What the guy is saying is that if Windows turns out to have a problem, you can rely on Microsoft to provide updates.
And in the exact same way if a Redhat distro (for example) has a problem, you can rely on RedHat to provide updates.
You *can't* legally rely on Linus Torvalds or any of the other developers to provide a solution to the problem.
Right - no more so than you can legally rely on Microsoft to provide a solution to problems in their software. They explicitly state that in all of their licence agreements.
9/11 was the most shocking event since Pearl Harbor. You didn't think we were going to let things go, did you? Even in Iraq?
Why are you even mentioning 9/11 and Iraq in the same sentence? They had nothing to with each other until Bush used one to create a war involving the other.
Actually, I think there is a big difference in the risk of use and/or abuse of alcohol vs. marijuana. Alcohol is clearly more dangerous to abuse, and far more dangerous in withdrawal. Marijuana withdrawal is incapable of causing death or even serious symptoms. Alcohol withdrawal kills lots of people all the time.
Agreed. More evidence that "to save tax dollars for medical care" isn't a valid reason for anti-drug legilation.
Yesterday my wife and I were trying to figure out why some people get turned on by S&M. We just couldn't see the attraction. Then it occurred to me that it has to do with guilt:
I still don't think you guys have figured it out. It isn't guilt, it is an exchange of control, a surrender... an expression of complete trust in the other.
There's a big difference, risk-wise, between the examples you gave (with the exception of dangerous sports) and using non-approved drugs.
There is not a big difference, risk-wise, between alcohol and marijuana or nicotine and marijuana, yet alcohol and nicotine remain legal and pot remains banned. Clearly this isn't just because of "tax burdens".
as others have pointed out here, there are so many issues that create this problem. Gun ownership, drinking age, smoking age, driving age... You see, if 18 is the right age, then why not 19? or 17? and if 19 or 17, then why not 20 or 16?? oh, you say that is too old, or too young? then why? because YOU say so? well, I say different.
I don't understand what your point is. You want to change the age of majority to 16 or 20? Ok, fine, that's debateable. 18 is more or less arbitrary. But I don't understand what it has to do with this discussion.
see, these are all "moral" decisions and having NO moral compass means we can take this logically to chaos.
The only place there will be chaos where consenting adults want there to be chaos. When someone affects a non-consenting victim, the government may step in and create order and justice. That's its purpose.
Why is forcing your belief in some non-morality-based law system on everyone less self-righteous? Neither of you is right nor wrong.
It is less self-righteous because noone who holds such a belief wishes to tell you how to live your life. If you think porn is wrong, great. Don't watch it. Very simple. I'm not forcing my beliefs on you. You can force your own upon yourself, and so can everyone else.
Now when it comes to things which involve innocent third parties, like rape for instance, then the law should definitely be involved. That's a totally different situation and to be involved in situations like that is the purpose of the government.
Vague and purely subjective morality issues like porn which involve only consenting adults is no business of government, or anyone else.
You see, the question then becomes "where do YOU draw the line?" you find these types of things acceptable
Where I draw the line is very simple: That which involves only consenting adults is noone's business but theirs. Not the government's, not some right-wing christian nutcase's, not mine.
If viewing this material in your home is acceptable, then allowing children (either yours or anyone elses who visit) to view the material is also OK. No you say?? well, why?
Because your activity is involving non-consenting people - children, who by definition cannot give consent.
Sounds pretty obscure to me. How many people (slashdot readers, at least) seriously have a need for this?
Well if you run a server of any kind virtualization is useful to you. I run a server for some of my own stuff (email, web, etc). It is a UML virtual machine (same concept as this Xen stuff) and it is the only virtual machine running on that physical hardware.
What's the point of running only one server in a VM?
Well, I can get consistent image-level backups of the system without shutting the system down. These backups are fully portable too...
I take a backup of my system and move it to any other host (regardless of hardware) and have it run perfectly with zero changes to the VM. It is just a matter of moving a tarball from one host to another and starting the VM back up on the new host. That makes hardware changes very simple.
I can take a snapshot of the filesystems from the physical host and scan the VM for intrusions and unauthorized changes in a way that can't be hidden by intruders.
I once had to move my server accross town. I had a physical server set up in the new place ahead of time. To move the production VM, I shut it down, wrote the VM to a tape, took the tape with me over to the new place and untarred my virtual server onto the new system. No chance of breaking hardware during the move, screwing around with cables, etc. Didn't have to worry about stuff being down while new hardware was connected & tested.
There's got to be a religion or three that concurrs with evolution, or at least has nothing to say against it.
There is, depending on which participants in said religion you talk to.
I was sent to a rather conservative christian private high school. Evolution and natural selection were what was taught in biology. Anything in the bible that blatantly contradicted scientific fact (like earth being created in 6 days) was either said to be simply a parable that was not meant to be taken literally or that god ultimately caused the observed scientific to process happen, so the religious and scientific statements agree (such as evolution).
After hearing the exact opposite from other christian institutions numerous times throughout my childhood, I eventually came to realize they are all wrong.
Interesting. I was not aware of this. I have no real desire to be 'socially irresponsible' with available channels, but for me part of it is that I want to lock the router to 108Mbps-only - in order to further bolster the security of the standard MAC-based ACL
Well if you're interested in security and have no desire to be socially irresponsible, then why don't you actually do those things and give your self some real security by using a VPN tunnel or IPSec over your wireless. MAC address restrictions and even WEP are breakable by anyone who really wants to. 108 is even easier to break than those things and pollutes the spectrum as well.
The jews did not do the wtc, the pentagon yes but not the wtc. The Homos' did the wtc. It's all part of their plan to bring the Nazi party back to power after reducing the US population down to a bunch of subservient rednecks.
Oh, I thought it was Saddam Hussein... been missing the news lately, my telescreen has been broken.
I repsectfully disagree. Americans will never tolerate the terrorism that Isreal has. Private citizens are too well armed (legally) and too, for lack of a better term, righteous. If we were to have car bombs and suicide bombings start, you would see every rifle rack in a every pickup full.
Well shit, a rifle is all you need to stop car & suicide bombs? You know, someone should send our soldiers in Iraq some rifles in that case. Seems like some of those guys are getting blown up every few weeks over there.
Why didn't somebody think of this already... we should have equipped those guys with rifles before heading over there. Maybe some larger caliber automatic ones...
But wait... Aren't private IP addresses non-routable on the real Net? Then how could someone, outside the private network, contact a host inside the private network?
You're right, they aren't routable for the most part, but certain people can make them routable, at least on the network near you on the outside. See my other post. You can't rely on the non-routability of those addresses to maintain the security of your network.
I don't get this, since the hosts behind the NAT are using private IPs, how could the NAT knows which host to send the packets to?
Say, someone initiate a TCP connection to port 80 to the NAT host, which has a real IP of 123.123.123.123, when the NAT receives the packets, how could it know which internal host to forward the packets to?... when an outside initiated connection comes to the NAT at an arbitrary port, and the NAT found that there are no records of connections with regards to that, it doesn't know where to forward the packets to (I suppose it won't randomly forward packets to internal hosts...), so the packets will be rejected or dropped.
I'm not talking about incoming packets addressed to the router itself (123.123.123.123), I'm talking about incoming packets addressed to the private addresses (10/8, 192.168/16, 172.16/12, whatever you use on the inside).
If a packet arrives on the outside interface with an inside destination address, your NAT doesn't come into play at all because your NAT rules only alter outbound packets (departing on the outside interface) and packets addressed to the firewall on certain ports (ie, port forwards).
You're right that NAT does keep a connection state table for translating inbound packets related to established connections, but again, all that stuff doesn't come into play for the situation I'm talking about.
AFAIK (please correct if wrong), internal hosts behind a NAT uses private addresses (and that's the whole point of using a NAT...?), and the only device within the internal network including the NAT who has a REAL IP is the NAT device.
Therefore, how could external packets "routed" to internal hosts? As private IP won't get transferred at all on the Net.
Your own router will route them to internal hosts unless it has filtering rules to tell it to do otherwise. All the attacker has to do is get the packets to your router. There are various ways of doing that - your ISP could be compromised, or if you happen to have brodband which places nearby customers on one logical subnet, any one of those customers machines could be compromised and used to send such packets into your router (which will then happily pass them to your internal host).
Traditional NAT can be viewed as providing a privacy mechanism as sessions are uni-directional from private hosts and the actual addresses of the private hosts are not visible to external hosts.
That is just a conceptual view of how the usual network using Traditional NAT works - sessions are going one way, and the private addresses are not visible to outside hosts. That doesn't specify that NAT should drop connections that are going they other way. Nothing in any of the NAT RFCs says to do so. Search for the words drop, reject, deny, filter, etc in any of the NAT RFCs.
Not only that, but if you look at RFC2663, section 9.0, you'll see:
NAT devices, when combined with ALGs, can ensure that the datagrams
injected into Internet have no private addresses in headers or
payload. Applications that do not meet these requirements may be
dropped using firewall filters. For this reason, it is not uncommon
to find NAT, ALG and firewall functions co-exist to provide security
at the borders of a private network.
leap year - unless you want to have a HUGE team of people go out every four years to reset all of the stop lights in sync on a given day.
A leap year doesn't affect the change of one day to the next. It doesn't create two mondays or have us skip a wednesday. All the traffic light would care about is what day of the week it is, and that is in a constant flow.
When compiling your own software, you dismiss this QA and take your own responsibility for the software quality, knowing that the quality is usally less.
It is probably a good idea if you need 2.6 and you need it to be stable, but 2.4 is now quite mature and does not undergo very drastic changes. It would be pretty reasonable to compile your own 2.4 and expect it to be pretty stable.
NAT rewrites outgoing packets and maintains a connection tracking table for outgoing packets so that incoming packets may be routed to the correct internal host.
However, this also means that packets coming in that do not match an entry in the conntrack table will simply be... ignored. aka dropped. After all, short of you setting up a default host for random packets to go to, a NAT device does not know what to do with random packets.
No, they won't be dropped. Random packets ariving will simply be routed normally. If a packet arrives with a destination address matching your internal network, it will be routed right in. Anything else will follow your default route out.
Try it sometime - set up a capable router someitme with no filtering rules and only NAT. You can set up routes on the outside to the inside and that router will pass them right through.
you already can connect between home and work to your own block of ips. just set up a vpn tunnel, and assign your 10.x.x.x addresses and set up routing through it.
And as you want to connect to more and more networks, you'll find you need to centralize allocation of network addresses, you'll run into portability and route table size issues, and you'll eventually run out of space in 10/8 to use, and at that point you realize you didn't solve the problem at all, you just duplicated it on a smaller scale.
Slashdot Mirror
And in the exact same way if a Redhat distro (for example) has a problem, you can rely on RedHat to provide updates.
Right - no more so than you can legally rely on Microsoft to provide a solution to problems in their software. They explicitly state that in all of their licence agreements.
Why are you even mentioning 9/11 and Iraq in the same sentence? They had nothing to with each other until Bush used one to create a war involving the other.
Agreed. More evidence that "to save tax dollars for medical care" isn't a valid reason for anti-drug legilation.
I still don't think you guys have figured it out. It isn't guilt, it is an exchange of control, a surrender... an expression of complete trust in the other.
Well, IMO at least...
There is not a big difference, risk-wise, between alcohol and marijuana or nicotine and marijuana, yet alcohol and nicotine remain legal and pot remains banned. Clearly this isn't just because of "tax burdens".
I don't understand what your point is. You want to change the age of majority to 16 or 20? Ok, fine, that's debateable. 18 is more or less arbitrary. But I don't understand what it has to do with this discussion.
The only place there will be chaos where consenting adults want there to be chaos. When someone affects a non-consenting victim, the government may step in and create order and justice. That's its purpose.
It is less self-righteous because noone who holds such a belief wishes to tell you how to live your life. If you think porn is wrong, great. Don't watch it. Very simple. I'm not forcing my beliefs on you. You can force your own upon yourself, and so can everyone else.
Now when it comes to things which involve innocent third parties, like rape for instance, then the law should definitely be involved. That's a totally different situation and to be involved in situations like that is the purpose of the government.
Vague and purely subjective morality issues like porn which involve only consenting adults is no business of government, or anyone else.
Where I draw the line is very simple: That which involves only consenting adults is noone's business but theirs. Not the government's, not some right-wing christian nutcase's, not mine.
Because your activity is involving non-consenting people - children, who by definition cannot give consent.
Well if you run a server of any kind virtualization is useful to you. I run a server for some of my own stuff (email, web, etc). It is a UML virtual machine (same concept as this Xen stuff) and it is the only virtual machine running on that physical hardware.
What's the point of running only one server in a VM?
Well, I can get consistent image-level backups of the system without shutting the system down. These backups are fully portable too...
I take a backup of my system and move it to any other host (regardless of hardware) and have it run perfectly with zero changes to the VM. It is just a matter of moving a tarball from one host to another and starting the VM back up on the new host. That makes hardware changes very simple.
I can take a snapshot of the filesystems from the physical host and scan the VM for intrusions and unauthorized changes in a way that can't be hidden by intruders.
I once had to move my server accross town. I had a physical server set up in the new place ahead of time. To move the production VM, I shut it down, wrote the VM to a tape, took the tape with me over to the new place and untarred my virtual server onto the new system. No chance of breaking hardware during the move, screwing around with cables, etc. Didn't have to worry about stuff being down while new hardware was connected & tested.
There is, depending on which participants in said religion you talk to.
I was sent to a rather conservative christian private high school. Evolution and natural selection were what was taught in biology. Anything in the bible that blatantly contradicted scientific fact (like earth being created in 6 days) was either said to be simply a parable that was not meant to be taken literally or that god ultimately caused the observed scientific to process happen, so the religious and scientific statements agree (such as evolution).
After hearing the exact opposite from other christian institutions numerous times throughout my childhood, I eventually came to realize they are all wrong.
Well if you're interested in security and have no desire to be socially irresponsible, then why don't you actually do those things and give your self some real security by using a VPN tunnel or IPSec over your wireless. MAC address restrictions and even WEP are breakable by anyone who really wants to. 108 is even easier to break than those things and pollutes the spectrum as well.
How about leaving out the DRM circutry? That sounds like a pretty effective and easy way to get the part count down.
Oh, I thought it was Saddam Hussein... been missing the news lately, my telescreen has been broken.
Well shit, a rifle is all you need to stop car & suicide bombs? You know, someone should send our soldiers in Iraq some rifles in that case. Seems like some of those guys are getting blown up every few weeks over there.
Why didn't somebody think of this already... we should have equipped those guys with rifles before heading over there. Maybe some larger caliber automatic ones...
Yeah. Well, netfilter does nat and filtering. Just make sure you have some stuff in the filter table as well as nat.
No problem.
You're right, they aren't routable for the most part, but certain people can make them routable, at least on the network near you on the outside. See my other post. You can't rely on the non-routability of those addresses to maintain the security of your network.
I'm not talking about incoming packets addressed to the router itself (123.123.123.123), I'm talking about incoming packets addressed to the private addresses (10/8, 192.168/16, 172.16/12, whatever you use on the inside).
If a packet arrives on the outside interface with an inside destination address, your NAT doesn't come into play at all because your NAT rules only alter outbound packets (departing on the outside interface) and packets addressed to the firewall on certain ports (ie, port forwards).
You're right that NAT does keep a connection state table for translating inbound packets related to established connections, but again, all that stuff doesn't come into play for the situation I'm talking about.
Your own router will route them to internal hosts unless it has filtering rules to tell it to do otherwise. All the attacker has to do is get the packets to your router. There are various ways of doing that - your ISP could be compromised, or if you happen to have brodband which places nearby customers on one logical subnet, any one of those customers machines could be compromised and used to send such packets into your router (which will then happily pass them to your internal host).
That is just a conceptual view of how the usual network using Traditional NAT works - sessions are going one way, and the private addresses are not visible to outside hosts. That doesn't specify that NAT should drop connections that are going they other way. Nothing in any of the NAT RFCs says to do so. Search for the words drop, reject, deny, filter, etc in any of the NAT RFCs.
Not only that, but if you look at RFC2663, section 9.0, you'll see:
A leap year doesn't affect the change of one day to the next. It doesn't create two mondays or have us skip a wednesday. All the traffic light would care about is what day of the week it is, and that is in a constant flow.
Don't use closed, proprietary formats? Actively maintain the storage of your data on current mediums?
Not rocket science.
It is probably a good idea if you need 2.6 and you need it to be stable, but 2.4 is now quite mature and does not undergo very drastic changes. It would be pretty reasonable to compile your own 2.4 and expect it to be pretty stable.
No, they won't be dropped. Random packets ariving will simply be routed normally. If a packet arrives with a destination address matching your internal network, it will be routed right in. Anything else will follow your default route out.
Try it sometime - set up a capable router someitme with no filtering rules and only NAT. You can set up routes on the outside to the inside and that router will pass them right through.
So your god was unable to stop those men?
And as you want to connect to more and more networks, you'll find you need to centralize allocation of network addresses, you'll run into portability and route table size issues, and you'll eventually run out of space in 10/8 to use, and at that point you realize you didn't solve the problem at all, you just duplicated it on a smaller scale.