They block certain ports (hundreds, not just a few) from your server, and refuse to tell you which ones.
E.g. you can't run a bittorrent tracker on the default port, because they block it.
I would never use them again.
Also, Managed.Com is total ass (most recently, 12+ hours of downtime, due to some random network problem), so don't use them. If anybody knows a good non-managed server host, I'd love to hear about it.
But we can freely recommend unattended installs ( see unattended.sourceforge.net ) that *do* use linux, and arcane unix commands! (Well, ok, perhaps no arcane commands. Linux though.)
Unattended is really nice for varying hardware. I used unattended in our lab at work, where we started out with quite a few different kinds of machines (imaging would have been nearly useless).
It uses dosemu to run the win32 installer under linux (and then there are a few reboots for the windows installer). It is sweet to watch the win32 installer running via the serial console.
The guy I replied to did not imply anything, he directly (re)stated that the goal of the OP was to stop unauthorized access points, without addressing the implication that "if there were authorized APs, you wouldn't have unauthorized APs"
So, I figured he just didn't catch the drift of the other guy.
I was suspicious of such a mistake being a honest one. It seemed to me that one would know how to spell the name of one's preferred software tools, and thus a post about how the sourceforge page is down, etc., would likely be trying to induce kneejerk reactions from slashdotters about how The Man is trying to keep them down.
5000 kids per month were starving to death. Saddam Hussein made people disappear. Hussein's sons raped and killed women. Thousands were buried in mass graves. The average Iraqi is happy this stuff isn't going on anymore.
All kinds of horrible things go on all over the world. Take a peek at North Korea (to bring out the canonical example). We are not doing anything about them. We are not the World Police.
You went from "We invaded Iraq because Muslim terrorists hate us", to "We invaded Iraq because it was an awful place, and the people are better off now." Even stipulating that the people are, in fact, better off now (which I do not believe), I maintain that it is not the role of the US to unilaterally invade countries to "clean them up".
The two aren't comprable. The Nazis put their boots on the necks of the guys they took over. The US is repairing power plants, fixing broken waterworks, etc. By far the average Iraqi is very happy that the US took over, and their biggest fear is that the US will pull out and leave them defenceless.
Hahaha. You are hilarious dude. How do you suppose those powerplants and waterworks got broken in the first place?
Yes, I suppose they are concerned that the US will pull out, but that's because we already fucked everything up for them. Naturally, they are now concerned that their fucked-over infrastructure is not enough to support them without external help.
If you are an extreme Muslim, you really believe that women need to be veiled, women need to obey their husbands and stay at home, and all countries must become Muslim (the whole world must submit to the peace of Allah). The US is successfully exporting its culture (movies, etc) and that's a crime. The US won't let the extreme Muslims kill all the Jews in Israel, and that's a crime. It is war between the extreme Muslims and the US, which is why extreme Muslim terrorists tried to blow up the World Trade Centre in the first place and succeeded with the airplanes on 9.11 in the second place.
Well, alright, but what does that have to do with our overthrow of the secular government in Iraq?
We use FreeBSD and its "dummynet" capabilites. (Perhaps other BSDs have this as well?)
You can get m0n0wall and stick it on random hardware. I think you then have to recompile the kernel to enable dummynet.
We use a Soekris 4501. It'll only bridge upto about 50mbit of traffic, but if you want to simulate T1 speeds it'll be fine. Beefier hardware (the soekris box is roughly a 133MHz 486) will probably let you max out at wire speed.
As far as the "recent updates" goes, I suggest running your systems as a mix of stable (for ssh, or other internet-exposed services that you want security updates for) and unstable/testing.
Via the magic of apt-pinning you can install packages from later sources onto woody, with dependencies being met as needed to install them.
It really makes it easier to run a secure ssh box, but get the most recent aptitude (for example).
Also, I wanted to point out that Streamsicle does not re-encode the mp3 streams. It just streams the mp3s at whatever bitrate they are encoded at. Some people have set up reencoders because they don't have enough bandwidth at home to stream, but that's just madness. Buy more bandwidth.:)
If you want several people to listen to the same stream, but don't have the bandwidth at home for it, you can set up an Icecast server to "pull" the Streamsicle stream and redistribute it.
Disclaimer: I did have some minor involvement in the development of Streamsicle (I made the search tab).
I knew you could move the tracker's port, but I didn't know that you could move the client.
I just wanted to save them some bandwidth by using bittorrent instead of http. Their AUP doesn't even expressly prohibit it. By the way it's written, it looks like it prohibits the use of p2p or streaming "which negatively impact" their customers.
And yet they just go ahead and block the ports.
Without telling you.
And argue with your nmap scan, saying "I just scanned it from home, and I don't see any of the blocked ports you are talking about."
managed.com has the best pricing I've been able to find. And, they'll preinstall debian 3.0, RH9, or FreeBSD 5.1 for you.
And their Acceptable Use Policy is very reasonable, with no draconian restrictions on "streaming", or running p2p software. A friend of a friend wanted to distribute her (original) mp3 and music video. I thought, "Sure, we'll just put it up on my server, and use bittorrent to save bandwidth."
Ah, how foolish I was. The hosting provider is actually blocking about 200 ports (including the BitTorrent ports), something that isn't mentioned anywhere in the TOS or the AUP. Also, the AUP prohibits "streaming" of music or videos. When I asked how to distinguish between "streaming" and "downloading" (which it does permit), they told me, "If IE prompts you to save, then it is downloading, if it just opens up in WinAmp, then it is streaming."
If I weren't in with a group of people splitting the cost, I'd have dropped them then and there. Those are the most ridiculous restrictions I've ever heard, and completely against the whole idea of having "your own server". It's like finding out you bought a lemon.
I'm literally paying for bandwidth. If I can't do what I want with it, what is the point?
BTW, the terrible company I've been talking about is ServerBeach. Seriously, they cost $99/mo, and they have terrible (unmentioned in the AUP, or ToS) policies.
P.S. I do understand, and accept, the "no IRC" rule that most hosting places have. That's just asking to be DDoS'd.
Of course you have pointed out the biggest failing (from my perspective) of OSS economics: less code needs to be written since there is code out there available for zero cost. This means less engineers (inhouse or outsourced) are needed. Thats great for the corporations, but bad for you and I.
I think you are totally missing the point. Even with some free software available, it will still be in companies' best interests to get the code they want, written right now, by paying someone to write it.
The OP said that it lets you work at a higher level. That is, you use the code that is free, and then write more code on top of it.
There's not less code that needs to be written, there is simply different code that needs to be written.
FYI, most of the time when people say "SSL VPN" they don't mean at all the same thing as what Freeswan does. (OpenVPN is an exception).
Typically, an SSL "VPN" is really just a web app that uses ssl between your browser and itself. It runs on a box on the private network, and provides file browsing capabilities, "intranet" access (e.g. an internal purchasing website), etc. But it doesn't let you encrypt your ping packets, since you're not even really connected to the secured network.
I think the companies who created the thing called it a "VPN" because it was the buzzword, and not because it is at all a Virtual Private Network.
Dude, you are seriously suggesting that people use passphraseless ssh keys? Madness!
Just use keychain. Enter your passphrase once per boot. Then you don't have to worry about someone stealing your key. You do still have to worry about the box with keychain on it getting rooted, and leading them to the backup box, of course.
What follows are some quick notes on making the USB keychains bootable (the bios must support booting from USB).
You need a bootable MBR on the device itself, and then some sort of bootloader on the partition.
I used a windows utility I found to put an MBR (it uses Freedos) onto the keychain. I then used syslinux as the bootloader, and was able to boot multiple floppy images, etc. Additionally, under the dos image, I was able to access the USB keychain as the C: drive (but this may be BIOS dependent).
Syslinux is nice because you can boot both floppy images and linux kernels/initrds. The configuration is almost identical to the configuration of PXElinux (which we use to boot the testlab). Also, making changes to the booting (adding another firmware floppy, etc.) is trivial, because you just copy the floppy image to the keychain (which is still a FAT filesystem) and optionally edit the config file to make an easy name to boot it.
Steps to make keychain bootable:
* put MBR onto keychain (with this utility I found, or probably install-mbr under linux)
* run syslinux, pointing it at the first (and probably only) partition of the keychain
* configure the syslinux.cfg file, add floppy images & memdisk "kernel", add other material to the keychain
Steps to boot from the keychain:
* put the keychain in the system
* boot the system and go into the bios
* configure the BIOS to boot from the USB hard drive. Sometimes this is tricky. It may show up in the "Hard Drives" section (where you must make it the first drive on the list). It may just show up in the bootable devices section, just as NICs do, and the LSI MegaRAID (or other RAID) cards do.
* save the settings and exit
* boot to the keychain, select your syslinux option, boot the machine
* if you boot the machine without the keychain in it, you will have to reset the BIOS the next time you want to boot to the keychain again. (This is definitely true on the beta hardware, other hardware has not been tested.)
That's pretty much it. I believe that the debian utility "install-mbr" would also put an MBR onto the keychain (often/dev/sda), but I've not tried it.
I have booted a linux kernel and initrd from the pendrive.
I really think that syslinux is the way to go, since you keep a fat partition, which every OS can write to, and you just edit a text file to make an easy boot menu. I've used this USB drive for flashing firmware, booting up to an unattended windows install ( http://unattended.sourceforge.net/ ), running memtest86.
The USB drive rules. If I ever have to give it back to my work (it's only 64MB, so they probably don't really care), then I'm totally buying one.
Slashdot Mirror
Just a passing comment about ServerBeach.
They block certain ports (hundreds, not just a few) from your server, and refuse to tell you which ones.
E.g. you can't run a bittorrent tracker on the default port, because they block it.
I would never use them again.
Also, Managed.Com is total ass (most recently, 12+ hours of downtime, due to some random network problem), so don't use them. If anybody knows a good non-managed server host, I'd love to hear about it.
But we can freely recommend unattended installs ( see unattended.sourceforge.net ) that *do* use linux, and arcane unix commands! (Well, ok, perhaps no arcane commands. Linux though.)
Unattended is really nice for varying hardware. I used unattended in our lab at work, where we started out with quite a few different kinds of machines (imaging would have been nearly useless).
It uses dosemu to run the win32 installer under linux (and then there are a few reboots for the windows installer). It is sweet to watch the win32 installer running via the serial console.
http://unattended.sourceforge.net/
There, I've linked it for you.
So, I figured he just didn't catch the drift of the other guy.
The idea being that if they already had an official solution, there would be no need to bring in their own, unauthorized, access points.
That's what I thought the troll would be.
http://azureus.sourceforge.net/
All kinds of horrible things go on all over the world. Take a peek at North Korea (to bring out the canonical example). We are not doing anything about them. We are not the World Police.
You went from "We invaded Iraq because Muslim terrorists hate us", to "We invaded Iraq because it was an awful place, and the people are better off now." Even stipulating that the people are, in fact, better off now (which I do not believe), I maintain that it is not the role of the US to unilaterally invade countries to "clean them up".
Jordan
Hahaha. You are hilarious dude. How do you suppose those powerplants and waterworks got broken in the first place?
Yes, I suppose they are concerned that the US will pull out, but that's because we already fucked everything up for them. Naturally, they are now concerned that their fucked-over infrastructure is not enough to support them without external help.
If you are an extreme Muslim, you really believe that women need to be veiled, women need to obey their husbands and stay at home, and all countries must become Muslim (the whole world must submit to the peace of Allah). The US is successfully exporting its culture (movies, etc) and that's a crime. The US won't let the extreme Muslims kill all the Jews in Israel, and that's a crime. It is war between the extreme Muslims and the US, which is why extreme Muslim terrorists tried to blow up the World Trade Centre in the first place and succeeded with the airplanes on 9.11 in the second place.
Well, alright, but what does that have to do with our overthrow of the secular government in Iraq?
You can get m0n0wall and stick it on random hardware. I think you then have to recompile the kernel to enable dummynet.
We use a Soekris 4501. It'll only bridge upto about 50mbit of traffic, but if you want to simulate T1 speeds it'll be fine. Beefier hardware (the soekris box is roughly a 133MHz 486) will probably let you max out at wire speed.
Yep, having an IMAP box that you can read from any number of different places sure beats having to figure out which feed entries you've already seen.
I was using the Info Aggregator until I decided I'd rather do it myself.
IMAP for RSS is the only way to go.
Yes, well, you'll feel better when 7digit IDs are commonplace.
Nice one. I'm going to blog your post.
Via the magic of apt-pinning you can install packages from later sources onto woody, with dependencies being met as needed to install them.
It really makes it easier to run a secure ssh box, but get the most recent aptitude (for example).
*promote*
Also, I wanted to point out that Streamsicle does not re-encode the mp3 streams. It just streams the mp3s at whatever bitrate they are encoded at. Some people have set up reencoders because they don't have enough bandwidth at home to stream, but that's just madness. Buy more bandwidth. :)
If you want several people to listen to the same stream, but don't have the bandwidth at home for it, you can set up an Icecast server to "pull" the Streamsicle stream and redistribute it.
Disclaimer: I did have some minor involvement in the development of Streamsicle (I made the search tab).
Good grief.
"emote" is an actual word, meaning "to express emotion."
here is the link.
I just wanted to save them some bandwidth by using bittorrent instead of http. Their AUP doesn't even expressly prohibit it. By the way it's written, it looks like it prohibits the use of p2p or streaming "which negatively impact" their customers.
And yet they just go ahead and block the ports.
Without telling you.
And argue with your nmap scan, saying "I just scanned it from home, and I don't see any of the blocked ports you are talking about."
Grr. Now I'm pissed off again.
And their Acceptable Use Policy is very reasonable, with no draconian restrictions on "streaming", or running p2p software. A friend of a friend wanted to distribute her (original) mp3 and music video. I thought, "Sure, we'll just put it up on my server, and use bittorrent to save bandwidth."
Ah, how foolish I was. The hosting provider is actually blocking about 200 ports (including the BitTorrent ports), something that isn't mentioned anywhere in the TOS or the AUP. Also, the AUP prohibits "streaming" of music or videos. When I asked how to distinguish between "streaming" and "downloading" (which it does permit), they told me, "If IE prompts you to save, then it is downloading, if it just opens up in WinAmp, then it is streaming."
If I weren't in with a group of people splitting the cost, I'd have dropped them then and there. Those are the most ridiculous restrictions I've ever heard, and completely against the whole idea of having "your own server". It's like finding out you bought a lemon.
I'm literally paying for bandwidth. If I can't do what I want with it, what is the point?
BTW, the terrible company I've been talking about is ServerBeach. Seriously, they cost $99/mo, and they have terrible (unmentioned in the AUP, or ToS) policies.
P.S. I do understand, and accept, the "no IRC" rule that most hosting places have. That's just asking to be DDoS'd.
The OP said that it lets you work at a higher level. That is, you use the code that is free, and then write more code on top of it.
There's not less code that needs to be written, there is simply different code that needs to be written.
Typically, an SSL "VPN" is really just a web app that uses ssl between your browser and itself. It runs on a box on the private network, and provides file browsing capabilities, "intranet" access (e.g. an internal purchasing website), etc. But it doesn't let you encrypt your ping packets, since you're not even really connected to the secured network.
I think the companies who created the thing called it a "VPN" because it was the buzzword, and not because it is at all a Virtual Private Network.
The word (crazy frenchy characters notwithstanding) is: voila
The next thing you know, you'll be writing "should of"....
How does your p75 deal?
Or are you running the server on another machine, and just using the P75 as your client?
Just use keychain. Enter your passphrase once per boot. Then you don't have to worry about someone stealing your key. You do still have to worry about the box with keychain on it getting rooted, and leading them to the backup box, of course.
What follows are some quick notes on making the USB keychains bootable (the bios must support booting from USB).
/dev/sda), but I've not tried it.
You need a bootable MBR on the device itself, and then some sort of bootloader on the partition.
I used a windows utility I found to put an MBR (it uses Freedos) onto the keychain. I then used syslinux as the bootloader, and was able to boot multiple floppy images, etc. Additionally, under the dos image, I was able to access the USB keychain as the C: drive (but this may be BIOS dependent).
Syslinux is nice because you can boot both floppy images and linux kernels/initrds. The configuration is almost identical to the configuration of PXElinux (which we use to boot the testlab). Also, making changes to the booting (adding another firmware floppy, etc.) is trivial, because you just copy the floppy image to the keychain (which is still a FAT filesystem) and optionally edit the config file to make an easy name to boot it.
Steps to make keychain bootable:
* put MBR onto keychain (with this utility I found, or probably install-mbr under linux)
* run syslinux, pointing it at the first (and probably only) partition of the keychain
* configure the syslinux.cfg file, add floppy images & memdisk "kernel", add other material to the keychain
Steps to boot from the keychain:
* put the keychain in the system
* boot the system and go into the bios
* configure the BIOS to boot from the USB hard drive. Sometimes this is tricky. It may show up in the "Hard Drives" section (where you must make it the first drive on the list). It may just show up in the bootable devices section, just as NICs do, and the LSI MegaRAID (or other RAID) cards do.
* save the settings and exit
* boot to the keychain, select your syslinux option, boot the machine
* if you boot the machine without the keychain in it, you will have to reset the BIOS the next time you want to boot to the keychain again. (This is definitely true on the beta hardware, other hardware has not been tested.)
That's pretty much it. I believe that the debian utility "install-mbr" would also put an MBR onto the keychain (often
I have booted a linux kernel and initrd from the pendrive.
I really think that syslinux is the way to go, since you keep a fat partition, which every OS can write to, and you just edit a text file to make an easy boot menu. I've used this USB drive for flashing firmware, booting up to an unattended windows install ( http://unattended.sourceforge.net/ ), running memtest86.
The USB drive rules. If I ever have to give it back to my work (it's only 64MB, so they probably don't really care), then I'm totally buying one.
In-place conversion from FLAC to WAV should be pretty easy to script, so it's not like that'd be an issue.