Domain: oc9.com
Stories and comments across the archive that link to oc9.com.
Comments · 7
-
Re:And this is news why?
-
Re:Why not update your JRE?
There is little things that need to be changed for time to time when you upgrade to a newer jdk version. Nothing compared to upgrading PHP although, so you are mostly right. I run apps that were developed with java 1.0 on java 6 without problems and without any need to change anything in the app.
Look at the bottom of this article for "org.apache.struts.validator.DynaValidatorActionForm" :
http://blogtech.oc9.com/index.php?view=article&id=239%3Ajava20091022&option=com_content&Itemid=16
-
Re:Google should then provide signed certs
Just use spam assassin, clamav and MailScanner. It works just as well as gmail to filter out spam. I use gmail on my cell phone but everything is forwarded to my own mail server. It seem like I still don't need to pay for any certificate. I just relay a copy of the mail I receive to gmail instead of having gmail popping mail from my server.
http://slashdot.org/comments.pl?sid=3322605&cid=42321647
http://blogtech.oc9.com/index.php?option=com_content&view=category&layout=blog&id=8&Itemid=13
-
Re:Install Java without being root...
Look at:
For the sticky bit issue. Search for:
find / -type f -perm +7000 > tt.txt
One should remove all setuid bits on programs on any system if not needed. Less and less programs need to set the sticky bit by default but still, it is an important concept to grasp if you are concerned about security. Xterm used to have the setuid bit set and to be owned by root and you can't imagine how many hosts with guest accounts have been compromised that way back in the old days.
-
Re:The inventor responds...
"I don't know of any commercial system with numbers (accuracy or speed) better than ours."
This could very well be true. But the downside of any commercial system is that it will never do as good a job as smartly combining the many freely available tools to fit your use case. You would need several commercial products to do a good job.
I view it the same as security. I would never trust 1 commercial product to keep my system safe. It is much safer to use a combination of tools to keep your system secure.
So I guess I would say the weakness of your system is that it uses only one approach to fight spam.
I have results as good as the numbers you give if not better using this setup and a few other tricks given in another article on this thread.
Congratulation on your effort to fight spam and take care of yourself ;-) -
"Spam Trap" Claims 10x-100x Accuracy Gain
"Spam Trap" Claims 10x-100x Accuracy Gain
The title might give up their secret industrial patented algorithm ;-) A "Spamtrap" is an email account set up only to receive spam mail. That email address is never given to any legitimate user.
So maybe they just setup spamtraps, then publish those email in some honey pot places where spammers scrape email addresses, et voila !
Of course, any emails sent to the spamtraps will be guaranteed to be spam. Now, the Marketing department steps in and says: Let's call this : "The concept of receiver reputation" ;-)
By the way, I already block way more than 99.9% of spam using the following, this was a one-time setup with no need for white/black listing maintenance:
-Spam Assassin
-Real time blacklists
-Greeting delays
-Rate control
-Max senders by message and other various sendmail option You can view the configuration here.
-Priority 1 and Priority 10 mail servers are always down, Priority 5 mailservers are the real ones
-Spam trap addresses
It is so efficient that I didn't have to resort to graylisting yet but I could always use it to achieve even better results. I am not ready for the downsides of graylisting yet.
Since correctly using available open-source tools already gives better than 99.9% result (1 spam every 1000 forwarded message) I am not sure of the relevance of the advertised product ;-) -
Re:Interesting
There is just too many small un-official phone companies now, we are one of them. http://www.oc9.com/. In VOIP, you can run your own PBX and deal directly with VOIP providers. Often, your incoming call provider will differ from your outgoing call provider. VoipJet http://www.voipjet.com/ is an outgoing call provider while Didww http://www.didww.us/ is an incoming call (DID) provider.
In such a setup the entity (small company,etc.) running the PBX is responsible to set the callerID on outgoing call. So the big Telcos have got nothong to do with it basically. In fact, it is near impossible to spoof callerID when a big telco is your provider.
Equaly, the outgoing provider (as in Voipjet) has got no responsibility if one spoofs callerID because they have no idea if the DID number you are sending as callerID really belongs to you. You don't even need a phone number (DID) to route outgoing calls to the provider.
So, it makes sense to have a law preventing small, hard to control entities to spoof callerID for whatever reason.
In practice, it will be hard to proove the intention although. Some calls show the wrong callerID due to misconfiguration and not due to evil-doing. Will they have to prove that the spoofing was intentional ?