I have a realtively small network here, with a Linux server and a couple of clients which become infected by a worm/virus from time to time.
First, you have do differentiate between a virus and a worm:
1) Virus - This is basically easy. Most viruses have a built-in SMTP Engine, which means simply that they replicate over SMTP and therefore contact various SMTP-Servers (port 25). Normally, they do not use the ISP's SMTP-Server configured in outlook. Therefore I just blocked outgoing connections on destination port 25 which blocks the replication of the virus. Whenever someone is infected, I see this in the firewall logs.
Then I can inform him but I basically don't bother as he does no harm to my network.
2) Worm: This is not so easy as the worm tries to replicate on your local network. The only solution to this is to block certain outgoing ports for known attacks and - which is more important - configure a VPN where clients may only communicate to your server but must not interact. On the other hand this is a huge limitation but there may be
ways to allow certain connections (e.g. fileshareing etc.) or also block specific attacks. But this requires a switch that is aware of VPN etc.
My advice: Don't fight it, live with it.
Re:Windows - Linux - Mac? - Lock in
on
Return of the Mac
·
· Score: 1
The hardware lock in is also my problem with Macs. You are just limited to this specific hardware.
Moreover if you buy Mac hardware you have to live without Windows, which is often not possible. There are a lot of situations where I just need some software that's only available for windows. There's no way to e.g. install vmware, or repartition your harddisk and install Windows XP. This can be a huge drawback.
I tend to use a dekstop PC, I don't use a laptop. Mac desktops are not easily upgradeable, therefore a noname PC is still the far cheaper and flexible solution.
I think the Mac has it's niches, but the reason why it's not more widespread is similar like Linux: missing software and hardware lock in.
10 GB of jpegs would take ~ 22 hours witch a P4-1.8Ghz to compress with this new technology.
Although it's very interesting that jpegs can theoretically be compressed, the processing time needed is too high, such technology will never make it to embedded systems, e.g. cameras etc.
Once in a while the "terminal idea" rises. And then it's gone again. Like this time. And the reasons for this are always, always the same:
- People can't install their specific software (how could they install e.g. "Moorhuhn"?) And although people are always annoyed about their computer problems, they just don't want to miss all their "special" software. They tend to decide for freedom above simplicity. - Bandwidth and Servers will always be to slow for the "Terminal solution".
Oracle and Microsoft are fighting this topic over and over but it'll never change.
There are niche markets where terminal solutions tend to be better, but even those are slowly vanishing.
Right, long term, the CD/DVD is actually doomed. People just don't want to go to stores anymore, they want to get their music/video from the internet. As broadband connections increase and the bandwidth gets higher, the demand for online content increases.
I am sure that there's a market for online music, and I said market, which means that people will earn money with this technology.
People are willing to pay for what they consume. It's only that they want to decide, it never works in the long term if someone is selling something that people don't appreciate.
Music industry is going to change. But this only means that some markets are going to die and other markets will emerge. It's all about flexibility.
Did you know that the music industry earns more money by selling ringtones by selling singles?
To my mind Solaris lacks the following key points:
- It is not widely distributed, hence there is much more knowledge about Linux than about Solaris
- The code of Solaris will (perhaps) be opened. But that does not mean that patches/enhancements of someone will be implemented in the Solaris kernel. Migrations from closed source to open source always tend to be difficult - not only due to code issues, more due to - hmmm, let's call it "structural and organizational incompatibilities with the open source model".
- Linux is extremely well documented: You have some question, look at Google, at one of the thousands of mailing lists, forums etc. Solaris is of course documented. But it's not as easy to get help as it is in Linux.
- More open source software is available for Linux
- Will Solaris suit for desktops?
I think that Solaris has it's place in the IT environment and will continue to do so. Some people will like it, others will not. But there is no reason to think that Solaris will "kill Linux".
What I really would like to see is a feature that checks the quality of the recording while burning.
I own a Nec ND2500-A and although this is one of the better DVD-Recorders it once in a while produces coasters - and I only use quality media.
You won't recognize this beforehand, you try to read the DVD's back and recognize that your data is lost due to read errors.
This is _very_ annoying and I still found no solution to this.
So to anyone who uses DVDs for backups: Use a burner that supports readout of PI/PO errors and check every DVD you burned afterwards. At least I have not found a better solution to check if you are burning coasters.
If you need a really safe solution, stick with software RAID:
1) Linux SW-RAID is very well tested. It's very unlikely that a software bug will trash your data. HW-RAID Controllers have a firmware that can be buggy. It does not happen often, but if it does you're hosed (dataloss, no solution: closed source).
2) Consider the situation where your RAID-Controller fails. If it's an older model you won't get a replacement easily. No one guarantees that other controllers are compatible with the data format your defective controller wrote on your disks. So maybe all data is lost if you don't get an exact HW replacement.
To my mind HW-RAID has the advantage to be faster (but only with expensive controllers) and does have a battery buffered RAM which prevents dataloss in case of a power failure.
This comment is a typical example for an "U.S. like" viewpoint. I think that patriotism is basically a good thing but it should stop where people start neglecting the reality to gain an idealistic perception of their country.
The Boing case was some time ago but to my mind it was not about stealing technical secrets, it was about spying an offering from Airbus which Boeing could then underbid.
It's right: We don't have a B-2 but merely because we don't need it. But Europe produced a lot of fighter planes which are sold all over the world, just like the swedish Saab Gripen, the french Mirage or the german Tornado.
Same goes with the Eurofighter: It's for sure no crap, it may have its problems but it has good specs compared with other fighter planes. And it's cost-effective.
But: What has a Eurofighter/F-22 to do with an Airbus? It's like saying: "Your cars are crap, the Ferrari F-50 outclasses your Dodge Viper!".
I own a HP49G+ since some weeks. I had a HP48SX beforehand and upgraded because the 49G+ is a lot faster and has a lot more builtin functions.
With the software I am very pleased, the calculator does all what I expect.
But the packaging, especially the keypad is PURE SHIT! The calculator is manufactured in China and it also feels like this. Compared to the HP48 this is a HUGE step back. The keypad is very, very noisy, which is a problem because neighbours are disturbed by the loud keyclicks. What's even worse, the keys are not reliable: You hear the keyclick but there is no input. This leads to a *lot* of typing errors. Around every 5'th keypress is missed, so you always have to control the input on the display.
When spending $150 for a calculator I just don't expect a packaging/keyboard worse than many $9.99.- calculators. Shame on HP!
There are rumours that some newer models have an improved keyboard but this cannot be confirmed. HP itself denies this obvious misdesign, denies that there are better keyboards built into newer versions of the HP49G and does not offer a solution.
So - before buying such a calculator, test the keyboard and make sure that it works.
I do agree that a CAS System (like Ti-89, HP49, Mathematica, Maple) does not help you unless you understand the stuff.
But in many cases such calculators can be very valuable, I for myself did an exam where you had to do matrix multiplications, eigenvalues and partial fractions. Of course I have to be able to solve all this by hand. But to my mind it makes more sense to study the principle of the math more deeply than training matrix multiplications and stuff like this.
My opinion is that Linux servers tend to have a lot higher uptimes than their MS counterparts.
This is not only an issue with stability, although MS Servers tend to "ask for a reboot" after some time, maybe after a week, or after a month. Linux does not seem to suffer from this, they happily run for years.
In Windows there are many cases where a reboot is recommended or even required, e.g. when changing the Workgroup. These occasions occur less with XP than with NT but they are still there. Many software installations ask the administrator for a reboot and it's up to you to decide if it's really necessary or not.
Why recompress? Recompression makes only sense to me if there is not enough space for the DVDs. Moreover you lose the DVD-Menues and compressing 1000DVD's to e.g. DIVx's with good quality will take a *lot* of time. If one DVD compress takes let's say 4 hours, this sums up to 4000 hours for all DVD's. That's 4000/24 = 166 days (!).
If money is not an issue, why not combine those nice slow running 300GB harddisks from Maxtor to a huge disk array, e.g.:
Linux Software RAID5 array with 6 disks -> 1.5TB, so you need 3 of these, add one or two hot spare(s) for extra data safety, and do a RAID0 over these 3 arrays, so you have 19Disks -> Wow, that's $250.-*19 = $4750.-. Next you have to buy 4 PCI IDE-ATA133 Controller cards and some Motherboard. 4*5=20 -> 20 harddisks connectable.
The hardest Part will be the Case. It will not be easy to get a case where 19 disks can fit into. Maybe it works with some luck with a YeonYang YY-0221 Server case. If there's not enough space there, maybe some disks should go into an external USB case, but my experiences with external USB-Disks are not very good. Another option would be to split the whole thing into 2 or three servers. The Motherboard etc. will be cheap compared to the price of the disk array.
Moreover I would design the thing as a server and external USB-Disks don't work well when running 24/24. The System will be quite loud due to the many disks and fans, moreover shutting down and booting these RAID Arrays won't be a lot of fun.
Another drawback is that these disks are not SATA, so there is no hot swapping which can be quite cumbersome but the disks have a 3 year warranty, so they should not break to soon. And in 3 years you can anyway fit your data on one 4TB disk.;-)
Well, the rest is simple: Rip those DVD's with some software and use MPlayer to play them directly from the disk. MPlayer features the "--dvd-device" option where one can specify also a directory where the ripped DVD is located. Probably I would suggest using another dedicated machine for playing the DVD's which mounts the server via e.g. NFS. *Maybe* solutions like "Freevo" also support playing DVD's directly from disk but I cannot confirm this. But programming a simple Menu with tcl/tk or something similar and starting MPlayer from this menu should not provide any trouble.
What I don't know is if MPlayer already can deal with those DVD-Menues...
Well, bind9 for example was programmed with security in mind and - AFAIK - there are far less security problems than with bind8.
The same applies to postfix/sendmail.
You are right that with low level programming languages like C/C++, security leaks happen more often but nevertheless you can hold on to simple "rules" that make your programs a lot more secure, just as not using strcat and the like.
But where is a solution? Languages that perform well - and I definitely want that with specific applications - have to be programmed in low level languages like C/C++. To my mind there is no other option and I certainly don't want to install a Java-Sendmail or Java-Apache.
Moreover with interpreted languages there's always the possibility that the interpreter itself has security leaks.
Overall, it is a good article but I would add two points:
1) When it comes to security, Denial of Service (DoS) is a big issue. AFAIK, the IPv6 standard includes mechanisms that reduce the danger of DoS attacks.
2) It's true that with IPv6 many applications have to be revamped, but think it that way: Many IPv4 applications were written without security in mind and again and again pose a threat to attacks. Think of programs like bind8 or the MS IIS. When these programs are revamped, it's likeley that the programmers will right away take steps to avoid security leaks like buffer overflows and the like.
At first it *seems* that NAT is a security improvement but lateron you will recognize that it' not.
NAT can never be a replacement for a firewall, especially a packet filter. Writing packet filters when NAT is involved will lead to a lot more complicated rulesets. Complicated rulesets mean that people easily leave holes in their firewalls and this means that the firewall can get insecure.
Moreover people will not be content with NAT, they often want/need programs that can be accessed from the internet which is by design impossible with NAT. To overcome these limitations, people set up "port forwarding" on the firewall/NAT machine and route specific ports to specific machines. This makes once again machines behind the firewall/NAT vulnerable to attacks - but even worse, the rulesets of these port forwardings get very often forgotten and are often incorrectly set up which once again creates holes for attackers.
NAT is indeed - as the author of the article states - a faustian bargain and I doubt that removing NAT setups will raise security hassles.
Moreover note that with IPV6 you still *can* do NAT, so if it's your choice, leave your NAT box that way and you can still switch from IPV4 to IPv6, but with IPv6 you have also the option to drop NAT.
You write: "Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT?" I would say: "Who would honestly let an out of the box Windows machine be open to the rest of the internet with no security between?"
As I denoted, setting up a packet filter should be easier and more transparent than setting up NAT. And don't forget, that the security issues emerge from the windows machine.
It's true that there are versions of the KISS with a network interface, but note that there is no support for network protocols like Samba/NFS or the like.
There is a special Windows-only program available from KISS that sets up a dedicated "server" for KISS devices. AFAIK the used protocol is proprietary and very, very limited.
In other words: The ethernet version of the KISS is useless for people with a Linux server.
Well - I cannot confirm this. To my mind Linux software RAID is SMP-safe. I have a RAID5 sw-RAID for myself on a dual P-II/266 which is up and running for ~ 1 year now without a glitch.
Moreover there is even ReiserFS on this RAID5. It's only 8GB and not very heavily used but I never suffered from data loss due to a software failure.
Slashdot Mirror
I have a realtively small network here, with a Linux server and a couple of clients which become infected by a worm/virus from time to time. First, you have do differentiate between a virus and a worm: 1) Virus - This is basically easy. Most viruses have a built-in SMTP Engine, which means simply that they replicate over SMTP and therefore contact various SMTP-Servers (port 25). Normally, they do not use the ISP's SMTP-Server configured in outlook. Therefore I just blocked outgoing connections on destination port 25 which blocks the replication of the virus. Whenever someone is infected, I see this in the firewall logs. Then I can inform him but I basically don't bother as he does no harm to my network. 2) Worm: This is not so easy as the worm tries to replicate on your local network. The only solution to this is to block certain outgoing ports for known attacks and - which is more important - configure a VPN where clients may only communicate to your server but must not interact. On the other hand this is a huge limitation but there may be ways to allow certain connections (e.g. fileshareing etc.) or also block specific attacks. But this requires a switch that is aware of VPN etc. My advice: Don't fight it, live with it.
The hardware lock in is also my problem with Macs. You are just limited to this specific hardware.
Moreover if you buy Mac hardware you have to live without Windows, which is often not possible. There are a lot of situations where I just need some software that's only available for windows. There's no way to e.g. install vmware, or repartition your harddisk and install Windows XP. This can be a huge drawback.
I tend to use a dekstop PC, I don't use a laptop. Mac desktops are not easily upgradeable, therefore a noname PC is still the far cheaper and flexible solution.
I think the Mac has it's niches, but the reason why it's not more widespread is similar like Linux: missing software and hardware lock in.
10 GB of jpegs would take ~ 22 hours witch a P4-1.8Ghz to compress with this new technology.
Although it's very interesting that jpegs can theoretically be compressed, the processing time needed is too high, such technology will never make it to embedded systems, e.g. cameras etc.
Exactly.
Once in a while the "terminal idea" rises. And then it's gone again. Like this time. And the reasons for this are always, always the same:
- People can't install their specific software (how could they install e.g. "Moorhuhn"?) And although people are always annoyed about their computer problems, they just don't want to miss all their "special" software. They tend to decide for freedom above simplicity.
- Bandwidth and Servers will always be to slow for the "Terminal solution".
Oracle and Microsoft are fighting this topic over and over but it'll never change.
There are niche markets where terminal solutions tend to be better, but even those are slowly vanishing.
That's not true: The cooling does not cost you much energy. All fans together consume ~ 10W - this is few compared to 200W power consumption.
Right, long term, the CD/DVD is actually doomed. People just don't want to go to stores anymore, they want to get their music/video from the internet. As broadband connections increase and the bandwidth gets higher, the demand for online content increases.
I am sure that there's a market for online music, and I said market, which means that people will earn money with this technology.
People are willing to pay for what they consume. It's only that they want to decide, it never works in the long term if someone is selling something that people don't appreciate.
Music industry is going to change. But this only means that some markets are going to die and other markets will emerge. It's all about flexibility.
Did you know that the music industry earns more money by selling ringtones by selling singles?
To my mind Solaris lacks the following key points:
- It is not widely distributed, hence there is much more knowledge about Linux than about Solaris
- The code of Solaris will (perhaps) be opened. But that does not mean that patches/enhancements of someone will be implemented in the Solaris kernel. Migrations from closed source to open source always tend to be difficult - not only due to code issues, more due to - hmmm, let's call it "structural and organizational incompatibilities with the open source model".
- Linux is extremely well documented: You have some question, look at Google, at one of the thousands of mailing lists, forums etc. Solaris is of course documented. But it's not as easy to get help as it is in Linux.
- More open source software is available for Linux
- Will Solaris suit for desktops?
I think that Solaris has it's place in the IT environment and will continue to do so. Some people will like it, others will not. But there is no reason to think that Solaris will "kill Linux".
What I really would like to see is a feature that checks the quality of the recording while burning.
I own a Nec ND2500-A and although this is one of the better DVD-Recorders it once in a while produces coasters - and I only use quality media.
You won't recognize this beforehand, you try to read the DVD's back and recognize that your data is lost due to read errors.
This is _very_ annoying and I still found no solution to this.
So to anyone who uses DVDs for backups: Use a burner that supports readout of PI/PO errors and check every DVD you burned afterwards. At least I have not found a better solution to check if you are burning coasters.
If you need a really safe solution, stick with software RAID:
1) Linux SW-RAID is very well tested. It's very unlikely that a software bug will trash your data. HW-RAID Controllers have a firmware that can be buggy. It does not happen often, but if it does you're hosed (dataloss, no solution: closed source).
2) Consider the situation where your RAID-Controller fails. If it's an older model you won't get a replacement easily. No one guarantees that other controllers are compatible with the data format your defective controller wrote on your disks. So maybe all data is lost if you don't get an exact HW replacement.
To my mind HW-RAID has the advantage to be faster (but only with expensive controllers) and does have a battery buffered RAM which prevents dataloss in case of a power failure.
Seems that this is another player with a proprietary network protocol. (This team called IO Systems LANDISK)
Well, this means: no Linux servers, only windows/apple.
I still want to see a standalone player that supports either the SMB/CIFS (=Samba) or NFS as a protocol....
Simple "boobie"-question: Why does Echelon have lots of installations all over Europe?
Sorry, but thinking that the CIA uses them for spying on their own country is dumb.
This comment is a typical example for an "U.S. like" viewpoint. I think that patriotism is basically a good thing but it should stop where people start neglecting the reality to gain an idealistic perception of their country.
The Boing case was some time ago but to my mind it was not about stealing technical secrets, it was about spying an offering from Airbus which Boeing could then underbid.
It's right: We don't have a B-2 but merely because we don't need it. But Europe produced a lot of fighter planes which are sold all over the world, just like the swedish Saab Gripen, the french Mirage or the german Tornado.
Same goes with the Eurofighter: It's for sure no crap, it may have its problems but it has good specs compared with other fighter planes. And it's cost-effective.
But: What has a Eurofighter/F-22 to do with an Airbus? It's like saying: "Your cars are crap, the Ferrari F-50 outclasses your Dodge Viper!".
Well, this is surely no conspiracy theory. There are a number of examples that proove that Echelon is used for spying trade secrets.
Germany even sponsors projects like "GnuPG" and similar to protect EU companies from thefts.
There is nothing the EU can do against Echelon, I have no clue why - but they have probably political reasons.
The US established here in Europe a gigantic spy network, called Echelon. As we now know they also use this network for stealing trade secrets.
So, the situation here is not that different here unless no one seems to bother about this...
I own a HP49G+ since some weeks. I had a HP48SX beforehand and upgraded because the 49G+ is a lot faster and has a lot more builtin functions.
With the software I am very pleased, the calculator does all what I expect.
But the packaging, especially the keypad is PURE SHIT! The calculator is manufactured in China and it also feels like this. Compared to the HP48 this is a HUGE step back.
The keypad is very, very noisy, which is a problem because neighbours are disturbed by the loud keyclicks.
What's even worse, the keys are not reliable: You hear the keyclick but there is no input. This leads to a *lot* of typing errors. Around every 5'th keypress is missed, so you always have to control the input on the display.
When spending $150 for a calculator I just don't expect a packaging/keyboard worse than many $9.99.- calculators. Shame on HP!
There are rumours that some newer models have an improved keyboard but this cannot be confirmed. HP itself denies this obvious misdesign, denies that there are better keyboards built into newer versions of the HP49G and does not offer a solution.
So - before buying such a calculator, test the keyboard and make sure that it works.
I do agree that a CAS System (like Ti-89, HP49, Mathematica, Maple) does not help you unless you understand the stuff.
But in many cases such calculators can be very valuable, I for myself did an exam where you had to do matrix multiplications, eigenvalues and partial fractions. Of course I have to be able to solve all this by hand. But to my mind it makes more sense to study the principle of the math more deeply than training matrix multiplications and stuff like this.
My opinion is that Linux servers tend to have a lot higher uptimes than their MS counterparts.
This is not only an issue with stability, although MS Servers tend to "ask for a reboot" after some time, maybe after a week, or after a month. Linux does not seem to suffer from this, they happily run for years.
In Windows there are many cases where a reboot is recommended or even required, e.g. when changing the Workgroup. These occasions occur less with XP than with NT but they are still there. Many software installations ask the administrator for a reboot and it's up to you to decide if it's really necessary or not.
Why recompress?
;-)
Recompression makes only sense to me if there is not enough space for the DVDs. Moreover you lose the DVD-Menues and compressing 1000DVD's to e.g. DIVx's with good quality will take a *lot* of time. If one DVD compress takes let's say 4 hours, this sums up to 4000 hours for all DVD's. That's 4000/24 = 166 days (!).
If money is not an issue, why not combine those nice slow running 300GB harddisks from Maxtor to a huge disk array, e.g.:
Linux Software RAID5 array with 6 disks -> 1.5TB, so you need 3 of these, add one or two hot spare(s) for extra data safety, and do a RAID0 over these 3 arrays, so you have 19Disks -> Wow, that's $250.-*19 = $4750.-. Next you have to buy 4 PCI IDE-ATA133 Controller cards and some Motherboard. 4*5=20 -> 20 harddisks connectable.
The hardest Part will be the Case. It will not be easy to get a case where 19 disks can fit into. Maybe it works with some luck with a YeonYang YY-0221 Server case. If there's not enough space there, maybe some disks should go into an external USB case, but my experiences with external USB-Disks are not very good. Another option would be to split the whole thing into 2 or three servers. The Motherboard etc. will be cheap compared to the price of the disk array.
Moreover I would design the thing as a server and external USB-Disks don't work well when running 24/24. The System will be quite loud due to the many disks and fans, moreover shutting down and booting these RAID Arrays won't be a lot of fun.
Another drawback is that these disks are not SATA, so there is no hot swapping which can be quite cumbersome but the disks have a 3 year warranty, so they should not break to soon. And in 3 years you can anyway fit your data on one 4TB disk.
Well, the rest is simple: Rip those DVD's with some software and use MPlayer to play them directly from the disk. MPlayer features the "--dvd-device" option where one can specify also a directory where the ripped DVD is located. Probably I would suggest using another dedicated machine for playing the DVD's which mounts the server via e.g. NFS. *Maybe* solutions like "Freevo" also support playing DVD's directly from disk but I cannot confirm this. But programming a simple Menu with tcl/tk or something similar and starting MPlayer from this menu should not provide any trouble.
What I don't know is if MPlayer already can deal with those DVD-Menues...
Nice project. But quite expensive.
We had this BTX thing here in Europe already. It's the abbrevation for "BildSchirmText" and you can have a look at some reference designs here:
http://www.klaus.de/BtxMuseum/
It was not overall successful, so perhaps we stick with ATX...
Well, bind9 for example was programmed with security in mind and - AFAIK - there are far less security problems than with bind8.
The same applies to postfix/sendmail.
You are right that with low level programming languages like C/C++, security leaks happen more often but nevertheless you can hold on to simple "rules" that make your programs a lot more secure, just as not using strcat and the like.
But where is a solution? Languages that perform well - and I definitely want that with specific applications - have to be programmed in low level languages like C/C++. To my mind there is no other option and I certainly don't want to install a Java-Sendmail or Java-Apache.
Moreover with interpreted languages there's always the possibility that the interpreter itself has security leaks.
Overall, it is a good article but I would add two points:
1) When it comes to security, Denial of Service (DoS) is a big issue. AFAIK, the IPv6 standard includes mechanisms that reduce the danger of DoS attacks.
2) It's true that with IPv6 many applications have to be revamped, but think it that way: Many IPv4 applications were written without security in mind and again and again pose a threat to attacks. Think of programs like bind8 or the MS IIS. When these programs are revamped, it's likeley that the programmers will right away take steps to avoid security leaks like buffer overflows and the like.
At first it *seems* that NAT is a security improvement but lateron you will recognize that it' not.
NAT can never be a replacement for a firewall, especially a packet filter. Writing packet filters when NAT is involved will lead to a lot more complicated rulesets. Complicated rulesets mean that people easily leave holes in their firewalls and this means that the firewall can get insecure.
Moreover people will not be content with NAT, they often want/need programs that can be accessed from the internet which is by design impossible with NAT. To overcome these limitations, people set up "port forwarding" on the firewall/NAT machine and route specific ports to specific machines. This makes once again machines behind the firewall/NAT vulnerable to attacks - but even worse, the rulesets of these port forwardings get very often forgotten and are often incorrectly set up which once again creates holes for attackers.
NAT is indeed - as the author of the article states - a faustian bargain and I doubt that removing NAT setups will raise security hassles.
Moreover note that with IPV6 you still *can* do NAT, so if it's your choice, leave your NAT box that way and you can still switch from IPV4 to IPv6, but with IPv6 you have also the option to drop NAT.
You write: "Who would honestly let an out of the box Windows machine be open to the rest of the internet with no NAT?"
I would say: "Who would honestly let an out of the box Windows machine be open to the rest of the internet with no security between?"
As I denoted, setting up a packet filter should be easier and more transparent than setting up NAT. And don't forget, that the security issues emerge from the windows machine.
There is a special Windows-only program available from KISS that sets up a dedicated "server" for KISS devices. AFAIK the used protocol is proprietary and very, very limited.
In other words: The ethernet version of the KISS is useless for people with a Linux server.
Moreover there is even ReiserFS on this RAID5. It's only 8GB and not very heavily used but I never suffered from data loss due to a software failure.
I especially don't get the point for buying an expensive 3D video card and a wireless mouse for a fileserver.
Moreover they did not seem to bother buying ECC RAM what would clearly increase the overall stability of the system.
The case they chose seems not very "genius" to me - compared to something like the YeonYang YY-0221 Server.