I don't need a cell-data-web-mail-espresso machine-cocksucking device
Which provider were you with again? The phone I was looking at had a built-in camera, but nothing as extravagant as a cocksucking device and an espresso machine. Wow. Just... Wow.
Another important point to check then is how you provision user accounts (in the case of SSLv3). Ask yourself questions such as, how do I give a new user access to the VPN, or what will the procedure be when (not "if") someone has lost/compromised their passwords or other form of credentials? It's a good idea to simulate all this and see if the config interface allows you to do all these tasks easily.
I would imagine with most of them they'd tie into the same authentication mechanisms your current RAS dialup or VPN solution does. Most of them support RADIUS and with RADIUS support you can get almost any kind of hardware token authentication you want. i.e. Point your SSL VPN box at the RADIUS server running on your ACE/Server and you can authenticate SecurID tokens. The good SSL vpns will understand challenge-response protocols as well so you can deal with "next tokencode mode" and "new pin mode" with SecurID cards and such.
If that's too complicated there's also the old standby passwords or SSL certificates, or hell, no authentication at all (acting as a plain SSL reverse web proxy for example).
The SSL-based "VPN" I'm familiar with is from the company formerly known as Neoteris (Netscreen bought them, and now Juniper looks to be buying Netscreen). Basically the whole idea is that your browser is the only client you need for remote access to your network and for the most part it works great.
The Neoteris stuff in particular provides you with a sort of "secure web portal" to your intranet (they call their product the Instant Virtual Extranet). It's very easy to configure and get setup, supports tons of different authentication mechanisms and the various penetration tests we've had conducted on ours have had it pass without a problem. Underneath it all it's basically a Linux box (right down to a LILO menu letting you select the image to boot, to rollback to an older version, or to perform a factory restore).
We have ours setup with SecurID token based authentication so we can present a secure SSL two-factor authenticated gateway to any of our internal sites without fscking around with the RSA Web Agent software and relying on IIS or Apache for webserver security. I'm not even sure where to start describing it since it has so many features... logging is very detailed down to the URL level, you can access Windows file shares and NFS exports via servlets, etc.
One of the neat features of it though is the secure application manager piece which basically does port forwarding. You can either let users setup their own application forwarding options or present them with a list of preconfigured ones (or both). The Java (or Active-X app.. it's configurable) app even goes so far as to modify the hosts table so users don't have to reconfigure their software. For example, say you want to allow POP access to your internal POP server to authenticated users. Basically when they login this Java app binds to a localhost address like 127.0.0.12 port 110 and then edits the hosts table to point smtp.whatever.com to 127.0.0.12. When you fire off your mail reader and connect to smtp.whatever.com it connects to 127.0.0.12, gets tunneled over the SSL connection and then redirected to the "real" server on the other side. Anyone doing SSH port forwarding should find this familiar, but it's done transparently enough that the end user doesn't have to know how it works. When the session terminates it removes the hosts table entries and cleans itself up by unbinding the ports. We've had good luck with this and laptop users roaming between home and the work LAN without making any changes at all to their applications.
Now, how is this better than IPSec? We don't have to worry about a network layer tunnel being established between some user's "dirty" home workstation and our protected network. There's a lot less chance of something accidently slipping through like a NetBIOS worm because it only allows what you explicitly configure it to allow. This appeals to us mainly because we're interested in it for the RAS replacement functionality. 99% of our users VPN in to our older VPN gateway to check mail or grab a file via Windows file sharing... The Neoteris box totally fits their needs and requires zero software installed on their system for us to worry about supporting. Ever try to make Checkpoint Secure Remote client live nicely with Cisco's VPN software?
By the way, I should point out that SSL VPNs are aimed at real enterprises and not small offices with 20, or even 200 people in them. These boxes costs tens of thousands of dollars to purchase and thousands of dollars in maintenance contract costs per year. These are not meant to replace someone's hacked up OpenBSD VPN gateway with some free IPSec Windows clients they found on the net sort of setup. These are definitely aimed at the bigger corporate environments.
One of our biggest uses has been putting the boxes in front of previously buggy and insecure Windows IIS webservers to offer an additional layer of security. Users don't need some clunky Cisco IPSEC vpn software installed before they can access the web sites in question.. jus
You could always go scavenging, remember the MIT guy that built the fusion reactor, he found his plasma accelerator(or insert some other fancy tech stuff that is impossible to find while scavenging) while scavenging.
Of course, if you're going to be scavenging to build a fusion reactor, don't be suprised when your ass is hauled off to GITMO.
Re:Who decides this stuff anyway?
on
WB Cancels Angel
·
· Score: 1
You may not be able to be counted by the Neilsen rating system unless you happen to get one of their viewing journals; but with a TiVo, your "vote" is always counted.
In a creepy Big Brother-esqe sort of way. Feh, I'll stick with mythtv, thanks.:-)
Stop watching Enterprise NOW! I don't want it cancelled!;-)
Enterprise jumped the shark the minute that vulcan chick had to get lubed up by the engineer guy after their first away mission. Berman is a complete waste of flesh if he thinks tits and ass were the only thing that attractged people to Star Trek TNG.
Re:Watched more than the West Wing
on
WB Cancels Angel
·
· Score: 1
Tru Calling (huh?)
Hey, Tru Calling is pretty good. Don't knock it if you haven't seen it.:-) The chick is hot, but I don't get why she can't tell her boyfriend of her power. Pretty lame.
emerge development-sources cd/usr/src/linux-2.6.2 make menuconfig... set options and save make && make modules_install && cp arch/i386/boot/bzImage/boot/vmlinux-1.krnl reboot
You lost me on step 1:
-bash: emerge: command not found
Oh, silly me, here we go:
apt-get install kernel-image-2.6-k7 Reading Package Lists... Done Building Dependency Tree... Done The following extra packages will be installed: kernel-image-2.6.0-1-k7 Suggested packages: kernel-doc-2.6.0 The following NEW packages will be installed: kernel-image-2.6-k7 kernel-image-2.6.0-1-k7 0 upgraded, 2 newly installed, 0 to remove and 1 not upgraded. Need to get 14.2MB of archives. After unpacking 41.4MB of additional disk space will be used.
Re:Jammers and Dampers
on
Cell-Phone Wars
·
· Score: 4, Insightful
Blocking them in residential areas is not. Someone uses ham equipment in my area, and it's easy to see who, due to the 40 foot antenna in his yard. The guy is known to hate cel phones.
Why would you assume that a guy with a 40 foot antenna in his yard is blocking your cell phone signals somehow? A 40 foot antenna like that would be used for HF communications and wouldn't have anything to do with the wavelengths your cell phone uses. Amateur radio operators are much more respectful of the limited radio spectrum than your average suburbanite cell-phone using panty-waste.
Yeah, get a computer with an x86 chip. Intel, AMD, and VIA make chips that are compatible with each other. More competition = better price.
Not to mention they'd be a lot faster than the PPC chip of a comparable price. I use Linux because I'm cheap or else I'd be running MacOS X on all the machines in my house. Alas I can't afford to replace my $500 desktop with a $3000 equivalent Mac.
As I said, HAVING a laptop isnt stupid. But BUYING one, for me, is. As always, YMMV, but I have never had to purchase one, they have always been purchased for me.
There's nothing wrong with BUYING a laptop. My PIII-650 Dell Inspiron I bought in 1999 still works just dandy. In fact, I just bought a new battery for it so I could use it unplugged from the AC outlet again. It didn't suddenly become obsolete because it's 4 or 5 years old. It still runs Windows 2000 fine, Internet browsing is speedy over the ancient D-Link 802.11b card I bought years ago, the 20GB hard drive is more than sufficient for all my apps, and 256MB of RAM is enough to keep me from swapping all the time.
What is so obsolete about it that I should regret paying $1800 I've gotten almost 5 years of good service out of it and I imagine I'll get another 5 years since it's more than fast enough for e-mail and web browsing.. it's not like e-mail will suddenly require a 3GHz P4 next year or Mozilla will suddenly require an Athlon 64 3400+ to run sufficiently.
Yesterday Bill Gates stormed into a local Seattle Linux Users Group meeting and was quoted as saying:
"Aww, you motherfuckers. Okay. Alright. I'm putting cases on all you bitches. Huh. You think you can do this shit... Jake. You think you can do this to me? You motherfuckers will be playing basketball in Pelican Bay when I get finished with you. Shoe program, nigga. 23 hour lockdown. I'm the man up in this piece. You'll never see the light of... who the fuck do you think you're fucking with? I'm the police, I run shit around here. You just live here. Yeah, that's right, you better walk away. Go on and walk away... 'cause I'm gonna' burn this motherfucker down. King Kong ain't got shit on me. That's right, that's right. Shit, I don't, fuck. I'm winning anyway, I'm winning... I'm winning any motherfucking way. I can't lose. Yeah, you can shoot me, but you can't kill me."
As much as I wanted to mod you down, here's my response instead:
BTW, WTF is up with that comment? You really need to read the moderation FAQ sometime and quit using moderation as a way to censor people who have differing opinions from yourself. Fine, you use your Sony NZ-90 a lot, I don't use my Palm M505 at all.
A guy making $20k/year who can't come up with a reason on his own why he needs one certainly shouldn't be blowing a couple hundred bucks on one just to satisfy his curiosity. The fact of the matter is, if you need a PDA you will buy one, if you don't then get a dayplanner, they're much cheaper.
As for using a PDA for network administration, why would I bother with a kludgy pen interface for debugging issues when I can just grab a laptop if I needed a mobile device (which I don't since we're sane and have everything on terminal servers). I can quite comfortably sit at home at my desk and bring the entire network up or down via a modem.
First, this is purely misogynistic. If this was the case then no-one would be a 'new' player in counter-strike, quake, or unreal. Unless you're suggesting that women are somehow genetically inferior to men, then one would expect that as many men would pass on multiplayer games as women. By extension, this would suggest that only as many men would take to multiplayer games as women do.
By the way, in my statement I wasn't bashing women... quite the opposite in fact. My coworkers in question are men. They can play single player games just fine and do quite well, but when going online and facing teenagers who play every waking hour of the day it's VERY hard to pick up. I can completely understand their disinterest in being constantly owned by some pimply faced 12 year old brat who spends from 2:30pm to midnight playing video games and then has the audacity to call them losers? Have you been on a public server lately? People are complete asshats and treat new players like shit. Everyone was new at one time.
LAN party I held two weeks ago would have been much more dificult without the Razor hacked version of Steam (For Counter Strike) since we weren't able to keep the internet connection up.
What do you need Steam for? The older versions of Half-Life and Counter-strike don't require an Internet connection. Why not just use the pre-steam version? Personally I tried going back to Counter-Strike after a 1 year hiatus playing BF1942 and when I found Steam was the only real way you can play these days I gave up. It sucks horribly. I guess that's one way to kill a game.
I'd love to play with one, but I just don't know what I'd do with it, apart from hold my phone numbers. My cell already does that. Anyone?
Well then they're really not targetted at you. If you only make $20k/year then blowing $400 on a PDA isn't that great of a decision. These are for people that need the newest and greatest gadgets and have gads of disposable income. If you don't fit in there then stick with a paper day planner from a dollar store. I've still got a Palm M505 and hardly ever use it. Once in awhile I play Tetris on it or jot a phone number down, but I could've just bought a Game Boy and used a piece of scrap paper for the phone number (or programmed it in my cell phone like you said). I honestly don't know what people see in PDAs.. I'd prefer having a subnotebook like the old Toshiba Libretto that I can type fast on to take notes in class or something.
For some reason, women love the Sims games. More than likely, they're up at all hours running their little Sims' lives.
I love the Sims too though and I'm a guy. I don't have any of those wacky expansion packs, just the original I bought a few years ago to try out though. I'm probably similar to the majority of guys playing that game though: Get the house with the two women in it, greet, talk, compliment, talk, compliment, talk, compliment, hug, give a backrub, hug, hug, hug, talk, compliment, give a gift, hug, kiss, kiss, hug, kiss, etc. Lesbian Sims rule. Either that or building walls around a bunch of people and getting something to burn it down so everyone inside dies. "ahhh!!! Fire!"
The interesting question of 'women in games' is: why aren't women playing console games, massmogs, multiplayer strategy/fps/rpg/etc?
Because they're too complicated and hard to pick up. My coworkers can play single player mode FPS games just fine, but they say once they go online they get their ass kicked and it's no fun. I mean, if you played basketball in real life against Michael Jordan every day and constantly got your ass kicked, would YOU want to keep playing? I'd get annoyed and find a sport I'm better at.
Dunno, 80k for a wireless link with just the minimal of support fees sounds good, especially for 45mbps. Considering the facts that theres no telco fees involved with a wireless point-to-point solutions (unless i'm being extremely dumb).
No kidding. How big is this company if they can't afford an $80k investment in hardware? I'd snap that up at the drop of a hat since you'll have no per-month fees to pay to a telco. Obviously they're big enough to justify 45Mbps worth of bandwidth so I'd think $80k up front would be a drop in the hat.
Slashdot Mirror
Which provider were you with again? The phone I was looking at had a built-in camera, but nothing as extravagant as a cocksucking device and an espresso machine. Wow. Just... Wow.
I would imagine with most of them they'd tie into the same authentication mechanisms your current RAS dialup or VPN solution does. Most of them support RADIUS and with RADIUS support you can get almost any kind of hardware token authentication you want. i.e. Point your SSL VPN box at the RADIUS server running on your ACE/Server and you can authenticate SecurID tokens. The good SSL vpns will understand challenge-response protocols as well so you can deal with "next tokencode mode" and "new pin mode" with SecurID cards and such.
If that's too complicated there's also the old standby passwords or SSL certificates, or hell, no authentication at all (acting as a plain SSL reverse web proxy for example).
The Neoteris stuff in particular provides you with a sort of "secure web portal" to your intranet (they call their product the Instant Virtual Extranet). It's very easy to configure and get setup, supports tons of different authentication mechanisms and the various penetration tests we've had conducted on ours have had it pass without a problem. Underneath it all it's basically a Linux box (right down to a LILO menu letting you select the image to boot, to rollback to an older version, or to perform a factory restore).
We have ours setup with SecurID token based authentication so we can present a secure SSL two-factor authenticated gateway to any of our internal sites without fscking around with the RSA Web Agent software and relying on IIS or Apache for webserver security. I'm not even sure where to start describing it since it has so many features... logging is very detailed down to the URL level, you can access Windows file shares and NFS exports via servlets, etc.
One of the neat features of it though is the secure application manager piece which basically does port forwarding. You can either let users setup their own application forwarding options or present them with a list of preconfigured ones (or both). The Java (or Active-X app.. it's configurable) app even goes so far as to modify the hosts table so users don't have to reconfigure their software. For example, say you want to allow POP access to your internal POP server to authenticated users. Basically when they login this Java app binds to a localhost address like 127.0.0.12 port 110 and then edits the hosts table to point smtp.whatever.com to 127.0.0.12. When you fire off your mail reader and connect to smtp.whatever.com it connects to 127.0.0.12, gets tunneled over the SSL connection and then redirected to the "real" server on the other side. Anyone doing SSH port forwarding should find this familiar, but it's done transparently enough that the end user doesn't have to know how it works. When the session terminates it removes the hosts table entries and cleans itself up by unbinding the ports. We've had good luck with this and laptop users roaming between home and the work LAN without making any changes at all to their applications.
Now, how is this better than IPSec? We don't have to worry about a network layer tunnel being established between some user's "dirty" home workstation and our protected network. There's a lot less chance of something accidently slipping through like a NetBIOS worm because it only allows what you explicitly configure it to allow. This appeals to us mainly because we're interested in it for the RAS replacement functionality. 99% of our users VPN in to our older VPN gateway to check mail or grab a file via Windows file sharing... The Neoteris box totally fits their needs and requires zero software installed on their system for us to worry about supporting. Ever try to make Checkpoint Secure Remote client live nicely with Cisco's VPN software?
By the way, I should point out that SSL VPNs are aimed at real enterprises and not small offices with 20, or even 200 people in them. These boxes costs tens of thousands of dollars to purchase and thousands of dollars in maintenance contract costs per year. These are not meant to replace someone's hacked up OpenBSD VPN gateway with some free IPSec Windows clients they found on the net sort of setup. These are definitely aimed at the bigger corporate environments.
One of our biggest uses has been putting the boxes in front of previously buggy and insecure Windows IIS webservers to offer an additional layer of security. Users don't need some clunky Cisco IPSEC vpn software installed before they can access the web sites in question.. jus
Of course, if you're going to be scavenging to build a fusion reactor, don't be suprised when your ass is hauled off to GITMO.
In a creepy Big Brother-esqe sort of way. Feh, I'll stick with mythtv, thanks. :-)
Enterprise jumped the shark the minute that vulcan chick had to get lubed up by the engineer guy after their first away mission. Berman is a complete waste of flesh if he thinks tits and ass were the only thing that attractged people to Star Trek TNG.
Hey, Tru Calling is pretty good. Don't knock it if you haven't seen it. :-) The chick is hot, but I don't get why she can't tell her boyfriend of her power. Pretty lame.
You lost me on step 1:
-bash: emerge: command not found
Oh, silly me, here we go:
Why would you assume that a guy with a 40 foot antenna in his yard is blocking your cell phone signals somehow? A 40 foot antenna like that would be used for HF communications and wouldn't have anything to do with the wavelengths your cell phone uses. Amateur radio operators are much more respectful of the limited radio spectrum than your average suburbanite cell-phone using panty-waste.
Hey, it works for the spammers doesn't it? Even 1% of the millions of people they spam buying a product is enough to keep them in business.
Not to mention they'd be a lot faster than the PPC chip of a comparable price. I use Linux because I'm cheap or else I'd be running MacOS X on all the machines in my house. Alas I can't afford to replace my $500 desktop with a $3000 equivalent Mac.
Hey, it worked for Netscape right?
There's nothing wrong with BUYING a laptop. My PIII-650 Dell Inspiron I bought in 1999 still works just dandy. In fact, I just bought a new battery for it so I could use it unplugged from the AC outlet again. It didn't suddenly become obsolete because it's 4 or 5 years old. It still runs Windows 2000 fine, Internet browsing is speedy over the ancient D-Link 802.11b card I bought years ago, the 20GB hard drive is more than sufficient for all my apps, and 256MB of RAM is enough to keep me from swapping all the time.
What is so obsolete about it that I should regret paying $1800 I've gotten almost 5 years of good service out of it and I imagine I'll get another 5 years since it's more than fast enough for e-mail and web browsing.. it's not like e-mail will suddenly require a 3GHz P4 next year or Mozilla will suddenly require an Athlon 64 3400+ to run sufficiently.
"Aww, you motherfuckers. Okay. Alright. I'm putting cases on all you bitches. Huh. You think you can do this shit... Jake. You think you can do this to me? You motherfuckers will be playing basketball in Pelican Bay when I get finished with you. Shoe program, nigga. 23 hour lockdown. I'm the man up in this piece. You'll never see the light of... who the fuck do you think you're fucking with? I'm the police, I run shit around here. You just live here. Yeah, that's right, you better walk away. Go on and walk away... 'cause I'm gonna' burn this motherfucker down. King Kong ain't got shit on me. That's right, that's right. Shit, I don't, fuck. I'm winning anyway, I'm winning... I'm winning any motherfucking way. I can't lose. Yeah, you can shoot me, but you can't kill me."
You're asking US? I shop at Walmart for clothes so I can afford to buy a $3000 PowerMac in the summer.
BTW, WTF is up with that comment? You really need to read the moderation FAQ sometime and quit using moderation as a way to censor people who have differing opinions from yourself. Fine, you use your Sony NZ-90 a lot, I don't use my Palm M505 at all.
A guy making $20k/year who can't come up with a reason on his own why he needs one certainly shouldn't be blowing a couple hundred bucks on one just to satisfy his curiosity. The fact of the matter is, if you need a PDA you will buy one, if you don't then get a dayplanner, they're much cheaper.
As for using a PDA for network administration, why would I bother with a kludgy pen interface for debugging issues when I can just grab a laptop if I needed a mobile device (which I don't since we're sane and have everything on terminal servers). I can quite comfortably sit at home at my desk and bring the entire network up or down via a modem.
By the way, in my statement I wasn't bashing women... quite the opposite in fact. My coworkers in question are men. They can play single player games just fine and do quite well, but when going online and facing teenagers who play every waking hour of the day it's VERY hard to pick up. I can completely understand their disinterest in being constantly owned by some pimply faced 12 year old brat who spends from 2:30pm to midnight playing video games and then has the audacity to call them losers? Have you been on a public server lately? People are complete asshats and treat new players like shit. Everyone was new at one time.
Perhaps this project was outsourced to India? Wouldn't it be lovely if we could bash Indians and Ohio in one article?
Why would Apple get a discount? They probably get them for cost. The question is, did VA Tech get a discount.
What do you need Steam for? The older versions of Half-Life and Counter-strike don't require an Internet connection. Why not just use the pre-steam version? Personally I tried going back to Counter-Strike after a 1 year hiatus playing BF1942 and when I found Steam was the only real way you can play these days I gave up. It sucks horribly. I guess that's one way to kill a game.
Well then they're really not targetted at you. If you only make $20k/year then blowing $400 on a PDA isn't that great of a decision. These are for people that need the newest and greatest gadgets and have gads of disposable income. If you don't fit in there then stick with a paper day planner from a dollar store. I've still got a Palm M505 and hardly ever use it. Once in awhile I play Tetris on it or jot a phone number down, but I could've just bought a Game Boy and used a piece of scrap paper for the phone number (or programmed it in my cell phone like you said). I honestly don't know what people see in PDAs.. I'd prefer having a subnotebook like the old Toshiba Libretto that I can type fast on to take notes in class or something.
I love the Sims too though and I'm a guy. I don't have any of those wacky expansion packs, just the original I bought a few years ago to try out though. I'm probably similar to the majority of guys playing that game though: Get the house with the two women in it, greet, talk, compliment, talk, compliment, talk, compliment, hug, give a backrub, hug, hug, hug, talk, compliment, give a gift, hug, kiss, kiss, hug, kiss, etc. Lesbian Sims rule. Either that or building walls around a bunch of people and getting something to burn it down so everyone inside dies. "ahhh!!! Fire!"
Because they're too complicated and hard to pick up. My coworkers can play single player mode FPS games just fine, but they say once they go online they get their ass kicked and it's no fun. I mean, if you played basketball in real life against Michael Jordan every day and constantly got your ass kicked, would YOU want to keep playing? I'd get annoyed and find a sport I'm better at.
No kidding. How big is this company if they can't afford an $80k investment in hardware? I'd snap that up at the drop of a hat since you'll have no per-month fees to pay to a telco. Obviously they're big enough to justify 45Mbps worth of bandwidth so I'd think $80k up front would be a drop in the hat.