You should really list your needs before you pick a firewall.
Do you just need a packet filter, to block incoming SYN packets?
Or are looking at an application firewall with anti-virus e-mail scanning, web caches, VPN's, seperate DMZ's for your servers, authentication with OTP's and tokens, etc?
Evaluating a signature... would have to be done on each load of an executable
No, it wouldn't. The kernel should cache the hashes of binaries that have already been verified. So you get the performance hit only once (given a sufficiently large cache, RAM is cheap) per reboot or replaced binary.
The reason that no single company offers support for every piece of open source software in existence is because it's impossible. Just as nobody supports all commercial software. You just can't learn everything. And most open source software sucks (!), so most of your learning would be a waste of time.
If you want to make money in this business then you should focus on the quality OS software, like Linux, Bind, Sendmail, Apache. There's 99% of your market, right there.
Have you tried the http://www.taniwha.org.uk/ scripts that everybody else recommends? They are not dependant on GPRS and should work just as well with GSM Data. I don't have OSX/Bluetooth myself, so I can't verify this.
Can I use my t68i to dial up my already existing ISP? I know it will be slower, but under my plan it would be more cost effective.
Yes, that's how you connect while you're not in a GPRS covered area. The phone would be rather useless if it didn't have GSM Data, because few people have GPRS subscriptions and a very small part of Earth have GPRS coverage. Roaming is more or less non-existant.
But to determine the cost effectivness you have to consider how much data you will send, because GPRS doesn't have a time charge, only data charge.
Most current NIC's have two MAC's. A hard MAC in PROM that is not easily changed and a soft MAC that can be changed in software. This gaming software installs on your computer, and it can therefor get the hard MAC from your NIC.
The only way to defeat such software is to debug it and remove the MAC test. It takes real skill with a debugger, but once it's done everybody can get a copy of that MAC test removal tool.
And then the game server programmers change the test so that the tool breaks. And then the tool changes so that it works again...
Compare with virus/anti-virus evolution. Two groups of programmers trying to control your machine.
The fact that a single person doesn't know it completely shouldn't be relevant
But it is. The human mind can be understood on the neuron level, but that doesn't mean that you can predict his dreams. Complexity makes all the difference. And I agree with your view on Turing.
My thoughts about machine intelligence are basically those of Alan Turing. If it passes a Turing test, then it's intelligent. I don't have to understand how it works, and I probably won't understand it when (if) it happens. I am actually close to the mystic theory, that an intelligent system must have the capacity to surprise me, and therefor I cannot fully understand it.
You could make the argument that no single human fully understands a Xeon processor either. Computers are already so complicated that it takes another computer to design one. And Fritz can certainly surprise me, so he passes that test at least.:-)
First you are saying that to determine the intelligence of a system you must first understand it.
Most people who don't believe in machine intelligence would take the opposite point of view, and say that any intelligent system must have a mystic part that cannot be fully understood by humans. Once they understand it, they will consider it as just calulation. Is that your opinion as well? Don't you realize that your belief system is based on a contradiction?
We have to consider how the program works to judge how "intelligent" it is.
Why is that? Nobody knows how the human mind works, but still there are IQ tests for humans. It is perfectly possible to measure something without understanding it.
Did you contact Fujitsu in Germany, or did you contact their European support center in England, as I suggested? The German retailer is obviously more interested in selling their own stuff, so they might not tell you the truth (or even know the truth).
I have had my Bangkok bought Asian model Toshiba Libretto repaired by Toshiba in Sweden, free of charge. They didn't even ask why my receipt was from Thailand. Worldwide warranty means just that.
If you buy Asian laptops in Europe then you should probably do your shopping in Asia, not in America.
Laptops usually comes with worldwide warranties. After all, its obvious that they will be used by travelers.
Try getting in touch with their european support center and ask about it. They should be more used to such questions than your local retailer is.
Europe, Middle East and Africa: Fujitsu Siemens Computers Help Desk Phone: +44(0) 1344-475125 Help Desk Fax: +44(0) 1344-475554 Help Desk Email: hotline_europe@fujitsu-siemens.com Business Hours: 9:00am - 5:00pm (GMT)
Re:Check GnuPG, an excellent subset
on
PGP Acquired From NAI
·
· Score: 3, Informative
Yes, an IDS, a firewall, an encrypted email client, and an encrypted filesystem
Have you actually tried running them together? Like configuring PGPfire to block everything that wasn't authenticated in PGPvpn. You can't do it. There is no interaction between PGPvpn and PGPfire.
SSH Sentinel isn't sold as a firewall, just a VPN solution, but it allows you to block any traffic that you don't have a VPN definition for. I'll take SSH any day over PGP, and it's also free for non commercial use.
This is not necessarily more secure. The server admin cannot easily force users to use good pass phrases on their private keys. And if the encrypted private key gets stolen then the theif can brute force the pass phrase offline.
The best security is a private key on a smart card, and users who will report the loss of the card immediately.
BGP4 has nothing to do with dropping rfc1918 source addresses. BGP4 is used for routing on destination address only, not source address. As the above traceroute showed packets from 10/8 are routed just fine.
For the original poster, you don't need to filter packets with rfc1918 source addresses.
Machines using hot standby IPs are in the same place
You don't know that. The technology for long distance disk mirroring (optical fibre) can also be used for clustered IP's. Setting up a Linux cluster at home is cheap enough and if your house is on fire then you have worse problems than e-mail availability... --
netscape w/128 bit encryption and gnupg are already included in Red Hat Linux 6.2 as these don't have issues with the RSA patent
Sorry, I hadn't noticed that. But since you already have crypto in RedHat, then why don't you have loopback encryption and IPsec? They don't have RSA issues either. -- --
Six month after RedHat 6.2 (April 10) is in October. The RSA patent ends on September 20, so you would have three weeks for a ReleaseCandidate with full crypto.
Is there any reason not to include RSA encryption in the final 7.0 release? It would make sense to have a major release when you can include mod_ssl, netscape-128, ssh, pgp, etc...
Slashdot Mirror
You should really list your needs before you pick a firewall.
Do you just need a packet filter, to block incoming SYN packets?
Or are looking at an application firewall with anti-virus e-mail scanning, web caches, VPN's, seperate DMZ's for your servers, authentication with OTP's and tokens, etc?
Different needs. Different solutions.
How much staff do you have? Any *nix experts?
Dude I don't think you are going to get 24Dbi from a pringles can.
It's not 24Dbi from a Pringles can. It's 24 DBi from a dish with a Pringles can as a feedhorn. Given the right dish, it should be possible.
Evaluating a signature ... would have to be done on each load of an executable
No, it wouldn't. The kernel should cache the hashes of binaries that have already been verified. So you get the performance hit only once (given a sufficiently large cache, RAM is cheap) per reboot or replaced binary.
The reason that no single company offers support for every piece of open source software in existence is because it's impossible. Just as nobody supports all commercial software. You just can't learn everything. And most open source software sucks (!), so most of your learning would be a waste of time.
If you want to make money in this business then you should focus on the quality OS software, like Linux, Bind, Sendmail, Apache. There's 99% of your market, right there.
I have seen math professors who would kill for a tablet PC. They still write their equations with pen and paper, because keyboard input really sucks.
Have you tried the http://www.taniwha.org.uk/ scripts that everybody else recommends? They are not dependant on GPRS and should work just as well with GSM Data. I don't have OSX/Bluetooth myself, so I can't verify this.
Can I use my t68i to dial up my already existing ISP? I know it will be slower, but under my plan it would be more cost effective.
Yes, that's how you connect while you're not in a GPRS covered area. The phone would be rather useless if it didn't have GSM Data, because few people have GPRS subscriptions and a very small part of Earth have GPRS coverage. Roaming is more or less non-existant.
But to determine the cost effectivness you have to consider how much data you will send, because GPRS doesn't have a time charge, only data charge.
Most current NIC's have two MAC's. A hard MAC in PROM that is not easily changed and a soft MAC that can be changed in software. This gaming software installs on your computer, and it can therefor get the hard MAC from your NIC.
The only way to defeat such software is to debug it and remove the MAC test. It takes real skill with a debugger, but once it's done everybody can get a copy of that MAC test removal tool.
And then the game server programmers change the test so that the tool breaks. And then the tool changes so that it works again...
Compare with virus/anti-virus evolution. Two groups of programmers trying to control your machine.
But it is. The human mind can be understood on the neuron level, but that doesn't mean that you can predict his dreams. Complexity makes all the difference. And I agree with your view on Turing.
My thoughts about machine intelligence are basically those of Alan Turing. If it passes a Turing test, then it's intelligent. I don't have to understand how it works, and I probably won't understand it when (if) it happens. I am actually close to the mystic theory, that an intelligent system must have the capacity to surprise me, and therefor I cannot fully understand it.
:-)
You could make the argument that no single human fully understands a Xeon processor either. Computers are already so complicated that it takes another computer to design one. And Fritz can certainly surprise me, so he passes that test at least.
Most people who don't believe in machine intelligence would take the opposite point of view, and say that any intelligent system must have a mystic part that cannot be fully understood by humans. Once they understand it, they will consider it as just calulation. Is that your opinion as well? Don't you realize that your belief system is based on a contradiction?
We have to consider how the program works to judge how "intelligent" it is.
Why is that? Nobody knows how the human mind works, but still there are IQ tests for humans. It is perfectly possible to measure something without understanding it.
If it talks like a duck...
Did you contact Fujitsu in Germany, or did you contact their European support center in England, as I suggested? The German retailer is obviously more interested in selling their own stuff, so they might not tell you the truth (or even know the truth).
I have had my Bangkok bought Asian model Toshiba Libretto repaired by Toshiba in Sweden, free of charge. They didn't even ask why my receipt was from Thailand. Worldwide warranty means just that.
If you buy Asian laptops in Europe then you should probably do your shopping in Asia, not in America.
I bought my latest laptop in Bangkok. I can recommend the laptop shop Global Solutions in Pantip Plaza.
Laptops usually comes with worldwide warranties. After all, its obvious that they will be used by travelers.
Try getting in touch with their european support center and ask about it. They should be more used to such questions than your local retailer is.
Europe, Middle East and Africa: Fujitsu Siemens Computers
Help Desk Phone: +44(0) 1344-475125
Help Desk Fax: +44(0) 1344-475554
Help Desk Email: hotline_europe@fujitsu-siemens.com
Business Hours: 9:00am - 5:00pm (GMT)
Have you actually tried running them together? Like configuring PGPfire to block everything that wasn't authenticated in PGPvpn. You can't do it. There is no interaction between PGPvpn and PGPfire.
SSH Sentinel isn't sold as a firewall, just a VPN solution, but it allows you to block any traffic that you don't have a VPN definition for. I'll take SSH any day over PGP, and it's also free for non commercial use.
Did you actually finish RTCW? There are plenty of sci-fi guns and strange creatures there, just like in any Doom/Quake game.
CS is pseudo-real.
>use login with key instead of passwords
This is not necessarily more secure. The server admin cannot easily force users to use good pass phrases on their private keys. And if the encrypted private key gets stolen then the theif can brute force the pass phrase offline.
The best security is a private key on a smart card, and users who will report the loss of the card immediately.
BGP4 has nothing to do with dropping rfc1918 source addresses. BGP4 is used for routing on destination address only, not source address. As the above traceroute showed packets from 10/8 are routed just fine.
For the original poster, you don't need to filter packets with rfc1918 source addresses.
Recent versions of Ghost can write the image directly to bootable CDR. That's the cheapest and most compatible storage media there is.
--
Machines using hot standby IPs are in the same place
You don't know that. The technology for long distance disk mirroring (optical fibre) can also be used for clustered IP's. Setting up a Linux cluster at home is cheap enough and if your house is on fire then you have worse problems than e-mail availability...
--
I'm the only person I know with a home LAN (and I'm not the only geek I know)
Yes you are. There is no such thing as an non wired geek.
--
netscape w/128 bit encryption and gnupg are already included in Red Hat Linux 6.2 as these don't have issues with the RSA patent
Sorry, I hadn't noticed that. But since you already have crypto in RedHat, then why don't you have loopback encryption and IPsec? They don't have RSA issues either.
--
--
Six month after RedHat 6.2 (April 10) is in October. The RSA patent ends on September 20, so you would have three weeks for a ReleaseCandidate with full crypto.
Is there any reason not to include RSA encryption in the final 7.0 release? It would make sense to have a major release when you can include mod_ssl, netscape-128, ssh, pgp, etc...
--
Slashdot may not be quite as reliable as going to CNN.com - L. Torvalds
"Al Gore invented the Internet" -- CNN.com