OSDev.org

Combuster wrote:the fingerprint need not be in there yet, and you should know that everybody hits 'yes' when seeing a broken signature

Humans are the worst security

that is SO true

+ to 01000101 (hopefully thats correct), i really think you have a great idea with this OS, you've progressed very quickly and i hope it does well. i must agree with the others that if ISP's end up with this sort of technology, it would be grossly contested on my part, but in a corporate environment i can see it being very useful.

UK ISPs may soon not have a choice. If they don't reach an agreement with the RIAA the UK government is going to step in and force through a law which will make it mandatory for UK ISPs to invest in deep packet inspection.

If that happens, and your OS is ready, you may be "quids in", as we Brits say.

@ JamesM:

i've never heard about this... ****, the internet is about open information sharing, seems like the only place that still believes that is the netherlands

It's true unfortunately, I don't see why people suddenly think they have to be so careful and invade our privacy, but hey...
If the law is force, he'll be more than quids in..., bloody hell, he'll be insanely rich...
I have a cousin who worked for BT, but when the NHS had problems with there computer systems, he got into a project to develop firewalls, etc... for them, now he drives a brand new BMW series 6
Same concept....
Jules

Combuster wrote:the fingerprint need not be in there yet, and you should know that everybody hits 'yes' when seeing a broken signature

Humans are the worst security

http://undeadly.org/cgi?action=article& ... 0615022750
http://undeadly.org/cgi?action=article& ... 0626132732

While it's not entirely the best idea, it's definitely a neat one...

JamesM wrote:Just a thought - are you going to allow not just the enabling of certain technologies (like bittorrent but not limewire, as mentioned earlier) but selective filtering based on (bittorrent) tracker?

The reason I ask is that it would be a rather nice asset to be able to connect to, e.g. Ubuntu's distribution bittorrent tracker and download Ubuntu, but not copyrighted material (i.e. stuff tracked on trackers your program doesn't know about).

Is that possible? feasible? easy?

I agree with you that some bittorrent can be very productive and helpful, even in corporate/educational environments.
Tracker filtering is not yet implemented in DiNS, at least not in any form that is stable or efficient. I have it lined up in my 'thinks to do' list, and I know that its feasible... easy, not so much, but it can be done. It will basically work like signatures in the initial packet with the tracker information. I'm not sure how I would 'select' the good vs the bad packets.. should I just compare those packets to a list of 'good' signatures, or 'bad' ones, or some other way that I'm not thinking of. Either way, I'd image the list would be huge and would have to be a group effor of contributions.

imho you would be better off doing an application layer inspection of the bittorrent protocol so you can just read out the tracker details. That way the admin could selectively maintain their own whitelist of trackers.

ucosty wrote: imho you would be better off doing an application layer inspection of the bittorrent protocol so you can just read out the tracker details. That way the admin could selectively maintain their own whitelist of trackers.

so block all trackers, except ones specified by the admin in the UI?
not a bad idea.

01000101 wrote:

ucosty wrote: imho you would be better off doing an application layer inspection of the bittorrent protocol so you can just read out the tracker details. That way the admin could selectively maintain their own whitelist of trackers.

so block all trackers, except ones specified by the admin in the UI?
not a bad idea.

Yes, that was what I intended in my suggestion.

oh ok, well then it seems like a good enough suggestion to me. I will probably start working on the base functions for that soon.

I need to start working on the RS-232 driver as well, I hear its pretty easy to do though.

BTW: eMule is now added to the blocked list. I rendered both the eD2K & KAD networks unable to communicate beween the server & clients.

Shareaza & BearShare use close to identical communication methods so stopping one stops both, but as of now, I only have them partially blocked. I will continue working on this after I get an account. I have the sign-in feature blocked so that people can't login to the networks, but I don't consider that a block, its more of an inconvenience that would probably be patch quickly without an entire overhaul.

"quickly" and "entire overhaul" aren't two words that normally go together in OSdev .
Jules

what are you talking about? OS Development is easy.

Yah your right, I'll just go and learn Chinese...
Jules

another mini-update:

BitTornado, ABC, and Deluge are all offically blocked through DiNS.
I also added optimizations to limit the amount of network overhead due to 'connection retrys' in clients when they realise they are failing miserably to connect to servers.

Pe@cE

nice work

just wondering... what is the security benefit of not using interrupts?