I personally think the real y2k problem for me is going to be the endless number of phone calls, knocks on my office door, and my name being yelled in order to tell me that they have a y2k problem. I predict Excel crashes will be blamed on y2k (even though it did the same thing in 1999), blue screens, slow loading web pages, printers out of paper, dogs that pee in the house, stubbed toes, etc...
I have a solution. I call my fellow BOFH's to follow suit. Tomorrow I am going to a sporting goods store to buy a ping pong paddle that will be boldly marked "THE Y2K SMACK". It will be in my posession at all times. Blame y2k on something dumb, and SMACK!
Any other suggestions of what to do to the users would be appreciated *grin*
I set up a friend's MediaOne cable modem recently. I made the firewall a RedHat 6.1 machine, and pumpd works fine. If you're using Redhat, try it by hand. pump -i eth0 and watch your syslog. I use pump when I freelance at a couple of companies that use dhcp.
What do you mean you cant gain root access remotely? Remember getadmin.exe? Of course you can be root remotely. In fact, there are a LOT of useful administration tools that work remotely for domains as root (well, administrator, but that's besides the point).
My NT box is plenty secure. All I had to to was add all the patches, take the network card out, remove the power cable, seal it in an airtight lead box, bury it under my house, and guard it with a gun! Beat that!
Actually, you can under Linux. It's not pretty, but it works pretty well. I have Webgear Aviator cards: one in an ISA pcmcia desktop bay and one in my Libretto. What you do is on boot put an ethernet card and the wireless pcmcia card both into promisc mode and run the BRCFG utility. The details are in the BRIDGE-howto. I ran into a problem where the remote machine couldnt see the bridge (my fileserver... DOH!) but could see everything past it, so I added another NIC and another IP and it worked fine. I detailed how I did this on my little YALP on our webpage. Oh yeah, if you do this dont eject the desktop card or hell breaks loose:)
but Breezecom has some products you might want to look at. I've never used these specific ones, but I love Breecom's stuff. You DID say low cost, which this not, but some things to do have to pay for, and having a PC out in the elements isnt going to be easy. Check out http://www.breezecom.com/Products/Antennas/ant_acc ess_overview.htm and look at the ODB1 box and the PI-CAT5. The PI-CAT5 actually runs the 5 volts it needs to run the access point over the cat 5 as well as the data. This makes the distance you can run the cables much much longer.
I also love the idea of the guerilla net. If it ever becomes a reality near me, I've got some 2.4 ghz nodes I'd gladly help out with. I just have some severe doubts about this taking off. Create a nationwide encrypted anonymous network and offer it to the public and I can almost guarantee you'll be paid a visit. It's a risk I'd take to try to help, but I think that factor will keep a LOT of people from even considering working on the project. Fear is a very powerful weapon.
That's precisely what I was curious about. I dont understand how the FBI or any other three letter agency can force an ISP to disrupt service over a perceived threat. If it's a vhost and the ISP decides they dont want any part in it, that's easy, a conf file will be edited. But disconnecting a whole subnet? That would sure suck. My reason for wondering is this: I've been considering offering hosting for open source projects within my domain that simply need a home for no charge. I've been wondering what the consequences could be (I saw what went on with DeCSS). Having my whole subnet cut off because I stood my ground on freedom of speech for a third party could be (to put it MILDLY) a pain in the ass. I want to help, but I dont have as many guns as they do.;)
This is a HORRIBLE precedent. This needs mirroring.
I'm extremely curious about how it got taken down though. I'm assuming a vhost? What happens if you run your own server (like I do)? Do guys in trenchcoats who talk to their watches show up at your door? (good luck at MY door:P)
is why Network Associates is referred to as being able to weigh in with their opinion. I personally think they showed us their opinion when they became members of the Key Recovery Alliance (http://www.kra.org). After I saw they had joined, we promptly banned all Network Associates products in our offices. Does this not bother anyone else?
Hehe damnit, I'm a long time geek, and I'm a pretty damn good shot in real life:P Not all of us wear pocket protectors (damn those 80's movies!). Some of us are long haired tattooed weirdos with earrings and attitudes!
*waiting for the van outside the house with the label Flowers By Irene on the side after this post:)*
I'm completely off topic here, but MAN, I had never felt old until I read you played Wolfenstein at seven. Okay, hand me my teeth and I'll get on with my life:)
But as far as my.01 (that's two cents after US income taxes) I think that if a video game affects a kid in a violent way, the video game wasnt the original problem.
That's it! I'm gonna start a site that watches the people who watch the Echelon people who are watching you watch me watch the people who watch the echelon people.
I think I have officially lost my mind. I'll be back in a bit.
Ah yes, but what about a beowulf cluser of AC's? Let see... a car battery, a bunch of jumper cables, a kiddie pool, and some duct tape might do the job...
Hrm, maybe I'm totally misinformed. I guess I need to actually try disconnecting a server:) I was under the impression that it would look it up again, as I've seen ftp clients look up one, fail, and grab the next. I've seen command line ftp do this for "ftp.us.kernel.org". Perhaps it's application specific. Anyone know how web browsers handle this?
RAID may be overkill for a small website, but outages are not acceptable if you are small or big. My opinion is the best method is at least two webservers with synchronized content with a round-robin DNS entry. This way even if one physically explodes, the other can manage fine.
On the other hand, RAID never hurts. RAID is our friend:)
I will totally agree that a PIII is not needed. A few P-233's should do the trick for a while.
One thing that most (good) ISPs will do is be the primary nameserver for your domain with your nameserver as the second, but with updating going from the second to the primary. This keeps most nslookups off your subnet, reducing traffic. Did that make sense? Damn, I hope so:P
Informative? Ouch. Opinionated maybe, but informative, no. Oh well, as long as we're off topic, I'll join in....
You can have my gun the day after I give up my crypto, which is scheduled to take place the day after... no wait I'm busy that day... make it the week after hell freezes over.
It's not today they are worried about, it's tomorrow. IPV6 will make these things more difficult, and I have a feeling this sort of thing may be part of the delay. Yes, it's easy to sniff network traffic at the moment, and I'm sure it is sniffed. But what if that changes? I'm all for it, but others are not:P
As far as who is going to upgrade software that facilitates snooping, how many end users (read: Windows/Mac OS users) do you know that would actually understand that the upgrade they need to deal with the new systems compromises anything?
Hey, if AOL can be sued for not being blind friendly, I say we sue Slashdot on the behalf of the color blind! I mean really, if the color blind cant benefit from the new colors, a lawsuit is in order! Okay, enough insensitive bastard rants from me for the moment. *grin*
Wow, I REALLY like the IR transfer of keys idea for phones. Meet in person once, be secure on the phone from then on! I hadn't thought of that one. Unfortunately I cant see any company wanting to implement it due to the probability that you would probably be paid a visit if you tried...
*AHEM* Network Associates is a member of the Key Recovery Alliance. Check them out: http://www.kra.org. I wont touch anything those fools claim is secure.
I hadnt even thought of a GUI. I dont put X on my servers, just workstations, so everything server related in my brain is text. I can see where a GUI would help some people. Guess I was just flying on autopilot:)
Slashdot Mirror
I personally think the real y2k problem for me is going to be the endless number of phone calls, knocks on my office door, and my name being yelled in order to tell me that they have a y2k problem. I predict Excel crashes will be blamed on y2k (even though it did the same thing in 1999), blue screens, slow loading web pages, printers out of paper, dogs that pee in the house, stubbed toes, etc...
I have a solution. I call my fellow BOFH's to follow suit. Tomorrow I am going to a sporting goods store to buy a ping pong paddle that will be boldly marked "THE Y2K SMACK". It will be in my posession at all times. Blame y2k on something dumb, and SMACK!
Any other suggestions of what to do to the users would be appreciated *grin*
I set up a friend's MediaOne cable modem recently. I made the firewall a RedHat 6.1 machine, and pumpd works fine. If you're using Redhat, try it by hand. pump -i eth0 and watch your syslog. I use pump when I freelance at a couple of companies that use dhcp.
What do you mean you cant gain root access remotely? Remember getadmin.exe? Of course you can be root remotely. In fact, there are a LOT of useful administration tools that work remotely for domains as root (well, administrator, but that's besides the point).
My NT box is plenty secure. All I had to to was add all the patches, take the network card out, remove the power cable, seal it in an airtight lead box, bury it under my house, and guard it with a gun! Beat that!
Actually, you can under Linux. It's not pretty, but it works pretty well. I have Webgear Aviator cards: one in an ISA pcmcia desktop bay and one in my Libretto. What you do is on boot put an ethernet card and the wireless pcmcia card both into promisc mode and run the BRCFG utility. The details are in the BRIDGE-howto. I ran into a problem where the remote machine couldnt see the bridge (my fileserver... DOH!) but could see everything past it, so I added another NIC and another IP and it worked fine. I detailed how I did this on my little YALP on our webpage. Oh yeah, if you do this dont eject the desktop card or hell breaks loose :)
but Breezecom has some products you might want to look at. I've never used these specific ones, but I love Breecom's stuff. You DID say low cost, which this not, but some things to do have to pay for, and having a PC out in the elements isnt going to be easy. Check out http://www.breezecom.com/Products/Antennas/ant_acc ess_overview.htm and look at the ODB1 box and the PI-CAT5. The PI-CAT5 actually runs the 5 volts it needs to run the access point over the cat 5 as well as the data. This makes the distance you can run the cables much much longer.
Amazing technology, but all I can think of is evil thoughts of hiding it around the house to scare the hell out of my wife and cats. Damn I'm sick :)
I also love the idea of the guerilla net. If it ever becomes a reality near me, I've got some 2.4 ghz nodes I'd gladly help out with. I just have some severe doubts about this taking off. Create a nationwide encrypted anonymous network and offer it to the public and I can almost guarantee you'll be paid a visit. It's a risk I'd take to try to help, but I think that factor will keep a LOT of people from even considering working on the project. Fear is a very powerful weapon.
That's precisely what I was curious about. I dont understand how the FBI or any other three letter agency can force an ISP to disrupt service over a perceived threat. If it's a vhost and the ISP decides they dont want any part in it, that's easy, a conf file will be edited. But disconnecting a whole subnet? That would sure suck. My reason for wondering is this: I've been considering offering hosting for open source projects within my domain that simply need a home for no charge. I've been wondering what the consequences could be (I saw what went on with DeCSS). Having my whole subnet cut off because I stood my ground on freedom of speech for a third party could be (to put it MILDLY) a pain in the ass. I want to help, but I dont have as many guns as they do. ;)
This is a HORRIBLE precedent. This needs mirroring.
:P)
I'm extremely curious about how it got taken down though. I'm assuming a vhost? What happens if you run your own server (like I do)? Do guys in trenchcoats who talk to their watches show up at your door? (good luck at MY door
is why Network Associates is referred to as being able to weigh in with their opinion. I personally think they showed us their opinion when they became members of the Key Recovery Alliance (http://www.kra.org). After I saw they had joined, we promptly banned all Network Associates products in our offices. Does this not bother anyone else?
Hehe damnit, I'm a long time geek, and I'm a pretty damn good shot in real life :P Not all of us wear pocket protectors (damn those 80's movies!). Some of us are long haired tattooed weirdos with earrings and attitudes!
:)*
*waiting for the van outside the house with the label Flowers By Irene on the side after this post
I'm completely off topic here, but MAN, I had never felt old until I read you played Wolfenstein at seven. Okay, hand me my teeth and I'll get on with my life :)
.01 (that's two cents after US income taxes) I think that if a video game affects a kid in a violent way, the video game wasnt the original problem.
But as far as my
Okay, so my spelling sucks tonight. Dont drink and slashdot kids, it only leads to disaster. Hey, we need a misfit mascot for this motto!
That's it! I'm gonna start a site that watches the people who watch the Echelon people who are watching you watch me watch the people who watch the echelon people.
I think I have officially lost my mind. I'll be back in a bit.
Ah yes, but what about a beowulf cluser of AC's? Let see... a car battery, a bunch of jumper cables, a kiddie pool, and some duct tape might do the job...
Hrm, maybe I'm totally misinformed. I guess I need to actually try disconnecting a server :) I was under the impression that it would look it up again, as I've seen ftp clients look up one, fail, and grab the next. I've seen command line ftp do this for "ftp.us.kernel.org". Perhaps it's application specific. Anyone know how web browsers handle this?
RAID may be overkill for a small website, but outages are not acceptable if you are small or big. My opinion is the best method is at least two webservers with synchronized content with a round-robin DNS entry. This way even if one physically explodes, the other can manage fine.
:)
:P
On the other hand, RAID never hurts. RAID is our friend
I will totally agree that a PIII is not needed. A few P-233's should do the trick for a while.
One thing that most (good) ISPs will do is be the primary nameserver for your domain with your nameserver as the second, but with updating going from the second to the primary. This keeps most nslookups off your subnet, reducing traffic. Did that make sense? Damn, I hope so
Informative? Ouch. Opinionated maybe, but informative, no. Oh well, as long as we're off topic, I'll join in....
You can have my gun the day after I give up my crypto, which is scheduled to take place the day after... no wait I'm busy that day... make it the week after hell freezes over.
It's not today they are worried about, it's tomorrow. IPV6 will make these things more difficult, and I have a feeling this sort of thing may be part of the delay. Yes, it's easy to sniff network traffic at the moment, and I'm sure it is sniffed. But what if that changes? I'm all for it, but others are not :P
As far as who is going to upgrade software that facilitates snooping, how many end users (read: Windows/Mac OS users) do you know that would actually understand that the upgrade they need to deal with the new systems compromises anything?
Hey, if AOL can be sued for not being blind friendly, I say we sue Slashdot on the behalf of the color blind! I mean really, if the color blind cant benefit from the new colors, a lawsuit is in order! Okay, enough insensitive bastard rants from me for the moment. *grin*
Wow, I REALLY like the IR transfer of keys idea for phones. Meet in person once, be secure on the phone from then on! I hadn't thought of that one. Unfortunately I cant see any company wanting to implement it due to the probability that you would probably be paid a visit if you tried...
*AHEM*
Network Associates is a member of the Key Recovery Alliance. Check them out: http://www.kra.org. I wont touch anything those fools claim is secure.
I'm a passionate Mac hater due to small details like... oh I dunno.. MAC OS!@#!@#! and having to support it on a mostly Windows network.
/me hides and waits for the the Mac greeblies to attack! Sorry. After rebooting it a few times today, it had to be said. (Score 0: Offtopic)
I hadnt even thought of a GUI. I dont put X on my servers, just workstations, so everything server related in my brain is text. I can see where a GUI would help some people. Guess I was just flying on autopilot :)