I dont know why this resentment over jobs going to India.
We resent jobs going to India because we can't compete with Indians. If jobs were moving because there aren't enough skill workers available here, or because the cities are dirty, crime ridden shit holes or because the taxes are too high that would be one thing - we could work with that. But none of that's the case. These jobs are going to India because they have skilled workers working for a fraction of a western minimum wage. Nothing we can posisbly do about that. You just can't live in a western country with that income.
These jobs aren'g going to India because these companies like India... they're only going there becaues Indians are cheap. And as the Indian economy grows and improves, they won't be cheap forever. At that point these companies will just pack up and move to the next second world source of cheap labor. They'll be resentful too when that day comes.
Some ISPs are doing customer-level ingres filtering -- e.g. if the "other end" of the cable modem gets a packet whose src address is not that of the cable modem, drop it on the floor, it's forged.
If your firewall isn't doing that (egress filtering) then it is not configured correctly. Shouldn't just be some ISPs...
If it's the clearest you've seen, then frankly you've only seen crap. Just about every other laptop company (excluding, interestingly, Apple) is using some very nice LCD technology that makes IBM laptops look like something from 1998.
Just about every other laptop company, such as whom? I've used a thinkpad off and on with an HP and occasionally a Dell... my T40 is the best PC I've ever used, hands down. Very glad I own one.
I thought true republicans believed in small government? From the referenced article:
" I did not usurp power," he wrote, "but I did greatly broaden the use of executive power.
Re:Why is stealth mode pointed out as special?
on
Tiger's 200 New Features
·
· Score: 2, Insightful
I don't understand why people bother with them.
If you need to provide access to a service, then you have to open its matching ports anyway. If you need to protect a port/daemon/service/wakilix from attack, just don't run it.
Because most people don't understand that a firewall should only be a secondary protection mechanism for your computer or network. It shouldn't be your sole line of defense.
Personally, I make sure my machines don't have anything running or listening that doesn't need to be. Really, that's security 101. I also use firewalls, both on the host and at the network perimiter, but those are just there for backup in case I'm messing with the initscripts or something one day and start up something I shouldn't have and don't notice right away.
The other important functions of any firewall should be egress filtering & monitoring. That means doing the rest of the world a favor (and yourself too, by extension) and blocking port 25 outbound except to where it needs to go, dropping spoofed packets from your network, limiting the rate of outbound SYNs, and similar things.
The firewall can also serve as an intrusion detection mechanism when watching outbound traffic. IE, if you one day start seeing your firewall drop all kinds of traffic to random SMTP servers and it isn't a mail server, that's a red flag.
Umm. Riiight. You are aware that the two options you suggested both require restarting the machine to access the firmware of the RAID card, however "cool" you think it is?
Restarting = downtime = bad. No, really.
The Areca card is for proper environments where you just don't have the option to take the system down to pull a disc or three from the array. Hotswap discs, hot-rebuilding of RAID arrays, etc. It's a proper RAID card.
No... "proper" RAID cards have software that you can use to administer and monitor the array. "proper" RAID cards have allowed you to pull disks, hot swap and rebuild the array online for decades. No "proper" RAID card has a network connection and has you use telnet to into the controller to administer it... how dumb. No "proper" system will have you using telnet or any plaintext protocol to administer anything.
And if the array is so fucked up that you can't get into the server to see what the array is doing via software, well then bringing the server down to get into the firmware setup isn't hurting much.
A RAID controller with its own ethernet port and protocol stack all the way up to a telnet service? That is just stupid.
The right way to do this is either just get one of these or one of the many more expensive/featureful alternatives. Or better yet, just get a real server that has a real serial console (or if you run windows and/or have more money than brains, get some KVM over IP thing)...
A RAID controller with its own telnet service for remote access to the firmware... *shudder*...
if a > b:
if a > c: # indented with 4 spaces
print "python forces me to use stupid editor settings" # indented with 8 spaces
print "I am less productive in python as a result" # indented by a tab
Well I wouldn't write or leave code sitting in a project with that kind of messy indentation in any language, curly braces or not.
And you can always do bizarre ass indentation where every level is a different width. I realize you shouldn't code this way, and obviously I don't *intentionally* code this way. But there is more to programming than simply writing a piece of code the first time, many other people read it and edit it afterwards, and cause weird errors like this if they don't worship at the alter of python editor settings, or when they try to move a block of code to a different place, where the indentation is different, and have to try to fix it, and can very easily make a mistake.
I guess that's just your style then. When I have to work on code someone else wrote or import code from one place to another the first thing I do is make the indentation style consistent regardless of the language. Changing the indentation style on any given consistently indented code block is not hard. Peronsally I use the tabs-to-indent+spaces-to-align style. Sometimes I'll change my tab stops several times while I'm working on the same project to accommodate long lines or make deeply nested code look less scattered. I just hate working on code that isn't consistently indented so I take care of that pretty quickly when working on something so I've never run into a problem in python.
What else people want is the ability to have the clear, consise and useful curly braces that they have come to love. Instead of trying to dismiss the valid concerns about whitespace, how about trying to explain what benefit it provides? Saying "its just like what you are already used to" is a cop-out, that's not a benefit.
Ok, well let me put it this way: Unless you are writing an obfuscated code contest entry, the curly braces are redundant. You're already indenting code the way python interprets it. You have been for years. I don't know if it provides any tangible benefits, but my point is that it shouldn't be a valid reason for not trying python. It really isn't the huge deal that many people make it out to be.
And "it forces you to indent correctly" isn't even correct, as you can clearly have lines that look identically indented, but aren't actually being interpreted that way by python due to a mix of spaces and tabs.
Give me a block of python code that looks one way and is interpreted another. I'm not saying you're flat out wrong, but I played around with it for a bit and can't come up with such an example so I have my doubts...
If the code is consistently indented to begin with, then reformatting it to a new indentation style is more or less a search & replace operation.
If the code is not consistently indented but still valid python (ie, indentation style varies from block to block) it is still possible to change the indentation style programmaticly.
What happens when you use 3 spaces to indent, someone else uses 8, and I am not a dumbass so I use indents to indent? Oops, that's right, we have to fight over who's style we use, and then we have to be pissed off and less productive now that we're working in an uncomfortable environment. With a language that has block level delimiters, wether they are curly braces, "begin" and "end" or whatever, you can code in whatever style you want, then when you checkin your code, you re-indent it using a simple script or the indent command if you are doing C/C++. This isn't possible with python.
So you decide on a standard, such as tabs. When somebody who'd rather use 3 spaces to indent checks out the code they do the reverse of what they do when they check in in the above scenario.
If you really want to you can mix indentation styles as long as every line in a particular block uses the same style. This is valid python:
def func2():
# indented with a tab
print "bleh2"
if 1==1:
# indented with a tab and three spaces
print "yeah"
print "yeah2"
What else do you want? Most programmers I know don't like to work on code where the indentation style constantly changes from one line to the next (let alone within the same project) - why is it a big deal that python doesn't either?
Second, spending 20 minutes with python will not cure the whitespace problem. It is 100%, without a doubt a mistake. I have a 12000 line 3 man project in python, and the whitespace issue is a very big problem. We are looking for a proper language to migrate to partly because of this.
What exactly is the problem with the whitespace? The meaning of whitespace in Python are exactly the same as the indentation conventions you've used in C, C++, Perl, Java.... I used to be disgusted by the whitespace thing but then I actually tried python, and I never was bothered with the whitepsace-as-syntax thing. The reason is that the way the indentation in python works exactly the same as the way I've already been programming for years in other languages... It is completely intuitive. If you've been programming in C, C++, Java or Perl or similar languages then you already know how that aspect of python sytax works.
But it does say that "sessions are uni-directional, outbound from the private network." I don't know how else to interpret that, even if it doesn't explicitly say what should be done with unexpected inbound sessions.
Well I interpret that as a conceptual explanation on what is happening on a network where this type of NAT would be useful. They aren't actually writing a hard specification telling implementors do drop packets. I've yet to see a NAT implementation that can be configured to drop packets... and like I mentioned in another post, the RFC (2663 I think) tells you to use a firewall in addition if you actually want security.
Re:Wow! think of all them IP addresses.
on
The Next Net
·
· Score: 1
You are a moron and are completely overcomplicating the issue! NAT is rather simple.
Well it can't be simpler than a network without NAT.
With properly configured NAT it is impossible to initiate a connection from the outside of the NAT to the inside... PERIOD! Networking 101 my ass, more like you talking out of your ass. Go back to school (or maybe just to school).
You can configure NAT all day long and it still not BLOCK anything, period. NAT doesn't drop anything and cannot be configured to do so. Why don't you actually try it instead of talking out of your ass:
Go ahead, try that on linux or try the equivalent on any firewall you want. Hook a machine up to the outer interface, set up a route to the inside on that machine and tell me what happens to the packets you send in.
Find me one single NAT implementation which can be configured to drop packets. Show me anything in any RFC that specifies that NAT must drop packets. How can you possibly read through this thread and not get that message by now?
Re:Wow! think of all them IP addresses.
on
The Next Net
·
· Score: 1
Wow, that comment is outrageous and dead wrong. NAT affords many advantages not the least of which is security.
Talk about outrageous and dead wrong. NAT has absolutely nothing to do with security... been discusseed many times. Read the other responses to this comment.
infact, it'd be a huge pain if they did.
On the contrary IPv6 has features which make renumbering easier if and when you need to do it. Barring the pain of renumbering, using NAT is actually more of a pain than not doing so if you have anything but the simplest of networks.
In a traditional NAT, sessions are uni-directional, outbound from the private network. Sessions in the opposite direction may be allowed on an exceptional basis using static address maps for pre-selected hosts.
That doesn't say that if there is no static map inbound sessions must be prohibited. Nothing anywhere in any of the NAT RFCs says that NAT must drop a packet or actively prevent a connection in any way.
Re:Wow! think of all them IP addresses.
on
The Next Net
·
· Score: 1
No, I assume that my NAT box will drop any packets whose address don't match it. That is the case with my own NAT, although I suppose others could function promiscuously, although that would be contrary to the definition of NAT. [RFC 3022]
As a matter of fact I did look at that RFC, and I do not even see the words 'drop' or 'reject' anywhere in that RFC or any of the RFCs related to NAT for that matter. Not only that, but section 9.0 of RFC 2663 states "NAT routers may be used in conjunction with firewalls to filter unwanted traffic".
If you think that many NATs disobey that definition, then you might submit corrections to pages like this and especially this.
First of all, I don't think NAT does this, I know it does. You can try it yourself. On linux for example, set up a masquerade or SNAT on your outbound interface, enable IP forwarding and do nothing else. Now get on a machine connected to the network on the outside of your 'NAT box', set up a route to the inside network, and watch those packets flow right in. You can follow the exact same proceedure on IOS, checkpoint and I'm sure ipf and ipfw (I've never tried doing exactly this on those, but I dare you to try...).
then you might submit corrections to pages like this and especially this.
Well the first page times out and for the second one they are probably assuming that routes don't exist to the internal prefix(es). But I agree, perhaps someone should submit a clarification along those lines.
(And it would be quite inefficient, as flooding the ethernet hubs inside NATs with all their neighbors' non-matching packets)
Yes, it would kind of suck to have your neighbors sending whatever traffic they wanted into your LAN, wouldn't it? Fortunately, in practice, nobody uses only NAT. Pretty much everyone uses a firewall in conjunction with it to drop the unwanted traffic.
You are assuming I even HAVE a router. Router != NAT... routers expose the addresses of machines behind them, NATs hide these.
You really don't know what you are talking about. It is not possible to perform NAT on something that is not a router. You have a machine connected to multiple networks and it is forwarding the traffic among them - that is the definition of a router. Wether or not that router is translating the packets as it forwards them is irelevant. If it happens to rewrite certain addresses and ports as it forwards that traffic it doesn't cease to be a router.
Enough networking 101 for tonight, gotta wake up ealry tommorow.
Re:Wow! think of all them IP addresses.
on
The Next Net
·
· Score: 2, Insightful
Fine, semantics. The packet is unmodified, so its address matches to none of the TCP/IP stacks on the LAN, so it gets dropped by every PC. Not rewriting an address is effectively dropping it (unless you somehow had a local machine with an IP identical to that of your NAT box on the Internet)
You are assuming that every packet that comes down your internet connection will have a destination IP address matching your router's public IP address. That is an unwise assumption to make for at least two reasons:
1. You are effectively placing the security of your LAN into the hands of your ISP.
2. Many broadband connections present subsribers with an ethernet interface, which from their perspective makes all subscribers in the area look like they're on one big ethernet. In this situation other users can simply add a route to your LAN's address via your outside IP address and viola, full access to your LAN.
Re:Wow! think of all them IP addresses.
on
The Next Net
·
· Score: 1
If a totally unexpected packet arrives at a NAT (such as during a portscan attack), there is no reasonable way to guess which of the multiple local machines should recieve it, so (by default) a choice is made to drop it.
Not so, since NAT does not drop anything. If a totally unexpected packet arrives, NAT will simply not make any changes to the packet. The packet will continue its way through the router as normal. Unless you have filtering rules (which are a totally different & independent thing) that specify otherwise, that packet will be sent right on through to wherever your routing tables specify.
Slashdot Mirror
Well if that's the case I wonder what browser they are using exactly... IE must have been thrown out long ago.
So that large lake then isn't doing such a good job?
And excuse me Mr Hick, but "we" didn't elect george bush, YOU elected george bush.
We resent jobs going to India because we can't compete with Indians. If jobs were moving because there aren't enough skill workers available here, or because the cities are dirty, crime ridden shit holes or because the taxes are too high that would be one thing - we could work with that. But none of that's the case. These jobs are going to India because they have skilled workers working for a fraction of a western minimum wage. Nothing we can posisbly do about that. You just can't live in a western country with that income.
These jobs aren'g going to India because these companies like India... they're only going there becaues Indians are cheap. And as the Indian economy grows and improves, they won't be cheap forever. At that point these companies will just pack up and move to the next second world source of cheap labor. They'll be resentful too when that day comes.
If your firewall isn't doing that (egress filtering) then it is not configured correctly. Shouldn't just be some ISPs...
Just about every other laptop company, such as whom? I've used a thinkpad off and on with an HP and occasionally a Dell... my T40 is the best PC I've ever used, hands down. Very glad I own one.
Because most people don't understand that a firewall should only be a secondary protection mechanism for your computer or network. It shouldn't be your sole line of defense.
Personally, I make sure my machines don't have anything running or listening that doesn't need to be. Really, that's security 101. I also use firewalls, both on the host and at the network perimiter, but those are just there for backup in case I'm messing with the initscripts or something one day and start up something I shouldn't have and don't notice right away.
The other important functions of any firewall should be egress filtering & monitoring. That means doing the rest of the world a favor (and yourself too, by extension) and blocking port 25 outbound except to where it needs to go, dropping spoofed packets from your network, limiting the rate of outbound SYNs, and similar things.
The firewall can also serve as an intrusion detection mechanism when watching outbound traffic. IE, if you one day start seeing your firewall drop all kinds of traffic to random SMTP servers and it isn't a mail server, that's a red flag.
You run that without snapshotting? That's scary. You have an good chance of having corrputed files in the backup.
No... "proper" RAID cards have software that you can use to administer and monitor the array. "proper" RAID cards have allowed you to pull disks, hot swap and rebuild the array online for decades. No "proper" RAID card has a network connection and has you use telnet to into the controller to administer it... how dumb. No "proper" system will have you using telnet or any plaintext protocol to administer anything.
And if the array is so fucked up that you can't get into the server to see what the array is doing via software, well then bringing the server down to get into the firmware setup isn't hurting much.
A RAID controller with its own ethernet port and protocol stack all the way up to a telnet service? That is just stupid.
The right way to do this is either just get one of these or one of the many more expensive/featureful alternatives. Or better yet, just get a real server that has a real serial console (or if you run windows and/or have more money than brains, get some KVM over IP thing)...
A RAID controller with its own telnet service for remote access to the firmware... *shudder*...
And god is not fully understood either. What's your point? At least we understand chemistry a lot better than god.
While we all wait? No, not really.
Well I wouldn't write or leave code sitting in a project with that kind of messy indentation in any language, curly braces or not.
I guess that's just your style then. When I have to work on code someone else wrote or import code from one place to another the first thing I do is make the indentation style consistent regardless of the language. Changing the indentation style on any given consistently indented code block is not hard. Peronsally I use the tabs-to-indent+spaces-to-align style. Sometimes I'll change my tab stops several times while I'm working on the same project to accommodate long lines or make deeply nested code look less scattered. I just hate working on code that isn't consistently indented so I take care of that pretty quickly when working on something so I've never run into a problem in python.
Ok, well let me put it this way: Unless you are writing an obfuscated code contest entry, the curly braces are redundant. You're already indenting code the way python interprets it. You have been for years. I don't know if it provides any tangible benefits, but my point is that it shouldn't be a valid reason for not trying python. It really isn't the huge deal that many people make it out to be.
Give me a block of python code that looks one way and is interpreted another. I'm not saying you're flat out wrong, but I played around with it for a bit and can't come up with such an example so I have my doubts...
If the code is consistently indented to begin with, then reformatting it to a new indentation style is more or less a search & replace operation.
If the code is not consistently indented but still valid python (ie, indentation style varies from block to block) it is still possible to change the indentation style programmaticly.
So you decide on a standard, such as tabs. When somebody who'd rather use 3 spaces to indent checks out the code they do the reverse of what they do when they check in in the above scenario.
If you really want to you can mix indentation styles as long as every line in a particular block uses the same style. This is valid python:What else do you want? Most programmers I know don't like to work on code where the indentation style constantly changes from one line to the next (let alone within the same project) - why is it a big deal that python doesn't either?
What exactly is the problem with the whitespace? The meaning of whitespace in Python are exactly the same as the indentation conventions you've used in C, C++, Perl, Java.... I used to be disgusted by the whitespace thing but then I actually tried python, and I never was bothered with the whitepsace-as-syntax thing. The reason is that the way the indentation in python works exactly the same as the way I've already been programming for years in other languages... It is completely intuitive. If you've been programming in C, C++, Java or Perl or similar languages then you already know how that aspect of python sytax works.
So does the IETF, and they don't have any diplomats in-house.
Well I interpret that as a conceptual explanation on what is happening on a network where this type of NAT would be useful. They aren't actually writing a hard specification telling implementors do drop packets. I've yet to see a NAT implementation that can be configured to drop packets... and like I mentioned in another post, the RFC (2663 I think) tells you to use a firewall in addition if you actually want security.
Well it can't be simpler than a network without NAT.
You can configure NAT all day long and it still not BLOCK anything, period. NAT doesn't drop anything and cannot be configured to do so. Why don't you actually try it instead of talking out of your ass:
iptables -t filter -F
iptables -t filter -P ACCEPT
iptables -t nat -F
iptables -t nat -I POSTROUTING -o -j MASQUERADE
Go ahead, try that on linux or try the equivalent on any firewall you want. Hook a machine up to the outer interface, set up a route to the inside on that machine and tell me what happens to the packets you send in.
Find me one single NAT implementation which can be configured to drop packets. Show me anything in any RFC that specifies that NAT must drop packets. How can you possibly read through this thread and not get that message by now?
Talk about outrageous and dead wrong. NAT has absolutely nothing to do with security... been discusseed many times. Read the other responses to this comment.
On the contrary IPv6 has features which make renumbering easier if and when you need to do it. Barring the pain of renumbering, using NAT is actually more of a pain than not doing so if you have anything but the simplest of networks.
That doesn't say that if there is no static map inbound sessions must be prohibited. Nothing anywhere in any of the NAT RFCs says that NAT must drop a packet or actively prevent a connection in any way.
As a matter of fact I did look at that RFC, and I do not even see the words 'drop' or 'reject' anywhere in that RFC or any of the RFCs related to NAT for that matter. Not only that, but section 9.0 of RFC 2663 states "NAT routers may be used in conjunction with firewalls to filter unwanted traffic".
First of all, I don't think NAT does this, I know it does. You can try it yourself. On linux for example, set up a masquerade or SNAT on your outbound interface, enable IP forwarding and do nothing else. Now get on a machine connected to the network on the outside of your 'NAT box', set up a route to the inside network, and watch those packets flow right in. You can follow the exact same proceedure on IOS, checkpoint and I'm sure ipf and ipfw (I've never tried doing exactly this on those, but I dare you to try...).
Well the first page times out and for the second one they are probably assuming that routes don't exist to the internal prefix(es). But I agree, perhaps someone should submit a clarification along those lines.
Yes, it would kind of suck to have your neighbors sending whatever traffic they wanted into your LAN, wouldn't it? Fortunately, in practice, nobody uses only NAT. Pretty much everyone uses a firewall in conjunction with it to drop the unwanted traffic.
You really don't know what you are talking about. It is not possible to perform NAT on something that is not a router. You have a machine connected to multiple networks and it is forwarding the traffic among them - that is the definition of a router. Wether or not that router is translating the packets as it forwards them is irelevant. If it happens to rewrite certain addresses and ports as it forwards that traffic it doesn't cease to be a router.
Enough networking 101 for tonight, gotta wake up ealry tommorow.
You are assuming that every packet that comes down your internet connection will have a destination IP address matching your router's public IP address. That is an unwise assumption to make for at least two reasons:
1. You are effectively placing the security of your LAN into the hands of your ISP.
2. Many broadband connections present subsribers with an ethernet interface, which from their perspective makes all subscribers in the area look like they're on one big ethernet. In this situation other users can simply add a route to your LAN's address via your outside IP address and viola, full access to your LAN.
Not so, since NAT does not drop anything. If a totally unexpected packet arrives, NAT will simply not make any changes to the packet. The packet will continue its way through the router as normal. Unless you have filtering rules (which are a totally different & independent thing) that specify otherwise, that packet will be sent right on through to wherever your routing tables specify.