This is really two very different issues, but good ones. (Although not related to the question at hand directly).
>How ssh (port 22) is any different from anything else? If connection outside can be established, no matter through what, even if through HTTP proxy, it can be used for forwarding.
Certainly. However, ssh *is* a secure form of shell communication. Telnet isnt. The fact that it can be used for other things is really besides the point.
The rest of your post is essentially a big "Why bother with security at all, just trust your users" speech.
While thats nice, when you are in charge of protecting corporate data that is mission critical, and users that dont know what right-clicking is, you will have a different grasp of things.
The job requirements dont say get touchy-feely and trust our users, they say keep the bad guys ( including employees) out, or you are out of a job.
I happen to enjoy my work alot. I agree with the policies, I am looking for a way to follow them, while still tunneling out.
If you have knowledge of a solution to the PROBLEM, not an argument about the issues LEADING to the problem, I would love to hear them.
>Similarily tunelling via covert mechanisms is certainly a violation of your security policy
No. Its not. I helped write it.
>and even if it does not result a hostile compromise of your organization's LAN it could result in a great deal of wasted time and money of security has to investigate what your doing.
No, thats why I want to use a tunnel. It will be less obtrusive. If i were to open a port, anyone could use it, and we would have to monitor it continuously.
With a tunnel, the likelihood of someone else in the company doing the same thing is VERY low.
>. Why not bring up the topic with your network architecture person/people/group and discuss why they've set the policies they've had. If you have a legitimate need to establish outbound SSH connections they might be willing to find a solution for you.
My group wrote the policy! I provided the risk lists that ended up with the rulesets we have, and I stand by them. However, I need a legitimate way through.
Try reading the full question before flaming. There *is* a legitimate need, and *we* cannot/will not open the ports. The solution is a tunnel, which is what I asked about here.
Thus, portforwarding on the external server doesnt help anything. I can even run ssh on the https port (443) which I can connect to, and it will not help. Its the protocol that needs to be tunneled, not the port.
Unlike the reputability of "your girlfriend", I actually work for a national wireless company myself. I can tell you that is bull. To track a cell's location *is* possible, and is done on a not-so-often basis. However, it is by long/lat, and to do so on a end user in a non-test environment requires a subpeona.
At least in OUR company, thats how it is done.
Sounds like you smoked a little too much while watching the net.:)
>>11:03 a.m. Open up one of my new Yahoo accounts through an untraceable NetZero account.
>Uh... And how do you suppose your gonna dial into it?
Maybe using one of the scammed cell phones? Its not hard, not even remotely hard. One laptop (which he talks about getting), and a dongle, and he is all set with a cellphone that is -- somewhat -- untraceable.
>Uh... subpoena Anonymizer for logs (by law they have to keep them) then timestamp the occurances...
As far as I know, they dont keep logs there *AT ALL*, on purpose.
>.. Boy is this moron sure dumb
Actually, I know a few darker-hat individuals, and this is rather close to their actions. Maybe a few key details were left out for those with less of a clue, but hey, it's not his fault you cant connect the dots.
One thing that has bothered me for many years now, is the windows update site.
This is a multi-part question, but all about one topic.
1. Why is it that in over three years of using said update site on hundreds of combinations of hardware and software is it that I have *never* seen "driver updates" available. This one-source-for-driver-updates feature was a HUGE idea, and one I have continued to try, and *never* had work. I see that it is in Windows XP as well, and yet.. it still doesnt show any "updated" drivers.
2. How do you feel about the "incremental updates" patent recently released by Symantec, in relation to windowsupdate?
3. Why can't I tell the site that I dont want to see the listing of some 30 foreign languages!?
What are the current, and future opinions at Microsoft about Copy Protection at the hardware level?
If a spec is developed that has TRUE hardware-industry support, would Microsoft utilize it in its software, would it ignore such abilities, or would it give consumers the right to check a box to turn it on or off?
(And if you choose the check option, what would the default be):)
What I still dont understand is why linux keeps reinventing the wheel. Why not simply use the ports/package tree from the bsd's?
Its a solid system, ALL of the BSD's use it in some form or another, it allows source installs, it saves the install info as TEXT, its been tested and proven by years of experience.
It seems to me that ports is really the best system. I noticed that gentoo linux is using it now, although slightly modified.
I would *love* to see one package standard for all of the bsd's AND all the distro's of linux!
READ IT AGAIN, from YOUR POST, trimmed to focus on the details:
Given AOL Time Warner's likely domination of the potentially competitive business of new, IM-based services, especially advanced, IM-based high-speed services ("AIHS") applications, the FCC ruled that AOL Time Warner may not offer any AIHS steaming video applications that uses a Names and Presence Directory ("NPD") over the Internet via AOL Time Warner broadband facilities until the company demonstrates that it has satisfied one of three pro-competitive options outlined by the FCC
As it has been reported EVERYWHERE now, they do not have to be IM compatible UNLESS they use AIHS, or in other words, next-generation services. ALL of those conditions come into play when and ONLY IF they use AIHS.
Users whining that it means that we will only have a handfull of distros, users whining that the combined companies will suck, etc. etc.
FIRST off, one of the BEST things that a company losing money can do is merge with another company. It adds more capital, and more impact, and more sales potential, and usually leads to increased efficiency by elimination of extra positions that arent needed under the new structure.
Before you start replying saying I am wrong, go look at a few businesses that have gone through mergers. There is a reason that stocks raise on the news. It almost always brings more value to a company.
Now, onto the second set of posts, those looking for the falling sky..
One, just because one company merges with another (not to mention that only TurboLinux had a distro!), doesnt mean that there are less distros. Geez, go take a look at lwn's listing of active distros sometime..
Even if they both did, so what!? Its TWO distros in a field of HUNDREDS.
It means nothing in and of itself. Both companies had to tight of a vision, ie, one was a distro (not an easy way to make money), and one was a service provider.
Neither will really be successful on its own, IMHO.
So, I would like to congratulate both on their PENDING POSSIBLE attempt at merger.
I went and interviewed for a position with the software development group for AOL back in september, at which time they were already planning on the merger..
Anyways, while I was interviewing, they paid particular attention to my linux knowledge, and specifically said that 'certain products were being developed for that platform'.
She non-specifically made it clear that AOL intends to be *EVERYWHERE*, and that linux makes a nice way to do that.
Dont be so sure it wont happen. Remember, AOL generally hasnt switched to netscape code for their browser to keep their logo on windows machines, which is becoming less important.
They can still get away with making NON-windows versions that use the netscape code, ya know?
They also can do the same for compuserve, and all the companies that they license their technology to (prodigy).
They only required them to open IM up IF AND ONLY IF they go to next generation IM services like video conferencing.
As to the content, its a HUGGGGE loophole for them to get thru. IE, sign contracts to provide that content at a RIDICULOUS price. Think its nutty? look at the Earthlink deal they signed, its insane.
I did indeed misinterpret the question. Of course, in a perverse way, you could set up Interchange to do some of what he wants, but thats outside the point entirely.
As to your Akopia problems.. The Interchange install went very well for me, what problems did you have? Or did you have problems with the installation of things like apache, php, etc., none of which are the fault of interchange?
Slashdot Mirror
This is really two very different issues, but good ones. (Although not related to the question at hand directly).
>How ssh (port 22) is any different from anything else? If connection outside can be established, no matter through what, even if through HTTP proxy, it can be used for forwarding.
Certainly. However, ssh *is* a secure form of shell communication. Telnet isnt. The fact that it can be used for other things is really besides the point.
The rest of your post is essentially a big "Why bother with security at all, just trust your users" speech.
While thats nice, when you are in charge of protecting corporate data that is mission critical, and users that dont know what right-clicking is, you will have a different grasp of things.
The job requirements dont say get touchy-feely and trust our users, they say keep the bad guys ( including employees) out, or you are out of a job.
I happen to enjoy my work alot. I agree with the policies, I am looking for a way to follow them, while still tunneling out.
If you have knowledge of a solution to the PROBLEM, not an argument about the issues LEADING to the problem, I would love to hear them.
Thanks anyways..
>Similarily tunelling via covert mechanisms is certainly a violation of your security policy
No. Its not. I helped write it.
>and even if it does not result a hostile compromise of your organization's LAN it could result in a great deal of wasted time and money of security has to investigate what your doing.
No, thats why I want to use a tunnel. It will be less obtrusive. If i were to open a port, anyone could use it, and we would have to monitor it continuously.
With a tunnel, the likelihood of someone else in the company doing the same thing is VERY low.
>. Why not bring up the topic with your network architecture person/people/group and discuss why they've set the policies they've had. If you have a legitimate need to establish outbound SSH connections they might be willing to find a solution for you.
My group wrote the policy! I provided the risk lists that ended up with the rulesets we have, and I stand by them. However, I need a legitimate way through.
Try reading the full question before flaming. There *is* a legitimate need, and *we* cannot/will not open the ports. The solution is a tunnel, which is what I asked about here.
The firewalls block by PROTOCOL, not port.
Thus, portforwarding on the external server doesnt help anything. I can even run ssh on the https port (443) which I can connect to, and it will not help. Its the protocol that needs to be tunneled, not the port.
Oh okay, lets use OpenBSD, which was started as -- oh my gosh -- a personal vendetta.
Who knew?
Guess you dont like when the sword swings BACK do you?
Unlike the reputability of "your girlfriend", I actually work for a national wireless company myself. I can tell you that is bull. To track a cell's location *is* possible, and is done on a not-so-often basis. However, it is by long/lat, and to do so on a end user in a non-test environment requires a subpeona.
:)
At least in OUR company, thats how it is done.
Sounds like you smoked a little too much while watching the net.
>>11:03 a.m. Open up one of my new Yahoo accounts through an untraceable NetZero account.
>Uh... And how do you suppose your gonna dial into it?
Maybe using one of the scammed cell phones? Its not hard, not even remotely hard. One laptop (which he talks about getting), and a dongle, and he is all set with a cellphone that is -- somewhat -- untraceable.
>Uh... subpoena Anonymizer for logs (by law they have to keep them) then timestamp the occurances...
As far as I know, they dont keep logs there *AT ALL*, on purpose.
>.. Boy is this moron sure dumb
Actually, I know a few darker-hat individuals, and this is rather close to their actions. Maybe a few key details were left out for those with less of a clue, but hey, it's not his fault you cant connect the dots.
One thing that has bothered me for many years now, is the windows update site.
This is a multi-part question, but all about one topic.
1. Why is it that in over three years of using said update site on hundreds of combinations of hardware and software is it that I have *never* seen "driver updates" available. This one-source-for-driver-updates feature was a HUGE idea, and one I have continued to try, and *never* had work. I see that it is in Windows XP as well, and yet.. it still doesnt show any "updated" drivers.
2. How do you feel about the "incremental updates" patent recently released by Symantec, in relation to windowsupdate?
3. Why can't I tell the site that I dont want to see the listing of some 30 foreign languages!?
Thanks for your time and responses.
What are the current, and future opinions at Microsoft about Copy Protection at the hardware level?
:)
If a spec is developed that has TRUE hardware-industry support, would Microsoft utilize it in its software, would it ignore such abilities, or would it give consumers the right to check a box to turn it on or off?
(And if you choose the check option, what would the default be)
Thanks for your time.
RH7 supports it, I thought?
All MS operating systems SINCE 2000 (with the exception of ME) have built-in IPv6 support. Whistler has it, 2000 (all versions) has it.
Its just a matter of what kernel they were working from. 2000's supported it, 98's didnt.
They are already dropping support for 98+98se, I really dont think ME is far behind.
They arent holding ANYTHING up.
What I still dont understand is why linux keeps reinventing the wheel. Why not simply use the ports/package tree from the bsd's?
Its a solid system, ALL of the BSD's use it in some form or another, it allows source installs, it saves the install info as TEXT, its been tested and proven by years of experience.
It seems to me that ports is really the best system. I noticed that gentoo linux is using it now, although slightly modified.
I would *love* to see one package standard for all of the bsd's AND all the distro's of linux!
Openpackages all the way baby!
Does make clean remove the files from their install location though?
Just customize it to the Personal ID of "5w34t5h0p"
;)
I guarantee that everyone here would "get" it, and that nike almost definitely wouldnt have it in their filters.
Okay, we have Sun using Gnome as the default.
Now we have HP using it as the default for both their linux stations soon, and their HP UX machines.
Who all does that leave in the Unix world? SCO, I think is all thats left, and didnt they go under or something?
Granted, OSX is sorta unix, and does use it, but with their exception, now you can go from bsd->unix->linux and always have the same desktop??
Did I miss someone?
Cause if not, WOW.
Woohoo! .bz2 works! Allright! Thank you! I couldnt upgrade til I was sure it wasnt 0wned.. :)
Thank you very much.
Remember, it always pays to be paranoid.
Nope. Checked. :)
.gz sign is a bad signature.
It has now been confirmed on multiple (more than 3) : Hosts, distros, ftp clients used to download, mirrors, AND versions of gpg.
The
It has now been confirmed on multiple (more than 3) : Hosts, distros, ftp clients used to download, mirrors, AND versions of gpg.
.gz sign is a bad signature.
The
I have now downloaded from ftp.us.kernel.org, and from ftp.kernel.org.
I did the following:
# gpg --keyserver wwwkeys.pgp.net --recv-keys 0x517D0F0E
then I did:
# gpg --verify linux-2.4.1.tar.gz.sign linux-2.4.1.tar.gz
gpg: Signature made Tue 30 Jan 2001 02:56:09 AM EST using DSA key ID 517D0F0E
gpg: BAD signature from "Linux Kernel Archives Verification Key "
And finally, just to be sure, I did:
# gpg --list-public-keys
/root/.gnupg/pubring.gpg
pub 1024D/517D0F0E 2000-10-10 Linux Kernel Archives Verification Key
sub 4096g/E50A8F2A 2000-10-10
Which looked valid to me.
Is the new kernel not signed properly, am I not doing this properly, or is something VERY BAD happening?
READ IT AGAIN, from YOUR POST, trimmed to focus on the details:
Given AOL Time Warner's likely domination of the potentially competitive business of new, IM-based services, especially advanced, IM-based high-speed services ("AIHS") applications, the FCC ruled that AOL Time Warner may not offer any AIHS steaming video applications that uses a Names and Presence Directory ("NPD") over the Internet via AOL Time Warner broadband facilities until the company demonstrates that it has satisfied one of three pro-competitive options outlined by the FCC
As it has been reported EVERYWHERE now, they do not have to be IM compatible UNLESS they use AIHS, or in other words, next-generation services. ALL of those conditions come into play when and ONLY IF they use AIHS.
Period.
As I said, read it again and again.
Trim the fat, or kill the cow. Either way, people are gonna lose their jobs. This way its LESS.
Users whining that it means that we will only have a handfull of distros, users whining that the combined companies will suck, etc. etc.
FIRST off, one of the BEST things that a company losing money can do is merge with another company. It adds more capital, and more impact, and more sales potential, and usually leads to increased efficiency by elimination of extra positions that arent needed under the new structure.
Before you start replying saying I am wrong, go look at a few businesses that have gone through mergers. There is a reason that stocks raise on the news. It almost always brings more value to a company.
Now, onto the second set of posts, those looking for the falling sky..
One, just because one company merges with another (not to mention that only TurboLinux had a distro!), doesnt mean that there are less distros. Geez, go take a look at lwn's listing of active distros sometime..
Even if they both did, so what!? Its TWO distros in a field of HUNDREDS.
It means nothing in and of itself. Both companies had to tight of a vision, ie, one was a distro (not an easy way to make money), and one was a service provider.
Neither will really be successful on its own, IMHO.
So, I would like to congratulate both on their PENDING POSSIBLE attempt at merger.
Here is to hoping that they pull it off well.
I hate to disagree, but..
I went and interviewed for a position with the software development group for AOL back in september, at which time they were already planning on the merger..
Anyways, while I was interviewing, they paid particular attention to my linux knowledge, and specifically said that 'certain products were being developed for that platform'.
She non-specifically made it clear that AOL intends to be *EVERYWHERE*, and that linux makes a nice way to do that.
Dont be so sure it wont happen. Remember, AOL generally hasnt switched to netscape code for their browser to keep their logo on windows machines, which is becoming less important.
They can still get away with making NON-windows versions that use the netscape code, ya know?
They also can do the same for compuserve, and all the companies that they license their technology to (prodigy).
They only required them to open IM up IF AND ONLY IF they go to next generation IM services like video conferencing.
As to the content, its a HUGGGGE loophole for them to get thru. IE, sign contracts to provide that content at a RIDICULOUS price. Think its nutty? look at the Earthlink deal they signed, its insane.
No, read it again. and again.
It says those conditions apply *IF AND ONLY IF* they do next generation im.
We are still screwed.
I did indeed misinterpret the question. Of course, in a perverse way, you could set up Interchange to do some of what he wants, but thats outside the point entirely.
As to your Akopia problems.. The Interchange install went very well for me, what problems did you have? Or did you have problems with the installation of things like apache, php, etc., none of which are the fault of interchange?