Microsoft is working with others in the industry to identify and restrict mail that conceals its source. For example, we are working toward a system to verify sender addresses, much as recipients' addresses are verified today. [...] If domain administrators could also publish the addresses of their outgoing mail servers, then the receipt of a suspected forgery could trigger a relatively simple, automated verification process. Incoming servers would then be able to confirm whether senders are who they say they are.
From what I can tell, the work that ressemble what is described here has been done by Danisch ...and not once did I see any relation with work done at Microsoft.
If Microsoft were to disable/ block whoever is using a leaked key, then I would bet that we will see some viruses that will modify the actual genuine S/N into a pirated one.
I've just tried SpamAssassin this WE and it works great:
higly configurable Spam Scoring Filter according to predefined rules (each set of rules adds some pts as it matches, and it is "declared" spam when the result is highter than a specified value)
can rely on RBLs
is able to report spam to Vipul's Razor (distributed, collaborative, spam detection and filtering network)
personal black and white lists
can be tuned for particular filtering (changing scores etc.)
...the best thing is that you don't have to perpetually update black lists of well know spammers
it is just based on content detection of spams (subject in CAPITALS; lots of exclamation marks, sp sammer X-Mailer etc.)
...for the Alpha + i386 arch on NTFS (unistr.c) and pc_keyb.c respectively:
personal box (AMD Duron):
gcc -D__KERNEL__ -I/usr/src/linux-2.4.9/include -Wall -Wstrict-prototypes -Wno-t
rigraphs -O2 -fomit-frame-pointer -fno-strict-aliasing -fno-common -pipe -mprefe
rred-stack-boundary=2 -march=i686 -malign-functions=4 -DMODULE -DMODVERSIONS -i
nclude/usr/src/linux-2.4.9/include/linux/modversions.h -DNTFS_VERSION=\"1.1.16\
" -c -o unistr.o unistr.c
unistr.c: In function `ntfs_collate_names':
unistr.c:99: warning: implicit declaration of function `min'
unistr.c:99: parse error before `unsigned'
unistr.c:99: parse error before `)'
unistr.c:97: warning: `c1' might be used uninitialized in this function
unistr.c: At top level:
unistr.c:118: parse error before `if'
unistr.c:123: warning: type defaults to `int' in declaration of `c1'
unistr.c:123: `name1' undeclared here (not in a function)
unistr.c:123: warning: data definition has no type or storage class
unistr.c:124: parse error before `if'
make[3]: *** [unistr.o] Erreur 1
make[3]: Leaving directory `/usr/src/linux-2.4.9/fs/ntfs'
make[2]: *** [_modsubdir_ntfs] Erreur 2
make[2]: Leaving directory `/usr/src/linux-2.4.9/fs'
make[1]: *** [_mod_fs] Erreur 2
make[1]: Leaving directory `/usr/src/linux-2.4.9'
make: *** [stamp-build] Erreur 2
and on the Alpha Server 1000:
gcc -D__KERNEL__ -I/usr/src/kernel-source-2.4.9/include -Wall -Wstrict-prototype
s -Wno-trigraphs -O2 -fomit-frame-pointer -fno-strict-aliasing -fno-common -pipe
-mno-fp-regs -ffixed-8 -Wa,-mev6 -c -o pc_keyb.o pc_keyb.c
In file included from pc_keyb.c:36:/usr/src/kernel-source-2.4.9/include/asm/keyboard. h:25: warning: `struct kbd_repeat' declared inside parameter list/usr/src/kernel-source-2.4.9/include/asm/keyboard. h:25: warning: its scope is on
ly this definition or declaration, which is probably not what you want.
pc_keyb.c:545: variable `kbdrate' has initializer but incomplete type
pc_keyb.c:546: warning: excess elements in struct initializer
pc_keyb.c:546: warning: (near initialization for `kbdrate')
pc_keyb.c:548: warning: excess elements in struct initializer
pc_keyb.c:548: warning: (near initialization for `kbdrate')
pc_keyb.c: In function `parse_kbd_rate':
pc_keyb.c:574: dereferencing pointer to incomplete type
pc_keyb.c:575: dereferencing pointer to incomplete type
pc_keyb.c:575: invalid use of undefined type `struct kbd_repeat'
pc_keyb.c:576: dereferencing pointer to incomplete type
pc_keyb.c:577: dereferencing pointer to incomplete type
pc_keyb.c:577: invalid use of undefined type `struct kbd_repeat'
pc_keyb.c:579: dereferencing pointer to incomplete type
pc_keyb.c:585: dereferencing pointer to incomplete type
pc_keyb.c:590: dereferencing pointer to incomplete type
pc_keyb.c:591: dereferencing pointer to incomplete type
pc_keyb.c: At top level:
pc_keyb.c:606: conflicting types for `pckbd_rate'/usr/src/kernel-source-2.4.9/include/asm/keyboard. h:25: previous declaration of
`pckbd_rate'
pc_keyb.c: In function `pckbd_rate':
pc_keyb.c:611: storage size of `old_rep' isn't known
pc_keyb.c:612: sizeof applied to an incomplete type
pc_keyb.c:614: sizeof applied to an incomplete type
pc_keyb.c:615: sizeof applied to an incomplete type
pc_keyb.c:611: warning: unused variable `old_rep'
make[4]: *** [pc_keyb.o] Error 1
make[4]: Leaving directory `/usr/src/kernel-source-2.4.9/drivers/char'
make[3]: *** [first_rule] Error 2
make[3]: Leaving directory `/usr/src/kernel-source-2.4.9/drivers/char'
make[2]: *** [_subdir_char] Error 2
make[2]: Leaving directory `/usr/src/kernel-source-2.4.9/drivers'
make[1]: *** [_dir_drivers] Error 2
make[1]: Leaving directory `/usr/src/kernel-source-2.4.9'
make: *** [stamp-build] Error 2
damage only _medium_ to self !
on
Code Redux
·
· Score: 1
the problem is medium because for a user point of view, the damage is relatively low risk for the computer compare to reformating the hard drive or erasing the BIOS
who said Symantec cares for ISP and other system maniacs !!!
their only interest is to sell you the latest anti virus that can protect your Winblows <whatever> against naughty worms or viruses...
the first and preffered Cringely's solution for a so-called secure Internet is a dream for several reasons :
how in the world would such a solution be widely used and accepted when people are so deeply against id# (see Intel's backoff with their Pentium SN)
are we talking about a Windows only solution...
I mean, how such a technical solution will be develop in other OSes under any possible TCP stack and mail servers (to insert the ID),
...then how such a "theoretical" unique ID will be deliver (IANA, verisign ?) with still the possibility to forge/change/tamper the number with another unique random ID for every mail when sending spam for instance
talking about spam, there is already so many difficulties to have ISP or big companies to setup their configuration right (DNS + reverse...) that would greatly help blocking this crap that I doubt end-users will make such change when sysadmin don't bother to setup an even easier one
such an adoption will never catch up just because there will not be enough critical mass (because of the above arguments) and the early adopters will only find themselves with a useless tool and wouldn't want to let anything slip thus will never set it up (it's already so easy to set up Outlook in order not to launch any attachement automatically and still so many people don't bother doing it so...)
I just hope that people will realize that running IIS is just as unsecure as using Outlook for a mail reader
But worst of all, this month's Netcraft survey shows that IIS is gaining ground on Apache which just make this all mess even bigger
Maybe we will see the opposite trend next month when people are switching back to Apache...
Well, at least now even the press can understand that M$ product are plain insecure and the old argument saying that "it's just because no one is using the competition's product" doesn't stand anymore with the Apache vs IIS market share
see Jargon definition of suit ...Invariably worn with a `tie', a strangulation device that partially cuts off the blood supply to the brain. It is thought that this explains much about the behavior of suit-wearers.
;)
well, maybe it's not that bad after all ! (depending on the money you'll make because after all, this is the main reason why you're to accept the job aren't you)
While I basically agree to all of what has been said here (LDAP, IMAP, network data...) I'm still wondering about the "Coda" choice for networked FS
First, don't get me wrong, I'm not against the idea at all and I do think that Coda is really great (on paper). Second, I'm also surveying Coda's enhancements for more than 2 years now and I really think it's a great software with lots of people behind but my question really is : "can Coda achieve enough scalability and stability in order to be installed for 1000+ clients ?" (the FAQ and the latest changelog doesn't help me think it could handle 2500 clients without any problem at all...)
Because frankly, when I hear all the feedback from different people using it 'in real life', it's not all so bright...
Besides, what about Intermezzo that is derived from Coda with most of it's features because of such "unforseen" scalability issue that were not planned back when the developement began... (appart from the fact that Intermezzo seems a little beta to me)
You can also find some good information concerning Coda/Intermezzo/NFSv4 here
As a conclusion, why not having one or more big editor (IBM, SGI, HP...) put some big bucks on the table in order to help any of these 2 projects being finalized through funds (SourceXchange, CoSource or any other way)
I guess we will now see some kind of very light scrambling built in image viewers akin to rot13 that will bypass those filters... (a reverse video for instance !)
maybe you're also over reacting to all of the/.ers who blindly say "STO works 100% of the time"
let me explain yet another point of view
1st, you examples are not so adequate because they don't match the given situation :
you can't compare hiding car or house keys to the use of PGP keys because the context is totally different (once we'll have fingerprinting + bullet proof door based on _open_ and tested algos, then we'll see)
then, the MS / Quake example are also bogus because those projects were not build openly right from the beginning so (Quake) now has the drawback that it must correct the mistakes and eventually, MS would have a _very_ hard time if they were to make such a move while having to deal some serious security risks plus customers/shareholders fear and loathing a decision that is quite hard to understand at first
OTOH, Linux (and other *nix or OpenBSD) didn't suffer from the original false 'insecurity through openness' because it lacked big names production servers that fear running their babies on such beasts
if you don't agree, please see how even the NSA got the point of backing up GNU/Open/Linux servers (now you could also tell me that it doesn't prove anything but still...;-))
As a conclusion:
Security through obscurity makes sense _only_ on closed systems while the opposite is
much better for open ones
This is the MS way of slowing down others to develop yet another player for Linux because the real trend now has moved from the browser war (Netscape vs IE) into the streaming and new media (audio/video) war.
When they say "six to nine months" (which really has to be translated into "1 to 2 years" if not more), it means that a lot of water will have passed under the bridge and it's a ingenious way of distracting the "Linux for desktop" threat from the launching of W2K.
I think (and hope) that this obvious attempt to slow Linux's broader access to desktop will be thwarted by the launching of Mozilla and (if possible) an OSS media player (among other things). Then, it will just be a question of having a nice and finalized office suite (Koffice / Gnome office), few more games... et voila !
BTW, what have happened to the IE port for Slowlaris ???
Slashdot Mirror
I'm actually running 2.6.1 and for the first time since 2.5.45 I'm noticing a noise in my speakers (ens1371 sound card under Alsa)
so for now I'll stick with 2.6.0 which just work fine
Here is a good essay that was originaly posted at LinuxCare (I think) :
Fear of ForkingFrom what I can tell, the work that ressemble what is described here has been done by Danisch
...and not once did I see any relation with work done at Microsoft.
If Microsoft were to disable/ block whoever is using a leaked key, then I would bet that we will see some viruses that will modify the actual genuine S/N into a pirated one.
I just wonder how much the Debian/GNU Linux would have costed based on the same calculation knowing that it now includes more than 10K packages
Well, from a very close and trusted source, Caldera just closed their division that built the product they (used to) sell !
So, what's next ?
Maybe try to have a stock value higher than $1 when a year ago it was in the range of $10 and used to be even much higher...
You can do it by disconnecting (click offline icon bottom right corner) and then select the message you want to forward
Of course, for javascript web bugs disable it from Mail and Newsgroup !
and in Europe, Amélie and others has been quite a major hit !!
for Linux :
dd if=/dev/null of=/dev/bill bs=1024 count=8192or
mke2fsfor Windows :
format note:[Please insert bill in driver]
I've just tried SpamAssassin this WE and it works great :
...the best thing is that you don't have to perpetually update black lists of well know spammers
it is just based on content detection of spams (subject in CAPITALS; lots of exclamation marks, sp sammer X-Mailer etc.)
and it really works well
At least, they will never see me buying one of their cards until they release the source of their drivers for inclusion in XFree 4.x !!
Is their anyone at Nvidia who can read and pass on the essay from RMS (esp. the appendix from the Magic Cauldron) :
Why Closing Drivers Loses A Vendor Money
it still doesn't explain/correct the Alpha/pc_keyb.c problem tough !!
...for the Alpha + i386 arch on NTFS (unistr.c) and pc_keyb.c respectively :
personal box (AMD Duron) :
and on the Alpha Server 1000 :
the problem is medium because for a user point of view, the damage is relatively low risk for the computer compare to reformating the hard drive or erasing the BIOS
who said Symantec cares for ISP and other system maniacs !!!
their only interest is to sell you the latest anti virus that can protect your Winblows <whatever> against naughty worms or viruses...
the first and preffered Cringely's solution for a so-called secure Internet is a dream for several reasons :
I mean, how such a technical solution will be develop in other OSes under any possible TCP stack and mail servers (to insert the ID),
I just hope that people will realize that running IIS is just as unsecure as using Outlook for a mail reader
But worst of all, this month's Netcraft survey shows that IIS is gaining ground on Apache which just make this all mess even bigger
Maybe we will see the opposite trend next month when people are switching back to Apache...
Well, at least now even the press can understand that M$ product are plain insecure and the old argument saying that "it's just because no one is using the competition's product" doesn't stand anymore with the Apache vs IIS market share
maybe it's time to find a name to the upcoming v1.0.
Horizon (n.) :
An imaginary line which moves away each time you approach it.
see Jargon definition of suit
...Invariably worn with a `tie', a strangulation device that partially cuts off the blood supply to the brain. It is thought that this explains much about the behavior of suit-wearers.
;)
well, maybe it's not that bad after all ! (depending on the money you'll make because after all, this is the main reason why you're to accept the job aren't you)
Nostalgia isn't what it used to be.
First, don't get me wrong, I'm not against the idea at all and I do think that Coda is really great (on paper).
Second, I'm also surveying Coda's enhancements for more than 2 years now and I really think it's a great software with lots of people behind but my question really is : "can Coda achieve enough scalability and stability in order to be installed for 1000+ clients ?" (the FAQ and the latest changelog doesn't help me think it could handle 2500 clients without any problem at all...)
Because frankly, when I hear all the feedback from different people using it 'in real life', it's not all so bright...
Besides, what about Intermezzo that is derived from Coda with most of it's features because of such "unforseen" scalability issue that were not planned back when the developement began... (appart from the fact that Intermezzo seems a little beta to me)
You can also find some good information concerning Coda/Intermezzo/NFSv4 here
As a conclusion, why not having one or more big editor (IBM, SGI, HP...) put some big bucks on the table in order to help any of these 2 projects being finalized through funds (SourceXchange, CoSource or any other way)
I guess we will now see some kind of very light scrambling built in image viewers akin to rot13 that will bypass those filters... (a reverse video for instance !)
maybe you're also over reacting to all of the /.ers who blindly say "STO works 100% of the time"
let me explain yet another point of view
1st, you examples are not so adequate because they don't match the given situation :
you can't compare hiding car or house keys to the use of PGP keys because the context is totally different (once we'll have fingerprinting + bullet proof door based on _open_ and tested algos, then we'll see)
then, the MS / Quake example are also bogus because those projects were not build openly right from the beginning
so (Quake) now has the drawback that it must correct the mistakes and eventually, MS would have a _very_ hard time if they were to make such a move while having to deal some serious security risks plus customers/shareholders fear and loathing a decision that is quite hard to understand at first
OTOH, Linux (and other *nix or OpenBSD) didn't suffer from the original false 'insecurity through openness' because it lacked big names production servers that fear running their babies on such beasts
if you don't agree, please see how even the NSA got the point of backing up GNU/Open/Linux servers ... ;-))
(now you could also tell me that it doesn't prove anything but still
As a conclusion :
This is the MS way of slowing down others to develop yet another player for Linux because the real trend now has moved from the browser war (Netscape vs IE) into the streaming and new media (audio/video) war.
When they say "six to nine months" (which really has to be translated into "1 to 2 years" if not more), it means that a lot of water will have passed under the bridge and it's a ingenious way of distracting the "Linux for desktop" threat from the launching of W2K.
I think (and hope) that this obvious attempt to slow Linux's broader access to desktop will be thwarted by the launching of Mozilla and (if possible) an OSS media player (among other things).
Then, it will just be a question of having a nice and finalized office suite (Koffice / Gnome office), few more games... et voila !
BTW, what have happened to the IE port for Slowlaris ???