COM/CORBA/DCOP (was: Hello people. I have some questions)
Erno Kuusela
erno-news at erno.iki.fi
Tue Sep 4 20:49:05 EDT 2001
In article <9n292n01lg1 at enews3.newsguy.com>, "Alex Martelli"
<aleax at aleax.it> writes:
| "Erno Kuusela" <erno-news at erno.iki.fi> wrote in message
| news:kusne3hcry.fsf at lasipalatsi.fi...
||
|| "joy" and "nat" in the same sentence? ugh!
| With ipf/ipnat, the oxymoron of joyful nat'ting
| magically became possible:-).
but it's a fundamentally broken concept!
over here isps tend to sell ip connections with 10.x addresses + nat
as "internet" to people and then you can't do anything except
browse the web and read email.
there is a good rant about this and other internet breaking stuff
at <URL:
http://www.technetcast.com/tnc_play_stream.html?stream_id=311>.
i suppose it might be ok if you do it in the privacy of your
own home and don't impose it on hapless users who aren't aware
it breaks a lot of stuff.
|| btw, ipf is not in openbsd any more
|| (http://www.monkey.org/openbsd/archive/tech/0105/msg00266.html).
|| i hope they come up with a good replacement.
| Looks like they are (http://www.benzedrine.cx/pf.html) [...]
good to hear.
|| -- erno, still using ipfwadm on linux 2.4
| Funny, the only serious reason I can see to upgrade to 2.4.?
| (despite its dubious stability) is IPTables (it ain't ipfilter,
| but it does seem usable) -- well, unless you need to support
| some specific HW added in 2.4 wrt 2.2, I guess:-). That was
yeah, at the time i got this machine there were only workarounds for
bugs in the broken ide controller in 2.4... the stability is quite
good by now judging by following linux-kernel, but there are some
other bugs still.
| Of course, I'm not running any X (or other GUI-able stuff)
| on the router/fw/proxy box -- so it would have to be either
| curses (which I think I've entirely forgotten and would
| have to study anew!), or some X-client subset and another
| box on the LAN to provide the front-end -- but I worry about
| the security status of any out-of-box hookup: remember the
| scenario is that of a network currently under active and
| dangerous attack -- I'm no security expert, but surely I
| want to run *as little as possible* on the security-core
| box, and *nothing if possible* that depends on the network
| for security-crucial functions...? "The pieces that aren't
| there are those you know won't break", etc, etc".
well, putting X on the firewall doesn't make it any more or less
stable (unless you allow untrusted users shell accounts on it,
but you can't really defend someone with a shell account
from rootnig a unix box (including openbsd) anyway).
i've been pretty happy with running packet filtering on my single
computer i have at home, but then i don't attempt anything very
ambitious functionality wise.
-- erno
More information about the Python-list
mailing list