The new XP service pack touts an automated and interactive firewall builder. It supposedly starts out with a closed firewall and builds one in response to new packets. Microsoft sometimes does a good job of delivering good features and this is one of them.
Is Masonthe best tool for doing this on the Linux side? It looks like it has been around a while, and I'm lamely noticing it right now.
A good project for linux advocates might be a translation of MS's sales literature into how to do it in Linux, Debian, Redhat, Fedora, etc.... MS's marketers are good at identifing what they need to write on the box or in the literature to get people to buy it, and I'm certain that for each line item, there is good open source software. Right now you need a guru or tons of time to figure out just how to do each of the features on a MS XP/Office/whatever box, if you could go to to a how to do it in linux site and find a point-by point guide to how-tos, it might make the assimilation easier.
Example: from a current XP/SP2 release:
The software adds a new "security center" that is intended to provide a beefed-up firewall as well as easy ways to tell whether a PC is updated and protected against viruses.
Alternatives:
Mason, (link) the automated firewall builder LIDS, Linux Intrusion detection software Tripwire, (link) the system intrusion monitor
* Fedora: yum install mason tripwire...or whatever. Each big story or release of MS software should be an opportunity to figure out how to do it in linux.
I often browse with a sliver of an editor visible behind the browser so I can read the info and type. Sometime I like having active windows in the background, or with the useless fringy stuff pushed off of the screen.
Eyes do multitask with the rest of your body -- you can see things out of the corner of your eye, and type without watching your fingers move or the letters pile up on the screen.
Why on earth would yoou want a monitor bigger than one piece of paper? To maybe show two pieces?
The text of Bush's speech is indeed exactly the same on both pages, but the headlines certainly do differ.
Maybe you think they edited it to save six bytes in the text version? The html page titles and metadata also have differing text. And those are what the public search engines key on.
I did post it in a couple places on this topic since it seems very relevant to the discussion.
Most of the people seem to be saying:
1) It's probably just a mistake made by some low-level flunkie,
2) It doesn't really hide anything
3) They haven't changed anything
Now the difference in the headlines is one mistake, and the robots.txt is another. How many mistakes do we let them make before we begin to worry about them making important ones.
If you don't start out having faith that this administration is trustworthy, they don't do a single thing to earn trust, and a hundred little things that make you doubt.
How many uncommunicative incompetents does it take to run an administration into the ground?
With your theory, them web folks did a bad job -- On the pages released by the office of the Press Secretary May 1, 2003 they failed to change both of the pages. Of course the embarassing one of them is hidden from the polite search engines through the very robots.txt file we are all talking about.
Pardon me, but some of them do lead to interesting things./news/releases/2003/05/iraq/ exists, and even contains different data than news/releases/2003/05/text/ or news/releases/2003/05/
In the text version, the pages says 'President Bush Announces Combat Operations in Iraq Have Ended' while in the robot accessible version, it is ''President Bush Announces Major Combat Operations in Iraq Have Ended'.
In the text version, the pages says 'President Bush Announces Combat Operations in Iraq Have Ended' while in the robot accessible version, it is ''President Bush Announces Major Combat Operations in Iraq Have Ended'.
In the text version, the pages says 'President Bush Announces Combat Operations in Iraq Have Ended' while in the robot accessible version, it is ''President Bush Announces Major Combat Operations in Iraq Have Ended'.
There are perfectly good error codes for Gone (410), moved temporarily (302), moved permanently (301), and a host of other codes for more mundane reasons.
The question that the tin-foil-hat crowd wants answered is where does the content go that doesn't exist anymore? Did they ship it over to Ashcroft's boys and delete it off the server? Or move it off under/kids/eggroll/barney/iraq/DoNtInDeX/oldspeak/nosex withthatwoman.txt "Technically", it is still on the publically addressable web page, anyone could look at it, if they knew the obfuscated secret.
Making the robots.txt file 'accidently' inhibit robots makes the data more inconvenient to access, not impossible. So "Technically", it is still accessible, but instead of using google, you'd have to use the white house search tool instead.
If you trusted them before, you will probably keep trusting them. If you were suspicious, this is another 'mistakes were made' brick in the wall to wonder about.
As for me, the one-word difference in the two headlines above makes me suspicious.
The fact of any security measure being not 100% effective is the critical one, and completely vitiates most procedures. You may be able to rationalize a scenario that explains a procedure. But the low occurance of the feared scenario, coupled with the imperfections often make the system with the new procedure work worse than the old.
Since terrorism happens so infrequently, we can't tell if terrorist acts have decreased, increased, or stayed the same since any new tightened procedures have been implemented, or even since 9/11/01. Looking at it the other from the other side, more arduous security measures are a definite good for those who are paid to implement them, and we should be suspicious that their $100000/unit, less than perfect security system isn't truly any more effective than rolling dice.
As an example, suppose 1 person in 1000000 tries to smuggle a bomb detectable by those ion scanners in airports, and those scanners have a 95% detection rate and a 1% false alarm rate. With 200 million passengers/month (http://www.atwonline.com/stats_top25.cfm), 10 bombs will be completely undetected, the device will trigger 2000190 times, causing the screenings to be useless 99.9905% of the time, and hoping that the further screening will pick up the 0.01%. Maybe the time and effort doing the useless screenings would be better as guard service on the flights, or on combat training for the crew.
You can juke around with the numbers some, but there's always a tradeoff between the sensitivity and the false alarm rate of any test.
Terrorist acts are so low frequency, that using an imperfect system to counteract them is a waste of money and effort. Gains that you would expect from a system are mostly lost in the wasted effort in false alarms, and the effort might be better directed elsewhere.
Me? I want to carry my Visor Edge stylus on the plane so I can poke the eye of a box-toting hijacker, like brave Swiss Army penknife, fingernail clipper, and knitting needle toting passengers on flight 93. Rationalizing useless security procedures is counterproductive.
If you look at the units, it is clear that it is a density thing. If the fuel cell holds 10 times more energy by weight, and only 2 times more energy by volume, then the density of the fuel cell is 1/5th of the density of the NiMH battery.
Often the cities charge a user/connection fee when a house is built and attached to the system. It can be based on the number of bedrooms, or on the size of the pipe, which itself is sometimes regulated. In some places, there's a surcharge for a fatter pipe. 3/4" used to be fine for an average family, but now we have larger houses with more water-saving devices in it, and some smaller families, but the plumbing unions like putting in higher capacity 1.25" pipes, and the municpalities like charging more.
It isn't as if the same 4.5 people use 77% more water nowdays, and also the larger pipes build up scale faster, but it is a scam perpetrated by the plumbers and municipalities to increase their charges and fees, with the justification of the increased numbers of access points (more showers baths, tubs, sinks), against the new home buyers.
Trying to charge for more access points is the same sort of scam.
Do the statistics on 'spamminness' really improve the system? Wouldn't it be easier to throttle all the email to a site-adjustable rate, and have the same effect on the spammers? The ease of implementation would increase the ubiquity, and it would increase the hardware/software requirements of those who mail massively.
For example, if your machine only receives a small amount of email per day, why not throttle them to take 10-20 minutes of connect time overall? If you only get two emails per day (one real and one spam), getting them 10 minutes later probably won't bother you too much, but could cost the spammer or his relay-helpers a 5 minute duration on a connection.
I receive about a hundred emails per day from a number of sources, and adding six to sixty seconds of delay per email wouldn't cause me any grief. But if everyone throttled their email, it might cause someone using their '250 million Valid! Tested! Opt-In!' email lists to have to upgrade their machine to half a million connections to process it in an hour.
I don't see that differential throttling has any benefit over a contant throttling rate. For a big site, the differentiation between spam and not-spam would probably cost you any load advantage you earned in slowing the spam, and for a small system, the delay would not be noticable.
Of course, big senders like AOL, prodigy, and yahoo, might have to upgrade...
Is this an either-or proposition? I think we can blast the priceless artifacts, increase the level of terrorism against US citizens, and end some priceless Iraqi lives, all with one invasion.
Slashdot Mirror
The new XP service pack touts an automated and interactive firewall builder. It supposedly starts out with a closed firewall and builds one in response to new packets. Microsoft sometimes does a good job of delivering good features and this is one of them.
- howto/ch6.en.htmla ls/securing-debian- howto/ch-sec-services.en.html
...or whatever. Each big story or release of MS software should be an opportunity to figure out how to do it in linux.
Is Masonthe best tool for doing this on the Linux side? It looks like it has been around a while, and I'm lamely noticing it right now.
A good project for linux advocates might be a translation of MS's sales literature into how to do it in Linux, Debian, Redhat, Fedora, etc.... MS's marketers are good at identifing what they need to write on the box or in the literature to get people to buy it, and I'm certain that for each line item, there is good open source software. Right now you need a guru or tons of time to figure out just how to do each of the features on a MS XP/Office/whatever box, if you could go to to a how to do it in linux site and find a point-by point guide to how-tos, it might make the assimilation easier.
Example: from a current XP/SP2 release:
The software adds a new "security center" that is intended to provide a beefed-up firewall as well as easy ways to tell whether a PC is updated and protected against viruses.
Alternatives:
Mason, (link) the automated firewall builder
LIDS, Linux Intrusion detection software
Tripwire, (link) the system intrusion monitor
* Debian: apt-get mason tripwire
(see http://www.debian.org/doc/manuals/securing-debian
http://www.debian.org/doc/manu
* Fedora: yum install mason tripwire
Take a look at Sacha Chua's planner.el and remember.el
I often browse with a sliver of an editor visible behind the browser so I can read the info and type. Sometime I like having active windows in the background, or with the useless fringy stuff pushed off of the screen.
Eyes do multitask with the rest of your body -- you can see things out of the corner of your eye, and type without watching your fingers move or the letters pile up on the screen.
Why on earth would yoou want a monitor bigger than one piece of paper? To maybe show two pieces?
If you like emacs, look into planner.el and remember.el. planner.el
planner sets up a covey-like set of project and date files in a directory, and remember can keep notes on whatever on the date pages. It's great!
But if you don't already think emacs is a good tool, don't learn it for this purpose.
Ooh, it looks like the ingenious advance man and the Lincoln crew are mistakers as well.
m l
http://www.nbcsandiego.com/news/2592556/detail.ht
And back to you....
e xt/20030501-15.html missing the word "Major" in the title, metadata and the headline, which are precisely what the search engines are most interested in.
I did look again.
The headlines still differ, with
http://www.whitehouse.gov/news/releases/2003/05/t
The president's speech, however, is exactly the same on both pages, so, maybe "technically" they are the same.
"So it's obviously an insider job done to discredit the president."
;)
Which means, of course, that the president and his staff are incapable of picking good people.
The text of Bush's speech is indeed exactly the same on both pages, but the headlines certainly do differ.
Maybe you think they edited it to save six bytes in the text version? The html page titles and metadata also have differing text. And those are what the public search engines key on.
Thanks.
I did post it in a couple places on this topic since it seems very relevant to the discussion.
Most of the people seem to be saying:
1) It's probably just a mistake made by some low-level flunkie,
2) It doesn't really hide anything
3) They haven't changed anything
Now the difference in the headlines is one mistake, and the robots.txt is another. How many mistakes do we let them make before we begin to worry about them making important ones.
If you don't start out having faith that this administration is trustworthy, they don't do a single thing to earn trust, and a hundred little things that make you doubt.
How many uncommunicative incompetents does it take to run an administration into the ground?
e xt/20030501-15.html versus http://www.whitehouse.gov/news/releases/2003/05/ir aq/20030501-15.html and robots.txt has /news/releases/2003/05/text/ in it.
With your theory, them web folks did a bad job -- On the pages released by the office of the Press Secretary May 1, 2003 they failed to change both of the pages. Of course the embarassing one of them is hidden from the polite search engines through the very robots.txt file we are all talking about.
See for yourself:
http://www.whitehouse.gov/news/releases/2003/05/t
Compare the headlines.
So tell me, how many mistakes were made, and by who? Do the bucks stop everywhere they get a chance in this administration?
Pardon me, but some of them do lead to interesting things. /news/releases/2003/05/iraq/ exists, and even contains different data than
e xt/20030501-15.html versus http://www.whitehouse.gov/news/releases/2003/05/ir aq/20030501-15.html and http://www.whitehouse.gov/robots.txt has /news/releases/2003/05/iraq/ in it.
news/releases/2003/05/text/ or news/releases/2003/05/
See for yourself:
http://www.whitehouse.gov/news/releases/2003/05/t
Compare the headlines.
See:e xt/20030501-15.html
r aq/20030501-15.html
http://www.whitehouse.gov/news/releases/2003/05/t
which differs from
http://www.whitehouse.gov/news/releases/2003/05/i
In the text version, the pages says 'President Bush Announces Combat Operations in Iraq Have Ended' while in the robot accessible version, it is ''President Bush Announces Major Combat Operations in Iraq Have Ended'.
Get your own screenshots.
See:e xt/20030501-15.html
r aq/20030501-15.html
http://www.whitehouse.gov/news/releases/2003/05/t
which differs from
http://www.whitehouse.gov/news/releases/2003/05/i
In the text version, the pages says 'President Bush Announces Combat Operations in Iraq Have Ended' while in the robot accessible version, it is ''President Bush Announces Major Combat Operations in Iraq Have Ended'.
Get your own screenshots.
So most are 404s, some are videos, and you assume others have mundane reasons. What about the ones with real content? Likee xt/20030501-15.html
r aq/20030501-15.html
/kids/eggroll/barney/iraq/DoNtInDeX/oldspeak/nosex withthatwoman.txt "Technically", it is still on the publically addressable web page, anyone could look at it, if they knew the obfuscated secret.
http://www.whitehouse.gov/news/releases/2003/05/t
which differs from http://www.whitehouse.gov/news/releases/2003/05/i
In the text version, the pages says 'President Bush Announces Combat Operations in Iraq Have Ended' while in the robot accessible version, it is ''President Bush Announces Major Combat Operations in Iraq Have Ended'.
There are perfectly good error codes for Gone (410), moved temporarily (302), moved permanently (301), and a host of other codes for more mundane reasons.
The question that the tin-foil-hat crowd wants answered is where does the content go that doesn't exist anymore? Did they ship it over to Ashcroft's boys and delete it off the server? Or move it off under
Making the robots.txt file 'accidently' inhibit robots makes the data more inconvenient to access, not impossible. So "Technically", it is still accessible, but instead of using google, you'd have to use the white house search tool instead.
If you trusted them before, you will probably keep trusting them. If you were suspicious, this is another 'mistakes were made' brick in the wall to wonder about.
As for me, the one-word difference in the two headlines above makes me suspicious.
Hey AC,
What's a good source for news on the status of Afganistan?
Thanks,
Ha! Thanks for that.
The fact of any security measure being not 100% effective is the critical one, and completely vitiates most procedures. You may be able to rationalize a scenario that explains a procedure. But the low occurance of the feared scenario, coupled with the imperfections often make the system with the new procedure work worse than the old.
Since terrorism happens so infrequently, we can't tell if terrorist acts have decreased, increased, or stayed the same since any new tightened procedures have been implemented, or even since 9/11/01. Looking at it the other from the other side, more arduous security measures are a definite good for those who are paid to implement them, and we should be suspicious that their $100000/unit, less than perfect security system isn't truly any more effective than rolling dice.
As an example, suppose 1 person in 1000000 tries to smuggle a bomb detectable by those ion scanners in airports, and those scanners have a 95% detection rate and a 1% false alarm rate. With 200 million passengers/month (http://www.atwonline.com/stats_top25.cfm), 10 bombs will be completely undetected, the device will trigger 2000190 times, causing the screenings to be useless 99.9905% of the time, and hoping that the further screening will pick up the 0.01%. Maybe the time and effort doing the useless screenings would be better as guard service on the flights, or on combat training for the crew.
You can juke around with the numbers some, but there's always a tradeoff between the sensitivity and the false alarm rate of any test.
Terrorist acts are so low frequency, that using an imperfect system to counteract them is a waste of money and effort. Gains that you would expect from a system are mostly lost in the wasted effort in false alarms, and the effort might be better directed elsewhere.
Me? I want to carry my Visor Edge stylus on the plane so I can poke the eye of a box-toting hijacker, like brave Swiss Army penknife, fingernail clipper, and knitting needle toting passengers on flight 93. Rationalizing useless security procedures is counterproductive.
Funny, I exactly remember that phrase from Adventure
If you look at the units, it is clear that it is a density thing. If the fuel cell holds 10 times more energy by weight, and only 2 times more energy by volume, then the density of the fuel cell is 1/5th of the density of the NiMH battery.
So we just need DRM to ensure that only proper attack and non-attack programs keep the bit set properly.
Come on Palladium!!
Often the cities charge a user/connection fee when a house is built and attached to the system. It can be based on the number of bedrooms, or on the size of the pipe, which itself is sometimes regulated. In some places, there's a surcharge for a fatter pipe. 3/4" used to be fine for an average family, but now we have larger houses with more water-saving devices in it, and some smaller families, but the plumbing unions like putting in higher capacity 1.25" pipes, and the municpalities like charging more.
It isn't as if the same 4.5 people use 77% more water nowdays, and also the larger pipes build up scale faster, but it is a scam perpetrated by the plumbers and municipalities to increase their charges and fees, with the justification of the increased numbers of access points (more showers baths, tubs, sinks), against the new home buyers.
Trying to charge for more access points is the same sort of scam.
For example, if your machine only receives a small amount of email per day, why not throttle them to take 10-20 minutes of connect time overall? If you only get two emails per day (one real and one spam), getting them 10 minutes later probably won't bother you too much, but could cost the spammer or his relay-helpers a 5 minute duration on a connection.
I receive about a hundred emails per day from a number of sources, and adding six to sixty seconds of delay per email wouldn't cause me any grief. But if everyone throttled their email, it might cause someone using their '250 million Valid! Tested! Opt-In!' email lists to have to upgrade their machine to half a million connections to process it in an hour.
I don't see that differential throttling has any benefit over a contant throttling rate. For a big site, the differentiation between spam and not-spam would probably cost you any load advantage you earned in slowing the spam, and for a small system, the delay would not be noticable.
Of course, big senders like AOL, prodigy, and yahoo, might have to upgrade...
A false dilemma is bad reasoning.
http://physics.nist.gov/cuu/Units/binary.html
What are they?