Sorry, but 4 years to get every internet connected system running IPv6?! Sure it sounds great, but for a lot of folks this is going to require entirely new hardware as well as software. The budget will keep getting cut until the last minute and then they'll try to cut it all over at once. I hate to think of all the hardware that will get scrapped because the manufacturer doesn't support IPv6 without a hardware upgrade.
Then there are the folks that will find out a week before the cutover date for some reason. And the folks that no one tells at all.
There is still an ungodly amount of custom software out there that won't support IPv6 at all. Business critical applications with little or no vendor support.
I don't think we're going to be able to do a clean cutover to IPv6 until most hardware/software vendors start shipping systems that require both IPv4 and IPv6 configuration to complete installation. I figure about 10 years if they start shipping today. And then we'll still have to deal with that 20 year old software that is required to provision telephone numbers but only runs on 486 hardware.
I wonder why a rider wasn't put into the DMCA forcing all content providers to provide free replacement copies upon request? Oh right... the content providers wrote the bill.
I wonder how they came to the conclusion that there is no demand? Was there a survey among potential new PC buyers? Or is this company another Microsoft buddy, I wonder.
I'd hazard a guess that their cost analysis folks decided the demand wasn't high enough to justify testing their hardware against another OS and supporting it long term. There is 'demand' and then there is 'demand that maintains the same or greater profit margins'.
How many people really want someone else's idea of a good Linux installation on their workstations? Most of the Linux evangelists aren't going to be happy unless they install it themselves anyway. And most corporations are still full of people that have never used any OS other than Win 95, 98 and XP.
Yup. I've never worked at a company that would blindly jump into a new OS at release or soon after. The only real exception to that are minor revisions and patch levels - and even those take time make it onto hardware that is already running the older OS unless there is a serious problem that the new version addresses.
Give it a year or two and Vista will either be rolling out in businesses or some new 'Vista for business' will be. Someone let me know when they get a job opening at that shop whose IT department rolls out FreeBSD on everyone's desktop and actually supports it.
I'm not sure I'd complain overly much if Google went back to being 'that obscure search engine that knows all about OSS'. I'm sure their stockholders would though.
Can I just filter the video to change the general shape and size of the content and scribble all over it until humans can't recognize it? Seems to work for websites that require a signup... I had one the other day that took 4 people and 5 attempts to actually sign up.
Between the DMCA, the BSA, the RIAA and the MPAA, we have legislation and watchdog groups to cover every imaginable form of piracy. The courts are already having to deal with lawsuits over pathetic amounts of money to make an example of people. Do we really need to have federal agencies doing the investigation as well and make room in the criminal judicial system as well?
After much bludgeoning of our accounting folks, we were finally able to get some ironport systems in house. I wouldn't say they have the magic bullet to spam filtering, but they do take a pretty unique approach.
It is based on a particular IP's previous mailing habits and it's current mailing habits, the number of complaints received etc. Also, you can choose to simply throttle suspected spammers rather than block them. After quite a bit more bludgeoning, we were able to get content based filtering added into the cluster.
At the end of the day, it cost quite a bit, but our false positives are pretty low and we only allow about 2% of all inbound connections to actually send mail. We run 4 inbound servers (of varying ages... 2 newer models would probably handle the load) and 2 outbound servers (pretty old hardware outbound). The outbound scanning has really kept us off a ton of DNSBL's and I don't think we've actually had a customer complaint that they were unable to send out their 'mailing list' yet.
We set things up so our tier 2 CSRs can manage the override lists via a DNS whitelist. Consequently, I have not taken a spam / blocking related call in over a year. Don't get me wrong, people will still call and bitch that they received spam or their inbound mail was blocked, but our complaints are in the single digit per week range these days.
Unrelated: There is nothing like having a 'dead' domain that receives several million spam messages per day when it comes time to evaluate commercial solutions!
I can only speak for myself, but I always get the feeling that I'm dealing with the lowest possible tier of CSR when I start getting emoticons or excessive punctuation in my communications.
Actually, using a blacklist that is purely dynamic IP's works quite well for zombies. I won't recommend one in particular, but there are several lists with just this purpose.
NEVER use a DNSBL as an absolute block...
on
Choosing a Good DNSBL
·
· Score: 2, Informative
...unless you have to.
There is a lot of truth to the OP's statements. However, unless you have the budget for a commercial spam filtering application, there are not a lot of good solutions.
Spamassassin is great for what it does, but in high volume environments, you will be throwing so much hardware, bandwidth and electricity at the problem that you'll either give up on filtering at all or break down and buy a commercial solution.
DNSBL's give you a bit of breathing room between the two extremes. Our environment has about a 98% spam catch rate currently with commercial solutions. We have about 150 connections per second AVERAGE.
Our infrastructure could just barely keep up with this load when we were using DNSBL's only. Had we tried to use a spamassassin style tool, we'd have needed quite a bit more infrastructure to handle all of the increased filtering. DNS lookups are pretty cheap compared to the amount of CPU required for context / content filtering.
DNSBL's definitely generate too many false positives, but when the alternative is buying 10x the hardware or having mail take 1-2 hours to be delivered during peak times, I'll take the false positives.
Choosing a good DNSBL (or three!) is definitely important, but IMHO, you should NEVER run DNSBL's without building a local override into the system. We run our own DNSWL (dns whitelist) which is consulted before hitting on BLs... if a customer has had problems with one of their contacts being blacklisted, we can selectively add their IP to the list.
Unrelated to the above, I would also recommend looking at ironport systems if this is a commercial project with a decent sized budget. (I am not affiliated, just a happy customer).
Its really simple. There are laws that you have to take into consideration before you enter another country. It is your job to know those laws or risk having your travel plans ruined. I don't carry handguns into Canada. I make sure to fill out the paperwork to carry a long gun to Canada. I get to enter Canada!
This guy just didn't know the rules and a customs agent enforced the laws. He is just doing his job. In my mind, the real news event here is that a Blackhat speaker is causing a big stink on the internet because he wasn't allowed to break the law.
If he was really wearing his 'black hat', a little social engineering would've got him into the country without a second thought.
The patent system is ridiculously abused. Patent a process, not an idea. And when we're done with patent reform, can we please stop extending copyrights indefinitely?
My teachers were just glad they didn't have to try and decipher what I call 'handwriting' and the rest of the world calls 'gibberish'. They didn't give a damn that it was written with wordstar on a 4" amber lcd. Oh, and daisy wheels were the bomb!
I'm going to have to disagree with that. Overall, yes, MS makes money from their products - that's what companies do.
They have pretty well set the desktop standard and pretty much anyone that uses a computer can sit down at most any workstation and accomplish a task. That is a hell of a benefit. Unfortunately, it comes with a monopoly that makes it harder for other OS vendors to enter the market.
Personally, I've been running linux and bsd machines for the past 10 years. Everybody is running their own desktop that a majority of people don't know how to use without a bit of fiddling. There's nothing wrong with that, but moving towards ubiquitous computing, we need a) better interfaces and b) standardized interfaces or we'll just get confused by the multitude of UI's out there.
Until everyone can carry around their own UI chip that interfaces with the surrounding hardware, MS's monopoly and their desktop standardization have at least one benefit that we can't currently get from OSS.
Additionally, lots of OSS copies from MS on interfaces, software and protocols. I'm not saying MS hasn't ripped off their fair share of ideas, but the street does go both ways.
This may be the least negative thing I've ever said about MS.
For many years I've run hard crypto on my workstations (CFS). Beyond that I keep various files individually encrypted and use encrypted email and even remailers on occasion.
Even if I were to hand the feds the keys to some of these systems, they'd be stuck wading through a system with several years of cryptic notes to self, experimental code, temporary data and encrypted files I've just plain forgotten to password for because they aren't important.
How do I know they won't grab some random fragment of a random file, take it completely out of context and present it as evidence that I was up to no good? Do you really want a prosecutor presenting fragments of your browser cache and forcing you to explain why you were investigating say... the chemical reaction involved in creating bio-diesel 5 years ago? And if he only presents a fragment of that, are you going to know it was bio-diesel or will the jury draw their own conclusions based on the 'meth' in methyl alcohol?
So go ahead and run hard crypto and refuse to give out the keys. If it's between the constitution and a prosecutor who is judged on his conviction rate, I'll stand on the 4th and 5th.
Until you completely shut down internet access, I think you will have a very hard time keeping people from accessing the information they want. There are just too many proxies, mirrors and tunnels that people can use to view 'censored' material.
As for shutting off net access... I guess you could try, but with packet radio, satellite internet and IP over carrier pigeon, you're going to have your work cut out for you.
For an example of just one of the available tools, take a look at freenet.
http://freenetproject.org/
There's nothing I like better than features built into software and hardware that prevent it from working in an unintended and perhaps more efficient way.
At least sell two different versions or let the buyer set this on or off before the first use. I'd hate to find out that product X will never work with my equipment because I don't have an apple approved piece of hardware or an apple approved driver etc.
Why not just use the ever-annoying hardware dongle to authenticate. Remember how much we loved those things?
Slashdot Mirror
Sorry, but 4 years to get every internet connected system running IPv6?! Sure it sounds great, but for a lot of folks this is going to require entirely new hardware as well as software. The budget will keep getting cut until the last minute and then they'll try to cut it all over at once. I hate to think of all the hardware that will get scrapped because the manufacturer doesn't support IPv6 without a hardware upgrade.
Then there are the folks that will find out a week before the cutover date for some reason. And the folks that no one tells at all.
There is still an ungodly amount of custom software out there that won't support IPv6 at all. Business critical applications with little or no vendor support.
I don't think we're going to be able to do a clean cutover to IPv6 until most hardware/software vendors start shipping systems that require both IPv4 and IPv6 configuration to complete installation. I figure about 10 years if they start shipping today. And then we'll still have to deal with that 20 year old software that is required to provision telephone numbers but only runs on 486 hardware.
I wonder why a rider wasn't put into the DMCA forcing all content providers to provide free replacement copies upon request? Oh right... the content providers wrote the bill.
I'd hazard a guess that their cost analysis folks decided the demand wasn't high enough to justify testing their hardware against another OS and supporting it long term. There is 'demand' and then there is 'demand that maintains the same or greater profit margins'.
How many people really want someone else's idea of a good Linux installation on their workstations? Most of the Linux evangelists aren't going to be happy unless they install it themselves anyway. And most corporations are still full of people that have never used any OS other than Win 95, 98 and XP.
Yup. I've never worked at a company that would blindly jump into a new OS at release or soon after. The only real exception to that are minor revisions and patch levels - and even those take time make it onto hardware that is already running the older OS unless there is a serious problem that the new version addresses.
Give it a year or two and Vista will either be rolling out in businesses or some new 'Vista for business' will be. Someone let me know when they get a job opening at that shop whose IT department rolls out FreeBSD on everyone's desktop and actually supports it.
I'm not sure I'd complain overly much if Google went back to being 'that obscure search engine that knows all about OSS'. I'm sure their stockholders would though.
Can I just filter the video to change the general shape and size of the content and scribble all over it until humans can't recognize it? Seems to work for websites that require a signup... I had one the other day that took 4 people and 5 attempts to actually sign up.
Err.. I have killed a tree or two printing out RFC's because it was just more comfortable to read them in a different position. Bad hacker! Bad!
If this plan gets adopted, it's going to negate the need for me to post scare stories on /. about toner.
Knock it off, you're ruining my income from ink jet refills!
Between the DMCA, the BSA, the RIAA and the MPAA, we have legislation and watchdog groups to cover every imaginable form of piracy. The courts are already having to deal with lawsuits over pathetic amounts of money to make an example of people. Do we really need to have federal agencies doing the investigation as well and make room in the criminal judicial system as well?
Wouldn't we get a lot more energy out of crowds if we made them walk on hamster wheels instead? Or does my employer have a patent on that already?
After much bludgeoning of our accounting folks, we were finally able to get some ironport systems in house. I wouldn't say they have the magic bullet to spam filtering, but they do take a pretty unique approach. It is based on a particular IP's previous mailing habits and it's current mailing habits, the number of complaints received etc. Also, you can choose to simply throttle suspected spammers rather than block them. After quite a bit more bludgeoning, we were able to get content based filtering added into the cluster. At the end of the day, it cost quite a bit, but our false positives are pretty low and we only allow about 2% of all inbound connections to actually send mail. We run 4 inbound servers (of varying ages... 2 newer models would probably handle the load) and 2 outbound servers (pretty old hardware outbound). The outbound scanning has really kept us off a ton of DNSBL's and I don't think we've actually had a customer complaint that they were unable to send out their 'mailing list' yet. We set things up so our tier 2 CSRs can manage the override lists via a DNS whitelist. Consequently, I have not taken a spam / blocking related call in over a year. Don't get me wrong, people will still call and bitch that they received spam or their inbound mail was blocked, but our complaints are in the single digit per week range these days. Unrelated: There is nothing like having a 'dead' domain that receives several million spam messages per day when it comes time to evaluate commercial solutions!
I can only speak for myself, but I always get the feeling that I'm dealing with the lowest possible tier of CSR when I start getting emoticons or excessive punctuation in my communications.
Actually, using a blacklist that is purely dynamic IP's works quite well for zombies. I won't recommend one in particular, but there are several lists with just this purpose.
...unless you have to.
There is a lot of truth to the OP's statements. However, unless you have the budget for a commercial spam filtering application, there are not a lot of good solutions.
Spamassassin is great for what it does, but in high volume environments, you will be throwing so much hardware, bandwidth and electricity at the problem that you'll either give up on filtering at all or break down and buy a commercial solution.
DNSBL's give you a bit of breathing room between the two extremes. Our environment has about a 98% spam catch rate currently with commercial solutions. We have about 150 connections per second AVERAGE.
Our infrastructure could just barely keep up with this load when we were using DNSBL's only. Had we tried to use a spamassassin style tool, we'd have needed quite a bit more infrastructure to handle all of the increased filtering. DNS lookups are pretty cheap compared to the amount of CPU required for context / content filtering.
DNSBL's definitely generate too many false positives, but when the alternative is buying 10x the hardware or having mail take 1-2 hours to be delivered during peak times, I'll take the false positives.
Choosing a good DNSBL (or three!) is definitely important, but IMHO, you should NEVER run DNSBL's without building a local override into the system. We run our own DNSWL (dns whitelist) which is consulted before hitting on BLs... if a customer has had problems with one of their contacts being blacklisted, we can selectively add their IP to the list.
Unrelated to the above, I would also recommend looking at ironport systems if this is a commercial project with a decent sized budget. (I am not affiliated, just a happy customer).
Go directly to jail. Do not pass Go. Do not collect $200.
Its really simple. There are laws that you have to take into consideration before you enter another country. It is your job to know those laws or risk having your travel plans ruined. I don't carry handguns into Canada. I make sure to fill out the paperwork to carry a long gun to Canada. I get to enter Canada!
This guy just didn't know the rules and a customs agent enforced the laws. He is just doing his job. In my mind, the real news event here is that a Blackhat speaker is causing a big stink on the internet because he wasn't allowed to break the law.
If he was really wearing his 'black hat', a little social engineering would've got him into the country without a second thought.
The patent system is ridiculously abused. Patent a process, not an idea. And when we're done with patent reform, can we please stop extending copyrights indefinitely?
My teachers were just glad they didn't have to try and decipher what I call 'handwriting' and the rest of the world calls 'gibberish'. They didn't give a damn that it was written with wordstar on a 4" amber lcd. Oh, and daisy wheels were the bomb!
I'm going to have to disagree with that. Overall, yes, MS makes money from their products - that's what companies do.
They have pretty well set the desktop standard and pretty much anyone that uses a computer can sit down at most any workstation and accomplish a task. That is a hell of a benefit. Unfortunately, it comes with a monopoly that makes it harder for other OS vendors to enter the market.
Personally, I've been running linux and bsd machines for the past 10 years. Everybody is running their own desktop that a majority of people don't know how to use without a bit of fiddling. There's nothing wrong with that, but moving towards ubiquitous computing, we need a) better interfaces and b) standardized interfaces or we'll just get confused by the multitude of UI's out there.
Until everyone can carry around their own UI chip that interfaces with the surrounding hardware, MS's monopoly and their desktop standardization have at least one benefit that we can't currently get from OSS.
Additionally, lots of OSS copies from MS on interfaces, software and protocols. I'm not saying MS hasn't ripped off their fair share of ideas, but the street does go both ways.
This may be the least negative thing I've ever said about MS.
For many years I've run hard crypto on my workstations (CFS). Beyond that I keep various files individually encrypted and use encrypted email and even remailers on occasion. Even if I were to hand the feds the keys to some of these systems, they'd be stuck wading through a system with several years of cryptic notes to self, experimental code, temporary data and encrypted files I've just plain forgotten to password for because they aren't important. How do I know they won't grab some random fragment of a random file, take it completely out of context and present it as evidence that I was up to no good? Do you really want a prosecutor presenting fragments of your browser cache and forcing you to explain why you were investigating say... the chemical reaction involved in creating bio-diesel 5 years ago? And if he only presents a fragment of that, are you going to know it was bio-diesel or will the jury draw their own conclusions based on the 'meth' in methyl alcohol? So go ahead and run hard crypto and refuse to give out the keys. If it's between the constitution and a prosecutor who is judged on his conviction rate, I'll stand on the 4th and 5th.
Until you completely shut down internet access, I think you will have a very hard time keeping people from accessing the information they want. There are just too many proxies, mirrors and tunnels that people can use to view 'censored' material. As for shutting off net access... I guess you could try, but with packet radio, satellite internet and IP over carrier pigeon, you're going to have your work cut out for you. For an example of just one of the available tools, take a look at freenet. http://freenetproject.org/
There's nothing I like better than features built into software and hardware that prevent it from working in an unintended and perhaps more efficient way. At least sell two different versions or let the buyer set this on or off before the first use. I'd hate to find out that product X will never work with my equipment because I don't have an apple approved piece of hardware or an apple approved driver etc. Why not just use the ever-annoying hardware dongle to authenticate. Remember how much we loved those things?
The internet treats censorship as damage and reroutes around it.