×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

11 Trillion Gallons of Water Needed To End California Drought

jasno Re:And on the plus side... (322 comments)

No, that's not desert. CA has deserts, but most of the state is not a desert and certainly coastal southern california and the southern san jaquin valley are not deserts. They may be dry, but they ain't deserts.

I always cringe when I see stories about CA water conditions because they bring out comments like yours that try to redefine the meanings of words like desert and drought.

2 days ago
top

11 Trillion Gallons of Water Needed To End California Drought

jasno Re:Touch our great lakes (322 comments)

Well if you anchor the pumping stations to the ocean floor you can probably use tidal action and some one-way valves(like you have in the blood vessels in your legs) to have a distributed pump. Freshwater is lighter than salt water, right? I'd try to use that desity difference to drive the flow.

2 days ago
top

11 Trillion Gallons of Water Needed To End California Drought

jasno Re:Touch our great lakes (322 comments)

I wonder how feasible it would be to grab freshwater from the mouth of the columbia river and transport it via flexible, non-rigid tubing laid on the seafloor through the SF bay and up to the CA aqeduct? I bet you could lay it fairly cheaply and you wouldn't need to worry about real estate prices.

3 days ago
top

11 Trillion Gallons of Water Needed To End California Drought

jasno Re:And on the plus side... (322 comments)

No, CA is not "mostly desert". Not even close.

3 days ago
top

Vinyl Record Pressing Plants Struggle To Keep Up With Demand

jasno both subjective and objective... (433 comments)

I always hate these kinds of discussions when there are too many engineers in the room. Of course, digital is better. You can prove it with Nyquist's theorem. In the long run, digital will win.

That said, there are numerous implicit signal-changing steps which tend to happen with analog equipment that people often find pleasing and which are not/haven't been sucessfully emulated in most digital audio equipment.

Take guitar amps. I've got a couple of decent Roland digital amps. They do an OK job of modelling a few different old tube amps. Do they sound like my friend's old blackface quad reverb? Oh god no. There is some magic going on there that the digital guys haven't figured out how to reproduce. Even vs. odd harmonics? Yeah I think we get that now, but there's more in there and we're not successfully modelling it. I can enumerate a lot of factors we're probably missing(power supply brownout at high volume, capacitive and inductive feedback loops, tube nonlinearities, transformer nonlinearities, temperature fluctuations, microphonic components... etc etc etc) but there are still more we haven't really considered yet.

That said, there are still people who prefer solid-state guitar and HiFi sound to analog colored sound. A lot of it is what you're used to. People hear different things, sometimes due to culture, sometimes due to physiology... it's complicated.

Back to vinyl records - they do have a nicer sound in many cases, clicks and pops aside. It's probably a result of the RIAA EQ and the physics of a needle riding over vinyl, but I don't really know. One thing I do think has value is the act of listening to a complete record. Not only are you appreciating the artists' complete work as they intended it, the ritual of listening to a record often entails setting aside time and space to solely enjoy that record. You can't compare listening to, say, Dark Side of the Moon, while lying on your couch in a dark room to listening to a few out-of-context songs on your headphones while riding a bus.

Whatever... we aren't going to solve this battle on /.

about a week ago
top

Tour the Vintage Radio and Communications Museum - Part Two (Video)

jasno If you like this... (14 comments)

you're probably autistic... haha...

ok, seriously, if you like this and you live in San Diego, why not check out something similar(albeit with a mechanical bent): http://www.craftsmanshipmuseum...

about a week ago
top

Linux On a Motorola 68000 Solder-less Breadboard

jasno Re:Nice... (147 comments)

Good point about the socket strips.

The point? Well, it gives you an appreciation for digital layout(crosstalk, trace capacitance, etc). You also understand intimately how the pieces fit together, so when you encounter them in an integrated package you have a better feeling for what's going on. I get you though - I wouldn't try to use a wirewrapped 68k for anything I need to rely on.

about a month ago
top

Linux On a Motorola 68000 Solder-less Breadboard

jasno Nice... (147 comments)

Getting it working on a breadboard is no small feat. Kudos. I'm sure it helps to only run at 2MHz.

Rather than, as has been suggested, spin a PCB for it, why not try wire-wrapping next time? Less capacitance than a breadboard and a bit more permanent.

Back at DeVry(haha) we built 7MHz 68k systems using wirewrap. Great times. I freaking love 68k assembly. We(well, the smart ones) also used 22V10 PALs for address decoding to save on 74 series logic chips.

Another next step - find a chip with an MMU so you can run real linux. I think a 68020 or '030 has one. Much higher clock speed too. The pin density is still low enough(I think it's 0.1 but in a grid) that you can work with it. Check old electronic stores' back shelves for sockets.

about a month ago
top

Crowdfunded Linux Voice Magazine Releases First Issue CC-BY-SA

jasno Re:Slashdot (62 comments)

Don't get me wrong, reddit sucks... it's just better than slashdot in some of the technical subreddits.

about a month ago
top

Crowdfunded Linux Voice Magazine Releases First Issue CC-BY-SA

jasno Re:Slashdot (62 comments)

The smart folks left /. years ago.

I still use /. as a news aggregator, as they *sometimes* post stories that I don't find elsewhere.

In the olden days you'd find some real insights in the comments section. Nowadays you're better off on reddit(*shudder*).

about a month ago
top

'Microsoft Lumia' Will Replace the Nokia Brand

jasno Microsoft... (150 comments)

Microsoft should really consider a re-org that puts their consumer focused products(xbox, phones, etc... not the windows OS though) in a separate division with a different name.

Put aside all of your feelings for Microsoft and just consider for a second how terrible a name like Microsoft is when it comes to cool, fashionable devices. Micro... soft... that's not a name I'd like associated with any kind of status symbol purchase. Sure, it's fine in the enterprise software space where image is less important, but if they ever want to seriously consider competing in the personal electronics space they'll need to change not only their branding but their name.

about 2 months ago
top

OS X 10.10 Yosemite Review

jasno Re:Well, no one else here said it yet... (305 comments)

Nope, just an old ('08?) 24" iMac. I'm not sure retina would make their poor color choices(the blue folders are horrendously loud) or lack of gradients/shadows.

Nope, didn't backup. It's the wife's desktop, so if it died, nothing of importance would be lost. Besides, I backed up a few months ago when I upgraded to a SSD.

about 2 months ago
top

OS X 10.10 Yosemite Review

jasno Well, no one else here said it yet... (305 comments)

Upgraded yesterday. I can't comment on the internal changes, but IMHO the new look is ugly. It even looks like the 'X' in the close button isn't centered. I want my old look back.

about 2 months ago
top

New MRI Studies Show SSRIs Bring Rapid Changes to Brain Function

jasno Re:Interesting (138 comments)

I've tried taking SSRIs a few times over the years for depression/anxiety/OCD. I haven't been able to last longer than 36 hours. I feel like I am experiencing all of the anxiety and uncontrolled mental energy of LSD without any of the good feelings or positive emotions. I think I have a wacko serotonin system. Tramadols get me reallly high(like taking an E pill) and I am very sensitive to serotonin-system drugs like LSD and psilocybin.

about 3 months ago
top

Dell Demos 5K Display

jasno Re:In other news: Are 4K displays worth getting ye (204 comments)

A lot of folks at work are switching to these and they seem happy.

I'm going for a stand-up desk first. I'll look into the 4k monitor early next year and see how things are then.

about 3 months ago
top

DoT Proposes Mandating Vehicle-To-Vehicle Communications

jasno Fancy cars... (261 comments)

People wonder how we'll ever convince Americans to give up ownership and switch to rented, self-driving cars...

We'll do it by:
a) Jacking up insurance rates on people who still want to drive
b) Jacking up the price of vehicles by mandating expensive equipment

In 30 years, you won't be able to afford a car, much less afford to drive it. I'm not making a moral judgement here, I just think it's bound to happen.

about 4 months ago
top

Climate Damage 'Irreversible' According Leaked Climate Report

jasno Re:Impacts (708 comments)

I don't have a dog in this race, but I've got to point out that California is actually in a relatively wet period and if it returns to it's formerly dry state then California will be fine. The people, maybe not so much, but California has been much drier in the past.

about 4 months ago
top

Linus Torvalds: 'I Still Want the Desktop'

jasno Re:Well, you have mine. (727 comments)

Yep... and my work machine as well. It all depends on the apps you use. If you are like most people nowadays and only need a web browser then Linux is probably sufficient as a desktop OS.

I should admit that my work desktop does host a windows 7 VM, but that's only because my company chose an IE-only solution for our timetracking tool.

about 3 months ago
top

Put Your Code in the SWAMP: DHS Sponsors Online Open Source Code Testing

jasno Re:Looks good to me (67 comments)

I had a feeling someone would say something like this...

According to TFS, the program is for open source code. You know, the code that is already open and scannable by a web crawler. If the NSA wanted to do this for nefarious purposes(and I'm sure they do), they would have(and probably have) started their own program years ago. They don't need you to upload your open source project for them.

I'm willing to bet the NSA has all the closed-source software source they want as well. I doubt my company's shitty security, for example, is any hindrance to them.

about 5 months ago

Submissions

jasno hasn't submitted any stories.

Journals

top

Firewall config

jasno jasno writes  |  more than 10 years ago

This is my current firewall config.. comments appreciated!

#!/bin/sh
#
# Firewall script for 3 interface router.
#
IPT=/sbin/iptables

INET=eth0
IDMZ=eth2
ILAN=eth1
DMZNET=10.10.2.0/24
LANNET=10.10.1.0/24

# Forward the following ports to the DMZ host
TCPFWD="ssh www https 8000 8001"
UDPFWD="5121"

# Turn off forwarding
echo 0 > /proc/sys/net/ipv4/ip_forward

modprobe ip_tables
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe ip_nat_irc
modprobe ip_conntrack_irc

###############################################################
# Setup /proc interface

echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts

# Disable Source Routed Packets
for f in /proc/sys/net/ipv4/conf/*/accept_source_route; do
        echo 0 > $f
done

# Enable TCP SYN Cookie Protection
#echo 1 > /proc/sys/net/ipv4/tcp_syncookies

# Disable ICMP Redirect Acceptance
for f in /proc/sys/net/ipv4/conf/*/accept_redirects; do
        echo 0 > $f
done

# Don't send Redirect Messages
for f in /proc/sys/net/ipv4/conf/*/send_redirects; do
        echo 0 > $f
done

# Drop Spoofed Packets coming in on an interface, which if replied to,
# would result in the reply going out a different interface.
for f in /proc/sys/net/ipv4/conf/*/rp_filter; do
        echo 1 > $f
done

# Self explanitory
echo "1" > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses

# Log packets with impossible addresses.
#for f in /proc/sys/net/ipv4/conf/*/log_martians; do
# echo 1 > $f
#done

###############################################################
# Flush all chains and delete user chains

for i in filter nat mangle
do
$IPT -t $i -F
$IPT -t $i -X
done

# Default policy is to drop
$IPT -P INPUT DROP
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD DROP

###############################################################
# Stealth Scans and TCP State Flags - Are these needed?

# All of the bits are cleared
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
iptables -A FORWARD -p tcp --tcp-flags ALL NONE -j DROP

# SYN and FIN are both set
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP

# SYN and RST are both set
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

# FIN and RST are both set
iptables -A INPUT -p tcp --tcp-flags FIN,RST FIN,RST -j DROP
iptables -A FORWARD -p tcp --tcp-flags FIN,RST FIN,RST -j DROP

# FIN is the only bit set, without the expected accompanying ACK
iptables -A INPUT -p tcp --tcp-flags ACK,FIN FIN -j DROP
iptables -A FORWARD -p tcp --tcp-flags ACK,FIN FIN -j DROP

# PSH is the only bit set, without the expected accompanying ACK
iptables -A INPUT -p tcp --tcp-flags ACK,PSH PSH -j DROP
iptables -A FORWARD -p tcp --tcp-flags ACK,PSH PSH -j DROP

# URG is the only bit set, without the expected accompanying ACK
iptables -A INPUT -p tcp --tcp-flags ACK,URG URG -j DROP
iptables -A FORWARD -p tcp --tcp-flags ACK,URG URG -j DROP

###############################################################
# Setup rules for connecting to the gateway itself

# Loopback is trusted
$IPT -A INPUT -i lo -j ACCEPT

# Allow related packets from any interface
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow all connections from LAN
$IPT -A INPUT -i $ILAN -j ACCEPT

###############################################################
# Setup rules to allow the internal nets to access the internet

# Allow LAN to connect to anything
$IPT -A FORWARD -i $ILAN -j ACCEPT

# Allow all traffic going from DMZ to outside
$IPT -A FORWARD -i $IDMZ -o $INET -j ACCEPT

# Only allow return traffic back inside - '-o ! $INET' probably not needed
$IPT -A FORWARD -o ! $INET -m state --state ESTABLISHED,RELATED -j ACCEPT

###############################################################
# Setup masquerading

# LAN S-NAT
$IPT -t nat -A POSTROUTING -o $INET -j MASQUERADE

###############################################################
# DMZ Port Forwarding
for i in $TCPFWD; do
        $IPT -A FORWARD -i $INET -o $IDMZ -p tcp --dport $i -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
        $IPT -t nat -A PREROUTING -p tcp --dport $i -i $INET -j DNAT --to 10.10.2.40
done

for i in $UDPFWD; do
        $IPT -A FORWARD -i $INET -o $IDMZ -p udp --dport $i -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
        $IPT -t nat -A PREROUTING -p udp --dport $i -i $INET -j DNAT --to 10.10.2.40
done

###############################################################
# LAN Port Forwarding
#$IPT -A FORWARD -i $INET -o $ILAN -p tcp --dport 80 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -i $INET -j DNAT --to 10.10.1.40

# LAN D-NAT
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -i $IEXT -j DNAT --to 10.10.1.40:8080

# DMZ D-NAT
#$IPT -t nat -A PREROUTING -p tcp --dport 80 -i $IEXT -j DNAT --to 10.10.2.40
#$IPT -t nat -A PREROUTING -p udp --dport 5121 -i $IEXT -j DNAT --to 10.10.2.40

echo 1 > /proc/sys/net/ipv4/ip_forward

Slashdot Login

Need an Account?

Forgot your password?