Slashdot Mirror

Frequent Slashdot contributor Bennett Haselton writes "An estimated 200,000 Hotmail users currently have their auto-reply set to a message spamming an advertisement for Chinese scam websites, which sell "discounted" electronics. Presumably the spammers compromised a large number of Hotmail accounts to pull this off, but wouldn't it be pretty easy for Hotmail to query for which users have that set as their auto-reply, and turn the auto-reply off for them?" Read below for Bennett's thoughts.

After a recent mailing that I sent out to a subset of my proxy mailing list, I got back 18 auto-replies from Hotmail users, all substantially similar to this:

Dear friend:
We are an electronic products wholesale .Our products are of high quality and low price. If you want to do business , we can offer you the most reasonable discount to make you get more profits. We are expecting for your business.

Please visit our website: www.wedosale.com

Email: wedosale@vip.188.com .
MSN: wedosale@hotmail.com .

Looking forward to your contact and long cooperation with us!

Our mainly products such the phones, PSP, display TV, notebook, video, computers, Mp4, GPS, xbox 360, digital cameras and so on.

Welcome to visit our website!

Some of the spam auto-replies advertised different websites, and the wording varied between the different auto-responses, but they were all similar advertisements for Chinese electronics "retailers." (And so, I assume, the websites are all fronts for the same company -- if multiple spammers had independently hacked Hotmail users' accounts to set their auto-replies, it would be vanishingly unlikely that those spammers would all happen to be electronics hawkers.) This was from a mailing that I sent to a set of subscribers that included about 26,000 users with "hotmail.com" e-mail addresses. If 18 out of 26,000 users in my sample have had their accounts hacked to send spam auto-replies, then this must be happening to a large number of Hotmail users -- not a large proportion (only one in 1,500, in my sample), but with about 300 million Hotmail users, that would still be a large absolute number.

The same spammers have apparently been spamming through Hotmail auto-replies for at least 11 months, according to this post in the Windows Live Help community forum from January 2009. At first, some pundits seemed to have assumed that spammers had created these accounts themselves and subscribed the accounts to people's lists, in order to spam the list owners (and, if it's a list that accepts subscriber posts, broadcast the spam to the other list readers). However, looking at the addresses in my proxy mailing list that were sending the spam auto-replies, I noticed that (1) our records show that the auto-reply-spamming subscribers joined the mailing list by various means, signing up through different Circumventor websites, not indicative of how a spammer would have joined the list by automated means, and (2) many of their email addresses are associated with legitimate-looking Myspace and Facebook accounts. Thus it looks as if these were real users who joined the list legitimately, and then got their accounts hacked by the spammers, who set those users' accounts to send the spam as an auto-response.

(If you happened to look at the spammers' www.wedosale.com website, at this point you might be thinking: I don't want to give money to spammers, but can I really get a Blackberry for only $295? Couldn't I just order from the website, and then if the goods don't show up or they're not as advertised, I can dispute the charge on my credit card? Well, I signed up for a dummy account on the www.wedosale.com page and got as far as the order page, and the only payment types that they accept are wire transfer, Western Union, and Moneygram -- precisely those types where you cannot get the money back or dispute fraudulent charges. If you've already gone and ordered a Blackberry, don't hold your breath.)

If my 26,000 users were a representative sample of the 300 million current Hotmail users, then with 1 out of 1,500 users in my sample being "infected," I could estimate that about 200,000 Hotmail users (1/1500 times 300 million) are currently set to send spam auto-replies. Hotmail claims to process 3 billion non-spam e-mails per day, for an average of about 10 non-spam e-mails per Hotmail user. That's the average for all users; what's the average for the infected users? Some factors would tend to lead to a lower average for infected users -- if they have lots of friends sending them mail, it's more likely that one of their friends would have told them about the auto-reply spam and told them to turn it off, so perhaps the users still sending the spams are the ones who don't receive a lot of messages from their friends. On the other hand, some of the infected accounts may be receiving more (non-spam) e-mail than average; one reason people sometimes abandon webmail accounts is that they're getting too much mail, even from newsletters like the Circumventor list that they had legitimately subscribed to. So, figuring that factors in both directions roughly cancel out, if each infected user is receiving the average number of 10 emails per day and sending 10 auto-reply spams in response, that's still a total of 2 million outgoing spams per day shilling for nonexistent Chinese iPhones.

These are just back-of-the-envelope calculations, but even I'm overestimating by a whole order of magnitude, that's still 0.2 million auto-reply spams per day, or about 70 million spams that will be sent by this one company through Hotmail's servers in the coming year, if Hotmail doesn't stop it. (And closer to a billion spams in the coming year if I'm not overestimating.)

And it's actually worse than that, because these spams are less likely than average to be filtered, since they're coming from Hotmail's servers. Normally you'd think that the content-based module of a spam filter would have no problem catching a message like the one at the top of this article, especially if millions of similar messages have been spewed out over the past year. However, messages from Hotmail's servers, regardless of content, are less likely to be blocked, since their network has a good reputation for sending little spam overall (due to measures such as requiring users to fill out a CAPTCHA when signing up, blocking each account from sending more than 500 messages per day, etc.). When I sent messages to the infected Hotmail users from my Gmail account, to see if the auto-responses would get through Gmail's spam filter, Gmail's blocked only half of the replies. When I mailed all the users again from my Hotmail account, the results were strange -- most of the users' accounts sent back no auto-reply at all, not even a reply that got routed to my junk folder. (Why would Hotmail accounts not send an auto-reply in response to a message from a Hotmail user? Please post if you have any idea what's going on there.) However, of the infected Hotmail accounts that did send a spam auto-reply, 100% of those auto-reply spams were delivered to my inbox. (Apparently, Hotmail's spam filter usually assumes that messages from other Hotmail users can't possibly be spam.) Only Yahoo Mail's spam filter, when I sent a test message to the infected users from my Yahoo Mail account, blocked all of the auto-replies as junk mail.

For the infected users on my mailing list, I sent them a link to a set of instructions I'd written about how to set and un-set their Hotmail auto-reply and how to change their Hotmail password, with the hopes that they'd eventually see the message and follow the steps. 18 users rescued, 200,000 to go.

So this is basically what's happening, but it still leaves some unanswered questions, such as: Why Hotmail accounts, but not Yahoo Mail, GMail, or AOL accounts? I've never noticed any auto-reply spam sent from any accounts at any of those other services. Whatever the spammers did to gain control of so many Hotmail accounts, if it was profitable for them, why didn't they do the same thing for Yahoo Mail? And, why did only one spammer do this? If they're sending between 1 and 10 million spams per day for free, they're probably making money at it. Whatever they did to hack those accounts, why wouldn't other spammers figure out the same method and copy them?

Presumably the Chinese spammers stole large numbers of passwords from Hotmail users either via a huge phishing attack, or through a security hole in Hotmail or some other part of the Windows Live service. If it was done via a security hole in Hotmail that the spammers discovered, then that would explain why the spammer's methods only worked for Hotmail accounts, and also why no other spammers have copied their techniques. (A phishing attack, on the other hand, would be easy to modify for other webmail services, and would also be easy for other spammers to emulate, so that's not consistent with the observed evidence so far.) I also found this post from blogger Stuart Shelton describing how his account was hacked by Chinese spammers -- and from the blog post, it's clear that he's very tech-savvy and would have been unlikely to fall for a run-of-the-mill password phish. If the attack happened even to people who know what they're doing, that seems to make the security hole explanation more likely.

Perhaps others can come up with some theories about what happened. It's easy to come up with guesses, but the hard part is to reconcile them with the fact that it has only affected Hotmail users so far, and no other spammer seems to have figured out how to copy the same technique yet.

But there's a much simpler question too: Why doesn't Microsoft just turn off the auto-replies for these users' accounts? They can query to see exactly which users have these messages in their auto-replies, and then un-set the auto-reply automatically. Yes, I know that even for a simple database operation like that, there's always more to it when you're managing hundreds of millions of accounts across multiple servers -- but if it will stop this one sender from sending between 50 million and 500 million spams (that in many cases will bypass people's spam filters) from Hotmail's servers in the coming year, isn't it probably worth it?

And even if it wasn't a phishing attack this time, sooner or later some other spammer will probably capture tens or hundreds of thousands of Hotmail accounts using a phish or some other method, and try spamming through auto-replies as well. So if Hotmail "fixes" this batch of auto-reply spam for practice, then the next time it happens, they'll know exactly what to do to take care of it.

I've written some columns where I strongly believed every word but expected a lot of opposition, some where I wasn't sure if I was right and just wanted to see what people thought, and . But I rarely argue something that I think is a no-brainer. Hotmail should un-set the auto-replies for those users whose accounts are spamming for nonexistent Chinese electronics knockoffs, before those accounts send another several hundred million spams in the coming year. Am I smoking crack?

Then again, maybe expectations for Hotmail shouldn't be set too high. I use SpeakEasy for my mail provider, and on about November 19th I found that all messages sent to hotmail.com addresses from SpeakEasy's servers were being bounced with an error message rejecting them for "spam-like characteristics."I called SpeakEasy and they confirmed that they knew Hotmail was blocking all mail from their users (although for "security reasons," SpeakEasy couldn't tell me what they were trying to do about it). The block wasn't lifted until about November 28th, when my messages started getting through again.

If SpeakEasy, which has been in business for 15 years, has annual revenues of $60 million, and was bought in 2007 by Best Buy, can't even get through to Microsoft in less than 10 days to tell them to stop blocking all mail from their servers, then Microsoft should first fix their postmaster trouble ticket system, so that people are not blocked from writing to their friends and family members at Hotmail for a week and a half. Then get to work on the spam auto-responders.

Frequent Slashdot contributor Bennett Haselton writes "A federal judge rules that government can obtain access to a person's inbox contents without any notification to the subscriber. The pros and cons of this are complicated, but the decision hinges on the assertion that ISP customers have lowered privacy interests in e-mail because they 'expose to the ISP's employees in the ordinary course of business the contents of their e-mails.' Fortunately for everybody, this is not true — most ISPs do not allow their employees to read customer e-mails 'in the ordinary course of business' — but then what are the consequences for the rest of the argument?" Read on for the rest of Bennett's analysis.

Federal Judge Michael Mosman has ruled that the government can read your e-mails stored with a third-party provider like GMail, without notifying you that a search warrant has been executed (PDF) against your account. (Actually, the judge ruled that there is no "notice" requirement triggered at all, so that in theory, neither GMail nor the subscriber would have to be notified — but that seems only of theoretical interest, since in practice GMail would have to cooperate in order to execute the warrant, unless the government is planning to have ninjas sneak into their server farm at night. The substantive impact of the ruling is that e-mails can be read without notifying the subscriber.)

Now, as I said when writing about the possibility of undetectable encryption being installed on people's computers, at the risk of incurring the wrath of civil libertarian allies, I am not 100% in favor of limiting governmental power in cases like these. Restraints on governmental power have their pros and cons, and many people who are targeted by government investigations really are evil. There may be cases where the government can only prevent harm from being done, by gaining access to someone's e-mail account, and by preventing the subscriber from finding out that their e-mails are being read. However, all of these arguments are also true when applied to governmental seizure of property from someone's home — and yet we still have Fourth Amendment protections against warrantless searches of your house. So should they, and do they, legally apply to e-mail? And under the "third party doctrine," should the government have to notify the subscriber of the search, or only the ISP?

Law Professor Orin Kerr of George Washington University Law School has written an article [click on the link and then press the download button to download a draft] arguing that the Fourth Amendment does apply to e-mail. But he has also written another article arguing in favor of the third-party doctrine — essentially, that when the government seizes property that is in the possession of a third party, it only has to notify the third party, not the property owner. To the extent that this is relevant to the GMail case, the argument would appear to support Judge Mosman's ruling. However, Kerr's paper also acknowledges that the third party rule has been the subject of scorching criticism of other Fourth Amendment scholars, calling it "dead wrong" and "making a mockery of the Fourth Amendment."

It will probably be a long time before courts are issuing consistent rulings on the third-party rule as it applies to e-mail. In the meantime, though, one statement in Judge Mosman's ruling sticks out in particular:

"[T]he defendants voluntarily conveyed to the ISPs and exposed to the ISP's employees in the ordinary course of business the contents of their e-mails."

This was the basis for further reasoning that the defendants had less of an expectation of privacy in their e-mail contents, and hence that there was a strong case for allowing the government to read the e-mails without notice to the defendants. (In this he was drawing an analogy to a previous ruling in which a court held that a bank's customer has "no legitimate expectation of privacy" in his bank records because they were "voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business.")

But as applied to ISPs, this is a statement of fact, not a statement of law, and as a statement of fact it's simply wrong. ISP employees, even the most highly placed ones, do not have access to customers' e-mails "in the ordinary course of business." And even in the non-ordinary course of business, in the case where e-mails have to be inspected to satisfy a subpoena requirement or to investigate an abuse report, only employees with the proper business justification can read the e-mails. (At the e-mail provider that I use, SpeakEasy, employees can only access accounts with the explicit permission of the customer, and only then by resetting the password or obtaining the password from the customer. When I worked in MSN accounts, most employees didn't have the security clearance to access customer accounts at all.)

This tracks with what customers reasonably expect from banks versus what they reasonably expect from ISPs. If I called my bank to ask about the status of my account, and the customer service representative noted that I had a high number of overseas wire transfers and asked if I wanted to upgrade to a business account with a reduced wire fee, it probably wouldn't even occur to me to be offended that she had looked at my transaction records. On the other hand, if I called SpeakEasy and asked them to add more space in my inbox, and the tech support guy said, "Dude, you could do a lot better than Chloe," I might think he was overdue for a review of their customer privacy policy.

Judge Mosman uses several more analogies in arguing that the third-party doctrine applies to e-mails (beginning on page 12 of the ruling), analogies between e-mail and real-world situations that most of us are familiar with, like leaving documents out in the open at someone else's house. Now, most of us don't have the expertise to comment on the legal technicalities. But in the game of analogies, we're all experts, insofar as we're qualified to comment on whether we feel that one thing is "like" another, or whether our "expectations of privacy" in the two areas are similar. And under the rules of that game, I would disagree with the judge's analogies for several reasons:

1. There is a difference between leaving property in someone else's possession because you don't care very much about keeping it private, and leaving property in someone else's possession because you have no choice. The judge cites precedents in which courts ruled, variously: (a) that when a suspect left documents at his mother's house and the police executed a warrant there, they only had to provide notice to the mother, not the suspect, even though the mother was not the owner of the documents; (b) that a defendant had no grounds to object to the search of another person's purse, when the search turned up drugs belonging to the defendant; and (c) that defendants 'could not make a Fourth Amendment claim regarding a search of someone else's car because they had no "legitimate expectation of privacy in the glove compartment or area under the seat of the car in which they were merely passengers."' But all of those cases involved property that the defendants chose to leave in the possession of someone else, rather than keeping on their person or in their own houses. In all of these cases, the person X who left the property in the possession of person Y, could not have expected that person Y would keep their eyes off of that property, or would shield it from the view of casual acquaintances who happened to see it there. So by allowing the notice only to be served on person Y, these three cases are just specific implementations of a general rule: "If person X leaves property with person Y, with no expectation that person Y would refrain from examining the property, then the notice of warrant only has to be served on person Y."

This rule does not generalize to GMail accounts. If I send and receive messages through a GMail account, I know that they're stored on Google's servers, but that's out of necessity in order for them to provide web-based e-mail that can be accessed from multiple locations. By allowing the e-mails to be stored on their servers, I haven't conveyed that I care any less about their private contents, because I didn't have a choice. Now, if I had printed out an e-mail from GMail and left it lying around at my Mom's house, or in a friend's glove compartment, then that could be interpreted to indicate that I had less interest in keeping that e-mail private, and it would be more analogous to the situations above. In fact if I had sent an e-mail to someone working at Google, I would understand that my expectation of privacy had been lowered significantly, and that the recipient might forward it to their friends or leave a printout on their desk, or that the police might request for him to show it to them without notifying me. Simply having an e-mail stored in a GMail account is not the same thing.

2. E-mails are not like bank records, because you have a greater expectation of privacy for e-mails, even from the institutions that hold them. It's true that bank transactions are more closely analogous to web-based e-mails, because they're both stored on company servers by the nature of the business, so this analogy isn't as badly flawed as the previous ones. But in addition to the fact mentioned above, that ISP employees do not have access to your e-mails "in the ordinary course of business" despite what Judge Mosman wrote, there is the "inside/outside" distinction that Orin Kerr describes in his paper on the Fourth Amendment and e-mail. Essentially, police don't need a warrant to observe what goes on outside your home — whatever is visible from a public street — but they would need a warrant to take their inspection inside. Kerr argues for extending this analogy to the "content/non-content" rule for Internet transactions, so that Fourth Amendment protection would apply to the contents of e-mails, but not necessarily to the "outside" information such as sender, recipient, and transmission time. (Actually that still seems like rather weak privacy protection, to say that the Fourth Amendment doesn't protect information about who we exchange e-mails with, but even this watered-down argument still implies stronger privacy protection for e-mail contents.) Bank transaction records would be more like "outside" information and less deserving of privacy protection, so the analogy doesn't hold.

3. By analogy to the expectation of privacy in people's homes, the expectation of privacy for the contents of e-mail is possibly greater. Judge Mosman writes, "The sanctity of the home is often cited as the central purpose for this notice requirement, but the requirement has not been explicitly limited to searches of homes," and quotes from another court decision: "[t]he mere thought of strangers walking through and visually examining the center of our privacy interest, our home, arouses our passion for freedom as does nothing else." Well, since he brought it up, if it's relevant to compare the "passion" that's "aroused" by the invasion of various spheres of privacy, if I had a choice I would rather have a stranger wander through my house and inspect everything except the computer, than allow them access to my browser history and all the e-mails I'd sent and received in the past year. (And that's not even taking into account the violations of other people's privacy that would be entailed by someone looking through all of my e-mails.) Applying the test of "What would you rather have people see?", most people who make more than casual use of e-mail, seem to care more about the privacy of their e-mail than about the privacy of what's visibly lying around in their house — if a good friend drops by unannounced, you can usually lead them through your house without worrying about what they'd see, but you probably wouldn't give the same person a complete record of all your e-mails in the past year. (Remember, according to the judge's quote, we're comparing "visually examining" your house vs. your e-mail, not actually physically taking anything.)

As I said, I'm not necessarily opposed to the government having the authority to obtain records of people's e-mails if they have an extremely good reason, without necessarily having to notify the subscriber that their e-mails had been read. But the justification should not rest on wrong-headed assumptions like the notion that ISP customers "expose to the ISP's employees in the ordinary course of business the contents of their e-mails." I wonder if even Judge Mosman thinks that's true. If he got a call from his bank offering to upgrade his account based on recent transaction activity, he'd probably just politely get them off the phone like the rest of us. But if he got a call from his ISP tomorrow, saying that his e-mails were starting to sound cranky and they were wondering if there was anything they could do to cheer him up, would he just thank them for their concern and leave it at that?

RevWaldo writes "A Brooklyn man can't sleep at night knowing that the bizarre inter-gadget relationship between his Sony Erickson PDA and his Maytag Magic Chef stove might leave him burned. Last Monday Andrei Melnikov discovered that his cellphone was turning on his stove when he got a call in the kitchen. The phone had been on the kitchen counter when it rang, and as he answered it and walked away, he recalls hearing a faint beep. Minutes later, he smelled smoke, and discovered that some plastic cookware left in the oven was on fire. The incoming call had somehow turned the broiler on high, a phenomenon which Melnikov demonstrated for his landlord and reporters. They believe this is the first time this has happened in the three years since Melnikov has owned the stove and the phone, but since neither device is talking, nobody really knows how long this hot affair's been going on. Melnikov and his girlfriend have put a stop to it by unplugging the oven, and they're afraid to plug it back in because of their pet chinchillas. Maytag is sending someone to "fix" the problem, but will the lonely old Maytag man really have the heart to stand in the way of such fiery passion?"

DragonTHC writes "Senator Ted Stevens, Republican of Alaska, is being investigated in a federal corruption probe that has implicated his son Ben. Part of the case involves a fishing co-op whose members allegedly paid Ben Stevens $500,000 to get a federal bailout from his father." The other Alaskan senator, also a Republican, is under a cloud as well.

JimDaGeek writes "I recently moved to Columbia, SC where I have Time Warner as my cable ISP and pay for an 8 Mbps connection and have been very happy with the service, speed, and reliability. In contrast I have heard bad things about Comcast. So now that I am up in the Philadelphia PA area visiting my parents, I decided to test out the speed and reliability using the Speakeasy speed test. The results surprised me. Here are the reported download speeds in Kbps: New York, 18,946; Washington, 15,821; Atlanta, 11,257; Chicago, 10,042; San Francisco, 4,230. What is going on? I know my father is not paying for a 10+ Mbps connection. Is Comcast giving priority to popular speed-test sites?" From Comcast's site, in the Philadelphia area they seem to offer download speeds of 6 or 8 Mbps, with an option for a "PowerBoost" to 12 Mbps on large files. This wouldn't explain the results JimDaGeek got of almost 19 Mbps down.

Update: 07/10 12:07 GMT by KD : A friend in Massachusetts had a tree fall on his house. The Comcast guy who reconnected the lines told him that they are boosting the line speed to 20 Mbps down / 2 Mbps up in certain areas to be more competitive with Verizon FiOS.

NaDrew writes "Speakeasy, the favorite DSL provider of many a Slashdotter, has issued a press release stating that they do not expect to be affected by the FCC ruling allowing ILECs to refuse to lease their lines to third-party providers. This is because the ruling specifically states that CLECs--such as Covad, from whom Speakeasy resells service--are not to be denied unbundled wholesale access to ILEC lines."

NaDrew writes "Speakeasy, the favorite DSL provider of many a Slashdotter, has issued a press release stating that they do not expect to be affected by the FCC ruling allowing ILECs to refuse to lease their lines to third-party providers. This is because the ruling specifically states that CLECs--such as Covad, from whom Speakeasy resells service--are not to be denied unbundled wholesale access to ILEC lines."

Technofusion writes "Seattle, Washington has found a new use for their aging Space Needle. Three companies have teamed up to turn the Space Needle into a giant WiMAX antenna. Bruce Chatterley, CEO of Speakeasy, announced it will be the biggest deployment of it's kind in North America with six towers, one placed on the Space Needle and five others around the city , beaming a signal over a 5 square mile area. Don't put away those 802.11b/g cards just yet, as WiMAX is projected to cost $500 a month for 1.5Mb service."

xdavexxx writes " Speakeasy, one of the largest DSL providers in the United States, recently announced that it will begin offering a specialized version of Mozilla Firefox to its customers. In doing so, they are one of the first internet companies to offer an official customized version of Firefox to its customers. This custom version of Firefox will keep the Firefox Google home page, but have the Speakeasy logo and feature a Speakeasy toolbar filled with links recommended by Speakeasy. No money was exchanged between the Mozilla Foundation and Speakeasy, as Firefox is open source and is freely available for use by anyone. Speakeasy's reasoning for this is simple; to increase the reliability and speed of its internet service." It should be pointed that Slashdot (and OSTG) have a partnership with Speakeasy.

xdavexxx writes " Speakeasy, one of the largest DSL providers in the United States, recently announced that it will begin offering a specialized version of Mozilla Firefox to its customers. In doing so, they are one of the first internet companies to offer an official customized version of Firefox to its customers. This custom version of Firefox will keep the Firefox Google home page, but have the Speakeasy logo and feature a Speakeasy toolbar filled with links recommended by Speakeasy. No money was exchanged between the Mozilla Foundation and Speakeasy, as Firefox is open source and is freely available for use by anyone. Speakeasy's reasoning for this is simple; to increase the reliability and speed of its internet service." It should be pointed that Slashdot (and OSTG) have a partnership with Speakeasy.

xdavexxx writes " Speakeasy, one of the largest DSL providers in the United States, recently announced that it will begin offering a specialized version of Mozilla Firefox to its customers. In doing so, they are one of the first internet companies to offer an official customized version of Firefox to its customers. This custom version of Firefox will keep the Firefox Google home page, but have the Speakeasy logo and feature a Speakeasy toolbar filled with links recommended by Speakeasy. No money was exchanged between the Mozilla Foundation and Speakeasy, as Firefox is open source and is freely available for use by anyone. Speakeasy's reasoning for this is simple; to increase the reliability and speed of its internet service." It should be pointed that Slashdot (and OSTG) have a partnership with Speakeasy.

DarkHelmet writes "An article on CNET News indicates: 'A U.S. appeals court has rejected the Federal Communications Commission's request to rehear a case, in a move that could prompt local governments to regulate the cable industry.' The piece explains: 'The rejection could pave the way for municipalities to force cable companies to share their broadband Internet lines with third parties.' I personally can't wait for companies like Speakeasy to branch into the Cable Internet market and provide 10-100mbps service."

Eric Boutilier writes "Amy Rich has written an excellent Solaris Express (Solaris 10) how-to and general overview. It covers how the program works, using the community web site, and what's new in Solaris Express." Among many new features, the TCP/IP stack has been redesigned, IPv6 support improved, and both NFSv4 and USB 2.0 support added.

D3 writes "This report on a solar power tower (pdf) looks extremely interesting. Maybe one day we can have international power lines where all the countries with lots of sunshine provide power to the rest of the world? How cool would that be?" The NY Times has a good article on solar power in Japan.

An anonymous reader writes "Today, speakeasy (the greatest ISP ever) sent out a letter from the CEO introducing their NetShare Wi-Fi plan. It lets you share your broadband with your neighbors, with Speakeasy handling the billing and splitting the fee 50/50. More ISPs should be like this!"

sedawkgrep writes "Speakeasy.net has recently published a policy concerning their subscribers. They're openly welcoming the sharing of subscribers bandwidth via WiFi as long as you don't violate the existing terms of service. Speakeasy has always had a very liberal and open policy with their users. Even though I wouldn't open my network via WiFi, it's refreshing to see a company who is taking a more open approach rather than restrictive when dealing with its customers." I've been a Speakeasy customer for a while now ('tho my move from Boston to Ann Arbor meant going from 768 to 144 *sigh*) and have always been impressed with them. Great step supporting WiFi as well.

sedawkgrep writes "Speakeasy.net has recently published a policy concerning their subscribers. They're openly welcoming the sharing of subscribers bandwidth via WiFi as long as you don't violate the existing terms of service. Speakeasy has always had a very liberal and open policy with their users. Even though I wouldn't open my network via WiFi, it's refreshing to see a company who is taking a more open approach rather than restrictive when dealing with its customers." I've been a Speakeasy customer for a while now ('tho my move from Boston to Ann Arbor meant going from 768 to 144 *sigh*) and have always been impressed with them. Great step supporting WiFi as well.

sedawkgrep writes "Speakeasy.net has recently published a policy concerning their subscribers. They're openly welcoming the sharing of subscribers bandwidth via WiFi as long as you don't violate the existing terms of service. Speakeasy has always had a very liberal and open policy with their users. Even though I wouldn't open my network via WiFi, it's refreshing to see a company who is taking a more open approach rather than restrictive when dealing with its customers." I've been a Speakeasy customer for a while now ('tho my move from Boston to Ann Arbor meant going from 768 to 144 *sigh*) and have always been impressed with them. Great step supporting WiFi as well.

Case42 asks: "My former webhost company was recently acquired by a larger company that I find myself increasingly dissatisfied with. This presents me with a dillema and a question for all you slashdotters. Do I find another webhost or bite the bullet and host the site myself? I have a decent DSL connection and my site is low traffic, so i'm not concerned about the bandwitdth too much. I'm a sysadmin by trade so i can handle the technical aspects of setting up and running the site without a problem. Despite the fact that it means yet another system to administer i'm leaning towards hosting the site myself, anyone have any horror stories trying to host their site from home, any excellent webhosts out there?" How much traffic could a typical, residential DSL connection take out there, anyways?

Pogie asks: "At my office, we've got what one could only describe as a huge Network attached storage infrastructure. We're talking multiple terabytes of applications, user trees, data files, sybase and oracle databses, etc. 'In the beginning' it was a concious decision to create a shared NFS infrastructure using NetApp Filers (I humbly recommend them over SAN solutions any day...flame on!), but our data center has grown so large, and there are so many interdependencies that we're becoming concerned that if the wrong filer goes down, our production network would be, to say the least, hosed." To combat this problem, Pogie wants to implement his filesystem in a relational database...Oracle to be precise. Read on for his reasoning.

"To conquer our fears we're trying to get a handle on exactly what is where, with the goal of reorganizing the true physical locations of data to minimize the business impact if any single NFS server goes down. At the moment, the plan of attack is to construct a relational Oracle 8.1.6 database on linux which will basically mirror the filesystem in a DB. To accomplish this, I'm writing a horde of scripts using the perl DBI which will poll the entirety of the NFS filesystems on our network and create what basically amounts to a virtual filesystem in the DB which we can then drill into for specific information in much less time than it would take us to search through the actual filesystems in question. In addition, we gain the ability to maintain historical data, which allows us, among other things, to know exactly what went wrong if a luser rm's, mv's, or cp's the wrong thing to the wrong place.

Has anyone tried this before? And is this even a good idea? Does anyone know of existing packages that will do this? I'm really curious what the slashdot community thinks of the idea. I was several hours into this before someone said to me, 'Do you realize you're writing a filesystem in SQL?'"

Dr. Zowie asks: "How should one choose a router for a home LAN? We just added a few hosts on our home ethernet, which is connected via DSL. There are an amazing number of new entries into the market for routers and even stand-alone firewalls. NetGear, Linksys, SMC, and even Panasonic all have boxen in the $99-$300 range, each of which will do some combination of NAT, routing, source-IP filtering, port filtering, and content filtering."

"It's not at all obvious from the packaging, the web sites, or the drool-proof pamphlets in the boxes which routers will do what. For example, we'd like to pass through packets for our two server machines, and use NAT/DHCP on a third address for the rest of the LAN. Nearly all the boxes advertise that they can do NAT routing, but many don't support NAT and static-IP routing simultaneously.

Die-hards will insist that one should run a standalone box with dual ethernet cards and the appropriate routing goodies -- but these standalone boxes, at 5-15 watts and a couple hundred bucks, seem like comparatively hassle-free solution. Which one do you use?"

Logic writes: "According to their press release, Covad Communications Group, Inc. is preparing to file for Chapter 11 protection for restructuring. One of the most important points in the release is Covad Communications Group, Inc.'s operating companies, which provide DSL services to customers, are not expected to be included in the court-supervised proceeding and will continue to operate in the ordinary course of business without any court imposed restrictions,' meaning that the operating companies which deal with service providers (such as Speakeasy, who have endorsed Covad's action) will continue to operate unfettered by the court restrictions, and end-user services should be unaffected. Hopefully." As a Speakeasy customer (at home), I sincerely hope that my connection doesn't go away.

Aciel asks: "Does anyone know what happened to Freeboxen? For those who don't remember, Freeboxen was a free site where one could post old hardware and have it taken off your hands. Very cool, especially for building Beowulf clusters. Anyway, I found this Slashdot posting about it, from when it was originally announced, but going to the site turns up a 'Cannot find server.' A Google search for it reveals several cached pages, including one which provides the e-mail addresses of Freeboxen's owner, James Lincoln. But both e-mail addresses -and- a subsequent attempt replacing mindspring.com with earthlink.net returns messages from angry mailer-daemons. I did a 'whois freeboxen.com', and it turned up a phone number and address, but I'm not inclined to harass people in their homes and offices. Anyone know what happened to Freeboxen, then? If not, are there any other good old hardware swap sites out there?"

Aciel asks: "I recently decided to switch from Windows to Linux. I'd been held back by many things before (such as that my copies of Thief II, Quake III Arena, and Wheel of Time only ran on the former), but I was really ready to do it this time. But once I got Red Hat all set up, running Gnome, et cetera, I realized that I had no idea how to install anything. I of course knew about sites like linuxnewbie.com (and .org), but neither of them were really oriented towards people like me. One was oriented more towards programmers; the other towards idiots. But where to find a tutorial on Gnome, KDE, or Linux and X in general oriented towards people like myself, people with significant but not infinite computer DOS-based know-how?" If Unix (Linux/*BSD/etc) is ever to successfully woo users from Windows, something like this is a must.

"Everyone's always talking about how easy Linux is to use, and how much better it is. But then why can't I find a simple tutorial explaining the basics to me from a perspective I and other Windows users can understand? I'd love to learn--especially since I'm unwilling to shell out another 100 bucks for a newer OS that's slower than the one I've got (read: Windows ME)"

Fawking DSL writes: "BSD Today reviews the new features, supported cards, and installation of XFree86 version 4.0.1." The article starts off by saying that XF864.0 "Shocked The World" which I find mind numbingly amusing, but it's a good review.