This patch allows you to blacklist sender or recipient addresses on the basis of their MX (or DNS) server's hostname and IP addresses. Blocking by DNS server was asked for long ago. I wrote it today because the same code can also be used to block verisign wild-card domains. /etc/postfix/main.cf:
smtpd_mumble_restrictions = ...
check_sender_mx_access hash:/etc/postfix/mx_access ...
Combined with the new CIDR table this also allows you to block mail from senders whose MX hosts resolve to reserved address blocks such as 127.0.0.0/8 or 192.168.0.0/16.
This patch was written with yesterday's snapshot. It will also apply with little trouble to the stable release.
This code is lightly tested. I haven't got the time to put this into operation here today.
I've had a remotely similar incident with Dell. For some dumb reason, they send marketing spam to MAILER-DAEMON@myisp.com where I am a postmaster (where 'myisp.com' would be the actual name of my ISP). The spam had instructions for removing your address via a website -- I tried it...didn't work. Then replied to the sender address asking that I be removed...didn't work. Then sent a message to abuse@dell.com and postmaster@dell.com asking to be removed...didn't work. Added the spamming class-C network to the deny file for my entire ISP -- no more spam.;-)
I must be asleep today, but what is so difficult about defining Public Domain? It has to be the simplest form of copy(right|left|middle) there is. The article seemed to bounce all over the place trying to make the issue confusing, but I'm confused about the confusion. ???
The only way I know to do this is to have the application prompt for the passphrase at startup. This stores the passphrase in memory and not on your harddrive. You could even encrypt the in-memory passphrase in case some uber geek cares to hack your memory.
Your question basically boils down to crisis management. Does Dell think it can manage this problem quietly without having to recall the product (or the part)?
I'm in a similar situation with my wife's `97 Dodge Neon. It started leaking oil a few days ago, so I took it to a mechanic. He told me the Neons have a terrible reputation for head gasket failure (ahh! $500 to fix that!). So, what do I do? Turn to google, of course, and found my way to neons.org. There I learned that the head gasket design is faulty and that Chrysler has even issued a new part to fix it. But did they recall it?? Nope. I learned from the neons.org site that they have a "good-will" extended warranty and will pay for most of the repairs (charge $100 deductable). You have no way of knowing this though unless you learn it from a third party.
So, I'm in the same situation here. Do I demand they pay for all of the repairs? Should they recall the part for the millions of Neons (and other models with similar problems) around the nation? I don't know. It's embarrasing to recall a part, but it's more embarrasing when everyone eventually finds you that you should have. It's up to the customers to have sites like neons.org to keep these companies honest.
Yeah, say that to the people who died while smart bombs rained on the bunkers they were taking shelter in.
Feel free to provide evidence of your claim. I'm unaware of the US taking out bunkers occupied by innocent civilians.
...Look at Cuba, Iraq, Afghanistan, Pakistan.
You just named 4 countries that prove my point. These dictators don't care one bit about the people they rule over. I'm baffled that their people continue to follow them after their dictators turn their backs on them.
Guess what, the Afghanistan defense, including Bin-Laden's involvement, was US funded and CIA trained. Your entire argument works against itself. Everyone looks at the dictator-support we provided during the cold war with disgust. We ruined far more countries than the Soviet Union.
So...we should have let the Soviets overtake Afghanistan? You're entitled to your opinion, but I don't believe we could have envisioned the Afghan's turning against us like they have.
Hiroshima, Nagasaki, Dresden, the entirety of Vietnam.
I firmly believe that the nuclear attacks on Hiroshima and Nagasaki *saved* more lives than it costed. We can't take it back even though we wish we could. Historians have argued that the attacks probably saved millions of lives. The Japanese mainland was heavily fortified and the Japanese people would have fiercely defended it. I think the death toll would have been much higher had we tried to take the mainland by conventional means.
I'm not very familiar with the Dresden incident. What I do know lends me to believe they were unwarranted and unnecessary. We've learned our lesson.
As for the Vietnam war, the civilians (like the Japanese would have been) were often the weapon-carrying enemy. I was not there, and I seriously doubt you were. That was a difficult war under difficult circumstances. It's unfortunate the number of people who died, some of which were murdered. I believe we have learned from that war and have faith we won't make the same mistakes.
There are very, very valid reasons for hatred of America...
There are also very valid reasons for loving America. I think too many people try to isolate the bad from the good surrounding it. Our intentions are almost always good, though many fail to give acknowledgement to that fact.
Mistakes have been made. Lessons have been learned the hard way. That doesn't excuse mass murder like we saw Tuesday.
We've made some mistakes, but you're viewing all of these acts with more knowledge than we had when we made them. Hindsight is 20/20.
It's funny how you make several claims without backing any of them up. The only instance I'm aware of where we (alledgedly) killed innocent civilians is when we lobbed a missile into a pharmacuetical plant in the Sudan. That was a mistake and was obviously a breakdown in our intelligence gathering. We did not massacre civilians in Desert Storm. We can't guarantee the safety of civilians in a *WAR*, but we do everything we can to avoid civilian causualties. I'm ALSO unaware of us killing innocent civilians in Afghan. What the hell are you talking about??
We impose sanctions (occasionaly blockades) in order to break a country. That's the whole point. If millions of civilians are starving, why the fsck doesn't the leader make concessions with us?? Their leaders are the ones allowing them to starve, not us. Get your head out of your fairly-tale ass.
As for supporting corrupt governments, you have to look at them in context. We had the choice of supporting these smaller dictatorships or letting the Soviet Union run them over. Our goal in the Cold War was to bring the communist Soviet Union to it's knees. To do so, we had to keep it from gaining more territory.
And finally, we do not support terrorism. You are out of your fscking mind if you believe that, Mr. Coward. We do not massacre innocent civilians nor support such acts. Period.
Hmm...I've never thought of it like this before. Micros~2's relationship with many governments is a lot like OPEC is to the US. The US is heavily dependant on OPEC for petrolium, and OPEC could wreak havoc on our economy and our ability to defend ourselves. Micros~3 could essentially do the same things to a foreign power, and it would take weeks for a nation to recover if Micros~4 decided to cancel services to a nation. The upcoming technologies Micros~5 wants to deploy would make this even easier. Think about it...
Who's at fault here?
on
Code Red III
·
· Score: 1, Redundant
Well, contrary to what I've seen most people saying, I don't think it's Micros~1's fault. It's the adminintrator's responsibility to stay current. Laying this episode solely at the feet of Micros~2 is unfair. Yes, it's one of many exploits found in IIS, but NT admins, just like *nix and *BSD admins, have to be on their toes. IMNSHO, the Code Red episodes only show that thousands of NT admins are lazy morons.
I've been doing an experiment with myself: don't watch any trailers and see if makes the movie better.
So far, I've seen about 5 movies without seeing any trailers, and the movies are much better! The damn trailers give away too much and by the time I get to the theater, I already know how the movie progresses and ends!
So anyway, I hope some of you will try this. The movies tend to be much better when you don't see any trailers ahead of time. Cheers!
Well, let me try to draw a parallel to normal criminal law. Burglary is forceful entry with the *intent* to commit a crime. Larson is taking something that isn't yours without the owner's permission.
I would make the argument that using a MSSQL client to connect to the server is considered "forceful entry" just like opening an unlocked door would be. If your *intent*, upon connecting to the server, is to try and "steal" db records (for nothing more than to prove it can be done), then this is effectively burglary since you *intend* to commit larson (taking someone else's, otherwise private, information), unless of course you can the owner's permission to do so.
Look at it like someone leaving their front door unlocked. You walk in and see their tax returns on a desk next to a photocopier. You make a copy of their tax returns and leave. I guarantee you that you would be convicted of larson and burglary, and what you've described is no different.
I had a couple minutes and wanted to see what I could find out about James Rosini, the man who signed the LegalLetter. The only notable thing I found was that he represented AT&T when AOL tried to sue over their supposed trademark of "You've Got Mail." Here's a link:
http://techlawjournal.com/cour ts/aolvatt/Default.htm
If there is one thing I learned from my economics classes, it's that the U.S. has forever been built on a FREE and OPEN market.
For all of you snotty-nosed trolls, this means that there is open competition to help thwart these kinds of problems. Ultimately, you get what you pay for. If you buy a computer with a one year warranty (or no warranty at all), that's exactly what you get, damnit. If you want a two year warranty, buy from someone who offers such.
I will be very disappointed if this becomes a law. It effectively creates a government mandated warranty of two years. So, if you want to sell products in PA, you had better be ready to provide a two year warranty. God forbid we actually look at the real world, but there is actually a market for cheap computers that come with no warranty. Whatever mom and pop stores there are in PA, will be forced to provide a two year warranty whether they want to or not. So, this is actually a boost for big corps like Dell and Gateway. They can easy afford a two year warranty, while some smaller shops cannot.
So in the end, the government is forcing businesses to provide services they may not wish to provide, and the business has every right to not provide these services if they so choose. If this bill passes, the government will have chipped off a piece of the free enterprise system that has made America great.
I'm no fan of false advertising, and Microsoft(tm) consumers would be a lot better off if Microsoft(tm) would be straight with them. Here are some suggestions on what Microsoft(tm) should change the name of Outlook(R) to:
For the most part, I agree with restricting anonymity online. There are some situations (for example AC's on Slashdot) that warrant anonymity to protect the identity of the user (this is even questionable in my mind however), but Napster is definately not one of them. Anonymity is a shield for cowards to commit acts that they don't have to be accountable for--that's fundamentaly screwed up. If you can't be held accountable for your actions, you shouldn't be doing what you're doing. In RL you are almost never anonymous in what you do, and you shouldn't be able to run around on the internet like a cloaked bandit.
Is it just me or does all this sound just a little too familiar? Reminds me of Halloween ... De-commoditize protocols & applications OSS projects have been able to gain a foothold in many server applications because of the wide utility of highly commoditized, simple protocols. By extending these protocols and developing new protocols, we can deny OSS projects entry into the market. ... Fold extended functionality into commodity protocols / services and create new protocols Linux's homebase is currently commodity network and server infrastructure. By folding extended functionality (e.g. Storage+ in file systems, DAV/POD for networking) into today's commodity services, we raise the bar & change the rules of the game.
Hmm...I wonder if Microsoft employees are required to put a EULA and a huge copyright notice at the top of all of their emails to prevent future leaks from being posted on Slashdot. I guess then they would try to throw the DMCA at us for telling people to just use `tail` to view the email contents.;-) --
I don't see anything wrong with the info that gets sent back. It's an easy way for id to get a snapshot of their userbase. i'll personally be glad to send them packets stamped with "Linux." "Your heart is free. Have the courage to follow 'er."
read the article before you get your flamethrowers
on
Linus Puts Shields Up
·
· Score: 3
If you read the article (unlike almost every single person that posted a 'talkback' on zdnet), you will see that the author isn't bashing Linus for this. He's just stating the fact that Linus has a media buffer now. So try not to go off bashing ZDNet and screaming "FUD!"
"Your heart is free. Have the courage to follow 'er."
I don't see the logic behind his claims. "Linux" is the kernel, the core OS. I don't forsee any money-slingers talking Linus (or any other core kernel developers) into putting crappy code into the kernel. I get the feeling this guy is only thinking in terms of applications that run on Linux. And no matter how much people want to spend or charge for some bloated pile of crap application, there will always be an alternativec Open Source(TM) project to turn to. Linux is just now building up steam, and there are many promising projects underway, but they take time. I'm willing to wait, and I'll do everything I can to keep from using M$ Office. A revolution is coming--he just can't see it yet.
"Your heart is free. Have the courage to follow 'er."
crap like that probably wouldn't make it to my browser because of the rating system you guys have in place. most of the bs is filtered out, and i'd be willing to bet that most/. users filter the comments about like i do. if anonymous cowards don't have something really good to say, then i never see their posts. so kudos to barrel of/. monkeys that helps make our lives easier. and hey rob...how about posting some stats on the percentage of users that have certain filters in place. if 90% of/.ers filter out have their filtering set to 2 (what i have), then only 10% see all the crap...and those 10% are probably all trolls to begin with. hmm...you really ought to let all the AC trolls know how many people don't give a crap what they say unless it's something good. just a thought...
"Your heart is free. Have the courage to follow 'er."
Slashdot Mirror
We'd be winning if Earth would quit sending in the second string players (ie. Russia). ;-)
Gzipped Postscript file
The war has not left the Iraqi internet infrastructure in shambles. It was in shambles before we got there.
I've had a remotely similar incident with Dell. For some dumb reason, they send marketing spam to MAILER-DAEMON@myisp.com where I am a postmaster (where 'myisp.com' would be the actual name of my ISP). The spam had instructions for removing your address via a website -- I tried it...didn't work. Then replied to the sender address asking that I be removed...didn't work. Then sent a message to abuse@dell.com and postmaster@dell.com asking to be removed...didn't work. Added the spamming class-C network to the deny file for my entire ISP -- no more spam. ;-)
I must be asleep today, but what is so difficult about defining Public Domain? It has to be the simplest form of copy(right|left|middle) there is. The article seemed to bounce all over the place trying to make the issue confusing, but I'm confused about the confusion. ???
The only way I know to do this is to have the application prompt for the passphrase at startup. This stores the passphrase in memory and not on your harddrive. You could even encrypt the in-memory passphrase in case some uber geek cares to hack your memory.
Your question basically boils down to crisis management. Does Dell think it can manage this problem quietly without having to recall the product (or the part)?
I'm in a similar situation with my wife's `97 Dodge Neon. It started leaking oil a few days ago, so I took it to a mechanic. He told me the Neons have a terrible reputation for head gasket failure (ahh! $500 to fix that!). So, what do I do? Turn to google, of course, and found my way to neons.org. There I learned that the head gasket design is faulty and that Chrysler has even issued a new part to fix it. But did they recall it?? Nope. I learned from the neons.org site that they have a "good-will" extended warranty and will pay for most of the repairs (charge $100 deductable). You have no way of knowing this though unless you learn it from a third party.
So, I'm in the same situation here. Do I demand they pay for all of the repairs? Should they recall the part for the millions of Neons (and other models with similar problems) around the nation? I don't know. It's embarrasing to recall a part, but it's more embarrasing when everyone eventually finds you that you should have. It's up to the customers to have sites like neons.org to keep these companies honest.
Yeah, say that to the people who died while smart bombs rained on the bunkers they were taking shelter in.
...Look at Cuba, Iraq, Afghanistan, Pakistan.
Feel free to provide evidence of your claim. I'm unaware of the US taking out bunkers occupied by innocent civilians.
You just named 4 countries that prove my point. These dictators don't care one bit about the people they rule over. I'm baffled that their people continue to follow them after their dictators turn their backs on them.
Guess what, the Afghanistan defense, including Bin-Laden's involvement, was US funded and CIA trained. Your entire argument works against itself. Everyone looks at the dictator-support we provided during the cold war with disgust. We ruined far more countries than the Soviet Union.
So...we should have let the Soviets overtake Afghanistan? You're entitled to your opinion, but I don't believe we could have envisioned the Afghan's turning against us like they have.
Hiroshima, Nagasaki, Dresden, the entirety of Vietnam.
I firmly believe that the nuclear attacks on Hiroshima and Nagasaki *saved* more lives than it costed. We can't take it back even though we wish we could. Historians have argued that the attacks probably saved millions of lives. The Japanese mainland was heavily fortified and the Japanese people would have fiercely defended it. I think the death toll would have been much higher had we tried to take the mainland by conventional means.
I'm not very familiar with the Dresden incident. What I do know lends me to believe they were unwarranted and unnecessary. We've learned our lesson.
As for the Vietnam war, the civilians (like the Japanese would have been) were often the weapon-carrying enemy. I was not there, and I seriously doubt you were. That was a difficult war under difficult circumstances. It's unfortunate the number of people who died, some of which were murdered. I believe we have learned from that war and have faith we won't make the same mistakes.
There are very, very valid reasons for hatred of America...
There are also very valid reasons for loving America. I think too many people try to isolate the bad from the good surrounding it. Our intentions are almost always good, though many fail to give acknowledgement to that fact.
Mistakes have been made. Lessons have been learned the hard way. That doesn't excuse mass murder like we saw Tuesday.
We've made some mistakes, but you're viewing all of these acts with more knowledge than we had when we made them. Hindsight is 20/20.
It's funny how you make several claims without backing any of them up. The only instance I'm aware of where we (alledgedly) killed innocent civilians is when we lobbed a missile into a pharmacuetical plant in the Sudan. That was a mistake and was obviously a breakdown in our intelligence gathering. We did not massacre civilians in Desert Storm. We can't guarantee the safety of civilians in a *WAR*, but we do everything we can to avoid civilian causualties. I'm ALSO unaware of us killing innocent civilians in Afghan. What the hell are you talking about??
We impose sanctions (occasionaly blockades) in order to break a country. That's the whole point. If millions of civilians are starving, why the fsck doesn't the leader make concessions with us?? Their leaders are the ones allowing them to starve, not us. Get your head out of your fairly-tale ass.
As for supporting corrupt governments, you have to look at them in context. We had the choice of supporting these smaller dictatorships or letting the Soviet Union run them over. Our goal in the Cold War was to bring the communist Soviet Union to it's knees. To do so, we had to keep it from gaining more territory.
And finally, we do not support terrorism. You are out of your fscking mind if you believe that, Mr. Coward. We do not massacre innocent civilians nor support such acts. Period.
Hmm...I've never thought of it like this before. Micros~2's relationship with many governments is a lot like OPEC is to the US. The US is heavily dependant on OPEC for petrolium, and OPEC could wreak havoc on our economy and our ability to defend ourselves. Micros~3 could essentially do the same things to a foreign power, and it would take weeks for a nation to recover if Micros~4 decided to cancel services to a nation. The upcoming technologies Micros~5 wants to deploy would make this even easier. Think about it...
Well, contrary to what I've seen most people saying, I don't think it's Micros~1's fault. It's the adminintrator's responsibility to stay current. Laying this episode solely at the feet of Micros~2 is unfair. Yes, it's one of many exploits found in IIS, but NT admins, just like *nix and *BSD admins, have to be on their toes. IMNSHO, the Code Red episodes only show that thousands of NT admins are lazy morons.
I've been doing an experiment with myself: don't watch any trailers and see if makes the movie better.
So far, I've seen about 5 movies without seeing any trailers, and the movies are much better! The damn trailers give away too much and by the time I get to the theater, I already know how the movie progresses and ends!
So anyway, I hope some of you will try this. The movies tend to be much better when you don't see any trailers ahead of time. Cheers!
Well, let me try to draw a parallel to normal criminal law. Burglary is forceful entry with the *intent* to commit a crime. Larson is taking something that isn't yours without the owner's permission.
I would make the argument that using a MSSQL client to connect to the server is considered "forceful entry" just like opening an unlocked door would be. If your *intent*, upon connecting to the server, is to try and "steal" db records (for nothing more than to prove it can be done), then this is effectively burglary since you *intend* to commit larson (taking someone else's, otherwise private, information), unless of course you can the owner's permission to do so.
Look at it like someone leaving their front door unlocked. You walk in and see their tax returns on a desk next to a photocopier. You make a copy of their tax returns and leave. I guarantee you that you would be convicted of larson and burglary, and what you've described is no different.
I understand that most people on Slashdot aren't likely to put their vote in the (R) column on November 7th, ...
<column type="R">my vote</column>
I had a couple minutes and wanted to see what I could find out about James Rosini, the man who signed the LegalLetter. The only notable thing I found was that he represented AT&T when AOL tried to sue over their supposed trademark of "You've Got Mail." Here's a link: http://techlawjournal.com/cour ts/aolvatt/Default.htm
If there is one thing I learned from my economics classes, it's that the U.S. has forever been built on a FREE and OPEN market.
For all of you snotty-nosed trolls, this means that there is open competition to help thwart these kinds of problems. Ultimately, you get what you pay for. If you buy a computer with a one year warranty (or no warranty at all), that's exactly what you get, damnit. If you want a two year warranty, buy from someone who offers such.
I will be very disappointed if this becomes a law. It effectively creates a government mandated warranty of two years. So, if you want to sell products in PA, you had better be ready to provide a two year warranty. God forbid we actually look at the real world, but there is actually a market for cheap computers that come with no warranty. Whatever mom and pop stores there are in PA, will be forced to provide a two year warranty whether they want to or not. So, this is actually a boost for big corps like Dell and Gateway. They can easy afford a two year warranty, while some smaller shops cannot.
So in the end, the government is forcing businesses to provide services they may not wish to provide, and the business has every right to not provide these services if they so choose. If this bill passes, the government will have chipped off a piece of the free enterprise system that has made America great.
I'm no fan of false advertising, and Microsoft(tm) consumers would be a lot better off if Microsoft(tm) would be straight with them. Here are some suggestions on what Microsoft(tm) should change the name of Outlook(R) to:
;-)
- Outbreak
- Lookout
- Petrydish
My personal fav is Outbreak.
For the most part, I agree with restricting anonymity online. There are some situations (for example AC's on Slashdot) that warrant anonymity to protect the identity of the user (this is even questionable in my mind however), but Napster is definately not one of them. Anonymity is a shield for cowards to commit acts that they don't have to be accountable for--that's fundamentaly screwed up. If you can't be held accountable for your actions, you shouldn't be doing what you're doing. In RL you are almost never anonymous in what you do, and you shouldn't be able to run around on the internet like a cloaked bandit.
Is it just me or does all this sound just a little too familiar? Reminds me of Halloween
;-)
...
De-commoditize protocols & applications
OSS projects have been able to gain a foothold in many server applications because of the wide utility of highly commoditized, simple protocols. By extending these protocols and developing new protocols, we can deny OSS projects entry into the market.
...
Fold extended functionality into commodity protocols / services and create new protocols
Linux's homebase is currently commodity network and server infrastructure. By folding extended functionality (e.g. Storage+ in file systems, DAV/POD for networking) into today's commodity services, we raise the bar & change the rules of the game.
Hmm...I wonder if Microsoft employees are required to put a EULA and a huge copyright notice at the top of all of their emails to prevent future leaks from being posted on Slashdot. I guess then they would try to throw the DMCA at us for telling people to just use `tail` to view the email contents.
--
I don't see anything wrong with the info that gets sent back. It's an easy way for id to get a snapshot of their userbase. i'll personally be glad to send them packets stamped with "Linux."
"Your heart is free. Have the courage to follow 'er."
If you read the article (unlike almost every single person that posted a 'talkback' on zdnet), you will see that the author isn't bashing Linus for this. He's just stating the fact that Linus has a media buffer now. So try not to go off bashing ZDNet and screaming "FUD!"
"Your heart is free. Have the courage to follow 'er."
I don't see the logic behind his claims. "Linux" is the kernel, the core OS. I don't forsee any money-slingers talking Linus (or any other core kernel developers) into putting crappy code into the kernel. I get the feeling this guy is only thinking in terms of applications that run on Linux. And no matter how much people want to spend or charge for some bloated pile of crap application, there will always be an alternativec Open Source(TM) project to turn to. Linux is just now building up steam, and there are many promising projects underway, but they take time. I'm willing to wait, and I'll do everything I can to keep from using M$ Office. A revolution is coming--he just can't see it yet.
"Your heart is free. Have the courage to follow 'er."
crap like that probably wouldn't make it to my browser because of the rating system you guys have in place. most of the bs is filtered out, and i'd be willing to bet that most /. users filter the comments about like i do. if anonymous cowards don't have something really good to say, then i never see their posts. so kudos to barrel of /. monkeys that helps make our lives easier. and hey rob...how about posting some stats on the percentage of users that have certain filters in place. if 90% of /.ers filter out have their filtering set to 2 (what i have), then only 10% see all the crap...and those 10% are probably all trolls to begin with. hmm...you really ought to let all the AC trolls know how many people don't give a crap what they say unless it's something good. just a thought...
"Your heart is free. Have the courage to follow 'er."
tom_spring@pcworld.com
"Your heart is free. Have the courage to follow 'er."