Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
Please try to keep posts on topic. Try to reply to other people comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Problems regarding accounts or comment posting should be sent to CowboyNeal.
I just heard some sad news on talk radio - Slashdpt's favorite troll The Page Widening Post was found dead this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss it - even if you didn't enjoy its work, there's no denying its contributions to popular culture. Truly an American icon.
.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't.have.enough.charaters.per.line.that.really.sucks.when.that.happens.and.you.have.to.put.some.lame.lameness.filter.defeater.text.in.there.i.wonder.how.many.people.will.read.this.whole.comment.I.certainly.hope.it.doesnt.annoy.too.many.people.This.is.just.the.beginning.because.PAGE.WIDENING.IS.BACK.I.like.wide.pages.I.wish.all.pages.could.be.as.wide.as.this.dont.you.wide.pages.are.much.cooler.than.those.narrow.pages.you.are.used.to.reading.because.you.dont.have.to.worry.about.the.lameness.filter.telling.you.that.you.don't
-- - Marco
Sharetwitterfacebooklinkedin
What's complicated about FreeSWAN?
(Score:4, Interesting)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @03:39AM (#3077660)
They have excellent documentation and they keep the documentation trees for older versions online. Installation is as complicated as running a skript and installing the recompiled kernel, if even that. I guess it never hurts to have more documentation, but saying that IPSec is "a difficult beast to ride" produces more awe than necessary.
Sharetwitterfacebooklinkedin
Well, a LOT. Not if you're deeply involved technically in the project, but if you back out and take the perspective of someone who's never used a VPN, plenty.
A lot of people don't even think about the fact that there's a separate protocol field in IP, or that people run any IP protocol but UDP or TCP. Getting 50/51 through your existing firmware firewall can be a real trick. FreeSWAN requires you to be able have the GNU Multi-Precision library installed for the crypto calculations before you compile it. Unless your distro can with FreeSWAN, you have to recompile your kernel with modifications.
And, like many tools, there's no single graphical GUI; unlike SAMBA's excellent SWAT, there's nothing to lead you to ipsec.conf or ipsec.secrets. There's a LOT of reading to be done.
Ok, so, for you or me, it's easy. Maybe a day of reading tops. But compare that to the commercial world where an application must install and be configured from a GUI in a few hours, and FreeSWAN is... nearly a toy. It's unusable in a business environment. As soon as you say "compile", a CTO is going to turn down your volume.
It's cool, but don't call it uncomplicated. That's part of it's coolness (-;
Re:What's complicated about FreeSWAN?
(Score:3, Insightful)
by smcavoy( 114157 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:30AM (#3077979)
I use Freeswan in a production environment. I have Embedded Linux routers using freeswan connecting to Linux boxes. They VPNs are relatively simple, 2 outgoing connections to central systems. I did find there was a large learning curve at the beginning, but now it takes 5 min to setup a new vpn tunnel. The systems have been extremely reliable. I've never had a problem (other than net congestion) with keeping the tunnels up. A lot of the tunnels have 80+ days of uptime. As for compiling, most modern distros include IPSec (trustix, mandrake, etc.) or there are options like Astaro. Having a CTO "turn down your volume" based on the fact that you have to compile software, doesn't say anything about the quality or reliability of the software, that's a personal decision by CTO not to use OSS. I do agree it's not point and click, and that would be nice, but to say it's unusable in a business environment is just untrue. It's not pretty but it works, and works well.
ParentSharetwitterfacebooklinkedin
Re:What's complicated about FreeSWAN?
(Score:0)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @04:54AM (#3078169)
How right you are. As a system admin that has always used windows or dos. I am tring to change. I want to start using some Linux servers here, but one of the things that I want to use is free/swan. It does seem great, but as a 1 person IT department I have not found the time that I need to read and understand the documentation on swan. Do I want a GUI Heck yes. Do I still want access to the.conf file Heck yes. These problems are around a lot in the Linux community. The people that have always used linux do see it as hard and some dont want us new people to whine because it is not "dumb down", but on the other hand they want all of us to switch to it. I dont want to do away with the command line at all. I love it for a lot of what I do, but when I want to make changes or try out some new tools I dont want to have to spend 1-2 days reading ALL the docs just to know where to start. Just my 2 cents. Let the flames begin!!!!
ParentSharetwitterfacebooklinkedin
one of the things that I want to use is free/swan. It does seem great, but as a 1 person IT department I have not found the time that I need to read and understand the documentation on swan. Do I want a GUI Heck yes.
With security software in general, and VPN software in particular, that's a very, very dangerous attitude: a GUI may fool you into thinking that you understand what's going on when in reality you haven't a clue. With most software, that's not an issue, but with security software, that can compromise the very goal you're trying to achieve.
I dont want to do away with the command line at all. I love it for a lot of what I do, but when I want to make changes or try out some new tools I dont want to have to spend 1-2 days reading ALL the docs just to know where to start.
How many days do you want to spend cleaning up after a security incident that occurred because the GUI let you get away without spending two days reading documentation? How much time will you save in the long run if every time you save two days reading documentation you spend three days cleaning up?
(We lose money on every item --- but we make it up in volume!)
First of all, a GUI interface, if it is well-designed, can provide every bit as much control over the underlying security behavior of a firewall as any command-line interface. Furthermore, a GUI allows an administrator to spend less time trying to deal with syntax, etc., and more time on building a ruleset that is secure.
Someone who has done the reading and understands how firewalls and VPN's work will appreciate a GUI because of this.
For those who don't fully understand how firewalls and VPN's work, a GUI at least provides a reasonable learning environment and early attempts at a ruleset will probably more secure anyhow.:)
I would disagree with you about the usefulness of a GUI to implement VPN's or firewalls.
I never said a GUI wasn't useful to implement VPNs. Just that it was dangerous to implement them without reading the documentation, a problem that a GUI makes worse only because it tricks people into thinking they can get away without it.
IANACLB
(Score:4, Interesting)
by hey!( 33014 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:21AM (#3078804)
HomepageJournal
IANACLB (I Am Not a Command Line Bigot), but doing better than a CLI interface in an area like this is a tall order. It's not something you can just slap onto the product in a few days (as most VPN box configuration GUIs I've seen appear to be).
The problem with the GUI interfaces I have seen is that they really don't give you any effective conceptual support. You have to figure out the topology and requirements of your network, then you do this bit of intellectual gymnastics that turns these global requirements and properties into settings for each individual box, THEN you sit down at your GUI. At that stage, the GUI can have very little benefit, since you are talking about a half dozen relatively simple commands you need to type in. In fact, typing them in means you can keep them in a little word processor file and send them to the box over and over again with little changes -- good for setting up multiple boxes or for playing around with a single box you are repeatedly pin-resetting.
To really help a person like you who doesn't have time to bone up on every box you are working with, what you really need is something that is kind of a cross between a network management system and a CAD system. You would sketch out your network, and drop little dollops of distinctively colored "paint" on each network or host that needs to participate in some virtual network. The system would then output configurations to download to each of the participating firewalls or hosts.
A GUI that just configures and individual box does practically nothing for you.
-- Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
ParentSharetwitterfacebooklinkedin
Non-US distributions like SuSE and Debian can include Freeswan in their list of apps. US based ones like Red Hat can't. But some lovely fellows at Steambaloon (a Linux security consulting firm - no, I work for someone else) produce source and binary packages of the original and updated Red Hat kernels (with the AC patches, extensive testing, and old 2.4 VM) with Klips, the kernel level part of ipsec, compiled in.
How stupid is the CTO?
(Score:1)
by SharpNose( 132636 ) writes: Alter Relationship
on Wednesday February 27, 2002 @11:21AM (#3081178)
Journal
Let's see: provided I know FreeSWAN, I can grab a machine and start setting it up immediately. If I want to get something commercial and very expensive, I have to fill out how many forms, get approval from how many people, wait for it to get ordered how long? Exactly where are you starting your clock when you say "configured from GUI in a few hours?"
One of the things that they don't tell you how to do, i guess so they don't get asked questions, is how to put gre traffic inside of an ipsec tunnel and make it work right. Also, it seems to have slipped by that you CAN make two linux 2.4 secure gateways talk to each other over the ipsec tunnel.
- Left/Right side nomenclature really confuse me; they could have used "peers" or client/server, I don't know
- Recompiling kernel; easy if you have a single box, quite hard when you manage 30+. Plus it require you to commit the sin of rebooting the machine.
At work, we have choosen CIPE for Linux-Linux VPN. It is totally userland, come stock on recent RedHat version and is available as RPM; all that make it is easy to install and upgrade on a lot of machines. Plus the config file is really dumb-proof. We are stuck using PPTP for Windows-Linux VPN because that's all the Windows monkeys know about.
-- :wq
ParentSharetwitterfacebooklinkedin
Re:What's complicated about FreeSWAN?
(Score:1)
by pivo( 11957 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:17AM (#3078772)
From my understanding of FreeSWAN, it's not intended to connect many machines to a central point, for example a VPN for home manchines connected to a central office. It's intended to link offices together. So you should only have to install it on the specific machines that link those offices. If you're company's so big or disperse that you have thirty officies, then I guess you would have to recompile each kernel, though you'd be smarter to have identical machines and build the kernel once then distribute it to each machine.
We use PPP over SSH for our home/office VPN for Linux and Solaris. It works very well and since it was originally a skunworks project, we didn't even have to get IT to open any new ports since SSH was already supported.
ParentSharetwitterfacebooklinkedin
Re:What's complicated about FreeSWAN?
(Score:2)
by LinuxGeek8( 184023 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:57AM (#3079084)
Homepage
I am struggling for some time now to get it going, but I still do not understand how it works. On my end I have a linux firewall with iptables. And what I could not figure out is what to do with the packet filtering, do I need to accept traffic over 50/ip on the ipsec0 interface or the eth0 interface. Same question for the 500 udp/ip traffic.
And the other part of the network is connected to a freebsd server with racoon running. That is a completely different ipsec implementation. At least for configuring it is different.
I believe running a packet filter is quite hard if you want to do it right. You have to understand networking and just play with for a few weeks just to understand it. If anyone would tell me he has a secure packet filter running, but cannot explain how it works, I just cannot believe it. You just have to know what you are doing. Same with ipsec. Ipsec is not only networking, but also crypto. So there is more you need to know about it, and it adds extra complexity to firewalling.
-- Well, don't worry about that. We can get you back before you leave. (Dr. Who) ParentSharetwitterfacebooklinkedin
Re:What's complicated about FreeSWAN?
(Score:1)
by pfunkmallone( 89539 ) writes: Alter Relationship
on Thursday February 28, 2002 @09:44AM (#3086925)
On your eth0 interface of the firewall, you need to allow 500 udp, and 50 tcp (if you're using ESP which is default). This allows the IPSEC peers to setup the tunnel. http://www.freeswan.org/freeswan_trees/freeswan-1. 95/doc/firewall.html
According to the FreeSwan folks, no firewalling NEEDS to be done on the ipsec0 interfaces, as all packets coming through this tunnel are already being disassembled and "cleaned-up" by freeswan itself.
ParentSharetwitterfacebooklinkedin
Sucking dick is the ultimate act of subservience; a woman sucking dick not only gets no orgasm for her work, but gets a mouthfull of what can only be described as warm rancid milk for her efforts.
This sexual slavery must be stopped! Women, reclaim your mouths, and
Show me That Smile (The Growing Pains Theme Song):
Show me that smile again.
Ooh show me that smile.
Don't waste another minute on your crying.
We're nowhere near the end.
We're nowhere near.
The best is ready to begin.
As long as we got each other
We got the world
Sitting right in our hands.
Baby rain or shine;
All the time.
We got each other
Sharing the laughter and love.
Re:why?
(Score:2, Insightful)
by MonkeyBot( 545313 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:09AM (#3077844)
Sometimes, there are special constraints on the networks you are working with. For instance, I need to use stuff that uses IP, but since PPP over SSH is strictly TCP, I can't use that option. Moreover, my boss is a paranoid guy that doesn't trust some 24-year-old punk (me) to run his firewalls, so both offices have managed firewalls through different ISPs, ruling out the possibility of a single ISP routing traffic over its network to the other office so that I don't have to do anything. This adds additional constraints because since I can't control the firewall without going through pains with both ISPs for several days, I can't even open a port for something like PPTP (which I really wouldn't want to do anyway). Granted, I can probably find out what I need to know from a Google search, but it would be nice to have all the common VPN solutions covered--even just introduced--in a book format. I'm buying it.
ParentSharetwitterfacebooklinkedin
Re:why?
(Score:2)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @08:10AM (#3079648)
Of course, ppp over ssh implies a full IP tunnel using ppp with ssh underneath, IP in TCP encapsulation, essentially. You get full IP functionality this way, though the architecture is horribly flawed (TCP connections run with TCP somewhere underneath, very bad when packets get loss and two layers start doing recovery).
Now ssh without ppp on top supports only TCP tunnels, I'll assume that is what you are talking about. A statement that says you need to use IP, but you only get TCP sounds really goofy, since TCP rides on top of IP, phrasing it with the protocols you need (i.e. udp, icmp, etc) would have made the post more sensible (that and omitting ppp...). If I heard someone make the statement you just made I wouldn't trust them with firewall configuration either...
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
Are you saying that ICMP, or UDP, traffic is unable to utilize this tunnel?
That is certainly not correct. Just as PPP carries all of your IP traffic (any protocol) between your home and your ISP, a PPP over SSH tunnel will also carry whatever you need it to.
-- For those that would die defending it, Freedom
has a sweet taste that the protected will never know.ParentSharetwitterfacebooklinkedin
Re:why?
(Score:2)
by Bender Unit 22( 216955 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:13AM (#3079206)
Journal
It's not when it works you need the books. It's when it doesn't work you'd wish you had the book. I have configured a VPN with the help of a HOW-TO page and it worked. B ut when you want to do larger setup's in the "real" world. All kinds of questions comes and demands comes to mind and it's nice to be on top of things and be able to say from the first meeting, what is possible and what is not.
ParentSharetwitterfacebooklinkedin
VPN hardware
(Score:1, Troll)
by pokka( 557695 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:02AM (#3077793)
Building VPNs is a pain in the ass, regardless of whether you're using windows NT/2k or linux. Microsoft's documentation is sketchy (and in some cases completely wrong), and there are very few sources for building a VPN in Linux.
This book may make it easier to build a VPN, but it's kind of obsolete, now that the Linksys VPN router has been released, making it a matter of plugging in and turning on. Of course, if you have plenty of free time, but very little money, you might go for the book instead.
Sharetwitterfacebooklinkedin
Re:VPN hardware
(Score:2, Interesting)
by Cyno( 85911 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:38AM (#3078046)
Journal
...or if you're worried about security. I never trust commercial companies to deliver secure code. Specially if they keep it closed source. Unless you want to flash the rom on this thing every few weeks I'd just read up on a linux ppp over ssh solution and write some scripts to keep that software updated.
ParentSharetwitterfacebooklinkedin
Re:VPN hardware
(Score:1)
by starpool( 562363 ) writes: Alter Relationship
on Wednesday February 27, 2002 @02:12PM (#3081956)
We started out making slow progress with FreeS/WAN trying to connect to a Raptor Firewall, and thought we'd try to take the easy way out and use two Linksys VPN Routers. Bottom line: the LVRs will only allow one Class C subnet access to the tunnel. Since we have multiple subnets at 4 different locations, the LVR is disqualified, at least for now. (Maybe Linksys will add this capability to future firmware.) So we're back to FreeS/WAN and Raptor...now if I can just get that book at my local BN.
ParentSharetwitterfacebooklinkedin
What's wrong with PPTP?
(Score:4, Interesting)
by Jacco de Leeuw( 4646 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:06AM (#3077826)
Homepage
PPTP is often used for 'road warrior' setups, i.e. people working from home or on the road. It's cheap because there are free (as in speech) PPTP servers for Linux and the Windows PPTP clients are free too (as in beer). In contrast, Windows IPSEC clients are often expensive.
So, what's wrong with it then? Well, the security of PPTP apparently depends on the password.
A German student has written software which can crack the password in a couple of hours on a Pentium II.
Re:What's wrong with PPTP?
(Score:2, Informative)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @04:19AM (#3077901)
It's Point-to-Point Tunneling Protocol and thus more limited than IPSec which can be used in routed mode and can connect arbitrary networks.
ParentSharetwitterfacebooklinkedin
Re:What's wrong with PPTP?
(Score:3, Interesting)
by FallLine( 12211 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:25AM (#3077939)
Well firstly, Microsoft's implimentation of PPTP is insecure, buggy on the client side (and the server side, where their server is used), and has a hard time supporting multiple clients in a NAT environment.
Secondly, a lot of older hardware has little to no support for the GRE protocol that PPTP depends on. Thus many people simply can't use it.
Thirdly, it's virtually impossible to get two people connecting to the same VPN behind the same NAT network on any hardware. The nature of GRE makes it very difficult since it has no concept of port to diffentiate between packets, only source and destination IP. Unfortunately, NAT is very common these days so this really does matter.
ParentSharetwitterfacebooklinkedin
Secondly, since when does hardware support a networking protocol in the absense of software? Any machine that can run 95 or 98 can run PPTP. They have pretty modest hardware requirements by today's standards.
Thirdly, I have created multiple outbound pptp tunnels behind an ICS connection. It can be done.
Re:What's wrong with PPTP?
(Score:3, Informative)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:40AM (#3078066)
Just FYI, but Win2k and newer (at least) include native IPSEC support that can interoperate with FreeS/WAN and such. Other systems, well, they are intended for home use that doesn't need that functionality..
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
Windows 2000/XP's support for IPSEC is limited to transport mode. Tunnelling is handled by Cisco's Layer 2 Tunnelling Protocol (L2TP). Unless FreeS/WAN and KAME now support L2TP, IPSEC VPNs using Windows-native clients are limited to routable IP addresses all the way around.
Now NAT is evil---ask my friends, I rant about it all the time---but in the real world, one must be able to tunnel VPN traffic at least in one direction (into the company). Without support for L2TP in FreeS/WAN or commercial IPSEC clients in Windows, one cannot currently do this.
Please, I beg you, prove me wrong. I've been struggling to get Windows IPSEC working with KAME for some time now. And my copy of Cisco's Unity VPN client doesn't work on XP.
Re:Wrong: Win2K IPSEC uses L2TP for tunneling
(Score:2)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:40AM (#3079371)
L2TPd for linux exists, separate from FreeS/WAN. Though commonly coupled with IPSEC, L2TP is separate. I have heard reports that FreeS/WAN+l2tpd can be used to provide the functionality you describe to have a pretty solid VPN with FreeS/WAN and Windows ends.
http://www.marko.net/l2tp/
A bit dated, but reportedly still functional...
Now as far as getting connectivity to Cisco with Windows with tunneling, I have no idea, never tried...
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
Re:What's wrong with PPTP?
(Score:2)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:41PM (#3082448)
http://www.freeswan.org/freeswan_trees/freeswan-1. 95/doc/interop.html contains some links, right now the tripod exceeded bandwidth, and that is the one with Windows interop. instructions, but I have seen it and it looks pretty solid.
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
Re:What's wrong with PPTP?
(Score:2, Informative)
by jeremiahstanley( 473105 ) writes: Alter Relationship
<miah AT miah DOT org>
on Wednesday February 27, 2002 @04:45AM (#3078100)
Homepage
With Win2k you can get this little patch and then you have a free as in beer IPSec implementation provided by Microsoft under Win2k. It even supports x509 certs. IPSec clients are not that expensive. Look at SSH Sentinal for another option. It even supports the newer AES ciphers (which I don't expect out of Microsoft for a long time)as added security.
For all of this you have to patch the code to use the newer ciphers. You can get that here and if you need to use x509 certs you can get that stuff here. This is all pretty easy if you have you druthers about compiling new kernels and working with OpenSSL.
Why this isn't in the kernel to begin with is anybody's guess. I would guess that it has something to do with all those pesky crypto export laws. Just like everything else in the ol US of A we have to sacrifice our freedoms so that we can be safe from the KGB and that one guy from Hackers.
-- Hire me...ParentSharetwitterfacebooklinkedin
Its damn slow
(Score:1)
by moankey( 142715 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:08AM (#3078275)
From testimonies of traveling whatevers the people always complain that PPTP is very sloooow. They preferred using RAS in place, albeit a very expensive phone bill.
Re:What's wrong with PPTP?
(Score:0)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @05:19AM (#3078347)
So, what's wrong with it then? Well, the security of PPTP apparently depends on the password. A German student [uni-freiburg.de] has written software which can crack the password in a couple of hours on a Pentium II.
PGPnet
(Score:3, Informative)
by Jacco de Leeuw( 4646 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:37AM (#3078474)
Homepage
That's because NAI doesn't know what to do with it. Could they be dumping the product for $39? They want to sell off some parts currently included with PGPnet. There's some uncertainty if you buy the product. Will they update it? Will they fix bugs?
-- -------
Warning: Slashdot may contain traces of nuts. ParentSharetwitterfacebooklinkedin
Normally, the file/etc/shadow (or/etc/password on old systems) is regarded one of the most vulnerable points of an unix system
[Uni99]. If an attacker can obtain the information in this file, the system is nearly hacked. Using Microsoft's PPTP protocol, information about your passwords is not only publicly available, you also provide additional hints about the passwords, which allow to speed-up the attack by a factor of up to 2^16 .
With this said, it is clear why we believe Microsoft's PPTP implementation isn't suitable for securing wireless networks.
Having a book like this one is great if you want to familiarize yourself with the standards and how to implement them on Linux, but the much harder task is getting Management, particularly at larger companies, to see the benefit of implementing a standards based VPN where the users can use any standards based client over any TCP/IP network.
Instead what I see is managers that want to buy a single product that comes with both the server and client applications, but then doesn't work or is hard to implement when the clients are trying to access the VPN from a cablemodem, DSL, or 802.11 connected machine, and don't (God forbid) want to use MSIE and Citrix on Windows to get onto the office network.
We're tasked with supporting Citrix IE-ALE Windows VPN clients with FlowPoint modems or Instant Internet boxes over DSL. Of course it is completely unrealiable. The task is truly Herculean. They (vendors)all point their fingers at each other, and I'm waist-deep in IPSec, MTU's,etc. and all that other black magic.
-- "Nothing is impossible for the man who refuses to listen to reason"
ParentSharetwitterfacebooklinkedin
As a side note, if you use '-g', make sure you have iptables/ipchains/hosts.{allow|deny} rulesets enabled to make sure that only authorized machines can use the gateway. Otherwise anyone in the world can use your encrypted tunnel.
This is an EXCELLENT POINT that CANNOT BE OVEREMPHASIZED.
I recently had to set up tunnels to allow a set of NAT'd workstations (laptops runnin a mix of Linux and W2K) access a system on the inside of a remote firewall where SSH was the only available securable protocol. We needed to use the "-g" switch, and the need for filtering access was immediately apparent.
We ended up using a set of scripts to build the tunnel, including the necessary iptables rules.
As an aside, I'd check if hosts.allow|deny rules are sufficient - I think the ssh tunnel would make all connections appear to be coming from the host running the tunnel. (Can't check for myself right now)
The main problem with IPSEC...
(Score:5, Insightful)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:48AM (#3078126)
IPSEC is wonderful, but many businesses don't think things through and use it for telecommuting. Why is this bad? Well, the way this works is that someone connects to the VPN system and gets a full tunnel that allows the authorized client to behave on the internal network as if it was actually there, bypassing the firewall. The problem here is pretty obvious. The client machine is not protected by a firewall,a nd so if the client is compromised, an attacker has a clear path straight past the firewall. So the effectiveness of the firewall is greatly reduced.
Now if you don't have a firewall protectecting the network, this won't hurt, but if you do, then a solution like ssh is somewhat more secure, as you only set up the tunnels you absolutely need to very specific hosts. While there is still a risk, it is greatly reduced and strikes a good balance between usability and security.
What IPSEC *is* good for is seamlessly connecting sites together without really expensive dedicated lines securely. While it makes no guarantee as to bandwidht or availability, it does provide almost the same level of security. If a company can't afford lines to sites but still wants to expand, IPSEC is ideal. I use it to connect my home private network to a friends home private network. The key here is that not only do you have to trust the clients whose keys you permit to connect, but you must also trust that the administrator of that client machine or network is sufficiently competent to keep his network secure, as the security of the two networks is tied a lot more closely together...
-- XML is like violence. If it doesn't solve the problem, use more.
Sharetwitterfacebooklinkedin
Re:The main problem with IPSEC...
(Score:1, Informative)
by Anonymous Coward writes:
on Wednesday February 27, 2002 @04:58AM (#3078205)
Actually, this is bypassed by disabling split tunneling (allowing the client machine to access the internet "directly" and accessing the VPN tunnel).
Actually, this is bypassed by disabling split tunneling (allowing the client machine to access the internet "directly" and accessing the VPN tunnel).
Well, but that doesn't prevent the telecommuter's computer to become compromised with some background logging software that'll collect information when connected to the company network, and send it to the attacker when connected to the internet.
Of course, using an SSH tunnel also doesn't solve that problem.
The only real option is to assign IPs from a different subnet to the telecummters' home computers, and having a firewall between that subnet and the rest of the company network that'll not allow access to certain ressources that are especially critical. And, of course, the telecommuters must be educated about the security issues.
As far as I'm concerned, a bigger threat is the road warrior laptop not having adequate virus protection. (VP of Sales does insist on Windows, doesn't he?) Desktops behind the firewall presumably have multiple layers of protection in front of them, the road warrior, maybe not.
ParentSharetwitterfacebooklinkedin
Re:The main problem with IPSEC...
(Score:2)
by Shoten( 260439 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:29AM (#3078417)
So, you're saying the main problem with IPSEC is that it's not a magic bullet? Nothing is...get over it. I've heard people say the same about firewalls, saying how firewalls make people think that they're totally secure, so they no longer patch systems or pay attention. That may be true sometimes, but it's still not a valid argument that firewalls are flawed. Security isn't one box or one piece of software, and saying that one has a problem because it doesn't blanket everything is like criticizing deadbolts because thieves can still break a window to get into your home.
--
Re:The main problem with IPSEC...
(Score:2)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @06:53AM (#3079060)
Right, but I was saying that IPSEC is not only not a magic bullet (that is to be expected) but companies outright misuse the technology without any serious thought. They invest tons in making sure they have tight firewalls and policies that prohibit people from hooking up modems to the outside world (internet without firewall), and yet repeat the mistake in a different form time and time again. It would be nice to establish trusted connections to telecommuters, but it just simply can never be secure enough (well, maybe if the telecommuter is the same person who designed the corporate security and takes home security equally seriously, but not worth finding out).
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
Re:The main problem with IPSEC...
(Score:2)
by Shoten( 260439 ) writes: Alter Relationship
on Thursday February 28, 2002 @03:15AM (#3084102)
I see your point, but at that stage of the game, it's not the technology that is to blame. Any solid technology will be a problem if it is not part of a sound, well-thought out implementation. There are ways around the problem as well, however; for example, Checkpoint VPNs can push a security policy out to the client upon connection, enforcing a firewall policy at the end point and prohibiting network communications between that point and any node besides the VPN gateway. But that's a whole other ball of wax, and returns to the issue of making wise choices when rolling out technology.
The bottom line is, VPNs make it possible to do things in business that aren't cost-effective any other way, and businesses are there to make money, not to be secure. It's a trade-off, and if the return outweighs the risk, it's worth the risk.
So the effectiveness of the firewall is greatly reduced
Don't you have the same exact problem with desktop machines on the LAN, inside the firewall? Seems to me that VPN-though-a-firewall doesn't introduce any vulnerabilities that you don't already have.
-- As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
ParentSharetwitterfacebooklinkedin
But LAN machines have never been exposed to the internet.
Ha hah hah ha! That's a good one.
Seriously, it must be nice to work at a place where they haven't heard of "Active Content" and no one uses products like Microsoft Word or Microsoft Outlook.:-)
-- As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
ParentSharetwitterfacebooklinkedin
Re:The main problem with IPSEC...
(Score:2)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:48AM (#3079450)
When dealing with internal systems, you can enforce all kinds of policies about virus software, etc. You can keep it relatively boxed. With telecommuting, the clients not only have relaxed restrictions, but also are vulnerable while connected to the internet to the sort of attacks firewalls are meant to keep out. Normally, this wouldn't be too bad, but with a full tunnel, that machine will probably contain sensitive information itself and, for the duration of the connection, gives full access to a corporate network if compromised.
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
Local Area Network by definition is not a Wide Area Network now is it? If you have a LAN you cannot be exposed to the internet or it is a WAN. If you run active content then you are running code on the LAN. Don't run unknown code on a LAN. If you downloading something from the internet you are using a WAN interface are you not?
The point is you have a machine that has been directly exposed to the intenet and now it is on your network and that is NOT the same thing.If I have to go to the head at a bus station I will finish my drink because I won't really know what it is when I get back.
ParentSharetwitterfacebooklinkedin
Re:The main problem with IPSEC...
(Score:1)
by -audiowhore-( 153163 ) writes: Alter Relationship
on Wednesday February 27, 2002 @11:08AM (#3081115)
Bollocks! There are quite a few commercial VPN clients out there that either have a 'stateful' firewall engine (Check Points Secure Client), and some others that support personal firewall software (the Cisco client has support for Black Ice and Zone Alarms). The Cisco client can be configured to not install or initialise *unless* the personal firewall is installed/running.
Re:The main problem with IPSEC...
(Score:2)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @04:22PM (#3082392)
But then, how do you ensure the client is using approved software if you are using a standard like IPSEC? I know, corporate policy, but if people are at home, they might try more exotic things... In any event, clients configured like this are a good way to make IPSEC *better* for telecommuting, but the safest bet is to not have full network transparency, but instead only have selected services that telecommuters need and allow only those in your preferred method of access..
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
Re:CIPE - a better solution.
(Score:2, Insightful)
by ion++( 134665 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:22AM (#3078367)
Oh yeah, i forgot to mention that it works behind a NAT, which IPSEC has trouble with. Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.
Further more it works with non-static ip address. Obviously one end needs to know the ip of the other end, but thats all which is needed.
FreeS/WAN works great with non-static IP addresses.
IPSEC also does not run TCP over TCP, it uses udp for isakmp, and data is transmitted through custom protocols (numbers 50 and/or 51), *not* through TCP.
Another thing about IPSEC that works better than CIPE is that IPSEC more strongly authenticates the machine at the other end. This is why NAT breaks, because unlike CIPE, IPSEC works to ensure the packet has passed unmodified since leaving a known trusted host, and the very nature of NAT prevents this. Solution is simple, move the IPSEC gateway to either the NAT system or beyond. Though it is being pushed in many circles as a good solution for telecommuting, it really was never designed for that and that usage really spits in the face of firewalls.
Finally, CIPE lacks compatibility. Sure you can configure windows and linux boxes and maybe other platforms, but just try to connect to, say a CISCO router....
CIPE is a hack that creates more problems than it solves in the long run. PPP over ssh is worse, but a dumb idea, set up tunnels for specific tcp services that you need, more overhead, but security is better (not perfect, but better). For connecting networks together, a good architect can piece together an IPSEC solution that guarantees identity at other end of the pipe... CIPE offers the gaping whole that IPSEC can while not offering enough identification. So ssh or IPSEC remains the best solution, depending on the problem.
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
Crossplatform aspect?
(Score:2, Interesting)
by egghat( 73643 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:51AM (#3078571)
Homepage
How is the crossplatform aspect covered? There are hundreds of possible solutions for VPNs out there, but if you want something that works on *nix, Windows and Mac (Classic and X) and is free and open, the range of products to choose from gets small...
For example, I couldn't find a free IPSEC client for Windows.
Any new hints from this book?
Thanks in advance.
egghat.
-- --
"As a human being I claim the right to be widely inconsistent", John Peel
Sharetwitterfacebooklinkedin
Re:Crossplatform aspect?
(Score:3, Informative)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @05:53AM (#3078587)
IPSEC "clients" for Windows: PGPnet- commercial and free versions. Free version doesn't do complicated routing stuff Windows 2000 and newer have built in IPSEC capabilities.
Both these methods can interact with CISCO, OpenBSD, and FreeS/WAN.
IPSEC is the best shot you have at a cross-platform standard.
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
We discuss PPTP s.t. you can communicate with PPTP-only Windows clients. You can run IPSec software on more recent versions of Windows, however describing how to do so would probably increase the size of the book by several hundred pages, not counting the fact that we'd have lost some serious sanity in the process.
So when cross platform == unix-like systems, this book does it for you. When cross platform == non unix, you're on your own.
ParentSharetwitterfacebooklinkedin
Anyone know of any ISPs (preferably outside USA) that will route stuff coming from a VPN (or any other type of encrypted tunnel) to The Internet? (i.e. from The Internet's point of view, it would be like I was a local user of that ISP, even though I'm physically somewhere else.) Doesn't have to be free beer.
-- As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Sharetwitterfacebooklinkedin
Anyone know of any ISPs (preferably outside USA) that will route stuff coming from a VPN (or any other type of encrypted tunnel) to The Internet? (i.e. from The Internet's point of view, it would be like I was a local user of that ISP, even though I'm physically somewhere else.)
Why would you want to do that? Not only will it slow down your network connection, but I suspect that it should be fairly easy to do traffic analysis to determine which traffic was yours in the first place, even at a busy ISP...
The ppp over (ssh/ssl) stuff in the book is much more complete, allowing you to make more than one connection, doesn't rely on best-guess 'sleep X' timeouts, and walks you through setting up ssh securely s.t. it can only be used to create the VPN, and doesn't require logging in as root from either endpoint.
ParentSharetwitterfacebooklinkedin
You are correct, of course, about the flaws of my scheme, but you'd be amazed how well it works for my purposes. I work from home and need to get access to my work machines through the firewall.
USing my 128k DSL connection to the net, I can do a lot this way, including using VNC acceptably.
I wouldn't recommend it for any production environment, but for simple things it more than fits the bill.
ParentSharetwitterfacebooklinkedin
Re:ssh + ppp = vpn
(Score:4, Informative)
by Junta( 36770 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:14AM (#3079217)
Of course, ppp over ssh is a bad thing, ugly and bad. For most traffic, you have this topography: TCP over IP over ppp over ssh over TCP over IP, etc...
Note the fact that we have TCP over TCP, which is bad, very very bad. If a packet gets lost, we have two layers doing the same thing to restore a connection and things can get stalled out quickly....
ssh's built in tcp tunneling suffices for most remote access applications. For a true VPN, IPSEC is the only good way to go. Other things like CIPE certainly work better than ppp aver ssh, but still lack in certain features things that IPSEC does. Then again, if you have to build a VPN where you need to modify packets in transit (i.e. NAT), CIPE is a viable alternative if you don't mind that packets could be mangled by more than just the NAT gateways and CIPE wouldn't care, but I personally want to ensure the highest security with IPSEC...
-- XML is like violence. If it doesn't solve the problem, use more.
ParentSharetwitterfacebooklinkedin
IPSec would be better but I would have a lot to learn and experiment with before I could use it. The ssh+ppp solution is much easier.
ParentSharetwitterfacebooklinkedin
Right in time.
(Score:2)
by Bender Unit 22( 216955 ) writes: Alter Relationship
on Wednesday February 27, 2002 @07:06AM (#3079151)
Journal
I have just been playing with IPSec for the last couple of days and wanted to buy a book on the subject. While I managed to sucessfully make a VPN connection between 2 machine, I still need to read a great deal about what's under the hood. So I looked at amazon also thinking that I could not go wrong with a book from O'Reilly, but after looking at the few stars it got I had been looking at this book and the one from RSA. Well, that does it. I'm getting this one.:) Sharetwitterfacebooklinkedin
Slashdot Mirror
Here is a mirror.
Here is a mirror.
Here is a mirror
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
Important Stuff:
Please try to keep posts on topic.
Try to reply to other people comments instead of starting new threads.
Read other people's messages before posting your own to avoid simply duplicating what has already been said.
Use a clear subject that describes what your message is about.
Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)
Problems regarding accounts or comment posting should be sent to CowboyNeal.
I just heard some sad news on talk radio - Slashdpt's favorite troll The Page Widening Post was found dead this morning. There weren't any more details. I'm sure everyone in the Slashdot community will miss it - even if you didn't enjoy its work, there's no denying its contributions to popular culture. Truly an American icon.
I hate CmdrTaco, Michael and jamie...
This did not widen my browser...
you suck
Internet Explorer?
tired of crapflooding Crashdot.
Please reply to this message if you would like to see me stop.
thx
.I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .enough .charaters .per .line .that .really .sucks .when .that .happens .and .you .have .to .put .some .lame .lameness .filter .defeater .text .in .there .i .wonder .how .many .people .will .read .this .whole .comment .I .certainly .hope .it .doesnt .annoy .too .many .people .This .is .just .the .beginning .because .PAGE .WIDENING .IS .BACK .I .like .wide .pages .I .wish .all .pages .could .be .as .wide .as .this .dont .you .wide .pages .are .much .cooler .than .those .narrow .pages .you .are .used .to .reading .because .you .dont .have .to .worry .about .the .lameness .filter .telling .you .that .you .don't .have .e
u r gay, pls fx, thx