If Iraq had not been in violation of UN sanctions, the coalition would not have been willing to mount the war.
The first Gulf War had a coalition.
Bush's war had England and a few other countries with token representation.
Like someone else said, if Missouri was a country, it would be the 3rd largest member of the "coalition".
I didn't see Poland pushing for an Iraq invasion before Bush started talking. There is no reason to believe any of those countries were in it because of the violations. But there is lots of evidence that Bush bought their cooperation with trade agreements, etc.
People who routinely hit sites outside of their "local setting" will get used to www.paypal.com showing up in red.
Perhaps: The url has a pink background if the url is 100% characters outside of your locale.
The url has a right RED background if the url is composed of characters from multiple sets.
Also, put a bright red, flashing fish icon (or the phrase "possible phishing site") in the upper left (by the magic circle of dots) or somewhere on the bottom bar when a site uses questionable links (as in your spo0furl.com example).
Same thing. Don't argue with me over semantics. HTTPS provides this. SMTP does not.
It isn't "semantics" as you claim. And the experts (and even people who read what the experts write) understand the difference.
That's a terribly useless hack on top of SMTP. Could SMTP be hacked to provide useful authentication. Sure. But the standard protocol doesn't provide for it.
Again, you claimed that SMTP doesn't have authentication.
I proved that it does.
But then, you also claimed to know SMTP "inside and out".
As for being "terribly useless", it is in use every day on systems from Exim to Exchange.
Just because YOU don't understand it does not mean that others have that same problem.
I'll be going now. Feel free to keep spouting other ignorant bullshit that you've heard from the kiddies on/. and that you believed to be factual.
Here's a hint, kid. There are lots of people just like you who like to pretend they know things they don't. Grow up and learn to read the material for yourself.
#3. Well, there is kind of a problem, but it's the same problem that everyone has.
#4. It just looks that way because we're the biggest.
#5. Everyone gets spam.
#6. The alternatives would cost you more.
#7. Innovation. We've got it, they don't.
#8. We have more people paid to deal with that.
#9. They don't have the features we do.
#10. Lawsuits! Did I scare you?
Whenever you're asked a question that isn't disguised praise, all you have to do is reply with one of the above phrases. It doesn't matter which one.
In a recent interview, Bill Himself told the interviewer "Simply because one must spend billions of dollars to ensure the security of each individual system."
Remember, we will never send you into an interview where the other person knows enough about technology to call you on ANY lie you feel like telling.
So why did I chose Secunia? Well, they don't issue advisories, they simply reflect the vendor advisories, and in some instances "rumblings in the marketplace." There is a downside to the site too, as some vendors don't patch so they may look better on Secunia. However, both Microsoft and Apache have good advisory records, so the data is useful.
Great. So he's basing his conclusion on a site that only says what the vendors officially say.
He's slanted his "analysis" by choosing a single site that slants towards the vendor's best interest.
Instead, do a vanilla install of the OS. Then patch the OS. List all the files. Then install IIS. List all the files including ones that have been upgraded. Then install the first patch for IIS. Look at what files change. Second patch. So on.
Then search to see what you can find about why those files changed.
That's the only way to find the FACTS.
Microsoft can release one patch and claim it is for some minor vulnerability, while wrapping up a dozen major fixes in it and you would never know.
But there's a lot of math so you'll probably choose to continue your ignorant existance.
I asked:
And what's wrong with SMTP?
To which you replied:
There is no method of authentication.
You might want to go read RFC 2554 http://www.faqs.org/rfcs/rfc2554.html since you claim SMTP doesn't have authentication. I seem to be using it all the time.
Well now you've heard it from a fool who knows SMTP inside and out.
The first half of that statement is correct. But the references I posted show that the second half is a lie.
You're suspicious that he's an double agent? Or that he's just another clueless PHB?
Will it matter when he comes back with his "study" showing how expensive Linux is?
As a CTO for a huge corporation, I doubt he ever personally got on the phone and ordered computers for his company.
That's the problem. The article is about how a CTO for World Bank is going to get the facts about this TCO thing.
In his article, he's shown he doesn't even know the history or how OEM's operate.
And since he's going to be checking the TCO for a single computer, I don't think he understands "TCO", either. His entire approach is just about guaranteed to find the "TCO" for Linux is higher than Windows.
So, is he the very definition of PHB? -or- Is he paid to whore out his CTO status?
The first would be more annoying. Imagine the articles that could be written.
"Only clueless people think Linux has a lower TCO and even they can learn the truth if they have an open mind."
I guess all the corporations I've worked for have been the exception. Or are you now making shit up?
That is what is called an "anecdote".
Meanwhile, the facts are: #1. Corporate usage of email is increasing. #2. Spam, as a percentage of email is increasing.
Let me know if you want to argue either of those points. If not, then you admit that you were wrong.
Only if those 10,000 all used the same OC 48. And even then, like I've said, they'd be quickly shut down.
How many OC 48's do you believe there are?
Answer that.
Bandwidth is not an unlimited quantity.
I've never said that zombies don't need to be shut down. They do, but it really has very little to do with spam.
Actually, the zombies are responsible for most of the spam right now. A third time you are wrong.
They certainly don't have firewalls which disallow incoming connections, since they allow incoming connections by their very nature.
That statement applies equally to both Exchange servers and Linux web servers.
A fourth time, you are wrong.
Exchange server? There are far more linux servers running apache than windows servers running exchange server.
No, there are not.
You are confusing web sites with web servers.
www.drizzle.com
An ISP running Linux and hosting a lot of web sites. But still only one Linux web server and only 2 T-1's.
A fifth time, you are wrong.
Real authentication would be more like the way HTTPS works.
No. HTTPS is about encryption. It allows an encrypted channel between the client and server. Encryption is NOT the same as authentication.
I thought you knew all about SMTP.
HTTPS only provides an encrypted channel so some other means of authentication can be used.
Few Linux servers on the Internet? You should present this theory to Netcraft.
And that is your sixth (or is it seventh) mistake in that one post.
Netcraft counts domains. There are almost 60 million domains hosted on Apache boxes.
To you, that means there are lots of Linux boxes.
www.drizzle.com
They host about 100 domains on their Linux box.
So, while you will consult Netcraft and see 100 domains and believe that Linux is everywhere...
The fact is that it is a single Linux box. Not 100.
Meanwhile, how many single Exchange servers do you know of that handle email for 100 different companies? None? I didn't think so. Looks like you're wrong again.
but... that's not going to stop you from making irrational claims.
This part is definitely false. After all, spam takes up a very small percentage of corporate traffic.
No. It's actually a rather large percentage of the average corporate traffic. And it is growing.
Spread out among how many companies? Even if the millions of companies don't have T1s, surely they have 5.12K to spare.
It doesn't matter how many companies because the backbone has been flooded. Again, those 10,000 could flood and OC 48.
Again you're assuming the 10,000 zombies are all using the same OC48, and without being discovered and shut down.
But discovering them and shutting them down is MY SOLUTION.
You say that it doesn't need to be done.
No, but webservers tend to be hosted on fast connections, and Linux has the most webservers.
Those "fast connections" are T-1's.
There are more home users than there are individual Linux websites hosted on T-1's or greater.
Maybe, but these also tend to be behind firewalls.
Can you possibly keep track of your own arguments? Are you saying that all of those Linux websites do NOT have firewalls?
Go ahead and say that. If you won't, then your point about a firewall on a T-1 to an Exchange server is idiotic.
There is no method of authentication.
Look at the "envelope". It will tell you which machine you're talking to.
Look at the TCP/IP packet, it will tell you the address of the machine you're talking to.
What is this magical "authentication" you're talking about and how would it be used?
Does my machine have to keep a list of every other machine's name and password?
Well now you've heard it from a fool who knows SMTP inside and out.
Wow, some anonymous person on the Internet claims to know everything about SMTP, yet has trouble understanding basic concepts such as an envelope, bandwidth and SMTP.
Yet you believe that a worm hitting the few Linux servers on the Internet would be very bad.
There are more Windows boxes connected to the Internet than there are Linux web servers.
Look at how slammer and blaster affected Internet traffic. Yet they weren't Linux-based. But many Linux webservers were unavailable because of the traffic.
Here's a hint, because you can send email to mommy does NOT mean that you know "SMTP inside and out".
To begin, I wanted to get a realistic assessment of how much one could save on a Windows-free computer purchase. It's at least erroneous, and probably intentional distortion, to use the Windows shelf price of $299 in a TCO analysis. Nobody pays $299 to get Windows with a computer.
And he goes on and on and on about how he tried to find what a computer from a major OEM would cost without Windows.
Sheeeeet! We've been through this so many times it isn't even funny anymore.
Microsoft has deals with the major OEMs for that. We've known that for YEARS. Ever since the "per-processor" licenses back during the FIRST Microsoft trial.
And he's just discovering this in 2005? That doesn't give me much confidence in his other "discoveries".
The boxes with Windows are less expensive than the boxes without.
Did you go back and read that sentence again?
Yes, we know that (or at least I know that).
It's called "monopoly". It means that you have to dig.
The OEMs have an incentive to make non-Microsoft boxes less appealing because they don't want to risk their contracts with Microsoft.
In Part II: The Hard Truth about Linux on the Desktop - The Hard Costs I'm going to continue my attempt at a more accurate TCO analysis for the desktop, reflecting the hard truth that saving money on the Windows license isn't going to be the big money saver that some analyses have assumed.
A whole article dedicated to the fact that major OEMs push Windows on their boxes.
And all of this from a retired CTO of World Bank.
Here's something he managed to miss (somehow).
It isn't easy (and mostly not cheaper) to purchase the box without Windows...
But then, if you have a contract with Microsoft YOU HAVE TO LICENSE WINDOWS AGAIN!
The license for that box from Dell is NOT transferable to your corporate license with Microsoft.
It isn't how much you can buy something for from an OEM with an EXISTING LICENSE WITH THE MONOPLY... damn, I would think anyone would know that.
Microsoft also GIVES those OEMs money for supporting Microsoft's ad campaigns. So the actual price is very hard to find.
Your suggestion about Wal-Mart is actually a good one. You can compare the price of a similar Wal-Mart PC to a Dell PC and see what the price difference is. It's not that much ($25 last time I checked in 2004).
But then you add in the cost of your Microsoft corporate license (another $25 - $50 for the OS).
So that puts the actual cost of the Windows license at between $50 - $75.
!!!BUT!!! That is NOT the amount you will SAVE. Again, it's the monopoly. The OEM's will charge you the $25 no matter what. They have contracts with Microsoft.
It isn't worth your $25 to risk Microsoft's wrath.
If you buy in large enough quantities, they may pre-install a different OS for you. But the price won't be the same.
I don't have a warm fuzzy feeling for the rest of his articles. He's starting with too many clueless assumptions and approaching the situation from a single person's point of view.
Instead, buy some Wyse terminals and run LTSP and compare the TCO of that setup for 20 users vs 20 users in a standard Windows network.
CTO? Who likes Linux? Approaching the subject in this fashion to get "real" results?
Why would 7 zombies use all their bandwidth sending spam to a single company? Unless it's an intentional DDOS, they won't, they'll spread their spam out among all the millions of companies.
That's partially correct. But there aren't "millions" of companies with T-1's or better.
But the part you keep missing (did you fail math?) is that the zombies have more bandwidth than the regular companies.
So, if only 7 zombies out of all of them can more than flood one company, eventually, the zombies will be sending enough spam to create a DDoS against companies.
Again, only if those 7 zombies send solely to a single T-1 line.
No. Here's where your failure at math is the problem.
10,000 zombies (capped at 256K) mean 2.56 BILLION bits/second potential for spam.
If they're capped at 512K, that means 5.12 BILLION bits/second potential for spam.
Now, those zombies won't all be focused on any single company, like you keep assuming I don't know.
Now, try looking up what size of pipes are available and how much they cost.
Oh, do you finally understand? 7 zombies can flood a T-1. 10,000 zombies (at only 256K) can flood an OC 48.
When the backbones are flooded, NO ONE gets any email.
Or do you believe that your Internet connection just magically appears and feeds into some wonderous place beyond the reach of physical laws?
But the linux boxes tend to be on much higher bandwidth connections.
Bullshit. I don't see many companies paying for a T-3 or OC3 just because they're running a Linux box. I do see lots of companies running Exchange with T-1's.
The problem is that SMTP sucks. Spam, and not being able to cut it off at the source, is just one symptom of that problem.
Really? And what's wrong with SMTP? Be specific.
I've heard lots of fools make that claim, and they didn't know the first thing about how email flows.
If all the zombies focussed on one company. Of course, that wouldn't be spam, that would be an intentional DDOS attack.
Hey, here's a fact I bet you didn't know. A T-1 line is rated at 1.54Mb/s.
So, it would only take 7 zombies (at 256Kb/s capped upload) to completely flood it.
254Kb/s * 7 = 1.792Mb/s
See? You do learn things on/.
As long as the combined bandwidth of all the zombies is kept to a small ratio of the combined bandwidth of all email providers, there isn't going to be a problem.
This has nothing to do with "email providers". Why do you even bring that up?
This has to do with companies receiving spam sent by zombies.
Again, it only takes 7 zombies to completely flood a T-1 line. And with higher bandwidth available for home users, this is only going to get worse.
It could happen, for instance if a spammer managed to write a worm exploiting a major hole in Linux, but spam would be the least of our worries at that point.
WTF? There are fewer Linux boxes connected to the Internet than there are Windows boxes.
Which is? Seriously, I have no idea which problem you're referring to.
No, you do not have the background to understand the problem I'm identifying. There's a big difference there.
You don't understand what "bandwidth" is or what a T-1 is.
You don't understand that spam takes bandwidth.
You don't understand that more spam means more bandwidth.
10 years ago, I could (and did) run email services for companies using a single 2400b/s modem. Now that would be impossible. Companies get more spam than that size pipe could move.
Nor would a 56Kb/s modem work and for the same reason, too much spam.
So, over time, the amount of bandwidth taken by spam has increased to the point where larger pipes are needed just to handle email.
Is that simple enough for you? So the problem is how do we cut off the supply of spam at the source, rather than just filtering it once we've already received it.
Here's a good trick to illustrate how it works.
On the email server for your company, cut down the threads handling incoming email to 2. Then see how many problems you have receiving legitimate email because your server is too busy processing spam.
Even if you have great filters that can get rid of 99.999% of the spam, without dealing with the source, the number of spams will just keep increasing.
Eventually, it will become a DDoS attack on your mail server.
It doesn't take too many xDSL/cable zombies with 256Kb/s capped upload to flood a company's T-1 for email.
We need to start focusing on actually solving the problem rather than just filtering the effects.
"I want to disabuse anybody of any notion that somehow the books were cooked," Mayer told the Times. But he said "certain things are scripted" in any large war game. "You have to execute in a certain way or you'll never be able to bring it all together," he said.
Mayer said that in some parts of the exercise Van Riper was constrained "in order to facilitate the conduct of the experiment."
So, Van Riper was "constrained" but that doesn't mean "the books were cooked".
Bullshit. When you limit the options, you tilt the results.
However, while having optional modules for the standard doesn't seem like a bad thing to me, the idea of having the distibution providers doing the certification seems like a mistake.
Bingo. What incentive does Red Hat have to ensure LSB compliance in addition to (or instead of) Red Hat compliance?
The original stated purpose of the LSB was to guarantee that an app you got from an ISV who had certified that app against the LSB would run on any LSB compliant system.
If Red Hat certifies an ISV's app against the LSB implementation that Red Hat has, where is the guarantee that the app will run on a Debian LSB system? Or even a SuSE LSB system?
In which case, you're back at the beginning with the "problem" that a package built for Red Hat will not be guaranteed to run on a SuSE box.
On the other hand, whatever packaging system does become the "optional standard" will be the best one out there, or at least the best combination of security/stability and ease of use.
I don't see that happening.
Rather, why not specify the functionality that needs to be present and the format of the packages.
Don't use.rpm's, use.lsb's instead.
That way they can take the best parts of all the packages and specify them in their own format.
Then detail the functionality needed to install those packages. That functionality can be added to rpm and apt and whatever other managers are out there as those maintainers desire.
Also detail the features/functionality of whatever is used to store the package data.
That also allows those maintainers to add the functionality as they desire.
It will take more WORK than simply saying "use.rpm's with these restrictions" but the end result will be a better designed system.
Err.. no - what they have done is create a single point of contact for security related bugs instead of the mish mash we have at the moment. That POC will work with the reporter to publish the bug.
Right now, all you have to do is look up the name of the maintainer for the sub-system with the flaw and email him/her directly.
So, if all the spammers move their servers to "bulletproof" ISP's in China... GREAT!
It makes it easier to block those specific ISP's.
Keep those firewalls banning entire countries (.kr and.br) and keep banning/16's and/8's until it is gone. The spammers are here to stay.
You don't have to block entire countries. Just the specific bulletproof ISP's in those countries.
The problem right now is that spammers are decentralized. If you get 1,000 spam messages, they could have come from 1,000 different addresses in 1,000 different ISP's across a dozen different countries.
And this is exactly what we have been saying all along. No matter what laws are passed, no matter what we do to combat spam, the spammers will always find another way to make a buck.
Hardly. This is a problem and it can be addressed the same as any other problem.
#1. Identify the avenues used to distribute spam.
1a: Zombies
1b: Open relays
1c: Spammer purchased site
#2. Identify and implement counter-measures for each avenue identified.
2a: ISP's block outgoing port 25 on their home services.
2b: ORDB
2c: Block the ISP's that allow spammers to operate on them.
#3. Allow the various states to write their own anti-spam laws and to pursue the companies that spam and advertise via spam.
It's a multi-prong approach. But spam is solvable.
"Reason" (in the sense of motivation) and "Justification" (in the sense of showing that a line of investigation is scientifically worthy) are two different things.
Whatever. Use the words you like.
If the only motivations that are admissable are those with sound scientific basis, then the advancement of science would probably be impaired.
Hardly. It would remove everyone with a political/religious/nutcase agenda. And those are the ones that produce all the "junk science" out there.
People are always trying to prove things which they want to believe on the basis of hunches or aesthetic considerations; if they can justify why an avenue of investigation is interesting, why not let them purue it?
Because when they set out to "prove" what they already "know", then you get into the realm of "junk science".
Why should religious motivations be any different than an aesthetic one?
For exactly the reasons we see with the shroud. The real scientists are not allowed access to it. They have to go through the people who believe it is a holy relic.
When the scientists' experiments don't come back with the "proof" the religious people would like, then "flaws" are found with what samples were taken, under what conditions, etc.
That's because the goal isn't finding out how old the shroud is (that would be science).
The goal is proving that it could be 2000 years old.
I will not contest this, because I don't know the specific alterations you speak of nor would I know enough about the methods of archaeology to know how affected they would be by these alterations.
Read up on the history of the shroud and you'll see the problems and agendas.
Competence is not a deomcracy. The amount of people who are or are not competent has no effect on any single person being competent. What matters is being able to actually know what you are doing when you use something.
That same definition would also apply to "expert".
Since "competent" and "expert" have the same definition, they are the same.
Too bad. You lose.
I never said that Windows was easy to set up correctly, or that it was appropriate for the average stupid user. It's not.
Again, that gets back to the definition of being "competent" being the same as the definition for being "expert".
That is because Windows is packed full of flaws that just aren't there in better designed OS's (Linux and Mac).
With those, you can be "competent" without having to be an "expert".
Bush's war had England and a few other countries with token representation.
Like someone else said, if Missouri was a country, it would be the 3rd largest member of the "coalition".
I didn't see Poland pushing for an Iraq invasion before Bush started talking. There is no reason to believe any of those countries were in it because of the violations. But there is lots of evidence that Bush bought their cooperation with trade agreements, etc.
People who routinely hit sites outside of their "local setting" will get used to www.paypal.com showing up in red.
Perhaps:
The url has a pink background if the url is 100% characters outside of your locale.
The url has a right RED background if the url is composed of characters from multiple sets.
Also, put a bright red, flashing fish icon (or the phrase "possible phishing site") in the upper left (by the magic circle of dots) or somewhere on the bottom bar when a site uses questionable links (as in your spo0furl.com example).
So it does seem that I know what you don't know. You don't know what authentication or encryption is and you don't understand how https works.Right here: http://slashdot.org/comments.pl?sid=138335&cid=11
I proved that it does.
But then, you also claimed to know SMTP "inside and out".
As for being "terribly useless", it is in use every day on systems from Exim to Exchange.
Just because YOU don't understand it does not mean that others have that same problem.
I'll be going now. Feel free to keep spouting other ignorant bullshit that you've heard from the kiddies on
Here's a hint, kid. There are lots of people just like you who like to pretend they know things they don't. Grow up and learn to read the material for yourself.
#1. There isn't any problem.
#2. There really isn't any problem.
#3. Well, there is kind of a problem, but it's the same problem that everyone has.
#4. It just looks that way because we're the biggest.
#5. Everyone gets spam.
#6. The alternatives would cost you more.
#7. Innovation. We've got it, they don't.
#8. We have more people paid to deal with that.
#9. They don't have the features we do.
#10. Lawsuits! Did I scare you?
Whenever you're asked a question that isn't disguised praise, all you have to do is reply with one of the above phrases. It doesn't matter which one.
In a recent interview, Bill Himself told the interviewer "Simply because one must spend billions of dollars to ensure the security of each individual system."
Remember, we will never send you into an interview where the other person knows enough about technology to call you on ANY lie you feel like telling.
Great. So he's basing his conclusion on a site that only says what the vendors officially say.
Meanwhile, on eeye http://www.eeye.com/html/research/upcoming/index.
Do you think that's going to make it into Secunia's logs?
He's slanted his "analysis" by choosing a single site that slants towards the vendor's best interest.
Instead, do a vanilla install of the OS.
Then patch the OS.
List all the files.
Then install IIS.
List all the files including ones that have been upgraded.
Then install the first patch for IIS.
Look at what files change.
Second patch.
So on.
Then search to see what you can find about why those files changed.
That's the only way to find the FACTS.
Microsoft can release one patch and claim it is for some minor vulnerability, while wrapping up a dozen major fixes in it and you would never know.
But there's a lot of math so you'll probably choose to continue your ignorant existance.
I asked:To which you replied:
You might want to go read RFC 2554 http://www.faqs.org/rfcs/rfc2554.html since you claim SMTP doesn't have authentication. I seem to be using it all the time.The first half of that statement is correct. But the references I posted show that the second half is a lie.
In his article, he's shown he doesn't even know the history or how OEM's operate.
And since he's going to be checking the TCO for a single computer, I don't think he understands "TCO", either. His entire approach is just about guaranteed to find the "TCO" for Linux is higher than Windows.
So, is he the very definition of PHB?
-or-
Is he paid to whore out his CTO status?
The first would be more annoying. Imagine the articles that could be written.
"Only clueless people think Linux has a lower TCO and even they can learn the truth if they have an open mind."
Meanwhile, the facts are:
#1. Corporate usage of email is increasing.
#2. Spam, as a percentage of email is increasing.
Let me know if you want to argue either of those points. If not, then you admit that you were wrong.How many OC 48's do you believe there are?
Answer that.
Bandwidth is not an unlimited quantity.Actually, the zombies are responsible for most of the spam right now. A third time you are wrong.That statement applies equally to both Exchange servers and Linux web servers.
A fourth time, you are wrong.No, there are not.
You are confusing web sites with web servers.
www.drizzle.com
An ISP running Linux and hosting a lot of web sites. But still only one Linux web server and only 2 T-1's.
A fifth time, you are wrong.No. HTTPS is about encryption. It allows an encrypted channel between the client and server. Encryption is NOT the same as authentication.
I thought you knew all about SMTP.
HTTPS only provides an encrypted channel so some other means of authentication can be used.And that is your sixth (or is it seventh) mistake in that one post.
Netcraft counts domains. There are almost 60 million domains hosted on Apache boxes.
To you, that means there are lots of Linux boxes.
www.drizzle.com
They host about 100 domains on their Linux box.
So, while you will consult Netcraft and see 100 domains and believe that Linux is everywhere...
The fact is that it is a single Linux box. Not 100.
Meanwhile, how many single Exchange servers do you know of that handle email for 100 different companies? None? I didn't think so. Looks like you're wrong again.
Oh, no comment on blaster or slammer? http://www.upi.com/view.cfm?StoryID=20030126-0430
No, there just aren't enough Windows boxes on the Internet to cause problems with bandwidth, are there?
Need more? http://www.pcworld.com/news/article/0,aid,114380,
And those were just the machines running the service that could be exploited. There are far more home machines connected.
Not to mention that was 2 years ago. Not some time in the future. 2 years ago.
But that won't mean anything to you because you don't understand basic math. You can't grasp the concept that 2 years ago has already happened.
You say that it doesn't need to be done.Those "fast connections" are T-1's.
There are more home users than there are individual Linux websites hosted on T-1's or greater.Can you possibly keep track of your own arguments? Are you saying that all of those Linux websites do NOT have firewalls?
Go ahead and say that. If you won't, then your point about a firewall on a T-1 to an Exchange server is idiotic.Look at the "envelope". It will tell you which machine you're talking to.
Look at the TCP/IP packet, it will tell you the address of the machine you're talking to.
What is this magical "authentication" you're talking about and how would it be used?
Does my machine have to keep a list of every other machine's name and password?Wow, some anonymous person on the Internet claims to know everything about SMTP, yet has trouble understanding basic concepts such as an envelope, bandwidth and SMTP.
Yet you believe that a worm hitting the few Linux servers on the Internet would be very bad.
There are more Windows boxes connected to the Internet than there are Linux web servers.
Look at how slammer and blaster affected Internet traffic. Yet they weren't Linux-based. But many Linux webservers were unavailable because of the traffic.
Here's a hint, because you can send email to mommy does NOT mean that you know "SMTP inside and out".
At the last company I was with, I talked to both the Microsoft reps and the Dell reps and NEITHER would allow that.
That was back in 2000. Now we use HP boxes.
Have you done that? How much did they deduct?
Sheeeeet! We've been through this so many times it isn't even funny anymore.
Microsoft has deals with the major OEMs for that. We've known that for YEARS. Ever since the "per-processor" licenses back during the FIRST Microsoft trial.
And he's just discovering this in 2005? That doesn't give me much confidence in his other "discoveries".Yes, we know that (or at least I know that).
It's called "monopoly". It means that you have to dig.
The OEMs have an incentive to make non-Microsoft boxes less appealing because they don't want to risk their contracts with Microsoft.A whole article dedicated to the fact that major OEMs push Windows on their boxes.
And all of this from a retired CTO of World Bank.
Here's something he managed to miss (somehow).
It isn't easy (and mostly not cheaper) to purchase the box without Windows...
But then, if you have a contract with Microsoft YOU HAVE TO LICENSE WINDOWS AGAIN!
The license for that box from Dell is NOT transferable to your corporate license with Microsoft.
It isn't how much you can buy something for from an OEM with an EXISTING LICENSE WITH THE MONOPLY... damn, I would think anyone would know that.
Microsoft also GIVES those OEMs money for supporting Microsoft's ad campaigns. So the actual price is very hard to find.
Your suggestion about Wal-Mart is actually a good one. You can compare the price of a similar Wal-Mart PC to a Dell PC and see what the price difference is. It's not that much ($25 last time I checked in 2004).
But then you add in the cost of your Microsoft corporate license (another $25 - $50 for the OS).
So that puts the actual cost of the Windows license at between $50 - $75.
!!!BUT!!!
That is NOT the amount you will SAVE. Again, it's the monopoly. The OEM's will charge you the $25 no matter what. They have contracts with Microsoft.
It isn't worth your $25 to risk Microsoft's wrath.
If you buy in large enough quantities, they may pre-install a different OS for you. But the price won't be the same.
I don't have a warm fuzzy feeling for the rest of his articles. He's starting with too many clueless assumptions and approaching the situation from a single person's point of view.
Instead, buy some Wyse terminals and run LTSP and compare the TCO of that setup for 20 users vs 20 users in a standard Windows network.
CTO? Who likes Linux? Approaching the subject in this fashion to get "real" results?
I'm beyond sceptical at this point.
But the part you keep missing (did you fail math?) is that the zombies have more bandwidth than the regular companies.
So, if only 7 zombies out of all of them can more than flood one company, eventually, the zombies will be sending enough spam to create a DDoS against companies.No. Here's where your failure at math is the problem.
10,000 zombies (capped at 256K) mean 2.56 BILLION bits/second potential for spam.
If they're capped at 512K, that means 5.12 BILLION bits/second potential for spam.
Now, those zombies won't all be focused on any single company, like you keep assuming I don't know.
Now, try looking up what size of pipes are available and how much they cost.
Oh, do you finally understand? 7 zombies can flood a T-1. 10,000 zombies (at only 256K) can flood an OC 48.
When the backbones are flooded, NO ONE gets any email.
Or do you believe that your Internet connection just magically appears and feeds into some wonderous place beyond the reach of physical laws?Bullshit. I don't see many companies paying for a T-3 or OC3 just because they're running a Linux box. I do see lots of companies running Exchange with T-1's.Really? And what's wrong with SMTP? Be specific.
I've heard lots of fools make that claim, and they didn't know the first thing about how email flows.
So, it would only take 7 zombies (at 256Kb/s capped upload) to completely flood it.
254Kb/s * 7 = 1.792Mb/s
See? You do learn things on
This has to do with companies receiving spam sent by zombies.
Again, it only takes 7 zombies to completely flood a T-1 line. And with higher bandwidth available for home users, this is only going to get worse.WTF? There are fewer Linux boxes connected to the Internet than there are Windows boxes.No, you do not have the background to understand the problem I'm identifying. There's a big difference there.
You don't understand what "bandwidth" is or what a T-1 is.
You don't understand that spam takes bandwidth.
You don't understand that more spam means more bandwidth.
10 years ago, I could (and did) run email services for companies using a single 2400b/s modem. Now that would be impossible. Companies get more spam than that size pipe could move.
Nor would a 56Kb/s modem work and for the same reason, too much spam.
So, over time, the amount of bandwidth taken by spam has increased to the point where larger pipes are needed just to handle email.
Is that simple enough for you? So the problem is how do we cut off the supply of spam at the source, rather than just filtering it once we've already received it.
Here's a good trick to illustrate how it works.
On the email server for your company, cut down the threads handling incoming email to 2. Then see how many problems you have receiving legitimate email because your server is too busy processing spam.
Even if you have great filters that can get rid of 99.999% of the spam, without dealing with the source, the number of spams will just keep increasing.
Eventually, it will become a DDoS attack on your mail server.
It doesn't take too many xDSL/cable zombies with 256Kb/s capped upload to flood a company's T-1 for email.
We need to start focusing on actually solving the problem rather than just filtering the effects.
So, Van Riper was "constrained" but that doesn't mean "the books were cooked".
Bullshit. When you limit the options, you tilt the results.
With a regular zombie, you really can't email the person controlling the machine (or the one who has it in his house).
With an ISP's mail server, you can.
And they should be more interested in shutting down the thousands of spam messages so that their regular mail can be sent.
The original stated purpose of the LSB was to guarantee that an app you got from an ISV who had certified that app against the LSB would run on any LSB compliant system.
If Red Hat certifies an ISV's app against the LSB implementation that Red Hat has, where is the guarantee that the app will run on a Debian LSB system? Or even a SuSE LSB system?
In which case, you're back at the beginning with the "problem" that a package built for Red Hat will not be guaranteed to run on a SuSE box.
Rather, why not specify the functionality that needs to be present and the format of the packages.
Don't use
That way they can take the best parts of all the packages and specify them in their own format.
Then detail the functionality needed to install those packages. That functionality can be added to rpm and apt and whatever other managers are out there as those maintainers desire.
Also detail the features/functionality of whatever is used to store the package data.
That also allows those maintainers to add the functionality as they desire.
It will take more WORK than simply saying "use
Delegated and distributed != "mish mash".
It makes it easier to block those specific ISP's.You don't have to block entire countries. Just the specific bulletproof ISP's in those countries.
The problem right now is that spammers are decentralized. If you get 1,000 spam messages, they could have come from 1,000 different addresses in 1,000 different ISP's across a dozen different countries.Hardly. This is a problem and it can be addressed the same as any other problem.
#1. Identify the avenues used to distribute spam.
1a: Zombies
1b: Open relays
1c: Spammer purchased site
#2. Identify and implement counter-measures for each avenue identified.
2a: ISP's block outgoing port 25 on their home services.
2b: ORDB
2c: Block the ISP's that allow spammers to operate on them.
#3. Allow the various states to write their own anti-spam laws and to pursue the companies that spam and advertise via spam.
It's a multi-prong approach. But spam is solvable.
Damn straight.
...
...
Not only was this law SUPPOSED to reduce spam (by the charts, it hasn't)
But it was also supposed to make it easier to prosecute spammers who failed to follow it
AND it REPLACED state laws that were far stricter in their definitions and punishments.
It's a damn sight more difficult to get a FEDERAL case filed than it is to get one in your STATE courts.
We need to get rid of that stupid law and let the state courts handle it (they need the money from the judgements, anyway).
Then every failing company with a past contract with IBM would file a lawsuit and hope to be bought out.
In the long run, it's better for IBM to crush SCO, publicly, slowly and legally.
Oh, there won't be?
Bam! Looks like I was right.
Your argument is only valid if further testing can and will be done.
When the scientists' experiments don't come back with the "proof" the religious people would like, then "flaws" are found with what samples were taken, under what conditions, etc.
That's because the goal isn't finding out how old the shroud is (that would be science).
The goal is proving that it could be 2000 years old.Read up on the history of the shroud and you'll see the problems and agendas.
Then you'll understand why this is junk science.
Since "competent" and "expert" have the same definition, they are the same.
Too bad. You lose.Again, that gets back to the definition of being "competent" being the same as the definition for being "expert".
That is because Windows is packed full of flaws that just aren't there in better designed OS's (Linux and Mac).
With those, you can be "competent" without having to be an "expert".