Actually, its possible that with an iptables-restore, the dynamic rules (iptables -m state --state RELATED... ) might no longer function for existing connections. I'm not familiar enough with the internals to know for certain.
In my case though, its not relevant; I always dynamically adjust my settings on the fly and then save my changes with iptables-save. When I'm done a large set of changes, I reboot the machine to make sure my changes load properly and don't negatively affect startup apps.
I'm confused about the same thing. Must be an issue with GUI management of the firewall settings (via iptables-save; iptables-restore).
I've always done live management of my Linux firewalls, including on Linux 2.2 and earlier. Using iptables from the command-line is the only way to go.
Agreed. I'm running CM7 on an original HTC G1, which as modern smartphones go is a dinosaur, but runs just fine with CM on it. One of the major selling points for me when I upgraded was to find a phone that's compatible with CyanogenMod so I wouldn't lose those features.
Going back to Android 2.1 or 2.2 on a brand new phone when you've been using 2.3 via CM on a G1 is just silly.
I was going to comment to the same effect, but I'll reply here instead.
Sony doesn't use fake point systems, all their purchases are in real local currency. You can purchase denominations of local currency with PSN cards at the store, like a gift certificate, and then not need a credit card to secure your purchases, but its still stored in real local currency amounts.
Notably, people who used PSN cards don't have to worry about the recent hackers stealing their credit information. Sony often price adjusts as well, which I notice being Canadian, as the local and US currencies fluctuate and game prices will as well.
I use Noscript on websites until I've determined I need the scripts. Its easy enough to enable them once I'm there, and much much faster to load complex websites without it.
Printers with IPSec support? Handheld barcode scanners with IPSec support? Sure, my Android phone has IPSec (and I use it), but I can't expect all handheld hardware to support it. Its much simpler to lock down wireless and not risk the denial of service issue for other devices in the first place.
Look up "SIP" calling, and get yourself a SIP account with any of the worldwide providers. Most of them have rates even better than Skype's for calling real numbers. There are dozens of SIP applications, all of which are effectively inter-compatible. This fact made those of us watching Skype's growth cringe that they didn't use an existing standard.
There are SIP applications for Android etc. as well, so you can make Skype-like free Internet phone calls or paid phone->internet->phone calls too from your mobile.
Actually a lot of the mass-market video surveillance and security companies are pushing wireless sensors all over the house to save installation costs.
My hardware notifies me immediately when a foreign device is attached to a network port. At my sites with high security needs, those printer ports won't service anything but port 9100 and SNMP requests anyway. Attaching a third party device is pointless.
On the other hand, you can sniff a wifi network without broadcasting your presence at all.
Wireless "switching" would only be meaningful if you could physically segment each area, not just logically partition them. Without physical insulation (think Tempest), you've still got the problem of broadcast interference from a third party device that takes down the segment.
You can't *block* wireless spectrum without physically blocking its ability to communicate. Physically blocking its signal path annoys people with cell phones immensely.
Feel free to install latticed wire in all the walls and ceilings and install high quality wireless service in each room to guarantee proper partitioning of the spectrum though.
I've defeated more MAC whitelists than you want to know about while showing my customers why they need wired networks.
I install wireless service only for devices like wearable computers in warehouses, on their own segments, and connected through a firewall to the main network. Incidentally, if at all possible, wireless segments can never access the Internet.
As someone else posted, you're not doing any of that on an iPad unless its through a virtual screen (Cisco, VNC, X-Windows) anyway, in which case only the server needs access to those speeds, not your iPad.
The issue in question was moving boatloads of enterprise data. Explain to me what enterprise app you legitimately use an iPad for that requires moving "boatloads" of data. That is to say, where simple wifi isn't good enough.
Things like this keep me from wanting iPads on my wireless network.
I've configured a number of Android devices. "Do you want to share your location information with Google?" is one of the first questions on the phone. It also clarifies such information will be collected even when the phone is not otherwise in use.
Precisely. Unlike Apple, Google went with standards... even if they helped make them, they want interoperability. You can use Google Talk from non-Google apps, because its just Jabber. I would've preferred they implement SIP but another standard will do.
This, precisely. I'd rather fix peoples' Linux issues than Windows issues any day.
The number of wipe-drive, reinstall situations I've dealt with these last two weeks alone is increasingly annoying.
Even with anti-virus and anti-spyware and other tools installed, and users who barely surf the net at all doing only shopping from major sites they recognize, I'm still dealing with infections, corruptions and other major problems.
On Linux, I just have to explain how to do things, not fix it.
Slashdot Mirror
Actually, its possible that with an iptables-restore, the dynamic rules (iptables -m state --state RELATED ... ) might no longer function for existing connections. I'm not familiar enough with the internals to know for certain.
In my case though, its not relevant; I always dynamically adjust my settings on the fly and then save my changes with iptables-save. When I'm done a large set of changes, I reboot the machine to make sure my changes load properly and don't negatively affect startup apps.
I'm confused about the same thing. Must be an issue with GUI management of the firewall settings (via iptables-save; iptables-restore).
I've always done live management of my Linux firewalls, including on Linux 2.2 and earlier. Using iptables from the command-line is the only way to go.
Agreed. I'm running CM7 on an original HTC G1, which as modern smartphones go is a dinosaur, but runs just fine with CM on it. One of the major selling points for me when I upgraded was to find a phone that's compatible with CyanogenMod so I wouldn't lose those features.
Going back to Android 2.1 or 2.2 on a brand new phone when you've been using 2.3 via CM on a G1 is just silly.
I was going to comment to the same effect, but I'll reply here instead.
Sony doesn't use fake point systems, all their purchases are in real local currency. You can purchase denominations of local currency with PSN cards at the store, like a gift certificate, and then not need a credit card to secure your purchases, but its still stored in real local currency amounts.
Notably, people who used PSN cards don't have to worry about the recent hackers stealing their credit information. Sony often price adjusts as well, which I notice being Canadian, as the local and US currencies fluctuate and game prices will as well.
Any OS runs on Linux with http://qemu.org/ :)
I use Noscript on websites until I've determined I need the scripts. Its easy enough to enable them once I'm there, and much much faster to load complex websites without it.
I love a good conspiracy, but could you please explain NSA Linux then?
Printers with IPSec support? Handheld barcode scanners with IPSec support? Sure, my Android phone has IPSec (and I use it), but I can't expect all handheld hardware to support it. Its much simpler to lock down wireless and not risk the denial of service issue for other devices in the first place.
Look up "SIP" calling, and get yourself a SIP account with any of the worldwide providers. Most of them have rates even better than Skype's for calling real numbers. There are dozens of SIP applications, all of which are effectively inter-compatible. This fact made those of us watching Skype's growth cringe that they didn't use an existing standard.
There are SIP applications for Android etc. as well, so you can make Skype-like free Internet phone calls or paid phone->internet->phone calls too from your mobile.
Worth noting that Microsoft has been selling a calling feature via MSN for years now.
Its possible they'd just integrate Skype into MSN (ugh).
Actually a lot of the mass-market video surveillance and security companies are pushing wireless sensors all over the house to save installation costs.
My hardware notifies me immediately when a foreign device is attached to a network port. At my sites with high security needs, those printer ports won't service anything but port 9100 and SNMP requests anyway. Attaching a third party device is pointless.
On the other hand, you can sniff a wifi network without broadcasting your presence at all.
Wireless "switching" would only be meaningful if you could physically segment each area, not just logically partition them. Without physical insulation (think Tempest), you've still got the problem of broadcast interference from a third party device that takes down the segment.
You can't *block* wireless spectrum without physically blocking its ability to communicate. Physically blocking its signal path annoys people with cell phones immensely.
Feel free to install latticed wire in all the walls and ceilings and install high quality wireless service in each room to guarantee proper partitioning of the spectrum though.
Don't forget turning on the microwave in the lounge to kill everyone's bandwidth :)
I've defeated more MAC whitelists than you want to know about while showing my customers why they need wired networks.
I install wireless service only for devices like wearable computers in warehouses, on their own segments, and connected through a firewall to the main network. Incidentally, if at all possible, wireless segments can never access the Internet.
Yes, one requires processing power and more bandwidth. It also results in doing something productive that's justified.
As someone else posted, you're not doing any of that on an iPad unless its through a virtual screen (Cisco, VNC, X-Windows) anyway, in which case only the server needs access to those speeds, not your iPad.
The issue in question was moving boatloads of enterprise data. Explain to me what enterprise app you legitimately use an iPad for that requires moving "boatloads" of data. That is to say, where simple wifi isn't good enough.
Things like this keep me from wanting iPads on my wireless network.
I suggest you not believe your iPad was designed to handle serious GB or TB of data transfers and use a real computer.
PS blame Apple for not being enterprise-ready, not the enterprise for ignoring Apple's stubbornness.
I've configured a number of Android devices. "Do you want to share your location information with Google?" is one of the first questions on the phone. It also clarifies such information will be collected even when the phone is not otherwise in use.
Oh I know, don't get me started on the American military budget. I'm Canadian and watching from up here its quite disturbing.
That said, expecting government to put out funds at a much higher rate as the GP implied is still poor policy IMHO.
Intellectuals use the term 'slut' that badly out of context? Way to lose your own argument.
Precisely. Unlike Apple, Google went with standards ... even if they helped make them, they want interoperability. You can use Google Talk from non-Google apps, because its just Jabber. I would've preferred they implement SIP but another standard will do.
My copy of Skype for Android works fine. Unfortunately, it has no video support. For voice calls and chat however, it does work well.
This, precisely. I'd rather fix peoples' Linux issues than Windows issues any day.
The number of wipe-drive, reinstall situations I've dealt with these last two weeks alone is increasingly annoying.
Even with anti-virus and anti-spyware and other tools installed, and users who barely surf the net at all doing only shopping from major sites they recognize, I'm still dealing with infections, corruptions and other major problems.
On Linux, I just have to explain how to do things, not fix it.