> You mean that it's Joe user's fault that his DSL > connected PC got infected?
Yes. Just like it's my fault when I never put my car through the yearly inspection and let its brakes rot, I can (and probably will) be made at least partially responsible for the next accident I'm involved - even if some drunken asshole crashes into my car though I have right of way.
If you don't know how to fix it, pay someone who knows. I have no problem admitting that I cannot fix my own car (I can drive it, and look-up what the various warning-lights mean, mostly resulting in calls to "tech-support") and that I have to pay someone to do that. Nobody has problems with that in any other area of modern life ! Only with PCs and Windoze, the most fucking fragile, error-prone, bug-ridden technical achievement since the invention of the light-bulb people think it's different.
Now, if people would realize how often their Windows-PC really needs a "service-man" compared to their cars, they'd think twice about buying a computer again - even more so for ones equiped with a Windows-OS.
I've read somewhere that there are some "implicit" rules in the Firewall 1 default configuration that let DNS through anyway. Is that true ? I have the eval CD here, but haven't had the time and the resources to test it.
When will people understand that ? Just because you can buy 4*250 GB IDE disk and a 3ware 8500-4 doesn't mean it's a "storage solution". That's ridicolous. That's the same as calling a 20m^2 flat "real estate" or so.
As did medieval Europe, the Romans and 'insert your favourite 20th Century genocidal regime here'.
I'd like to add that esp. in the 1930s to 1945, Germany had one of the most advanced science-communities in the world.
At the end of WW2, German scientists had a created a fully developed space-program, would probably have been able to build a "nuclear device" and had designed and successfully built a wing-only stealth fighter.
But that doesn't mean it was a very nice society to live in, even omitting the fact that most of the above achievements were built (sometimes literally) on the blood and bones of an army of concentration-camp-inmates.
This article (unfortunately in German) explains the details behind a strange and secret business North-Korea has been running for some time:
It's producing animated cartoons of more or less famous characters. The work has been outsourced from Western companies, because NorthKoreans work cheaper than anybody else on this planet and produce good quality (which you probably can't always say for Chinese correction-facility-inmates, which are reportedly even cheaper).
Next time you watch some Sunday-morning-cartoon, think a moment of those poor people in NK.
It's the same in Germany (with OTP, not all banks have Secure-ID-like devices, yet). Everybody, every bank uses it. Since the late 80's. Back-then over dial-in lines and the so called "BTX". And it never occured to me that it's overkill, in fact I always thought that it's the only way-to-go.
For the bank, it has the added convenience of more-or-less 100% non-repudiatability, while the customer (that includes me) can be sure that no transaction goes through with a TAN (TransAction Number) and when I don't store these numbers on the PC itself, there's hardly a reason to worry.
Yes, it's more inconvenient than just having a username+password - but has it occured to you that there might be a reason why phishers and password-grabbers are targeting mostly US-banks and US-customers with their scams ?
Yes, you're right. But I could still download the video by clicking on the link of the slashdot-frontpage...
Rainer
Uh-Oh. The bandwidth bill will kill him
on
Build Your Own KiteCam
·
· Score: 3, Interesting
According to Netcraft, the site is hosted by NotNet Ltd. http://www.notnet.co.uk. They have several hosting-schemes: 1, 2, 4, 8 and 20 GB transfer per month, with additional bandwidth for 5 GB-pounds per month per GB or 20 GBP for 5 GB... The domain itself responds with a errorcode 500 now... But at least, the hosting-provider is up-front about not offering any kind of "unlimited" hosting-schemes...
I can't believe how many people fall for this "onBoard-RAID"-crap.
In most, if not all, cases, the RAID is really a software-RAID, that the hardware-driver implements.
Only 3Ware seems to offer real RAID-in-hardware these days (and some high-end Adaptec-cards).
What does that have to do with having to destroy customer data ? If I may ask ?
And yes, queues are "fixed" you can't backup them, you can't move them.
Also, qmail without patches is pretty useless other than a single mailhost.
I think that postfix is very nice - but when it comes to virtual hosting, there are just not so many ready-to-go tools for user-management etc. out there. It's all for qmail (+patches, admittedly). But as with most other open source products, there are people dealing with this specific problem.
If you need to run a mail server from home, I think you should have to pay for a business account. It's $129.99 vs $29.99.
Colo can be had for much less.
The OP is right, though: if you RBL all dynamic IPs, you've eliminated 20% of the SPAM. At least:
ROOT@bsd# egrep Dynamic @4000000040* current |wc -l 2213 ROOT@bsd# wc -l @4000000040* current 5 @40000000407daf1a37fa6be4.s 744 @4000000040812e2b26ee58c4.s 775 @4000000040859c6e21b7e3ac.s 709 @400000004088d0463b885564.s 703 @40000000408a9068023d055c.s 785 @40000000408ca8fe128c8edc.s 766 @400000004091d41734a7fcf4.s 6919 current 11406 total
It would have cost them all their cash, but they'd have bought a company that works very much against all the way different than MSFT:
Linux is a Tier 1 platform for SAP
as someone else pointed out, they have a large installed base on non-Win32 platforms that are just going to stay that way as long as the hardware works
As I understand it, security-fixes are backported to releases ("stable") only. And releases take a lot of time from release to release.
Reading http://www.debian.org/releases/index.en.html confirms this: there is no support for the testing-branch and no official security-fixes will come through.
Additional problems arise, when one needs features/packages that aren't even available in "testing" but only in "sid", as it happens with some open-source projects with lot's of dependencies. Then you'll end-up running a mixture of both which will pretty much hose the system sooner or later.
I wouldn't say Debian is a bad system, it just happens to have some features that may make it simply inconvenient or impossible for some use(r)s.
Now, granted, there are advantages in this methodology - the system behaves (in theory) exactly the same before and after the update, very desireable in certain environments - but on the other hand, it's a real pain to get other Open-Source software to work together with this system because most other projects assume that you are running the latest and the greatest and _they_ don't backport.
With FreeBSD, I get a 90-95% chance that a program in the ports-tree actually works first try and due to the fact that all the 11000+ ports are in most cases only some minor-versions behind their upstream parent (if at all), I stand a pretty good chance that even projects with lot's of dependencies compile and work pretty much out of the box.
The reason why we push Redhat/Fedora and not some other distro is because we don't want to have to install packages by hand or compile stuff from source all the time. Hand installs and compiles are great when you've got one system to support, but that just doesn't work when you're trying to support several hundred systems.
Well, this argumentation is the reason I'd choose FreeBSD.
Now that there are binary-updates, it would be even easier to maintain.
All the software (KDE, GNOME etc.) only needs to be installed on one server and you just NFS-export/usr/local and/usr/X11R6.
Worked fine for two 25-PC labs back with FreeBSD 3.x, one of it wasn't even switched...
I'd say that no other "distro" has as many stable and current packages as FreeBSD.
Debian is either old or insecure, Fedora, if I understand that correctly, currently is only a developer-release that may or may not work.
Reminds me of a fellow student (in 1995) who had a subdirectory on his homepage filled with the "best" hardcore porn he (and we) could find back then.
One day, he decided to link it from his homepage via a small . (dot) as HREF.
That was funny - until the search-engines picked it up and made the site No2 for "hot and ugly".
The following weekend, I couldn't login to my account anymore (took 2 or 3 minutes to get a prompt - back then, there was only a dial-in server where you connected with a real terminal-program and used zmodem to transfer files...) and on monday morning, nobody else could either.
On tuesday, they finally found-out that the hits on the files dragged down the whole network (the joys of NFS) and the file-server - as well as the internet-line (measily 2 MBit's back then, IIRC).
Back then, there was no AUP that disallowed this, strictly speaking, and he got away with a wrist-slap (1 week no account).
Sadly, that's not the bottom 5% of the userbase. In the last three months, I've had to fix six home user computers
Me too. I only tried to clean one PC (XP Pro, with enough spyware to make the KGB look like little orphan-boys).
I think the next time I've got to do that for free, i'll refuse and just offer to install SuSE or FreeBSD.
In the end, that's a lot less effort.
IANAL, but arbitrary connections are probably not covered by mail privacy.
Yeah, but what else is a connection from a dynamic IP-address with no MX-record and no reverse-DNS entry?
I guess that pretty much fits the "arbitrary" description, don't you think ?
Slashdot Mirror
> You mean that it's Joe user's fault that his DSL
> connected PC got infected?
Yes.
Just like it's my fault when I never put my car through the yearly inspection and let its brakes rot, I can (and probably will) be made at least partially responsible for the next accident I'm involved - even if some drunken asshole crashes into my car though I have right of way.
If you don't know how to fix it, pay someone who knows. I have no problem admitting that I cannot fix my own car (I can drive it, and look-up what the various warning-lights mean, mostly resulting in calls to "tech-support") and that I have to pay someone to do that.
Nobody has problems with that in any other area of modern life !
Only with PCs and Windoze, the most fucking fragile, error-prone, bug-ridden technical achievement since the invention of the light-bulb people think it's different.
Now, if people would realize how often their Windows-PC really needs a "service-man" compared to their cars, they'd think twice about buying a computer again - even more so for ones equiped with a Windows-OS.
Rainer
Hi,
I've read somewhere that there are some "implicit" rules in the Firewall 1 default configuration that let DNS through anyway.
Is that true ? I have the eval CD here, but haven't had the time and the resources to test it.
cheers,
Rainer
When will people understand that ?
Just because you can buy 4*250 GB IDE disk and a 3ware 8500-4 doesn't mean it's a "storage solution".
That's ridicolous.
That's the same as calling a 20m^2 flat "real estate" or so.
cheers,
Rainer
See here
Every public performance of music has to be paid. And there are special "GEMA-taxes" on blank tapes etc.
Rainer
I thought the Windows Trademark (or better: its continued existance) was worth far more than a measily 2E7 USD.
|_lindows could have easily gambled much longer and higher.
Rainer
I'd like to add that esp. in the 1930s to 1945, Germany had one of the most advanced science-communities in the world.
At the end of WW2, German scientists had a created a fully developed space-program, would probably have been able to build a "nuclear device" and had designed and successfully built a wing-only stealth fighter.
But that doesn't mean it was a very nice society to live in, even omitting the fact that most of the above achievements were built (sometimes literally) on the blood and bones of an army of concentration-camp-inmates.
Rainer
It's producing animated cartoons of more or less famous characters. The work has been outsourced from Western companies, because NorthKoreans work cheaper than anybody else on this planet and produce good quality (which you probably can't always say for Chinese correction-facility-inmates, which are reportedly even cheaper).
Next time you watch some Sunday-morning-cartoon, think a moment of those poor people in NK.
Rainer
...everybody can fuck around with her, while paying.
It's the same in Germany (with OTP, not all banks have Secure-ID-like devices, yet). Everybody, every bank uses it. Since the late 80's. Back-then over dial-in lines and the so called "BTX". And it never occured to me that it's overkill, in fact I always thought that it's the only way-to-go.
For the bank, it has the added convenience of more-or-less 100% non-repudiatability, while the customer (that includes me) can be sure that no transaction goes through with a TAN (TransAction Number) and when I don't store these numbers on the PC itself, there's hardly a reason to worry.
Yes, it's more inconvenient than just having a username+password - but has it occured to you that there might be a reason why phishers and password-grabbers are targeting mostly US-banks and US-customers with their scams ?
Yes, you're right.
But I could still download the video by clicking on the link of the slashdot-frontpage...
Rainer
According to Netcraft, the site is hosted by NotNet Ltd.
http://www.notnet.co.uk.
They have several hosting-schemes: 1, 2, 4, 8 and 20 GB transfer per month, with additional bandwidth for 5 GB-pounds per month per GB or 20 GBP for 5 GB...
The domain itself responds with a errorcode 500 now...
But at least, the hosting-provider is up-front about not offering any kind of "unlimited" hosting-schemes...
Hey - Google lists Slashdot as a "news-source". ;-)
I guess we're legit since then
In most, if not all, cases, the RAID is really a software-RAID, that the hardware-driver implements.
Only 3Ware seems to offer real RAID-in-hardware these days (and some high-end Adaptec-cards).
Rainer
It's as simple as that.
What does that have to do with having to destroy customer data ? If I may ask ?
And yes, queues are "fixed" you can't backup them, you can't move them.
Also, qmail without patches is pretty useless other than a single mailhost.
I think that postfix is very nice - but when it comes to virtual hosting, there are just not so many ready-to-go tools for user-management etc. out there. It's all for qmail (+patches, admittedly). But as with most other open source products, there are people dealing with this specific problem.
Rainer
The OP is right, though: if you RBL all dynamic IPs, you've eliminated 20% of the SPAM. At least:
http://finance.yahoo.com/q?s=SAP:
Market Cap: 51.18B
It would have cost them all their cash, but they'd have bought a company that works very much against all the way different than MSFT:
As I understand it, security-fixes are backported to releases ("stable") only. And releases take a lot of time from release to release.
Reading http://www.debian.org/releases/index.en.html confirms this: there is no support for the testing-branch and no official security-fixes will come through.
Additional problems arise, when one needs features/packages that aren't even available in "testing" but only in "sid", as it happens with some open-source projects with lot's of dependencies. Then you'll end-up running a mixture of both which will pretty much hose the system sooner or later.
I wouldn't say Debian is a bad system, it just happens to have some features that may make it simply inconvenient or impossible for some use(r)s.
Now, granted, there are advantages in this methodology - the system behaves (in theory) exactly the same before and after the update, very desireable in certain environments - but on the other hand, it's a real pain to get other Open-Source software to work together with this system because most other projects assume that you are running the latest and the greatest and _they_ don't backport.
With FreeBSD, I get a 90-95% chance that a program in the ports-tree actually works first try and due to the fact that all the 11000+ ports are in most cases only some minor-versions behind their upstream parent (if at all), I stand a pretty good chance that even projects with lot's of dependencies compile and work pretty much out of the box.
Rainer
Well, this argumentation is the reason I'd choose FreeBSD. /usr/local and /usr/X11R6.
Now that there are binary-updates, it would be even easier to maintain.
All the software (KDE, GNOME etc.) only needs to be installed on one server and you just NFS-export
Worked fine for two 25-PC labs back with FreeBSD 3.x, one of it wasn't even switched...
I'd say that no other "distro" has as many stable and current packages as FreeBSD.
Debian is either old or insecure, Fedora, if I understand that correctly, currently is only a developer-release that may or may not work.
Rainer
And now slashdot goes and makes it a frontpage-article....
Reminds me of a fellow student (in 1995) who had a subdirectory on his homepage filled with the "best" hardcore porn he (and we) could find back then.
One day, he decided to link it from his homepage via a small . (dot) as HREF.
That was funny - until the search-engines picked it up and made the site No2 for "hot and ugly".
The following weekend, I couldn't login to my account anymore (took 2 or 3 minutes to get a prompt - back then, there was only a dial-in server where you connected with a real terminal-program and used zmodem to transfer files...) and on monday morning, nobody else could either.
On tuesday, they finally found-out that the hits on the files dragged down the whole network (the joys of NFS) and the file-server - as well as the internet-line (measily 2 MBit's back then, IIRC).
Back then, there was no AUP that disallowed this, strictly speaking, and he got away with a wrist-slap (1 week no account).
Ah, those were the times....
Me too. I only tried to clean one PC (XP Pro, with enough spyware to make the KGB look like little orphan-boys).
I think the next time I've got to do that for free, i'll refuse and just offer to install SuSE or FreeBSD.
In the end, that's a lot less effort.
Rainer
can you elaborate ?
this is really crazy.
Rainer
Yeah, but what else is a connection from a dynamic IP-address with no MX-record and no reverse-DNS entry?
I guess that pretty much fits the "arbitrary" description, don't you think ?
Rainer