What is says - nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.
How it's applied - nor shall any state deprive any person of life, liberty, or property, without due process of law; or enough of us get together and feel that an economic development zone for our friends outweighs your right to your property; nor deny to any person within it's jurisdiction the equal protect of the laws, except of course if you are a member of the wrong group, whereby you qualify for extra justice. If such a case arises, the white straight fellow will by statute be eligible to receive a longer sentence if, perhaps, we think he may have thought the wrong thing while committing this crime. No protected group shall be eligible for this extra justice and even suggesting such a thing is considered a hate crime.
Use ipcop as your home router (http://www.ipcop.org). Transparently proxy all website, block content (be sure to install advanced proxy). You can install it on a headless machine with no CDROM or other externally accessable boot devices. Superglue can keep most things closed, and going to a friends will be MUCH easier than breaking into a case that you've given some thought to.
Full proof- no such thing, doesn't exit. Some thought and careful application of the firewall rules and transparent proxying will put a big enough stone in the path to at least let teenage son or daughter know that your serious. For this Mom? Probably not, but for 98.7366345% of the slashdot readers it's a find if they didn't know about the project already.
cluge
Peer review, or clique acceptance?
on
YouTube for Science?
·
· Score: 2, Insightful
I think the idea is interesting, and a good way for people publishing papers to help a peer review group understand what they are looking at, but at the same time the quote The formulaic, technical style of scientific writing, the heavy jargonization and the need for careful elaboration often renders reading papers a laborious effort. struck me. Scientific method has always been the fundamental difference between science, fact, and belief. What I've found over the years is that there is more bad science in peer reviewed papers now than there was. In this day of the word processor and CYA get funded politics, there is a lot more to read, but less meat on the bone (so to speak). That being said there is still a LOT of good science going on, and I wouldn't step back to the days of carbon paper and typewriters for a second.
For example - When I taught physics, drawing a conclusion from a graph or statistical results, but failing to provide an equation or the work or all of the data that one used to come up to such a conclusion resulted in a failing grade. Period. Yet peer reviewed articles by Mann, or the recent GISS fiasco point to a failure of peer review. These articles should have never made it to print.
Video and Audio presentations should go with each paper to a reviewing publication if it helps reviewers and laymen. More importantly the reviewers need to be able to remember their primary motivation. To be skeptical in the name of science.
This story has had zero play in the US media; it's been being carried on the BBC.
The BBC hasn't been known as of late for being....uhm....reliable, or even remotely handed. This story strains credibility. The entire scenario is more than a little far fetched, unless you're automatically predisposed to hate Karl Rove. I'll wait for a better, more credible source.
I would ask that those of you that have your logic gene shut off when discussing politics (on the right and left), please post long and mindless rants on the evil of (insert favorite political bogey man here) for my amusement.
I believe the original RFC for radius only looked at the first 8 characters. It would not surprise me if AOL was using a tried and proven radius solution, and never bothered to update. I'd be interested to know the results if one was to choose a long password and then
1. Log into AOL and only use the first 8 characters 2. Log into the AOL webmail and only use the first 8 characters.
This may indicate if the limitation is the sign in solution, or the entire userdb backend.
I may not agree with what you say, but to your death I will defend your right to say it
- Voltaire
A quaint idea in todays world.
In the US if you were thinking the wrong thing at the time you commit a crime, your guilty of a hate crime. In France you can be charged with a crime for selling, and or distributing NAZI items. This UK example isn't unique to that isle. The ideal of free speech is being eroded, and nothing shows that more than the self censorship and reaction to the Mohammad cartoons.
It causes myself to ask questions like -
If we do not shun, or speak out against vile (but currently legal) speech, do we eventually loose the right to hear such speech because the state steps in?
Why are we (as a society) so afraid of words and their potential impact? Are we so imature, violent and framented that speech alone will destroy the cohesion of our societey?
While there are aspects of this case that seem to cry out for some attention, on the face of it, this guy committed a thought crime and is being sent to jail for it.
I've used asterisk quite a bit and it works quite well. Also Sipx PBX is another good performer, although slightly harder to set up, easeier to configure. Sipx PBX is another open source solution that can be found over at the Sip Foundry. They have some good testing code that comes in handy when troubleshooting sip to sip issues.
cluge
One of the actions of the US that is declared "anti-science" is the refusal to ratify Kyoto. I find that very strange since one of the lead scientists doesn't agree with kyoto. Lindzen's senate testimony is an extremely disturbing look into how politics shape science. Couple that with the bad data found in the Mann report and it's enough to make anyone doubt good science is being done.
At the end of the day, the US isn't anti-science it's a system that has been built around science in much of the developed world that doesn't promote enough skeptisism or honesty. Peer review in some circles just means you belong to the right clique, with the right point of view. Put that together with funding that often comes from political circles filled with "true believers" and you have a recipie for disaster.
Lindzen's quote "There is a certain charm when politicians are so certain of the science when the scientists are not" seems rather apt.
Lets see, if one looks at almost ANY software license what does one see? "This may not be suitable for blah blah blah blah we disclaimed any liability for damages.". Ever since http://www.constructionweblinks.com/Resources/Indu stry_Reports__Newsletters/Sept_18_2000/defective_s oftware.htm"> M.A. Mortenson Co., Inc. v. Timberline Software Corp. the courts have held that if you accept the license, it's not their fault. Even if they knowingly produce a faulty product.
Is it dirty pool - sure is. Is it illegal? That remains to be seen. AMD most certainly has a firm ground to stand on when it comes to antitrust and Intel.
In the "bad old days" one had a terminal, and the main frame did the work. It had inherent advantages (centralization, easy enforcment of security in one place, etc) and disadvantages (When it went down, we all fell down). Then came the PC, and we all got a PC on our desk. It was nirvana the pundits said. Then we needed to communicate with on another. So we started building bridges between the islands of PCs, and then we started adding servers and then came the internet and the web browser and the always on 24/7 never stop (take a breath here) INTERNET economy. WHEW. Now look at the mess we're in.
Solution: Pick the best application for the job at hand.
1. Thin clients and web based apps for a majority of users. Don't install whats not needed.
2. No machine to machine sharing, you need something get it from the web portal.
3. Mix machines/OS/Installs based on the workers needs and requirements. Free ipod is not a business requirement.
Where does all this lead?
If you don't design your network, and train your employees, you OS choice doesn't matter. Windows has many inherent problems, but Mac can inherent some of those problems simply by becoming popular. Until we move away from the PC that "does it all" for the business user, and start looking at smart ways to LIMIT what a PC can and should do - the OS choice is a mute point, albeit it's a step in the right direction by selecting something that is more secure out of the box and works. It's also certainly valid to point out that it's easier to strip down a mac/linux/bsd install to bare minimums. Windows lite is still windows with holes big enough to "drive my hummer through" (as arnold said)
In the end take the best of the bad old mainframe days, and the good things about the PC ideal and put them together. Mac OSX is way more amendable to that concept by it's very nature.
Stats for May 15-May16 for inbound mail attempts to one small domain - somewhere on the Internet
Mail rejected because account didn't exist (BRT) server1: 1,411,109 (May15 16:24 - May 16 18:05) server2: 1,423,574 (May15 20:32 - May16 18:09) server3: 1,309,968 (May15 10:14 - May16 18:13
Mail rejected by RBL server1: 235,397 (May15 16:24 - May 16 18:05) server2: 287,573(May15 20:32 - May16 18:09) server3: 279,709(May15 10:14 - May16 18:13)
Mail actually delivered to mail spool (i.e. before spam assassin checking): server1: 112,634 (May15 00:06 - May16 17:58) server2: 146,300 (May15 08:47 - May16 18:08) server3: 57,055 (May15 11:31 - May16 18:13)
Totals and percentage of total mail processed over ~24 hours: Mail Delivered: 315,989 6% Mail Rejected RBL: 802,679 15% Mail Rejected BRT: 4,144,651 79%
Judging by my own e-mail, and the amount of spam that gets through for spamscope to dispatch less than 6% of all e-mail being sent is legitimate.
We will have to wait to see if this security flaw affects the linux kernel. BSD and BSD related kernels are affected for sure. See below taken from the link.
FreeBSD: This issue affects FreeBSD/i386 and FreeBSD/amd64, and is addressed in advisory FreeBSD-SA-05:09.htt.
NetBSD: The NetBSD Security-Officer Team believes that workarounds will be suitable for the majority of our users. Since this issue is a complex one, the 'right' solution will require a larger discussion which is only possible once this issue is public. This issue will be addressed in advisory NetBSD-SA2005-001, which will provide a list of workarounds for use until the 'final' conclusion is reached.
OpenBSD: OpenBSD does not directly support hyperthreading at this time, therefore no patch is available. Affected users may disable hyperthreading in their system BIOS. We will revisit this issue when hyperthreading support is improved.
SCO: This affects OpenServer 5.0.7 if an update pack is applied and SMP is installed; it also affects UnixWare 7.1.4 and 7.1.3 with hyperthreading enabled, but hyperthreading is disabled in UnixWare by default. This is covered by advisory SCOSA-2005.24.
The current linux kernel is pretty amazing if you think about it. It's running on everything from OS 390's right down to cell phones with features for everything inbetween. This flexability generally means that the kernel has a lot of untested combinations. Thats a potential problem.
The kernel needs a team of people that specifically tries to break the kernel. Right now kernel testing is haphazard at best. By devoting a team of people (just like the developers) whose sole purpose in life is to break the kernel we (the community) will improve the security, and quality of future linux kernels. It will also improve the quality of code going into the kernel.
The new code sounds very good - but the linux development community needs some hackers to break stuff.
Subscribe to the list and find out. It's being written - based on feedback.
as your article presents a rather fundamental lack of knowlege of DNS.
Looky here - a troll, or just an ignoramus.
What was the TTL before you changed it to 24 hours?
7 days. Testing wasn't carried out until a MONTH after I changed the TTL to be sure it had propagated correctly.
Second: did you query specific DNS servers before and after the change, and measure the TTL they returned each time?
Since most providers don't allow queries outside of their network, I relied on friends. I had these people (most of whom have little computer knowledge) and mostly windows systems performing a ping, and report what IP they got from their provider. I had them reboot before each "test" so that I was sure that they're own machine wasn't caching the DNS and creating the issue. While there are other methods, this is by far the simplest for the non technical. All that can be determine from this is if the DNS IP changed. Thus the post.
In california the clean air resource board talks about sticking it to GM. Comments about such as 'Gm could have made it work but sided with big oil' - blah - blah - blah. The poor EV-1 is forever overlooked and maligned. That is really too bad.
GM is the ONLY large manufacturer to produce and lease electric vehicles for road use to the general public. It did so at a tremendous loss and a LOT of RD went into the vehicles. I wish GM got more credit for what it tried to do. In retrospect - it is truly amazing that they even took the chance - considering fuel prices (Close to an all time low) and the performance of batteries at the time.
Sadly they couldn't see the cars because of the lawyers. I often wonder if the "rule of law" will remove all our innovation and ingenuity.
1. Please post a link to your companies website. I'm sure the entire slashdot community would like to read your companies web site. Perhaps 50-100 times
2. Write down the people's full names that gave you a verbal agreement and provide the slashdot community with their e-mail addresses, name and title.
3. Hire a good lawyer
The question may arise - Why? The answer is simple. Much like open source code a bunch of people going over a companies web site may be able to spot things that can help your lawyer. Like a code of ethics and other blather that companies put up. Those of us in a posistion to hire someone also want to be able to avoid liars.
Take your pick, for something simple like a website that is hosted on compromised machines, simply loop the address through wget, use the output of ps -aux | grep wget | wc -l to keep the system load down to something reasonable - like 50.
Another fun game is when the spammer/phisher wants some personal information. Use LWP to walk through the order stages or web pages. Then give them the information that they asked for.
Name - Don't you know Address - don't you wish you knew City - not yet State - that one zip - 12345-678
Special order instructions:
Don't ever e-mail me again, ever, please. I'm begging you. In fact I'll be nice, i'll only send this very same message once for each attempted spam delivery. So far the machine that delivered this message has also made 150,000 connections, to try and deliver messages to users that don't exist.
Add random garbage to through off simply filters. Rinse and repeat until messages stop coming to you
Using the host command, with the name servers that show up in the whois. Walk the dns. It's trivial to repeat until server stops responding. Especially if the server is another zombie.
Tactics usually prove good at stopping sites hosted on compromised broadband connections. These machines generally have upload limits that run out quick. Sites hosted in China or Russia seem to have more bandwidth and can take more of a load. I only know this because I read around. I would never, ever advocate such a thing as returning the spam I receive to the spammer via his web sites order page. Doing what is suggested would probably get you in trouble.
My solution? Baseball bats, but my lawyer has told me that they may be illegal as well.
The price is too high, that is why some of us have been using White Box Linux for some time. It's 100% binarily compatible with RH, and it works.
From the above linked website "This product is derived from the Free/Open Source Software made available by Red Hat, Inc but IS NOT produced, maintained or supported by Red Hat. Specifically, this product is forked from the source code for Red Hat's _Red Hat Enterprise Linux 3_ product under the terms and conditions of it's EULA."
So far - and 10's of servers later - no complaints, works like a charm. Since it works so well. Why pay? For their support? Lets be honest, we generally find the bugs before RH does, and our staff can handle anything - including figuring out the undocumented changes that RH makes to their own products (example: static routes anyone?).
As long as the monopoly is allowed to crush it's competitors through regulation, the consumer looses. As long as the monopoly can crush it's competition through regulation, the competitor and the inovator loose. As long as the monopoly crushes it's competition through regulation, the monopoly, and the government (which requires a stable tax revene to survive) wins.
One idea is to cut out the PSTN all together. There are large chunks of frequency space that is unregulated. Private lines/Cable lines are also the private property of the entities that put them in. With enough penetration the PSTN becomes almost irrelevant. VoIP providers had better start building their network to the customer now, be it wireless, fiber, cable, or 2 cans and a string, if they don't get market penetration quickly the government and the monopoly will simply regulate their business away.
What is sad is that most people don't realize the true price of things. If it wasn't for the monopoly and the government taxes, you phone bill would probably be 10-15 dollars/month with all the local/LD you could eat. If more people realized that point, the political will may exist to force the RBOC and the ILEC to compete. Currently they don't compete, and they don't innovate. They watch other innovate, figure out what they can do, copy it, resell it, all while regulating the competition out of bussiness.
Peat Bogs outburn Western Europe New Scientist 18 Oct 1997
PEAT bogs in Indonesia that have been set alight by the country's raging forest fires could release more carbon dioxide into the atmosphere over the next six months than all the power stations and car engines of Western Europe emit in a year. The finding backs up claims that the fires could have a significant impact on global warming.
Sometimes there is very little that we can do to stop the production of CO2 into our atmosphere. Natural causes, like breathing put tonnes of CO2 into the air. Why haven't we begun a program using iron oxide spread on the ocean to trap and remove CO2? It's viability was proved years ago?. Why are environmentalist opposed to a scientific solution?
In this time just before a national election, expect the worst from everyone. Be it Dan Rather, or Slashdot - PULEEEZEEE the NYT?
On matters of the body politic in the US, the NYT has to be one of the leading non objective papers running. Period. When they aren't making up the news - they are slanting it, but I digress.
Even after reading the 15 pages, I still come away with the following.
1. The intelligence community latched onto an idea and passed it on up. 2. The executive branch wanted very much to believe this evidence. 3. Neither the intelligence community, nor the executive did a lot of vetting.
Lets be honest here people. You've been systematically lied to for more than a decade. For some reason a country starts ordering a bunch of tubes and claims a legitimate use for them. Considering past behaviour you go looking for non legitimate uses - and you find one. After a decade of deciet - which concept for the tube's use do YOU latch on to?
Lets not forget, that for some reason we can't find WMD, but we can find pesticides. Lots of them, all stored in **tada** ammunition bunkers. Now either the Iraqi army was extremly fastidious, and had really bad crabs, or something else was going on there. Another honesty check folks. The difference between weapons of mass destruction and pesticides is the intended target.
It's sad, but it seems that taking sometimes the most primitive steps to help secure one's mail server is over the heads of mail administrators. Even worse, the amount of resistance to having an MTA have proper reverse is incredible.
A short time ago the company I worked for started refusing inbound connections from MTA's that didn't have proper reverse DNS. By proper reverse dns I mean as per RFC 1912 section 2.1 . While the word must isn't used in the RFC, the word should is used, and the RFC even states "For every IP address, there should be a matching PTR record in the in-addr.arpa domain........Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all."
Imagine when I had to explain what proper reverse DNS was to an MCI "internet engineer" (That was the title in his e-mail). Imagine my suprise at the number of complaints generated - and even greater suprise that people simply REFUSED to fix their problem. Instead, bowing to our own customer pressure, we stopped enforcing the checks. We again became part of the problem, instead of part of the solution.
We did this because we saw lots of spam that came from MTA's with no reverse. Even more telling we found lots of spam that used "spoofed" reverse dns. I.E. the reverse had a pointer to some host like mx4.hotmail.com, when no forward with that IP existed. This is most common from spammers coming out of eastern Europe, and some out of china. By refusing to accept mail from these we lowered the amount of delivered SPAM.
Supposedly, AOL, Road Runner, and AT&T require reverse dns. In actuality they don't. If the community is truly serious about fighting spam then they would follow their own policies, and they would help. If AOL and hotmail alone required valid everse DNS the rest of the world would follow suit in short order. By not enforceing their own published rules, very large providers are part of the problem, and their laziness continues to perpetuate the problem.
Considering their inability to enforce something as simple and as easy as rdns (RFC 1912 published 1996) I see no hope for caller ID, or SPF records. They all sound like great standards - but we can't even enforce the standards we have had for almost 10 years.
Debian is correct to reject the "caller-id" feature. Not for any copyright reason, but because it won't work in the current environment with so many lazy administrators, and the only adoption being the spammers themselves.
It appears that the folks building MySQL are even MORE pro GPL than a rabid/.er! I know it's hard to believe, but unlike the very bad description of the artcle given above (the sky is falling, the sky is falling) the actual text of the article shows that the company is pro GPL. It isn't backing away from the liscence, but tryng to be sure that users of GPL software uphold that very lisence.
Whats interesting is that this affects open source, but not necessarily GPL projects. Asterisk which use a different lisence have removed MySQL libraries because of this conflict. From their documentation: "We were recently contacted by MySQL and informed that the MySQL client libraries are now under GPL license and not LGPL license as before.
Since Asterisk does allow exceptions to GPL, we are removing MySQL support from standard Asterisk. We will, where appropriate, make it available via a separate package which will only be usable when Asterisk is used completely within GPL (i.e. not in conjunction with G.729, OpenH.323, etc). We apologize for the confusion.
Slashdot Mirror
What is says - nor shall any state deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction the equal protection of the laws.
How it's applied - nor shall any state deprive any person of life, liberty, or property, without due process of law; or enough of us get together and feel that an economic development zone for our friends outweighs your right to your property; nor deny to any person within it's jurisdiction the equal protect of the laws, except of course if you are a member of the wrong group, whereby you qualify for extra justice. If such a case arises, the white straight fellow will by statute be eligible to receive a longer sentence if, perhaps, we think he may have thought the wrong thing while committing this crime. No protected group shall be eligible for this extra justice and even suggesting such a thing is considered a hate crime.
I refer the dear reader to the famous south park episode that dealt with the flag of south park called Chef Goes Nanners
Use ipcop as your home router (http://www.ipcop.org). Transparently proxy all website, block content (be sure to install advanced proxy). You can install it on a headless machine with no CDROM or other externally accessable boot devices. Superglue can keep most things closed, and going to a friends will be MUCH easier than breaking into a case that you've given some thought to.
Full proof- no such thing, doesn't exit. Some thought and careful application of the firewall rules and transparent proxying will put a big enough stone in the path to at least let teenage son or daughter know that your serious. For this Mom? Probably not, but for 98.7366345% of the slashdot readers it's a find if they didn't know about the project already.
cluge
Video and Audio presentations should go with each paper to a reviewing publication if it helps reviewers and laymen. More importantly the reviewers need to be able to remember their primary motivation. To be skeptical in the name of science.
cluge
This story has had zero play in the US media; it's been being carried on the BBC.
The BBC hasn't been known as of late for being....uhm....reliable, or even remotely handed. This story strains credibility. The entire scenario is more than a little far fetched, unless you're automatically predisposed to hate Karl Rove. I'll wait for a better, more credible source.
I would ask that those of you that have your logic gene shut off when discussing politics (on the right and left), please post long and mindless rants on the evil of (insert favorite political bogey man here) for my amusement.
Thank You,
cluge
I believe the original RFC for radius only looked at the first 8 characters. It would not surprise me if AOL was using a tried and proven radius solution, and never bothered to update. I'd be interested to know the results if one was to choose a long password and then
1. Log into AOL and only use the first 8 characters
2. Log into the AOL webmail and only use the first 8 characters.
This may indicate if the limitation is the sign in solution, or the entire userdb backend.
cluge
I may not agree with what you say, but to your death I will defend your right to say it
- Voltaire
A quaint idea in todays world.
In the US if you were thinking the wrong thing at the time you commit a crime, your guilty of a hate crime. In France you can be charged with a crime for selling, and or distributing NAZI items. This UK example isn't unique to that isle. The ideal of free speech is being eroded, and nothing shows that more than the self censorship and reaction to the Mohammad cartoons.
It causes myself to ask questions like -
If we do not shun, or speak out against vile (but currently legal) speech, do we eventually loose the right to hear such speech because the state steps in?
Why are we (as a society) so afraid of words and their potential impact? Are we so imature, violent and framented that speech alone will destroy the cohesion of our societey?
While there are aspects of this case that seem to cry out for some attention, on the face of it, this guy committed a thought crime and is being sent to jail for it.
cluge
I've used asterisk quite a bit and it works quite well. Also Sipx PBX is another good performer, although slightly harder to set up, easeier to configure. Sipx PBX is another open source solution that can be found over at the Sip Foundry. They have some good testing code that comes in handy when troubleshooting sip to sip issues. cluge
One of the actions of the US that is declared "anti-science" is the refusal to ratify Kyoto. I find that very strange since one of the lead scientists doesn't agree with kyoto. Lindzen's senate testimony is an extremely disturbing look into how politics shape science. Couple that with the bad data found in the Mann report and it's enough to make anyone doubt good science is being done.
At the end of the day, the US isn't anti-science it's a system that has been built around science in much of the developed world that doesn't promote enough skeptisism or honesty. Peer review in some circles just means you belong to the right clique, with the right point of view. Put that together with funding that often comes from political circles filled with "true believers" and you have a recipie for disaster.
Lindzen's quote "There is a certain charm when politicians are so certain of the science when the scientists are not" seems rather apt.
cluge
Lets see, if one looks at almost ANY software license what does one see? "This may not be suitable for blah blah blah blah we disclaimed any liability for damages.". Ever since http://www.constructionweblinks.com/Resources/Indu stry_Reports__Newsletters/Sept_18_2000/defective_s oftware.htm">
M.A. Mortenson Co., Inc. v. Timberline Software Corp. the courts have held that if you accept the license, it's not their fault. Even if they knowingly produce a faulty product.
Is it dirty pool - sure is. Is it illegal? That remains to be seen. AMD most certainly has a firm ground to stand on when it comes to antitrust and Intel.
This is a suprise to us how?
But I digress...
In the "bad old days" one had a terminal, and the main frame did the work. It had inherent advantages (centralization, easy enforcment of security in one place, etc) and disadvantages (When it went down, we all fell down). Then came the PC, and we all got a PC on our desk. It was nirvana the pundits said. Then we needed to communicate with on another. So we started building bridges between the islands of PCs, and then we started adding servers and then came the internet and the web browser and the always on 24/7 never stop (take a breath here) INTERNET economy. WHEW. Now look at the mess we're in.
Solution: Pick the best application for the job at hand.
1. Thin clients and web based apps for a majority of users. Don't install whats not needed.
2. No machine to machine sharing, you need something get it from the web portal.
3. Mix machines/OS/Installs based on the workers needs and requirements. Free ipod is not a business requirement.
Where does all this lead?
If you don't design your network, and train your employees, you OS choice doesn't matter. Windows has many inherent problems, but Mac can inherent some of those problems simply by becoming popular. Until we move away from the PC that "does it all" for the business user, and start looking at smart ways to LIMIT what a PC can and should do - the OS choice is a mute point, albeit it's a step in the right direction by selecting something that is more secure out of the box and works. It's also certainly valid to point out that it's easier to strip down a mac/linux/bsd install to bare minimums. Windows lite is still windows with holes big enough to "drive my hummer through" (as arnold said)
In the end take the best of the bad old mainframe days, and the good things about the PC ideal and put them together. Mac OSX is way more amendable to that concept by it's very nature.
cluge
Stats for May 15-May16 for inbound mail attempts to one small domain - somewhere on the Internet
Mail rejected because account didn't exist (BRT)
server1: 1,411,109 (May15 16:24 - May 16 18:05)
server2: 1,423,574 (May15 20:32 - May16 18:09)
server3: 1,309,968 (May15 10:14 - May16 18:13
Mail rejected by RBL
server1: 235,397 (May15 16:24 - May 16 18:05)
server2: 287,573(May15 20:32 - May16 18:09)
server3: 279,709(May15 10:14 - May16 18:13)
Mail actually delivered to mail spool
(i.e. before spam assassin checking):
server1: 112,634 (May15 00:06 - May16 17:58)
server2: 146,300 (May15 08:47 - May16 18:08)
server3: 57,055 (May15 11:31 - May16 18:13)
Totals and percentage of total mail processed over ~24 hours:
Mail Delivered: 315,989 6%
Mail Rejected RBL: 802,679 15%
Mail Rejected BRT: 4,144,651 79%
Judging by my own e-mail, and the amount of spam that gets through for spamscope to dispatch less than 6% of all e-mail being sent is legitimate.
We will have to wait to see if this security flaw affects the linux kernel. BSD and BSD related kernels are affected for sure. See below taken from the link.
FreeBSD: This issue affects FreeBSD/i386 and FreeBSD/amd64, and is addressed in advisory FreeBSD-SA-05:09.htt.
NetBSD: The NetBSD Security-Officer Team believes that workarounds will be suitable for the majority of our users. Since this issue is a complex one, the 'right' solution will require a larger discussion which is only possible once this issue is public. This issue will be addressed in advisory NetBSD-SA2005-001, which will provide a list of workarounds for use until the 'final' conclusion is reached.
OpenBSD: OpenBSD does not directly support hyperthreading at this time, therefore no patch is available. Affected users may disable hyperthreading in their system BIOS. We will revisit this issue when hyperthreading support is improved.
SCO: This affects OpenServer 5.0.7 if an update pack is applied and SMP is installed; it also affects UnixWare 7.1.4 and 7.1.3 with hyperthreading enabled, but hyperthreading is disabled in UnixWare by default. This is covered by advisory SCOSA-2005.24.
The current linux kernel is pretty amazing if you think about it. It's running on everything from OS 390's right down to cell phones with features for everything inbetween. This flexability generally means that the kernel has a lot of untested combinations. Thats a potential problem.
The kernel needs a team of people that specifically tries to break the kernel. Right now kernel testing is haphazard at best. By devoting a team of people (just like the developers) whose sole purpose in life is to break the kernel we (the community) will improve the security, and quality of future linux kernels. It will also improve the quality of code going into the kernel.
The new code sounds very good - but the linux development community needs some hackers to break stuff.
Cluge
I'd like to know your methodology,
Subscribe to the list and find out. It's being written - based on feedback.
as your article presents a rather fundamental lack of knowlege of DNS.
Looky here - a troll, or just an ignoramus.
What was the TTL before you changed it to 24 hours?
7 days. Testing wasn't carried out until a MONTH after I changed the TTL to be sure it had propagated correctly.
Second: did you query specific DNS servers before and after the change, and measure the TTL they returned each time?
Since most providers don't allow queries outside of their network, I relied on friends. I had these people (most of whom have little computer knowledge) and mostly windows systems performing a ping, and report what IP they got from their provider. I had them reboot before each "test" so that I was sure that they're own machine wasn't caching the DNS and creating the issue. While there are other methods, this is by far the simplest for the non technical. All that can be determine from this is if the DNS IP changed. Thus the post.
Cluge
Send a plain text email to
dns-subscribe@angrypeoplerule.com
This is a moderated list, and is only for letting people who are interested know when the study will begin, how to participate and the final results.
In california the clean air resource board talks about sticking it to GM. Comments about such as 'Gm could have made it work but sided with big oil' - blah - blah - blah. The poor EV-1 is forever overlooked and maligned. That is really too bad.
GM is the ONLY large manufacturer to produce and lease electric vehicles for road use to the general public. It did so at a tremendous loss and a LOT of RD went into the vehicles. I wish GM got more credit for what it tried to do. In retrospect - it is truly amazing that they even took the chance - considering fuel prices (Close to an all time low) and the performance of batteries at the time.
Sadly they couldn't see the cars because of the lawyers. I often wonder if the "rule of law" will remove all our innovation and ingenuity.
cluge
1. Please post a link to your companies website. I'm sure the entire slashdot community would like to read your companies web site. Perhaps 50-100 times
2. Write down the people's full names that gave you a verbal agreement and provide the slashdot community with their e-mail addresses, name and title.
3. Hire a good lawyer
The question may arise - Why? The answer is simple. Much like open source code a bunch of people going over a companies web site may be able to spot things that can help your lawyer. Like a code of ethics and other blather that companies put up. Those of us in a posistion to hire someone also want to be able to avoid liars.
cluge
The "Phantom Game Console" is aptly named,
be your cup of tea irony, or soliloquy.
Or
LWP + PERL + SPAM = Fun
Take your pick, for something simple like a website that is hosted on compromised machines, simply loop the address through wget, use the output of ps -aux | grep wget | wc -l to keep the system load down to something reasonable - like 50.
Another fun game is when the spammer/phisher wants some personal information. Use LWP to walk through the order stages or web pages. Then give them the information that they asked for.
Name - Don't you know
Address - don't you wish you knew
City - not yet
State - that one
zip - 12345-678
Special order instructions:
Don't ever e-mail me again, ever, please. I'm begging you. In fact I'll be nice, i'll only send this very same message once for each attempted spam delivery. So far the machine that delivered this message has also made 150,000 connections, to try and deliver messages to users that don't exist.
Add random garbage to through off simply filters. Rinse and repeat until messages stop coming to you
Using the host command, with the name servers that show up in the whois. Walk the dns. It's trivial to repeat until server stops responding. Especially if the server is another zombie.
Tactics usually prove good at stopping sites hosted on compromised broadband connections. These machines generally have upload limits that run out quick. Sites hosted in China or Russia seem to have more bandwidth and can take more of a load. I only know this because I read around. I would never, ever advocate such a thing as returning the spam I receive to the spammer via his web sites order page. Doing what is suggested would probably get you in trouble.
My solution? Baseball bats, but my lawyer has told me that they may be illegal as well.
cluge
The price is too high, that is why some of us have been using White Box Linux for some time. It's 100% binarily compatible with RH, and it works.
From the above linked website "This product is derived from the Free/Open Source Software made available by Red Hat, Inc but IS NOT produced, maintained or supported by Red Hat. Specifically, this product is forked from the source code for Red Hat's _Red Hat Enterprise Linux 3_ product under the terms and conditions of it's EULA."
So far - and 10's of servers later - no complaints, works like a charm. Since it works so well. Why pay? For their support? Lets be honest, we generally find the bugs before RH does, and our staff can handle anything - including figuring out the undocumented changes that RH makes to their own products (example: static routes anyone?).
cluge
As long as the monopoly is allowed to crush it's competitors through regulation, the consumer looses. As long as the monopoly can crush it's competition through regulation, the competitor and the inovator loose. As long as the monopoly crushes it's competition through regulation, the monopoly, and the government (which requires a stable tax revene to survive) wins.
One idea is to cut out the PSTN all together. There are large chunks of frequency space that is unregulated. Private lines/Cable lines are also the private property of the entities that put them in. With enough penetration the PSTN becomes almost irrelevant. VoIP providers had better start building their network to the customer now, be it wireless, fiber, cable, or 2 cans and a string, if they don't get market penetration quickly the government and the monopoly will simply regulate their business away.
What is sad is that most people don't realize the true price of things. If it wasn't for the monopoly and the government taxes, you phone bill would probably be 10-15 dollars/month with all the local/LD you could eat. If more people realized that point, the political will may exist to force the RBOC and the ILEC to compete. Currently they don't compete, and they don't innovate. They watch other innovate, figure out what they can do, copy it, resell it, all while regulating the competition out of bussiness.
cluge
Peat Bogs outburn Western Europe New Scientist 18 Oct 1997
PEAT bogs in Indonesia that have been set alight by the country's raging forest fires could release more carbon dioxide into the atmosphere over the next six months than all the power stations and car engines of Western Europe emit in a year. The finding backs up claims that the fires could have a significant impact on global warming.
Sometimes there is very little that we can do to stop the production of CO2 into our atmosphere. Natural causes, like breathing put tonnes of CO2 into the air. Why haven't we begun a program using iron oxide spread on the ocean to trap and remove CO2? It's viability was proved years ago?. Why are environmentalist opposed to a scientific solution?
In this time just before a national election, expect the worst from everyone. Be it Dan Rather, or Slashdot - PULEEEZEEE the NYT?
On matters of the body politic in the US, the NYT has to be one of the leading non objective papers running. Period. When they aren't making up the news - they are slanting it, but I digress.
Even after reading the 15 pages, I still come away with the following.
1. The intelligence community latched onto an idea and passed it on up.
2. The executive branch wanted very much to believe this evidence.
3. Neither the intelligence community, nor the executive did a lot of vetting.
Lets be honest here people. You've been systematically lied to for more than a decade. For some reason a country starts ordering a bunch of tubes and claims a legitimate use for them. Considering past behaviour you go looking for non legitimate uses - and you find one. After a decade of deciet - which concept for the tube's use do YOU latch on to?
Lets not forget, that for some reason we can't find WMD, but we can find pesticides. Lots of them, all stored in **tada** ammunition bunkers. Now either the Iraqi army was extremly fastidious, and had really bad crabs, or something else was going on there. Another honesty check folks. The difference between weapons of mass destruction and pesticides is the intended target.
cluge
AngryPeopleRule
It's sad, but it seems that taking sometimes the most primitive steps to help secure one's mail server is over the heads of mail administrators. Even worse, the amount of resistance to having an MTA have proper reverse is incredible.
A short time ago the company I worked for started refusing inbound connections from MTA's that didn't have proper reverse DNS. By proper reverse dns I mean as per RFC 1912 section 2.1 . While the word must isn't used in the RFC, the word should is used, and the RFC even states "For every IP address, there should be a matching PTR record in the in-addr.arpa domain........Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all."
Imagine when I had to explain what proper reverse DNS was to an MCI "internet engineer" (That was the title in his e-mail). Imagine my suprise at the number of complaints generated - and even greater suprise that people simply REFUSED to fix their problem. Instead, bowing to our own customer pressure, we stopped enforcing the checks. We again became part of the problem, instead of part of the solution.
We did this because we saw lots of spam that came from MTA's with no reverse. Even more telling we found lots of spam that used "spoofed" reverse dns. I.E. the reverse had a pointer to some host like mx4.hotmail.com, when no forward with that IP existed. This is most common from spammers coming out of eastern Europe, and some out of china. By refusing to accept mail from these we lowered the amount of delivered SPAM.
Supposedly, AOL, Road Runner, and AT&T require reverse dns. In actuality they don't. If the community is truly serious about fighting spam then they would follow their own policies, and they would help. If AOL and hotmail alone required valid everse DNS the rest of the world would follow suit in short order. By not enforceing their own published rules, very large providers are part of the problem, and their laziness continues to perpetuate the problem.
Considering their inability to enforce something as simple and as easy as rdns (RFC 1912 published 1996) I see no hope for caller ID, or SPF records. They all sound like great standards - but we can't even enforce the standards we have had for almost 10 years.
Debian is correct to reject the "caller-id" feature. Not for any copyright reason, but because it won't work in the current environment with so many lazy administrators, and the only adoption being the spammers themselves.
cluge
It appears that the folks building MySQL are even MORE pro GPL than a rabid /.er! I know it's hard to believe, but unlike the very bad description of the artcle given above (the sky is falling, the sky is falling) the actual text of the article shows that the company is pro GPL. It isn't backing away from the liscence, but tryng to be sure that users of GPL software uphold that very lisence.
Whats interesting is that this affects open source, but not necessarily GPL projects. Asterisk which use a different lisence have removed MySQL libraries because of this conflict.
From their documentation:
"We were recently contacted by MySQL and informed that the MySQL client
libraries are now under GPL license and not LGPL license as before.
Since Asterisk does allow exceptions to GPL, we are removing MySQL support
from standard Asterisk. We will, where appropriate, make it available via
a separate package which will only be usable when Asterisk is used completely
within GPL (i.e. not in conjunction with G.729, OpenH.323, etc). We
apologize for the confusion.
Is this a case of the GPL being a bad thing?
cluge