It's actually even better than that. The official recommendation is a/48 per end-site. As far as I have been able to tell, I think ISP's are generally following that. I had heard something about using/56 per end site for residential users. That still gives people plenty of room to have multiple subnets though.
I definitely agree with the concerns about IPv6 in the enterprise. Sure, almost everything has had some IPv6 support for years, but the feature parity with IPv4 was not there. (For example maybe something supports OSPF / BGP with IPv4 but only static routes with IPv6...or you can reference address groups from within a IPv4 ACL but not from IPv6). Even today some vendors (*cough* Juniper on their EX switches *cough*) see IPv6 routing as "extra" feature that isn't available on the basic license level. This is unacceptable, and shows a complete disconnect between vendors and enterprises / service providers with respect to what's actually needed for real world IPv6 deployments.
It would be interesting as well to know how much of an impact this would have to people on the Martian surface. Mars's magnetic field is pretty weak compared to ours. I guess they would be a little better protected just by the planet surface itself.
Even on the Apollo missions to the moon, they recognized that a solar storm could be a significant threat to the astronauts. Given the infrequence they decided to just take their chances. But the time they spent outside of the LEO was pretty low compared to what a Mars mission would entail.
My point is that RH isn't going to make that kind of change in an existing version of RHEL.
Now upgrading from 5 -> 6, or 6 -> 7 whenever that's released. Yeah...stuff's going to change. Maybe they'll put this in RHEL 7. But I don't this significant of a change would be pushed down as a normal update within v5 / v6 even in a 6.x or 5.x update.
I for one would much rather control which network can access a service in one place (a centralized firewall), rather than manage it through ten different config files that use different syntaxes on a bunch of servers for every service.
Yep...I do this with Unison so writes on both sides can be replicated. Granted - I'm not replicating significant amounts of data, I've heard Unison may have problems with large volumes of data. But I think the Internet connection would be more of an issue than that.
Yes, ISP's need to be responsible and take action against spammers, and yes, ISP's who continually fail to do so on a significant scale over a long period of time are fair game to block, but in this particularly instance it sounds like Spamhaus's actions may have been abusive and rather arrogant. I use Spamhaus's blocklist myself, but organizations like Spamhaus and Cisco SenderBase need to take some responsibility to ensure that they are not unduly effecting legitimate businesses and networks. Taking large-scale blanket actions that effect many legitimate sites undermines the anti-spam industry as a whole, because it makes it more difficult for people to rely on anti-spam products/services.
Reverse DNS doesn't have to match the domain that they are sending mail from. It should just match the name that the mail server is presenting when it does a HELO. There should also be an A record out there for that hostname pointing to the IP.
You should probably worry more about people using P2P protocols than just browsing the web. A web proxy is probably not the best tool to reduce your business's risk in that situation. I would wager that there is a substantially higher risk of being "caught" using P2P software to share copyrighted content, than browsing websites that have content for download.
Regardless, if there is a substantial financial risk to the business from copyright violations, it should be easy to justify spending money on something. Barracuda has a decent web filter - but again, they may not be what you need.
True - but then it would be the person at home (or who runs the proxy) who would appear to be sending the traffic. So it would not be the business's problem.
Is that asynchronous though? I haven't personally tried, but from my research it seemed like DRBD could do writes on both nodes, but only using synchronous replication. In my situation I have a long/thin VPN link connecting the two sites, so I having the local server wait until the remote one has committed the write wasn't going to work. I'm trying to find an excuse to use DRBD or GlusterFS for something though:)
If you're willing to forgo something out of the box, look at Unison (http://www.cis.upenn.edu/~bcpierce/unison/). It's like rsync but does bi-directional synchronization.
If you want to do block level replication (which would inherently only transfer the data that's changed), you could look at GlusterFS or DRBD. They both support asynchronous replication - though you can't do bidirectional synchronization with that.
I'm moderately liberal, but ultimately, why shouldn't people who want to live in rural areas have to pay more for services? It costs more to provide services to them.
If people choose to live out in the sticks, they should be forced the understand and pay for their services. The reality is that it's a hell of a lot more efficient and less expensive to provide services (water, power, Internet, phone, cable, etc) to people in high density urban areas. That's what we need to be moving towards - not making it easier for people to live out in the middle of nowhere and subsidizing their services to prevent them from knowing the true costs of living out there. Country people talk about how expensive cities are - well living out in the sticks would be more expensive as well if they had to pay the true costs of obtaining phone and other services.
Honestly, I agree with people that are saying that 5 GB is very little for a normal Internet connection. But who the hell uses mobile broadband for their primary internet connection. I've been thinking about getting VM's broadband to go to occasionally use when I can't get wifi since its so cheap. But I can't imagine using any kind of mobile broadband (regardless of carrier) as my primary Internet connection that I would use to download ISO's / movies / etc. For me, mobile broadband / tethering is something to use when I'm away from my house, and can't use wifi for some reason. Maybe this will change with Wimax, but we don't have that yet here...
Not sure what all of the other people posting on this topic were thinking. Have any of you heard of ARP poisoning? Having a switched network offers little to no protection from MITM attacks unless you and your attacker are on separate L3 networks.
Why should C-level execs care about what model processor is used in their computers? Office users aren't looking for the absolute greatest performance, they're looking for reliability, manageability, and cost. I can guarantee that no typical* medium or large size business will make a decision on which vendor to use for office computers based on the performance benchmarks. Frankly, who gives a shit about the motherboard in a typical office user's computer. It doesn't matter, certainly not to upper management. Choose something that has a reasonable cost, a solid long term support contract, and is easy to manage in your existing environment. If anything, the support contract, expandability (adding dual monitors later, or adding more memory for heavy data analysts or future software upgrades), and the existing vendor relationships are far more important than performance benchmarks.
*Assuming they're not using them to render lots of graphics or do other very specific, specialized tasks.
No...realistically it would be extremely difficult to use nuclear weapons as a response to anything other than a nuclear attack. This system would give us a conventional response that might deter more than just a nuclear attack.
Here in Indianapolis, I've never had to get a code to access Starbucks wifi via text message. Just sign in with the username/password that I've registered my card under. And while I've heard that its 2 hours per day of wifi (as long as you use a card every 3 months or something), I've never been kicked off after two hours.
Who doesn't let you create TXT records?? I've used DynDNS's Custom DNS service, Slicehost, and GoDaddy's DNS service and I've always been able to create TXT records. I'm not doubting you, but I for one would be royally pissed off if I signed up for a DNS service that didn't actually support all of the normal records.
Slashdot Mirror
Definitely not cool...but am I the only one that found the numbers amusing
Permits cost up to $1,500, says Forest Service spokesman Larry Chambers, and reporters who don't get a permit could face fines up to $1,000
I don't think it was the loudness of the ride that killed the Concorde...but rather the cost of the tickets (and the rising cost of fuel).
Hahahahaha! Not that I really think there's any use in prolonging the inevitable with Itanium, but I just love hearing about Oracle getting fucked.
Realistically though, I have a feeling that a Thunderbolt NIC dongle costs quite a bit more than it would cost to put the NIC on the motherboard.
It's actually even better than that. The official recommendation is a /48 per end-site. As far as I have been able to tell, I think ISP's are generally following that. I had heard something about using /56 per end site for residential users. That still gives people plenty of room to have multiple subnets though.
I definitely agree with the concerns about IPv6 in the enterprise. Sure, almost everything has had some IPv6 support for years, but the feature parity with IPv4 was not there. (For example maybe something supports OSPF / BGP with IPv4 but only static routes with IPv6...or you can reference address groups from within a IPv4 ACL but not from IPv6). Even today some vendors (*cough* Juniper on their EX switches *cough*) see IPv6 routing as "extra" feature that isn't available on the basic license level. This is unacceptable, and shows a complete disconnect between vendors and enterprises / service providers with respect to what's actually needed for real world IPv6 deployments.
When the $40 point and shoot camera satisfies the needs of 98% of the market...then it's a bit different story.
It would be interesting as well to know how much of an impact this would have to people on the Martian surface. Mars's magnetic field is pretty weak compared to ours. I guess they would be a little better protected just by the planet surface itself.
Even on the Apollo missions to the moon, they recognized that a solar storm could be a significant threat to the astronauts. Given the infrequence they decided to just take their chances. But the time they spent outside of the LEO was pretty low compared to what a Mars mission would entail.
My point is that RH isn't going to make that kind of change in an existing version of RHEL.
Now upgrading from 5 -> 6, or 6 -> 7 whenever that's released. Yeah...stuff's going to change. Maybe they'll put this in RHEL 7. But I don't this significant of a change would be pushed down as a normal update within v5 / v6 even in a 6.x or 5.x update.
Have you ever used RHEL / CentOS? I hightly doubt they will push out a completely different logging system as a normal update in an existing version.
I for one would much rather control which network can access a service in one place (a centralized firewall), rather than manage it through ten different config files that use different syntaxes on a bunch of servers for every service.
Yep...I do this with Unison so writes on both sides can be replicated. Granted - I'm not replicating significant amounts of data, I've heard Unison may have problems with large volumes of data. But I think the Internet connection would be more of an issue than that.
Yes, ISP's need to be responsible and take action against spammers, and yes, ISP's who continually fail to do so on a significant scale over a long period of time are fair game to block, but in this particularly instance it sounds like Spamhaus's actions may have been abusive and rather arrogant. I use Spamhaus's blocklist myself, but organizations like Spamhaus and Cisco SenderBase need to take some responsibility to ensure that they are not unduly effecting legitimate businesses and networks. Taking large-scale blanket actions that effect many legitimate sites undermines the anti-spam industry as a whole, because it makes it more difficult for people to rely on anti-spam products/services.
Reverse DNS doesn't have to match the domain that they are sending mail from. It should just match the name that the mail server is presenting when it does a HELO. There should also be an A record out there for that hostname pointing to the IP.
You should probably worry more about people using P2P protocols than just browsing the web. A web proxy is probably not the best tool to reduce your business's risk in that situation. I would wager that there is a substantially higher risk of being "caught" using P2P software to share copyrighted content, than browsing websites that have content for download.
Regardless, if there is a substantial financial risk to the business from copyright violations, it should be easy to justify spending money on something. Barracuda has a decent web filter - but again, they may not be what you need.
True - but then it would be the person at home (or who runs the proxy) who would appear to be sending the traffic. So it would not be the business's problem.
Is that asynchronous though? I haven't personally tried, but from my research it seemed like DRBD could do writes on both nodes, but only using synchronous replication. In my situation I have a long/thin VPN link connecting the two sites, so I having the local server wait until the remote one has committed the write wasn't going to work. I'm trying to find an excuse to use DRBD or GlusterFS for something though :)
If you're willing to forgo something out of the box, look at Unison (http://www.cis.upenn.edu/~bcpierce/unison/). It's like rsync but does bi-directional synchronization.
If you want to do block level replication (which would inherently only transfer the data that's changed), you could look at GlusterFS or DRBD. They both support asynchronous replication - though you can't do bidirectional synchronization with that.
I'm moderately liberal, but ultimately, why shouldn't people who want to live in rural areas have to pay more for services? It costs more to provide services to them.
If people choose to live out in the sticks, they should be forced the understand and pay for their services. The reality is that it's a hell of a lot more efficient and less expensive to provide services (water, power, Internet, phone, cable, etc) to people in high density urban areas. That's what we need to be moving towards - not making it easier for people to live out in the middle of nowhere and subsidizing their services to prevent them from knowing the true costs of living out there. Country people talk about how expensive cities are - well living out in the sticks would be more expensive as well if they had to pay the true costs of obtaining phone and other services.
Honestly, I agree with people that are saying that 5 GB is very little for a normal Internet connection. But who the hell uses mobile broadband for their primary internet connection. I've been thinking about getting VM's broadband to go to occasionally use when I can't get wifi since its so cheap. But I can't imagine using any kind of mobile broadband (regardless of carrier) as my primary Internet connection that I would use to download ISO's / movies / etc. For me, mobile broadband / tethering is something to use when I'm away from my house, and can't use wifi for some reason. Maybe this will change with Wimax, but we don't have that yet here...
Not sure what all of the other people posting on this topic were thinking. Have any of you heard of ARP poisoning? Having a switched network offers little to no protection from MITM attacks unless you and your attacker are on separate L3 networks.
Why should C-level execs care about what model processor is used in their computers? Office users aren't looking for the absolute greatest performance, they're looking for reliability, manageability, and cost. I can guarantee that no typical* medium or large size business will make a decision on which vendor to use for office computers based on the performance benchmarks. Frankly, who gives a shit about the motherboard in a typical office user's computer. It doesn't matter, certainly not to upper management. Choose something that has a reasonable cost, a solid long term support contract, and is easy to manage in your existing environment. If anything, the support contract, expandability (adding dual monitors later, or adding more memory for heavy data analysts or future software upgrades), and the existing vendor relationships are far more important than performance benchmarks. *Assuming they're not using them to render lots of graphics or do other very specific, specialized tasks.
No...realistically it would be extremely difficult to use nuclear weapons as a response to anything other than a nuclear attack. This system would give us a conventional response that might deter more than just a nuclear attack.
Here in Indianapolis, I've never had to get a code to access Starbucks wifi via text message. Just sign in with the username/password that I've registered my card under. And while I've heard that its 2 hours per day of wifi (as long as you use a card every 3 months or something), I've never been kicked off after two hours.
Who doesn't let you create TXT records?? I've used DynDNS's Custom DNS service, Slicehost, and GoDaddy's DNS service and I've always been able to create TXT records. I'm not doubting you, but I for one would be royally pissed off if I signed up for a DNS service that didn't actually support all of the normal records.