Given the difficulty I have in remembering to keep my hotmail accounts alive, I'd probably not have a much better time remembering to tell the dead man switch that I wasn't dead.
I can see the distressed look on my Mom's face already when she recieves a copy of my doomsday manifesto^H^H^H^H^H^H^Hlast will and testiment!
Companies' action vs. citizens' action. There really is a difference. With citizens who laugh at ideals, who needs a constitution, anyway?
The original poster stated that sysadmins should start blocking their sites out. You have deamed this a "citizen's" action. However, that's true only if they block their own personally owned sites. If say, you're a sysadmin running a corporate web site(s) and you take such actions, it is no longer a "citizen" action. If a sysadmin were to take such steps without the consent of the company, they would most likely be fired--see my "laughed out on your ass" comment.
If you are blinded by your ideals, you'll be smacked by reality every time, proving that you are a fairly ineffectual idealist. If you present balanced ideals with real world solutions, you're much likely to be taken seriously.
You probably have no concept of what I'm saying, so please put your tin foil hat back on, and rest assured that "you told me."
As we all know, censorship is probably in the top three major internet offences.
So, I propose that any country censoring its citizens internet (Australia, Singapore, China, Zimbabwe, listen up) should be denied access to your machines.
You job, as a sysadmin who cares for the internet, is to block these countries from accessing your servers.
When they get tired of being stuck in their own sandbox and choose to fix their broken laws, unblock them. If they decide they don't want to do anything about it, fine, its their bed, let them lie in it.
So...you've not really run any web site bigger than the one you run with pictures of your cat, eh? Seriously, "ideals" are fine, but given the realities of the world, this would get you laughed out on your ass in most companies.
Givng Apache 24 hours to make a bug fix imposed an unreasonable deadline, and also encouraged the fix to be quick and dirty. Any time code is patched, it could cause other bugs to show, or introduce new ones. Developers need a certain amount of time to do testing once changes are made to make sure they didn't break anything! Kudos to the apache developers for meeting the deadline, but anti-kudos to (i'm not sure who) those imposed it.
You kind-of missed how this went down. Nobody "imposed" a 24-hour window for the bug to be fixed. Had IIS not been a bunch of boneheads and prematurely (as in ejaculation) released information regarding the vulnerability, the programmers involved could've taken a little bit more time to develop the fix, ensuring better quality.
The commendations re: the 24-hour turn around is simply referencing the ability of a lose-knit group of open source programmers to rapidly respond to a bad situation. Had Microsoft been in the same spot (they have been before--people have screwed them, too--and they most certainly will be again) it still would've taken them a lot longer to kick out the fix, and even longer to get it into their distribution channels.
The key never leaves the box, and the co-host should erase it's copy of the key and shutdown on any unexpected network activity (like an attempt to log-in). If you're really paranoid, have it also look for patterns in the access and die if anything unexpected show up - or return bogus, flagged test data (i.e. a list of bogus credit card numbers in stead of real ones).
That's an OK idea in a theoretical sense, but not from a practical commerical view point. Most applications have a requirement to fail gracefully, and just having your data handler die kind-of sucks from an administrative point of view.
Instead, perhaps a better solution would be to provide a selective lockout mechanism which would block accesses to certain bits of information (those that were trying to be cracked) or access to/from certain clients (a specific web session in the PHP sense of the word.)
Having your entire app die would be the same as if someone (you, in this case) DOS'ed your site. If I was your client, and that was your solution, I'd be hard pressed not to move my business elsewhere.
As with most security related topics, depth layered solutions are best. Of course, design your network and connectivity with least access in mind--i.e. the database server itself is never directly accessible via the Internet, or even your first layer of permimeter defense. Typically, only http and https are externally acessible, with perhaps a few others like DNS, and FTP.
Usually your database will either be accessed by your web servers directly, or through an application server. Limit access to your database explicity to these addresses, through both the database configuration, and, if possible, IP-level configuration (like iptables in Linux). For each client connecting to the database (be them web servers or application servers) have then use unique password keys (and users, too, for that matter.)
Finally down at the application layer (we've done network, and server layers so far) you need to be more careful than ever. First, do the obvious, don't store sensitive material (read: credit cards) in plain text ANYWHERE. At list build in some kind of cipher key (crypt, if nothing else) that will encode the data in the database. If possible, you may want to look at more elaborate schemes for storing data in such a fashion. Beware, this is the piece of the puzzle that many will spend a lot of time focusing on, which is good, but not the whole shebang. Also note, any fields that you store encrypted, you will not be able to use easily as an index field.
Another oft forgotten place to focus on, is in the tools that you use for manipulating and storing the data. Everything above is worthless, if you have a careless programmer who writes a utilitiy that doesn't sanatize user input prior to executing an SQL query. A tremendous amount of the hacks you see out there are due to tools like these that are very vulnerable to misuse--since they were designed to have the ability to access your data, your security measures are for naught.
Make sure your programmers understand how the data is being stored both in the database, and the computer (ie. buffers, sanatized user input fields, etc...)
These are by no way complete, just thoughts of things I've had to deal with in the past while facing similar issues. Hope they help.
Here's another advantage: server blades using the TMTA processor are already a readily available commodity device. Me thinks a big part of the paper(s) was the fact that these were off the shelves devices that they used to build the Green Destiny.
Others make Intel server blades, but I don't think I've seen any that are based on ARM.
I think that goes a lot of the way towards answering your original question.
As the industry matures, most have figured out that thinking this way is a Bad Thing(tm). That is, painting yourself into a corner than you cannot get (or upgrade) yourself out of is what is insane.
The market will provide what the market demands. Right now, this is the continuing competition of vendors in the consumer market.
There are large groups that have woken up to the fact that the hardware they've run 'x' on is no longer available, and have even realized that pigeonholing themselves into such a solution is tremendously costly down the road, which is why they've begun to look at what is available in the consumer market, and how they can leverage it for better future maintenence, support, etc...
This is why you see organizations like the US Armed Forces evaluating PC-based solutions for a wide variety of battle and non-battle worthy applications. The fact of the matter is that, rather than designing closed systems, in many cases its better to use what is readily available and used in the market. And, more importantly, designing things with EOL (end-of-life) in mind, with an upgradable exit plan in mind.
Asking the market to slow itself down, against the continued demand for such leaps in performance and capabilities, is like pissing into a firehose--it may give you that warm cuddly feeling of trying speak up against the evils of a capitalist society, but you still just end up wet, covered in your own pee.
Linux is too small right now, but maybe they will get bought by HPaq!
Curious, exactly what would you be purchasing to get Linux? Short of Linus' soul, one cannot simply go out and buy to own Linux whole. It is possible to purchase or develop a distriubtion of Linux, but not the whole shebang.
What would, perhaps, be interesting is to see HPQ purchase a Linux distro like RedHat, and leverage it to boost Linux, but given recent history that is not a guaranteed success for either Linux OR HPQ.
Is a parent corpoeration responsable for every paperclip or internal policy at a subsidiary, even wholly owned? Is it reasonable to blame ITT or Textron or WR Grace or any other big corporation for everything a subsidiary (or a subsidiary of a subsidiary of a subsidiary etc.) does?
Generally, as has been mentioned previously, liability would depend on how much the parent company knows re: the actions of a subsidiary. From the sound of it, this licensing situation goes beyond paperclips, and MS seems to have had specific knowledge of the situation, since they certainly knew about the company backing out.
I agree with you...doesn't really matter, and I certainly don't care. The only thing that caught my eye was the overall disclaimer of the responsibility of a parent company for its subsidiaries. I am a right-brain word fettishist so I just _love_ to argue symantics!;)
Any IP violations were pretty much Softimage-responsability and not their corporate masters du jure.
Hmm...how does that work, exactly? They were wholly owned by Microsoft, so doesn't that make them responsible for decisions made during this period of ownership?
Although Softimage had its own leadership within the company, they were owned by MS, so I don't get how they couldn't be found liable.
I really don't give a rat's ass about this issue at hand, but was just kind-of curious about that statement.
I'll cut slack only in that once the initial weekend numbers are in (read: Friday night) they can predict with scary accuracy what the numbers are going to be for the remainder of the weekend. The movie going public is fairly predictable as a whole, and given their analysis base (read: data collected for the past..umm..six decades--give or take a decade or so) I'm not too surprised.
Given a large enough statistical base, you can predict a lot of things pretty accurately. Guarantees, no...predicitions, yes.
Yeah, OK...I seemed to have bit on a troll. Sad, really.
However, I think it's funny that you're actually defending the troll'er!;)
As for the symantics of networks (ie. a Windows XP network) it would be more apropos to refer to is as a network of Windows XP machines, or a network of Unix machines. There is no such thing as a "Windows XP Network."
Again, a "series of interconnected Windows XP machines," yes.
I'll refrain from biting any futher into your teenage'ish taunting--I've got better things to do, like running a multimillon dollar network of interconnected Windows 2K/XP, Linux, SGI, and Suns.
Very recently the head of our IT department decided that we were going to switch every one of our networks over to Windows XP Professional.
Windows is an Operating System, not a network. Your network probably "runs" TCP/IP, Netbios, and a handful of other protocols. Windows runs on desktops, laptops, and servers.
he decided to change all of the Computer Administrator passwords on a few of the XP Professional boxes sitting around in the server room. This caused absolute havoc, as Dell had failed to send along administrator passwords for the new boxes. Our company could not make use of these computers for three days. It took Dell that long to get us the administrator passwords.
This last paragraph is a touch more concerning...first of any Windows box I've purchased from Dell, or others, have no administrator password, or are set to "admin". Why would Dell have set specific passwords for your systems? I'm just a little bit confused.
On a related point, even for those systems that come pre-installed with an OS, it's [my] standard practice to bare-iron re-install from scratch. I'm not a huge fan of MS (quite the opposite), however, in the hands of someone who has a solid understanding in operating systems, it IS possible to build a stable Windows box. I have an NT 4 server, running a database, and a mail exchange, that has an uptime of 94 days. It was rebooted for a disk addition. It was up 86 days prior to that (it's installation date.)
That said, I prefer and use Linux and Solaris much more frequently, and, unlike the windows example above, am not surprised by the continued uptime of my hosts!;)
Now, I've gotta ask...why did you just sit at your desk waiting for the bad news?? I've (and my VP) have recieved visits from MS cronies in the past. The thing is, those people are sales/marketing weenies. Get in on the meeting, and use your own skills to ask very pointed questions. Its not very difficult to run circles around these droids. Keep it calm, polite, and just bury them in the technical truths which they simply cannot refute. If they try to call you a "Linux zealot" you know you're on the right track, and they're in the process of losing their cool. As long as you keep it together, and don't let them change the topic, I've found that its pretty easy to expose others in my company to MS's shortcomings...right in front of MS folks themselves.
If you just sit back and let non-techs make tech decisions without, at least, making them aware of the ramifications of such things, then you really can't blame them. Its kind-of what they say about voting, right? If you don't vote, you don't have the right to complain?
Now, if you work in a super huge corporation where such things are a fact of life, I'm sorry, and you probably don't have a choice. Well...other than to extract yourself from between Mr. Rock, and Mr. Hardplace.
Ok, here's another analogy with cars, perhaps a bit more apropros...
You buy you new shiny car, and go to pick it up. It's in a garage. You leave, but rather than taking the, umm, more conventional exit, you drive through the concrete wall six feet to the left. Your car stops working, probably because of the sections of rebar sticking out from the engine block. Now you complain to the dealer ship that you're car is busted, and it doesn't matter that you didn't use their "supported" exit.
I really like that analogy.;)
I'm not saying that the ISP won't lose customers because they don't want to support users using OpenNIC. I'm saying that, from a business perspecive, I could understand them deciding not to worry about the small segment of users who need extra support in deference to supporting their core customer base.
If this happens to you, then leave. Take your money elsewhere by all means.
But, don't be surprised if the next ISP won't necessarily bend to your every whim, either.
We are saying the same thing, so let's just stop, and move on to other slashdot stories!;)
Not quite. The comparison you've made is a bit broken. It would be more appropriate to say that this user is making a modification to the "product" and still expecting the same warantee to exist. I'm sorry, but I've I replace the steering column (ie. change the DNS) and then the car looses control because of a lose bolt, I hit a telephone pole, and injure myself...I have no business claiming that it was the car companies fault.
The different highway comparison is not relevant, as he is still using the same transport method as provided in the "product."
Good gravy, I'm done now. And, I'm really damned sorry that I ever even bothered to ask the silly user to explain what the hell he was meant.
Dude, I do understand what you're saying, however, it's nothing new. Oh, and I'd love for you to pull out your service agreement and point out where it says you're buying "internet routing, using the internet protocol." First off, wtf is "internet routing?" Network routing, yes, but Internet routing?
Look, you are very close to understanding my point, and even being able to techno-literately describe your situation. Let me put my point in a more simpler manner--in the words of the immortal Spock: "the needs of the many out weigh the needs of the few...or the one."
So, unless you've got Capt. Kirk and his band of Merry Men ready to save your ass, you're stuck.
So, all that said, you'll either get it by now, or not. Regarless, it's not worth another minute of my time. So...moving on, already.
The problem I'm having is that, because I have to rely on the proxy's DNS to resolve a web hostname, I can't get certain HTTP requests to certain hosts.
The specific example that I mentioned is the "http://www.dev.null" URL, but there are loads of other examples. In particular, "http://www.dev.null" is a completely valid URL that points to, well, the dev.null site. To resolve the URL into a host IP number to connect to, you have to be using the openNIC DNS tree (.null isn't supported by ICANN).
[..snip..snip..]
My ISP reacted sort-of the way you just did: "well, if you're not using DNS, you're out of luck, pal." But that's Wrong. If they had an explicit proxy server and I had some choice about what happened to my packets, that would be OK -- but they don't. All of my port-80 packets are being intercepted by a piece of buggy 'ware. That (A) breaks the layered structure of the IP protocol, and (B) prevents me from accessing big chunks of webspace that I'd like to use.
Ok, so like I said earlier, you broke your own service by using DNSs other than provided by your ISP. An ISP, whether it be your office IT group, or Earthlink, cannot possibly be expected every single possible variation in service that any single user could require--it's not technically (well...financially) feasible. Instead you target providing services that will fulfill the needs of 98% of their customer base. Trying to completely satisfy the remaining 2% would probably cost as much as supporting the entire remaining 98% all together. That is, the needs of the 2% are so widely varied that trying to come up with a generalized deployment that fits everyone's need would bankrupt them.
Given that you're the one who kind-of broke your own service, I'd have to say that the onus is on you, actually, to find a work around. Which, I guess is what you're trying to do in submitting the Ask Slashdot topic.
I'm sorry if your ISP tech support didn't give you the touchy feelies when you called and complained that you broke your service. I do, in fact understand your frustrations, but have enough experience to also understand that there are limitations as to what a company targets when providing a service--same is true regardless of industry. If that were not true, then there'd be some spiffy newspaper that everyone on the planet read. But, for obvious reasons, it doesn't exist.
If you're really upset with the response they gave you, vote the only way you can, with your $$. However, don't be surprised if other companies can't fulfill your every single need. In fact, I've never even heard of a real ISP that supported OpenNIC zones.
I'm really not trying to give you a hard time. Just sharing with you some tough love. Better now, than later.;)
-buffy
PS. On a side note, I think that my first message in this thread was the first time I've ever been moderated as flamebait. Obviously, someone was smoking something. It was fun though...
"Broken" routing is what they've done, NOT what that decision has "broken" for you.
What I'm asking is to describe what you're seeing that doesn't work through the proxy. WHAT is broken? Are you having a problem connecting to a specific site, or collection of sites? Do certain streaming media not work? Come on, tell us what is wrong, so we can try to give you some proposed solutions.
Complaining that you disagree with the decision of your ISP is not the same thing as offering up a real description of the resulting issues that occur because of that decision.
I'm honestly very curious to hear, because I run such a proxy in my company's production networks, and sometimes my users are not actually the most vocal in telling my department if something is wrong. I'd like to hear what you're seeing.
The original post describes the prediciment that she/he is in, but doesn't even say what is broken, exactly!
From the submission, it actually appears that the proxy is working exactly as configured. The end user, however, is breaking things himself by using nameservers other than his ISP's. That can't be described as a failure of the ISP by any means.
Proxy servers add a lot of value to any network larger than, say your 3l33t home rig. The two main purposes I use them for are to reduce overall bandwidth usage, and to insert some level of malware protection. I've saved myself, and my company a lot of headaches by blocking silly virus code requests.
It's nice that the post managed to include links to RFC, etc... it's too bad that they don't seem to really have an understanding of how networks, specifically the Internet, works.
As others have commented there are plenty of alternative ways to get around this like SSH tunnels, VPNs, third-party proxies, etc...
Just my own little $0.02 worth of a rant. Please drive through.
Nice rant, but from the content in your posting, I'm not sure what that has to do, necessarily, with a proxy server. Seriously, do any certifications even exist for running a squid proxy? Come on...
Your rant, taken more as a statement of the lack of general competence is somewhat valid, but I just don't see the connection to this specific issue, other than obligitory karma whoring.
It is news when it is being bandied about in the mainstream press. That is what frequently gets the ball rolling in board rooms, congress, etc. So it is legitimate news.
Ok, a valid point. However, what was certainly not worthy of slashdot was the over-reactionary way that the story was posted and submitted. IMHO, the editor certainly should've used a little judgement, and just PERHAPS, read the linked article to understand that the submittor was still coming down off an acid trip--and just a touch paranoid.
Then again, from some of the comments I've recently read regarding many of the oversensationalized stories posted here, maybe it's exactly what slashdot thinks it wants.
Slashdot Mirror
Given the difficulty I have in remembering to keep my hotmail accounts alive, I'd probably not have a much better time remembering to tell the dead man switch that I wasn't dead.
I can see the distressed look on my Mom's face already when she recieves a copy of my doomsday manifesto^H^H^H^H^H^H^Hlast will and testiment!
The original poster stated that sysadmins should start blocking their sites out. You have deamed this a "citizen's" action. However, that's true only if they block their own personally owned sites. If say, you're a sysadmin running a corporate web site(s) and you take such actions, it is no longer a "citizen" action. If a sysadmin were to take such steps without the consent of the company, they would most likely be fired--see my "laughed out on your ass" comment.
If you are blinded by your ideals, you'll be smacked by reality every time, proving that you are a fairly ineffectual idealist. If you present balanced ideals with real world solutions, you're much likely to be taken seriously.
You probably have no concept of what I'm saying, so please put your tin foil hat back on, and rest assured that "you told me."
So...you've not really run any web site bigger than the one you run with pictures of your cat, eh? Seriously, "ideals" are fine, but given the realities of the world, this would get you laughed out on your ass in most companies.
Just my $0.02.
You kind-of missed how this went down. Nobody "imposed" a 24-hour window for the bug to be fixed. Had IIS not been a bunch of boneheads and prematurely (as in ejaculation) released information regarding the vulnerability, the programmers involved could've taken a little bit more time to develop the fix, ensuring better quality.
The commendations re: the 24-hour turn around is simply referencing the ability of a lose-knit group of open source programmers to rapidly respond to a bad situation. Had Microsoft been in the same spot (they have been before--people have screwed them, too--and they most certainly will be again) it still would've taken them a lot longer to kick out the fix, and even longer to get it into their distribution channels.
That's an OK idea in a theoretical sense, but not from a practical commerical view point. Most applications have a requirement to fail gracefully, and just having your data handler die kind-of sucks from an administrative point of view.
Instead, perhaps a better solution would be to provide a selective lockout mechanism which would block accesses to certain bits of information (those that were trying to be cracked) or access to/from certain clients (a specific web session in the PHP sense of the word.)
Having your entire app die would be the same as if someone (you, in this case) DOS'ed your site. If I was your client, and that was your solution, I'd be hard pressed not to move my business elsewhere.
-buffy
As with most security related topics, depth layered solutions are best. Of course, design your network and connectivity with least access in mind--i.e. the database server itself is never directly accessible via the Internet, or even your first layer of permimeter defense. Typically, only http and https are externally acessible, with perhaps a few others like DNS, and FTP.
Usually your database will either be accessed by your web servers directly, or through an application server. Limit access to your database explicity to these addresses, through both the database configuration, and, if possible, IP-level configuration (like iptables in Linux). For each client connecting to the database (be them web servers or application servers) have then use unique password keys (and users, too, for that matter.)
Finally down at the application layer (we've done network, and server layers so far) you need to be more careful than ever. First, do the obvious, don't store sensitive material (read: credit cards) in plain text ANYWHERE. At list build in some kind of cipher key (crypt, if nothing else) that will encode the data in the database. If possible, you may want to look at more elaborate schemes for storing data in such a fashion. Beware, this is the piece of the puzzle that many will spend a lot of time focusing on, which is good, but not the whole shebang. Also note, any fields that you store encrypted, you will not be able to use easily as an index field.
Another oft forgotten place to focus on, is in the tools that you use for manipulating and storing the data. Everything above is worthless, if you have a careless programmer who writes a utilitiy that doesn't sanatize user input prior to executing an SQL query. A tremendous amount of the hacks you see out there are due to tools like these that are very vulnerable to misuse--since they were designed to have the ability to access your data, your security measures are for naught.
Make sure your programmers understand how the data is being stored both in the database, and the computer (ie. buffers, sanatized user input fields, etc...)
These are by no way complete, just thoughts of things I've had to deal with in the past while facing similar issues. Hope they help.
-buffy
Which was, of course, 42!
Yes, is certainly could, but I don't think anyone has--so the answer to your actual question remains. ;)
-buffy
Here's another advantage: server blades using the TMTA processor are already a readily available commodity device. Me thinks a big part of the paper(s) was the fact that these were off the shelves devices that they used to build the Green Destiny.
Others make Intel server blades, but I don't think I've seen any that are based on ARM.
I think that goes a lot of the way towards answering your original question.
ObDisclaimer: I work for RLX.
As the industry matures, most have figured out that thinking this way is a Bad Thing(tm). That is, painting yourself into a corner than you cannot get (or upgrade) yourself out of is what is insane.
The market will provide what the market demands. Right now, this is the continuing competition of vendors in the consumer market.
There are large groups that have woken up to the fact that the hardware they've run 'x' on is no longer available, and have even realized that pigeonholing themselves into such a solution is tremendously costly down the road, which is why they've begun to look at what is available in the consumer market, and how they can leverage it for better future maintenence, support, etc...
This is why you see organizations like the US Armed Forces evaluating PC-based solutions for a wide variety of battle and non-battle worthy applications. The fact of the matter is that, rather than designing closed systems, in many cases its better to use what is readily available and used in the market. And, more importantly, designing things with EOL (end-of-life) in mind, with an upgradable exit plan in mind.
Asking the market to slow itself down, against the continued demand for such leaps in performance and capabilities, is like pissing into a firehose--it may give you that warm cuddly feeling of trying speak up against the evils of a capitalist society, but you still just end up wet, covered in your own pee.
Curious, exactly what would you be purchasing to get Linux? Short of Linus' soul, one cannot simply go out and buy to own Linux whole. It is possible to purchase or develop a distriubtion of Linux, but not the whole shebang.
What would, perhaps, be interesting is to see HPQ purchase a Linux distro like RedHat, and leverage it to boost Linux, but given recent history that is not a guaranteed success for either Linux OR HPQ.
Just my $0.02.
Generally, as has been mentioned previously, liability would depend on how much the parent company knows re: the actions of a subsidiary. From the sound of it, this licensing situation goes beyond paperclips, and MS seems to have had specific knowledge of the situation, since they certainly knew about the company backing out.
I agree with you...doesn't really matter, and I certainly don't care. The only thing that caught my eye was the overall disclaimer of the responsibility of a parent company for its subsidiaries. I am a right-brain word fettishist so I just _love_ to argue symantics! ;)
Hmm...how does that work, exactly? They were wholly owned by Microsoft, so doesn't that make them responsible for decisions made during this period of ownership?
Although Softimage had its own leadership within the company, they were owned by MS, so I don't get how they couldn't be found liable.
I really don't give a rat's ass about this issue at hand, but was just kind-of curious about that statement.
ROTFLMAO!
I think that has got to be one of the best Office Space references I've seen made.
I'm surprised we haven't heard more about HPQ employees threatening to set the building(s) on fire.
Sadly, not nearly as clever, but then again, I'm kind-of drunk now, so...
I'd better just step away from the keyboard now.
Ahh, I admire your skepticism.
I'll cut slack only in that once the initial weekend numbers are in (read: Friday night) they can predict with scary accuracy what the numbers are going to be for the remainder of the weekend. The movie going public is fairly predictable as a whole, and given their analysis base (read: data collected for the past..umm..six decades--give or take a decade or so) I'm not too surprised.
Given a large enough statistical base, you can predict a lot of things pretty accurately. Guarantees, no...predicitions, yes.
Just my $0.02.
-buffy
Yeah, OK...I seemed to have bit on a troll. Sad, really.
;)
;)
However, I think it's funny that you're actually defending the troll'er!
As for the symantics of networks (ie. a Windows XP network) it would be more apropos to refer to is as a network of Windows XP machines, or a network of Unix machines. There is no such thing as a "Windows XP Network."
Again, a "series of interconnected Windows XP machines," yes.
I'll refrain from biting any futher into your teenage'ish taunting--I've got better things to do, like running a multimillon dollar network of interconnected Windows 2K/XP, Linux, SGI, and Suns.
OMG, I just did it again, didn't I???
Ciao
Very recently the head of our IT department decided that we were going to switch every one of our networks over to Windows XP Professional.
Windows is an Operating System, not a network. Your network probably "runs" TCP/IP, Netbios, and a handful of other protocols. Windows runs on desktops, laptops, and servers.
he decided to change all of the Computer Administrator passwords on a few of the XP Professional boxes sitting around in the server room. This caused absolute havoc, as Dell had failed to send along administrator passwords for the new boxes. Our company could not make use of these computers for three days. It took Dell that long to get us the administrator passwords.
This last paragraph is a touch more concerning...first of any Windows box I've purchased from Dell, or others, have no administrator password, or are set to "admin". Why would Dell have set specific passwords for your systems? I'm just a little bit confused.
On a related point, even for those systems that come pre-installed with an OS, it's [my] standard practice to bare-iron re-install from scratch. I'm not a huge fan of MS (quite the opposite), however, in the hands of someone who has a solid understanding in operating systems, it IS possible to build a stable Windows box. I have an NT 4 server, running a database, and a mail exchange, that has an uptime of 94 days. It was rebooted for a disk addition. It was up 86 days prior to that (it's installation date.)
That said, I prefer and use Linux and Solaris much more frequently, and, unlike the windows example above, am not surprised by the continued uptime of my hosts! ;)
Now, I've gotta ask...why did you just sit at your desk waiting for the bad news?? I've (and my VP) have recieved visits from MS cronies in the past. The thing is, those people are sales/marketing weenies. Get in on the meeting, and use your own skills to ask very pointed questions. Its not very difficult to run circles around these droids. Keep it calm, polite, and just bury them in the technical truths which they simply cannot refute. If they try to call you a "Linux zealot" you know you're on the right track, and they're in the process of losing their cool. As long as you keep it together, and don't let them change the topic, I've found that its pretty easy to expose others in my company to MS's shortcomings...right in front of MS folks themselves.
If you just sit back and let non-techs make tech decisions without, at least, making them aware of the ramifications of such things, then you really can't blame them. Its kind-of what they say about voting, right? If you don't vote, you don't have the right to complain?
Now, if you work in a super huge corporation where such things are a fact of life, I'm sorry, and you probably don't have a choice. Well...other than to extract yourself from between Mr. Rock, and Mr. Hardplace.
Ok, here's another analogy with cars, perhaps a bit more apropros...
;)
;)
You buy you new shiny car, and go to pick it up. It's in a garage. You leave, but rather than taking the, umm, more conventional exit, you drive through the concrete wall six feet to the left. Your car stops working, probably because of the sections of rebar sticking out from the engine block. Now you complain to the dealer ship that you're car is busted, and it doesn't matter that you didn't use their "supported" exit.
I really like that analogy.
I'm not saying that the ISP won't lose customers because they don't want to support users using OpenNIC. I'm saying that, from a business perspecive, I could understand them deciding not to worry about the small segment of users who need extra support in deference to supporting their core customer base.
If this happens to you, then leave. Take your money elsewhere by all means.
But, don't be surprised if the next ISP won't necessarily bend to your every whim, either.
We are saying the same thing, so let's just stop, and move on to other slashdot stories!
-buffy
Not quite. The comparison you've made is a bit broken. It would be more appropriate to say that this user is making a modification to the "product" and still expecting the same warantee to exist. I'm sorry, but I've I replace the steering column (ie. change the DNS) and then the car looses control because of a lose bolt, I hit a telephone pole, and injure myself...I have no business claiming that it was the car companies fault.
The different highway comparison is not relevant, as he is still using the same transport method as provided in the "product."
Good gravy, I'm done now. And, I'm really damned sorry that I ever even bothered to ask the silly user to explain what the hell he was meant.
-buffy
Look, you are very close to understanding my point, and even being able to techno-literately describe your situation. Let me put my point in a more simpler manner--in the words of the immortal Spock: "the needs of the many out weigh the needs of the few...or the one."
So, unless you've got Capt. Kirk and his band of Merry Men ready to save your ass, you're stuck.
So, all that said, you'll either get it by now, or not. Regarless, it's not worth another minute of my time. So...moving on, already.
-buffy
The problem I'm having is that, because I have to rely on the proxy's DNS to resolve a web hostname, I can't get certain HTTP requests to certain hosts.
The specific example that I mentioned is the "http://www.dev.null" URL, but there are loads of other examples. In particular, "http://www.dev.null" is a completely valid URL that points to, well, the dev.null site. To resolve the URL into a host IP number to connect to, you have to be using the openNIC DNS tree (.null isn't supported by ICANN).
[..snip..snip..]
My ISP reacted sort-of the way you just did: "well, if you're not using DNS, you're out of luck, pal." But that's Wrong. If they had an explicit proxy server and I had some choice about what happened to my packets, that would be OK -- but they don't. All of my port-80 packets are being intercepted by a piece of buggy 'ware. That (A) breaks the layered structure of the IP protocol, and (B) prevents me from accessing big chunks of webspace that I'd like to use.
Ok, so like I said earlier, you broke your own service by using DNSs other than provided by your ISP. An ISP, whether it be your office IT group, or Earthlink, cannot possibly be expected every single possible variation in service that any single user could require--it's not technically (well...financially) feasible. Instead you target providing services that will fulfill the needs of 98% of their customer base. Trying to completely satisfy the remaining 2% would probably cost as much as supporting the entire remaining 98% all together. That is, the needs of the 2% are so widely varied that trying to come up with a generalized deployment that fits everyone's need would bankrupt them.
Given that you're the one who kind-of broke your own service, I'd have to say that the onus is on you, actually, to find a work around. Which, I guess is what you're trying to do in submitting the Ask Slashdot topic.
I'm sorry if your ISP tech support didn't give you the touchy feelies when you called and complained that you broke your service. I do, in fact understand your frustrations, but have enough experience to also understand that there are limitations as to what a company targets when providing a service--same is true regardless of industry. If that were not true, then there'd be some spiffy newspaper that everyone on the planet read. But, for obvious reasons, it doesn't exist.
If you're really upset with the response they gave you, vote the only way you can, with your $$. However, don't be surprised if other companies can't fulfill your every single need. In fact, I've never even heard of a real ISP that supported OpenNIC zones.
I'm really not trying to give you a hard time. Just sharing with you some tough love. Better now, than later. ;)
-buffy
PS. On a side note, I think that my first message in this thread was the first time I've ever been moderated as flamebait. Obviously, someone was smoking something. It was fun though...
Moving on...
"Broken" routing is what they've done, NOT what that decision has "broken" for you.
What I'm asking is to describe what you're seeing that doesn't work through the proxy. WHAT is broken? Are you having a problem connecting to a specific site, or collection of sites? Do certain streaming media not work? Come on, tell us what is wrong, so we can try to give you some proposed solutions.
Complaining that you disagree with the decision of your ISP is not the same thing as offering up a real description of the resulting issues that occur because of that decision.
I'm honestly very curious to hear, because I run such a proxy in my company's production networks, and sometimes my users are not actually the most vocal in telling my department if something is wrong. I'd like to hear what you're seeing.
Thanks in advance.
-db
The original post describes the prediciment that she/he is in, but doesn't even say what is broken, exactly!
From the submission, it actually appears that the proxy is working exactly as configured. The end user, however, is breaking things himself by using nameservers other than his ISP's. That can't be described as a failure of the ISP by any means.
Proxy servers add a lot of value to any network larger than, say your 3l33t home rig. The two main purposes I use them for are to reduce overall bandwidth usage, and to insert some level of malware protection. I've saved myself, and my company a lot of headaches by blocking silly virus code requests.
It's nice that the post managed to include links to RFC, etc... it's too bad that they don't seem to really have an understanding of how networks, specifically the Internet, works.
As others have commented there are plenty of alternative ways to get around this like SSH tunnels, VPNs, third-party proxies, etc...
Just my own little $0.02 worth of a rant. Please drive through.
-buffy
Nice rant, but from the content in your posting, I'm not sure what that has to do, necessarily, with a proxy server. Seriously, do any certifications even exist for running a squid proxy? Come on...
Your rant, taken more as a statement of the lack of general competence is somewhat valid, but I just don't see the connection to this specific issue, other than obligitory karma whoring.
Whatever...
-buffy
Ok, a valid point. However, what was certainly not worthy of slashdot was the over-reactionary way that the story was posted and submitted. IMHO, the editor certainly should've used a little judgement, and just PERHAPS, read the linked article to understand that the submittor was still coming down off an acid trip--and just a touch paranoid.
Then again, from some of the comments I've recently read regarding many of the oversensationalized stories posted here, maybe it's exactly what slashdot thinks it wants.
Whatever, moving on...