Slashdot Mirror
@Home Gets the Usenet Death Penalty
A reader wrote to us with the news that an UDP has been declared on @Home in news.admin.announce.
You can read it on Deja.com for the full post. Interesting - let's see how long it takes @Home to respond to the UDP. Usually, this gets people attention pretty quickly, and I'll welcome any sort of respite from the spam flood of the last couple months. The penalty is due to begin 17:00 PST, Jan. 18, 2000.
This is an interesting phenomenon - USENET has no central authority and no control centre, so if the UDP has the desired effect, then it's an example of anarchism actually working (for once; note - I'm not in any way an anarchist). It's also support for what your mother told you about bullies and annoying brothers and sisters - "ignore them and they'll get fed up and stop it". Thanks, mum!
ben_ the technologist and platform agnostic
FYI... "Because of this lack of response to serious, ongoing problems, even when they have been pointed out repeatedly, a full active Usenet Death Penalty will go into effect at the close of business, 17:00 PST, on Tuesday, 18 January 2000 (19 Jan 2000 01:00:00 GMT)."
UDP Faq .sig: File not found.
That's the faq for the UDP.
ls:
ls:
(A)bort, (R)etry, (I)gnore?
I've been on the Internet for 11 years now (c'mere kid and pull my finger). But seriously, I remember when I could read about 50 newsgroups in 1/2 hour and most of the messages were not spam in any sense of the word.
/..
The last time I read USENET was gosh..almost 2 years ago. Full of spam, threads that went all over the place, crossposting galore. I have since given up and am using
What would problably work in this day and age would be a WDP (Web Death Penalty). Block port 80 from and to known ISPs that spam. Boy will that get people's attention.
-- Ever notice that fast-burning fuse looks exactly the same as slow-burning fuse? I didn't... (Edgar Montrose)
To???? I don't think it's sensible or possible to control their newsfeed, but their posts are rejected.
This may sound heavy handed, but from my experience (5 years as an anti-spammer now) the anti-spammers involved make every effort to contact the offending ISP and help them secure their news servers, report abusive users to them, etc. In essence, a UDP is something of last resort.
It should also be noted that this isn't some small cabal (TINC) of people trying to censor others, as participation in a UDP is voluntary. All you need to do to not participate is alias NNTP traffic with the "udpcancel" site in the path. Often however, the benefits of a UDP outweigh the disadvantages, and the UDPed site cleans up their act rather quickly.
Hope this helps.
this sucks for me, being a new @home user. i have wanted to stop by the usenet, but i havent had a chance to anytime. now im being punished for something im not even doing... anyway a hapless victim could get around this?
---- Sig? What sig? Who needs one, anyway?
This is the sort of thing I like to see. As someone else stated, it's comparable to anarchy working.
:) It's just not the same in my book).
I like the idea of people/organizations fending for themselves on the internet. The last thing we need is any government intervening and trying to enforce it. Anarchy may not be suitable for real life, but I think the general concept is perfect for the Internet where the real laws lie in the software. For example, when someone tries to break into your box, you shouldn't call the cops - you should make sure your box is secure and defend yourself. If you're incapable, then buy software to assist you. (note: Please, nobody make analogies comparing this to some crime in real life
-----------
"You can't shake the Devil's hand and say you're only kidding."
"Death Penalty"? @Home? Is it possible we could get Kevorkian in there for an assisted suicide?
Here is a better link to the article in question: Keeps from /. 'ing one server.
I'm a disgruntled @home user, or in other words, I've been on the service for more than three months. No one at @home takes proper measures to inforce the acceptable use policy. Instead, they cap bandwidth at 5k a second to make their ISP a less viable 'server', inconveniencing every user.
@home costs $65 a month Canadian, and they cut corners everywhere they can. My personal WAN area has between 32 and 40 people on it, and the packet drops are phenomenal. I have been phoning their tech support for thirteen months in a row, and they have told me it's everything BUT a crowded WAN area. They most recently have told me that 'Internet Access' does not include UDP. They do not support UDP, therefore they have no responsibility to control the quality of Internet gaming, despite advertising gaming on their network on television with fullscreen Quake pictures. I have been keeping track and am wondering about the viability of a lawsuit.
As I hinted above, servers are against the rules with @home. Have you ever played on a Quake server with an IP starting with 24.113 or 24.112? That's @home cable. Expect 5 to 50k/s upstreams.
Ever gone to a mp3 search engine? A ton of the sites are 24.113 or 24.112.
@home has been banned from Dalnet, due to excessive numbers of people spamming the network. The Dalnet ops have tried to contact @home about the problem, but they were ignored. The only way to connect to Dalnet for @home members is through gate.dal.net, which has too much lag. My two year old channel dwindled to zero people within a week.
The bottom line is, do NOT sign up with @home if there are any other alternatives. They will hook you in with a high installation fee, and it goes downhill from there. You're on your own. Everyone who has any sense of right and has power at @home must be ignored internally.
I will be sending email, making phone calls, sending more emails, having my friends/relatives/coworkers send emails and make phone calls, and basically abusing the hell out of @home.
As far as I'm concerned, this is not excusable in any way by @home, and besides, my news server @ work (news.eni.net) doesn't carry some of the ng's that @home's news server does (specifically alt.os.linux.slackware and a few gimp ng's.)
Rest assured that the not-asshole-ish users of @home will be very, very active in making this stop.
Mike
Sure, I have a thankless job. That's okay. I have a lot of (non
On a relational note, I seem to remember that the alt.scientology folks went about self moderating usenet to remove offending posts about their beloved L. Ron a few years ago, and it was never resolved exactly how to approach/moderate the Usenet hierarchy in general. Self-moderating is a misleading term, since only a few Admins are capable of actually issuing something like a UDP (outside of alt. of course). Eventually, the issue of spam and individual user rights on Usenet has to be adressed, but I for one believe that you kinda gotta take the good with the bad (*Raise Flame shields*), and let the spammers post their crap in the name of protecting the ability to post any and every idea, trivial or not.
-just My 2cents
I agree that to "call the cops" is overall a pretty useless thing to do if someone tries to break into your system.
... see what happens. Keep abreast of the newest script-kiddie fads and they won't surprise you.
However, the right answer to security isn't to "buy software" either. As Bruce Schneier is fond of pointing out, security is not a checklist feature: it's not something that can be slapped onto the side of a fundamentally poorly-designed system.
"Poorly-designed" here refers not only to the software and other instrumentality, but also to your administrative methodology. Administrative methodology has to do with the things you do as routine system upkeep. Do you monitor security-related mailing lists (CERT-CC, BugTraq)? When setting up a new system, do you close unneeded services? Do you make a habit of knowing everything that should be running on your system, and noticing when things that shouldn't be there appear? Do you run security audits against your system? Do you regularly check for security updates to your software and install them?
My new favorite security procedure: Go to a script-kiddie Web site, download some k00l t00lz (cracking tools, DoS utilities, etc.) and wield them against your own system (over your own network)
Security is a way of thinking -- some would say a way of life. It's not something you can just buy a program to install.
Please note that no one has successfuly sued the Realtime Blackhole List, either.
UUNet attempted to do the same thing two years ago when they got UDP'd. Their lawyers, and the government also, told them that they had no case.
We aren't attempting to destroy @Home, we're simply not carrying their packets on USENET - which we aren't obligated to do anyways. They could only sue us if we had a contract requiring us to carry any and all spam from them.
UUNet thought they were all that with lawyers too, and when they tried, the number of people supporting the UDP nearly doubled in anger.
Nope, no one is required to carry it. Freedom of speech doesn't supercede (sp?) my freedom to hear. If I choose not to re-print or listen to someone's words, unless I have a contractual obligation to them, they have no recourse against me. @Home would be laughed out of court.
"You can never have too many elephants on your team."
According to the FAQ that one gentleman posted, UUnet got this in 1997, and threatened legal action. That was stupid, infeasible, and generally clueless, and was laughed out in short order. However, the internet was not really Big Business then, with Big Pockets and Stupid Corporate Lawyers (tm). How stupid is @Home? Might they try a lawsuit? Yes, it would kill them and not work anyway, but stupidity knows few bounds...
Communication is only possible between equals
apologies to OT.
Ironic UDP is same acronym for thin layer communication protocol User Datagram Protocol (UDP) which is thinner than TCP/IP.
One UDP connects.
Another UDP disconnects.
I like the irony.
Corrinne Yu
3D Game Engine Programmer
I have been reading a discussion on the incidents mailing list (www.securityfocus.com) were a great deal of site admins are reporting scans and other attacks orginating from @home IP addresses. It appears that abuse@home.com goes to /dev/null.
I have road-runner and they check their customers for open wingates, relayable sendmail ports and trojans like BO, netbus etc.. ( I know this because I probed one of the admins boxen after I saw my kernel dropping packets from his IP. He directed me to the security website for road runner which explained everything. http://bofh.rr.com)
Microsoft aggravates my tourettes syndrome.
You won't win any friends by "fighting back" like some sort of Che Guevara wannabe of the Internet. But, if it makes you feel any better, you can forge cancels for all of _my_ posts, too.
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
From the UDP FAQ (http://www.stopspam.org/usenet/faqs/udp.html):
10.What about legal issues? Don't you worry about being sued?
As UUnet (and others) have found, there is no legal requirement for other sites to carry or post their messages. Cancel messages are advisory in nature, and the sites which accept them have to have the ability to process them enabled in their software for them to be effective (the vast majority of sites have them enabled). UUnet threatened legal action when they were UDP'ed in August of 1997, but both the US Justice Department and the FBI (and presumably their own legal department after they consulted them) stated that there had been no laws broken and that they refused to investigate or act. Because none of their own equipment or networks were attacked, compromised, or even affected, there was no legitimate Denial Of Service (DOS) complaint that could be filed. What was happening, in effect, was an organized boycott of their messages. Nothing more, nothing less - and there is nothing illegal in all that. There would also be a horrendous negative public relations wave from actually instituting any legal action. When UUnet threatened, even more people came out in support of that UDP, contributions to legal funds were offered by a large number of people, lawyers volunteered to defend those participating in the UDP, and many ISPs promised to alias UUnet permanently (and work to get others to do the same) the moment they actually instituted legal action.
As another example, there was a rogue canceler, nicknamed "the Kikecanceller" [because his racially inspired cancel message paths all had "!kikecancel" (along with "!spiccancel," "!wopcancel," and others) in them], who was active for a short while. This rogue canceler nuked over 25,000 articles for no legitimate reason before his account got canceled. James M. Hawkins, the supervising agent at the FBI's Tulsa office, stated: "We don't have a case. I don't think we're going to be getting involved in the matter." The local United States Attorney's office was contacted about the cancellations and they replied that no law had been broken. (see the NY Times article about the "Kikecanceller". Note: this site requires you to enter a user name and password to access it, although it is free. There have been no reported instances of spam being sent to any test address that was used to enter the site, so it appears as if this data is only used by that site and not released to anyone who might utilize it for a spamlist).
The little guy just ain't getting it, is he?
Deliberate attempts to destroy a business are illegal.
Uh, this _isn't_ an attempt to destroy a business. There has been a huge rise in spam coming from @home, and even messages sent to @home about it have been ignored. This spam is causing problems for other sites, so the UDP is meant to help the other sites lower their spam intake, and to get @home's attention.
I don't know what you're reading, but nowhere in the message I read did I see anything that said "let's get @home." I do see things like Because of this lack of response to serious, ongoing problems, even when they have been pointed out repeatedly,... Looks to me like @home is at fault for not taking any action.
- My favorite error message: xscreensaver, running on an old Sparc 5 w/ 8bit color: bsod: Couldn't allocate color Blue
Anyone who wants to post must obtain a client.
How is this different from e-mail, HTTP, FTP, Gopher, etc?
Even then it is not 100% likely that you will be able to get that group that you want.
What newsgroups are carried are set by the system administrator for your ISP, and most wellbehaved ones will add ones if you ask for it. (Although you may want to rethink about asking for sex, warez binaries groups, etc.)
There are also some public servs that carry as many groups as possible, or cater to specific areas (binaries, portman, grits, etc.)
What people need to do is to simply delete the spam and just look at what's there. How hard is it to just delete it?
USENET postings cannot be deleted. With USENET, one person posts a message, and that message is then duplicated bit by bit to every server in existence that carries the newsgroup. So:
1) No centralized source to delete it from.
2) It can always be found on some odd server.
3) Same ethical/philosophical reasons that Slashdot doesn't allow moderators to delete postings.
Is it's presence that bad that it actually causes people to react like it was a cockroach or maybe a demon?
The headers must be downloaded when you spam off line; it takes time to download a million spam messages. Much less people like me who have to let my machine grab full text for me to read later.
It's a lot like e-mail spam, except messier and in such huge quantities as to compare CyberPromo (anyone remember Stanford?) to a landfill the size of Texas.
So it means that unless @Home cleans up their act, starting Tuesday of next week at 17:00pm, all participating Usenet servers (i.e. most ones out there) will dump all messages from @Home users into the bitbucket, not posting them.
@Home and all clients going through @Home Usenet servers become gagged until the upper echelon management finds out and orders an immediate change of policy on spam.
A UDP requires the participation of other USENET servers, but many, in fact most, servers are set up to automatically honor all UDPs by default.
I do not agree. Just because there are users who abuse the internet and usenet groups the entire domain is black listed. This is the dirtiest part of human nature! Why is it when there are bad apples the entire stereotyped population suffers!
I agree that there is a problem. All the good users should be made aware of the issues at hand. They should be then able to isolate the insolent users and cancel their subscription to @home.
Being an @home user, I will be glad to kick off the assholes that are causing crap. Hell, I would even BOTCOT @home if they do not allow users to self-moderate the system. HELLO? It is a shared network. We are all paying for it. It is about time we all share in the democracy of the system and flush out the bad apples. Make the all go to AOL for all I care! They are cost all other users of @home MONEY, TIME, and STRESS! This is more that enough justification to spend the time and effort to isolate the 10 - 20% who are abusing this service.
All those with me, call @home and complain. We should put up a website saying that there should be a faster turnaround on kick out delinquent users.
On another note: I would like to see where the AOL IPs stand in the UDP priority. I always get spam from them... is it just because it is easier to see people from @home (Ips are generally 24.112... or 24.113... etc....)????
Thanks for you time.
This
@Home should sue any site that refuses to carry its traffic (at least those subject to US courts).
The UDP is a community action. @Home was not a good neighbor, and now they can't borrow the weed whacker. There is no obligation to carry a particular companies usnet articles. There is no obligation to even allow IP packets from @home into their networks (except for their upstream provider who IS under contract).
Besides that, there are very few 'smaller' sites out there. Most ISP's that don't own their own national network outsource their usenet service.
You've been taken in by spammer FUD and BS. Net sites are the private property of their respective owner, free to reject traffic according to their own rules (though they may be liable if they selectively enforce the rules in a prejudicial manner).
Especially go after the smaller sites. They'll BUCKLE under the legal pressure as their bosses realize that they cannot afford a long expen$$$ive lawsuit.
@Home presumably hires reputable and competent lawyers, who do not wish to besmirch their recordss with frivolous-lawsuit sanctions. Their spammer customers are welcome to file such lawsuits, if any of them can find an attorney willing to accept chick en bones as a form of currency.
/.
/. If the government wants us to respect the law, it should set a better example.
Maybe I am missing something, but how would the UDP (which will go into effect on the 18th, and involves USENET, not email, AFAICT) affect you getting your business emails???
YS
"Arrr! The laws of science be a harsh mistress." -- Bender
How is an ISP supposed to "delete" all of the gigabytes of spam (e-mail & news) which they are forced to carry every day, and for which they had to pay big bucks for the bandwidth, servers, hard disk space & administration to be able to support? They can send out cancel messages, but this uses MORE resources and the time lags involved allow spam to slip through. (Plus, _somebody_ has to be paid to identify the messages to cancel & issue the cancel message...)
You seem to have a very limited understanding of the mechanisms which support the Internet, and a debating style consisting mostly of emotional appeals w/very little logical content.
the way a UDP works is that several news admins are generating cancel messages for articles originating from @Home. If you go read the UDP FAQ you would know this. Anyone not wishing to participate in an active UDP can refuse to accept articles from the pseudosite udpcancel.
All cancels delaing with an active UDP have udpcancel in their path header.
So, the majority of usenet admins are participating simply because they haven't chosen to ignore these cancels.
Even if a site that ignores these cancels passes them on to another site which honors these cancels, the second site will get the cancels and the messages will go away. (It's magic!) The only news servers where the articles originating from @Home will be found are the guys who ignore the udpcancels.
And not to try to impress you, but I do control a major newsfeed. You can also reach me at my deja.com address. I'm their primary news admin.
"We are not tolerant people. We prefer drastically effective solutions"
...you clearly did NOT read the original declaration of an impending UDP. Things were qualified rather carefully, and in particular, a listing of the 100 news servers that were the origin of the most spam to usenet was listed.
/dev/null.
EVERY DAMN ONE OF THEM WAS AN @HOME NEWS SERVER.
The AUP Enforcement department for @Home has had their thumbs stuffed up their asses for long enough. The throw the book at anyone who dares have a web server showing the default Apache page on it, but never do a damn thing about open relays, which are a much bigger threat. The reasoning seems to be that open relays aren't a bandwidth muncher, but a web site that gets twelve hits a month is.
In all honesty, they'll probably ignore this UDP since the summary cancellations will mean they will no longer have to forward so many complaints about Usenet spamming to
A UDP is not invoked lightly. It is invoked as a last resort against a set of servers that have resisted or ignored all reasonable requests to participate within the USENET community.
If @Home is incapable or unwilling to act as a responsible member of the USENET community, news admins are fully within their rights as owners of their news servers to reject traffic from @Home's users.
Similarly - by aliasing out the "udpcancel" site in the path, news admins who wish not to participate in the UDP are fully within their rights to ignore it.
This isn't about "censorship" or a "Cabal" (TINC). This is about the rights of news administrators to choose for themselves whether or not to accept traffic from a site that has demonstrated a clear inability or unwillingness to clean up its act.
To @Home users: The problem is with the management of the company who (poorly) administers your news servers. The proper course of action is to contact your @Home technical support or customer service reps and tell them that you want @Home's managment to authorize @Home's news administrators to take the actions required to bring @Home out of the UDP. While the rep you speak with on the phone can't help you, the message will eventually be heard by @Home management. While it's regrettable that the situation went as far as it did, the precedent for the UDP is good; UDPd firms generally do clean up their acts, and USENET is the better for it.
Does this mean that the @Home users will be the only people who get to read the spam which the @Home network is responsible for propagating?
> Lack of authority is Bad. This same anarchistic
> quality you praise so much also keeps an ample
> supply or w4r3z and kiddie pr0n available to
> anyone on the 'net. Is this what you are
> supporting.
Some, like myself, would argue that neither of
these is imnherently bad. (while I am against
forcing children into sexual situations for
any reason- especially something as base as
capital gain, I see nothing wrong with the
act of transmission of pictures themselves)
Noone is being hurt by these simple transmissions
of data. Noones rights are being abused. I see
no real problem.
Its simply the free exchange of information. Is
that what you are against?
"I opened my eyes, and everything went dark again"
It'd be nice to see this extended to other services, I'm not sure how feasable it would be. I suppose a centralized procmail filter database would be feasible.
Take a look at the Realtime Black Hole List. This is a DNS-based hack that publishes the domain names of sites that allow spammers to send through their mailservers - in a form that lets mail transfer agents do a quick DNS inquiry and dump mail if it is coming from such a site.
Interestingly, it's an example of anarchism in action. Anybody can publish such a list. Anybody can hack their sendmail to use such a list - and pick any such list they chose. (As far as I know there's only one such list at the moment - probably a sign that it's doing a good job.)
The RBH client code is included in current Linux distributions. (I saw it as a {recommended} sendmail configuration option in Red Hat 6.1, for instance.) I've heard estimates that about 60% of the email inboxes in the world are now behind mail transfer agents that subscribe to RBH and thus bounce mail from any site on the list.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
do not agree. Just because there are users who abuse the internet and usenet groups the entire domain is black listed
.com domain helped, but that removed some good posts too. It worked for a while and made the groups readable.
I remember when AOL opened its floodgates upon the internet. No only did they put a big POST button in their software and not educate their users what usenet was, they had a little bug in their software. Each post would be duplicated seven times. Putting the entire aol.com domain in my killfile returned the newsgroups back to an enjoyable state. In fact, it would be over a year before I ever saw an intelligent post from the aol.com domain. I wasn't missing much by filtering them out.
Then other ISP's unloaded the masses onto usenet. Newbies are a fact of life, but usenet was then carpetbombed with scams and what was to be known as spam. It was unreadable. Filtering everything with the
I have seen the usenet death penalty used. And it works! It keeps me from having to filter, because it forces responsiblility for those who wish to become part of the usenet community.
The people who provide them could of course cut of the feed entirely, but @home would take their business elsewhere. It's impossible to stop them from getting a newsfeed from someone, as long as one person is prepared to give them a feed. However, if only one admin is prepared to carry their articles, that means that the rest of the internet never sees their messages.
If you look at the history of the UDPs, we have yet to find a UDP that has lasted longer than five days.
/dev/null.
We hurt millions of users for five days to remove billions of crossposted spam from millions of Usenet servers - and also as retaliation for @Home's little alias of abuse@home.com to
Have you ever run a Usenet server? Do you have any idea of the pure amount of GARBAGE from spam and advertisements that will suck up entire T3s 24/7? If you want a better analogy, this is little different than when Iraq invaded Kuwait and didn't respond to demands to stop; most of NATO got together and pounded on them.
Given the choice of massive spamming or blocking cable users from direct Usenet access (they can still use Deja) for a few days, I pick the block. Who knows, @Home might even clean up their act before the UDP goes into effect. Historically UDPs are usually released before the deadline for that very reason.
> So basicly people are getting a bug up thier a**
> that a minority of @home users are spammers.
No...they have a bug up their ass that a minority
of @HOME users are spammers AND @HOME
is not doing anything about it.
UDP is invoked AFTER usenet admins have alerted
and really tried to get an ISPs attention and
feel that their complaints have "Fallen on Deaf
Ears".
"I opened my eyes, and everything went dark again"
USENET being the operative word. Noone
can be blamed for your inability to connect to
the mail server other than the network admins.
Usenet has nothing to do with email.
"I opened my eyes, and everything went dark again"
You've obviously never had anything to do with running a news server. The news spools can get HUGE if you keep articles for any length of time. RAID is an absolute MUST. A spam on usenet takes up resources on every usenet server in the world.
Usenet spam is a lot worse than email spam. I have seen newsgroups that were about 20% actual messages and 80% spam. If s/n isn't enough argument, consider every news server needing an extra 9G U2W SCSI drive for the spam and the extra bandwidth (that costs some real money BTW).
The problem with open proxies is that any spammer anywhere can use them to hide their identity so they don't get their account cancelled. There's nothing eletist about that. I can't think of any ISP that doesn't provide you with usenet as part of the basic service. The only people who really need the proxies are the spammers.
As for Lucifer, at least if you tell him you're not interested, he goes away. Besides that, although his prices are outrageous, he, unlike many spammers, actually delivers the promised goods and services. [/humor].
> The reasoning seems to be that open relays
> aren't a bandwidth muncher, but a web site that
> gets twelve hits a month is.
Web sites are also easier to find.
Any moron can write a script that looks around
for web servers. You actually have to know what
a relay is before you can scan for open ones.
Probably just clueless admins.
"I opened my eyes, and everything went dark again"
They don't have to sue. I am a cs student (not a lawyer), but it seems like an injunction might be something they could try, at least in the US and maybe Canada. I didn't say it was feasible; in fact I said it would be stupid and not work. I was just kind of wondering out loud if they would realize that or not, never having had to deal with that network or its admins myself. It looks like this thread was already kind of hashed over, and the consensus is that it wouldn't work and they probably wouldn't try it anyway.
As a followup, the point has been made that this kind of thing can be done because no contractual obligation exists between usenet nodes (is that the right word?). I wonder how long before big ISPs start trying to get mutual carry agreements with each other?
Communication is only possible between equals
All I can do is suggest everyone do the same. The office in PA is (215) 981-8531. You may or may not get someone knowledgable right off the bat, so be polite (but really, you should be polite anyway!). You might want to even check out the Canons of Conduct from the Linux Advocacy mini-HOWTO for some good pointers.
Good luck!
If you want a good dejanews interface that's free of the crap and all the advertisements,
copy this old dejanews search form to your home directory
and bookmark it from your browser. This search form was saved from my cache when deja ruined their interface. It has none of the voting crap and your search will just yield the facts and what you are looking for.
(And needless to say, HTML is NOT a USENET posting standard - thanks to Netscape for unleashing this travesty to the world, but fortunately, only about 2% of the posters I read use HTML in the first place.)
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
@Home can't sue admins for controling their news feeds. That would be like suing a person to turn on their TV or radio to tune in their station.
I just called my friendly @home customer service rep (she actually *was* friendly!) and asked her about the UDP problem. She was not aware of it, but she escalated the call and found out that the issue has been elevated to the corporate level and it is hoped things will be addressed before the UDP goes into effect. It seems they have started taking a lot of calls over this.
-Jeff
-Vercingetorix
"Necessitas non habet legem." -St. Augustine
AT&T/TCI/@home, and cfu--the municipal utility. I called both, and it was five bucks a month cheaper on both my cable and my internet with the muncipal utility--and one bill with everything from sewer to internet (hmm, depending upon your taste, those could be the same).
/home elsewhere. I think I've only seen it go above 500k/s download once, but it seems to me that it stayed near that when I was uploading the disk.
Free installation and first month (from both, I think) due to the shortage of modems at the time. Now I pay $25 total for service & modem. They want an extra $5 if you want a second computer (but it seems you provide your own hub & wiring), and the terms of service explictly prohibit sharing an IP with linux or that dark-side program (but how could they tell?).
I have no idea how to configure it. I put in my two install disks for FreeBSD, and it took care of absolutely everything. Since I wanted to massively rearrange the hard drive, I called and got an ip that I could grab, changed the address in in my old configuration, and stashed about a gig of
Competition in cable is such a wonderful thing.
Oh, and the deciding issue wasn't that it was $5/month cheaper, but that I called both places, and the cfu folks knew what was going on, while the @home folks could barely figure out which out of state tech support might be able to answer questions . . .
Usenet is not elitist. You don't have to get a client to access usenet news. I used to telnet directly into usenet server's port 119 to read and post from there. You can do this by:
telnet nntpserver.domain 119
even in Windoze. I would even say the server's raw interface is user friendly. If you want help, just type help followed by return. Its a beautiful interface and is compatible with almost anything that can display text. With a good terminal and some scripting, it can be the most productive environment for digesting news.
Sue for what? Usenet works like this: "Hey, I'll post the articles from your server on mine if you post my articles on yours." By refusing to accept articles from a host, you are in NO WAY breaking any law or hurting that host. Their equipment is not touched, their connections are left intact. What you propose is like saying Pizza Hut should sue me because I refuse to eat there. Give me a break.
OK, not exactly on this topic (if you say "offtopic" they don't mark you offtopic :) but in a related and interesting coincidence:
I just now got a message from BugTraq saying that their mailing list has gotten blocked by ORBS because their ISP blocks ORBS probes. I think (I'm not an expert on this) that ORBS (anti-spam police) is probing to see if above.net's sendmail will allow "open relaying", but above.net blocks the probes. So, ORBS is treating the ISP as if they allow open relaying... does ORBS have "proof" that some machines in that domain are relaying, or is this a "play ball our way or screw off" (you know, kinda like cookies on Slashdot :) move?
Here's the email (I've corrected some errors to make it readable):
After a (somewhat funny) conversation with a bewildered @Home help desk lackey, I was told that noone in _entire office_ (including his supervisor) knew what I was even talking about. I was directed to e-mail abuse@home.com.
The following is the text of my e-mail message to them. I would encourage other @Home customers to write letters of their own. Perhaps @Home will get the point and begin acting more responsibly.
-----email follows-----
to: (several addresses, repeated in body of msg.)
from: (Chris Stearns)
--
I would like to know what @Home intends to do about the Usenet UDP that is scheduled to begin on Tues, Jan. 18 at 1700 PST.
Usenet access (reading and posting) is one of the services I pay @Home for. Now, because of @Home's continuing reluctance to address the abuse of its mail servers by spammers, my Usenet postings may be blocked by various sysadmins, who have elected to reject all traffic originating from within the home.com domain.
This would be an unacceptable interruption of service. @Home has an obligation to ensure that the services I subscribe to are available to me.
Futhermore, @Home has an obligation to ensure that its mail servers are not being abused by spammers. The requests for action that have been forwarded to @Home (by myself and others) are apparently being ignored. My own requests have been met with excuses. David Ritz, the originator of the UDP, details largely the same experience when describing his attempts to contact @Home. These responses from @Home - deferral, ignorance - are not good enough.
The remedy to this problem is completely within @Home's ability to to enact. I am a paying customer who wants to know what is being done.
Tell me, what are you going to do to clean up your act? When?
I have attached a copy of the UDP notice, originally posted by David Ritz in news.admin.net-abuse.usenet. This message, as well as the original notice, has been mailed to abuse@home.com, abuse@corp.home.net, news@corp.home.net, noc@corp.home.net, abuse@rogers.home.net, and Internet.Abuse@shaw.ca
A timely response would be appreciated.
Chris Stearns
(email address omitted)
(UDP notice was attached here)
-------end email message------------
Happy writing!
Chris Stearns
If you wish to comment on Usenet-related issues, it behooves you to learn a little bit about what Usenet is and how it works.
--
Do I look like I speak for my employer?
--Quote begins--
give everybody access to bandwidth and things go wrong
--Quote ends--
As I've said before, it's the issue of broad access that makes many of the big commercial services an incomplete Internet experience. You get so many people who act up that it ruins it for everyone. A friend of mine left AOL because he's an avid IRC person, and aol.com is k-lined on most servers. AOL was convenient, but the stigma ended up being too much and they lost another customer...one who honestly wasn't an AOLamer.
Usenet kill files, IRC server k-lines, Spam filters...all over people lock out entire companies because they're sick of the garbage. You can't really have a complete Net experience with them. The big companies don't take the time to police what's going on, and often don't bother to respond to complaints. It takes something like a UDP to wake them up, and that's only because the UDP usually gets in the news. My advice remains, if you can find a local ISP with good service, stick with them and avoid the corps. The BS you have to put up with because of the other lamers who get on big companies like AOL and @Home isn't worth it.
My opinion, of course.
Electronic Frontier Foundation for online civil rights information
Are you a spammer, Anon Coward?
>You may want to keep in mind that the spam nazis >are pretty wacko themselves and go to inordinate >lengths to stop spam.
Such as? I've seen LOTS of claims about what these supposedly EEEVIL despammers do, but noone's ever substantiated them.
> They don't even care that innocent companies
> will suffer.
@Home is not an innocent party here. Things have to get really dire before a UDP is considered..
> Think I'm exaggerating? Well consider this, an
> internet site not responsible for *any* spam
> leaving its network may qualify for
> listing on the RBL, IOW being blackholed.
> I know. Been there, done that.
BS. You need to submit traced spam, send it to the RBL folks who contact (by phone) the maintainers of the submitted server and then they MAY enter it in the RBL if there's no hope of the mail server operator getting a clue.
You haven't "been there, done that" at all. You're just pushing spammer FUD.
> Check http://www.mail-abuse.org/ if you have any > doubts.
...and expose you as a clueless tool??
I think the Web is just elitist in general. Anyone
who wants to read pages must obtain a browser. You
must have access to the servers. Even then its not
100% likely that you will be able to find a server
with the information you want.
Ok...now for the sarcasm-impaired.....
Of course you need a "client" what kind of
argument is that? You could just telnet to the
nntp port and speak nttp by hand, but guess what?
that is a pain in the ass.
Find a particular server? How is it any differnt
from email? Should every ISP just automatically
allow anyone, free of charge, to have an email
acount on their server?
The server your ISP has doesn't have all the
groups you want? That is your ISP (or whoeevr
runs the server) fault. Complain to them. I know
that here where I work, we are willing to add
any group to our feed that is requested by a user.
> that @home people are operating "open proxies" I
> assume that this means that they are allowing
> public access from the outside world. Well my
> friend what is wrong with that?
Open Proxies are not open usenet servers. An
open proxie is a proxie server that ANYONE can
connect to. This allows ANYONE on the net to
"Hide" their real adress by connecting to the
proxie and having the proxie connect for them.
The problem here is that A) 99% of the time this
is NOT the intent of the machines owner but a
mis-configuration that others are taking
advantage of. B) This allows spammers to post
spam to email and usenet without ANY audit
trail to track them back to their ISP. This
means that it APEARS like the person with the
relay is sending the spam.
> Is it's presence that bad that it actually
> causes people to react like it was a cockroach
> or maybe a demon? I
You know...if it was JUST the fact that I get an
ocasional email advertisment I wouldn't care.
However, spammers are much worst than that.
Do you know what a spammer can do to an
unsuspecting network? They connect to a mail or
usenet server and start BULK sending thousands of messages. Often in mail with BCC so that they send
one message and the server expands it and sends
thousands.
This can saturate unsupecting networks and bring
useful work to a halt. Not to mention disk
space. If a spammer sends a 2k message here...to
all 10,000 of our users...that means roughly
20 MB of storage space. Maybe thats not terrible,
but if several spammers do it every day or two...
it adds up FAST.
> I think if the mythical Lucifer were to appear > in front of one of these people they would most
> likely get more irritated or enraged at the spam
> than their most hated enemy (for Christians).
Love to nitpick...
since when do ALL christians believe litterally
in a Devil? I know many who don't and would say
any references to one are merely symbolic to
make a point rather than references to an actual
being.
"I opened my eyes, and everything went dark again"
We don't close highways because we have police to control them. The internet cannot be controlled in this way (partially due to it's international, borderless structure that takes it out of the relevant jurisdictions).
If you look at the UDP FAQ (linked to in the email mentioned in the article), you will see that most of the UDPs do not go into effect, and when they, it's generally for a very short period of time. I would say your average, honest internet user doesn't get [too] hurt by this action.
This is hardly old-school draconian society: apparently @Home has been approached regularily about this problem. They have done their customers a disservice by not being a responsible service provider. This isn't a police force in effect: the participants of the UDP are free to make up their own minds and not participate if they desire. It sounds more like a form of democracy within anarchy! If you think that this is draconian, would you mind suggesting another method equally as effective?
No, breaking into someone's computer shouldn't be treated like a physical assault. Not even close IMO.
But it SHOULD be treated like a property crime. After all, it is costing the victim money. If something of value is copied or destroyed then the victim is financially hurt. Say what you will about closed source, but it still holds a market value.
Hell it doesn't even have to be source code. People store all kinds of information on computers (credit cards, anyone?). Sure, this stuff should be secured, but there's no denying the fact that harm is done if someone steals it.
Even if nothing is done aside from breaking in the victim still loses. Why? He has to invest time (= money) in resecuring / reinstalling his machine.
Don't try to glorify computer intrusion as a harmless activity. It's not.
For what it's worth, I agree that sysadmins should work together to solve problems as much as possible before involving the authorities. It's generally a faster way to take care of the problem. But, when the abuse warrants it, either through damage, or through repeated activity, I have no problem contacting law enforcement to resolve the issue.
Best regards,
SEAL
OK, so we do know ths ISP. However, the spammer can set the user account to absolutely anything. Therefore... One goes to the ISP, and nicely asks them to check this out. They would have logs of who was on when, and could probably figure out who actually did it (to them, you see, the remote would be the spammers own machine. They know who they gave which IP to, and can figure out the identity of the spammer). If they didn't keep the logs, they could watch for him to resurface (ie keep logs temporarily and deal with it if he does it again). This would almost certainly be acceptable as a response, and would get them off the hook.
If the ISP is uncooperative, then all that can be done (from the next level up) is to blackhole the ISP. Only the ISP can really know who the spammer was, so theu have to deal with it, or ignore it. If they ignore it, I guess the people at the next level have the right to recommend blocking and to block it for themselves. If you read the post, individual news-carrying sites have the choice if a) whether or not to follow UDPs at all or b) to follow them, but exempt this one. How to do so was described. So if you like spam or think this is too extreme (maybe it is, I haven't hear whan @Home's response was or how many warnings they got) find a news-carrier who is not going to follow it. Or run nntpd yourself, and don't follow it.
So it's a lot like the system right here at slashdot. Read at -1 if you want, or don't if you can't stand trolls and spam. Individual choice (except that you do have to be the person running the newsserver and using up the resources to be able to make the choice.
At least, that's my understanding of the setup, but I don't actually run a usenet server, so any innaccuricies are hereby disclaimed. If I'm wrong, would someone reply and say so.
The Matrix is going down for reboot now! Stopping reality: OK. The system is halted.
That, and not the quantity of spam, is what gets the USENET Death Penalty rolling.
It doesn't help that there are maybe five people in the entire @Home company nationwide who know what the hell they're doing, and your chances of talking to one of those people are about the same as your chances of calling the White House and talking to the President. As with The Phone Company, @Home takes pains to make sure that their precious techies aren't bothered with anything as mundane as helping customers.
Easy way to get hung up on by @Home "technical service"... "Hello, I'm running Linux and ...".
-E
Send mail here if you want to reach me.
There's a small problem with the picture used to depict "spam", as in junk e-mail and the like. It depicts a can of SPAM luncheon meat , which is a registered trademark of Hormel foods.
Hormel's position on this matter is best expressed by the following quotation from their "Spam and the Internet" page:
This means Hormel don't like pictures of cans of their SPAM luncheon meat used in conjunction with junk e-mail and the like.
I suggest that the logo for "spam" be changed for those legal reasons. Perhaps we could change it to the picture of a pig from O'Reilly's book "Stopping Spam", or some similar porcine picture that's suggestive of "spam".
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Besides, only @home can really tell who the spammer is. see My other comment
The Matrix is going down for reboot now! Stopping reality: OK. The system is halted.
I really have to ask, does anyone know is SPAM profitable? Are these just un-informed idiots that really don't know that they're wasting their time? Does anyone have information on this?
Furthermore has anyone even _heard_ of someone that bought something because of SPAM?
Are these people just the deranged/hopeful side of the net?
if the UDP has the desired effect, then it's an example of anarchism actually working
the UDP FAQ certainly claims a large number of successes, among them:
Erols.com had been a thorn in the side of usenet for a long time. With a change in policy after discussion of a UDP against them, they now have a very high reputation among both the usenet and email community.
Bell Atlantic, near the end of July, 1997, was a major spamhaus. Word got to them that they were being considered for a UDP. Spam dropped dramatically almost instantly, to their credit. No UDP was necessary.
UUnet, which was the largest single spam producer around the beginning of August, 1997, [...]announced and apparently instituted a much tougher AUP against spamming, and nuked a couple of the most persistent spammers that usenet has ever seen. Numbers again have fallen dramatically, and we all hope that UUnet continues with this policy.
October, 1997, Compuserve
In December, 1997, TIAC appeared absolutely unwilling to deal with any of their ongoing spam [...] UDP was announced with the 5 business day waiting period before institution. Although their owner continued to make excuses and argue about their culpability as well as bluster and threaten legal action, by the time the deadline had arrived, they had "cleaned up their act" to the point that the UDP was no longer necessary, and the deadline was extended for another 5 days to watch the numbers. After that additional 5 day period, the stats had stayed low, and the UDP deadline was lifted.
About 10 others between these dates.
In December of 1999, a simultaneous UDP of VSNL and SILNET, the two main carriers in India, was instituted for their failure to even begin to control the usenet terrorist who calls himself "HipCrime" and who forges, cancels, floods, and supercedes thousands of articles on a nearly daily basis in an attempt to blackmail the entire world into doing things his way - his way being a usenet without spam cancels. Currently, VNSL and SILET have enabled port 119 (news)blocks on all outgoing connections from their services with the exception of their own servers.
So, it looks like there is good evidence that this will work, given the past history of success.
My Mum told me to hit them!
I used to work for @Home. One of my duties was reading mail sent to news@home.com and handling requests/complaints/whatnot. Anyone who proclaims that @Home is being *lazy* about fixing their problems is _just plain wrong_. @Home employees work their asses off to deal with the problems associated with being a large ISP. Unfortunately, there are just not enough @Home employees. When I worked there, every UNIX admin was spread thin. We all wore a million different "hats" and there never was enough time to deal with everything. @Home is a magnitude larger than it was when I was there and I'm pretty sure things have not improved.
:-)
As for the spam problem, the people at blame are the corporate types. This is a management issue, not a technical issue. This problem could be fixed by blocking inbound packets to customer IPs on port 119/TCP. Unfortunately, port blocking is more involved than just making changes to routers. Policies have to be re-written which, when you are @Home, necessitates lawyers, meetings, and the like. @Home has bigger fish to fry. Like what, you say? Customers who crack government machines, e-mail spammers (who generate a larger backlash than usenet spam), smurfers, script kiddies, irc abuse, customer-to-customer abuse, people who host commercial sites on their cable modems, people who put porn sites on members.home.net (their homepage server), etc., etc. It's only to be expected that USENET complaints are near their bottom of their abuse priority list. If you could only see the volume of mail that abuse@corp.home.net generates, you'd understand.
Chris
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
I used to be a system operator of a dial-up BBS (bulletin board system), back when FidoNet was pretty much the only way to get online to any kind of WAN in places like back-woods New Hampshire, USA, where I live.
One of the things I've always liked about FidoNet over UseNet was that people were held accountable.
If you broke an echo's rules (an echo is like a newsgroup), the moderator of that echo could ban you from the echo. (Fido moderators are more like IRC channel operators then UseNet moderators).
If you got banned enough times, most system operators would simply ban you from the echos entirely.
But it got better. If a system's operator was unresponsive, or a system was a continual source of twits, the FidoNet feed to that system could be cut.
If other systems in the area kept refeeding him any, that entire network (local geographical area) would be cut.
Seems a little heavy-handed if you are used to Internet anarchy. But I think UseNet's system of waiting until things have deteriorated to the point of uselessness doesn't work, and a system that doesn't work isn't a good system. FidoNet preemptively cut off the garbage-makers. It was all run by the lose organization of system operators, was very grass-roots, and generally operated on concenus. It worked pretty well.
In a way, FidoNet has a cabal, and was better for it, IMNSHO.
Of course, the big-time (the Internet) has pretty much killed it off these days, so we'll never know how it would have scaled compared to Usenet.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
the people who answer those emails are a group called KANA(i think the name may have changed recently), and i work pretty closely with them.
thier job is pretty much the same as mine; acct maintanence, billing, troubleshooting, etc.
these guys are AT&T employees, not @Home employees, and have absolutly NO control over abuse issues. the most we can do is refer it to abuse@home.com
so, knowing this, please do not email the good people at that address.
thanks
They sent money to a spam-friendly ISP. Without those millions of customers' revenue, the ISP would not be able to support the spammers' terrorism.
If you do business with scum, you're going to get a little dirty. That's why I don't pity the Windoze users when they BSOD. (Or at least I try not to show any compassion.) They put money into Microsoft's pockets instead of hiring good people. They brought it all onto themselves, and made the world a slightly darker place for the rest of us too. Fuck 'em.
---
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
This is exactly why cable should not be a monopoly. In Canada @home has a grip on the whole cable market (there are CRTC proposals in place that are trying to fix that, but nothing's happening for now), so every cable subscriber in canada will be affected pretty much (with the exception of smaller ones in private cable areas, like dccNet here Delta BC). If people had options, they could be using another ISP that gives 2 shakes about nettiquite and would not be affected.
So why can't they get it across their god damned thick skulls that NOBODY WANTS TO SEE YOUR SPAM!?
If you ever find the answer to that question along with an appropriate clue stick, I will nominate you for any award of your choice.
ORBS is a greater evil.
My box doesn not relay outside mail. I get probe attacks, and the wanna-be spammers go away.
ORBS has 17 different spam attempts, keeps trying for 14 days (as per their web site) and then re-tests.
Being mentioned in ORBS has increased the number of outside probe attacks. (In fact they WANT this behavior)
They are unwilling to provide the e-mail message that prompts them to think you are a spam site, and if you complain about them, they add you to the ORBS list as a manual entry.
In fact BUGTRAQ@SECURITYFOCUS.COM has now been hit with ORBS. (seems above.net doesn't like the probes and rejects them. So ORBS has them 'on the list')
In short, ORBS is no better than the spammers.
Promoting ORBS is irresponsible.
If it was said on slashdot, it MUST be true!
Hi there. Let's pretend that I administer a server. My bosses know what spam is; they chew me out when I get some. They tell me my job is to prevent spam from reaching them. So, I implement UDPs when they come out. I tell my bosses I'm stopping spam. They commend me. They own the server. Who are you to tell me what to do? Who are you to tell me I'm wrong for abiding by my contract and doing what the boss tells me?
Take that and multiply it by however many servers carry news feeds, and you've got the UDP. This isn't a central authority. This is lots of individual sysadmins who don't want to deal with posts from a domain, so they block that domain on the servers that they have a legal, ethical, and moral right and obligation to administer.
To be an illegal DOS attack they'd have to trick a server into canceling the articles against the wishes of the operator of the SERVER. Canceling messages against the wishes of the originator of the MESSAGE is fair game - because the operator of the SERVER is not required to carry the messages. The cancel requests themselves are advisory, not mandatory (though their processing is automatic, so the server operators must accept or reject them by policy rules rather than manually).
The cancel messages are formed in such a way that the operators of the servers can easily chose (by configuration options) to accept or ignore them.
Even better, the operators of the servers can selectively accpet or reject cancels from a particular instance of the UDP, certain classes of them, or UDPs in general (without regard to the policy on non-UDP cancel messages).
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Is there a nice site that allows people to share their killfiles and spam filters? It'd be nice for me to be able to head to rec.arts.poetry or similar, and have a killfile maintained by the community (in the same way that Waldherr's Junkbuster has a community maintained blocklist.
Perhaps as an extension to NNTP, an FAQ, Killfile, and other info links would be available in the info for the group (as meta fields), allowing people to not have to wait for the FAQ to be posted, etc.
---
--
Internet Explorer (n): Another bug -- that is, a feature that can't be turned off -- in Windows.
> how the bloody hell can you pretend that kiddy
> porn, or any pornography at all, isn't bad?
The WORST thing that has EVER happend when an otherwise mentally stable individual has downloaded or otherwise VEIWED ANY sort of
pornography, is quite simply that they had to
clean up a sticky mess from masturbating.
Downloading, viewing, and exchanging porn is
fine in my eyes.
> pornography is a sick capitolist industry
> praying on human frailty and weakness.
> Porno=materialism, plain and simple. It chains
> you to a meaningless material world, much the
> same as money etc.
I can certainly sympathise with yout hatred of
capitalism. It *IS* one of the most destructive
systems I can think of. However, all porn does
is give a person visual material with which to
fantasise. Fantasy is perfectly natural, and is
a healthy part of sexual expression.
> It kills off the intellectual sect of the mind
> and prays upon the strictly animalistic side of
> it.
Humans ARE animals. I, personally, think that
embracing and satifing "animal instincts" is
an important part of leading a balanced life.
To do any less is to deny our animal nature and
in the end to live in a world of self-delusion.
> sn't the spam simply another form of "free
> information"?
While free flow of information is fine with me
and ism in and of itself, a good thing. It is
not an end that justifies all means. Just as sex
is a beautiful thing, forcing sex on another
person (ie rape) is an ugly thing. Spammers
steal network resources to advance their own
capitalist interests.
> Honestly, who here hasn't ever accidentally
> come across pornography?
Here I agree with you. Yes, the techniques that
are used to advertise porn is just as bad as
spammers. Their use of incorrect descriptions is
distastefull at best.
However, underhanded buisness practices are not
pornography. It is their buisness practices that
are wrong, not their "wares". I, personally,
refuse to do buisness with ANY company, no matter
what they are peddling, that engages in these
practices.
"I opened my eyes, and everything went dark again"
I really have to ask, does anyone know is SPAM profitable? Are these just un-informed idiots that really don't know that they're wasting their time? Does anyone have information on this?
Furthermore has anyone even _heard_ of someone that bought something because of SPAM?
I've received SPAM that I believe to be quite profitable and which probably attracts a large number of users to the sites being advertised. My e-mail address is listed on several business brokerage sites, and every day I get e-mail advertising new sites. I don't visit them because SPAMMers must die ehm, I mean, I don't support their use of that advertising medium, but I bet lots of other people whose e-mails are up on similar sites would. This is targeted SPAM and not quite the random stuff you're talking about, but....
If the UDP were a passive, mass refusal to carry traffic from @home, I would support it. But active seek and destroy to all news posts originating from @home? That's a DOS attack on the (mostly) innocent users of @home. It is wrong
Actually, the way I understand it is that administrators only send @home posts to the bit bucket as they come into their own systems. This prevents all downstream servers from getting them but still allow other admins that don't honor the UDP to pass them along on their merry way. So some people will still be getting the posts. I don't think that anyone is actually wiping the posts off of servers that they don't control.
As you can see by my email address above, I'm one of the users that will be affected by this, but I'm in full support of this action. I plan on letting @home know that I am not pleased with their lack of action on this matter and will be urging other users to also express their opinions. All in a polite, non-flammable way of course.
Do this don't do that Can't you redesign.
Hmmm well I supose your right. However the entire
internet is based on client server architectures.
As such I assumed the argument was that getting
a client is some big deal and some tough step.
In truth its as easy as telnet.
"I opened my eyes, and everything went dark again"
Sludge wrote:
As I hinted above, servers are against the rules with @home.
Actually... You should go pull up the service agreement and read it again. It seems they've amended it recently. I was looking at it over the weekend, and all I could find was a section in "Service Characteristics" subsection "b" that basicly says "If you run a http or ftp server, someone may hack your box. Don't blame us." This surprised me, because it used to say "No servers of any kind. Period!". I'd post my SLA/AUP but it specificly restricts me doing this.
Your service agreement may read differently. In my area, @Home has lots of bandwidth. I've hit 550Kb/sec. on ftp downloads. (There's like 3 of us on the segment... :-) There's a 128k upload cap, which may account for the server restriction being removed. YMMV.
Temkin
As for the packet loss issue you have mentioned... I have come up with a solution to get @home back into gear...
In October, I have created a shellscript to keep log of ping requests (every few seconds) to the @home gateway and DNS servers. This would then give me a total downtime in minutes for the month.
The month of October has shown an @home downtime of 2206 minutes on my server (logs are available)
After calling to complain at the end of the month, they gave me a measly $2.40 credit (or something like that)..
The Month of November improved slightly and gave me a downtime of only 1906 minutes (about 15% downtime). Still extremely poor.. I called and complained. Spoke with a supervisor this time. He was kind enough to give me a free month.
Then comes around the month of December. After speaking with people from the Rogers@home users association and informing them of the program I made to get people to use it (back in October)... I have noticed a significant improvement in downtime and packet loss.. Downtime has improved to just over 200 minutes (close to 0% !!).. A Lot Better.. As for January, so far I only have about 100 minutes of downtime which is very good relative to a few months ago.
If anybody would like some more info on this cheap shellscript I made, or in yelling @ supervisors to get free months (apparently they can give you 1 month credit for every 3 months of non-stable connections), feel free to email me.
Take out the 'no.spammers-xyz' in my e-mail and you've got my address..
I'll be happy to send out this shellscript I created for linux as long as I get credit for the creation..
Of course, they forge-approved it to two newsgroups that I moderate, and my 'bots cancelled it.
Aah, well, I reposted it in news.admin.net-abuse.policy. Enjoy, folks.
- Tim Skirvin (tskirvin@killfile.org)
Its not in deja.com yet, and I didn't want to reproduce it here to avoid possible copyright issues, so here is a link to it.
After my complaint email was sent, I received an automated reply stating:
a)that I would likely not ever hear anything from them regarding this matter, and
b)that they would take no action unless I included my system logfiles and other detailed information.
As a comparison point, I offer my experiences with Pacific Bell Internet Services (pbi.net), @Home's largest competitor in my area (San Jose, CA):
After a similar incident, PBI sent me an automated response, followed by a hand-written email (oxymoronic?) indicating that the user had been contacted and warned that further attempts would violate his service agreement and be grounds for termination of service. A few days later, I received a second personalized email including an explanation of the incident and an apology from the attacker (who explained that this was an accident - he was trying to test his own security and didn't realize his tools were running against a wider range of IPs).
While I don't expect this high level of service as a rule, it made me feel good about my choice of ISP.
As seen on athome.announce:
Many of you have been posting your questions and concerns
in reference to the proposed Usenet Death Penalty (UDP) which
would block the @Home Network from posting to USENET. I have attached
our official response to the Usenet community and the press here but
wanted to bring attention to a couple of points that are raised here:
- This afternoon we began a network wide scan targeting open proxy
servers.
- If an open server is identified, the customer associated will be
blocked from posting to Usenet until such time we are assured that
the proxy software is secured.
------------------------------
To the USENET community:
In response to the recent UDP call for @Home Network to be removed
from interacting on the USENET, we are submitting an official
response
with a proposal of short term and long term news spam prevention
initiatives. Excite@Home is very committed to participating
respectfully on the Internet, and we have taken previous requests for
action seriously.
We have found that the primary source of our excessive USENET posting
history comes from subscribers who have installed proxy software
incorrectly. Unbeknownst to the customer, this mis-configuration has
allowed outside access to the @Home news servers, and has resulted in
our subscribers becoming spam relays. Because these various IP
addresses create holes in our network, spammers have taken advantage
of this mis-configuration, and have posted thousands of newsgroup
messages through our news machines.
As of today, we are stepping up our involvement and taking more
aggressive action by performing frequent network wide scans of our
customer base to target proxy servers. Once these customers are
identified, we are suspending their news service immediately.
Re-enabling will not occur until we are assured that their machines
are secure. We feel that this proactive effort will dramatically
decrease the amount of extraneous news traffic originating from
home.com.
We are committed to promoting better Excite@Home participation on
the
USENET, and we are in the process of modifying our current news
product and news architecture. We are also implementing more user
education as a parallel initiative.
With these new tactics in place, we are asking for an extension to
our
USENET access beyond the 18th of January and we are confident that
the
USENET community will see positive news statistics coming in the next
few days.
David Jackson
Manager, Network Policy Management
Excite@Home
Carol
Newsgroup Policy Specialist
Excite@Home
I've used @Home with Cox in San Diego for something like 2 years at this point. Outside of the #%^#^ 128Kb outbound cap (vs. 400KBs pre-cap), the service has been good - I've had one or two outages over that entire period, maybe 10 hours total - you won't get a contract specifying that kind of uptime with a dedicated line without a LOT of money & effort! While I don't often see >1.1MB/s transfers, that's more the remote server than anything else; I frequently see 800KB/s+ agregate. I've never had a setup problem in spite of the fact that it's only been the last 2 months that I've had a computer in my house running a supported OS.
Depending on your software, the implementation varies, but the mechanism is the same. UDP cancels are posted such that they look like they came from a site called udpcancel. You need to set up your software to reject articles with "udpcancel" in the Path: header.
The faq mentions somehting about this towards the bottom, but it's not really obvious.
"We are not tolerant people. We prefer drastically effective solutions"
>activity, I have no problem contacting law enforcement to resolve the issue.
Oh yeah, they'll be all over that puppy.
"Don't worry about a thing, sir. Me and my partner, Officer Krupke, will take care of things. Let's see, first we'll secure the crime scene. Hey, Scott -- er, I mean, Officer Krupke, do me a favor and bring up a shell on the router. Let's bring down some services and quiet things down in here. Sir, could you turn down that Xamp over there? Thanks."
"All right, people, I've got root here now. Anybody needs a whole in the firewall will have to go through me. I'm gonna start my investigation now. Let's see here, what does the syslog say?..."
Yeah, that makes sense.
RP
This is what *should* happen ro rogue ISP's. If they allow spam, make sure they can't spread it. This company has done a lot of things for the Net business, most of them wrong.
A former employee posted earlier, talking about how @Hone's employees were spread too thin to handle the abuse. The way I read that, it sounds more like the execs got greedy. They expanded the company more quickly than it could realistically handle, which is why the employees were so overloaded. The bosses called a bad tune, now it's time to pay the piper. I have no sympathy for a business that gambles like that and gets burned. I do feel sorry for the employees, but that's another matter entirely.
Besides which, I don't expect this UDP to last very long. Either @Home will clean up its act, or it'll wither under the stigma of being UDP'd. Either way, their fate is in their own hands. They can bouce back, or they can screw themselves royally, but either way they will do it. No one else. I have a lot of trouble with people who are told again and again that there will be consequences for doing bad stuff, but then when those consequences finally do come about people say it's unfair. It is unfair for the legitimate @Home customers, who are going to get screwed. @Home should have realized that sooner, because they face the possibility of a class-action suit if the UDP goes into effect. Even if there's no suit, people will simply leave (and thus not be hurt by the UDP anymore, which is why I'm still supporting it; the ligitimate customers can get away from the UDP's adverse effects).
And it is an attack. It it not a "boycott" as so many seem to say
Umm, maybe i just fell down the stairs a few too many times when i was a kid but how can this possibly be a DOS attack? Usenet doesn't work like email in that messages don't get bounced, they just don't get propagated - so you won't see bouncemail flooding back to @home (ironically, they probably have the bandwidth to handle it.)
Secondly, it is not possible for a news daemon to actively delete posts off another server - that would be what we hardcore "31337 h4x0rz" like to call a "gaping security hole."
The UDP is simply an active agreement between SA's stating that we won't pass spam from one network onto another.
If the UDP were a passive, mass refusal to carry traffic from @home, I would support it.
So...you support it then?!
--FluX
What's tiny, yellow, and VERY, VERY dangerous?
a canary with the super user password
"It is seldom that liberty of any kind is lost all at once." -David Hume
Parents are legally responsible for the acts of their minor children. Jr. abuses the @Home account, Dad (or Mom) pays. It's called responsibility, folks.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
I've found even the modified search forms (there are several floating around) hard to use given Deja's current breakage. The real lifesaver for me is dejasearch, a command line utility. Throw it a search and it saves the result set to a file which you can then browse. Find it here at Freshmeat.
What part of "Gestalt" don't you understand?
What part of "gestalt" don't you understand?
That's why I don't pity the Windoze users when they BSOD. (Or at least I try not to show any compassion.) They put money into Microsoft's pockets instead of hiring good people.
Yeh, but what about all us software pirates?
"Suble Mind control? why do html buttons say submit?",
ReadThe ReflectionEngine, a cyberpunk style n
Oh no, the RBL is much more powerful and deadly than that. It stands for Realtime Blackhole List, and as I understand it, the 'Blackhole' part really means what it says: all packets, and I mean ALL packets, from the blackholed host(s), including their routers, are sent DIRECTLY to hell (/dev/null) by ALL routers which subscribe to said list. This means that the guilty hosts are _completely_ dead as far as the Net is concerned. :)))))))
Because of its power, the folks who maintain the RBL insist on very, very stringent rules before they'll blackhole anyone, remembering that spammers are an example of the breed of demihuman we call 'unsociable', and who are therefore quite likely to try to blackhole, for example, anybody who's voluntarily taking part in a UDP against them. They are the dirtiest fighters out there, and spam is an example of their tactics. If they could use chemical or biological weapons against us white hats, they would do it in a heartbeat.
To learn more, go here:
http://maps.vix.com/rbl/
White hats have great power as long as we stick together against the bullies, just like we used to do in the playground!
Join the UDP if you can!!! It will bring @home back into the fold faster if you do, and any _innocent_ users of theirs will therefore be relieved sooner.
"We reject kings, presidents and voting. We believe in rough consensus and running code." Dave Clark, IETF
Well not only that, but if you read the FAQ then it explains in section 11 about "what about the legitimate users being cut off?". Section 8 also deals with those who 'hijack open servers'.
Basically, I see the UDP as saying "this site's users are toss-pots and the site admins aren't doing anything about it, block site, solve problem" and the existence legitimate users either forces the ISP to clean up its act, or they all go elsewhere - who'd want to subscribe to a lame ISP?
All in all, sounds like a good thing to me. Surprisingly enough, Deja notwithstanding, there are those of us who use news clients, subscribe to individual news groups, and read them as 'regulars'. We don't want no stinkin' @Home twerps on my newsgroups, for starters!
~Tim
--
Rushing on down to the circle of the turn
Pan is nice, rather stable, and going in the right direction, however it lacks several things to be actually usable: a killfile and a search facility. Without that, it's impossible to do anything useful in the crowded Usenet.
slrn supports Grouplens, but apparently this project isn't accessible anymore. They've moved to a commercial (closed source) model, and there does'nt seem to be any kind of public access. But I might be wrong.
And yet here we have hordes of slashdot posters positivly rejoicing that EVERY @home user is going to be censored.
Sigh. One more time, slowly.
It is not censorship to prohibit the operation of sound trucks in residential neighborhoods in the middle of the night.
It is not censorship to stop someone from spray-painting a message on your front door.
It is not censorship to keep your e-mail account secured so that script kiddies can't use it to announce "YOU ALL SUCK".
It is not censorship to reject messages from a spamhaus.
What part of this progression eludes you?
/.
/. If the government wants us to respect the law, it should set a better example.
> Golly gee, and here I was thinking that telnet
> was a client. Guess not.
It is...thats the point...anything that connects
to anything is a "client". I was trying to point
out how silly the argument was.
>> Find a particular server? How is it any
>> differnt from email? Should every ISP just
>> automatically allow anyone, free of charge,
>> to have an email acount on their server?
> Well, there *is* the fact that the UDP doesn't >exist in the email world..
You avoid the question. Is or should your ISP be
required to offer everyone free email acounts?
UDP DOES btw exist in email. Ever heard of a
"Realtime Blackhole List"? Feel free to look
it up. Its basically the same thing, a
VOLUNTARY blocking of email from IP addresses
by a wide number of sysadmins.
> Betcha you aren't willing to add
> alt.binaries.mp3s or whatever NG carries mp3s on
> usenet if you don't have it already.
Noone has requested it. The issue has not come
up. Certainly any binaries group needs to be
considered a little more heavily than other
groups, if for no other reason than the amount of
server space needed to physically store its
messages.
> Cable modems, IMHO, should be banned by the
> gov'mt. Everything oughta use DSL. Cable modems
> are such a lousy architecture.
And the government should ban everything that is
lousy? I dunno about you but I am already mad
about how they force me to pay taxes under threat
of force, and then go on to mis-manage my money.
In the words of Thoreau, "the best government is
that which governs not at all"
> B) Well, then I guess the'll find out it was a
> bad idea to run the proxy, because their account
> will get canceled. So what?
Noone is saying that the ISP should be canceling
acounts. Perhaps temporarily suspending or
blocking acounts until they can talk with the
user. They are just asking for some sort of
action to help stop spam. Educate users. Suspend
acounts when needed. Email services do it. Why not
for usenet posts?
>Given what you're responding to, I take it that
> you're saying "yes, spammers are worse than
> demons".
Spammers are not mythalogical creatures. I am
absolutely sure of their existance. The only
deamons I believe in the existance of have names
like "Cron" and "Sendmail".
For the record I am an atheist. So yes, spammers
are worst. Now god on the other hand, him I could
make a case for being worst than spammers, but
only because of the millions his name has been
used to justify the slaughter of.
"I opened my eyes, and everything went dark again"
> You see no real problem with software piracy?
> Excuse me, but as a software developer I would
> ensure that anyone who pirates my software is
> prosecuted to the full extent of the law. I have
> reported employers, companies and sites to the
> SPA for software piracy, and shall continue to
> do so until there are no more WaReZ vermin
> around.
And as a software developer, I do not feel that
I have the right to stop anyone from copying
or using my programs, No matter what the law says.
No amount of copying or use can ever hurt me in
any way shape or form. I have never reported
anyone to the SPA, nor will I ever.
All software which I hold copyright for gets
released under GPL or other Free Software
licence.
Of course...im just plain not a capitalist.
I don't care about the money. Sure I could make
money by writting software and forcing people
under penalty of law to pay for it...but I feel
that is immoral, so I don't do it.
"I opened my eyes, and everything went dark again"
I agree with you tottally. However it is a
completely differnt issue. I do not believe that
that is any sort of reason to regulate the net.
The people who force children into these
situations are horrible and deserve to be
hunted down. However, prohibiting thier warez
does not stop them. They will always be able
to profit.
Whenever you prohibit a product, you increase
its value, and thus perpetuate its market. It
is the dark underbelly of capitalism.
I do not believe that a person who simply views
anything should be persecuted. Go after the
monstors. Kill the root of the problem, not
the symptoms.
"I opened my eyes, and everything went dark again"
Do you read each spam message personally to decide whether to delete them or not, or do you have an automated solution?
How much time or resources are you wasting which could be put to better use (like more newsgroups or longer expiration times)?
> I've unvillingly stumbled across a number of
;)
:)
> porn sites. I hate it. If I want to look at
> dirty pics I can find them myself, thank you.
heh same here. I also havn't spent more than 2
hours looking for porn since I turned 18 several
years ago. Now that Its legal and acceptable
its just no fun
> What I've *never* seen is this famous internet
> kiddie porn. (though I haven't really looked for
>it). How come, do you think?
Interesting story...I came across it exactly once.
but never realized it till a couple of years
later.
I originally joined "the net" over a 14.4 dialup
on my Apple IIGS. I was 16 and would search
usenet for porn. I downloaded a sizeable amount
for a 16 year old with a 14.4 and a 2.6 MHz
computer
Well on my GS I could only view JPGs in black and
white (limitation in the jpg viewer) and it took
SEVERAL MINITES to decode and display 1 JPG.
Years later I moved all those JPGs to my PC...one
day I went through them all and saw one picture
I never knew was there...it was an "index" of
about 5 pictures of some girl who looked about
9 years old.
She certainly apeared to be enjoying showing
herself off to the camera (guess she hadn't been
taught how traumatized she is suposed to feel yet)
I dunno...I still have the picture filed away
somewhere...but I never throw anything out...too
much of a packrat I guess.
Just my little anectdote. Take it how you will.
However out of the hundreds of pics I downloaded
back then, only 1 turned out to be this kiddie
porn.
"I opened my eyes, and everything went dark again"
Why don't you try flipping the bill for the extra resources it takes to process the spam? Spam costs ISP's money. ISPs are supposed to have a direct connection to a network. This theoretically should not really cost all that much. All of the various businesses and such don't have metered access and are most likely operating on a monthly fee of some sort at the worst.
Slashdot social engineering at it's finest
Flux, do you even know what an active UDP is?
Read the FAQ:
http://www.stopspam.org/usenet/faqs/udp. html
Pathost aliasing is usually associated with passive UDP, and this is explicitly an active UDP.
Yes, messages do indeed get "actively deleted" off other servers.
That's not, as you called it, "a gaping security hole". It's the normal default functionality of most news server software. You have to explicitly remove that functionality for it to not be there, with most commonly-used news servers.
You might want to read this faq, as well:
http://www.landfield.com/faqs/ usenet/cancel-faq/part1/