Actually, I would rather have a patched system and a personal firewall. Even the windows personal firewall will block many of the scanning worms that are out there.
It all comes down to trust boundaries... Sure, if you trust everyone else inside your firewall, life is great and you can be lazy with your patches... If, OTOH, you share a network computers that are run by morons^h^h^h^h^hless skilled people, perhaps then the only machine you can trust is your own, therefore you trust boundary is between your NIC and the patch cable.
10 Gbps over copper is here. Cisco will have a xenpak out by the end of the month for $600. It does not use Cat5 or Cat6, it uses infiniband cable. According to: http://www.intel.com/design/network/products/ optic al/serdes/txn17431.htm It is a "4X (8-signal pair) electrical connector. The connector is a shielded structure for low cross-talk"
Of course you need something to plug the xenpak into, and that is where the money will be spent. Cisco is also releasing a 16 port 10/100/1000 switch with one slot for a xenpak for $20K. Not bad... especially with the 32 Gbps backplane cable they use for stacking.
I have actually given a presentation on this at last summers Internet2 Joint Techs meeting.
At Carnegie Mellon, all students get globally routable IP addresses in the dorms. There are no filters on the traffic (except bogon filters that an respectable ISP should have to keep spoofed traffic from leaving a subnet).
We have a probe on our egress router that tracks daily inbound and outbound traffic sums per IP address. We have a policy that if a student exceeds more than 7.5 Gigabytes of traffic in either direction (calculated separately) over a 5 day period (1.5 GBs/day) they will get a warning message that reminds them of the policy. If after 3 days, they exceed 1.5GBs in one day, they get a warning, then 3 days later, if they keep on exceeding, we yank their machine off the network (block their ip on the router and take them out of the dhcp server config).
We used to do the message sending and yanking by hand. It would take about 2 hours per week of my time. Now it is all automated and takes no time.
Our rationale is that trying to do application policing is a losing strategy. It will not be long until the kazaas of the world are port hopping and encrypting their data, or encrypting the data and sending it over port 443. It is a losing game.
Here is a link to the presentation material: http://www.net.cmu.edu/pres/jt0803/
Sounds like you University people are using a nuclear bomb instead of dealing with the one computer doing something bad. I have seen these messages, all the Uni needs to do is stop the one machine serving the movie to be in compliance. The problem is probably that you University has no idea how to track down who had the specific IP address that was sharing the movie. They probably have dynamic dhcp turned on and are either not logging or have no idea whose machines belong to a certain MAC address.
Would that be Microsoft PEAP (PEAP-EAP-MSCHAPv2) or Cisco PEAP (PEAP-EAP-GTC)?
The lovely thing about open standards is that there can be some many ways to implement them:-p
Windows ships with a client that supports MS PEAP. The Cisco aironet client supports Cisco PEAP. They are not really compatible. The MS PEAP client works great when authenticating against and NT Domain or an AD. The Cisco version works with more third party radius backends to authenticate clients. Designing a wireless security and authentication infrastructure can be interesting. Particularly if you want to avoid storing cleartext passwords anywhere.
The Apple Panther client supports L2TP over IPsec. I am not sure what bluesockets is doing with IPsec, but that would be a good thing for them to support.
Hell yeah... R. Daneel Olivaw should definitely get in there sometime. All of these movie and television robots have been mentioned... Hey, go read a book...;-)
It amazes me how I. Asimov was able to tie together so many of his series (so well IMHO). R. Daneel is perhaps one of his most important characters. I think Giskard should get some props to for the work he has done in fiction.
He is the first robot I thought about for nomination.
There may only be 13 ip addresses for root servers, but there are more than 13 machines and 13 locations for them. The F root server, run by the ISC, is using anycast. There are multiple machines located in or near major exchange points all with the same IP address.
Check it out: http://f.root-servers.org/
Using bgp export rules, they allow for failover to remote servers in the event that the local server goes down. A ddos attack will have to work extra hard to take down all the f root servers, since they could not easily attack all of the servers without using owned machines all around the globe.
This guy is full of shit. Verisign does not innovate.
It looks like Microsoft needs to go back and look at their code again. There is a new virus in the wild that is exploiting port 135. Security people have yet another reason to be upset at the Redmond giant.
As seen on full disclosure: From: "3APA3A" To: ;;
Cc: Sent: Friday, October 10, 2003 6:48 PM Subject: Bad news on RPC DCOM vulnerability
Dear bugtraq@securityfocus.com,
There are few bad news on RPC DCOM vulnerability:
1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is again actual. 2. It was reported by exploit author (and confirmed), Windows XP SP1 with all security fixes installed still vulnerable to variant of the same bug. Windows 2000/2003 was not tested. For a while only DoS exploit exists, but code execution is probably possible. Technical details are sent to Microsoft, waiting for confirmation.
Dear ISPs. Please instruct you customers to use personal fireWALL in Windows XP.
I think the whole thing is a big PR blitz. Like when MS announced how it was going to crack down on bad code. It must be tough to be Microsoft, once you make the sale, you need to keep them coming back for me, like a heroin dealer, you need to keep them hooked and wanting more and wanting better.
Microsoft Excel was great back at version 4. I don't know what they added since that has been an amazing thing for me personally. I am sure there are many people dying to get the newest version. Word 5 was insane, and they were able to improve with the XP version. Powerpoint bores me, both using it and viewing it. Access, damn people, get friendly with mysql or postgresql, forget access, it will ruin you! Windows itself, never really found a version that I "liked" (why my primary machine is a Powerbook). I don't think that the folks in Redmond have a chance at making something that will make me happy.
Thank goodness for Windows though... Thanks to Microsoft we of the world of Linux and BSD can buy cheap hardware to run a very powerful operating system on.
If you bought a Toyota Prius and always drove with 4 people who weighed 300 pounds each in it, you would not get anywhere near the rated mpg.
If you buy a HD and format it with a lousy file system, you will get nowhere near the rated capacity.
If you buy an ethernet hub and connected 50 computers to it using daisy chained hubs, you won't get anywhere near 10mbps.
The fact is, they need to pick a number. The number they pick relates to the maximum throughput the device can transmit. Once you subtract protocol headers, at a minimum, you won't get 54 mbps. Saying they should advertise it at 22 mbps will never happen, because you will never get the manufacturers to agree on a rate to advertise. Look at modem statistics. a 53kbps modem will not typically transmit 53kbps of user data. Downloading a 5300kbit file will take more than 100 seconds. Should they restate their speeds?
It is perfectly reasonable to expect only 20 mbps throughput with a 802.11a or 11g network, for the same reason that 4-5 mbps is average using a 10baset hub or 802.11b. These are all shared mediums. Clients must use Collision Detection and avoidance. There is competition for the available bandwidth. All wireless must contend with clients that are connected at different rates. If a host is far enough from a 11a access point that it associates at 12 mbps, It's communications with the AP will take a longer timeslice from the available airspace. Clients associated at a higher rate will have their effective communication rate drastically effected.
Does it matter? Is it bad to market 11a and 11g at their 5x mbps? or 11b at 11mbps? Not really. (IMHO) Just like Hard drives are advertised at they size before putting a file system on them, it is up to the user to understand what the numbers really mean.
If you are the only client associated with an AP, your throughput will probably be much closer to the theoretical maximum, just as if there are only two things connected to a hub, their communications with each other will be better than if there were five.
With the huge size of some databases, it would make more sense to connect to your offsite storage via fiber and store it there. There is no reason the backup disks need to be in the same room or building or state as the primary disks. Then you also solve the problem of reliably getting the data offsite in the first place. This is of course more expensive than renting a storage locker and driving a dat tape over to it every night, but I don't think Citibank is driving too many tapes around town. (just a guess)
Believe me it or now, I had a dream that I was on an airplane that was doing this maneuver for testing, but dropping a real bomb. I was in the back of the plane and when I saw it falling, all I could think about was, we are no way going to get far enough away.
Very strange to wake up, go to/. first thing and see this new article...
I was hoping for something more 3-D, but it is still cool. Who get's to play the ghosts? They can put some red bull cans where the super-dots are and have alot of fun, well maybe not alot of fun, but at least some.
Before god created google, there was Yahoo!, and that wasn't too bad. Man was able to find interesting pages by drilling down through skillfully maintained categorical organization. Than Man created the computer and said, screw this, I can write a program that can do all this for me, leaving more time for Pan-Galactic Gargle Blasters. Man said, I shall call my invention Google. In most portions of the Galaxy, Google has largely supplainted the more pedestrian Encyclopedia Yahoo!. In cases where there is a descrincy between the real world and Google, the fault lies in the real world.
Obscurity does not provide security. Things like CERT exist, or better yet:
Vulnerability disclosure publications and discussion tracking at Oulu Univeristy in Finland. The way to deal with buggy software is to find the bugs, fix them ASAP and let the world know about the bugs. It is not to ban Rendezvous, or not use it.
Better security is obtained by protecting the physical layer from access. Wireless has it's own caveats, of course, but there are ways to make cracking into your wireless network "expensive" for casual war drivers, kind of like putting a Club on your steering wheel.
If a hacker can't get to your phy layer (the entire Layer 2 "wire"), then Rendezvous isn't that bad. It is link-local. Of course you need good host security to help prevent the compromise of a host on your subnet, but Rendezvous won't help them crack a host, unless they are already on your subnet. (round and round we go).
As for "Almost any piece of software is secure only because of obscurity" this can't be a common opinion outside of Microsoft.
Rendezvous uses link-local multicast, not broadcast. "Multicast DNS Responder (mDNSResponder), the component that listens for and responds to DNS-format query packets, sent via IP Multicast to UDP port 5353" From: http://developer.apple.com/darwin/projects/rendezv ous/
I don't see why Rendezvous could not be enabled to use global multicast. Apple could use a GLOP address (http://www.faqs.org/rfcs/rfc2770.html) for each application that wants to have a global presence.
Oh, btw, since when is kiddie-porn a form of speech? I did not realize that the Bill of Rights protected it. "Amendment I
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances."
So, if I need to tolerate kiddie porn to be a supporter of free speech, then how come it is illegal in the U.S. when we have Amendment I of the constitution?
I know I am being a little idealistic about our Bill of Rights. Between Terrorism and the Drug war, alot of those rights have been trampled on.
Speaking of rights (this is slightly off topic, but I'll risk moderation) I saw Kevin Mitnick speak last night, and I find the Federal prosecuters actions despicable. Forcing him to waive his right to a speedy trial. Threating to put hiim into solitary confinement. Everyone here already knows about it, but damn if our government doesn't just suck sometimes.
Have they figured out how to anonymize the transfer of a file from a freenet server? If someone does a search for illegal material that freenet has decided to serve in my encrypted share and downloads it, they can see my ip address, can't they?
Maybe common carrier status applies, but I don't want to be the test case.
Hum, big difference between using PGP, where I control my personal use and the use of my equipment and running a server software where I have little or no control over the way that my machine is being used.
The same arguement allows me to see the use of anonymous remailers. Anonymity can be a good and powerful tool.
as for kiddie-porn, there is no reasonable excuse...
Who else finds this a disturbing arguement: " I don't want my node to be used to harbor kiddie porn, offensive content or terrorism. What can I do?
The true test of someone who claims to believe in Freedom of Speech is whether they tolerate speech which they disagree with, or even find disgusting. If this is not acceptable to you, you should not run a Freenet node."
From the freenet.org documentation page. I find it hard to believe that "the true test" of Freedom of Speech means tolerating child porn. You can be sure as hell that I will take their advice and not run a Freenet node.
results from googleshare... 'google' has a 7.65% googleshare of 'slashdot'
There are 8 out of 10 top-ten result matches.
Which gives a bonus ranking of 38/55: (10 for top result, 9 for next etc...)
Seriously though, I remember trying to find people or facts on yahoo, altavista, lycos, and it would be a long process that often came up with nothing. Google, OTOH, is like the Hitchhikers Guide, it has larger suplanted other pedistrian search engines and has become the defacto standard of information search and retrievial.
What are you talking about? Where do you get the idea that "the students are paying for at least half the bandwidth" ?? Not all colleges/universities are state schools either. Not all money into a University comes from students. Most, if not all, departments do research where they receive money, usually from the government, but more and more from corporations. This money is then used by departments to pay for computing services. Sure the students contribute to the money available for these services also, but most Universities do not have a specific fee for "Internet Access" that they charge to students. Your idea that $50 will buy you a DSL connection probably means that you have no idea what is involved with a University Network. If every student had a dsl connection, and none had direct access to the University network, then every student would need to come into the University network via the commodity Internet connection to access their email, course web pages, student activity information pages. This would soon saturate the University Internet connection. After all you propose that DSL is a better solution.
Something our University does not do, but some do, they purchase a separate Internet connection just for their dorm users. The housing departments pay the costs for it, if students complain about slow Internet connections, they can talk to the housing department.
You get a heck of alot more for you money from a decebt University than you get from any ISP. Network Printers, computer clusters, web publishing systems, your own static IP plus the ability to pick your own hostname, wireless network access. These are all things that our university gives students for their money. I think it is pretty fair.
Sounds like your school needs to come up with a Terms of Service. We have no problem turning off access on any machine that is infected or impacting other users service with no good reason.
First off, both of you need to learn how to spell, just had to say it.
How do you know how much the students at this person's school are paying for network access? Do you have any idea how much that network access costs? $50 a month will not purchase you all of the core routing equipment so that you can get (at minimum) 10 mbps connections to all of the campus servers. When you buy DSL, what do you get? One connection. At a Uni you are connecting to potentially thousands of other computers at very high speeds.
The fact is, if Universities did nothing about student P2P serving, they would not be able to buy enough commodity Internet bandwidth to keep up with the demand of all those home P2P users trying to download the latest movie. Throwing more BW just means more file sharing.
Firewalling an entire campus is just plain silly. It would be like storing the crown jewels in a prison, there are just as many potential troublemakers on the inside as there are on the outside. If a firewall is deemed necessary, it makes more sense placing it as close to the sensitive machines as possible.
The firewall mentioned above is a bit draconian. Our residence network allows the students to chose their own hostname, get a globally routable IP address and run (pretty much) any services they want, as long as they are not doing anything illegal or commercial. It can be said that running your own http server is educational, or better yet, writing some brand new server that does something cool and interesting.
Slashdot Mirror
Actually, I would rather have a patched system and a personal firewall. Even the windows personal firewall will block many of the scanning worms that are out there.
It all comes down to trust boundaries... Sure, if you trust everyone else inside your firewall, life is great and you can be lazy with your patches... If, OTOH, you share a network computers that are run by morons^h^h^h^h^hless skilled people, perhaps then the only machine you can trust is your own, therefore you trust boundary is between your NIC and the patch cable.
(I do like routers though...)
10 Gbps over copper is here. Cisco will have a xenpak out by the end of the month for $600. It does not use Cat5 or Cat6, it uses infiniband cable. According to:/ optic al/serdes/txn17431.htm
http://www.intel.com/design/network/products
It is a "4X (8-signal pair) electrical connector. The connector is a shielded structure for low cross-talk"
Of course you need something to plug the xenpak into, and that is where the money will be spent. Cisco is also releasing a 16 port 10/100/1000 switch with one slot for a xenpak for $20K. Not bad... especially with the 32 Gbps backplane cable they use for stacking.
I have actually given a presentation on this at last summers Internet2 Joint Techs meeting.
At Carnegie Mellon, all students get globally routable IP addresses in the dorms. There are no filters on the traffic (except bogon filters that an respectable ISP should have to keep spoofed traffic from leaving a subnet).
We have a probe on our egress router that tracks daily inbound and outbound traffic sums per IP address. We have a policy that if a student exceeds more than 7.5 Gigabytes of traffic in either direction (calculated separately) over a 5 day period (1.5 GBs/day) they will get a warning message that reminds them of the policy. If after 3 days, they exceed 1.5GBs in one day, they get a warning, then 3 days later, if they keep on exceeding, we yank their machine off the network (block their ip on the router and take them out of the dhcp server config).
We used to do the message sending and yanking by hand. It would take about 2 hours per week of my time. Now it is all automated and takes no time.
Our rationale is that trying to do application policing is a losing strategy. It will not be long until the kazaas of the world are port hopping and encrypting their data, or encrypting the data and sending it over port 443. It is a losing game.
Here is a link to the presentation material:
http://www.net.cmu.edu/pres/jt0803/
Sounds like you University people are using a nuclear bomb instead of dealing with the one computer doing something bad. I have seen these messages, all the Uni needs to do is stop the one machine serving the movie to be in compliance. The problem is probably that you University has no idea how to track down who had the specific IP address that was sharing the movie. They probably have dynamic dhcp turned on and are either not logging or have no idea whose machines belong to a certain MAC address.
:-(
Sucks to be you
Would that be Microsoft PEAP (PEAP-EAP-MSCHAPv2) or Cisco PEAP (PEAP-EAP-GTC)?
:-p
The lovely thing about open standards is that there can be some many ways to implement them
Windows ships with a client that supports MS PEAP. The Cisco aironet client supports Cisco PEAP. They are not really compatible. The MS PEAP client works great when authenticating against and NT Domain or an AD. The Cisco version works with more third party radius backends to authenticate clients. Designing a wireless security and authentication infrastructure can be interesting. Particularly if you want to avoid storing cleartext passwords anywhere.
The Apple Panther client supports L2TP over IPsec. I am not sure what bluesockets is doing with IPsec, but that would be a good thing for them to support.
Hell yeah... R. Daneel Olivaw should definitely get in there sometime. All of these movie and television robots have been mentioned... Hey, go read a book... ;-)
It amazes me how I. Asimov was able to tie together so many of his series (so well IMHO). R. Daneel is perhaps one of his most important characters. I think Giskard should get some props to for the work he has done in fiction.
He is the first robot I thought about for nomination.
There may only be 13 ip addresses for root servers, but there are more than 13 machines and 13 locations for them. The F root server, run by the ISC, is using anycast. There are multiple machines located in or near major exchange points all with the same IP address.
Check it out:
http://f.root-servers.org/
Using bgp export rules, they allow for failover to remote servers in the event that the local server goes down. A ddos attack will have to work extra hard to take down all the f root servers, since they could not easily attack all of the servers without using owned machines all around the globe.
This guy is full of shit. Verisign does not innovate.
It looks like Microsoft needs to go back and look at their code again. There is a new virus in the wild that is exploiting port 135. Security people have yet another reason to be upset at the Redmond giant.
;
As seen on full disclosure:
From: "3APA3A"
To: ;
Cc:
Sent: Friday, October 10, 2003 6:48 PM
Subject: Bad news on RPC DCOM vulnerability
Dear bugtraq@securityfocus.com,
There are few bad news on RPC DCOM vulnerability:
1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is
again actual.
2. It was reported by exploit author (and confirmed), Windows XP SP1
with all security fixes installed still vulnerable to variant of the
same bug. Windows 2000/2003 was not tested. For a while only DoS exploit
exists, but code execution is probably possible. Technical details are
sent to Microsoft, waiting for confirmation.
Dear ISPs. Please instruct you customers to use personal fireWALL in
Windows XP.
Where are my moderator points when I need them ;-)
I think the whole thing is a big PR blitz. Like when MS announced how it was going to crack down on bad code. It must be tough to be Microsoft, once you make the sale, you need to keep them coming back for me, like a heroin dealer, you need to keep them hooked and wanting more and wanting better.
Microsoft Excel was great back at version 4. I don't know what they added since that has been an amazing thing for me personally. I am sure there are many people dying to get the newest version. Word 5 was insane, and they were able to improve with the XP version. Powerpoint bores me, both using it and viewing it. Access, damn people, get friendly with mysql or postgresql, forget access, it will ruin you! Windows itself, never really found a version that I "liked" (why my primary machine is a Powerbook). I don't think that the folks in Redmond have a chance at making something that will make me happy.
Thank goodness for Windows though... Thanks to Microsoft we of the world of Linux and BSD can buy cheap hardware to run a very powerful operating system on.
If you bought a Toyota Prius and always drove with 4 people who weighed 300 pounds each in it, you would not get anywhere near the rated mpg.
If you buy a HD and format it with a lousy file system, you will get nowhere near the rated capacity.
If you buy an ethernet hub and connected 50 computers to it using daisy chained hubs, you won't get anywhere near 10mbps.
The fact is, they need to pick a number. The number they pick relates to the maximum throughput the device can transmit. Once you subtract protocol headers, at a minimum, you won't get 54 mbps. Saying they should advertise it at 22 mbps will never happen, because you will never get the manufacturers to agree on a rate to advertise. Look at modem statistics. a 53kbps modem will not typically transmit 53kbps of user data. Downloading a 5300kbit file will take more than 100 seconds. Should they restate their speeds?
It is perfectly reasonable to expect only 20 mbps throughput with a 802.11a or 11g network, for the same reason that 4-5 mbps is average using a 10baset hub or 802.11b. These are all shared mediums. Clients must use Collision Detection and avoidance. There is competition for the available bandwidth. All wireless must contend with clients that are connected at different rates. If a host is far enough from a 11a access point that it associates at 12 mbps, It's communications with the AP will take a longer timeslice from the available airspace. Clients associated at a higher rate will have their effective communication rate drastically effected.
Does it matter? Is it bad to market 11a and 11g at their 5x mbps? or 11b at 11mbps? Not really. (IMHO) Just like Hard drives are advertised at they size before putting a file system on them, it is up to the user to understand what the numbers really mean.
If you are the only client associated with an AP, your throughput will probably be much closer to the theoretical maximum, just as if there are only two things connected to a hub, their communications with each other will be better than if there were five.
With the huge size of some databases, it would make more sense to connect to your offsite storage via fiber and store it there. There is no reason the backup disks need to be in the same room or building or state as the primary disks. Then you also solve the problem of reliably getting the data offsite in the first place. This is of course more expensive than renting a storage locker and driving a dat tape over to it every night, but I don't think Citibank is driving too many tapes around town. (just a guess)
Believe me it or now, I had a dream that I was on an airplane that was doing this maneuver for testing, but dropping a real bomb. I was in the back of the plane and when I saw it falling, all I could think about was, we are no way going to get far enough away.
/. first thing and see this new article...
Very strange to wake up, go to
Okay, what does it all mean?
I was hoping for something more 3-D, but it is still cool. Who get's to play the ghosts? They can put some red bull cans where the super-dots are and have alot of fun, well maybe not alot of fun, but at least some.
Before god created google, there was Yahoo!, and that wasn't too bad. Man was able to find interesting pages by drilling down through skillfully maintained categorical organization. Than Man created the computer and said, screw this, I can write a program that can do all this for me, leaving more time for Pan-Galactic Gargle Blasters. Man said, I shall call my invention Google. In most portions of the Galaxy, Google has largely supplainted the more pedestrian Encyclopedia Yahoo!. In cases where there is a descrincy between the real world and Google, the fault lies in the real world.
Obscurity does not provide security. Things like CERT exist, or better yet: Vulnerability disclosure publications and discussion tracking at Oulu Univeristy in Finland. The way to deal with buggy software is to find the bugs, fix them ASAP and let the world know about the bugs. It is not to ban Rendezvous, or not use it. Better security is obtained by protecting the physical layer from access. Wireless has it's own caveats, of course, but there are ways to make cracking into your wireless network "expensive" for casual war drivers, kind of like putting a Club on your steering wheel. If a hacker can't get to your phy layer (the entire Layer 2 "wire"), then Rendezvous isn't that bad. It is link-local. Of course you need good host security to help prevent the compromise of a host on your subnet, but Rendezvous won't help them crack a host, unless they are already on your subnet. (round and round we go). As for "Almost any piece of software is secure only because of obscurity" this can't be a common opinion outside of Microsoft.
Rendezvous uses link-local multicast, not broadcast.v ous/
"Multicast DNS Responder (mDNSResponder), the component that listens for and responds to DNS-format query packets, sent via IP Multicast to UDP port 5353" From: http://developer.apple.com/darwin/projects/rendez
I don't see why Rendezvous could not be enabled to use global multicast. Apple could use a GLOP address (http://www.faqs.org/rfcs/rfc2770.html) for each application that wants to have a global presence.
Anyway, Rendezvous != Broadcast.
Link-Local Multicast != Broadcast
Oh, btw, since when is kiddie-porn a form of speech? I did not realize that the Bill of Rights protected it.
"Amendment I
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances."
So, if I need to tolerate kiddie porn to be a supporter of free speech, then how come it is illegal in the U.S. when we have Amendment I of the constitution?
I know I am being a little idealistic about our Bill of Rights. Between Terrorism and the Drug war, alot of those rights have been trampled on.
Speaking of rights (this is slightly off topic, but I'll risk moderation) I saw Kevin Mitnick speak last night, and I find the Federal prosecuters actions despicable. Forcing him to waive his right to a speedy trial. Threating to put hiim into solitary confinement. Everyone here already knows about it, but damn if our government doesn't just suck sometimes.
Have they figured out how to anonymize the transfer of a file from a freenet server? If someone does a search for illegal material that freenet has decided to serve in my encrypted share and downloads it, they can see my ip address, can't they?
Maybe common carrier status applies, but I don't want to be the test case.
Hum, big difference between using PGP, where I control my personal use and the use of my equipment and running a server software where I have little or no control over the way that my machine is being used.
The same arguement allows me to see the use of anonymous remailers. Anonymity can be a good and powerful tool.
as for kiddie-porn, there is no reasonable excuse...
Who else finds this a disturbing arguement:
" I don't want my node to be used to harbor kiddie porn, offensive content or terrorism. What can I do?
The true test of someone who claims to believe in Freedom of Speech is whether they tolerate speech which they disagree with, or even find disgusting. If this is not acceptable to you, you should not run a Freenet node."
From the freenet.org documentation page. I find it hard to believe that "the true test" of Freedom of Speech means tolerating child porn. You can be sure as hell that I will take their advice and not run a Freenet node.
results from googleshare...
'google' has a 7.65% googleshare of 'slashdot'
There are 8 out of 10 top-ten result matches.
Which gives a bonus ranking of 38/55: (10 for top result, 9 for next etc...)
Seriously though, I remember trying to find people or facts on yahoo, altavista, lycos, and it would be a long process that often came up with nothing. Google, OTOH, is like the Hitchhikers Guide, it has larger suplanted other pedistrian search engines and has become the defacto standard of information search and retrievial.
What are you talking about? Where do you get the idea that "the students are paying for at least half the bandwidth" ?? Not all colleges/universities are state schools either. Not all money into a University comes from students. Most, if not all, departments do research where they receive money, usually from the government, but more and more from corporations. This money is then used by departments to pay for computing services. Sure the students contribute to the money available for these services also, but most Universities do not have a specific fee for "Internet Access" that they charge to students. Your idea that $50 will buy you a DSL connection probably means that you have no idea what is involved with a University Network. If every student had a dsl connection, and none had direct access to the University network, then every student would need to come into the University network via the commodity Internet connection to access their email, course web pages, student activity information pages. This would soon saturate the University Internet connection. After all you propose that DSL is a better solution.
Something our University does not do, but some do, they purchase a separate Internet connection just for their dorm users. The housing departments pay the costs for it, if students complain about slow Internet connections, they can talk to the housing department.
You get a heck of alot more for you money from a decebt University than you get from any ISP. Network Printers, computer clusters, web publishing systems, your own static IP plus the ability to pick your own hostname, wireless network access. These are all things that our university gives students for their money. I think it is pretty fair.
Sounds like your school needs to come up with a Terms of Service. We have no problem turning off access on any machine that is infected or impacting other users service with no good reason.
First off, both of you need to learn how to spell, just had to say it.
How do you know how much the students at this person's school are paying for network access? Do you have any idea how much that network access costs? $50 a month will not purchase you all of the core routing equipment so that you can get (at minimum) 10 mbps connections to all of the campus servers. When you buy DSL, what do you get? One connection. At a Uni you are connecting to potentially thousands of other computers at very high speeds.
The fact is, if Universities did nothing about student P2P serving, they would not be able to buy enough commodity Internet bandwidth to keep up with the demand of all those home P2P users trying to download the latest movie. Throwing more BW just means more file sharing.
Firewalling an entire campus is just plain silly. It would be like storing the crown jewels in a prison, there are just as many potential troublemakers on the inside as there are on the outside. If a firewall is deemed necessary, it makes more sense placing it as close to the sensitive machines as possible.
The firewall mentioned above is a bit draconian. Our residence network allows the students to chose their own hostname, get a globally routable IP address and run (pretty much) any services they want, as long as they are not doing anything illegal or commercial. It can be said that running your own http server is educational, or better yet, writing some brand new server that does something cool and interesting.