I was speaking of installing windows updates and service-packs for Windows and other software. Let's say I want to install the same 150 Megs service pack on 5 PCs. With web cache I download it once from the remote server and the other PCs will get it from the local proxy cache of my IPCop at full LAN speed. BTW I found some info on cache size in O'Reily's "Squid: The Definitive Guide". The book says the following on hardware requirements:
"Because Squid uses a small amount of memory for every cached response, there is a relationship between disk space and memory requirements. As a rule of thumb, you need 32 MB of memory for each GB of disk space. Thus, a system with 512 MB of RAM can support a 16-GB disk cache. Your mileage may vary, of course. Memory requirements depend on factors such as the mean object size, CPU architecture (32- or 64-bit), the number of concurrent users, and particular features that you use. People often ask such questions as, "I have a network with X users. What kind of hardware do I need for Squid?" These questions are difficult to answer for a number of reasons. In particular, it's hard to say how much traffic X users will generate. I usually find it easier to look at bandwidth usage, and go from there. I tell people to build a system with enough disk space to hold 3-7 days worth of web traffic. For example, if your users consume 1 Mbps (HTTP and FTP traffic only) for 8 hours per day, that's about 3.5 GB per day. So, I'd say you want between 10 and 25 GB of disk space for each Mbps of web traffic."
"Moe Trin" wrote in message news: snipped-for-privacy@compton.phx.az.us...
Well, the anti-virus software I have, Avast, protects all the machines behind it as well. Anything coming into or out of the gateway machine is scanned for viruses, and if it detects a virus, the entire network is halted, until I log onto the gateway machine and acknowledge. In short, when a virus is detected, all network communications are halted. Avast is very good at protecting my network from viruses, maybe too good. For some reason, it thinks that PrecisionTime, from Gator, is a trojan, and Avast will sometimes halt the entire network, because it sees what it thinks was a virus. The only freeware version of WebWassher acts as a proxy, web filter, and popup blocker all in one. If you can still find the old freeware version out there, it is quite good. It also does not leave the gaping security hole that CyBlock did when I tried it. WebWasher can be configured so that only the machines in your subnet can access the proxy. Cyblock has no such security. I discovered this about a year ago, when I started seeing strange addresses in the logs. When I removed CyBlock, I no longer had the security hole. Wavecrest needs to do something about the security hole in their product, if they ever want to compete in the Web filtering business. If you choose CyBlock as your filtering solution, and use the software version, you MUST have a software firewall on the same machine, to restrict both incoming and outgoing traffic on CyBlock, restricting incoming traffic to your subnet, and outgoing traffic to ports 80 and 443. The kind of security restrictions that you need, if you are going to use CyBlock, without a gaping security hole in your system cannot be done with a hardware appliance. A hardware appliance would not be able to restrict incoming access to your subnet, or restrict outgoing traffic to ports 80 and 443. LIke I said elsehwhere, I am surprised that I never heard from Comcast when that security hole was there, becuase ALL ISPs, whether they be DSL, dial-up, cable, or whatever, frown upon open relays on their networks, because of the fact that the spammers take advantage of those. If you are going to have a gateway machine, A minumum of 512MB is a must. Also, turn off ICS, and use a third-party product, such as AllegroSurrf (it is a LOT more secure than Windows ICS).
CSU Sacramento, but they were working on a curriculum change, at the time, so things have likely changed, but back in 1999, we were taught everything you ever wantted to know about Windows networking. Like I say, they were working on a curriculum change at the time, so things have likely changed since then, but that is what was taught in 1999.
Well, windows XP runs quite slowly on anything less than 512MB of RAM, and the next Windows will require a 1 gigabyte of RAM, and a 64-bit processor to run, which is why I bought a 64-bit machine to use as the gateway machine. I am getting ready for Windows Longhorn, due out sometime next year.
NT4.0. Windows introduced NT 4.0 in 1996, and the networking course started using 4.0 in the 1998-1999 school year. Its something that filtered down from the computer science labs. The business school adopted NT 4.0, becuase it is more secure than Windows 95, and the machines in the computer labs could be locked down, something which could not be done under Windows 95. We were tuaght Windows NT, becuase that is what was, and still us, widely used in business.
They are tossing away some great employees if they are tossing any resumes that list Microsoft training.
Well, I know that the planned changes, that were talked about, included switching from Cobol to C, as the core proramming language. The computer science department was also preparing to switch from Pascal to C, as its coire programming language.
OK - I understood you to be serving to the Internet.
Many ISPs get rather snarky about home networks - mainly because they'll use any excuse to get more money out of the customer. Seems stupid, because proxies tend to reduce traffic, rather than increase it.
Comcast is almost as lax as SBC/SwBell/PacBell/Ameritech/SNET for policing their users - that's why they're in a lot of blocklists public AND private. We block low port access to almost all of Comcast, and only accept mail from five or six addresses total.
You keep forgetting we don't use toy applications.
Uhuh
You'll change. Several months ago, you were parroting that ICS was the total solution to the world's problem. Or have you forgotten that? Try looking at groups.google.com - you'll find others responding to you, trying to correct that misconception.
And you somehow think this lack of capability does not define it as an ill-functioning toy? You are deluding yourself.
Mighty interesting toys you are using. They won't work outside of your home network. Not that we have to worry about the virus de heure. You wouldn't either if you weren't using such insecure software.
If you learned how to configure your firewall you wouldn't need this.
As usual, when your toy firewall doesn't work, you blame something else. Charles, you shouldn't be using a computer connected to the Internet, as you don't have the first concept of how to protect it.
I don't use windoze - remember? I don't do toy software.
If your toy firewall can't be configured to protect you, get a better one.
Just because you can't figure out how to configure your toy firewall to prevent this problem doesn't mean that the newest newbie using a *nix can't do this. I don't even NEED a firewall to prevent that problem. Maybe you should learn something about IP addresses and routing commands. And yes, it's even possible to configure your dumb windoze box that way.
See how many blocklists you can identify listing comcast for their total lack of abuse prevention/correction.
How then does my 80386SX-16 with 8 Megs manage to do the job without even using swap? I guess Charles doesn't know anything about computers, wouldn't you say?
Was than an accredited course? Or something foisted off on the school as the price for cut-rate software? Was CSU so brain-dead as to have an obsolete windoze course - probably the NT 3.51 class from 1996. Because microsoft was unsure about the future, TCP/IP was an OPTIONAL method, not the default. As mentioned, they were 13 years behind everyone else. Quoting from "Supporting Microsoft Windows NT Server" from Microsoft Press (no ISBN - which figures, but a "1294 Part No. 097-0001373") page 227:
"The octets are divided into two pairs - the network ID and the host ID (as illustrated in the previous figure)."
which showed a ruler divided in two, with 16 bits for Network ID, and
16 for Host ID, and used the example 131.107.3.24 (131.107/16 being assigned to microsoft - wonder how many systems world wide got misconfigured to that address).
"If you do not plan on connecting to the worldwide Internet, you can use any valid network ID"
which is about as brain dead advice as you could ask for. RFC1597 (which was replaced by RFC1918) came out in March 1994. But, that's microsoft for you - totally unaware of EXISTING standards. Oh, and on page
228, they do speak of classful masks (book is copyright 1996 - so their concepts are only three years out of date). Oh, this is a jewel:
"For example, if your IP address is 131.107.126.88, and your network is a local area network, you use the default subnet mask for a class B address of 255.255.0.0."
Seeing as how you are posting from "a Class A" address, microsoft says your _sub_netmask should be 255.0.0.0. I'll bet you are using something other than that - proving microsoft knows even less about networking than my cat. By the way, do you know the difference between a network mask, and a subnet mask? Microsoft obviously doesn't. Do you wonder why HR tosses resumes that list official microsoft training, never mind certificates? (I suppose I shouldn't make fun of microsoft, but they make so many absolute blunders - some would call them 'lies' - and people like you blindly accept proven bullshit as if it were the nectar of the Ghods.)
Well, I suppose that might be why we don't have any CSU alum here. Heck, we've got two "programmers" from Cal Poly SLObis, and one of the techs attended (but didn't graduate) from San Jose State. I can't believe my (then) state tax dollars were being wasted on such crap.
I got rid of windoze before they invented networking so I don't know about any anti-priracy controls that microsoft may have added, but your concept is exact we're using. It works flawlessly. Our download cron job runs around 2 AM, when regional traffic is low. We get to audit the download for security during the following day. If the update is critical (rare), we can force it out onto the local systems immediately, but it normally waits until the regular cron update that runs before midnight.
It also depends on what else is running on the system.
Obviously that does depend on your users, but ours rarely spend that much time surfing the web. I checked with the guy who runs our Squid server, and we have two 33 Gig drives for about 1800 people.
If your Squid server is going to be that busy, I'd STRONGLY advise getting it off the firewall and onto a dedicated box behind the firewall.
3 machines behing it, with the tenacity of a pit bull. What other anti-virus software will completely halt all communications when it finds a virus? By halting all network communications, it stops the virus from spreading on the network, If you are serrious about protecting your network vrom viruses, you need to halt all network traffic as soon as a virus is derected.
Firewalls cannot block pop-ups. This is why I use the old freeware version of WebWasher as the main HTTP proxy. Its a proxy, web filter, ad blocker, cookie crusher, and popup blocker all in one. If you can still find the only freeware 3.x versions of WebWasher anywhere, I do recommend it. Also, the few companies that do allow Usenet need another freeware program, known as NewsProxy. It sits between your network and your news server, and blocks Usenet content you dont want on the network. If you choose not to block port 119, then you need this nifty little program. You can block out entire groups that would be inappropriate for the office (e.g. alt.sex.*, soc.sexuality.*). What will happen is that when someone tries to read anyh articles in a blocked group, no articles will come up, as NewsProxy will just simply intercept them all and drop them as they come in from the news server. If you allow Usenet in your workplace, you NEED this program. And this program uses suirprising little memory, compared to a lot of other programs, You 486 "lap dog", as you call it, would be able to run NewsProxy. All you would need to do is convert it to Windows (95 or later), install the program, configure it, and you are good to go. When I first had 95 in 1995, I started out running it on a 486 with only 8 Megabyes, and it ran OK, so your 486 with 12 megs should be able to run Windows 95, and NewsProxy.
If you are worred about spam, you might want to put a Windows machine on your network and use SpamBam. SpamBan acts as a mail filter between your network, and your mail server, and filters out messages from known spammers before they reach your inboxes.
I am surprised that you would not at least use Windows emulation to run Windows software. If you want to run Linux, there are some good Windows emulators on the market. Also, if you have any children at home, they are probably learning on Windows machines in school, so it would be nice to have Windows available at home so they can do their homework.
Linux also has the same type of certification program. If you use Linux, surely you would not tosee resumes that feature Linux certification. There a a number of specialized buisiness schools where you can get official certification for many platforms, but the biggest and most popular are Microsoft, Linux, Apple, and Novell. All the Indian casinos around here wont hire slot machine techniicians if they dont have Microsoft certification, becuase the slot machines are actually running Windows. I watched a technician boot one of the machines up at one casino some years ago, and it the Windows 95 startup screen came up, becuase the game came up, so I can see why. The entire slot machine netowrk at some of the Indian casinos are running Microsoft Networking.
What SpamBam does is delete mail from known spammers as each cmputer accesses the proxy. SpamBam does the job of fetching mail from the mail server, and it deletes anything that is on the "blacklist", before it ever sees the light of day in my inbox. The SpamBam mail proxy does the job of deleting spaam. Also, as I have said before, I did minor in Astronomy, and would like to open my own observatory someday. If and when I do, all the machines will be running Windows, as there is no Astronomy related software for Linux or Mac. There are no programs for Linux that could capture images from the telescopes, and store them. All the programs that tell what stars and planets are going to be up and when, are all WIndows-based. In short, there is no astronomy software avaialable for Linix/Unix systems. The observatory's computers will use the same firewall setup I use at home now. Routing will be by AllegroSurf, spam protection by SpamBam, and virus protection by Avast. The only difference will be filtering softare. While HTTP proxy will still be WebWasher, I will likely use something like Websense for web filtering, assuming it does not open up the same gaping security hole that CyBlock does. And unlike you, if I ever need to any IT staff, Microsoft certification will be a plus on any resume.
"Grove giveth and Gates taketh away." - Bob Metcalfe (inventor of Ethernet) on the trend of hardware speedups not being able to keep up with software demands
Actually, I'm quite happy to see windoze require more and more gigantic hardware. I can buy a year or two behind at a tenth the price and have performance several orders of magnitude greater. There are several computer stores in downtown (Phoenix) where I buy 'cast off' stuff from businesses here.
I understand microsoft has eliminated the old Blue Screen Of Death from XP. I'm told that when XP crashes now, it goes directly into a silent re-boot - sorta acting as if it were a hardware fault or momentary power outage instead of microsoft quality software. You might loose data when that happens, but that's not microsoft's problem - read the EULA.
My understanding is that NT4 will also not crash as often - you may be able to make it through a whole day without rebooting. At least that's what microsoft was advertising. Still, with 95 you probably learned to save your work frequently which is a good habit to get into.
Sorry, we need people who understand computers, not robots who wasted a great deal of their own money to memorize material from a book to pass a test that is irrelevant to the real world. We also used to toss people with Novell certification for the same reason. Novell was teaching their CNEs that thick net used RG-8 or RG-11 in spite of the fact that neither cable met the DIX specifications. Such errors would not only fail to work, but would get the company using them in trouble with the local fire marshal and invalidate their insurance. And I'll bet you don't know why, not that it matters.
One other thing I just remember. The old freeware version of WebWasher was made for Linux systems. Since you you Linux, you might want to see if you can still find the old 3.x versions of WebWasher anywhere. You can Web filtering, pop-up blocker, cookie-crusher, and ad-blocker all in one program. It was made for Windows, Mac, and Linux.
Not using windoze, we don't have to worry about that. Your solution is to bring back the productivity of win95 - has your company adopted your suggestion yet?
I prefer to keep my networks functional. That is what it's for. But then, that's another reason you weren't hired as a network admin.
Why not.
Even if I had a computer to run this toy application, why should I bother? If you set up your virus installer correctly, you wouldn't need that either.
Is this another toy application, or does it run on 'D-news' or 'innd'?
We do
Well, I know that microsoft hasn't invented news servers yet, but if you study RFC1036 from 1987, you'll discover that's been a non-problem for a long time. It's only a 19 page document, but you only need to read the last page and a half, specifically the third from last paragraph.
If I grep the news source file for Giganews (the news server I use at home), I see it has 1949 newsgroups with the word 'sex' in the name. If I do a grep on the news source file at work, I see none. If you read that RFC, you'll see how that's done by default.
If you think you need that program, you should fire your news-admin.
No, my lap doggy is a 386. I've got a 486DX2-66 that's used as the primary file server. The secondary file server (which is also the print server) is a 486DX-33, but that's the only non-Pentium family I have left. I just got a Pentium 266 with 64 Megs of RAM for five bucks - the owner says it's to slow for windoze. It has a 33 Gig drive - which should allow me to trickle down the file servers and retire the DX-33 (I suppose I could make it into a news server).
You really do need to see someone about that reading problem you are having. It's going to get you into lots of trouble with the auditors. The few companies I knew who tried win95 in 1995 or 1996 all went back to win3.1 because they couldn't keep the software running more than a few minutes at a time. It was far to unproductive for them.
What possible use could I have of windoze software??? Be realistic, but try to name one application that I could possibly find interesting, never mind useful?
Sunsite is a software repository - hosted by UNC.edu in Chapel Hill. Perhaps you remember the SIMTEL20 site at White Sands for DOS and windoze crap. That sunsite-ls-lR file is a recursive directory listing. I don't expect you to be able to understand anything as complex as Unix commands, but the first one tells me there were 716,396 different files on the server. The second command tells me that those 716,396 files total 54.229 Gigabytes. All free. And that doesn't include the distribution server, which has over a hundred different versions of Linux for download. And that's just one repository. There's also 'freshrpms.net', 'rpmfind.net', 'w3.org', or even 'freshmeat.net' all with different "stuff". And not one has a virus, spyware, or other crap so common in windoze.
So, I've got to ask again: What possible use could I have of windoze software???
You should pay attention to Leythos. As mentioned we don't need to use windoze software to be compatible. Bottom line - THERE IS NO NEED TO HAVE WINDOZE ON ANY COMPUTER. Harsh, isn't it? The only thing windoze does that my software can't to is to randomly crash, and get infected by every piece of malware on the net. Do you _really_ believe anyone needs that? I know there are millions of people who don't know any better, and think the windoze is useful, but they also believe in the reason their computers are infected is that there is a software fairy that installs malware when they aren't looking.
In all the years I have run computers I have had no virus, no trojan, no worm that got in, only a few outside system effects (sasser, winnuke, codered hitting my cicso router), which I quickly found solutions for. I know from which I speak.
And I speak: anytime you are setting up a network of windows machines, they need to communicate with the net only through a single firewall machine (they talk to it, it talks to the net). This firewall machine should be running linux, with either esmith or smoothwall firewall software. Keeping the firewall outside your windows machines means that no virus/trojan/worm/hacker has any chance at them and their extreme vulnerabilities until after it gets past the firewall (which has no performance impact on the other machines, running separately). This, along with a NAT router to outright block ports you just don't want open, is an almost perfect security combination against everything but trojans. Linux isn't perfect, but it's many orders of magnitude more secure than any windows, and thus makes the right choice for a firewall. Running only that one program on it, you don't need to be a neckbeard linux ghuru to use it.
And of course the one really good protection against trojans is a smart operator, who does not open attachments, does not let windows run anything stupid, like javascript (that's script, not java - two different things) or any activeX stuff, or let any email or news client execute attachments or inline code of any sort.
I've been using computers since 76, can say that I've NEVER been compromised in all that time - not run Linux for a firewall on any system yet.
Even a simple NAT device will block those attacks from your machine. If every internet user would just have NAT enabled on their ISP provided router we would all be a lot better off (by default).
What if they have used X-No-Archive, and you dont seem those posts before the 6-day period ends? Google now erases posts with X-No-Archive set to yes, after 6 days. Also, a lot of names can be common, that you can confuse them for someone else. You mgiht want to reconsider using Google Groups. Setting X-No-Archive to yes is also a good practice to make is less likely your Email address will be harvested by spammers.
I dont know about Diebold, but Washington Mutual runs their entire computer system on Windows. I knew a guy in college that did an internship helping to design the current system they run now. When WaMu bought out several other banks, they converted the networks of the banks they purchased from Unix/Linux to Windows, becuase they new owners believed that if Windows was absolutely necessary for business computing. WaMu is a strong believer in Windows, I was told so once by this one guy I knews that was working on desinging their network back in 1998. Kaiser Permenente, one of the biggest HMOs on the west coast, has Windows on all their workstations (currently Windows 2000). They use Wnidows workstations that use an IBM mainframe (they still have a few IBM terminals arond) as their gateway machine. So even if you have a non-Windows machine as your gateway machine, you STILL need Windows on the worktations.
They mostly use Windows XP now. The casinos I occasionally go to are all running Windows XP.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.