Linux is the most breached OS on the net minus the virus and worms that take out microsoft systems.
i would actually wager percentage wise that more than 30% of MS servers get broken into or virused/wormed compared to maybe 15% of Linux systems. Not to mention that nobody has written an "auto spreader" for linux such as slammer.
i read the same report as you. but the report was not factual, nothing like it can be since most cracks go unreported.
FYI: for what its worth Sun is not indemnifying all of their customers, only the ones who run their linux desktop. they will not be covering server side linux users.
"Only those using the software need to know it is secure. This can be accomplished whether the software is Open Source or not."
i responded instead of modding you. Let me just point out that if the public is using it then it should be open source so that the neccasary non-corporate people (hackers) can take a look at the code and fix what is needed, in the case of microsoft they are saying "trust the people who we employ, and who depend on our products to make money" which is a very very bad thing to rely on.
The open source community might not be perfect, but its one hell of alot closer than any proprietary setup. (not to mention that the larger the OSS community gets the more people will be looking at the code, hence more security.)
the CIA and/or the NSA are bad examples of security in software. (as is anything in gov't) because politicians decide what gets done, and politiks do not mix well with software.
again as i have stated my TOS doesnt allow my ISP to firewall me, but thats besides the point this is still a bad idea regardless.
I can't understand that one. Cutting out spam, blocking email viruses at the source will slow the Internet down how? AFAIK, if a consumer's machine stays up for longer without rebooting, wouldn't that mean that they end up being happier with their Internet experience?
convince xyz company to install a router/firewall with custom ACL's on a per customer basis. watch the bottleneck.
if i am told for whatever reason that i have to use your proxy for everything i do then your techs have access to all of my information, if i can prove in court that your background checks werent stringent enough or that someone read my private mail i would win a law suit. (right now they do not have access to my mail. i run my own mailserver that sits in san diego at a co-lo center.)
there are no small broadband ISPs here. and they wont be popping up anytime soon with the requirements you guys are placing on these firewalls. not to mention that the firewall still wont stop traffic on the internet, just that network. for instance if amazon is getting Ddos'ed then it will still be slow for me, no matter what. sure i'll hit my ISP's router faster; yippee. the internet has a whole needs to be protected in order for this to speed the internet expierience. and dont forget "if you build something idiot proof they will make a better idiot".
and as i have said before: how long until the script kiddies start finding ways around, or through the firewall ? or better yet ways to crash the firewall.
as an aside sendmail is NOT open source in the "slashdot" meaning of the word. on slashdot open source means GPL or BSD license, sendmail has two separate versions one freeware and one that costs money. (hence why sendmail.org thanks sendmail inc for their help/gratiuosness)
also since this is slashdot i would expect you to know that generic terms like sendmail and windows are not strictly in reference to the products bearing that name but are to be used in context with the rest of the post. (ya got the point right ?)
i also reserve the right to be an asshole when people dont listen and make assanine points.
well where to start..... first let me state that my comment was a reply to the parent poster and was not directed directly at the article.
The ISP putting up firewalls isn't interested in protecting you from other people. It's the other way around - they're interested in protecting other people from you. Or, more importantly, your poorly administered network of Windows machines that have never been patched since they were installed from the original media.
so now they are blocking outbound requests period ? if not then there is no way to protect other people from me, allow replies or simple outgoing requests and an infected host causes hell for some server/machine/network.
The original article never claimed that firewalls will clean the Internet. The article only claimed that firewalls will help reduce the spread of infection. For example, blocking port 80 incoming and port 25 outgoing would have eliminated the damage done by Code Red and Sircam
so now i can only use mailservers on my ISPs network ?
That's why I would insist on blocking port 25 outgoing, and requiring all email to be sent through the ISP's relay. Some people don't like the idea that I might be reading all their email (like I give a damn what they write!) - tough. If they're running Windows, they use the relay, and I scan for spam and virii. The only people who would want to have the ability to send email without going through my relay are spammers and virus kiddies.
sorry i encrypt my mail. but a semi-clueless person who works in CS for xyz company sending a confirmation email with my credit card number in it would make you liable, as would a fool-of-a-took that sends his IP and root password in plain text email. this would never work, putting so much trust in so few people will lead to nothing but problems.
Neither are firewalls a Machiavellian plot to overtake the world and turn all Internet users into consumer-society zombies.
that all depends on who is administering them. if you only have one broadband ISP in your area and they do something stupid what are you going to do if you rely on that service to make money ? (and thereby provide food-clothing-shelter?)
Good tools can be used to do bad things. Witness the relationship between email and spam. To make the Internet a safer/quieter place for ISPs and technical users, we need to have the Internet equivalent of safety rails and traffic lights. IMHO, firewalls provide these safety rails and traffic lights.
has i have pointed out many times this will not solve any problems, it will slow down internet speeds for consumers, and cause problems with certain applications. (cry about bad coding all you want, computers are 50 years old and its getting worse not better) there is no way to prevent virus except to patch the system, and write better code. period. to user-unfriendly ? to damn bad, you have the choice to walk away from the internet, computers etc if you dont like it. the point is YOU have the right to make that choice. and i am not interested in some whiny windows people making the decision for me.
as an aside/example a certian new york based hosting company firewalls off all of their users/systems, now generally this is not a bad idea, however since the people running the firewall are morons (like the people who work at most ISP's. i know i talk to them quite often) they had the following ports open: 21,22,80,137,138,139,3389 now generally i wouldnt think to much of it since its not my system i was dealing with, but when i got on the phone with the person at the ISP's NOC he pissed me off so i decieded to raz him a little, after being passed to a "level 3" tech the convorsation went something like this (note the person i called the ISP for "Jim" was wondering why he couldnt access his UI, and the cs tech at the ISP couldnt tell him):
Me: so why do you have the netbios and windows XP remote desktop
well firstly the internet was not intended to have one way connections, secondly alot of services such has media and games require a verification connection or a udp connection on some random port, with most firewall that would be blocked. also i wouldnt run a server on a dhcp line, to much of a hassle. but i do ssh into my network at home while im at work, and also scp stuff to other people. it doesnt say a damn thing about usage of incoming ports it says "no servers" thats not a server according to their definition.
Somewhere == public tax money. the internet is privately owned, the point still stands.
Why shouldn't the ISP take action to defend itself from loss of revenue? I think you'll find that the people who will leave "en masse" given a port blocking policy will be far outnumbered by those who just don't give a damn. Or even those who migrate to the ISP because they're told it's safer. Port blocks, spam-catchers and traffic monitors are the safety standards, registration checks and speed limits of the Internet. When used correctly, they will make the Internet safer for everyone - inside and outside the ISP.
horseshit. it will filter the internet down to the corporate drivel the ISP wants you to see. and people wont migrate their if people like me are telling them the truth, that alot of shit wont work right, and it will require more work on their part.
Would you prefer to drive on roads that are only used by roadworthy vehicles? Why don't you want an Internet that is only accessible by Internet-worthy operating systems and administrators?
well i can go with option 1 or 2:
1> the internet is not a road, on a road i rely on other people to not do stupid shit, i have no way of protecting myself, i can with the internet filter what i want to, use an IDS, proxy etc...
2> putting up a firewall will not clean the internet, it would at best clean that ISP's network. and depending on how it is implemented it wouldnt even do that. not to mention it still doesnt prevent outward bound attacks from hosts that got an email virus or a virus from a download (or for that matter prevent email virus's or trojans) etc..... firewalls are not a utopian security solution.
i have not yet had any issues losing speed or connectivity due to a worm, and more important an ISP can configure its routers (with some help from a NIDS) to drop the traffic based on signature if it becomes that big of an issue. plus like i said before this will not get rid of virus's, it wont even slow them down. firewalls are not meant to slow or stop worms or virus's, there are meant to limit access to INCOMING ports. if a host machine gets a virus it can still transmit the virus outward and there is no user-friendly way to block outgoing requests.
and ISP can "offer" port blocking, "offer" being the key word. they should charge more for it and leave the rest of us alone, people shouldnt be required to have a firewall anymore than they should be required to install locks on their doors, and you cannot fine someone because their pc got a virus, if your going to fine anyone fine the person that wrote the virus, or the software that was vulnerable.
apparently you missed the response i had to the last posted stating that most people check their mail from outside the ISP's network, and as such should be able to reply to the same mail.
One cannot have an e-mail account without spam filters. I get close to 25 spams a day.
yes one can, i do and i get less than 10 spam emails per day on my four email accounts (two for work, two for home) not including the administrative accounts i have on the servers/domains i admin.
the webpage thing would be nice, but what if the webpage goes down, or is inaccurate. sorry i'd rather not deal with the problems.
no jackass. thats like saying an ISP should fix microsofts mistakes. thats not how this works. what next ? the gov't should regulate the allowed ports ? fuck that noise.
ports have been around years longer than moronsoft. and if you think they are a problem why dont you redesign the TCP/IP stack and replace them, see how far you get, how practical it is, then ask someone who knows way more about this than you what they think of it..... then plug your ears to avoid going deaf from their laughter.
nobody said theses people have to leave their computer on all the time, or connected all the time, thats a choice. weather they choose to be informed on it or not is their decision.
and just because moronsoft left ports open assuming people might be smart and firewall their system doesnt mean everyone should be firewalled, there are reasons alot of us dont use moronsoft, that would be one of them
also OS vendors do not make network design choices, they make usability choices, it is up to the user to make networking choices, like weather to use dialup or broadband, or weather to leave the connection on 24x7 or not
stop being lazy. get a firewall and quit your whining.
no actually what i was saying is that if the firewall is blocking incoming traffic (default behavior on a good firewall) alot of stuff wont work because it makes a verification attempt (essentially a call back) that doesnt neccasarily have to be a response, or even on the same port, or same protocol.
also of note is that i still wouldnt want to have to call someone to have some level 1 know-nothing trying to deal with ACl's for my home connection its pointless and would cause me way more frustration than it would be worth. i want the internet, not the "filter of the month"-net
Expect there to be laws that REQUIRE ISP's in the US at least to firewall anyone that is a customer and to keep detailed records of their Internet habits.
that is gov't propoganda, and although because of ignorance it may come to pass, it does not make it any less wrong. i would also find it ammussing since they would have no way to track people from outside the US (most of the world including *gasp* terrorists)
I run an ISP so I KNOW what my job is. I know that sooner or later ISP's will be hit with the same legal liability as any other SERVICE PROVIDER. For example a hotel. They offer you a service to stay at their facility. Would you stay at a hotel that didn't have locks on the doors?
a hotel has no locks on the front door, most dont have locks on the elevators or staircases, and the hotel room door is locked to prevent people from stealing. this is not a good analogy, try again.
The only thing that has prevented and is still preventing lawyers from coming after ISP's for failed duty to protect customers is that they don't fully understand the techno beast that is the Internet
horseshit. thats like saying a phone company is responsible for filtering my calls, or that cable TV should filter my channels for me. funny last i checked they didnt do that, there are some options for sure, but the responsibility lies on the consumer not the provider. and just for shits and grins dont most TOS and contracts cover this stuff ? i know mine does.
sorry pal, having a QoS backbone has nothing to do with being a leader in inovation. its like saying the guy who bought the electric car was a leader in inovation. he is not.
VOIP has not been common in the US because our actual phone system was much more developed than other contries, hence why we still get free local calls and $0.07 per minute long distance to canada, most of europe, and south america. hence VOIP makes more sense for countries with less developed traditional phone systems.
But I wanted to run apache and access a simple web app from my office. I called them, said "I need port 80 open!". Their answer: "OK sir, it's unblocked, thank you for your call, blah blah".
congratulations you have a good ISP, most of us do not. most of us dont have any choice if we need broadband.
Most barebone providers charge costumers by traffic.
not sure if you mean backbone or not, so i'll cover both angles
not really, most consumer end connections are just labeled as "broadband" or xyz speed connection because most customers dont understand per-traffic billing.
most backbone providers do charge based on traffic, however an ISP firewalling something doesnt prevent it from hitting their pipe, it blocks it after it has hit their pipe, thereby still counting against their traffic. (same principle as me firewalling my home network, stuff that hits my firewall still counts as traffic on my connection)
this is the broadband arena in america. you have little or no choice.
i deal with systems spanning from asia to australia and back again i cannot downgrade to dial-up and i only have two broadband providers in my area, both major companies and only one is decent with speed and connectivity. there is very little choice in this market, as is the way with most of american cities, especially the smaller and mid-sized ones.
however if there was compotition i would vote with my money, however has it stands the broadband market is monopolized on a market by market basis.
last time i checked none of the coutries you listed were leaders in informations technology. but even so, just because a few people do it doesnt make it right.
china still burns books and blocks western websites, sounds good to me.... lets do it !
blocking only incoming traffic would accomplish very little, the virus's and worms could still be proactive and it would still suck up major amounts of bandwidth.
let me tell you something about adaptive firewalls and adaptive "filters"
they hurt more than they help, it wont take much for the "firewall" to start blocking standard ports because it doesnt like the traffic.
and thats not even going to the amount of resources you would need for a setup like that, in a place like this our largest ISP is time warner, they have 200k customers in the metro area, having unique ACL's on a per customer basis would KILL speed and be a major pain in the ass to fix/troubleshoot which would cause massive delays when a problem arises.
Slashdot Mirror
Linux is the most breached OS on the net minus the virus and worms that take out microsoft systems.
i would actually wager percentage wise that more than 30% of MS servers get broken into or virused/wormed compared to maybe 15% of Linux systems. Not to mention that nobody has written an "auto spreader" for linux such as slammer.
i read the same report as you. but the report was not factual, nothing like it can be since most cracks go unreported.
FYI: for what its worth Sun is not indemnifying all of their customers, only the ones who run their linux desktop. they will not be covering server side linux users.
information obtained from: here
"Only those using the software need to know it is secure. This can be accomplished whether the software is Open Source or not."
i responded instead of modding you. Let me just point out that if the public is using it then it should be open source so that the neccasary non-corporate people (hackers) can take a look at the code and fix what is needed, in the case of microsoft they are saying "trust the people who we employ, and who depend on our products to make money" which is a very very bad thing to rely on.
The open source community might not be perfect, but its one hell of alot closer than any proprietary setup. (not to mention that the larger the OSS community gets the more people will be looking at the code, hence more security.)
the CIA and/or the NSA are bad examples of security in software. (as is anything in gov't) because politicians decide what gets done, and politiks do not mix well with software.
the desktop version of redhat 9 (and 8 i believe) has a feature that acts the same way. a flashing ! in the bottom right corner.
again as i have stated my TOS doesnt allow my ISP to firewall me, but thats besides the point this is still a bad idea regardless.
I can't understand that one. Cutting out spam, blocking email viruses at the source will slow the Internet down how? AFAIK, if a consumer's machine stays up for longer without rebooting, wouldn't that mean that they end up being happier with their Internet experience?
convince xyz company to install a router/firewall with custom ACL's on a per customer basis. watch the bottleneck.
if i am told for whatever reason that i have to use your proxy for everything i do then your techs have access to all of my information, if i can prove in court that your background checks werent stringent enough or that someone read my private mail i would win a law suit. (right now they do not have access to my mail. i run my own mailserver that sits in san diego at a co-lo center.)
there are no small broadband ISPs here. and they wont be popping up anytime soon with the requirements you guys are placing on these firewalls. not to mention that the firewall still wont stop traffic on the internet, just that network. for instance if amazon is getting Ddos'ed then it will still be slow for me, no matter what. sure i'll hit my ISP's router faster; yippee. the internet has a whole needs to be protected in order for this to speed the internet expierience. and dont forget "if you build something idiot proof they will make a better idiot".
and as i have said before: how long until the script kiddies start finding ways around, or through the firewall ? or better yet ways to crash the firewall.
slashdot does not dictate how i type or speak.
as an aside sendmail is NOT open source in the "slashdot" meaning of the word. on slashdot open source means GPL or BSD license, sendmail has two separate versions one freeware and one that costs money. (hence why sendmail.org thanks sendmail inc for their help/gratiuosness)
also since this is slashdot i would expect you to know that generic terms like sendmail and windows are not strictly in reference to the products bearing that name but are to be used in context with the rest of the post. (ya got the point right ?)
i also reserve the right to be an asshole when people dont listen and make assanine points.
well where to start ..... first let me state that my comment was a reply to the parent poster and was not directed directly at the article.
The ISP putting up firewalls isn't interested in protecting you from other people. It's the other way around - they're interested in protecting other people from you. Or, more importantly, your poorly administered network of Windows machines that have never been patched since they were installed from the original media.
so now they are blocking outbound requests period ? if not then there is no way to protect other people from me, allow replies or simple outgoing requests and an infected host causes hell for some server/machine/network.
The original article never claimed that firewalls will clean the Internet. The article only claimed that firewalls will help reduce the spread of infection. For example, blocking port 80 incoming and port 25 outgoing would have eliminated the damage done by Code Red and Sircam
so now i can only use mailservers on my ISPs network ?
That's why I would insist on blocking port 25 outgoing, and requiring all email to be sent through the ISP's relay. Some people don't like the idea that I might be reading all their email (like I give a damn what they write!) - tough. If they're running Windows, they use the relay, and I scan for spam and virii. The only people who would want to have the ability to send email without going through my relay are spammers and virus kiddies.
sorry i encrypt my mail. but a semi-clueless person who works in CS for xyz company sending a confirmation email with my credit card number in it would make you liable, as would a fool-of-a-took that sends his IP and root password in plain text email. this would never work, putting so much trust in so few people will lead to nothing but problems.
Neither are firewalls a Machiavellian plot to overtake the world and turn all Internet users into consumer-society zombies.
that all depends on who is administering them. if you only have one broadband ISP in your area and they do something stupid what are you going to do if you rely on that service to make money ? (and thereby provide food-clothing-shelter?)
Good tools can be used to do bad things. Witness the relationship between email and spam. To make the Internet a safer/quieter place for ISPs and technical users, we need to have the Internet equivalent of safety rails and traffic lights. IMHO, firewalls provide these safety rails and traffic lights.
has i have pointed out many times this will not solve any problems, it will slow down internet speeds for consumers, and cause problems with certain applications. (cry about bad coding all you want, computers are 50 years old and its getting worse not better) there is no way to prevent virus except to patch the system, and write better code. period. to user-unfriendly ? to damn bad, you have the choice to walk away from the internet, computers etc if you dont like it. the point is YOU have the right to make that choice. and i am not interested in some whiny windows people making the decision for me.
as an aside/example a certian new york based hosting company firewalls off all of their users/systems, now generally this is not a bad idea, however since the people running the firewall are morons (like the people who work at most ISP's. i know i talk to them quite often) they had the following ports open: 21,22,80,137,138,139,3389 now generally i wouldnt think to much of it since its not my system i was dealing with, but when i got on the phone with the person at the ISP's NOC he pissed me off so i decieded to raz him a little, after being passed to a "level 3" tech the convorsation went something like this (note the person i called the ISP for "Jim" was wondering why he couldnt access his UI, and the cs tech at the ISP couldnt tell him):
Me: so why do you have the netbios and windows XP remote desktop
well firstly the internet was not intended to have one way connections, secondly alot of services such has media and games require a verification connection or a udp connection on some random port, with most firewall that would be blocked. also i wouldnt run a server on a dhcp line, to much of a hassle. but i do ssh into my network at home while im at work, and also scp stuff to other people. it doesnt say a damn thing about usage of incoming ports it says "no servers" thats not a server according to their definition.
..... firewalls are not a utopian security solution.
Somewhere == public tax money. the internet is privately owned, the point still stands.
Why shouldn't the ISP take action to defend itself from loss of revenue? I think you'll find that the people who will leave "en masse" given a port blocking policy will be far outnumbered by those who just don't give a damn. Or even those who migrate to the ISP because they're told it's safer. Port blocks, spam-catchers and traffic monitors are the safety standards, registration checks and speed limits of the Internet. When used correctly, they will make the Internet safer for everyone - inside and outside the ISP.
horseshit. it will filter the internet down to the corporate drivel the ISP wants you to see. and people wont migrate their if people like me are telling them the truth, that alot of shit wont work right, and it will require more work on their part.
Would you prefer to drive on roads that are only used by roadworthy vehicles? Why don't you want an Internet that is only accessible by Internet-worthy operating systems and administrators?
well i can go with option 1 or 2:
1> the internet is not a road, on a road i rely on other people to not do stupid shit, i have no way of protecting myself, i can with the internet filter what i want to, use an IDS, proxy etc...
2> putting up a firewall will not clean the internet, it would at best clean that ISP's network. and depending on how it is implemented it wouldnt even do that. not to mention it still doesnt prevent outward bound attacks from hosts that got an email virus or a virus from a download (or for that matter prevent email virus's or trojans) etc
and doris likes to check her mail from work right ? that is port 110 from an outside network inbound to the ISP's network.
and doris likes to reply to her mail right ? thats port 25 from an external network to the ISP's network.
i never said a damn thing about running sendmail. use your brain or shut the hell up, you people listen like a brick wall.
i have not yet had any issues losing speed or connectivity due to a worm, and more important an ISP can configure its routers (with some help from a NIDS) to drop the traffic based on signature if it becomes that big of an issue. plus like i said before this will not get rid of virus's, it wont even slow them down. firewalls are not meant to slow or stop worms or virus's, there are meant to limit access to INCOMING ports. if a host machine gets a virus it can still transmit the virus outward and there is no user-friendly way to block outgoing requests.
and ISP can "offer" port blocking, "offer" being the key word. they should charge more for it and leave the rest of us alone, people shouldnt be required to have a firewall anymore than they should be required to install locks on their doors, and you cannot fine someone because their pc got a virus, if your going to fine anyone fine the person that wrote the virus, or the software that was vulnerable.
apparently you missed the response i had to the last posted stating that most people check their mail from outside the ISP's network, and as such should be able to reply to the same mail.
One cannot have an e-mail account without spam filters. I get close to 25 spams a day.
yes one can, i do and i get less than 10 spam emails per day on my four email accounts (two for work, two for home) not including the administrative accounts i have on the servers/domains i admin.
the webpage thing would be nice, but what if the webpage goes down, or is inaccurate. sorry i'd rather not deal with the problems.
no jackass. thats like saying an ISP should fix microsofts mistakes. thats not how this works. what next ? the gov't should regulate the allowed ports ? fuck that noise.
..... then plug your ears to avoid going deaf from their laughter.
ports have been around years longer than moronsoft. and if you think they are a problem why dont you redesign the TCP/IP stack and replace them, see how far you get, how practical it is, then ask someone who knows way more about this than you what they think of it
nobody said theses people have to leave their computer on all the time, or connected all the time, thats a choice. weather they choose to be informed on it or not is their decision.
and just because moronsoft left ports open assuming people might be smart and firewall their system doesnt mean everyone should be firewalled, there are reasons alot of us dont use moronsoft, that would be one of them
also OS vendors do not make network design choices, they make usability choices, it is up to the user to make networking choices, like weather to use dialup or broadband, or weather to leave the connection on 24x7 or not
stop being lazy. get a firewall and quit your whining.
no actually what i was saying is that if the firewall is blocking incoming traffic (default behavior on a good firewall) alot of stuff wont work because it makes a verification attempt (essentially a call back) that doesnt neccasarily have to be a response, or even on the same port, or same protocol.
also of note is that i still wouldnt want to have to call someone to have some level 1 know-nothing trying to deal with ACl's for my home connection its pointless and would cause me way more frustration than it would be worth. i want the internet, not the "filter of the month"-net
Expect there to be laws that REQUIRE ISP's in the US at least to firewall anyone that is a customer and to keep detailed records of their Internet habits.
that is gov't propoganda, and although because of ignorance it may come to pass, it does not make it any less wrong. i would also find it ammussing since they would have no way to track people from outside the US (most of the world including *gasp* terrorists)
I run an ISP so I KNOW what my job is. I know that sooner or later ISP's will be hit with the same legal liability as any other SERVICE PROVIDER. For example a hotel. They offer you a service to stay at their facility. Would you stay at a hotel that didn't have locks on the doors?
a hotel has no locks on the front door, most dont have locks on the elevators or staircases, and the hotel room door is locked to prevent people from stealing. this is not a good analogy, try again.
The only thing that has prevented and is still preventing lawyers from coming after ISP's for failed duty to protect customers is that they don't fully understand the techno beast that is the Internet
horseshit. thats like saying a phone company is responsible for filtering my calls, or that cable TV should filter my channels for me. funny last i checked they didnt do that, there are some options for sure, but the responsibility lies on the consumer not the provider. and just for shits and grins dont most TOS and contracts cover this stuff ? i know mine does.
sorry pal, having a QoS backbone has nothing to do with being a leader in inovation. its like saying the guy who bought the electric car was a leader in inovation. he is not.
VOIP has not been common in the US because our actual phone system was much more developed than other contries, hence why we still get free local calls and $0.07 per minute long distance to canada, most of europe, and south america. hence VOIP makes more sense for countries with less developed traditional phone systems.
But I wanted to run apache and access a simple web app from my office. I called them, said "I need port 80 open!". Their answer: "OK sir, it's unblocked, thank you for your call, blah blah".
congratulations you have a good ISP, most of us do not. most of us dont have any choice if we need broadband.
Most barebone providers charge costumers by traffic.
not sure if you mean backbone or not, so i'll cover both angles
not really, most consumer end connections are just labeled as "broadband" or xyz speed connection because most customers dont understand per-traffic billing.
most backbone providers do charge based on traffic, however an ISP firewalling something doesnt prevent it from hitting their pipe, it blocks it after it has hit their pipe, thereby still counting against their traffic. (same principle as me firewalling my home network, stuff that hits my firewall still counts as traffic on my connection)
this is the broadband arena in america. you have little or no choice.
i deal with systems spanning from asia to australia and back again i cannot downgrade to dial-up and i only have two broadband providers in my area, both major companies and only one is decent with speed and connectivity. there is very little choice in this market, as is the way with most of american cities, especially the smaller and mid-sized ones.
however if there was compotition i would vote with my money, however has it stands the broadband market is monopolized on a market by market basis.
just out of curiosity what law did bush pass that keeps you out of the USA and why does it keep you out ?
really ? last i checked windows XP upgrade costed more than redhat, suse, slack, gentoo (you get the idea yet ?) etc .....
users care about usability, usability in their mind is the same thing as familiarity.
last time i checked none of the coutries you listed were leaders in informations technology. but even so, just because a few people do it doesnt make it right.
.... lets do it !
china still burns books and blocks western websites, sounds good to me
blocking only incoming traffic would accomplish very little, the virus's and worms could still be proactive and it would still suck up major amounts of bandwidth.
i disagree, if i want to sendmail from work (outside my isp's network) or if i want to check my mail from outside of their network ......
i actually agree with what your saying.
i think they should do it, but it should be optional at sign up time.
let me tell you something about adaptive firewalls and adaptive "filters"
they hurt more than they help, it wont take much for the "firewall" to start blocking standard ports because it doesnt like the traffic.
and thats not even going to the amount of resources you would need for a setup like that, in a place like this our largest ISP is time warner, they have 200k customers in the metro area, having unique ACL's on a per customer basis would KILL speed and be a major pain in the ass to fix/troubleshoot which would cause massive delays when a problem arises.