Follow Slashdot stories on Twitter


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Re:Agreed, though may I suggest (Score 1) 149

Thanks. I like the look of those a lot. It's a good deal cheaper than a similar Netgate device (my go to since they own PFSense). Only real area it looks like it would have notably worse performance would be VPN since it lacks AES acceleration. But so long as that isn't being used it should be around the same speed as the 4 core atoms Netgate uses.

I may think about one for home. I'll probably stick with my Edgerouter Lite since those Cavium chips just get lower latency than you can get in pure software at this point, but I am a bigger fan of PFSense than EdgeOS for sure.

Comment Agreed, though may I suggest (Score 1) 149

Moving to a better router? DD-WRT isn't as updated as it should be these days and has slow performance. Modern consumer routers are fast because they use packet acceleration tech built in to their chips. DD-WRT doesn't know how to do that (at least not that I've ever seen).

So what I recommend for geek types is go to three devices: Modem -> router -> wireless. You can repurpose your existing router as a WAP, or get a purpose built WAP. Either way, you don't do routing on it. Then get a purpose built router.

My top recommendation is a Ubiquiti EdgeRouter Lite. About $100 for a little wired 3-port device that'll pass a gig of traffic with low latency since it has packet acceleration and knows how to use it. It's a bit on the complex side and you can't do all setup through the GUI (IPv6 requires commandline work) but it is powerful, and they are pretty good at updating it. Runs a customized version of VyOS and provides you with access to all the low level stuff. You can compile your own shit for it if you like (is MIPS64 though).

If that isn't to your taste my second choice is PFSense. You can run that on anything x86 but the devices they sell on their site, made by Netgate, are great choices. Its more expensive to hit a gigabit speed because it runs all in software, and that also means its latency is higher. However that said I like the interface better and it is an exceedingly powerful and flexible firewall. It's updated regularly, you can buy professional support, and since it is software you can run it on anything, including a VM. Runs BSD underneath and you can get access to the low level if you want to mess with it.

Third choice would be a something like a Cisco RV340 or maybe RV320. It's the same general hardware as the EdgrRouter Lite, a Cavium Octeon processor which is MIPS64+packet processing, but with Cisco's OS whacked on. Easier to use overall, though not as flexible. Cisco tends to be ok with security updates. They use a slower CPU and less RAM so you aren't going to get a full gig, but they are pretty fast and are nice and low latency. Not too bad price wise either, like $150 for the RV320.

Comment Re:Ya, it's called IPSec (Score 1) 67

Oh ok, gotcha. In that case, I'd go for Private Internet Access. Their privacy rules are very good (in all cases we have to take the company's own statement on it), price is good, performance seems to be good, and it uses open standards for VPN connections. It also isn't like some where they are located in some minor island nation you've never heard of, they are in the US.

It's what I use and what my instructor at SANS recommended to someone else this week who asked the same question.

If you wanted to filter all systems though it you'd just need a router/fw that did it, again PFSense would do. It uses OpenVPN by default (can do IPSec as well) and PFSense supports that. Your internal systems talk to PFSense, have PFSense VPN to PIA and then set your routing to do over the VPN. Make sure outbound rules are properly configured so traffic is only allowed over VPN interface and you've got an automatic, transparent, system where all systems will communicate via the VPN. You can always change rules if needed to permit direct communication.

If you don't want a network box you can set up your OSes to auto-dial PIA on start. For Windows this is best accomplished with the inbuilt IPSec VPN client, on Linux OpenVPN works nicely (though either can do both). Again you set local firewall/routing rules to prohibit traffic over the local net and require the VPN to be up. Then just treat it like dialup from the old days.

So give PIA a look, they seem to do well.

Comment Because government like Internet (Score 3, Insightful) 139

It is getting hard to work in the world with no 'net access. The governments want to use it themselves for many reasons, including just entertainment for the party elite. So, cut that off and they are brought down to the level of their citizens, and that they don't like.

Sanctions can work when they can actually effect the powerful. If you can do something that makes their life worse, that has an effect on them, then they care. This is something that has the potential to do that.

No silver bullet, but nothing is.

Comment Re: oh no (Score 1) 416

A few years ago I came across my old BBS number during a Google search and decided to call it and see who answered.

It rings once and then...a modem sound.

Freaked me out until I discovered it was just a fax machine that actually blasted that noise on answering.

Comment Ya, it's called IPSec (Score 1) 67

With IPSec you can set up all kinds of policies as to what can communicate with what and you can, if you wish, encrypt all traffic, even over the local LAN. Be warned: It can get complex and you are going to need PKI set up if you want to have any realistic hope of managing it in an enterprise. However you can set things up so that all traffic is encrypted on the wires for all communications, and so that devices can only communicate with other devices of your choosing.

So for a simple setup you could have a firewall (PFSense if you want a cheap one) that talks to whatever your VPN/Proxy is. Then set IPSec policies so that all your computers talk only to it. All traffic will pass only through the PFSense (even internal traffic) and it'll all be encrypted (if you specify that). You set the firewall/routing rules on the PFSense and you can force all outbound traffic over the VPN, and decide what can talk to what inside.

That's a simplistic setup, and the firewall will be a bottleneck, but that's a simple startup. You then can do things like have system to system IPSec communication, more firewall, additional routing controls (on systems or the network) etc etc.

Comment Not only that (Score 1) 289

GM looks severely undervalued. What a "normal" P/E valuation should be varies depending on who you ask but usually in the realm of 14-20. In really bad bear markets indexes go down to like 7-10.

Well, GM is like 5. That would imply that it is quite undervalued at the moment.

So you have a very undervalued stock, compared to a stock that people are buying heavily on hyper/hope. That doesn't make for an accurate comparison. Sure Tesla has a bigger market cap... now compare earnings and get back to me.

Comment Wait you mean an ASIC is fast? Why I never! (Score 5, Informative) 91

Man is this a "duh" moment. Purpose built ASICs are extremely fast and low power for what they accomplish. That's why we use them. Look at a small desktop network switch: Little tiny processor that can pass 16gb/sec of traffic around. try and put 8 NICs in a computer and have it switch traffic and you'll be amazed at how much power you need. The reason the switch is small is it is purpose built: It's ASIC does nothing but switch Ethernet packets.

Same deal with some thing on a CPU. You find that decoding an AVC video stream takes next to no CPU power on modern CPUs, yet decoding an MPEG-2 video takes some. Why? Because they have a small bit of dedicated logic for AVC decoding (usually some other formats too). It is low power because it is dedicated.

Always the question in designing a system is flexibility and unit cost vs fixed function and up front cost. A CPU is great because it can do anything, and you can just buy them straight out, tons of companies have them available for purchase right now. However they take a lot of silicon and power to perform a given task. An ASIC takes a bunch of up front money to design and do a manufacturing run, but is very small and efficient, however it can't be reconfigured to do anything else and needs a full respin. In the middle there is something like an FPGA. Which one is right for a application just depends on the balance of a lot of factors.

Comment Ummmm... no (Score 1) 370

Some of these are a little valid but more are BS:

1) Sort of valid but then big screens are available at home these days. It is all about size vs distance, you don't need as big a screen if you are close.

2) Can be nice but can be hell. Yes watching movies with friends is nice (can do that at home) but other people are often inconsiderate.

3) ...what? You can be as focused, or not, as you want at home or at the theater.

4) This is just dumb.

5) This is not an advantage IMO. Not because I dislike good sound, but I have a big system at home that'll do THX reference (105dB SPL) levels. Thing is, my system is properly calibrated and set at the right level. Theaters, IMAX in particular, like to turn it up too loud. There is, in fact, a "right" level for movies they are encoded with absolute sound level data.

6) Fuck you.

7) I have less distributions at home. I can focus in on the movie with nobody else bothering me. At the theater, other people control how much focus I can have.

8) Wait, what? I'm not even sure what they are arguing. Also I'd say you get better quality time with a friend/loved one at home than in a theater.

9) I'm not sure if he's aware, but all major soda vendors sell their products at all major retailers. It proves to be very easy to get whatever brand of cola you like at home. 32oz cups are easy to buy as well.

10) Again, fuck you.

If these are the 10 best reasons, then theaters are doomed.

Comment It would hurt low income students most (Score 1) 364

Also, it isn't as though universities can just lower tuitions infinitely. There's waste and overspending to be sure, but then there is in everything, expecting perfect efficiency is foolish. However there are just a lot of costs. It is expensive to run something like a university, particularly if you want good people. I mean if you have someone who has a PhD in a desirable discipline like engineering or law or chemistry, and are talented researchers, well they have a lot of career options. You can't say "Ya we'll pay you $30k/year, that should do right?" There's tons of other costs like buildings, computers, etc, etc.

Someone has to pay. In the past, a lot of it was paid with tax dollars for public schools, however that has been a real, real popular source for state legislatures to cut. There are public universities with less than 20% of their budget coming from public funds. Well the money has to come from somewhere, so an increase in tuition it is.

You can't say "just make cuts" because cuts are going to have an effect. You can cut quantity, like reducing the amount of faculty, staff, and facilities in which case you can simply take less students, or you can cut quality, like cutting salaries (which leads to the best people leaving), cutting building maintenance, cutting lab supplies, and so on which leads to lesser quality education. However you can't demand that cuts be made but no difference manifest.

Comment That or they need to be minimum rate (Score 2) 364

I mean if lenders want a virtual guarantee of repayment ok, I can see arguments for why student loans are a somewhat special case... but then with that needs to come minimal interest. I'm talking like half a point, maybe 1 point, over the federal discount rate. You want a government enforced lifetime repayment guarantee fine, but you get a government enforced minimal rate of return for it.

If they aren't ok with that, they are always free to lend normally at whatever rate they choose, but subject to normal bankruptcy laws.

They way it is now though is BS.

Comment Also sometimes unions strike "just because" (Score 1, Interesting) 316

They want to show they are a force to be listened to, or they want to make their members feel like they are doing something. So they strike, even though they don't really have an attainable goal.

That happened here with the buses. They are Teamsters and they went on strike for two weeks more or less out of the blue. They weren't engaged in contract negotiations with the city and at a stalemate, they struck more or less right off the bat, at the behest of the national Teamsters. The demands were silly too in that one was something they could easily get, and the other was impossible. They wanted a clear shield (like Lexan) installed around the driver for dangerous routes, which was no problem the city was perfectly willing. However they also wanted a pay hike, which was impossible because the city budget was in the shitter at the time and there was no money.

At the end of two weeks the agreement was they'd get back pay for the two weeks they were on strike, and the shields would get installed at some point in the future. That was the end of it. It accomplished little other than to get more people annoyed with the bus service (it is not good here sadly) and to make the members feel as though their union had their back.

Sometimes unions go on strike after they've tried and failed to come to an agreement, however that isn't always the case.

Slashdot Top Deals

Like punning, programming is a play on words.