Re:QoS not needed or wanted on the Internet
on
IPv6 Essentials
·
· Score: 1
This is not to say that VOIP over the Internet impossible, but it should not have an unfair advantage over other Internet traffic.
Nooooooo....If you are torrenting an ISO of your favorite Linux distro (for example), then if some subset of the packets destined for you are slowed down by 5-10ms, you won't even notice the difference in download speeds. OTOH, if you are trying to play a streaming video feed, place a VoIP call or use some other "over-IP" service that requires fast, consistent packet times, then you *WILL* notice both delays and variations in network latency (jitter). *THAT* is why QoS is important. It's not that VoIP/streaming traffic is necessarily any more important than any other traffic; it's just more time sensistive.
So, how do you implement QoS so that all end users are happy? You use both a packet prioritization and a fairness algorithm to ensure that VoIP/streaming traffic has high priority while bulk downloads have a lower priority with the caveat that after a given number of high priority traffic has traversed the pipe, a number of low priority packets also get sent even if there is higher priority in the queue. Cisco implemented this in their proprietary RPR implementation, IIRC.
Riiiiiiiiight....because when I was a teenager, I *never* said or did anything they wouldn't have approved of, nor did I ever tell them anything to give a different impression when they asked. I *was*, in fact, at the library on those weekend nights (what do you mean it closed at six on Saturdays???), and no, mom, of *course* there wasn't any alcohol at any of the parties I went to.
Parents *do* need to pay attention to what their kids are doing on-line, because (newsflash!) teen and pre-teen aged kids do not always display the best judgement. God knows I sure didn't...and I really wasn't a bad kid.
There may not be as many IAX softphones as SIP softphones, but they are available, whether your choice is Linux, Mac or Windows. If you are looking for a good IAX softphone, I'd recommend either idefisk http://www.asteriskguru.com/idefisk/, kiax http://sourceforge.net/project/showfiles.php?group _id=131960 or iaxcomm iaxclient.sourceforge.net/iaxcomm/. I have used all three, and all of them work well, but idefisk is probably the most feature-rich, the best documented and has, IMHO, the best looking UI. Kiax isn't bad, but isn't as pretty. While iaxcomm works well too, but it's not as well documented as the other two.
I agree with your premise, but not your supporting arguments, which is a rather unusual state of affairs, I believe.
While the "security as an onion" has been pretty well trodden into the ground, the principle is valid, and therefore, I agree that a perimeter firewall is a necessity. However, I maintain that your internal hosts should be firewalled/ACL'd as well.
On networks that I administer, I build a firewall into every host I put on my network. My Linux boxes all run iptables to limit traffic to what I expect to see on the network interfaces. The very few Windows boxes that I must support (kicking and screaming) also have third party firewalls, like Sygate. If you look at server configs for most *nix products (Asterisk, Apache, Sendmail, Postfix, Bind, etc.) you will see they typically contain some type of Allow/Deny configuration, and I make a point of turning these on as appropriate, too.
Yes, that implies duplicated functionality, and yes, it implies some degree of bloat, too. IMHO, that translates to increased security on my network since a vulnerability in my perimeter firewall will not necessarily mean that my services are vulnerable, if each host is firewalled and ACL'd.
Even better, it means I can conduct maintenance on various parts of my network without exposing my applications and services to attack. For example, I recently lost a hard drive on a web server. While rebuilding the server, I allowed root ssh to the web server and to the server that held backups for the web server. Ordinarily, root is not allowed ssh to any of my hosts, but since the servers had iptables running to only allow ssh from internal addresses, I could temporarily relax this security policy until the server was restored properly.
And I don't understand why you seem to think that having services running with different types of firewall functionality and weaknesses is a bad thing. It seems to me that having multiple firewalls--each of which has different weaknesses that an attacker must exploit before finally gaining access to a service--is a good thing. Joe Scriptkiddie may know how to defeat one weakness, but then he will have to figure out the firewall on the destination host *and then* defeat any ACLs on the destination service before he can compromise your server. In your ideal, he only has to defeat the perimeter firewall and then your whole network is open to him.
Ummm....no. In anything more complicated than what a switch can do, you are using software to process packets.
Yes, Cisco (and others) have routers that use ASICs to handle immediate in/out "routing" in hardware, but as soon as you start putting any kind of ACL, any kind of port/IP translation, or anything else that requires any intelligence on the router, you bring in software, and all of the processing overhead that goes with it.
So....if you are going to do anything *useful* with a router would you rather have a 50-200MHz Cisco box running a bloated IOS (do you *really* use X.25, for example???), or a server-class x86 motherboard running a 1GHz processor with a kernel optimized for routing and software optimized for the protocols you actually use?
We use http://www.imagestream.com/ImageStream Linux-based routers where I work, and they absolutely run circles around the 2600, 3000, and as5000 -series routers that we have. Their support is absolutely phenomenal. When we have a problem with an ImageStream router, we frequently talk with their programmer, and he works with us until we have a patch installed on the box that fixes the problem. If there's a software bug in your Cisco router, it's "yeah, that will be fixed in the next IOS release"...which unless you paid out the <bodily orifice of your choice> for SmartNet you have to *buy*, even though their product was broken when you bought it.
You can use overpriced Cisco iron if you want; I'll stick with the Linux-based routers, thanks.
Unlike the vonage box I have now, if I start downloading torrents or pushing the upload/down rates on my connection some other way I have the potential of breaking up my VoIP call.
That's what QoS is for. I'm running a linux box router/firewall, and I've set up classes of service to guarantee that a certain portion of my bandwidth is always available for ssh (in case I need to sign in remotely to fix something), a certain portion for VoIP (so my calls get through no matter how many people are browsing my web server--like that's an issue:), and the rest is low priority, preemptable traffic.
Nah, you just image it once it's built and back up the servers regularly.
Then, if it crashes, you just restore the base install and the most recent backup with rsync and voila! You're back in business, with just a couple of hours downtime. It's an incredibly effective way to get a server back on-line *really* quickly -- say an hour to restore the original backup, and the restore of your data will depend upon how much your configs, home directories, and data stores have changed since the original build.
The only catch is that you have to have a backup server with enough storage space to copy the entire file system on all of your servers (don't try to select just the important data--you'll invariably forget something....don't ask how I know this <grin>)
I've used this process to replace a couple of aging servers here, and was amazed at how easy it was. That's why I'm implementing it for my wife's business -- she's much less philosophical about outages than my boss at my day job is, lol.
I was a die-hard Slackware user until a co-worker turned me on to gentoo. Yes, it's a major PITA to install (my first install took about a week and a half on a Dell D800 laptop; I had trimmed it down to a week when I traded in the D800 for a D820, and the install on a to-be asterisk server for my wife's business was only about three days), but IME, you can either feel the pain with the initial install (gentoo) or feel the pain trying to keep the O/S patched after the install (anything else).
While slackware's pkgtools/upgradepkg/installpkg/removepkg tools work pretty well for keeping a slack box *patched* when you want to make a major change (like moving from an obsolete glibc version to a new version because something you want to install from source won't work with the libraries you have installed), your only option is pretty much to rebuild from scratch.
What convinced me to (start) switch(ing) to gentoo is that you *never* have an obsolete O/S as long you keep your emerges up to date...which isn't really all that difficult most of the time.
I'd rather suffer through an install once, then keep the box current with regular emerges than keep rebuilding server after server (or desktop after desktop) because the base O/S install needs to be updated every few years.
What I would like is a distro that would install pretty much anything you want without you compiling anything (fast and easy installation), but it would also automaticly detect your hardware and deside optimal compiler options...
Now why would you need to determine optimal compiler options if you don't compile anything???:D
The theory is that if your ISP doesn't give a rip that you are spamming, then Spamhaus (and other blacklist operators) blacklist the offending network. Then *you* get pissed at your ISP and move somewhere else. Once enough customers jump ship because the ISP is irresponsible, then maybe they'll start to enforce their AUP's.
This was a concept that was thankfully pounded into my former employer's (an ISP) head before I started working there, but I still had to remind management quite frequently, that yes, we did in fact want to kick spammers off our network, no matter how many services they bought from us, for this very reason.
Yes, it's a PITA for the poor sap who's trying to send e-mail to Aunt Lucy but can't because his ISP is blacklisted, but it's an effective way of (let's be honest) coercing ISP's into playing nicely with others. Want proof? Why did the spammer spend the time, money and effort to take Spamhaus to court in Illinois? Because Spamhaus was *hurting* them. And that's a good thing >:]
Going slightly off-topic for a moment, this is an illustration of why I won't be moving to Illinois any time soon. For a related stupid story, see http://www.hackbusters.net/
If you downloaded gigabytes of music and did not make
any of your file system visible over the internet they wouldn't catch you
now would they?
That's an interesting question, and it leads to another, IMHO, interesting question--one I wished I had thought about before the lawyer answered the questions. What are the chances of the RIAA setting up file-sharing honeypots, for lack of a better term, for the purpose of snaring those who are downloading music rather than just uploading mp3s that they may or may not have obtained legally? Would a case involving such a scheme hold any water in court, or would a claim of entrapment invalidate the case? Does entrapment even apply in a civil case?
At my previous employment, the ISP and internal IT folks were two separate and distinct groups. I worked in the ISP group. At one point in time, management dictated that *all* internal documentation was to be stored on an internal web repository run by IT. After the second time the IT folks accidentally erased all of our documentation, we ISP folk rebelled and built our own internal web documentation repository.
We humans tend to trust things that we own and control ourselves, and be skittish around things that are owned and controlled by others. I don't expect to see that aspect of our nature changing any time soon.
I can't see why anyone would want to ban these literary icons from schools or libraries, when the dissection of each only lends to the ability to think freely and creatively, and develop critical thinking and reasoning skills.
<putting on tin-foil hat>
Perhaps *because* they lend one the ability to think freely and creatively, and to develop critical thinking and reasoning skills?
< removing tin-foil hat>
It's one thing for a movie theater or porn-shop to let minors in, it's on their premises. These kids are (mostly) accessing the internet from their own home, where the parents should be able to monitor their activities.
Exactly. Not to mention that at a movie theater or porn shop the owner/operator/minimum-wage-clerk-at-the-counter can *see* that the person requesting said services is under age. While I suppose it is technically possible to make it a requirement to use a webcam to record anyone wishing to sign up for a new account (which would then be reviewed before the request was granted) I don't see this becoming a trend among social networking sites any time soon...imagine the logistics of trying to review a million teenagers' enrollment interviews.
Even worse, what with the crap on youtube, I'd hate to think what...ahem...creative...footage the webcams would capture <shudder>
I do not advise anyone to use black lists. There are many good ways to get rid of spam that do not have false positives
That seems a little bit optimistic, to me. I used to work at an ISP that had a sendmail farm as a front-end for an i-Planet mail server (grrr....), and you could tell when the spammers would unleash a flood from botnets on other ISPs' networks: the sendmail farm would grind to a halt, delaying legit mail from our users by 1-5 hours, at times.
You simply *cannot* filter that much mail real time without denying e-mail from known spam sources out of hand; if your domain is well-known enough, blocking by RBL becomes a matter of survival, not convenience.
Besides, I am reminded of a quote (as best as I remember it) by Paul Vixie, the author of Bind and Vixie cron, I believe, on the Nanog mailing lists:
We know that blacklists hurt spammers because of the changes they make to get around them. And anything that hurts spammers, we should be all over.
(My apologies to Paul if I didn't get the quote exactly right)
Re:Consumers don't care about their privacy
on
The Death of Privacy
·
· Score: 1
Ummm...this is probably a no-brainer for most/. readers, but no matter how tight the security, *someone* at the service provider can probably read the e-mails, if they so choose. If you've got root, you can open the mail spool, or at least you can change the password for the e-mail account...and if you're halfway competent, you can probably put it back before anyone notices that it was even changed. For that matter, how many people will give their password to tech support without a second thought?
The good news is that most people really couldn't care less what you're writing to Aunt Sally, so 99% of the time, it's a moot point, anyway.
At the ISP where I used to work, we really didn't give a rip what you did with your pipe so long as it didn't cause us problems:)
So, if you were using Bit Torrent (or KaZaA or gnutella or....), we didn't care so long as MPAA/RIAA/BSA/**AA didn't send us a notification of infringing content. If we received such a notification, we would send a warning to the infringing customer. If said customer continued pirating software/movies/whatever, we would continue to send warnings to the customer until either the customer learned how to not get caught or the *AA's would send a subpoena request. While our AUP's stated that we *could* terminate a user's account for copyright infringement, I can't think of a single case where we actually exercised the option.
The bottom line is that dictating how a customer uses the pipe is a waste of time and resources. For me (as an ISP) to tell you (as a customer) how to use your connection just involves me in a never ending arms race and annoys you. So why bother?
Basically, as has already been mentioned, the biggest reason that ISP's get upset with file sharing is because it taxes networks that weren't designed for 24/7 usage from so many customers. Rather than trying to restrict what *protocols* are used on networks, I suspect that, some time in the future, ISP's will begin charging the same way almost every other utility does: charging per unit of bandwidth consumed, possibly with a flat fee until some cap is reached, and then a price per unit of bandwidth consumed after that.
To some extent you are correct, getting Linux to run all of your hardware can (sometimes, maybe even "often") be a real PITA. But is any other OS really any different?
It wasn't *that* long ago that I was consulting with Microsoft's hardware compatibility list before buying hardware because the NT/2K kernel didn't work with all the hardware that 9x used. FWIW, I bought a crappy little web cam a while back that I couldn't get to work with either 2K *or* Linux, and for the life of me, I can't my wife's Canon Rebel to work properly in either Linux or Windows, despite Canon's (you guessed it--binary-only) drivers for Windows. So, we eject the CF card and use an external card to upload the pics, and that works on either O/S equally well.
How many blue screens have you seen in Windows that were caused by binary-only drivers that didn't work correctly? Adaptec's CD writing software completely hosed my 2K system a few years ago--I had to reinstall Windows after loading it. OTOH, cdrecord has *never* hosed my Slack or Gentoo machines.
Yeah, setting up wireless can be a chore in Linux. There are a host of competing software suites that claim to make it work, but once again, I haven't seen that Windows is that much better. Every vendor's (binary) drivers for Windows work a little differently, and sometimes don't work at all. All I know is that my Netgear MA-401 802.11b card typically works quite well for me.
Audio? Yeah, I'm listening to mp3s on my Gentoo laptop right now, and it sounds great. I've used Rosegarden and Audacity to do audio recordings at home on my Slack desktop, so I'm pretty happy with ALSA. However, everything sounds like "Alvin and the Chipmunks" on my wife's Dell/Windows 2K desktop at home, and I haven't been able to figure out why, yet.
Video? Yeah, got that working on my Slack box, too. It took a little while to find the "regionset" utility so that my DVD drive could read DVD's, but now, it works great. I even solved the problem with my ATI video card dropping frames, although I did have to load ATI's binary-only driver. WTF, it works, and, again unlike the Windows environment, I at least had a choice between using the FOSS driver and the proprietary. In this case, I chose proprietary because I perceived an advantage...this time.
So, yeah, it can be a pain getting everything set up for Linux, but the same can be said for Windows. I'd rather take my chances with Linux, because if I run into a roadblock, the answer is almost always found with a Google search. The same is not always true with Windows.
If it can "quantify the concentration of volatile organic compounds" in the air, it can determine if there is a sufficient quantity to produce a dangerous reaction. Somehow, I suspect that a bottle of nail polish remover does not contain enough acetone to be a real threat, but IANAC (...chemist) so I could be wrong.
However, given enough women carrying enough nail polish remover on board the aircraft, I suppose it could be a problem...
Ummm...under certain circumstances, yes, and emphatically so.
Even though I'm not a British citizen, nor do I reside in the UK, I *am* concerned by this law, because I can see the U.S. trying to enact something similar. HOWEVER, I strongly disagree with your argument, even though I agree with your position.
Kiddie porn is illegal, and for a very good reason. Moral issues aside, if an adult knowingly and willingly chooses to engage in the porn industry, that is one thing. But because a child can be coerced or bullied into participation much more easily than an adult, and even were the child not coerced, a child does not have the experience or wisdom to make an informed decision about whether or not to participate. Therefore, a child engaged in kiddie porn is a victim, whereas an adult (typically) is not.
If the creation of child pornography is heinous, can the consumption of it be any less? After all, it is the demand for such material that drives the supply; either child porn is created for, ahem, 1) "personal use" or 2) resale. In either case, a child was victimized for an adult's gratification, and that, quite simply is evil.
While I don't want to sugar coat terrorism, IMHO, yes, child pornography is at least as bad. A molested child endures a lifetime of suffering as a result of what occurred.
While you do have a point that it is possible to have "stuff on your hard disk that you didn't knowingly download" (unsolicited kiddie porn spam e-mail, for example), you would most likely also have the evidence to support your claim that it was, in fact, downloaded inadvertently (i.e., the spam mail itself, the HTML from the web page that included a hacked porn image, log files that someone accessed your machine/network). OTOH, if you *were* surfing illicit sites, that evidence would probably be available, as well.
Nooooooo....If you are torrenting an ISO of your favorite Linux distro (for example), then if some subset of the packets destined for you are slowed down by 5-10ms, you won't even notice the difference in download speeds. OTOH, if you are trying to play a streaming video feed, place a VoIP call or use some other "over-IP" service that requires fast, consistent packet times, then you *WILL* notice both delays and variations in network latency (jitter). *THAT* is why QoS is important. It's not that VoIP/streaming traffic is necessarily any more important than any other traffic; it's just more time sensistive.
So, how do you implement QoS so that all end users are happy? You use both a packet prioritization and a fairness algorithm to ensure that VoIP/streaming traffic has high priority while bulk downloads have a lower priority with the caveat that after a given number of high priority traffic has traversed the pipe, a number of low priority packets also get sent even if there is higher priority in the queue. Cisco implemented this in their proprietary RPR implementation, IIRC.
Riiiiiiiiight....because when I was a teenager, I *never* said or did anything they wouldn't have approved of, nor did I ever tell them anything to give a different impression when they asked. I *was*, in fact, at the library on those weekend nights (what do you mean it closed at six on Saturdays???), and no, mom, of *course* there wasn't any alcohol at any of the parties I went to.
Parents *do* need to pay attention to what their kids are doing on-line, because (newsflash!) teen and pre-teen aged kids do not always display the best judgement. God knows I sure didn't...and I really wasn't a bad kid.
Oh, and our own government! (w.r.t. NSA Wiretapping, Patriot Act, etc.)
How many do you need?
p _id=131960 or iaxcomm iaxclient.sourceforge.net/iaxcomm/. I have used all three, and all of them work well, but idefisk is probably the most feature-rich, the best documented and has, IMHO, the best looking UI. Kiax isn't bad, but isn't as pretty. While iaxcomm works well too, but it's not as well documented as the other two.
There may not be as many IAX softphones as SIP softphones, but they are available, whether your choice is Linux, Mac or Windows. If you are looking for a good IAX softphone, I'd recommend either idefisk http://www.asteriskguru.com/idefisk/, kiax http://sourceforge.net/project/showfiles.php?grou
Dude, that's the funniest thing I've read on /. in a *looong* time!
In that case, I agree with you completely :)
I agree with your premise, but not your supporting arguments, which is a rather unusual state of affairs, I believe.
While the "security as an onion" has been pretty well trodden into the ground, the principle is valid, and therefore, I agree that a perimeter firewall is a necessity. However, I maintain that your internal hosts should be firewalled/ACL'd as well.
On networks that I administer, I build a firewall into every host I put on my network. My Linux boxes all run iptables to limit traffic to what I expect to see on the network interfaces. The very few Windows boxes that I must support (kicking and screaming) also have third party firewalls, like Sygate. If you look at server configs for most *nix products (Asterisk, Apache, Sendmail, Postfix, Bind, etc.) you will see they typically contain some type of Allow/Deny configuration, and I make a point of turning these on as appropriate, too.
Yes, that implies duplicated functionality, and yes, it implies some degree of bloat, too. IMHO, that translates to increased security on my network since a vulnerability in my perimeter firewall will not necessarily mean that my services are vulnerable, if each host is firewalled and ACL'd.
Even better, it means I can conduct maintenance on various parts of my network without exposing my applications and services to attack. For example, I recently lost a hard drive on a web server. While rebuilding the server, I allowed root ssh to the web server and to the server that held backups for the web server. Ordinarily, root is not allowed ssh to any of my hosts, but since the servers had iptables running to only allow ssh from internal addresses, I could temporarily relax this security policy until the server was restored properly.
And I don't understand why you seem to think that having services running with different types of firewall functionality and weaknesses is a bad thing. It seems to me that having multiple firewalls--each of which has different weaknesses that an attacker must exploit before finally gaining access to a service--is a good thing. Joe Scriptkiddie may know how to defeat one weakness, but then he will have to figure out the firewall on the destination host *and then* defeat any ACLs on the destination service before he can compromise your server. In your ideal, he only has to defeat the perimeter firewall and then your whole network is open to him.
Ummm....no. In anything more complicated than what a switch can do, you are using software to process packets.
Yes, Cisco (and others) have routers that use ASICs to handle immediate in/out "routing" in hardware, but as soon as you start putting any kind of ACL, any kind of port/IP translation, or anything else that requires any intelligence on the router, you bring in software, and all of the processing overhead that goes with it.
So....if you are going to do anything *useful* with a router would you rather have a 50-200MHz Cisco box running a bloated IOS (do you *really* use X.25, for example???), or a server-class x86 motherboard running a 1GHz processor with a kernel optimized for routing and software optimized for the protocols you actually use?
We use http://www.imagestream.com/ImageStream Linux-based routers where I work, and they absolutely run circles around the 2600, 3000, and as5000 -series routers that we have. Their support is absolutely phenomenal. When we have a problem with an ImageStream router, we frequently talk with their programmer, and he works with us until we have a patch installed on the box that fixes the problem. If there's a software bug in your Cisco router, it's "yeah, that will be fixed in the next IOS release"...which unless you paid out the <bodily orifice of your choice> for SmartNet you have to *buy*, even though their product was broken when you bought it.
You can use overpriced Cisco iron if you want; I'll stick with the Linux-based routers, thanks.
That's what QoS is for. I'm running a linux box router/firewall, and I've set up classes of service to guarantee that a certain portion of my bandwidth is always available for ssh (in case I need to sign in remotely to fix something), a certain portion for VoIP (so my calls get through no matter how many people are browsing my web server--like that's an issue
From what I've seen, it works great, but YMMV.
Nah, you just image it once it's built and back up the servers regularly.
Then, if it crashes, you just restore the base install and the most recent backup with rsync and voila! You're back in business, with just a couple of hours downtime. It's an incredibly effective way to get a server back on-line *really* quickly -- say an hour to restore the original backup, and the restore of your data will depend upon how much your configs, home directories, and data stores have changed since the original build.
The only catch is that you have to have a backup server with enough storage space to copy the entire file system on all of your servers (don't try to select just the important data--you'll invariably forget something....don't ask how I know this <grin>)
I've used this process to replace a couple of aging servers here, and was amazed at how easy it was. That's why I'm implementing it for my wife's business -- she's much less philosophical about outages than my boss at my day job is, lol.
I was a die-hard Slackware user until a co-worker turned me on to gentoo. Yes, it's a major PITA to install (my first install took about a week and a half on a Dell D800 laptop; I had trimmed it down to a week when I traded in the D800 for a D820, and the install on a to-be asterisk server for my wife's business was only about three days), but IME, you can either feel the pain with the initial install (gentoo) or feel the pain trying to keep the O/S patched after the install (anything else).
While slackware's pkgtools/upgradepkg/installpkg/removepkg tools work pretty well for keeping a slack box *patched* when you want to make a major change (like moving from an obsolete glibc version to a new version because something you want to install from source won't work with the libraries you have installed), your only option is pretty much to rebuild from scratch.
What convinced me to (start) switch(ing) to gentoo is that you *never* have an obsolete O/S as long you keep your emerges up to date...which isn't really all that difficult most of the time.
I'd rather suffer through an install once, then keep the box current with regular emerges than keep rebuilding server after server (or desktop after desktop) because the base O/S install needs to be updated every few years.
Now why would you need to determine optimal compiler options if you don't compile anything???
Uh, no.
The theory is that if your ISP doesn't give a rip that you are spamming, then Spamhaus (and other blacklist operators) blacklist the offending network. Then *you* get pissed at your ISP and move somewhere else. Once enough customers jump ship because the ISP is irresponsible, then maybe they'll start to enforce their AUP's.
This was a concept that was thankfully pounded into my former employer's (an ISP) head before I started working there, but I still had to remind management quite frequently, that yes, we did in fact want to kick spammers off our network, no matter how many services they bought from us, for this very reason.
Yes, it's a PITA for the poor sap who's trying to send e-mail to Aunt Lucy but can't because his ISP is blacklisted, but it's an effective way of (let's be honest) coercing ISP's into playing nicely with others. Want proof? Why did the spammer spend the time, money and effort to take Spamhaus to court in Illinois? Because Spamhaus was *hurting* them. And that's a good thing >:]
Going slightly off-topic for a moment, this is an illustration of why I won't be moving to Illinois any time soon. For a related stupid story, see http://www.hackbusters.net/
No, you weren't the only one--that occurred to me, too :) Although I admit I couldn't remember Dr. Theophilus' name.
That's an interesting question, and it leads to another, IMHO, interesting question--one I wished I had thought about before the lawyer answered the questions. What are the chances of the RIAA setting up file-sharing honeypots, for lack of a better term, for the purpose of snaring those who are downloading music rather than just uploading mp3s that they may or may not have obtained legally? Would a case involving such a scheme hold any water in court, or would a claim of entrapment invalidate the case? Does entrapment even apply in a civil case?
At my previous employment, the ISP and internal IT folks were two separate and distinct groups. I worked in the ISP group. At one point in time, management dictated that *all* internal documentation was to be stored on an internal web repository run by IT. After the second time the IT folks accidentally erased all of our documentation, we ISP folk rebelled and built our own internal web documentation repository.
We humans tend to trust things that we own and control ourselves, and be skittish around things that are owned and controlled by others. I don't expect to see that aspect of our nature changing any time soon.
<putting on tin-foil hat>
Perhaps *because* they lend one the ability to think freely and creatively, and to develop critical thinking and reasoning skills?
< removing tin-foil hat>
Exactly. Not to mention that at a movie theater or porn shop the owner/operator/minimum-wage-clerk-at-the-counter can *see* that the person requesting said services is under age. While I suppose it is technically possible to make it a requirement to use a webcam to record anyone wishing to sign up for a new account (which would then be reviewed before the request was granted) I don't see this becoming a trend among social networking sites any time soon...imagine the logistics of trying to review a million teenagers' enrollment interviews.
Even worse, what with the crap on youtube, I'd hate to think what...ahem...creative...footage the webcams would capture <shudder>
That seems a little bit optimistic, to me. I used to work at an ISP that had a sendmail farm as a front-end for an i-Planet mail server (grrr....), and you could tell when the spammers would unleash a flood from botnets on other ISPs' networks: the sendmail farm would grind to a halt, delaying legit mail from our users by 1-5 hours, at times.
You simply *cannot* filter that much mail real time without denying e-mail from known spam sources out of hand; if your domain is well-known enough, blocking by RBL becomes a matter of survival, not convenience.
Besides, I am reminded of a quote (as best as I remember it) by Paul Vixie, the author of Bind and Vixie cron, I believe, on the Nanog mailing lists: (My apologies to Paul if I didn't get the quote exactly right)
Ummm...this is probably a no-brainer for most /. readers, but no matter how tight the security, *someone* at the service provider can probably read the e-mails, if they so choose. If you've got root, you can open the mail spool, or at least you can change the password for the e-mail account...and if you're halfway competent, you can probably put it back before anyone notices that it was even changed. For that matter, how many people will give their password to tech support without a second thought?
The good news is that most people really couldn't care less what you're writing to Aunt Sally, so 99% of the time, it's a moot point, anyway.
At the ISP where I used to work, we really didn't give a rip what you did with your pipe so long as it didn't cause us problems :)
So, if you were using Bit Torrent (or KaZaA or gnutella or....), we didn't care so long as MPAA/RIAA/BSA/**AA didn't send us a notification of infringing content. If we received such a notification, we would send a warning to the infringing customer. If said customer continued pirating software/movies/whatever, we would continue to send warnings to the customer until either the customer learned how to not get caught or the *AA's would send a subpoena request. While our AUP's stated that we *could* terminate a user's account for copyright infringement, I can't think of a single case where we actually exercised the option.
The bottom line is that dictating how a customer uses the pipe is a waste of time and resources. For me (as an ISP) to tell you (as a customer) how to use your connection just involves me in a never ending arms race and annoys you. So why bother?
Basically, as has already been mentioned, the biggest reason that ISP's get upset with file sharing is because it taxes networks that weren't designed for 24/7 usage from so many customers. Rather than trying to restrict what *protocols* are used on networks, I suspect that, some time in the future, ISP's will begin charging the same way almost every other utility does: charging per unit of bandwidth consumed, possibly with a flat fee until some cap is reached, and then a price per unit of bandwidth consumed after that.
To some extent you are correct, getting Linux to run all of your hardware can (sometimes, maybe even "often") be a real PITA. But is any other OS really any different?
It wasn't *that* long ago that I was consulting with Microsoft's hardware compatibility list before buying hardware because the NT/2K kernel didn't work with all the hardware that 9x used. FWIW, I bought a crappy little web cam a while back that I couldn't get to work with either 2K *or* Linux, and for the life of me, I can't my wife's Canon Rebel to work properly in either Linux or Windows, despite Canon's (you guessed it--binary-only) drivers for Windows. So, we eject the CF card and use an external card to upload the pics, and that works on either O/S equally well.
How many blue screens have you seen in Windows that were caused by binary-only drivers that didn't work correctly? Adaptec's CD writing software completely hosed my 2K system a few years ago--I had to reinstall Windows after loading it. OTOH, cdrecord has *never* hosed my Slack or Gentoo machines.
Yeah, setting up wireless can be a chore in Linux. There are a host of competing software suites that claim to make it work, but once again, I haven't seen that Windows is that much better. Every vendor's (binary) drivers for Windows work a little differently, and sometimes don't work at all. All I know is that my Netgear MA-401 802.11b card typically works quite well for me.
Audio? Yeah, I'm listening to mp3s on my Gentoo laptop right now, and it sounds great. I've used Rosegarden and Audacity to do audio recordings at home on my Slack desktop, so I'm pretty happy with ALSA. However, everything sounds like "Alvin and the Chipmunks" on my wife's Dell/Windows 2K desktop at home, and I haven't been able to figure out why, yet.
Video? Yeah, got that working on my Slack box, too. It took a little while to find the "regionset" utility so that my DVD drive could read DVD's, but now, it works great. I even solved the problem with my ATI video card dropping frames, although I did have to load ATI's binary-only driver. WTF, it works, and, again unlike the Windows environment, I at least had a choice between using the FOSS driver and the proprietary. In this case, I chose proprietary because I perceived an advantage...this time.
So, yeah, it can be a pain getting everything set up for Linux, but the same can be said for Windows. I'd rather take my chances with Linux, because if I run into a roadblock, the answer is almost always found with a Google search. The same is not always true with Windows.
That's because we Americans like things big. Big cars, big houses, big cell phones...see, it all goes together.
Besides, which would you rather throw at a mugger? A tiny cell phone the size of a pencil eraser or a house brick? <grin>
Nak.
If it can "quantify the concentration of volatile organic compounds" in the air, it can determine if there is a sufficient quantity to produce a dangerous reaction. Somehow, I suspect that a bottle of nail polish remover does not contain enough acetone to be a real threat, but IANAC (...chemist) so I could be wrong.
However, given enough women carrying enough nail polish remover on board the aircraft, I suppose it could be a problem...
Even though I'm not a British citizen, nor do I reside in the UK, I *am* concerned by this law, because I can see the U.S. trying to enact something similar. HOWEVER, I strongly disagree with your argument, even though I agree with your position.
Kiddie porn is illegal, and for a very good reason. Moral issues aside, if an adult knowingly and willingly chooses to engage in the porn industry, that is one thing. But because a child can be coerced or bullied into participation much more easily than an adult, and even were the child not coerced, a child does not have the experience or wisdom to make an informed decision about whether or not to participate. Therefore, a child engaged in kiddie porn is a victim, whereas an adult (typically) is not.
If the creation of child pornography is heinous, can the consumption of it be any less? After all, it is the demand for such material that drives the supply; either child porn is created for, ahem, 1) "personal use" or 2) resale. In either case, a child was victimized for an adult's gratification, and that, quite simply is evil.
While I don't want to sugar coat terrorism, IMHO, yes, child pornography is at least as bad. A molested child endures a lifetime of suffering as a result of what occurred.
While you do have a point that it is possible to have "stuff on your hard disk that you didn't knowingly download" (unsolicited kiddie porn spam e-mail, for example), you would most likely also have the evidence to support your claim that it was, in fact, downloaded inadvertently (i.e., the spam mail itself, the HTML from the web page that included a hacked porn image, log files that someone accessed your machine/network). OTOH, if you *were* surfing illicit sites, that evidence would probably be available, as well.