Maybe I'm just not finding it, but I can find no link to the official CERT advisory in the article just:
An alert issued Thursday by the U.S. Computer Emergency Readiness Team (US-CERT)
Searching both US-CERT and CERT I find two articles (one, two) but neither make any recommendation of "alternate browsers." So unless I'm missing something, the use of "alternative browsers" was added by the author of this article?
I was wondering why my pager went off at 5:30am today. Check it, it complained of DNS being down. Digging further it appeared that only the two sites I was checking were down: www.yahoo.com and www.google.com.
Everything else seemed to be working just fine so I let it be. Good to know I wasn't the only one having problems.
I'm assuming that when the complainant sends the request all that information is in place? We wouldn't take down a page because we got an email that said, "hey j00 I wrote that pizzage, you can't be postin' it foo."
We're going to use common sense that if an email appears to be from the appropriate person and has the appropriate legalese, then we would take action. Short of requiring every incoming request to come in writing and sealed with the stamp of approval of a notary I don't know what else we can do?
How should we even verify that the "research and fact finding" that's been submitted IS accurate? Other than common sense/judgement I don't think there is much that we can do.
I dunno about the big ISPs he tested this on, but the ISP I work at would probably have taken it down as well.
He posted content written by someone over 120 years ago, and then complained to the ISP that it violated copyright. The part that's not in the Slashdot story is that he complained as a member of the fictional "John Stuart Mill Heritage Foundation." If I saw content posted and then received a complaint from someone who claimed to own the content I would most likely take it down.
I would however keep a copy of the content AND contact the customer as to the alleged violation. It's not up to me to prove or disprove whether or not a customer has legitimate access to publish content, it's up to the customer. We don't have time to research every complaint that comes in.
If we have to take down content and the customer can prove they have legitimate rights to post that content I'd be happy to hear it, and ultimately I'd copy the files back personally. It shouldn't be the ISP's job to police their network dolling out justice as they see fit.
We are happy to work with any customer about an issue like this, but we don't have the resources to investigate each incident.
I work for an ISP and the zombie/spam problem became SUCH a problem that we were forced to implement a port 25 filter for all customer IP addresses (DSL/Dial). We were getting spamcop complaints on the magnitude of several a day, as well as complaints from our upstream provider that they were going to stop routing IPs to us if the SPAM persisted from out network.
Now customers are only allowed to send mail outbound on port 25 to our mail server, OR if they purchase a static IP address from us. And before you say it, NO it was not a ploy to get customers to purchase a static IPs, it was a way to protect our network.
I would love to offer 100% open and clear net access but the reality is that grandma smith at home doesn't know and doesn't care about Windows 2000.net Service Pack 72rc1. She looks at pictures and reads email and that's it. Those are the people that get spyware and zombies installed on their machines.
We took the only step we could think of and that was to block all outgoing port 25, because the administrative work to keep up with the complaints coming in from all over the net was just TOO much to handle.
My friend downloaded the "leaked torrent" and mentioned the he checked the MD5SUM before installing and it did NOT match the MD5s for the official release. I guess YMMV but that's what I'm hearing.
Is this guy high!?! He's claiming that the (MP|RI)AA will be against IPV6 because it allows more people to share their content via P2P just because people won't have to be NATd anymore?
HELLO! That's like blaming the car manufacture because some guy was talking on the phone and slammed into a bus load of 1st graders. The car had nothing to do with it, it was the jackass on his cell phone!
It's the same analogy that's been used with P2P now. Just because some people trade illegal content on Kazaa doesn't make Kazaa as a whole illegal. I think this guy needs to get his facts straight.
I work for an ISP and we had to change our "unlimited" dial-up option to "unmetered" to stop people from being online 24x7 all month.
We don't bandwidth limit our DSL customers, but with the cost of bandwidth being what it is it may be something we have to look at. Currently less than 1% of our customers use 75% of our bandwidth.
It's NOT in our best interest for "Mr. Bandwidth Hog" to pay the same amount as "Grandma Smith" who only checks her email once a day.
I had the exact same experience learning XHTML 1.0 strict. It's a lot more picky than the old HTML you used to be able to write. However it is MUCH easier to maintain and infinitely more flexible when you start to factor in the power of CSS.
I for one DID buy an NVidia card because they had linux support. I know a couple people bought cards for that reason. Now does that add up to "tens of thousands" I don't know.
I think we're all missing the point here however. Why in the hell does NVidia NOT release code or work with Kernel developers? What does NVidia have to lose by doing so? NOTHING! What do they have to gain, a lot of Linux user's respeck.
It's good PR to release the code! It's already written, they don't have to commit any more manpower to do it right (TM). Seems like a win/win.
NVidia is a hardware manufacturer, it's in their best interest to SELL MORE CARDS. I can't think of a better way to do that than to have "good" drivers. Good in the kernel/GPL sense, and good in the solid/supported sense.
I don't think this review is quite fair if he's reporting on the older version of SpamAssassin (2.44). Although the test could have been done 6 months ago and just published.
However I find SpamAssassin to be quite effective. I haven't crunched any hard numbers but I'm guessing my spamassassin filters 95% of my spam before it hits my inbox. That number has just gone up DRAMATICALLY now that Bayesian Filtering kicked in (it must learn a couple hundred messages before it becomes active). It does this by scoring any message that's more than double the default SPAM score as spam.
The default settings are 5.0 points, so any message scoring 10 or higher is "learned" as spam. The same is true for ham (non-spam) email, if it's below a certain threshold it flags it as a good email. Once the bayesian kicks in it's REALLY effective at catching spam. Because now you have all the regular filters contributing to the score as well as the Bayesian stuff.
Add on top of that the auto-whitelist feature and it really starts to take shape. If a user sends email to you, it gets logged: user abc@def.com sent an email of score 1.4. So the next time that user sends you an email it uses an average of the scores. This allows SA to learn who sends you valid email and adjusts scores accordingly.
It even works the other way. Spam Company X sends me three spams with scores: 16.3, 17.1, and 15.9. It logs that email address with those scores. Maybe that company gets smart and tries to get around the filters and sends a message with a score of only 2.1, the average is still well above the 5.0 threshold and the message is still flagged as spam. This often keeps out those spams that real borderline (4.5-5.5).
Overall I'm VERY happy with spam, it's VERY effective at what it does.
Don't forget the money they're undoubtedly losing on each X-Box sale also. I'm really hoping Sony will drop the price of the PS2 just to force M$ to drop theirs also. There is NO way M$ can manufacture the X-Box for less than $100. They'll be taking it in the shorts BIG TIME.
Well call me a monkey's uncle, since when can you use a non-IE browser to check OWA. I just tried it and sure enough it DOES work. I was blown away. Maybe Mozilla/Firebird just got better at rendering the Microsoft Craptacular (TM) HTML it spits out. I definitely remembering not being able to access OWA six months to a year ago.
If you have a T1 directly to his NOC and there is no contention on the line you should get approximately 180 - 190 kiloBYTES per second.
Have the guy on the other end setup an FTP server with a 50 meg file on it. And then just loop wget to download it over and over. You should get the exact same speed everytime no matter what time of day. Unless you're sharing it with someone else. Or unless he's overselling his pipe.
I'm sick of these little "script kiddies" getting all kinds of recognition for being hackers. Granted what they pulled off was quite impressive, is it really "hacking" in the true sense of the word? Or is that just the media's way of handing this information to the technologically ignorant public?
I think what he meant is that Quake 3 plays really well on his 28.8 compared to other games, and of course Ethernet beats that hands down. We can all admit that Quake 3 has good netcode, but even the best netcode will be helped by a lower ping. Muerte
Slashdot Mirror
AWESOME! Thanks!
Searching both US-CERT and CERT I find two articles (one, two) but neither make any recommendation of "alternate browsers." So unless I'm missing something, the use of "alternative browsers" was added by the author of this article?
L-A-M-E!
I was wondering why my pager went off at 5:30am today. Check it, it complained of DNS being down. Digging further it appeared that only the two sites I was checking were down: www.yahoo.com and www.google.com.
Everything else seemed to be working just fine so I let it be. Good to know I wasn't the only one having problems.
I'm assuming that when the complainant sends the request all that information is in place? We wouldn't take down a page because we got an email that said, "hey j00 I wrote that pizzage, you can't be postin' it foo."
We're going to use common sense that if an email appears to be from the appropriate person and has the appropriate legalese, then we would take action. Short of requiring every incoming request to come in writing and sealed with the stamp of approval of a notary I don't know what else we can do?
How should we even verify that the "research and fact finding" that's been submitted IS accurate? Other than common sense/judgement I don't think there is much that we can do.
I dunno about the big ISPs he tested this on, but the ISP I work at would probably have taken it down as well.
He posted content written by someone over 120 years ago, and then complained to the ISP that it violated copyright. The part that's not in the Slashdot story is that he complained as a member of the fictional "John Stuart Mill Heritage Foundation." If I saw content posted and then received a complaint from someone who claimed to own the content I would most likely take it down.
I would however keep a copy of the content AND contact the customer as to the alleged violation. It's not up to me to prove or disprove whether or not a customer has legitimate access to publish content, it's up to the customer. We don't have time to research every complaint that comes in.
If we have to take down content and the customer can prove they have legitimate rights to post that content I'd be happy to hear it, and ultimately I'd copy the files back personally. It shouldn't be the ISP's job to police their network dolling out justice as they see fit.
We are happy to work with any customer about an issue like this, but we don't have the resources to investigate each incident.
I work for an ISP and the zombie/spam problem became SUCH a problem that we were forced to implement a port 25 filter for all customer IP addresses (DSL/Dial). We were getting spamcop complaints on the magnitude of several a day, as well as complaints from our upstream provider that they were going to stop routing IPs to us if the SPAM persisted from out network.
Now customers are only allowed to send mail outbound on port 25 to our mail server, OR if they purchase a static IP address from us. And before you say it, NO it was not a ploy to get customers to purchase a static IPs, it was a way to protect our network.
I would love to offer 100% open and clear net access but the reality is that grandma smith at home doesn't know and doesn't care about Windows 2000.net Service Pack 72rc1. She looks at pictures and reads email and that's it. Those are the people that get spyware and zombies installed on their machines.
We took the only step we could think of and that was to block all outgoing port 25, because the administrative work to keep up with the complaints coming in from all over the net was just TOO much to handle.
I work for an ISP and we block all outgoing port 25 access from customer IP addresses (DSL/Dial) unless the customer purchases a static IP address.
My friend downloaded the "leaked torrent" and mentioned the he checked the MD5SUM before installing and it did NOT match the MD5s for the official release. I guess YMMV but that's what I'm hearing.
Is this guy high!?! He's claiming that the (MP|RI)AA will be against IPV6 because it allows more people to share their content via P2P just because people won't have to be NATd anymore?
HELLO! That's like blaming the car manufacture because some guy was talking on the phone and slammed into a bus load of 1st graders. The car had nothing to do with it, it was the jackass on his cell phone!
It's the same analogy that's been used with P2P now. Just because some people trade illegal content on Kazaa doesn't make Kazaa as a whole illegal. I think this guy needs to get his facts straight.
While I wholeheartedly agree that More is the best short I've ever seen, it's certainly been on DVD before now. I own it!
It's in a collection of other short films called short 7 - Utopia. I do highly recommend anyone that hasn't seen it to look into it.
I work for an ISP and we had to change our "unlimited" dial-up option to "unmetered" to stop people from being online 24x7 all month.
We don't bandwidth limit our DSL customers, but with the cost of bandwidth being what it is it may be something we have to look at. Currently less than 1% of our customers use 75% of our bandwidth.
It's NOT in our best interest for "Mr. Bandwidth Hog" to pay the same amount as "Grandma Smith" who only checks her email once a day.
I had the exact same experience learning XHTML 1.0 strict. It's a lot more picky than the old HTML you used to be able to write. However it is MUCH easier to maintain and infinitely more flexible when you start to factor in the power of CSS.
The W3C (X)HTML validation is an invaluable tool for web designers.
I for one DID buy an NVidia card because they had linux support. I know a couple people bought cards for that reason. Now does that add up to "tens of thousands" I don't know.
I think we're all missing the point here however. Why in the hell does NVidia NOT release code or work with Kernel developers? What does NVidia have to lose by doing so? NOTHING! What do they have to gain, a lot of Linux user's respeck.
It's good PR to release the code! It's already written, they don't have to commit any more manpower to do it right (TM). Seems like a win/win.
NVidia is a hardware manufacturer, it's in their best interest to SELL MORE CARDS. I can't think of a better way to do that than to have "good" drivers. Good in the kernel/GPL sense, and good in the solid/supported sense.
I don't think this review is quite fair if he's reporting on the older version of SpamAssassin (2.44). Although the test could have been done 6 months ago and just published.
However I find SpamAssassin to be quite effective. I haven't crunched any hard numbers but I'm guessing my spamassassin filters 95% of my spam before it hits my inbox. That number has just gone up DRAMATICALLY now that Bayesian Filtering kicked in (it must learn a couple hundred messages before it becomes active). It does this by scoring any message that's more than double the default SPAM score as spam.
The default settings are 5.0 points, so any message scoring 10 or higher is "learned" as spam. The same is true for ham (non-spam) email, if it's below a certain threshold it flags it as a good email. Once the bayesian kicks in it's REALLY effective at catching spam. Because now you have all the regular filters contributing to the score as well as the Bayesian stuff.
Add on top of that the auto-whitelist feature and it really starts to take shape. If a user sends email to you, it gets logged: user abc@def.com sent an email of score 1.4. So the next time that user sends you an email it uses an average of the scores. This allows SA to learn who sends you valid email and adjusts scores accordingly.
It even works the other way. Spam Company X sends me three spams with scores: 16.3, 17.1, and 15.9. It logs that email address with those scores. Maybe that company gets smart and tries to get around the filters and sends a message with a score of only 2.1, the average is still well above the 5.0 threshold and the message is still flagged as spam. This often keeps out those spams that real borderline (4.5-5.5).
Overall I'm VERY happy with spam, it's VERY effective at what it does.
Even with popup blocking on, my copy of Firebird still worked fine with OWA.
Don't forget the money they're undoubtedly losing on each X-Box sale also. I'm really hoping Sony will drop the price of the PS2 just to force M$ to drop theirs also. There is NO way M$ can manufacture the X-Box for less than $100. They'll be taking it in the shorts BIG TIME.
Well call me a monkey's uncle, since when can you use a non-IE browser to check OWA. I just tried it and sure enough it DOES work. I was blown away. Maybe Mozilla/Firebird just got better at rendering the Microsoft Craptacular (TM) HTML it spits out. I definitely remembering not being able to access OWA six months to a year ago.
I was thinking the exact same thing. Seems like a no-brainer at this point in the game.
Last time I checked Linus worked for OSDL
Geez, who's writing these replies?
If they couldn't get it right with a simple system before, who thinks they're going to get it right with a newer more complicated one!
If you have a T1 directly to his NOC and there is no contention on the line you should get approximately 180 - 190 kiloBYTES per second.
Have the guy on the other end setup an FTP server with a 50 meg file on it. And then just loop wget to download it over and over. You should get the exact same speed everytime no matter what time of day. Unless you're sharing it with someone else. Or unless he's overselling his pipe.
And definitely setup MRTG to monitor it.
You might wanna look at www.livejournal.com They use mysql and linux as a backend and support a massive amount of clients (200k+ I think).
Of course there is also, source forge, fresh meat, etc. Lots of places use linux as the backend.
My $.02
I think what he meant is that Quake 3 plays really well on his 28.8 compared to other games, and of course Ethernet beats that hands down. We can all admit that Quake 3 has good netcode, but even the best netcode will be helped by a lower ping. Muerte