Bess does not filter by keyword, except
for search engine queries and results.
They filter by site URL.
For the "el-cheapo" service offered
to schools, there are only a few
combinations of categories available.
I've posted a recent copy of their list at:
http://pillars.net/~bobv/N2H2/categories.html
Bess catches a lot of flak for inaccurate
filtering becase people assume that if a
site is blocked, it's because Bess thinks
it is porn. Porn is only one of the
42 available categories. Another is
"Free Pages", which is on the
default blocking list for schools.
Reason for that is free webhosting
sites change so frequently that they
can't hope to keep up with them all,
so you get the option of just blocking
them in their entirety.
Since Bess is a proxy service, your
local network administrator should be
able to allow exceptions to the filter.
If you use Squid, the relevant keyword
is "AlwaysDirect".
(No, I don't work for them;
just a happy customer)
Dunno. I really liked it too, and I even read the book *first*. But then, I've never seen a Robin Williams movie that I didn't like. (Though I didn't particularly care for Mork&Mindy.)
Of all the movies I've seen in my lifetime that were based on books rather than screenplays, I'd say this one ranks about fourth or fifth as to how well it preserves the flavor and plot of the original story.
Sure, they through in a little sex, and sure it was juvenile. But hey, Hollywood *will* be Hollywood.
Well, I've got 1000kbit DSL, not "several 100Mbit interfaces". I suspect that many of the "enterprise-level" commercial firewalls would also fail your test.
Point is, I was able to cobble together something reasonably efficient for my purposes in less than an hour, including research and bugfixing. And I'm not a particularly talented coder.
Just out of curiousity, though, could you post a link to some documentation about the "ip rule" command and "rt-netlink" ? Never worked with either one.
Actually, I use file contents for the reason why it's blocked. So when I review my/var/log/kern.log and see a bunch of denied messages for the same IP, I look at the contents of that file to see how serious the issue is.
I needed to block a list of thousands of ip addresses at the firewall. Here's how I did it:
First, I read the sample code for how to implement user-space queueing. That's where you pass a packet to a user-space program so it can decide what to do with it. Then I made some trivial changes to that program so that it looks for a file in a certain directory with a name equal to the IP address in the packet header.
If the file exists (i.e. an open() call succeeds), then the packet is denied; otherwise it is allowed. Anytime I want to add a new IP address to the blocking list, I just create a file in that directory. Since I run reiserfs, the test for file existence is as efficient as a hashtable lookup, but much simpler to code.
Not as sophisticated as a commercial firewall program, but not as much overhead, either. (Simplistic) benchmarks show no significant increase in network latency. Works for me!
Have you ever tried to *buy* a certificate from any of those non-verisign CA's ???
I chased them all down last year (things might have changed since then) and there were exactly two (Verisign and Thawte) that offered certificates to the general public and weren't reselling certificates issued by one of the other CA's.
Now, if you happen to be part of the banking industry, your options widen a teensy-weensy bit, but for Joe Q. E-Commerce, there is only one option: Thawte/Verisign.
This is like arresting a drunken driver, then charging everyone else who drives the same model of Ford.
Actually, it's like closing down the restaurant whose valet who handed him the keys, knowing full well that the sop wasn't fit to drive. Sure, a lot of innocent customers will be mad, and the other valets who may have been more responsible are also out of a job, but them's the breaks.
what if your an ISP and your customers demand less spam?
That's like asking the postal service to deliver less junk mail.
No, because:
The spammers have to PAY the postal service to deliver their mail. This alone tends to limit the level of abuse.
The postal service doesn't worry about you switching to a different delivery service.
The courts provide specific remedies in the case of postal mail-abuse, including the right to have your name taken off the list, the right to know how they obtained your information, and the right to collect punitive damages in the case that your requests are ignored.
Delivery of junk-mail does not prevent delivery of legitimate mail, even if your mailbox is full.
The post office does not send you a monthly bill for the right to receive mail.
In short, any analogy comparing a sender-funded message service with a recipient-funded message service is poor logic.
I was wondering this too, and researching the answer when Netscape 4.76 vaporized, taking my accumulated notes with it.
(sigh)
Anyhow, it runs a Hitachi SH-4 processor at 200 Mhz, which according to one source (Won't look up the link again for fear of re-vaporization) specs at 360 MIPS and 1.4 GFLOPS. Apparently, it's of the same heritage as the Sun SPARC processors. You won't find a bogomips rating because the author of the port had to comment out the bogomips testing code in order to get the kernel to compile.
Do a Google search for "Dreamcast Bogomips" and "Hitachi SH-4" and you'll find plenty of info.
However, based on previous experience on an UltraSparc with probably double the performance, I'd say about one kernel per hour, YMMV.
Guy who works next to me used to work for VA Beach. He says that part of the problem is that the financial records (Purchase Orders) often say, "Computer stuff", or simply "Stuff" rather than specifying exactly what was purchased.
Sales receipts typically aren't any better.
Last he heard, they had bought a $70,000 application (including hardware) to keep track of licenses so they don't get caught with their pants down twice.
I set up Xfree 4.0 on a Debian system. Wasn't too hard. Only thing is, I can't figure out how to get the truetype support running.
Before I start reading through source code (already read the docs) can anybody point me to some relevant documentation? Like on a webpage or howto somewhere?
Before somebody starts telling me about xfstt/xtt/xfsft/etc, I already had truetype support working under xfree 3.3.6. But the 4.0 server is supposed to support truetype natively. I'm interested in getting the native support working. Has anybody here done that?
The government (at least in my area) is willing to hire tech workers with much less documentable experience than private contractors. Once you're in, they'll let you take on as much as you can handle, but there's absolutely no incentive for you to do so.
In a nutshell, the best way to take advantage of the situation is to get hired in, get as much experience and training as you can for the first year or two, then get the heck outta there before laziness sets in.
The NAF entity I work for bleeds talent like crazy. They're afraid to develop anything new in-house, because they know that anybody good enough to do the job won't be staying for long.
I'm on my second government job. Looking forward to the end of my first year when I can start sending out resumes to private industry again.
I'd like to respond to all of the poor suckers who assume that public transportation is somehow "cheaper" or "more "efficient" than private transportation. Most of them are in this thread, so here goes.
It isn't.
Don't believe me? Check your figures. Ask your local bus driver or subway attendant just what percentage of their company's operating expenses are covered by fares.
It's almost certainly less than ten percent.
Probably MUCH less than ten percent.
Then figure out what your fare would be if it wasn't government-subsidized.
Then figure that it probably costs between 20 and 50 cents a mile if you used private transportation (your old beater) rather than public transportation.
Then drive your old beater. It's cheaper any day of the week. Even in New York.
The fact is, that the socialists (the REAL socialists: the policy-makers) don't want to rub noses with the masses, so their "solution" to the "traffic congestion problem" is to put all you poor people on the bus, so they get most of the roads to themselves.
So what if it costs more? They'll just raise the taxes until they cover the operating expenses.
Slashdot Mirror
-
Bess does not filter by keyword, except
for search engine queries and results.
They filter by site URL.
-
For the "el-cheapo" service offered
to schools, there are only a few
combinations of categories available.
I've posted a recent copy of their list at:
http://pillars.net/~bobv/N2H2/categories.html
-
Bess catches a lot of flak for inaccurate
filtering becase people assume that if a
site is blocked, it's because Bess thinks
it is porn. Porn is only one of the
42 available categories. Another is
"Free Pages", which is on the
default blocking list for schools.
Reason for that is free webhosting
sites change so frequently that they
can't hope to keep up with them all,
so you get the option of just blocking
them in their entirety.
-
Since Bess is a proxy service, your
local network administrator should be
able to allow exceptions to the filter.
If you use Squid, the relevant keyword
is "AlwaysDirect".
(No, I don't work for them; just a happy customer)Of all the movies I've seen in my lifetime that were based on books rather than screenplays, I'd say this one ranks about fourth or fifth as to how well it preserves the flavor and plot of the original story.
Sure, they through in a little sex, and sure it was juvenile. But hey, Hollywood *will* be Hollywood.
Point is, I was able to cobble together something reasonably efficient for my purposes in less than an hour, including research and bugfixing. And I'm not a particularly talented coder.
Just out of curiousity, though, could you post a link to some documentation about the "ip rule" command and "rt-netlink" ? Never worked with either one.
True, it was a quick hack. I used open() out of habit for portability, but that's a moot point here, eh?
Actually, I use file contents for the reason why it's blocked. So when I review my /var/log/kern.log and see a bunch of denied messages for the same IP, I look at the contents of that file to see how serious the issue is.
I needed to block a list of thousands of ip addresses at the firewall. Here's how I did it:
First, I read the sample code for how to implement user-space queueing. That's where you pass a packet to a user-space program so it can decide what to do with it. Then I made some trivial changes to that program so that it looks for a file in a certain directory with a name equal to the IP address in the packet header.
If the file exists (i.e. an open() call succeeds), then the packet is denied; otherwise it is allowed. Anytime I want to add a new IP address to the blocking list, I just create a file in that directory. Since I run reiserfs, the test for file existence is as efficient as a hashtable lookup, but much simpler to code.
Not as sophisticated as a commercial firewall program, but not as much overhead, either. (Simplistic) benchmarks show no significant increase in network latency. Works for me!
To which I instantly responded,
As of this moment, what manufacturers don't support CPRM?
Of those, which would you buy from, personally, and why?
<toungue location="cheek">
--I can think of a *lot* of government organizations that I wish would go to mars.
</tongue>
Youessicium ?
I chased them all down last year (things might have changed since then) and there were exactly two (Verisign and Thawte) that offered certificates to the general public and weren't reselling certificates issued by one of the other CA's.
Now, if you happen to be part of the banking industry, your options widen a teensy-weensy bit, but for Joe Q. E-Commerce, there is only one option: Thawte/Verisign.
Depends on what kind of network connection the desert island had. 56k? T-1? T-3? Fiber?
Locks are to keep lazy people honest.
I seem to remember an article about this...
Actually, it's like closing down the restaurant whose valet who handed him the keys, knowing full well that the sop wasn't fit to drive. Sure, a lot of innocent customers will be mad, and the other valets who may have been more responsible are also out of a job, but them's the breaks.
No, because:
In short, any analogy comparing a sender-funded message service with a recipient-funded message service is poor logic.
I was wondering this too, and researching the answer when Netscape 4.76 vaporized, taking my accumulated notes with it.
(sigh)
Anyhow, it runs a Hitachi SH-4 processor at 200 Mhz, which according to one source (Won't look up the link again for fear of re-vaporization) specs at 360 MIPS and 1.4 GFLOPS. Apparently, it's of the same heritage as the Sun SPARC processors. You won't find a bogomips rating because the author of the port had to comment out the bogomips testing code in order to get the kernel to compile.
Do a Google search for "Dreamcast Bogomips" and "Hitachi SH-4" and you'll find plenty of info. However, based on previous experience on an UltraSparc with probably double the performance, I'd say about one kernel per hour, YMMV.
4x and 12x the speed you'd need to READ it in order to play the music without skipping.
Sales receipts typically aren't any better.
Last he heard, they had bought a $70,000 application (including hardware) to keep track of licenses so they don't get caught with their pants down twice.
Before I start reading through source code (already read the docs) can anybody point me to some relevant documentation? Like on a webpage or howto somewhere?
Before somebody starts telling me about xfstt/xtt/xfsft/etc, I already had truetype support working under xfree 3.3.6. But the 4.0 server is supposed to support truetype natively. I'm interested in getting the native support working. Has anybody here done that?
The government (at least in my area) is willing to hire tech workers with much less documentable experience than private contractors. Once you're in, they'll let you take on as much as you can handle, but there's absolutely no incentive for you to do so.
In a nutshell, the best way to take advantage of the situation is to get hired in, get as much experience and training as you can for the first year or two, then get the heck outta there before laziness sets in.
The NAF entity I work for bleeds talent like crazy. They're afraid to develop anything new in-house, because they know that anybody good enough to do the job won't be staying for long.
I'm on my second government job. Looking forward to the end of my first year when I can start sending out resumes to private industry again.
Well, there's Guido...
One more version to go before they can cash in on the nostalgia of all those Speed Racer fans.
It isn't.
Don't believe me? Check your figures. Ask your local bus driver or subway attendant just what percentage of their company's operating expenses are covered by fares.
It's almost certainly less than ten percent.
Probably MUCH less than ten percent.
Then figure out what your fare would be if it wasn't government-subsidized.
Then figure that it probably costs between 20 and 50 cents a mile if you used private transportation (your old beater) rather than public transportation.
Then drive your old beater. It's cheaper any day of the week. Even in New York.
The fact is, that the socialists (the REAL socialists: the policy-makers) don't want to rub noses with the masses, so their "solution" to the "traffic congestion problem" is to put all you poor people on the bus, so they get most of the roads to themselves.
So what if it costs more? They'll just raise the taxes until they cover the operating expenses.