Yes, but since computer B is logging into ISP Y, they must have at least one router too. Therefore your packet from computer A to computer B goes through at least two routers - ISP X's and ISP Y's.
Of course, you generally won't have such a direct connection as that, and as such you'll probably have any number of routers in the middle - check the output of traceroute to a site of your choice to see what I mean.
> Using an X server means you can have multiple people accessing a single largish back end server, which isn't doable with VNC.
Actually, VNC on a UNIX/Linux platform normally comes as a separate X server on its own, which means that, yes, each user VNCing to a server can have their own desktop, although they'd need to use different ports to connect.
Considering that several times that storage can be had for a few bucks surplus or many times that can be had for $50, I suspect that it will remain just a clever hack rather than full scale abuse.
There will always be freeloaders out there. Personally I believe that at some point in the near future, somebody's going to do exactly that - get it to link several accounts together. It could probably be done by having the equivalent of a FAT in the accounts, although how it'd be updated - as well as which account it would use - would be anybody's guess.
Yes. Illegially I might add, because they didn't release the source code along with it, as required by the GPL.
I don't know much about this, and haven't yet read up about it, so if I'm wrong about this situation feel free to flame me. But I thought the GPL specified that you had to make sure people *can* obtain the source code used, rather than release the source code along with the product? ie, if you went and asked them, you should legally be able to get the code.
Of course, if this is exactly what happened and I'm just ignorant, then feel free to flame me, as I said.
Before I start, I'm sorry if my previous post came across as rude or overbearing. That wasn't my intention - if it did, please accept my apologies.
I'd like to offer some points in response. Firstly, I think the assumption made by both div_2n and I was that the students didn't own the computers. A college generally doesn't allow people to even connect their own computers to the network. The students don't have root/Administrator access, so installing firewalls on their own can't be done - I think this is why div_2n said that the idea of doing so was ridiculous.
Secondly, I agree that a public IP isn't a hole as such, but if that IP is unfirewalled (which is what the original scenario said), then it would be a disaster for an educational establishment because it's an extra point of access into their network.
Lastly - and probably most importantly - it's the college's network. Any Internet provider will give you a list of Terms and Conditions you agreed to when you signed up, saying what you can and can't do. A college, by its nature, probably has a more restrictive list. And in a college, why should you need computers outside of the college to be able to access an internal computer without solicitation? Just about any company/organisation you'll find will have a big firewall (or its NAT equivalent) around the network - although they may not have much choice about it, heh.
I'm sorry, this is just so wrong that I'm going to comment on it even though I've spent mod points on some of the comments on this story.
First, the most obvious part (emphasis mine):...you seem to think that there's just no possiblity that a computer could be secure by itself (here's a cluestick -- most UNIX systems are very secure provided they are properly maintained).
You seem to be contradicting yourself here. A computer left by itself is, by definition, not properly maintained. I'm not one to normally advocate Windows, but guess what? A Windows system can be secure if it's properly maintained, too - or at least more secure than most Windows machines. Trouble is, the majority aren't properly maintained - mostly, because doing so is a daunting task (Windows Update isn't the be-all-and-end-all of security, despite what MS would have you believe).
Here's another thing to think about - take a Linux distribution made within the past year or so. Install it with whatever default options it has, except to make sure that typical Internet servers are installed - say, Apache and ProFTPD. Leave it running on the Internet, with a public, unfirewalled IP. Yes, it'll take longer for you to be hacked than would a Windows box under the same conditions, but you can bet you'll be hacked fairly soon.
Lastly for this point, exactly how do you define properly maintaining a computer? Perhaps installing a firewall - or otherwise making sure the computer isn't public (for example, via NAT) - is one step? I'm not saying it's the only thing, of course. But it plays a big part.
Are you seriously advocating NAT as the end all, be all of security?
I don't think that's what he's saying. But even if it isn't, it's still a heck of a lot. NAT will, by its nature, act as a sort of firewall, by not allowing (actually, by not even knowing how to allow) access to ports that shouldn't be accessed. Any ports that are to be accessed have to be explicitly set up in the NAT configuration, along with the host to receive the data for that port.
I assume you're working on the assumption that port 6354 (say) won't be accessible anyway by the very nature of it not being used, so why bother protecting it? Well, say that to any competent network administrator and you'd probably be laughed at. Security is not just something you take for granted; you actively enforce it.
How do you know that that port isn't being used? Because the network chart you drew up says it's not? Well, of course it wouldn't. How things should be and how they are are two very different things.
With NAT, you get a natural protection against any unauthorised ports being used. So somebody installed a backdoor that binds to port 6354 and waits for a connection in order to spawn a root shell? While it's still a serious situation (How did they get root in the first place? Has anything else been done?), at least nobody outside of the NATted network can access it. If the thought of absolutely anybody on the Internet being able to get root on your computer just by connecting to a port doesn't make you shudder (and I'm talking to the people who should know about this sort of thing, obviously - presumably including you), nothing will.
As it seems that in your post you seem to be thinking that the poster was advocating that all the computers were private, let me put you straight. The poster knew well that there would need to be some access to ports - for example:
"There is no reason a web server should allow anythying other than port 80 access and maybe a few others."
You say:
Finally, I'm not sure what magical VPN setup you're using, but there has to be at least one server with a public IP to take the intial connection! How is that different from ssh'ing to the server in the first place?
In the example you give, it isn't. But you're comparing apples to oranges; the scenario given before was that
I believe the updates to IE in XP SP2 will block all ActiveX controls unless explicitly told otherwise, and it won't use a popup to notify them of this - simply display a message at the top of the window.
But I don't use IE much, so I don't have any experience of this.
It's people who do things like that that I get pissed off about. By doing that, you cause more spam for everybody else, since you just 'confirmed' their email addresses. So now I know who to thank for some of the spam I get. Gee, thanks a lot.
Besides, spammers can always move to a new host, and the domain information updated quite easily. It takes time, but it can be done.
Have you heard the sound on the newer phones? They're actually pretty darn good - at least, compared to older phones. Believe me, the first time you hear a ringtone on one of these newer phones you'd think it's some sort of mini-computer.
An interesting idea, but unfortunately it doesn't take into account that spammers don't actually care who they send to. Not only that, but it'd probably be a prime target for paedophiles too.
Also, what's to stop anybody else from signing up for a '.kids' email address in the hope that they wouldn't receive this sort of spam? Unless you can prove that people using it are in a certain age range, you're not going to be able to "forbid" sending of explicit spam to.kids domains.
Firstly the google API will only return 10 results at a time, IIRC, meaning that it wouldn't be possible to meaningfully rank the sites unless you entered a loop to get all the search results from Google - and there could be lots.
Secondly, it means that you need to be able to search Google first before you can pass a regex filter over it - and what string would you use to search Google with?
Even if you could get Google to return likely pages for the regex, you'd still need to retrieve each result's page in real-time and search the page, as Google doesn't give you the full page as part of its results.
It's a nice idea, and it would be great if it was practical. Unfortuantely, for the reasons above, it isn't.:(
First you said it ended with Left-Right-Left-Right-B-A, now Up-Up-Down-Down-B-A. Which do you mean? Is the code Up-Up-Down-Down-Left-Right-Left-Right-B-A, or Left-Right-Left-Right-Up-Up-Down-Down-B-A?
Slashdot Mirror
Yes, but since computer B is logging into ISP Y, they must have at least one router too. Therefore your packet from computer A to computer B goes through at least two routers - ISP X's and ISP Y's.
Of course, you generally won't have such a direct connection as that, and as such you'll probably have any number of routers in the middle - check the output of traceroute to a site of your choice to see what I mean.
Not to mention that the same shuffle feature was in the iPod anyway.
I guess the main advantage would be that it plugs into the USB port directly instead of needing a cable.
It's probably not the "rootless" option you want - the one you'd want is "multiwindow". As far as I know, "rootless" does something else entirely.
When did you last check? Cygwin has had an option for using the native Windows window manager for quite some time, I believe. I use it myself.
> Using an X server means you can have multiple people accessing a single largish back end server, which isn't doable with VNC.
Actually, VNC on a UNIX/Linux platform normally comes as a separate X server on its own, which means that, yes, each user VNCing to a server can have their own desktop, although they'd need to use different ports to connect.
Actually, that page is just meant to be used with the search bar in IE, not as a proper main page.
Considering that several times that storage can be had for a few bucks surplus or many times that can be had for $50, I suspect that it will remain just a clever hack rather than full scale abuse.
There will always be freeloaders out there. Personally I believe that at some point in the near future, somebody's going to do exactly that - get it to link several accounts together. It could probably be done by having the equivalent of a FAT in the accounts, although how it'd be updated - as well as which account it would use - would be anybody's guess.
Okay, thanks. :) And sorry for not reading up about it before.
Yes. Illegially I might add, because they didn't release the source code along with it, as required by the GPL.
I don't know much about this, and haven't yet read up about it, so if I'm wrong about this situation feel free to flame me. But I thought the GPL specified that you had to make sure people *can* obtain the source code used, rather than release the source code along with the product? ie, if you went and asked them, you should legally be able to get the code.
Of course, if this is exactly what happened and I'm just ignorant, then feel free to flame me, as I said.
But there was one good thing about the site... the layout obviously hadn't been checked in Konqueror.
:D (and yes, that was a bona fide screenshot except for the added circle).
Check the age dropdowns in this screenshot to see what I mean.
Before I start, I'm sorry if my previous post came across as rude or overbearing. That wasn't my intention - if it did, please accept my apologies.
I'd like to offer some points in response. Firstly, I think the assumption made by both div_2n and I was that the students didn't own the computers. A college generally doesn't allow people to even connect their own computers to the network. The students don't have root/Administrator access, so installing firewalls on their own can't be done - I think this is why div_2n said that the idea of doing so was ridiculous.
Secondly, I agree that a public IP isn't a hole as such, but if that IP is unfirewalled (which is what the original scenario said), then it would be a disaster for an educational establishment because it's an extra point of access into their network.
Lastly - and probably most importantly - it's the college's network. Any Internet provider will give you a list of Terms and Conditions you agreed to when you signed up, saying what you can and can't do. A college, by its nature, probably has a more restrictive list. And in a college, why should you need computers outside of the college to be able to access an internal computer without solicitation? Just about any company/organisation you'll find will have a big firewall (or its NAT equivalent) around the network - although they may not have much choice about it, heh.
Again, sorry if I come across overbearing.
I'm sorry, this is just so wrong that I'm going to comment on it even though I've spent mod points on some of the comments on this story.
...you seem to think that there's just no possiblity that a computer could be secure by itself (here's a cluestick -- most UNIX systems are very secure provided they are properly maintained).
First, the most obvious part (emphasis mine):
You seem to be contradicting yourself here. A computer left by itself is, by definition, not properly maintained. I'm not one to normally advocate Windows, but guess what? A Windows system can be secure if it's properly maintained, too - or at least more secure than most Windows machines. Trouble is, the majority aren't properly maintained - mostly, because doing so is a daunting task (Windows Update isn't the be-all-and-end-all of security, despite what MS would have you believe).
Here's another thing to think about - take a Linux distribution made within the past year or so. Install it with whatever default options it has, except to make sure that typical Internet servers are installed - say, Apache and ProFTPD. Leave it running on the Internet, with a public, unfirewalled IP. Yes, it'll take longer for you to be hacked than would a Windows box under the same conditions, but you can bet you'll be hacked fairly soon.
Lastly for this point, exactly how do you define properly maintaining a computer? Perhaps installing a firewall - or otherwise making sure the computer isn't public (for example, via NAT) - is one step? I'm not saying it's the only thing, of course. But it plays a big part.
Are you seriously advocating NAT as the end all, be all of security?
I don't think that's what he's saying. But even if it isn't, it's still a heck of a lot. NAT will, by its nature, act as a sort of firewall, by not allowing (actually, by not even knowing how to allow) access to ports that shouldn't be accessed. Any ports that are to be accessed have to be explicitly set up in the NAT configuration, along with the host to receive the data for that port.
I assume you're working on the assumption that port 6354 (say) won't be accessible anyway by the very nature of it not being used, so why bother protecting it? Well, say that to any competent network administrator and you'd probably be laughed at. Security is not just something you take for granted; you actively enforce it.
How do you know that that port isn't being used? Because the network chart you drew up says it's not? Well, of course it wouldn't. How things should be and how they are are two very different things.
With NAT, you get a natural protection against any unauthorised ports being used. So somebody installed a backdoor that binds to port 6354 and waits for a connection in order to spawn a root shell? While it's still a serious situation (How did they get root in the first place? Has anything else been done?), at least nobody outside of the NATted network can access it. If the thought of absolutely anybody on the Internet being able to get root on your computer just by connecting to a port doesn't make you shudder (and I'm talking to the people who should know about this sort of thing, obviously - presumably including you), nothing will.
As it seems that in your post you seem to be thinking that the poster was advocating that all the computers were private, let me put you straight. The poster knew well that there would need to be some access to ports - for example:
"There is no reason a web server should allow anythying other than port 80 access and maybe a few others."
You say:
Finally, I'm not sure what magical VPN setup you're using, but there has to be at least one server with a public IP to take the intial connection! How is that different from ssh'ing to the server in the first place?
In the example you give, it isn't. But you're comparing apples to oranges; the scenario given before was that
I believe the updates to IE in XP SP2 will block all ActiveX controls unless explicitly told otherwise, and it won't use a popup to notify them of this - simply display a message at the top of the window.
But I don't use IE much, so I don't have any experience of this.
It's people who do things like that that I get pissed off about. By doing that, you cause more spam for everybody else, since you just 'confirmed' their email addresses. So now I know who to thank for some of the spam I get. Gee, thanks a lot.
Besides, spammers can always move to a new host, and the domain information updated quite easily. It takes time, but it can be done.
No, you won't. There are three options in IE - "Enable", "Disable", and "Prompt". You only get the prompt if you select "Prompt", fairly obviously.
Erm. That would be http://web.archive.org/ . Don't bother clicking on the link in the post above, it's the age old goatse link.
Have you heard the sound on the newer phones? They're actually pretty darn good - at least, compared to older phones. Believe me, the first time you hear a ringtone on one of these newer phones you'd think it's some sort of mini-computer.
An interesting idea, but unfortunately it doesn't take into account that spammers don't actually care who they send to. Not only that, but it'd probably be a prime target for paedophiles too.
.kids domains.
Also, what's to stop anybody else from signing up for a '.kids' email address in the hope that they wouldn't receive this sort of spam? Unless you can prove that people using it are in a certain age range, you're not going to be able to "forbid" sending of explicit spam to
There are a few problems with that...
:(
Firstly the google API will only return 10 results at a time, IIRC, meaning that it wouldn't be possible to meaningfully rank the sites unless you entered a loop to get all the search results from Google - and there could be lots.
Secondly, it means that you need to be able to search Google first before you can pass a regex filter over it - and what string would you use to search Google with?
Even if you could get Google to return likely pages for the regex, you'd still need to retrieve each result's page in real-time and search the page, as Google doesn't give you the full page as part of its results.
It's a nice idea, and it would be great if it was practical. Unfortuantely, for the reasons above, it isn't.
First you said it ended with Left-Right-Left-Right-B-A, now Up-Up-Down-Down-B-A. Which do you mean? Is the code Up-Up-Down-Down-Left-Right-Left-Right-B-A, or Left-Right-Left-Right-Up-Up-Down-Down-B-A?
Um, that bit isn't encoded. It reads "Holy cow!".