Clarkson was at fault. BBC is at fault. Society is at fault. We like to watch Clarkson BECAUSE he is not above being non-PC if he thinks he has a reason.
You can assign blame however you like, but the punch was thrown by Clarkson. Nobody physically forced his hand. If he really is the same person on and off screen, he may want to consider seeking psychiatric help.
If you don't like him, don't watch him.
Personally I think he's hilarious. I've been watching Top Gear for about a decade or more now. That is not an endorsement for him to be as arrogant off screen as on, though; I view Top Gear as a source of entertainment. People who watched Breaking Bad didn't expect Bryan Cranston to be a meth cooker in real life; why would I expect Clarkson to be the same person in real life that he portrays on TV?
I haven't purchased a new desktop CPU in at least that long. I know we have great new stuff out there but I just haven't seen anything come in for some time that justifies the cost when my existing stuff still works for what I do.
The whole thing boils down to Political Correctness
No. Not at all.
Seriously, read what happened. Yeah, BBC has done plenty of bone-headed things in the name of PC. This, however, is not one of those things. Clarkson punched a staff member. He admitted to doing it. Physical assault is very clearly a violation of workplace terms there. Hell, if you punched a coworker at your place of employment could you reasonably expect to keep your job? I'm quite sure I could not and I am not nearly as highly regarded (or highly paid) as Clarkson.
This ended up being about the fact that the same rules need to be applied all through the pay scale. Just because he is a celebrity, and a host of the most watched television program in the world does not mean that rules do not apply to him. Hell, if that had happened here in the US, he'd be facing a multi-quintillion-dollar lawsuit already.
I think I can rummage that much up for this site. Given what I've seen around here lately I would expect $5 would cover the expenses of this site for everything but the web hosting costs (which shouldn't be awful considering how few people still read this site). I could probably get the other users to kick in $5 each as well, as we could really have a party.
Or do we have to buy sourceforge in the same purchase as well? That is actually worth something. We might need a banker.
... we still can't get competent editors at slashodt. Certainly there must have been someone who minored in English or Journalism who could take care of these atrocious front-page grammar and readability issues? I've seen better writing in comment sections of code written by people who learned English as a third or fourth language.
Obviously if you investigate far enough into this, you will eventually find the email between Hillary, Obama, and ISIS that orders the attack on Benghazi. It's in there, don't let anyone tell you otherwise.
In my travels I have found that US airports vary widely in availability of electric outlets for charging devices. For a while a lot of them were making them only available on a pay-per-use basis. Others had outlets freely available but not enough of them.
Cell service is nice and all, but being as I'm flying steerage class where I pretty well never get an outlet to plug anything in to, I'm more interested in what I can do to charge my devices before the cattle call for boarding comes up. Doubly so at hub airports where I am connecting.
Once again, we seem to be in complete agreement. I did the enhanced logging for amusement [That's why the logger never did a fail2ban equivalent]. Sometimes, I do "tail -f logfile" to watch the fun in realtime.
It is nice to see someone not calling me crazy over doing such things. I wouldn't do this in a production environment, and suspect you likely wouldn't either. Sometimes free entertainment is a funny thing in what some people find entertaining, I guess:)
I was considering adding automatic whois lookup, with abuse@blah.com scraping, and then send the applicable part of the logs automatically [with a copy to the FBI:-):-):-)]
Have you had any luck getting responses from Chinese ISPs when you report abuse? I used to do it fairly regularly but for years now it seems like I might as well just send the report to/dev/null instead. While the lack of response doesn't mean they aren't doing anything, it doesn't support any notion of the email being read by a human being, either.
Your data correlates with mine and I've been logging for years [I have 450,000 log entries at present and I have a non-published IP address, not tied to any DNS, so my traffic will be lower--just so I can login to my desktop from Starbuck's using my laptop].
I am comfortable stating that the script kiddies are most likely attacking my system by IP address alone, not by its domain name. I say this because I have yet to see a single one of their IP addresses show up in both my system and httpd logs. Of course, they may have seen the website and then attacked it by name from another system but that seems like more effort than it would be worth. I have also searched for their IP addresses before and found other blog entries from other people online - generally people not hosting web pages at all - which also suggests these kids are just going through IP address ranges and running their scripts on any system that responds.
I do like your approaches, I may keep them in mind in the future. For now, I actually view the failed attempts as amusement. My ISP doesn't seem to care at all (even though I have a residential cable modem) and it doesn't hinder my ability to do what I need to do, so it doesn't really make a difference to me at present. I could certainly see that changing in the future, though.
They don't care about your server, they care about getting as many servers as easily as possible, and you do that by automation and wide spread attacks.
I should have been more verbose, I am fully aware that they don't care about my server specifically. Indeed they would almost certainly try a lot harder if they did.
Don't be so cocky with your massive log of failed access attempts, everyone gets those
I am aware that it is quite common. I was not intending to come across as "cocky", I'm not sure why you came to that conclusion.
you should consider what happens when something with a brain tries to hack your server with a modicum of effort.
If someone wants badly enough to get in, they will get in. Indeed as you said most of the Chinese attempts are just looking for highly vulnerable systems that they can easily get in to. I have my system open in the way it is open for a reason, and I accept the risks that go with it. So far it has worked out for me; nobody has felt it was worth the effort to get in (and if they did get in, they would likely conclude afterwards that it wasn't worth the effort!). I know a lot of the script kiddies are doing this to try to build botnets; if my server suddenly started going apeshit in the middle of the night, it would be time to power it down and reinstall the OS from scratch.
I have a web server at home running openssh, open to the world (for reasons that are not critical here). I regularly have various idiots trying to hack in to it, which I find amusing.
The majority of attempts are done on root. It is not unusual to have thousands of attempts in 24 hours. They'll never get in that way; not because the root password is difficult (it is difficult enough that a few thousand guesses would not likely be sufficient) but rather because like any sane person I don't allow root to log in through ssh.
Occasionally I see "white pages" attempts, going through long lists of common names. They make usually no more than 3 attempts at each name (I presume one attempt is blank, haven't bothered to see what the others are). The problem with that strategy is that they pretty well never hit a valid name. Being as my ssh server won't respond any differently to a valid name than to an invalid one, they never get any useful feedback on that endeavor.
Now, important systems (say at large corporations) are probably targeted by more dedicated attempts than what gets directed at my server. I mostly see script kiddies from China who give up after 24-36 hours. These kids certainly won't benefit from this bug.
A lot of people have blind faith in the ability of spam filters to "solve" the spam problem, without acknowledging where the problem is. It is no surprise that someone is attacking me for questioning that line of thinking, it has happened before.
So increasing the cost of sending spam should reduce the incentive (positive profit) to spam. Key-based authenticated email with some nominal fee is one way (with its own shortcomings of course)
That is one way to do it, but not my preference. The problem with that method in particular is that it does require everyone who uses email to switch to it immediately in order to be of value.
My preference is to actually interrupt the flow of money to the spammers (and pushers of spamvertised products). This has actually been shown to work in the past, as spammers have no incentive to push product that they don't get paid for. Preventing the spamvertised domains from successfully processing credit card orders stops their income flow, and prevents them from paying the spammers. If the spammers aren't getting paid, they quickly find other work (in the current situation that is generally other domains that are interested in being spamvertised, but once enough are shut down the spammers start looking for other uses for their botnets entirely).
This is massively more effective at preventing the transmission of spam than filters.
That kind of accounting would not be scandalous here, and likely result in huge bonuses instead.
Fat bonuses for short term profit margins are the reason for the scandal to begin with.
In other countries, it is scandalous to do such things. Here it is "business as usual" or "the infinite wisdom of the (invisible hand of the) free market".
One of the ways of combating it economically is to make it require more effort to successfully deliver spam to the target recipients. i.e. using a filter.
The problem is that the spammers can acquire more opportunity to get past filters (by taking over more computers for their botnets, to send more spam from with more permutations designed to confuse filters) with more ease than the time it takes to train the filters on what is spam and what is not. When using filters, it becomes an arms race - and only the spammers can win.
In other words it already costs the spammers almost nothing to send out a deluge of billions of spam emails. They already know how to tweak the message contents and parameters to get around many common filter rules. They also know that with the exception of people who primarily use "free" (rather than work or ISP provided) email addresses, their best potential customers aren't protected by the newest and "most clever" spam filter rules any ways.
Basically, you cannot win the war on spam with filters. The filters just keep getting worse in terms of FP and FN; this is a win for the spammers. People keep putting more time and money in to adjusting the filters but this doesn't hurt the spammers either. If you want to stop spam, you have to interrupt the flow of money. Spammers will stop sending spam when they stop getting paid.
It is pretty much a given that the FP rate would go up as filters become more ubiquitous. This is how the spammers are winning the spam battles when people place too much faith in filters.
As I have said before, spam is an economic problem. We won't solve the problem with filters, or with any kind of punishment (legal or otherwise); we need to look at this rationally as an economic problem.
That kind of accounting would not be scandalous here, and likely result in huge bonuses instead. I see great futures for them on Wall Street or with any of a number of legal or accounting firms.
This appears to be a survey of spam that is caught by Symantec software. There is plenty of spam that is caught in hardware filters, ISP filters, and filters that are run by various free email services. The Symantec software is often filtering pretty late in the game.
Furthermore, no sane person should ever be patting themselves on the back if they are only addressing the problem with filters, as they will never resolve the spam problem completely. Spam is an economic problem, and only economic solutions will make it go away. Filters completely ignore that component and just encourage spammers to send out more spam and do more to make the FP and FN rates unfavorable for users.
No, there is nothing to be said about superfish, as Lenovo never installed superfish on a ThinkPad. As awful as superfish was for many reasons, it was never on any ThinkPad, ever. Period.
So..my Mac is light and the battery lasts all day.
But does your Mac have NVIDIA Quadro graphics? This is a workstation replacement laptop, not designed for just average use.
It also has a vastly superior pointing device (trackpoint rather than only a touchpad) and keyboard (lenovo rather than jello) when compared to your Mac.
That quote is essentially a restatement (or is it a prestatement) of what I thought I read when I read TFS. He's concerned about sound quality, and wants his listeners to hear it at what he perceives to be a better quality than "streaming".
That depends on how you interpret the quote, or more specifically how you interpret the crappy headline here on slashdot. The slashdot headline can be seen as portraying the musician as being snobbish; carrying a holier-than-thou attitude towards streaming technology.
Interesting that the headline here is butchering what Neil Young actually said in the summary:
For me, It's about making and distributing music people can really hear and feel. I stand for that. When the quality is back, I'll give it another look. Never say never.
Being as Neil Young recently called out Donald Trump on using his music without permission in a rally (and went on to say he would never support Trump for president) the awful misquoting in this summary suggests sour grapes. Being as "failure machine" Samzenpus has an established history of posting pro-conservative gibberish to the front page of slashdot, it wouldn't surprise me if this was done for that reason.
Slashdot Mirror
Clarkson was at fault. BBC is at fault. Society is at fault. We like to watch Clarkson BECAUSE he is not above being non-PC if he thinks he has a reason.
You can assign blame however you like, but the punch was thrown by Clarkson. Nobody physically forced his hand. If he really is the same person on and off screen, he may want to consider seeking psychiatric help.
If you don't like him, don't watch him.
Personally I think he's hilarious. I've been watching Top Gear for about a decade or more now. That is not an endorsement for him to be as arrogant off screen as on, though; I view Top Gear as a source of entertainment. People who watched Breaking Bad didn't expect Bryan Cranston to be a meth cooker in real life; why would I expect Clarkson to be the same person in real life that he portrays on TV?
I haven't purchased a new desktop CPU in at least that long. I know we have great new stuff out there but I just haven't seen anything come in for some time that justifies the cost when my existing stuff still works for what I do.
The whole thing boils down to Political Correctness
No. Not at all.
Seriously, read what happened. Yeah, BBC has done plenty of bone-headed things in the name of PC. This, however, is not one of those things. Clarkson punched a staff member. He admitted to doing it. Physical assault is very clearly a violation of workplace terms there. Hell, if you punched a coworker at your place of employment could you reasonably expect to keep your job? I'm quite sure I could not and I am not nearly as highly regarded (or highly paid) as Clarkson.
This ended up being about the fact that the same rules need to be applied all through the pay scale. Just because he is a celebrity, and a host of the most watched television program in the world does not mean that rules do not apply to him. Hell, if that had happened here in the US, he'd be facing a multi-quintillion-dollar lawsuit already.
director of the hand transplantation program at Children's Hospital
Have a lot of kids received single hand transplants there previously?
I think I can rummage that much up for this site. Given what I've seen around here lately I would expect $5 would cover the expenses of this site for everything but the web hosting costs (which shouldn't be awful considering how few people still read this site). I could probably get the other users to kick in $5 each as well, as we could really have a party.
Or do we have to buy sourceforge in the same purchase as well? That is actually worth something. We might need a banker.
That sounds like terrible news. Really, it would be hard to have a less coherent business plan than the ones that have been used thus far.
... we still can't get competent editors at slashodt. Certainly there must have been someone who minored in English or Journalism who could take care of these atrocious front-page grammar and readability issues? I've seen better writing in comment sections of code written by people who learned English as a third or fourth language.
Obviously if you investigate far enough into this, you will eventually find the email between Hillary, Obama, and ISIS that orders the attack on Benghazi. It's in there, don't let anyone tell you otherwise.
In my travels I have found that US airports vary widely in availability of electric outlets for charging devices. For a while a lot of them were making them only available on a pay-per-use basis. Others had outlets freely available but not enough of them.
Cell service is nice and all, but being as I'm flying steerage class where I pretty well never get an outlet to plug anything in to, I'm more interested in what I can do to charge my devices before the cattle call for boarding comes up. Doubly so at hub airports where I am connecting.
Once again, we seem to be in complete agreement. I did the enhanced logging for amusement [That's why the logger never did a fail2ban equivalent]. Sometimes, I do "tail -f logfile" to watch the fun in realtime.
It is nice to see someone not calling me crazy over doing such things. I wouldn't do this in a production environment, and suspect you likely wouldn't either. Sometimes free entertainment is a funny thing in what some people find entertaining, I guess :)
I was considering adding automatic whois lookup, with abuse@blah.com scraping, and then send the applicable part of the logs automatically [with a copy to the FBI :-) :-) :-)]
Have you had any luck getting responses from Chinese ISPs when you report abuse? I used to do it fairly regularly but for years now it seems like I might as well just send the report to /dev/null instead. While the lack of response doesn't mean they aren't doing anything, it doesn't support any notion of the email being read by a human being, either.
Your data correlates with mine and I've been logging for years [I have 450,000 log entries at present and I have a non-published IP address, not tied to any DNS, so my traffic will be lower--just so I can login to my desktop from Starbuck's using my laptop].
I am comfortable stating that the script kiddies are most likely attacking my system by IP address alone, not by its domain name. I say this because I have yet to see a single one of their IP addresses show up in both my system and httpd logs. Of course, they may have seen the website and then attacked it by name from another system but that seems like more effort than it would be worth. I have also searched for their IP addresses before and found other blog entries from other people online - generally people not hosting web pages at all - which also suggests these kids are just going through IP address ranges and running their scripts on any system that responds.
I do like your approaches, I may keep them in mind in the future. For now, I actually view the failed attempts as amusement. My ISP doesn't seem to care at all (even though I have a residential cable modem) and it doesn't hinder my ability to do what I need to do, so it doesn't really make a difference to me at present. I could certainly see that changing in the future, though.
They don't care about your server, they care about getting as many servers as easily as possible, and you do that by automation and wide spread attacks.
I should have been more verbose, I am fully aware that they don't care about my server specifically. Indeed they would almost certainly try a lot harder if they did.
Don't be so cocky with your massive log of failed access attempts, everyone gets those
I am aware that it is quite common. I was not intending to come across as "cocky", I'm not sure why you came to that conclusion.
you should consider what happens when something with a brain tries to hack your server with a modicum of effort.
If someone wants badly enough to get in, they will get in. Indeed as you said most of the Chinese attempts are just looking for highly vulnerable systems that they can easily get in to. I have my system open in the way it is open for a reason, and I accept the risks that go with it. So far it has worked out for me; nobody has felt it was worth the effort to get in (and if they did get in, they would likely conclude afterwards that it wasn't worth the effort!). I know a lot of the script kiddies are doing this to try to build botnets; if my server suddenly started going apeshit in the middle of the night, it would be time to power it down and reinstall the OS from scratch.
I have a web server at home running openssh, open to the world (for reasons that are not critical here). I regularly have various idiots trying to hack in to it, which I find amusing.
The majority of attempts are done on root. It is not unusual to have thousands of attempts in 24 hours. They'll never get in that way; not because the root password is difficult (it is difficult enough that a few thousand guesses would not likely be sufficient) but rather because like any sane person I don't allow root to log in through ssh.
Occasionally I see "white pages" attempts, going through long lists of common names. They make usually no more than 3 attempts at each name (I presume one attempt is blank, haven't bothered to see what the others are). The problem with that strategy is that they pretty well never hit a valid name. Being as my ssh server won't respond any differently to a valid name than to an invalid one, they never get any useful feedback on that endeavor.
Now, important systems (say at large corporations) are probably targeted by more dedicated attempts than what gets directed at my server. I mostly see script kiddies from China who give up after 24-36 hours. These kids certainly won't benefit from this bug.
That said, I will still patch my server.
So increasing the cost of sending spam should reduce the incentive (positive profit) to spam. Key-based authenticated email with some nominal fee is one way (with its own shortcomings of course)
That is one way to do it, but not my preference. The problem with that method in particular is that it does require everyone who uses email to switch to it immediately in order to be of value.
My preference is to actually interrupt the flow of money to the spammers (and pushers of spamvertised products). This has actually been shown to work in the past, as spammers have no incentive to push product that they don't get paid for. Preventing the spamvertised domains from successfully processing credit card orders stops their income flow, and prevents them from paying the spammers. If the spammers aren't getting paid, they quickly find other work (in the current situation that is generally other domains that are interested in being spamvertised, but once enough are shut down the spammers start looking for other uses for their botnets entirely).
This is massively more effective at preventing the transmission of spam than filters.
That kind of accounting would not be scandalous here, and likely result in huge bonuses instead.
Fat bonuses for short term profit margins are the reason for the scandal to begin with.
In other countries, it is scandalous to do such things. Here it is "business as usual" or "the infinite wisdom of the (invisible hand of the) free market".
One of the ways of combating it economically is to make it require more effort to successfully deliver spam to the target recipients. i.e. using a filter.
The problem is that the spammers can acquire more opportunity to get past filters (by taking over more computers for their botnets, to send more spam from with more permutations designed to confuse filters) with more ease than the time it takes to train the filters on what is spam and what is not. When using filters, it becomes an arms race - and only the spammers can win.
In other words it already costs the spammers almost nothing to send out a deluge of billions of spam emails. They already know how to tweak the message contents and parameters to get around many common filter rules. They also know that with the exception of people who primarily use "free" (rather than work or ISP provided) email addresses, their best potential customers aren't protected by the newest and "most clever" spam filter rules any ways.
Basically, you cannot win the war on spam with filters. The filters just keep getting worse in terms of FP and FN; this is a win for the spammers. People keep putting more time and money in to adjusting the filters but this doesn't hurt the spammers either. If you want to stop spam, you have to interrupt the flow of money. Spammers will stop sending spam when they stop getting paid.
It is pretty much a given that the FP rate would go up as filters become more ubiquitous. This is how the spammers are winning the spam battles when people place too much faith in filters.
As I have said before, spam is an economic problem. We won't solve the problem with filters, or with any kind of punishment (legal or otherwise); we need to look at this rationally as an economic problem.
That kind of accounting would not be scandalous here, and likely result in huge bonuses instead. I see great futures for them on Wall Street or with any of a number of legal or accounting firms.
DOS 6.2 was good. 6.22 wasn't exciting, so I stopped there. Has anything notable changed?
It's been over 2.5 years since their last "alpha" release. I figured it had been abandoned completely by now.
This appears to be a survey of spam that is caught by Symantec software. There is plenty of spam that is caught in hardware filters, ISP filters, and filters that are run by various free email services. The Symantec software is often filtering pretty late in the game.
Furthermore, no sane person should ever be patting themselves on the back if they are only addressing the problem with filters, as they will never resolve the spam problem completely. Spam is an economic problem, and only economic solutions will make it go away. Filters completely ignore that component and just encourage spammers to send out more spam and do more to make the FP and FN rates unfavorable for users.
No, there is nothing to be said about superfish, as Lenovo never installed superfish on a ThinkPad. As awful as superfish was for many reasons, it was never on any ThinkPad, ever. Period.
So..my Mac is light and the battery lasts all day.
But does your Mac have NVIDIA Quadro graphics? This is a workstation replacement laptop, not designed for just average use.
It also has a vastly superior pointing device (trackpoint rather than only a touchpad) and keyboard (lenovo rather than jello) when compared to your Mac.
That quote is essentially a restatement (or is it a prestatement) of what I thought I read when I read TFS. He's concerned about sound quality, and wants his listeners to hear it at what he perceives to be a better quality than "streaming".
That depends on how you interpret the quote, or more specifically how you interpret the crappy headline here on slashdot. The slashdot headline can be seen as portraying the musician as being snobbish; carrying a holier-than-thou attitude towards streaming technology.
For me, It's about making and distributing music people can really hear and feel. I stand for that. When the quality is back, I'll give it another look. Never say never.
Being as Neil Young recently called out Donald Trump on using his music without permission in a rally (and went on to say he would never support Trump for president) the awful misquoting in this summary suggests sour grapes. Being as "failure machine" Samzenpus has an established history of posting pro-conservative gibberish to the front page of slashdot, it wouldn't surprise me if this was done for that reason.