Like I said, if you don't like it, go somewhere else. THe owners of the place will get the message if enough people do.
Sorry if that sounds a bit liek a 'shutup', it is not intended that way, but this subject has been discussed so often that you can assume it is known and that the owners don't care.
> This is not an ideal solution. > blahblahblahblahblahblahblah
Yeah we know. Light mode is however a practical solution that works today, unlike rewriting slash.
> In fact, such a move has already been advocated. I don't know how Slashcode works
Why not download the slash code and look for yourself? The code is available. You will find that what you propose is possible, but that rewriting Slash from scratch might just be about as much work.
Just in case, I completely agree that the html that slash produces is junk and should be fixed, but there are only 3 things you can do with regards to that: sit down and wait, do it yourself, or pay someone to do it.
As you might imagine, the later 2 are a lot more effective then the first one, and both are feasable since you can in fact download the code and (have someone) fix it.
Hmm, rereading the discussion a bit, I think your last post warants a slightly longer answer.
First of all, when you are going to 'tie' a bunch of computers together, you rather get yourself a switch.
With this you can go from a very simple $20 4 port ethernet switch upto a huge device from for example Cisco, and you can also build one using a PC in special hardware.
The last option is only cost effective if there is somethign really special that you want from it, and that you can't achieve with standard solutions.
At any rate, regardless of it beign 4 or 40k computers, just like you, I'd end up using a nice switch (or a room full of them)
You may also need routing between (virual) lans, dependign on size.
You may also need a border device (or devices) between your internal network and the outside world.
When I talk about a firewall, I talk about the constructuion of devices that seperates your network from the outside world. I am aware that many slightly more advanced switches have ip filtering functionality, which is very usefull, but is not really enough for at least the many cases that I have been involved in (for arguments mentioned earlier)
At any rate, for the purposes you mention, I'd most likely end up with the same solution as you, but for protecting my network from the outside world, and for example for seperating my servers from the rest of the network, I want something more specialized then what is basicly a generic switch that happens to be able to act as router and has ip filter functionally.
For as far as management goes, snmp agents exist, web based administration exists, and administrating 1000s such devices is quite possible (think Yahoo, Google, they have to deal with exactly the same maintenance issue for their cluster nodes, the solutions do exist, and have proven to be practical)
Cost.. if this is the only unix like environment you will use, then cost of figuring it out may be high, but if you already use unix like environments, much of the investment in figuring it out is reusable, and so should not be counted against that first device really.
You are of course right that Linux is free as in beer only if your time is free, but becauuse I already invested time in learning to use such environments (my personal favorite is FreeBSD, not Linux btw) then the next time you haev to setup/configure/use one, you logically do not have to do the same investment again.
You did at one day have to learn whatever the system is you are using today as well.
It is legitimate to compare those 2, it is not very legitimate to use it as a cost argument for one and not the other.
Given that this particular cost applies in both cases, the difference between being free upfront or not remains the same, but as you correctly point out, is only part of the argument.
Anyway, thanks for the enjoyable discussion, its always good to be reminded of what 'the other guys' do that are busy on the same kind of networks as me;)
> The thing about being the biggest/largest/tallest/longest etc of something, is that you only keep the title as long as nothing else comes along and surpasses you.
> This is where you are wrong, I think. A private entity will not be doing this for the sake of doing ("we have to enforce the law"). As long as it (the entity) is not making money on these suits, I'm comfortable, that it will not "go on a fishing expedition".
I doubt they will go onto a fishing expidition, I also strongly doubt the claims with regards to damage that are made. I first of all see an incentive to control distribution of copyrighted works and obstruction of alternative means of distribution.
THeir policy is to try to shutdown the networks and if not possible, try to get laws passed that will give them the desired control and meanwhile scare people away from the sharing networks.
I see their actions against people who share as a way to help that (and one of the few that has legal ground), as you correctly point out they are generally not economically interesting for them, so the argument of getting their damage compensated, which is what civil court is for, is not a very valid argument for having them at all. (I guess this is also where the source lies for our different opinions on this matter)
RIAA or any similar organisation should not be allowed the potential to use the legal system that way, which is just another reason why I think copyright infringement should be handled as either a fellony or a crime depending on the situation and scale, and why it doesn't belong in civil court in this way.
To start with, someone with your knowledge of the legal system, should know, that in the civil suit there is no "guilt". There is (or there is not) "responsibility". O.J. Simpson is not guilty of killing his wife (as per the criminal trial), but is responsible for her death (as per the subsequent civil suit). But I understand your meaning and will likewise use the term "innocent" as "not responsible"...
Good point. This is not exactly how the RIAA wants to tell the story, but quite true of course.
I don't have to prove anything. RIAA does. You are trying to convince me -- and the rest of Slashdot, that we have something to worry about. And "I, for one," remain unimpressed.
Okay, bad use of language maybe, 'you' refered to the party seeking damages in general, so in this case the RIAA. They will have to prove, but only to a low standard, that someone infringed and caused them damage in this specific case. My issue is that the low standard of proof they have to provide.
There is a big difference between something being true and it being provable. For me to worry about something like this, I need to sincerely:
1. doubt the responsibility of the accused;
2. fear, that many innocents may be purposely targeted in the future in the same manner. ("And when they came for me, there was no one left to speak for me.");
3. fear, that this kind of tactics may be used selectively against political opponents.
Your original post begins with the assertion, which takes care of the 1. Indeed, you claim, that:
WHat is beign questioned is how that is dealt with by RIAA and the legal system.
To which I respond, that since RIAA is not making money out of these settlements -- they spend more on investigations and the lawyers, than they get from the folks -- there is no reason to fear, that this "abuse of the legal system" is sustainable. This aleviates the concerns of the 2.
No it does not aleviate the concerns of 2.
The quote you refer to is the exact reason why. You should not wait till they are halfway on the list, you should not question how long the list is and how far they are from you, you should question the thing as a matter of principe.
As far as 3., well, we haven't seen that yet. The political process, luckily, remains such, that all sides have enough money to be able to defend themselves in courts.
The problem with 3 is that wether the opponents are political or not is irrelevant. Issue 3 won't be too much of an issue in case of the RIAA tho.
What remains is your unabashed hatred of the RIAA, and your willingness to tolerate the abuse of the intricacies of the legal system to defend the illegal downloaders against the fines. I'd rather you defend the victims of anti-speeding laws...
I have repeatedly stated that I do not mind action being taken against people who distibute copyrighted material illegally. I do object to a private organisation doing that. There are too many reasons for listing all of them here why in virtually every case such things are a task of law enforcement agencies and not private agencies. I see no reason why it should not be the case here, and many why it should.
I also see quite some objections to also allow such a private organisation to do this with a lower standard of proof then is required for criminal cases. I do see that problem whenever a private organisation goes after people who commit a crime.
As for defending file downloaders, where I live it is legal to do so, but distributing (sharing) is not. You may have noticed that I have called it criminal also, not because it is theft btw, but because infringing someones rights should be considered a crime.
You may also note that the RIAA goes after peopel who share files, not those who download them.
- Yes you need routing, and a router is the appropriate device. Also, I quite see the usefullness of vlans,
If it is the appropriate type of device for building a firewall that protects your network from another network is an entirely different issue.
- When you look for a solution, you define your requirements and look which one fits them best. If none provide an exact match, you select the one that provides the closest match, taking into account the priority of the different issues where you have a mismatch. Performance needs to be acceptable, but beyodn that it has a lower priority then providing the required level of security. If there is no difference in the later, then best performance will be a more relevant argument again in the decision.
What you do not do is take the feature list from solution 1 and see how well the feature list of solution 2 matches it. (I know this is common practise, but it is not a good way to find a suitable solution)
> I have tested and documented Cisco FWSM with 18K ACL's and they performed at full wire speed (100Mbps) for a fortune 300 company.
Yes, thequestion is, with what latency, and what kind of filtering.
> I also did th same tests with a 525 and it maxed at 94Mbps.
Again, same question.
> I'm not sure about OpenBSD though.
I have had both OpenBSD and FreeBSD max out at over 95mb/sec with a latency of less then 1ms, and with full inspection of all packet headers.
I have had 525s and similar drop state because of the state table overflowing, crash due to running out of memory at critical moments etc. I have seen OpenBSD crash as well, but on crash it reported what I had to change to make it work (mbufs). FreeBSD 'tuned' itself more properly for the situation by default it seems, and on its most recent versions won't crash on such situations even when mistuned (tho older versions did)
That is the difference between the real world and bandwidth measurement in theoretical situations. There is more to a reliable router/switch/firewall then its bandwidth really.
I have seen the 525 crash on its content scanning, and eventho all situations I am aware of were fixed by Cisco, none was fixed in hours or even days, leaving the network vulnerable to a denial of service attack. This was also a direct security issue because one of the protected servers was the primary DNS, and people were trying to spoof that machine (for which it is very helpfull if you can kick the real machien off the net)
One was as simple as passing content through its filter that consisted of 16gb of zeros being compressed into a zip file.
The machine I used for testing this would cost approx $400, setup time was approx 2 hours, which made the total cost of it way below $1000. Tell me where I can get a 525 with on-site installation and configuration for that.
It is running FreeBSD now and used for production. Time for support so far (over 10 months time) is less then a day, and that was due to a change in network layout and requirements, not for actual failure of the hardware or software. The change to FreeBSD took less then an hour btw.
It does content filtering as well for smtp and http traffic (besides virus scanning and spam filtering), and has a nice ids package.
But I do use quite soem cisco hardware. I use it if I need somethign that is primarely router or switch. I will use their ip filtering options also, but that does not a firewall make.
When I need a firewall, I will gladly skip on them, they may be a match in performance (tho in my experience they are a bit less good, definitely not better) but there is a lot more to a firewall then how fast it can throw packets from one interface to the other.
First of all, I use a firewall because I am taking a security measure.
For this, it is rather important that the firewall does its job well with regards to its security features.
Reliable statekeeping makes for a better filter, it reduces possibilities to hijack sessions and delivering invalid packets to servers that are supposedly protected by the firewall.
It is my experience (which seems to be shared by many on the various security mailinglists) that pf does a much better job in this then cisco, and with a much better performance. (btw, the number of ACLs is virtually irrelevant with pf, the 'path' that is followed through the chains of acls is what determines performance)
Then there is the matter of content filtering. Here Cisco definitely starts out with an advantage, it is a standard feature, and within some limits, it does its job. On Open/FreeBSD I will have to solve this with a variety of packages dependign on the protocols that I use. This makes this setup more complex to manage, and means that the person configuring the firewall will have to have better knowledge of what they are doing. (suggested packages, apache + mod_security for http and any mta you like, all of them support filtering)
> It is not "extremely exceptional" that someone is found civilly liable despite the lack of a criminal conviction. It often happens in civil rights cases against police departments. It happened to O.J. Simpson. It happened to Bernie Goetz.
That there are cases where it happened does not show in any way that it is exceptional or not tho. (somethign I actually pointed out already but ok.)
> Civil courts and criminal courts perform different functions. Criminal courts vindicate the public interest in *punishing* crime while civil courts compensate each individual for injuries to his person or property. It is only because the criminal system can jeopardize life or limb that a higher standard of proof is thought necessary there. And no matter which way you want to spin things, requiring a defendant to compensate for an injury that she has caused is not punishment; it is restitution.
So, who do you ask for restitution>? the person who is responsible for causing the damage.
If this person is found guilty in criminal court, you will have a lot easier time heldign that person responsible in civil court also and actually claiming your compensation.
When civil courts are being used to award restitution, there should be a proper level of investigation and documentation of those damages, and actually, there should be a level of proof that those damages occured.
> The lack of criminal enforcement simply means that the public interest is better served in prioritizing prosecutions for murder, rape, or robbery. Just because a criminal law isn't enforced in a particular circumstance doesn't mean than an injury to a legally recognized interest hasn't occurred. In fact, this is precisely why the ability to pursue civil remedies is so important.
Good points, but it does not justify using civil courts for what should be criminal prosecution really.
You are wrong with regards to why the standards of proof are as they are, at least when lookign at reality. It may well be that that was the original reasoning. When civil courts can award milions of dollars in damages, they can in effect jeopardize life and limb as well. There is good reason for havign a hight level of proof in criminal court, and really, that comes first of all from the understandign that you can better have a free criminal then an innocent man in jail. By the same reasoning, you better go without restitution then havign the wrong people pay it.
I'm sorry but civil court is not the proper place for fighting this, and what is happening here is circumventing the system because of not agreeign with the priorities the system sets.
> What the parent seems to suggest is that the RIAA should have to prove the accused's guilt "beyond a reasonable doubt." This is the standard for criminal charges.
Yes, that was indeed what I meant.
> I certainly don't want file sharing to be a crime, punishable by jail.
jail and/or fine. (jail is not the only type of punnishment you can get in criminal court)
There are a few reasons to want this actually:
1. We do not need a 'copyright police', the normal one will do perfectly fine. 2. We do not need the RIAA, MPAA and whomever to be able to get our private information from ISPs or such, it is bad enouhg (tho understandable) that government agencies can do that. 3. The level of proof makes it a lot more difficult to use bully tactics in criminal court.
Those who actually break the law should nto whine abotu the consequences, but untill proven guilty, noone should be held guilty. What the RIAA is doing is proclaimign peopel guilty without proper proof. To me that (together with compensation of thousands of dollars) is directly underminign the legal system.
> For that argument to have any ground in this conversation, that has to mean that you think they are accusing people who didn't do it.
No, all it means is that I consider the possibility of that happening, and wanting to exclude it.
You REALLY should look a lot more at how law is supposed to work and what this idea of justice is about and how it is supposed to work.
Then, the amounts being claimed by the RIAA are highly debatable, and yes, that should be decided by someone else then RIAA lawyers.
There is a lot more to justice then deciding who is rigth and who is wrong, and even when it seems obvious from the start who is right and who is wrong, it is still an extremely good idea to prove it. May sound like a waste of time to you, but ensuring that such thuings are followed is the only protection you have that allows you to prove innocense while most people believe you are guilty.
> If you're unhappy that the guilty people aren't getting a chance to get off. I see a lot of problems with that as well.
No, I am unhappy that no proper proof is beign used and that the legal system is being frustrated.
> The best course of action is to help the system fail faster. They'll not make enough money in litigation to support their industry. Force them into changing their business model to adapt instead of allowing them to rape the wallets of artists and consumers.
THose are 2 independent issues. We have an issue with the RIAA maybe over their business model and what not.
We also have an issue with the RIAA over how they are dealing with people who most likely did somethign wrong.
2 different issues, 2 different answers.
I agree that peopel should not buy the junk that RIAA members are sellign etc etc. That however is not what the discussion was about.
> From the beginning of your post you aknowledge the fact, that the accused are responsible as the accusors charge. So why argue about the standard of proof at all?
Accused, when found guilty, are responsible for what they did. Untill they are found guilty, they are accused of, suspected of, but NOT GUILTY.
This is fundamental to how law and justice work.
You still have to prove an accusation, AND IF IT IS TRUE, you can hold the person responsible for it.
Those are really 2 independant things.
> Or do you, in fact, sincerely believe, that some of the people RIAA, who has targeted so far, are innocent?
I do not know, nor do you.
That is exactly why it has to be brought to the proper court with the proper kind of proof.
There is a very serious chance that there are people among those accused that did not do wrong, but simply cannot afford to fight the situation, even less so in the face of civil court with its low standards for proof.
> Or are you, perhaps, afraid, that RIAA (or MPAA) will, in the future use the same tactics to go after the much wider group of people, and there will be innocents there?
There is no reason to assume that it did not happen already, neither is there a reason to assume that it did. This is exactly why stricter levels of proof are required.
> That would be a legitimate concern, of course, but as long as it still costs RIAA more (in absolute terms) to wage each of these little battles, than it gets from the "victims" in settlements, there is no need to worry -- they are not making money off these settlements. They just want to scare people enough for the illegal downloads to stop.
As long as people have a big chance on losing regardless of being right or wrong, people are not going to fight it if they have a cheaper way out. This is directly frustrating the legal system and because of that an absolutely unacceptable practise.
There are working ways to deal with criminals that do not involve bullying people, scare tactics, frustrating the legal system etc. They should use those instead.
> Whether this is a wise plan or not should not concern us...
Yes it should, it undermines the legal system.
A very serious problem resulting from the RIAA way of doign things is the loss of proportionality in punnishment. Prop[ortionality is what makes that shoplifting is not punnished the same way as murder. It is extremely important that crimes that are coinsidered more serious are punnished in a more heavy way. What happens here is circumventing that alltogether.
> Do you complain when alleged murderers are sued in civil court for wrongful death because of the lower standard of proof?
Yes I do. They should be brought to justice in criminal court, not civil court. Once that has happened, it can happen that victims use civil court to get compensation, but that has nothign whatsoever to do with pubishing a crime, and it si extremely exceptional that such a thing stands a chance when someone has been found not guilty in criminal court. (exceptions exist, but like I said, EXTREMELY EXCEPTIONAL and as such no proof of the opposite)
> Frankly, if you want the RIAA to be able to pursue criminal sanctions, then you should be willing to give them full police powers to pursue those sanctions. But somehow I think you'd protest that, too.
No, it means they'll have to file a complaint with the authorities who will haev to pursue it. That the authorities don't do this does not validate their current tactics.
Civil court is not the place for criminal; prosecution, no matter which way you want to turn it.
Thank you for fillin pages and pages with text.. sadly enough your post is entirely irrelevant for the discussion.
The issue at hand is not wether IP is good or bad, but wether the RIAA should be allowed to use civil courts and the lower standard of proof, and use bully tactics to prevent people from having a fair trial.
Thatnks for trying tho.. lets see if you can copy/paste as logn a text that is actually on-topic..
> That's just silly. A person who has a 1000 downloaded albums clearly loves music and would have VERY PROBABLY bought at least a few of them if that was the only way to get them. And when the users of P2P are calculated in millions, that amounts to a HUGE amount of albums, even if there are some who indeed wouldn't have bought any.
So.. lets say they might buy like 5 out of 1000 albums? That is a whopping 0.5%...
Don't forget that there are aslo peopel who only buy things after having heard them (due to downloading them).
So far NOONE has ever provided any proof of the recordign industry losing money or sales on downloads.
Untill there are reliable, INDEPENDENT studies to this, it is all guess work, and as a result, not soemthign that could serve as valid proof in court. Sadly, due to this all being handled in civil courts, such proof is not needed either.
> IMO, downloading MP3s is no different than when we used to trade tapes at the skating rink or youth center. These tapes were often made from the radio (remember sitting with your finger on the PAUSE button?)
> You don't see a difference between a degraded one-off versus hundreds of millions of 1:1 digital copies?
While there are some high quality mp3 files on sharign networks, most of them are horrible in uqality. Honestly, many of my 20 year old tapes sound better then many of the mp3s you get from hsaring networks (and just in case, where I live it is illegal to share, but perfectly legal to download, so yeah, I can check that legally)
> The facts are that MP3s are LOW quality (completely horrid, as far as I am concerned,)
320 kbps MP3's are completely acceptable, in my opinion.
Yeah, and 320kbit mp3s are not that easy to find on the sharing networks. Most is 128kbit or 192kbit. The later is acceptable for my portable mp3 player, but not for my home sound system really.
It is so easy to only look at the extremes and then draw a conclusion, but your conclusion is bound to be wrong.
Heh.. while I hate webpages that think its a good idea to just force some multimedia through my browsers throat.. I do have a few suggestions for you..
1. Tell firefox to start something other then xine for.mp3 files 2. Tell firefox to use mplayer and install the mplayer plugin for Firefox instead of using Xine for video.
Your web experience will eb a lot better for the cases you do run into such media again.
Xine is very cool, and I use it quite a bit, but it does not work well at all for web based media files.
And I get sick of people who blindly repeat their statement regardless of the subject.
That people who downloaded or shared music that they had no right to are wrong is not being questioned at all here. WHat is beign questioned is how that is dealt with by RIAA and the legal system.
By going through civil court the RIAA has to comply wuith a much lower standard of proof, and by their tactics they more or less ensure that people will not ghet a fair trial.
Imho they are definitely right to pursue the people who infringe their rights, but things like proof for that should be held to proper legal standards.
Saying how people should not be sharing music is not contributing to that discussion, it is redundant, and in fact, off-topic.
With all respect, that is simply not the point of the article. The article questions the tactics of the RIAA with regards to people who have been caught illegally sharing music. You can talk about how those peopel were wrong, WE KNOW!!!. The article questioned oif the methods of the RIAA are right, could we kindof try to discuss that instead of repeating what we already know (how to prevent having to deal with the RIAA)
Redundant would indeed be better then troll. People know what the law says roughtly. What the article is about however is what the RIAA is doing and if people should just cave in or fight it. So... either redundant or off-topic..
Well, the things I'm dealing with do involve handling enormous amounts of mail and web traffic, so probably a slightly different segment.
At any rate, one of my friends works with asic based solutions on pci cards with either freebsd or linux on the hosting pcs. The solution is quite interesting because it also overcomes the bandwidth limits of the bus as long as you can stay on one card.
I don't have much experience with that myself, but I definitely see your point with regards to using hardware solutions. It does have certain disadvantages as well with regards to flexibility of course.
I have exactly the same experience with Cisco PIX but that is not a problem inherent to software firewalls but more to their implementation (and probably the design specs of that thing). I have had them crash and reboot or become increasingly 'clogged' and dropping connections at random under heavy load (as in, dropping from their state table, not just packet loss.. that was more the 'clogged' effect)
At any rate, if it is cheaper depends a lot on what you need. IBM may not be your prefered supplier for firewalls, and I don't think they really try to be that either, so support may cost you in their case. There are likely more competitive smaller vendors around in your area, I brought IBM into the story purely because they provide quite a solid fallback option.
The point with OSS and support is actually that multiple vendors can compete in supporting and maintaining the same product so you never get locked in to one vendor specifically.
Another issue is that with something of the scale of a university, there is a lot to gain from doing first line support for your critical infrastructure yourself, which in case of many OSS solutions is possible because both hardware and software are commodities. There is no real cost in having spare hardware around, and replacement can be so easy that you can have it done before someone can come from the vendor with a replacement part even if they are in the same street already.
It is a bit far for me to go there, and I am not sure if I'd try this with an OpenBSD or FreeBSD or Linux based solution there, it would depend a lot on the exact requirements.
Most environments would be a lot better of not having any routing between their internal network and the outside world, and using application level proxies instead for both directions where they do need to communicate. No need for fancy firewalls there, very simple packet filter, no routing, and one or more proxy servers can do a lot better then any layer-3 router (uh.. is it me or does routing rather imply layer 3...)
Will it be cost effective? well, that depends. I'm sure that specialized hardware does have a potential performance edge, so there is no doubt a point where it is more cost effective because the commodity hardware to provide similar performance either gets too complex and expensive itself, or just doesn't exist (pci bus is a huge bottleneck here in many cases). Their real advantage to me seems to be in latency however (little difference for first packet, lot more for subsequent packets)
I don't think that everything should be OSS, but when you talk firewalls and supposedly scientific environments like a university, chances are that your internally available expertise far surpasses what the vendor has when it comes to security and programming related skills, so there is imho a rather strong argument for getting something that comes with the source.
As a totally unrelated sidenote... we seem to typo in a rather similar way;P
Slashdot Mirror
Like I said, if you don't like it, go somewhere else. THe owners of the place will get the message if enough people do.
Sorry if that sounds a bit liek a 'shutup', it is not intended that way, but this subject has been discussed so often that you can assume it is known and that the owners don't care.
They may care if it hurts their income maybe..
> This is not an ideal solution.
> blahblahblahblahblahblahblah
Yeah we know.
Light mode is however a practical solution that works today, unlike rewriting slash.
> In fact, such a move has already been advocated. I don't know how Slashcode works
Why not download the slash code and look for yourself? The code is available. You will find that what you propose is possible, but that rewriting Slash from scratch might just be about as much work.
Just in case, I completely agree that the html that slash produces is junk and should be fixed, but there are only 3 things you can do with regards to that: sit down and wait, do it yourself, or pay someone to do it.
As you might imagine, the later 2 are a lot more effective then the first one, and both are feasable since you can in fact download the code and (have someone) fix it.
I think part of the idea of this approach is that you do not sell them back but keep them as reference, also after your study.
Buy less but more usefull (and time independant) books and keep them.
Heh.. get yourself an account (if needed), login and switch to 'light' mode in your user preferences... you wont get bothered by colorschemes at all ;)
Hmm, rereading the discussion a bit, I think your last post warants a slightly longer answer.
;)
First of all, when you are going to 'tie' a bunch of computers together, you rather get yourself a switch.
With this you can go from a very simple $20 4 port ethernet switch upto a huge device from for example Cisco, and you can also build one using a PC in special hardware.
The last option is only cost effective if there is somethign really special that you want from it, and that you can't achieve with standard solutions.
At any rate, regardless of it beign 4 or 40k computers, just like you, I'd end up using a nice switch (or a room full of them)
You may also need routing between (virual) lans, dependign on size.
You may also need a border device (or devices) between your internal network and the outside world.
When I talk about a firewall, I talk about the constructuion of devices that seperates your network from the outside world. I am aware that many slightly more advanced switches have ip filtering functionality, which is very usefull, but is not really enough for at least the many cases that I have been involved in (for arguments mentioned earlier)
At any rate, for the purposes you mention, I'd most likely end up with the same solution as you, but for protecting my network from the outside world, and for example for seperating my servers from the rest of the network, I want something more specialized then what is basicly a generic switch that happens to be able to act as router and has ip filter functionally.
For as far as management goes, snmp agents exist, web based administration exists, and administrating 1000s such devices is quite possible (think Yahoo, Google, they have to deal with exactly the same maintenance issue for their cluster nodes, the solutions do exist, and have proven to be practical)
Cost.. if this is the only unix like environment you will use, then cost of figuring it out may be high, but if you already use unix like environments, much of the investment in figuring it out is reusable, and so should not be counted against that first device really.
You are of course right that Linux is free as in beer only if your time is free, but becauuse I already invested time in learning to use such environments (my personal favorite is FreeBSD, not Linux btw) then the next time you haev to setup/configure/use one, you logically do not have to do the same investment again.
You did at one day have to learn whatever the system is you are using today as well.
It is legitimate to compare those 2, it is not very legitimate to use it as a cost argument for one and not the other.
Given that this particular cost applies in both cases, the difference between being free upfront or not remains the same, but as you correctly point out, is only part of the argument.
Anyway, thanks for the enjoyable discussion, its always good to be reminded of what 'the other guys' do that are busy on the same kind of networks as me
Uhm... informative? right.
> has there ever been a wave that high? are you people retarded?
First is a probable yes.. second a definite yes.
> The thing about being the biggest/largest/tallest/longest etc of something, is that you only keep the title as long as nothing else comes along and surpasses you.
Not in Texas...
> This is where you are wrong, I think. A private entity will not be doing this for the sake of doing ("we have to enforce the law"). As long as it (the entity) is not making money on these suits, I'm comfortable, that it will not "go on a fishing expedition".
I doubt they will go onto a fishing expidition, I also strongly doubt the claims with regards to damage that are made. I first of all see an incentive to control distribution of copyrighted works and obstruction of alternative means of distribution.
THeir policy is to try to shutdown the networks and if not possible, try to get laws passed that will give them the desired control and meanwhile scare people away from the sharing networks.
I see their actions against people who share as a way to help that (and one of the few that has legal ground), as you correctly point out they are generally not economically interesting for them, so the argument of getting their damage compensated, which is what civil court is for, is not a very valid argument for having them at all.
(I guess this is also where the source lies for our different opinions on this matter)
RIAA or any similar organisation should not be allowed the potential to use the legal system that way, which is just another reason why I think copyright infringement should be handled as either a fellony or a crime depending on the situation and scale, and why it doesn't belong in civil court in this way.
Good point. This is not exactly how the RIAA wants to tell the story, but quite true of course.
Okay, bad use of language maybe, 'you' refered to the party seeking damages in general, so in this case the RIAA. They will have to prove, but only to a low standard, that someone infringed and caused them damage in this specific case. My issue is that the low standard of proof they have to provide.
No it does not aleviate the concerns of 2.
The quote you refer to is the exact reason why. You should not wait till they are halfway on the list, you should not question how long the list is and how far they are from you, you should question the thing as a matter of principe.
The problem with 3 is that wether the opponents are political or not is irrelevant. Issue 3 won't be too much of an issue in case of the RIAA tho.
I have repeatedly stated that I do not mind action being taken against people who distibute copyrighted material illegally. I do object to a private organisation doing that. There are too many reasons for listing all of them here why in virtually every case such things are a task of law enforcement agencies and not private agencies. I see no reason why it should not be the case here, and many why it should.
I also see quite some objections to also allow such a private organisation to do this with a lower standard of proof then is required for criminal cases. I do see that problem whenever a private organisation goes after people who commit a crime.
As for defending file downloaders, where I live it is legal to do so, but distributing (sharing) is not. You may have noticed that I have called it criminal also, not because it is theft btw, but because infringing someones rights should be considered a crime.
You may also note that the RIAA goes after peopel who share files, not those who download them.
2 things.
- Yes you need routing, and a router is the appropriate device. Also, I quite see the usefullness of vlans,
If it is the appropriate type of device for building a firewall that protects your network from another network is an entirely different issue.
- When you look for a solution, you define your requirements and look which one fits them best. If none provide an exact match, you select the one that provides the closest match, taking into account the priority of the different issues where you have a mismatch. Performance needs to be acceptable, but beyodn that it has a lower priority then providing the required level of security. If there is no difference in the later, then best performance will be a more relevant argument again in the decision.
What you do not do is take the feature list from solution 1 and see how well the feature list of solution 2 matches it. (I know this is common practise, but it is not a good way to find a suitable solution)
> I have tested and documented Cisco FWSM with 18K ACL's and they performed at full wire speed (100Mbps) for a fortune 300 company.
Yes, thequestion is, with what latency, and what kind of filtering.
> I also did th same tests with a 525 and it maxed at 94Mbps.
Again, same question.
> I'm not sure about OpenBSD though.
I have had both OpenBSD and FreeBSD max out at over 95mb/sec with a latency of less then 1ms, and with full inspection of all packet headers.
I have had 525s and similar drop state because of the state table overflowing, crash due to running out of memory at critical moments etc. I have seen OpenBSD crash as well, but on crash it reported what I had to change to make it work (mbufs). FreeBSD 'tuned' itself more properly for the situation by default it seems, and on its most recent versions won't crash on such situations even when mistuned (tho older versions did)
That is the difference between the real world and bandwidth measurement in theoretical situations. There is more to a reliable router/switch/firewall then its bandwidth really.
I have seen the 525 crash on its content scanning, and eventho all situations I am aware of were fixed by Cisco, none was fixed in hours or even days, leaving the network vulnerable to a denial of service attack. This was also a direct security issue because one of the protected servers was the primary DNS, and people were trying to spoof that machine (for which it is very helpfull if you can kick the real machien off the net)
One was as simple as passing content through its filter that consisted of 16gb of zeros being compressed into a zip file.
The machine I used for testing this would cost approx $400, setup time was approx 2 hours, which made the total cost of it way below $1000. Tell me where I can get a 525 with on-site installation and configuration for that.
It is running FreeBSD now and used for production.
Time for support so far (over 10 months time) is less then a day, and that was due to a change in network layout and requirements, not for actual failure of the hardware or software. The change to FreeBSD took less then an hour btw.
It does content filtering as well for smtp and http traffic (besides virus scanning and spam filtering), and has a nice ids package.
But I do use quite soem cisco hardware. I use it if I need somethign that is primarely router or switch. I will use their ip filtering options also, but that does not a firewall make.
When I need a firewall, I will gladly skip on them, they may be a match in performance (tho in my experience they are a bit less good, definitely not better) but there is a lot more to a firewall then how fast it can throw packets from one interface to the other.
First of all, I use a firewall because I am taking a security measure.
For this, it is rather important that the firewall does its job well with regards to its security features.
Reliable statekeeping makes for a better filter, it reduces possibilities to hijack sessions and delivering invalid packets to servers that are supposedly protected by the firewall.
It is my experience (which seems to be shared by many on the various security mailinglists) that pf does a much better job in this then cisco, and with a much better performance. (btw, the number of ACLs is virtually irrelevant with pf, the 'path' that is followed through the chains of acls is what determines performance)
Then there is the matter of content filtering. Here Cisco definitely starts out with an advantage, it is a standard feature, and within some limits, it does its job. On Open/FreeBSD I will have to solve this with a variety of packages dependign on the protocols that I use. This makes this setup more complex to manage, and means that the person configuring the firewall will have to have better knowledge of what they are doing.
(suggested packages, apache + mod_security for http and any mta you like, all of them support filtering)
> It is not "extremely exceptional" that someone is found civilly liable despite the lack of a criminal conviction. It often happens in civil rights cases against police departments. It happened to O.J. Simpson. It happened to Bernie Goetz.
That there are cases where it happened does not show in any way that it is exceptional or not tho.
(somethign I actually pointed out already but ok.)
> Civil courts and criminal courts perform different functions. Criminal courts vindicate the public interest in *punishing* crime while civil courts compensate each individual for injuries to his person or property. It is only because the criminal system can jeopardize life or limb that a higher standard of proof is thought necessary there. And no matter which way you want to spin things, requiring a defendant to compensate for an injury that she has caused is not punishment; it is restitution.
So, who do you ask for restitution>? the person who is responsible for causing the damage.
If this person is found guilty in criminal court, you will have a lot easier time heldign that person responsible in civil court also and actually claiming your compensation.
When civil courts are being used to award restitution, there should be a proper level of investigation and documentation of those damages, and actually, there should be a level of proof that those damages occured.
> The lack of criminal enforcement simply means that the public interest is better served in prioritizing prosecutions for murder, rape, or robbery. Just because a criminal law isn't enforced in a particular circumstance doesn't mean than an injury to a legally recognized interest hasn't occurred. In fact, this is precisely why the ability to pursue civil remedies is so important.
Good points, but it does not justify using civil courts for what should be criminal prosecution really.
You are wrong with regards to why the standards of proof are as they are, at least when lookign at reality. It may well be that that was the original reasoning. When civil courts can award milions of dollars in damages, they can in effect jeopardize life and limb as well. There is good reason for havign a hight level of proof in criminal court, and really, that comes first of all from the understandign that you can better have a free criminal then an innocent man in jail.
By the same reasoning, you better go without restitution then havign the wrong people pay it.
I'm sorry but civil court is not the proper place for fighting this, and what is happening here is circumventing the system because of not agreeign with the priorities the system sets.
> What the parent seems to suggest is that the RIAA should have to prove the accused's guilt "beyond a reasonable doubt." This is the standard for criminal charges.
Yes, that was indeed what I meant.
> I certainly don't want file sharing to be a crime, punishable by jail.
jail and/or fine. (jail is not the only type of punnishment you can get in criminal court)
There are a few reasons to want this actually:
1. We do not need a 'copyright police', the normal one will do perfectly fine.
2. We do not need the RIAA, MPAA and whomever to be able to get our private information from ISPs or such, it is bad enouhg (tho understandable) that government agencies can do that.
3. The level of proof makes it a lot more difficult to use bully tactics in criminal court.
Those who actually break the law should nto whine abotu the consequences, but untill proven guilty, noone should be held guilty. What the RIAA is doing is proclaimign peopel guilty without proper proof. To me that (together with compensation of thousands of dollars) is directly underminign the legal system.
> For that argument to have any ground in this conversation, that has to mean that you think they are accusing people who didn't do it.
No, all it means is that I consider the possibility of that happening, and wanting to exclude it.
You REALLY should look a lot more at how law is supposed to work and what this idea of justice is about and how it is supposed to work.
Then, the amounts being claimed by the RIAA are highly debatable, and yes, that should be decided by someone else then RIAA lawyers.
There is a lot more to justice then deciding who is rigth and who is wrong, and even when it seems obvious from the start who is right and who is wrong, it is still an extremely good idea to prove it. May sound like a waste of time to you, but ensuring that such thuings are followed is the only protection you have that allows you to prove innocense while most people believe you are guilty.
> If you're unhappy that the guilty people aren't getting a chance to get off. I see a lot of problems with that as well.
No, I am unhappy that no proper proof is beign used and that the legal system is being frustrated.
> The best course of action is to help the system fail faster. They'll not make enough money in litigation to support their industry. Force them into changing their business model to adapt instead of allowing them to rape the wallets of artists and consumers.
THose are 2 independent issues. We have an issue with the RIAA maybe over their business model and what not.
We also have an issue with the RIAA over how they are dealing with people who most likely did somethign wrong.
2 different issues, 2 different answers.
I agree that peopel should not buy the junk that RIAA members are sellign etc etc. That however is not what the discussion was about.
Ah, hmm.. yeah, kinda time FF gets an easy way to manage plugins from its UI also.
> From the beginning of your post you aknowledge the fact, that the accused are responsible as the accusors charge. So why argue about the standard of proof at all?
Accused, when found guilty, are responsible for what they did. Untill they are found guilty, they are accused of, suspected of, but NOT GUILTY.
This is fundamental to how law and justice work.
You still have to prove an accusation, AND IF IT IS TRUE, you can hold the person responsible for it.
Those are really 2 independant things.
> Or do you, in fact, sincerely believe, that some of the people RIAA, who has targeted so far, are innocent?
I do not know, nor do you.
That is exactly why it has to be brought to the proper court with the proper kind of proof.
There is a very serious chance that there are people among those accused that did not do wrong, but simply cannot afford to fight the situation, even less so in the face of civil court with its low standards for proof.
> Or are you, perhaps, afraid, that RIAA (or MPAA) will, in the future use the same tactics to go after the much wider group of people, and there will be innocents there?
There is no reason to assume that it did not happen already, neither is there a reason to assume that it did. This is exactly why stricter levels of proof are required.
> That would be a legitimate concern, of course, but as long as it still costs RIAA more (in absolute terms) to wage each of these little battles, than it gets from the "victims" in settlements, there is no need to worry -- they are not making money off these settlements. They just want to scare people enough for the illegal downloads to stop.
As long as people have a big chance on losing regardless of being right or wrong, people are not going to fight it if they have a cheaper way out. This is directly frustrating the legal system and because of that an absolutely unacceptable practise.
There are working ways to deal with criminals that do not involve bullying people, scare tactics, frustrating the legal system etc. They should use those instead.
> Whether this is a wise plan or not should not concern us...
Yes it should, it undermines the legal system.
A very serious problem resulting from the RIAA way of doign things is the loss of proportionality in punnishment. Prop[ortionality is what makes that shoplifting is not punnished the same way as murder. It is extremely important that crimes that are coinsidered more serious are punnished in a more heavy way. What happens here is circumventing that alltogether.
> Do you complain when alleged murderers are sued in civil court for wrongful death because of the lower standard of proof?
Yes I do. They should be brought to justice in criminal court, not civil court. Once that has happened, it can happen that victims use civil court to get compensation, but that has nothign whatsoever to do with pubishing a crime, and it si extremely exceptional that such a thing stands a chance when someone has been found not guilty in criminal court. (exceptions exist, but like I said, EXTREMELY EXCEPTIONAL and as such no proof of the opposite)
> Frankly, if you want the RIAA to be able to pursue criminal sanctions, then you should be willing to give them full police powers to pursue those sanctions. But somehow I think you'd protest that, too.
No, it means they'll have to file a complaint with the authorities who will haev to pursue it. That the authorities don't do this does not validate their current tactics.
Civil court is not the place for criminal; prosecution, no matter which way you want to turn it.
Thank you for fillin pages and pages with text.. sadly enough your post is entirely irrelevant for the discussion.
The issue at hand is not wether IP is good or bad, but wether the RIAA should be allowed to use civil courts and the lower standard of proof, and use bully tactics to prevent people from having a fair trial.
Thatnks for trying tho.. lets see if you can copy/paste as logn a text that is actually on-topic..
> That's just silly. A person who has a 1000 downloaded albums clearly loves music and would have VERY PROBABLY bought at least a few of them if that was the only way to get them. And when the users of P2P are calculated in millions, that amounts to a HUGE amount of albums, even if there are some who indeed wouldn't have bought any.
So.. lets say they might buy like 5 out of 1000 albums? That is a whopping 0.5%...
Don't forget that there are aslo peopel who only buy things after having heard them (due to downloading them).
So far NOONE has ever provided any proof of the recordign industry losing money or sales on downloads.
Untill there are reliable, INDEPENDENT studies to this, it is all guess work, and as a result, not soemthign that could serve as valid proof in court. Sadly, due to this all being handled in civil courts, such proof is not needed either.
> IMO, downloading MP3s is no different than when we used to trade tapes at the skating rink or youth center. These tapes were often made from the radio (remember sitting with your finger on the PAUSE button?)
> You don't see a difference between a degraded one-off versus hundreds of millions of 1:1 digital copies?
While there are some high quality mp3 files on sharign networks, most of them are horrible in uqality. Honestly, many of my 20 year old tapes sound better then many of the mp3s you get from hsaring networks (and just in case, where I live it is illegal to share, but perfectly legal to download, so yeah, I can check that legally)
> The facts are that MP3s are LOW quality (completely horrid, as far as I am concerned,)
320 kbps MP3's are completely acceptable, in my opinion.
Yeah, and 320kbit mp3s are not that easy to find on the sharing networks. Most is 128kbit or 192kbit. The later is acceptable for my portable mp3 player, but not for my home sound system really.
It is so easy to only look at the extremes and then draw a conclusion, but your conclusion is bound to be wrong.
Heh.. while I hate webpages that think its a good idea to just force some multimedia through my browsers throat.. I do have a few suggestions for you..
.mp3 files
1. Tell firefox to start something other then xine for
2. Tell firefox to use mplayer and install the mplayer plugin for Firefox instead of using Xine for video.
Your web experience will eb a lot better for the cases you do run into such media again.
Xine is very cool, and I use it quite a bit, but it does not work well at all for web based media files.
And I get sick of people who blindly repeat their statement regardless of the subject.
That people who downloaded or shared music that they had no right to are wrong is not being questioned at all here. WHat is beign questioned is how that is dealt with by RIAA and the legal system.
By going through civil court the RIAA has to comply wuith a much lower standard of proof, and by their tactics they more or less ensure that people will not ghet a fair trial.
Imho they are definitely right to pursue the people who infringe their rights, but things like proof for that should be held to proper legal standards.
Saying how people should not be sharing music is not contributing to that discussion, it is redundant, and in fact, off-topic.
With all respect, that is simply not the point of the article. The article questions the tactics of the RIAA with regards to people who have been caught illegally sharing music. You can talk about how those peopel were wrong, WE KNOW!!!. The article questioned oif the methods of the RIAA are right, could we kindof try to discuss that instead of repeating what we already know (how to prevent having to deal with the RIAA)
Redundant would indeed be better then troll. People know what the law says roughtly. What the article is about however is what the RIAA is doing and if people should just cave in or fight it. So... either redundant or off-topic..
Well, the things I'm dealing with do involve handling enormous amounts of mail and web traffic, so probably a slightly different segment.
;P
At any rate, one of my friends works with asic based solutions on pci cards with either freebsd or linux on the hosting pcs. The solution is quite interesting because it also overcomes the bandwidth limits of the bus as long as you can stay on one card.
I don't have much experience with that myself, but I definitely see your point with regards to using hardware solutions. It does have certain disadvantages as well with regards to flexibility of course.
I have exactly the same experience with Cisco PIX but that is not a problem inherent to software firewalls but more to their implementation (and probably the design specs of that thing). I have had them crash and reboot or become increasingly 'clogged' and dropping connections at random under heavy load (as in, dropping from their state table, not just packet loss.. that was more the 'clogged' effect)
At any rate, if it is cheaper depends a lot on what you need. IBM may not be your prefered supplier for firewalls, and I don't think they really try to be that either, so support may cost you in their case. There are likely more competitive smaller vendors around in your area, I brought IBM into the story purely because they provide quite a solid fallback option.
The point with OSS and support is actually that multiple vendors can compete in supporting and maintaining the same product so you never get locked in to one vendor specifically.
Another issue is that with something of the scale of a university, there is a lot to gain from doing first line support for your critical infrastructure yourself, which in case of many OSS solutions is possible because both hardware and software are commodities. There is no real cost in having spare hardware around, and replacement can be so easy that you can have it done before someone can come from the vendor with a replacement part even if they are in the same street already.
It is a bit far for me to go there, and I am not sure if I'd try this with an OpenBSD or FreeBSD or Linux based solution there, it would depend a lot on the exact requirements.
Most environments would be a lot better of not having any routing between their internal network and the outside world, and using application level proxies instead for both directions where they do need to communicate. No need for fancy firewalls there, very simple packet filter, no routing, and one or more proxy servers can do a lot better then any layer-3 router (uh.. is it me or does routing rather imply layer 3...)
Will it be cost effective? well, that depends. I'm sure that specialized hardware does have a potential performance edge, so there is no doubt a point where it is more cost effective because the commodity hardware to provide similar performance either gets too complex and expensive itself, or just doesn't exist (pci bus is a huge bottleneck here in many cases). Their real advantage to me seems to be in latency however (little difference for first packet, lot more for subsequent packets)
I don't think that everything should be OSS, but when you talk firewalls and supposedly scientific environments like a university, chances are that your internally available expertise far surpasses what the vendor has when it comes to security and programming related skills, so there is imho a rather strong argument for getting something that comes with the source.
As a totally unrelated sidenote... we seem to typo in a rather similar way