitter into an ATV repeater.
hell, I just want the damn Debian ISO building script to actually *work*!! I can never get that #@#@! script to work with the mirror sites. The sites never seem to have the doc directory and the script pukes. My employer publishes RPMs but I was willing to check out Debian until I actually gave it a shot.
I've been watching 2 Drew Carey episodes a day (3 on Wednesdays!) for about a year until recently my local WB affiliate switched to just one old rerun a day. Bastards! Anyway, the gang runs a caffeinated beer brewery out of his garage -- Buzz Beer. I should remember the slogan..
something about staying up long enough to get drunk all over again. Awesome show.
A smart, fascist system administrator would block out ALL outgoing ports cept for http and maybe ftp, so your proxy trick doesnt go around all firewalls
You can setup an ssh listener on any port. Even the most anal organizations with allowed Internet access leave 80 (http) and 443 (https) open outbound.
If you want to host a web page at home, host it on 80 and set up an ssh listener on 443. That's also how to defeat the AOL IM block. They have listeners on almost every dad-gum port. 21, 23, 25, 80, 443, whatever. The login box isn't serving up any other services, so ALL the well-known ports can be routed to the authentication service. If you can get out on even ONE port, chances are they'll let you in on that port.
The only large organization I've heard of that does application proxying is AT&T. Man are they bandwidth *nazis*. The shell box my friend and I use have an ssh listener on 443, and AT&T actually manages to block his ssh outbound connections on 443. Occasionally they open 22, but its closed most of the time.
Hey everyone, check out this Redbook, published by IBM. I've loved their Redbooks for years, and now that I work for IBM e-business, I've been asked to study this guide before I start deploying HPC clusters.
Competitor implies that they're working towards a common goal, just using different methods
But isn't that exactly the case? MS just doesn't actually say their goal is world domination. Both camps are "working towards the same common goal, just using different methods".
How much worse is that than the load on the root.com servers?
The world root servers only have to return an IP of another DNS server that's responsible for performing the actual lookup of the final record.
All the individual ".com" DNS servers only have to perform lookups into typically one to ten domains. Imagine a domain like yahoo.com. They get, what, 20 to 100 million hits a day? For most of those hits, the world root servers only need to return the 10 or so IP addresses of the DNS servers that know more about yahoo.com. You can't possibly say that the world root servers already do most of the work resolving every lookup into yahoo.com. View the html source of a Yahoo page and you'll be blown away by how many different yahoo servers come into play when rendering your page.
Try managing your own DNS and you'll understand more how it works.
Considering that probably 85-90% of the traffic is for.com, we effectively already have that world.
The world root servers only have to return an IP of another DNS server that's responsible for performing the actual lookup of the final record.
All the individual ".com" DNS servers only have to perform lookups into typically one to ten domains. Imagine a domain like yahoo.com. They get, what, 20 to 100 million hits a day? For most of those hits, the world root servers only need to return the 10 or so IP addresses of the DNS servers that know more about yahoo.com. You can't possibly say that the world root servers already do most of the work resolving every lookup into yahoo.com. View the html source of a Yahoo page and you'll be blown away by how many different yahoo servers come into play when rendering your page.
Try managing your own DNS and you'll understand more how it works.
I'm hoping by this comment that you're not the same user who's Ask Slashdot just got posted, asking how to become a UNIX admin, cuz this ain't it. It's funny that you should pick that exact number too, because a close friend of mine was shifting disks around in his systems yesterday. At some point he lost track of exactly which hard drive was connected to which ribbon and which IDE port that ribbon was connected to. He ended up running a fresh install of RH7.2 over the 30GB hard drive to which he had "backed up" everything he has collected over the last five years. He called me saying he felt like he was going to throw up.
I say "backed up" because, as an enterprise systems architect, I don't believe anything is a backup unless it takes at least a little effort to destroy the data. You can't throw a write protect tab on a hard drive. When I traded a P75 system for a 10GB hard drive with the friend above, he gave it to me with over 5GB's of his stuff on it. I backed it up to tape with Amanda, and write-protected the tape. I never thought *he* would need me to restore his data off my tape.
Maybe now I can get my hands on one of these using my employee discount;) Imagine a pair of these hacked into supporting VPN endpoints? Or hardware-assisted GnuPG?
If having physical access to the card is a prereq to cracking it, I'm not too worried about my mother-in-law coming by while I'm at work. Now, the black van down the street that never seems to move.. that's a different story..
I think FreeBSD had broken the petabyte limit years ago.
I could be wrong, but I think the article said FreeBSD broke the petabyte limit by going to 18 petabytes on October 6. Just a month ago. A few more addressable bits, and Linux can now do 144. Still way short of the, what, 8 exobytes NTFS can handle?
I also think an article about anything supporting a petabyte FILE SIZE, let alone partition size does not warrant over 200 comments! At least the pine/mutt and vi/emacs/pico wars are discussing actually USING something!
I know I'll see petabyte arrays during my career, but arrays of 1 petabyte drives? I doubt it. Imagine the time to rebuild a DDD 1 petabyte drive. Discussing the writing of a 144 petabyte file in 2001 is the worst pissing contest I've seen to date.
We *definitely* have more important stuff to address first. And I've been on the other side of that argument before.
Slashdot Mirror
I've suffered through 7 years of waiting for something to come from the cable company.. through 3 different owners not investing in the infrastructure, until finally Comcast comes along and even installed me before they were taking orders.. and this happens four weeks later.
This has been a horrible, bastardly tease, but at least it only cost me $54 for setup and one month. Good thing I never removed the modem from my perimeter firewall. Time to reinstall Diald.. dammit.
Yes, or you could replace both of them with webdav.
I just spent a week playing with WebDAV, investigating it as a possible solution for a customer looking for secure Internet file access. Anyone please correct me if my findings are incorrect.
For the unitiated, WebDAV is the protocol name for the "web folders" feature of IE5.5 and up. I ran it as an Apache module. It was incredibly easy to setup. HOWEVER.. Under WinNT, you can only copy files to and from the web folder, not open or edit them directly. With Win2k and up you can open and edit files directly in the web folder without needing to transfer them to your local PC first, which is much nicer.
The reason I wouldn't recommend it for my customer is that AFAICT the reads and writes on the server side are done with the user and group that the web server runs as. While it does indeed support ACL's, the ACL's are just for the web server protecting the file space in general, and do not maintain the uid/gid of the web-authenticated user down to the file level. It would be sufficient for providing a "common" drive for all the authorized users with no file-level ACL's. You would need to create a new VirtualHost for each file area that needs its own ACL (think home directories).
Imagine 100 users. That would require 100 VirtualHost blocks with independent htaccess files and at the filesystem level, every file and every directory would still be owned by the web server! Not exactly a suitable solution for a client to implent his own in-house version of WebDrive.
In addition, I repeatedly experienced "this operation could not be completed due to an unexpected error" in Windows NT when trying to traverse certain directories of MP3's. If it doesn't work for me in certain situations, it would be disastrous for the customer looking for a "highly available" solution. More like "barely available". I can't architect a solution around something like that.
Having said that, I would love to see a major web archive like ibiblio.org set this up for easy file browsing and access. That would also give the WebDAV team an enormous amount of feedback from a single site, and hopefully iron out more of the issues that keep this unsuitable as an enterprise-class solution.
The quickest way to secure a box is to run a firewall script. Even though its a script for building ipchains-based firewalls, I still use PMFirewall on all the boxes I want to tighten.
It wants to have two interfaces, an external one and an internal one. On boxes with only one NIC, I specify the LAN-connected interface as the external one, and loopback as the internal one.
Just today someone at work emailed those of us on some Linux contact list, asking for suggestions from us on how we secure wu-ftpd. I replied that it's a lost cause. For authenticated ftp, I do scp now, even with Windows clients, and for unauthenticated ftp, I just do http. Its an easier workload for the system and its much easier to cluster for higher availability.
:-/
Then this comes out. I hope he got my email.
I have too much of a migraine to look this up right now, but there's a special coax designed for 802.11. It has holes in the shielding. Yes, it's true that there's definitely signal loss over distance down the copper, but this stuff is designed for wireless-enabling hallways and rooms separated by concrete, such as classrooms.
You can run this stuff all along the walkways and gutters of buildings to fill in most of the dead spots in the open areas.
There's no way that Disney wouldn't take network security VERY seriously for this project. Although it does make me a bit nervous they placed so much emphasis on the 128-bit encryption.
I tcpdumped about 10 megs of data snarfed from the most wirelessly connected university in America, and besides broadcast queries for NT servers and floods of IPX SAP frames coming from network printers, the *only* packet of interest I got was the output of a finger some guy ran against his own OpenBSD box on campus. And I later found plenty of security-related posts from this guy on usenet, too. How's that for irony?
I went home and reviewed web pages describing their security infrastructure due to the weakness of 802.11b, and it was very intense. Beyond Kerberos. If Disney's doing this specifically to mobilize credit card readers, I've gotta say that wireless has been weakened long enough for them to not have any excuse to do it right.
Not to mention, with IBM's Tomorrow World being such a big hit in Epcot (and Disney closing DIG, their Internet venture), I'm SURE we had something to do with their planning and deployment. And I totally agree with the others who have said that enabling wireless PDA's such as line checking, maps, and restaurant reservations.
Don't bother taking it offline, just set up your web server so it only responds to the google indexing server. Cache stays up all the time, but no one else can (easily) see that you are serving it.
Oooh.. that's a particularly good one.. kinda like getting high-bandwidth web service FOC, if you build your site URLs to ride along the google cache instead of your own... (gears cranking)..
The more people get milked, the more they consider their alternatives
+1, perfect quote.
I started planting the seeds of doubt with my uncle. He recently sold a tax prep biz which required windows. Now he just surfs and emails. I explained to him how much he should really be spending for his MS software on each PC. He got sircam this year and started emailing out files from his tax directory (not customer's returns that I could tell, thank god) and he left his pc off for weeks until he could be sure it was cleaned.
I wrapped up the cleanup session with, "now think about how much MS expected you to PAY for this kind of software!" I said, "you let me know when you're really done with your tax work, and I'll load up some much safer software for you to use." I suppose I could dual-boot him and tell him to boot to Windows only to do taxes, but I'd have to see how well he takes to that.
don't you think that it might be a good thing for them, since if it becomes this open, then more people will buy them
I think you've read enough replies to your post, but I wanted to add this. I saw the Microsoft "CXO" being interviewed on CBNC, and Mark Haines *grilled* him about, "how do you expect to make any money if you're losing big bucks on every single unit?" The CXO replied that the unit ships ready for broadband access, and they plan make all their money selling online services.
I say be prepared for MSFT to attack anything and everything threatening their main source of income. They're banking on it.
I get tech books from work, so now my family has tried some non-tech books on me.
I can really use some 1U rackmount cases. Not full servers, just cases. I have a RaQ-4 and love their case. With integrated audio, one of those with the built-in LCD panel and navigator would be great for an MP3 player to add to a component stereo system.
Bought mine on the employee purchase website at IBM. 8MB module for $21 just to play with it. Comes with a 98 driver disk. Didn't work under Win2k or Linux but I didn't build a new kernel to support it yet. Bought one for my friend, too, and it worked out of the box on his XP laptop. I think they go up to 128MB now, with 256MB and 512MB modules coming next year. Half a gig on your keychain.
I plan to keep mission critical documentation for my assignments and my GnuPG secret key on it. It is definitely cool. And the IBM logo on it goes so well with my Pentium keychain.
I've often wondered if a PIC controller could be hacked up to maintain controlled flight of a helo. GPS will provide position, altitude, and direction. Then, using APRS and amateur radio you (could) fly over the horizon by sending "fly to these coordinates" commands. The tough part would be getting the video back over the horizon, unless you run a 1.2GHz transmitter into an ATV repeater.
and for Debian woody to go stable
hell, I just want the damn Debian ISO building script to actually *work*!! I can never get that #@#@! script to work with the mirror sites. The sites never seem to have the doc directory and the script pukes. My employer publishes RPMs but I was willing to check out Debian until I actually gave it a shot.
I've been watching 2 Drew Carey episodes a day (3 on Wednesdays!) for about a year until recently my local WB affiliate switched to just one old rerun a day. Bastards! Anyway, the gang runs a caffeinated beer brewery out of his garage -- Buzz Beer. I should remember the slogan..
something about staying up long enough to get drunk all over again. Awesome show.
Why would they want that when they can have me instead? E-mail me [mailto] and save $6000, that's already a point in my favor!
I think its hysterical that this guy's handle is "control freak"!!
A smart, fascist system administrator would block out ALL outgoing ports cept for http and maybe ftp, so your proxy trick doesnt go around all firewalls
You can setup an ssh listener on any port. Even the most anal organizations with allowed Internet access leave 80 (http) and 443 (https) open outbound.
If you want to host a web page at home, host it on 80 and set up an ssh listener on 443. That's also how to defeat the AOL IM block. They have listeners on almost every dad-gum port. 21, 23, 25, 80, 443, whatever. The login box isn't serving up any other services, so ALL the well-known ports can be routed to the authentication service. If you can get out on even ONE port, chances are they'll let you in on that port.
The only large organization I've heard of that does application proxying is AT&T. Man are they bandwidth *nazis*. The shell box my friend and I use have an ssh listener on 443, and AT&T actually manages to block his ssh outbound connections on 443. Occasionally they open 22, but its closed most of the time.
Hey everyone, check out this Redbook, published by IBM. I've loved their Redbooks for years, and now that I work for IBM e-business, I've been asked to study this guide before I start deploying HPC clusters.
Competitor implies that they're working towards a common goal, just using different methods
But isn't that exactly the case? MS just doesn't actually say their goal is world domination. Both camps are "working towards the same common goal, just using different methods".
IBM has a mature Beowulf program. I am being groomed to join the people deploying in the northeast. Check out this Redbook:
Linux HPC Clusters
How much worse is that than the load on the root .com servers?
The world root servers only have to return an IP of another DNS server that's responsible for performing the actual lookup of the final record.
All the individual ".com" DNS servers only have to perform lookups into typically one to ten domains. Imagine a domain like yahoo.com. They get, what, 20 to 100 million hits a day? For most of those hits, the world root servers only need to return the 10 or so IP addresses of the DNS servers that know more about yahoo.com. You can't possibly say that the world root servers already do most of the work resolving every lookup into yahoo.com. View the html source of a Yahoo page and you'll be blown away by how many different yahoo servers come into play when rendering your page.
Try managing your own DNS and you'll understand more how it works.
Considering that probably 85-90% of the traffic is for .com, we effectively already have that world.
The world root servers only have to return an IP of another DNS server that's responsible for performing the actual lookup of the final record.
All the individual ".com" DNS servers only have to perform lookups into typically one to ten domains. Imagine a domain like yahoo.com. They get, what, 20 to 100 million hits a day? For most of those hits, the world root servers only need to return the 10 or so IP addresses of the DNS servers that know more about yahoo.com. You can't possibly say that the world root servers already do most of the work resolving every lookup into yahoo.com. View the html source of a Yahoo page and you'll be blown away by how many different yahoo servers come into play when rendering your page.
Try managing your own DNS and you'll understand more how it works.
no more backup of 30G of data
I'm hoping by this comment that you're not the same user who's Ask Slashdot just got posted, asking how to become a UNIX admin, cuz this ain't it. It's funny that you should pick that exact number too, because a close friend of mine was shifting disks around in his systems yesterday. At some point he lost track of exactly which hard drive was connected to which ribbon and which IDE port that ribbon was connected to. He ended up running a fresh install of RH7.2 over the 30GB hard drive to which he had "backed up" everything he has collected over the last five years. He called me saying he felt like he was going to throw up.
I say "backed up" because, as an enterprise systems architect, I don't believe anything is a backup unless it takes at least a little effort to destroy the data. You can't throw a write protect tab on a hard drive. When I traded a P75 system for a 10GB hard drive with the friend above, he gave it to me with over 5GB's of his stuff on it. I backed it up to tape with Amanda, and write-protected the tape. I never thought *he* would need me to restore his data off my tape.
Maybe now I can get my hands on one of these using my employee discount ;) Imagine a pair of these hacked into supporting VPN endpoints? Or hardware-assisted GnuPG?
If having physical access to the card is a prereq to cracking it, I'm not too worried about my mother-in-law coming by while I'm at work. Now, the black van down the street that never seems to move.. that's a different story..
anybody could register any TLD that they like, but nobody could own it or restrict the second-level domains that are attached to it.
I'm sure you realize that would totally break DNS. Just imagine the load on the world root servers if they couldn't delegate down? Yeesh..
I think FreeBSD had broken the petabyte limit years ago.
I could be wrong, but I think the article said FreeBSD broke the petabyte limit by going to 18 petabytes on October 6. Just a month ago. A few more addressable bits, and Linux can now do 144. Still way short of the, what, 8 exobytes NTFS can handle?
I also think an article about anything supporting a petabyte FILE SIZE, let alone partition size does not warrant over 200 comments! At least the pine/mutt and vi/emacs/pico wars are discussing actually USING something!
I know I'll see petabyte arrays during my career, but arrays of 1 petabyte drives? I doubt it. Imagine the time to rebuild a DDD 1 petabyte drive. Discussing the writing of a 144 petabyte file in 2001 is the worst pissing contest I've seen to date.
We *definitely* have more important stuff to address first. And I've been on the other side of that argument before.