Wouldn't make a jot of difference. The current firewalls aren't rewriting the IPid field anyway, so adding an extra hop would not affect the analysis at all.
Just use application-level proxies (squid, etc.). These solve the problem nicely by opening a completely new TCP connection. Be sure however, to configure your squid such that it does not generate a n X-Forwarded-For header (i.e. use the forwarded_for off option in your/etc/squid.conf)
You are confusing the id field with the TCP sequence counter. TCP sequence counter is already not usable for their purpose, because of miscellaneous anti-spoofing techniques.
The field they are using is the IP id field, which exists in all IP packets (including UDP, ICMP, whatever), and which is used for low-level packet reassembly. On many OS'es, this is a globally increasing counter, i.e. two distinct connections on the same machine share the same counter, but two connections on different machines do not.
Workarounds:
Use a pseudo-random number generator instead of a simple counter, as the various BSD apparently do.
Then I read on my motherboard's website that if I copied the BIOS file to a floppy disk, named it a certain file, and pressed a certain key combo (the details escape me at the moment), the computer would flash the BIOS. I was in luck, it worked!
Lucky you! In my case, I accidentally flashed the BIOS for my old mobo (Intel chipset) onto my new mobo (VIA chipset). It overwrote the "bootblock" as well (which is used for this emergency recovery), so no Ctrl+Home daysaver for me:-(
Well at least now I've got 3 Karma points to help me get over the loss...:-)
And how do you flash a BIOS without a floppy?
on
Dell Dropping The Floppy
·
· Score: 3, Insightful
Well, at least this avoids mistakes during flashing, as now you can no longer flash...
but I can't think of any legitimate need for it other than circumventing the native restrictions on shared hosting accounts.
Logging in to your home machine from a cybercafe which is set up in such a way as to not allow telnet, nor ssh, nor java applets such as mindterm. Yes, it is foolish (who known what keystroke loggers might be installed), but it can come in handy while on travel.
Or, less legitimately: at work, when you're installing some software in production, and suddenly notice that you forgot to bring some important items that are on your development machine. It's a ten minute walk to your desktop machine, and you're already on a tight schedule, so you'd rather not go over and fetch them with a floppy or CD. You cannot access that machine remotely the normal way (ssh/telnet), because of the way the tall asshole has set up the firewall. Thus, such a cgi-bin shell can come in real handy (fortunately, the T.A. left web access enabled...).
The operative word here is "unrequested". I.e. you can still have popups in response to button click events. But not for mouseovers, onLoad, onExit, timer, etc.
Most apps that use popups for sensible purposes do some in response to an explicit action by the user.
Most ads and other obnoxious crap pop up in response to some trivial event (loading a page, leaving a page, mouse pointer traversing a certain area of the page,...)
Interesting, but unfortunately that would mean users could poke around each other's roaming profile since fat32 doesn't have object security.
True enough. We use this in high-schools, where the same kind of problem exists, and have solved it by also setting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DeleteRoamingCache property. That way, the local cached copy of the profile is deleted as soon as the user logs off, leaving nothing with which the next user could tamper (however, this doesn't work if the profile is stored on a NTFS partition)
... it also works on mail settings and pre-configures mail profiles with the user's correct information.
For this purpose, we use a %USERPROFILE%\Application Data\Mozilla\registry.dat file, which points to a directory on the user's home directory (H:\ drive). The user's personal settings (mail username, full name, etc.) are stored in the user's H:\Mozilla\prefs.js file on the server, and we have a server side utility ("greenbutton") accessible through our webmin based administration interface with which we can reset it to default values taken out of/etc/passwd and/etc/userDB
In the LLL project, we started out like this: netscape running on one of 3 "compute servers" (running Linux), displayed on the client workstations (running Windows) using the low-cost xwin32 servers.
However, eventually we gave up on this setup due to bandwidth considerations: it takes a much higher bandwidth to send X commands (containing uncompressed bitmaps) over the network, than it does to send html, gifs and jpegs. So, eventually, we moved to a solution where the browser runs natively on Windows (first netscape, now mozilla), and the Linux box does only the squid caching (for better usage of our WAN connectivity) and file serving (for roaming profiles).
(Of course, the Linux box does lots of other stuff as well (print serving, web server, firewall, user administration, udpcast server,...), but these are unrelated to the browser issue that we are discussing here;-) )
Granted, this is not foolproof (the user could use the same method as described here to change his settings), but you can make it difficult enough by making the mozilla.cfg file writeable only by the Administrator.
Windows has a nasty habit of duplicating roaming profiles, like profiles\user, profiles\user.domain, profiles\user.domain.000, etc...
We have seen this behaviour too. However, apparently, as far as we could see, it would only happen on Win2k, on NTFS partitions. Win2k + FAT32 was ok. So, what we did was create a small D: partition as FAT32, and configured Windows to store the cached user profile on that partition. From then on, our "multiple profiles" problem was gone.
Since your profile location is a hardcoded path in registry.dat, Mozilla will find it, but will try to load the profile in the stale profile location. If that doesn't exist now, it'll throw up a profile manager asking you to recreate one.
Or just store the profile somewhere on the user's home directory (H:\Mozilla\)
...repair prefs.js file, have some mandatory prefs.js entries that are replaced during logon if user changes them (like home page for us), etc...
No need to bother with vbscript. Just use locked settings in the mozilla.cfg file. This page described how. Just insert entries such as the following into your mozilla.cfg.txt:
Then encrypt the file to mozilla.cfg using this program (with an offset of 13). N.B. The mozilla.cfg.txt file must start with a comment (two slashes), and be referenced from all.js or else it will be ignored by mozilla. After having set up a mozilla.cfg, the user can no longer change the relevant settings (they are greyed out), and even if he does manually edit his prefs.js, mozilla will fix prefs.js the next time it starts up.
There is one thing where Mozilla does need the registry, namely quicklaunch mode. Quicklaunch mode is quite handy if you have impatient users: this launches all lengthy startup stuff in the background as soon as you log in to your workstation. When you then click on the Mozilla icon, Mozilla is there in under a second. Here is the required registry entry (in regedit format, just put this into a.reg file, and load it using regedit -s)
This is used in the schools participating in the LLL project.
Some Highlights:
Any configuration options accessible in prefs.js can be stored in a locate mozilla.cfg file (optionnally locked in such a way that it can no longer be overridden by the user):
Using mozilla's own registry (%USERPROFILE%\Application Data\Mozilla\registry.dat) set the profile directory (which contains prefs.js et al.) to be on the user's home directory (H:\). That way, you can have a personalized configuration (Mail & News) automatically created by a script. When the user first logs in, he doesn't need to set his email address, server name, etc for using Mail & News, everything is already done for him!
Disabling of the bulky XUL.mfl file (whose sizes quickly add up if you have thousands of users): just create a directory named XUL.mfl, and Mozilla will be unable to create that file, and it will still work correctly!
Automatical loading of the needed registry entries as soon as user logs in, using a netlogon script
At LLL, we deploy our machines using Udpcast, which might not be appropriate in your case (all your machines are different), but as other posters have pointed out, most of the client-side installation options can also be handled by a Zipfile plus a small install script to put stuff into the correct place.
If you're smart, then you open the box before accepting it.
Well, the example of the gravel was somewhat extreme and unrealistic. In reality, you'd probably get the item you ordered, but it might not be in a working condition, which might not be obvious by visual inspection. And do you really think the delivery guy would have the patience to wait until you've fully tested that digital gizmo that you ordered?
Refuse to release the payment from escrow to either party until the package has arrived as per the sale agreement.
... and what happens after the item has arrived? A fraudulent seller could just send a box of gravel. A fraudulent buyer could just claim that he got a box of gravel... Who determines who's the liar?
Hmm, the Gestapo was the Nazi "police", not the East German one. And it means "Secret State Police", not "Homeland State Police" (geheim = secret).
And, as other people have mentionend, the corresponding East German agency was Stasi, wich is short for StaatsSicherheit, which means "State Security".
No "homeland" in either of them, fitting as it might be...
You charge your friends 400 bucks to install Windows? Man, welcome to my foes list...;-)
How naive can you be? The $400 bill was obviously only for Gateway's usage. I bet, after all was said and done, GeekZilla and his friend just split the $400, and had a good laugh at gateway's expense;-)
I got a laptop from the UK with no operating system on it. The price was half of what I would of paid for a brand name machine with windows pre-installed (I guess not all that price would be windows though).
You got lucky. Unfortunately, it is still rather more difficult to find a retailer that builds his own laptops than it is for desktops. Here in Luxembourg, there is one such a retailer, but unfortunately, their laptops are so much overpriced that even without Windows they are 200 more expensive than the competition with windows... Unfortunately, this situation puts us Linux users into an interesting dilemna: pay more (and do not support Billyboy), or pay less (with the knowledge that some part of the small price went into Billy's pockets).
Re:Presence exists... big brother is stalking you?
on
5 Predictions for 2012
·
· Score: 1
if your boss uses it to find out you are not sick and actually going to see Star Wars 3, then you'll hate it.
That should teach you, bringing a cellphone to the cinema!
keep in mind that banks usually do not insure safety deposit boxes,
The idea is to keep two sets of backups: one onsite (i.e. at home), and another one at a remote location (i.e. at the bank).
Even if the contents is not insured (what's the monetary value of your personal data anyways?), the probability that something happens both to your home and to your bank is quite slim.
Yes, but they are speaking about tall buildings here? So wouldn't they need to solve the 3 dimensional equivalent of the map coloring problem (a map is only 2D), and thus need more than "colors"?
Slashdot Mirror
Fragments having the same ipid field are assembled. Indedd, Ipid only changes from one packet to the next, but not from one fragment to the next.
Just use application-level proxies (squid, etc.). These solve the problem nicely by opening a completely new TCP connection. Be sure however, to configure your squid such that it does not generate a n X-Forwarded-For header (i.e. use the forwarded_for off option in your /etc/squid.conf)
The field they are using is the IP id field, which exists in all IP packets (including UDP, ICMP, whatever), and which is used for low-level packet reassembly. On many OS'es, this is a globally increasing counter, i.e. two distinct connections on the same machine share the same counter, but two connections on different machines do not.
Workarounds:
Lucky you! In my case, I accidentally flashed the BIOS for my old mobo (Intel chipset) onto my new mobo (VIA chipset). It overwrote the "bootblock" as well (which is used for this emergency recovery), so no Ctrl+Home daysaver for me :-(
Well at least now I've got 3 Karma points to help me get over the loss... :-)
Well, at least this avoids mistakes during flashing, as now you can no longer flash...
Logging in to your home machine from a cybercafe which is set up in such a way as to not allow telnet, nor ssh, nor java applets such as mindterm. Yes, it is foolish (who known what keystroke loggers might be installed), but it can come in handy while on travel.
Or, less legitimately: at work, when you're installing some software in production, and suddenly notice that you forgot to bring some important items that are on your development machine. It's a ten minute walk to your desktop machine, and you're already on a tight schedule, so you'd rather not go over and fetch them with a floppy or CD. You cannot access that machine remotely the normal way (ssh/telnet), because of the way the tall asshole has set up the firewall. Thus, such a cgi-bin shell can come in real handy (fortunately, the T.A. left web access enabled...).
The operative word here is "unrequested". I.e. you can still have popups in response to button click events. But not for mouseovers, onLoad, onExit, timer, etc.
Most apps that use popups for sensible purposes do some in response to an explicit action by the user.
Most ads and other obnoxious crap pop up in response to some trivial event (loading a page, leaving a page, mouse pointer traversing a certain area of the page, ...)
True enough. We use this in high-schools, where the same kind of problem exists, and have solved it by also setting the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DeleteRoamingCache property. That way, the local cached copy of the profile is deleted as soon as the user logs off, leaving nothing with which the next user could tamper (however, this doesn't work if the profile is stored on a NTFS partition)
For this purpose, we use a %USERPROFILE%\Application Data\Mozilla\registry.dat file, which points to a directory on the user's home directory (H:\ drive). The user's personal settings (mail username, full name, etc.) are stored in the user's H:\Mozilla\prefs.js file on the server, and we have a server side utility ("greenbutton") accessible through our webmin based administration interface with which we can reset it to default values taken out of /etc/passwd and /etc/userDB
However, eventually we gave up on this setup due to bandwidth considerations: it takes a much higher bandwidth to send X commands (containing uncompressed bitmaps) over the network, than it does to send html, gifs and jpegs. So, eventually, we moved to a solution where the browser runs natively on Windows (first netscape, now mozilla), and the Linux box does only the squid caching (for better usage of our WAN connectivity) and file serving (for roaming profiles).
(Of course, the Linux box does lots of other stuff as well (print serving, web server, firewall, user administration, udpcast server, ...), but these are unrelated to the browser issue that we are discussing here ;-) )
There is also use a defaultPref command for setting defaults that the user may change.
Check this page for more details.
Granted, this is not foolproof (the user could use the same method as described here to change his settings), but you can make it difficult enough by making the mozilla.cfg file writeable only by the Administrator.
We have seen this behaviour too. However, apparently, as far as we could see, it would only happen on Win2k, on NTFS partitions. Win2k + FAT32 was ok. So, what we did was create a small D: partition as FAT32, and configured Windows to store the cached user profile on that partition. From then on, our "multiple profiles" problem was gone.
Since your profile location is a hardcoded path in registry.dat, Mozilla will find it, but will try to load the profile in the stale profile location. If that doesn't exist now, it'll throw up a profile manager asking you to recreate one.
Or just store the profile somewhere on the user's home directory (H:\Mozilla\)
No need to bother with vbscript. Just use locked settings in the mozilla.cfg file. This page described how. Just insert entries such as the following into your mozilla.cfg.txt:
Then encrypt the file to mozilla.cfg using this program (with an offset of 13). N.B. The mozilla.cfg.txt file must start with a comment (two slashes), and be referenced from all.js or else it will be ignored by mozilla. After having set up a mozilla.cfg, the user can no longer change the relevant settings (they are greyed out), and even if he does manually edit his prefs.js, mozilla will fix prefs.js the next time it starts up.
REGEDIT4
r entVersion\Run]Z ILLA.EXE\" -turbo"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Cur
"Mozilla Quick Launch"="\"C:\\PROGRA~1\\MOZILLA.ORG\\MOZILLA\\MO
Other registry entries might be necessary to set Mozilla as the default browser.
Other handy tips for mozilla configuration (such as locked config items, automatically generated personal config, etc) can be found at http://www.alain.knaff.lu/howto/MozillaCustomizati on/
This is used in the schools participating in the LLL project.
Some Highlights:
- Any configuration options accessible in prefs.js can be stored in a locate mozilla.cfg file (optionnally locked in such a way that it can no longer be overridden by the user):
- Disable 'Open Unrequested Windows' (kill pop-ups),
- Enable HTTP Pipelining,
- Set toolbar to 'Pictures only',
- Set Home Page to my organization's intranet site,
- Set start page to 'Blank page',
- Enable Middle-click for new tab,
- Enable control+enter for new tab,
- Default downloads to 'open a progress dialog',
- Disable Javascript and Plugins for Mail & News
- Using mozilla's own registry (%USERPROFILE%\Application Data\Mozilla\registry.dat) set the profile directory (which contains prefs.js et al.) to be on the user's home directory (H:\). That way, you can have a personalized configuration (Mail & News) automatically created by a script. When the user first logs in, he doesn't need to set his email address, server name, etc for using Mail & News, everything is already done for him!
- Disabling of the bulky XUL.mfl file (whose sizes quickly add up if you have thousands of users): just create a directory named XUL.mfl, and Mozilla will be unable to create that file, and it will still work correctly!
- Automatical loading of the needed registry entries as soon as user logs in, using a netlogon script
At LLL, we deploy our machines using Udpcast, which might not be appropriate in your case (all your machines are different), but as other posters have pointed out, most of the client-side installation options can also be handled by a Zipfile plus a small install script to put stuff into the correct place.Well, the example of the gravel was somewhat extreme and unrealistic. In reality, you'd probably get the item you ordered, but it might not be in a working condition, which might not be obvious by visual inspection. And do you really think the delivery guy would have the patience to wait until you've fully tested that digital gizmo that you ordered?
And, as other people have mentionend, the corresponding East German agency was Stasi, wich is short for StaatsSicherheit, which means "State Security".
No "homeland" in either of them, fitting as it might be...
The Cds make even better ornaments after a small trip to the microwave oven.
How naive can you be? The $400 bill was obviously only for Gateway's usage. I bet, after all was said and done, GeekZilla and his friend just split the $400, and had a good laugh at gateway's expense ;-)
You got lucky. Unfortunately, it is still rather more difficult to find a retailer that builds his own laptops than it is for desktops. Here in Luxembourg, there is one such a retailer, but unfortunately, their laptops are so much overpriced that even without Windows they are 200 more expensive than the competition with windows... Unfortunately, this situation puts us Linux users into an interesting dilemna: pay more (and do not support Billyboy), or pay less (with the knowledge that some part of the small price went into Billy's pockets).
That should teach you, bringing a cellphone to the cinema!
Not sure whether it's the same in Postgresql, but in oracle, it would be:
The idea is to keep two sets of backups: one onsite (i.e. at home), and another one at a remote location (i.e. at the bank).
Even if the contents is not insured (what's the monetary value of your personal data anyways?), the probability that something happens both to your home and to your bank is quite slim.
But what if you get fired? (in this slow economy, that is much more probable than having sth physical happening to your backup media...)
Wouldn't signals "leak" from one floor to the one above and below? Which would make it indeed 3D, wouldn't it?
However I agree, 4 is still better than 3.