Ummm sorry but Netmeeting isn't a protocol. It uses H.323 to provide call facilities. There are various methods for opening up firewalls to H.323. The obvious one is to open up all ports above 1024. Not pleasant. And ASN.1 is ugly as shit. Check out SIP for a real protocol.
Furthermore, MANY VoIP routing solutions are entirely dependent on the H.323 or H.323v2 pseudo-standard, which uses UDP - an inherently unreliable transport - to transmit and recieve call routing information on a per-system per-port level. H.323v2 is also bandwidth intensive. And I have yet to see a system that can interconnect H.323v2 with SS7, which is the absolute standard for all telephone call routing, as defined by Telcordia/BellCore. The Lucent 5ESS runs SS7 for routing, I shouldn't need to say any more than that. This may have changed in the time that I have been out of VoIP, but I doubt it
H.323 is indeed bandwidth intensive. It takes a number of nailed up TCP(!) connections to maintain a 323 call. However, H.323 v1 and v2 do not support call connects over UDP. It wasn't until v3 that UDP based communication came in to play. SIP supports both TCP and UDP connections. It also greatly reduces the number messages needed to set up a connection between endpoints. If you look at SIP and MGCP (IETF equivalents to H.323) there are a number of efforts to put in SS7 interoperability. ISUP traffic over SIP is in place today. And there are products available to do this. (See SIP-T which is SIP-Telephony interoperability). I'm not a huge fan but you might also want to look at http://www.softswitch.org/. Their are a number of companies attempting to build class 5 switches based on VoIP technology (see IPVerse, XyBridge, Lucent, etc). If you're interested in AIN functionality over IP you can try the Generic Data Interface (Bellcore SR-3389). This is all North American. For ITU/ETSI you'll have to go do the legwork, I'm not sure there's anything specified.
To sum up, if any of you out there are actually interested in the current market for VoIP and the capabilities, go do your own legwork. Don't listen to one isolated experience on/.. The large majority of people in telecoms know jack shit about internet technology, and the same goes for internet folks coming in to telecoms. I'm not claiming that you don't know what's up RISCy, just that 1998 is eons ago in this industry and things are changing rapidly. The VoIP industry is blowing up right now and there's a lot of heavy shit going down. I highly recommend it to anyone interested in protocols. Here are some links: SIP home page, great FAQ and Links. Alright H.323 starter Open source H.323 effort. SIP-T starter.
For Real world examples try Dialpad.com, www.talkopia.com, etc, etc.
You know those cheap ass phone cards you buy in 7-eleven or whatever the local quick-e-mart in your country is? A lot of them are currently using VoIP to do the call completion. Land the call in a local gateway, connect via H.323 or SIP and back into the PSTN at a gateway local to the called party. No long distance charges. So actually there are a lot of calls currently being landed over IP. I can't find any good numbers that are publically available but I'll look around some more.
Keep ETSI out of standards. Together with the ITU they can fuck up any semi-reasonable idea and produce an unworkable weighty, mostly useless and endless series of specs. (See SS7 - connection oriented SCCP, ISUP over SCCP, or H.323 Vendor Gatekeeper interoperability, oh yeah Lucent and Cisco managed to make enough room for "Value added" that nobodies gatekeepers are interoperable, Codec interoperability, IP issues and the lack of a standardized codec, the number of messages required to set up a single call via 323, the requirement to support h.245, h.225 (RAS and Q.931) and RTP/RTCP) SIP and MGCP baby. Kick those huge euro standard bodies to the curb and get with the IETF.
I'm the exact opposite. Usually when I see people who are self taught I tend to get worried. In my experience (not an empirical study by any means) individuals without degrees tend to be unaware of what the don't know. They tend to inflate their own abilities and be unaware of the broad scope of computer science. Additionally, people without degrees tend to be defensive. Unable to admit when they are wrong because they feel it somehow reflects on their lack of education. The flipside to that is being convinced that when someone else is wrong it's some kind of victory over the forces of ivory towerism.
On the other hand many college graduates are aspiring cubicle monkeys intent on finding somewhere to plant and grow ass (hopping on the CS gravy train). I give the thumbs down to those folks as well. And people with too much education can suffer from the bell labs/Advanced Intelligent Network syndrome, in other words, sitting around and making pretty diagrams for 2 years does not a product make. Or we don't have the cash to pay you to stroke yourself in the corner and give everyone else lectures about theoretical bullshit. Well, that's fairly nonsensical bunch of heuristics. If anyone has any questions or desires further explanation feel free. gid-foo
I don't think you're really very tech-savvy. The difference is that Pascal and VB are languages for people incapable of understanding C, and shouldn't really be allowed to program at all. C++ is for people who are capable of understanding C, but choose to ignore things like code size and efficiency.
People who live in glass houses... Or maybe it's pots and kettles. Anyways you're description of the differences between the languages A) isn't funny (not just because I'm pedantic but because it's really not funny) and B) isn't accurate. I'm sorry to break this to you but C++ is as efficient and the code size is comparable to C. While propagating myths is fine and we all have our departure points from reality I believe you should attempt to rectify this inaccuracy in your own life. Here are some helpful links to start you on your journey into knowledge: Efficiency info Bjarne's homepage Bjarne answers a lot of the questions you might have on his page. That's where I would start. None of this is in any way meant to state that the original poster wasn't a clueless troll, or that C++ is inherently better than C. good luck. gid-foo
I read this and I say to myself: Here is a man who truly appreciates literature. Stanislaw Lem is a freakin' genius. Brilliant writer, great stories, excellent social commentary and funny as hell. And underappreciated.
He's right there next to John Brunner ("To Stand on Zanzibar" and "The Sheep Look Up" are two of my favorite books).
Ummmm dangerous? I would go with inane, ridiculous, masturbatory, weak, feeble minded but dangerous? Two things definitely not to be taken seriously: 1)MENSA 2) Ayn Rand (and objectivist crap in general).
They are in no way agreeing to any conditions other then you still own the content of it. If I still own the content of it, then my permission is required before it can be republished. You no longer "own" your words, you own the content. In other words you're solely responsible for the content. The dislaimer isn't entirely clear. You implicitly give permission, it doesn't matter if you're aware of it or sign or click or take a shit, your comments can be re-published as is. Now, quit being a candy-ass and shut up about it already.
Exactly, comments are owned by the poster. This does not mean you own the bits which are encrypted in the/. machines, or even the words. It does mean that you are solely responsible for anything you say and that/. will deny any liability for you or other posters dumping inane nonsense to the board. Not so hard, was it.
Actually, there is no intentional back door (according to NT BugTraq). It's a buffer overflow. If you send 5000 bytes or some such of info it kills the DLL. It's unclear whether this occurs in the default configuration or only when the DLL is moved, or has it's permissions changed. But this should be fairly easy to fix once discovered.
The weenies string is (from what I can tell) unrelated to the buffer overflow. Apparently the original frontpage test installation was set up to accept ANY login. So "netscapeengineersareweenies" spelled backwards worked just as well as "joeblowisaloser" and neither would require password. In the rush to judgement (and credit for the exploit) these minor details got overlooked.
Then again, there's mostly a small team of hard core developers for any open source project, and especially the (mostly technical) security related stuff. Any nasty stuff would probably have to be done by someone inside such a team. An outsider trying to submit something 'bad' would very probably be noticed by one of the core members.
Do you know those people? Can you state what qualifies them to do security reviews of source code? That's one of the points Aleph1 is making, not just any joe-blow programmer can do a security review. It's a different mode of looking at the source and the flow of data in to and out of a binary. Additionally, open source is not equivalent with peer review (except in the best case scenario) - it can be difficult to ascertain who has done the source review, how thorough (a brief glance versus wrestling with the issues) and how experienced they are with security issues.
When they impose polices like ZERO tolerance of "violence" (Having your picture taken on top of a field gun is not OK. Fighting back is never OK. Saying "bang bang" is never OK. Violent skits are never OK....), or encourage students to explain how words "feel" via "whole language" -- encouraging them to invent their own spellings, and essentially pushing EMPATHY, not EDUCATION, *then* there are severe problems Oh yeah I forgot, kids aren't supposed to learn to enjoy learning or feel like they're in a safe environment where they can grow in to knowledge. They're supposed to have facts shoved down their little throats and then regurgitate them on command. Maybe when we're done force feeding them multiplication tables and endless "reading" work books we can teach them to roll over and beg for scooby snacks. Kids can't "rationally" assess historical events or "comprehend" mathematical proofs if they feel like shit all the time and are terrified of getting the shit kicked out of them after class. You're understanding of how people learn is weak at best.
That's fine, but the moment your desire to live your life impacts mine my desires on how I want to live my life come in to play. So you may want to dump vats of motor oil in to a pit in your back yard. However, as your neighbor this directly affects my living my life, therefore, cut it out. So, as long as your life and company do not impact or affect anyone else in society as a whole, you can do what you want. The moment people start buying your product and you start using labor to produce it and start needing places to put your by-products; Hello, I'm involved in the process. This doesn't necessarily contradict what you are saying but is an extension.
That's a great idea, except it seems to only weed out the spoofed ips with no real identity behind it (i.e. source x spoofing as y where y doesn't exist). But in the event you can get a valid connection to the remote host... The goal is to shut out real ips not made up ones. Therefore, you could start at any point in the ip address range (preferably one you know is valid) and march through subnets. The NIDS tries doing a backwards syn/ack. The invalid ips will get dropped but the valid ones will be banned? Hmmmm this syn/ack methodology doesn't appear to solve anything.
This then becomes the DOS. If you're a site which wants to have the general public show up shutting out large portions of the net doesn't work. That's the problem with NIDS that auto link to your firewall/router and start denying access to unfriendly networks. Anyone can spoof ips and by doing so in an organized way a decent attack could shut down your site by using the "advanced" capabilities of your IDS.
Get a copy of tripwire. On an at home system I can't see much more than that being required as far ID goes. Run nmap against your system to see what's open and make sure it's what you expect (are you running apache, etc). Read buqtraq and keep on top of patches for whatever binaries you're running. And you could read the Spafford and Garfinkel book on Internet Security.
Actually, that's one great use for Honeypots. Get the source for the latest and greatest root kits and other tools. There's a great example of this at (I think) the UC Davis security page. If you check over at security focus you can find some links re: honeypots. Honeypots are useful for documenting current best practices in use by illicit hackers (and crackers). sorry for the lack of real links, I'm still finishing my coffee, even typing this is a great strain.
2. just about every single US election. People consistently vote for the lesser of the two evils instead of who they really want. And look where it's gotten us. I can't remember who said it but: "If the Gods had wanted us to vote they'd have given us candidates"
Who gives a shit, it's the test server for a reason. The test server changes when they 'test' new stuff. Hence the designation 'test.' EQ has too many players who are looking for reasons to get their panties all wadded up. A company that is respectful towards its users, does its to manage a massive player base fairly and provides upgrades and tweaks to games doesn't deserve the amount of shit it gets from lusers.
Re:Everybody take a breather
on
Microsoft Loses
·
· Score: 1
Aahhhhh, the sweet sound of a vacuum being filled. That's the sound of money, lots and lots of money to be made
I imagine all the windows code is in escrow, if not some companies are seriously fucked. A sweet day indeed. I'll take mine in cash thank you.
Ahh but that is the scientific method. In a field with limited funding and incredible competition for brains and dough the scientific method is all about convincing people with cash that your research is valid and their research is crack-pot (oh yeah and if one of their grad students decides to come over the wall and bring some data and info with what's the problem). The life of a research scientist requires sharp and quick knives. gid-foo
Slashdot Mirror
Ummm sorry but Netmeeting isn't a protocol. It uses H.323 to provide call facilities. There are various methods for opening up firewalls to H.323. The obvious one is to open up all ports above 1024. Not pleasant. And ASN.1 is ugly as shit. Check out SIP for a real protocol.
Some comments on the following;
/.. The large majority of people in telecoms know jack shit about internet technology, and the same goes for internet folks coming in to telecoms. I'm not claiming that you don't know what's up RISCy, just that 1998 is eons ago in this industry and things are changing rapidly. The VoIP industry is blowing up right now and there's a lot of heavy shit going down. I highly recommend it to anyone interested in protocols. Here are some links:
Furthermore, MANY VoIP routing solutions are entirely dependent on the H.323 or H.323v2 pseudo-standard, which uses UDP - an inherently unreliable transport - to transmit and recieve call routing information on a per-system per-port level. H.323v2 is also bandwidth intensive. And I have yet to see a system that can interconnect H.323v2 with SS7, which is the absolute standard for all telephone call routing, as defined by Telcordia/BellCore. The Lucent 5ESS runs SS7 for routing, I shouldn't need to say any more than that. This may have changed in the time that I have been out of VoIP, but I doubt it
H.323 is indeed bandwidth intensive. It takes a number of nailed up TCP(!) connections to maintain a 323 call. However, H.323 v1 and v2 do not support call connects over UDP. It wasn't until v3 that UDP based communication came in to play. SIP supports both TCP and UDP connections. It also greatly reduces the number messages needed to set up a connection between endpoints.
If you look at SIP and MGCP (IETF equivalents to H.323) there are a number of efforts to put in SS7 interoperability. ISUP traffic over SIP is in place today. And there are products available to do this. (See SIP-T which is SIP-Telephony interoperability). I'm not a huge fan but you might also want to look at http://www.softswitch.org/. Their are a number of companies attempting to build class 5 switches based on VoIP technology (see IPVerse, XyBridge, Lucent, etc).
If you're interested in AIN functionality over IP you can try the Generic Data Interface (Bellcore SR-3389). This is all North American. For ITU/ETSI you'll have to go do the legwork, I'm not sure there's anything specified.
To sum up, if any of you out there are actually interested in the current market for VoIP and the capabilities, go do your own legwork. Don't listen to one isolated experience on
SIP home page, great FAQ and Links.
Alright H.323 starter
Open source H.323 effort.
SIP-T starter.
For Real world examples try Dialpad.com, www.talkopia.com, etc, etc.
You know those cheap ass phone cards you buy in 7-eleven or whatever the local quick-e-mart in your country is? A lot of them are currently using VoIP to do the call completion. Land the call in a local gateway, connect via H.323 or SIP and back into the PSTN at a gateway local to the called party. No long distance charges. So actually there are a lot of calls currently being landed over IP. I can't find any good numbers that are publically available but I'll look around some more.
Keep ETSI out of standards. Together with the ITU they can fuck up any semi-reasonable idea and produce an unworkable weighty, mostly useless and endless series of specs. (See SS7 - connection oriented SCCP, ISUP over SCCP, or H.323 Vendor Gatekeeper interoperability, oh yeah Lucent and Cisco managed to make enough room for "Value added" that nobodies gatekeepers are interoperable, Codec interoperability, IP issues and the lack of a standardized codec, the number of messages required to set up a single call via 323, the requirement to support h.245, h.225 (RAS and Q.931) and RTP/RTCP)
SIP and MGCP baby. Kick those huge euro standard bodies to the curb and get with the IETF.
I'm the exact opposite. Usually when I see people who are self taught I tend to get worried. In my experience (not an empirical study by any means) individuals without degrees tend to be unaware of what the don't know. They tend to inflate their own abilities and be unaware of the broad scope of computer science. Additionally, people without degrees tend to be defensive. Unable to admit when they are wrong because they feel it somehow reflects on their lack of education. The flipside to that is being convinced that when someone else is wrong it's some kind of victory over the forces of ivory towerism.
On the other hand many college graduates are aspiring cubicle monkeys intent on finding somewhere to plant and grow ass (hopping on the CS gravy train). I give the thumbs down to those folks as well. And people with too much education can suffer from the bell labs/Advanced Intelligent Network syndrome, in other words, sitting around and making pretty diagrams for 2 years does not a product make. Or we don't have the cash to pay you to stroke yourself in the corner and give everyone else lectures about theoretical bullshit.
Well, that's fairly nonsensical bunch of heuristics. If anyone has any questions or desires further explanation feel free. gid-foo
"Pie! Pie! Nincompoop guy!"
the onion: "If we go into another recession, does that mean a bunch of stockbrokers will kill themselves like in the '80s? Because that was great."
I don't think you're really very tech-savvy. The difference is that Pascal and VB are languages for people incapable of understanding C, and shouldn't really be allowed to program at all. C++ is for people who are capable of understanding C, but choose to ignore things like code size and efficiency.
People who live in glass houses... Or maybe it's pots and kettles. Anyways you're description of the differences between the languages A) isn't funny (not just because I'm pedantic but because it's really not funny) and B) isn't accurate. I'm sorry to break this to you but C++ is as efficient and the code size is comparable to C. While propagating myths is fine and we all have our departure points from reality I believe you should attempt to rectify this inaccuracy in your own life.
Here are some helpful links to start you on your journey into knowledge:
Efficiency info
Bjarne's homepage
Bjarne answers a lot of the questions you might have on his page. That's where I would start.
None of this is in any way meant to state that the original poster wasn't a clueless troll, or that C++ is inherently better than C.
good luck. gid-foo
I read this and I say to myself: Here is a man who truly appreciates literature. Stanislaw Lem is a freakin' genius. Brilliant writer, great stories, excellent social commentary and funny as hell. And underappreciated.
He's right there next to John Brunner ("To Stand on Zanzibar" and "The Sheep Look Up" are two of my favorite books).
Ummmm dangerous? I would go with inane, ridiculous, masturbatory, weak, feeble minded but dangerous? Two things definitely not to be taken seriously: 1)MENSA 2) Ayn Rand (and objectivist crap in general).
They are in no way agreeing to any conditions other then you still own the content of it. If I still own the content of it, then my permission is required before it can be republished.
You no longer "own" your words, you own the content. In other words you're solely responsible for the content. The dislaimer isn't entirely clear. You implicitly give permission, it doesn't matter if you're aware of it or sign or click or take a shit, your comments can be re-published as is.
Now, quit being a candy-ass and shut up about it already.
Exactly, comments are owned by the poster. This does not mean you own the bits which are encrypted in the /. machines, or even the words. It does mean that you are solely responsible for anything you say and that /. will deny any liability for you or other posters dumping inane nonsense to the board. Not so hard, was it.
Actually, there is no intentional back door (according to NT BugTraq). It's a buffer overflow. If you send 5000 bytes or some such of info it kills the DLL. It's unclear whether this occurs in the default configuration or only when the DLL is moved, or has it's permissions changed. But this should be fairly easy to fix once discovered.
The weenies string is (from what I can tell) unrelated to the buffer overflow. Apparently the original frontpage test installation was set up to accept ANY login. So "netscapeengineersareweenies" spelled backwards worked just as well as "joeblowisaloser" and neither would require password. In the rush to judgement (and credit for the exploit) these minor details got overlooked.
Then again, there's mostly a small team of hard core developers for any open source project, and especially the (mostly technical) security related stuff. Any nasty stuff would probably have to be done by someone inside such a team. An outsider trying to submit something 'bad' would very probably be noticed by one of the core members.
Do you know those people? Can you state what qualifies them to do security reviews of source code? That's one of the points Aleph1 is making, not just any joe-blow programmer can do a security review. It's a different mode of looking at the source and the flow of data in to and out of a binary. Additionally, open source is not equivalent with peer review (except in the best case scenario) - it can be difficult to ascertain who has done the source review, how thorough (a brief glance versus wrestling with the issues) and how experienced they are with security issues.
When they impose polices like ZERO tolerance of "violence" (Having your picture taken on top of a field gun is not OK. Fighting back is never OK. Saying "bang bang" is never OK. Violent skits are never OK....), or encourage students to explain how words "feel" via "whole language" -- encouraging them to invent their own spellings, and essentially pushing EMPATHY, not EDUCATION, *then* there are severe problems
Oh yeah I forgot, kids aren't supposed to learn to enjoy learning or feel like they're in a safe environment where they can grow in to knowledge. They're supposed to have facts shoved down their little throats and then regurgitate them on command. Maybe when we're done force feeding them multiplication tables and endless "reading" work books we can teach them to roll over and beg for scooby snacks.
Kids can't "rationally" assess historical events or "comprehend" mathematical proofs if they feel like shit all the time and are terrified of getting the shit kicked out of them after class. You're understanding of how people learn is weak at best.
That's fine, but the moment your desire to live your life impacts mine my desires on how I want to live my life come in to play. So you may want to dump vats of motor oil in to a pit in your back yard. However, as your neighbor this directly affects my living my life, therefore, cut it out. So, as long as your life and company do not impact or affect anyone else in society as a whole, you can do what you want. The moment people start buying your product and you start using labor to produce it and start needing places to put your by-products; Hello, I'm involved in the process. This doesn't necessarily contradict what you are saying but is an extension.
That's a great idea, except it seems to only weed out the spoofed ips with no real identity behind it (i.e. source x spoofing as y where y doesn't exist). But in the event you can get a valid connection to the remote host...
The goal is to shut out real ips not made up ones. Therefore, you could start at any point in the ip address range (preferably one you know is valid) and march through subnets. The NIDS tries doing a backwards syn/ack. The invalid ips will get dropped but the valid ones will be banned? Hmmmm this syn/ack methodology doesn't appear to solve anything.
Oops I meant Chiswick and Bellovin.
This then becomes the DOS. If you're a site which wants to have the general public show up shutting out large portions of the net doesn't work. That's the problem with NIDS that auto link to your firewall/router and start denying access to unfriendly networks. Anyone can spoof ips and by doing so in an organized way a decent attack could shut down your site by using the "advanced" capabilities of your IDS.
Get a copy of tripwire. On an at home system I can't see much more than that being required as far ID goes. Run nmap against your system to see what's open and make sure it's what you expect (are you running apache, etc). Read buqtraq and keep on top of patches for whatever binaries you're running.
And you could read the Spafford and Garfinkel book on Internet Security.
Actually, that's one great use for Honeypots. Get the source for the latest and greatest root kits and other tools. There's a great example of this at (I think) the UC Davis security page. If you check over at security focus you can find some links re: honeypots. Honeypots are useful for documenting current best practices in use by illicit hackers (and crackers).
sorry for the lack of real links, I'm still finishing my coffee, even typing this is a great strain.
2. just about every single US election. People consistently vote for the lesser of the two evils instead of who they really want. And look where it's gotten us.
I can't remember who said it but: "If the Gods had wanted us to vote they'd have given us candidates"
Who gives a shit, it's the test server for a reason. The test server changes when they 'test' new stuff. Hence the designation 'test.' EQ has too many players who are looking for reasons to get their panties all wadded up. A company that is respectful towards its users, does its to manage a massive player base fairly and provides upgrades and tweaks to games doesn't deserve the amount of shit it gets from lusers.
Aahhhhh, the sweet sound of a vacuum being filled. That's the sound of money, lots and lots of money to be made
I imagine all the windows code is in escrow, if not some companies are seriously fucked. A sweet day indeed. I'll take mine in cash thank you.
Ahh but that is the scientific method. In a field with limited funding and incredible competition for brains and dough the scientific method is all about convincing people with cash that your research is valid and their research is crack-pot (oh yeah and if one of their grad students decides to come over the wall and bring some data and info with what's the problem). The life of a research scientist requires sharp and quick knives. gid-foo