I'm thinking that an evaporative sump cooler might work better than your not necessarily imaginative solution of using a compressor based air cooling system.
It would be hard to get the mass-market ISPs to go for it (and its nigh impossible with DHCP - even when my "dynamic" home addr hasn't changed in 11 months - even with a 6 hr blackout (stupid old UPS and 4 minute backup of 30 watts)):
But a "go to the website and CHECK HERE to open up inbound port 25".
At the least, I'd be delighted to see $PROVIDER to a scan and relay check of all their customers' port 25.
And I can survive, begrudingly, with sending OUTBOUND mail via smarthost to their mail relay. AOL makes me. Hell, ME at *work* makes me now. less than 0.05% (5 in 10k) of mail from client*.comcast|attbi has comcast or attbi in the domain name. Granted, that's not guarantee of spam, but in looking at 20k FROM addresses, I'm not going far on a limb suggesting that it was a BIG win to block.
My house has been Windows-free since it was on the Internet (1983 or so). When I helped remove a rootkit from a brother of a friends linux box
My house/life have been Windows and MS-DOS free since I was on the Internet (1983 or so). I *did* inherit a zenith 8086 laptop (battery is now dead), but as a friend I visited at MS looked through and saw "DR-DOS... is that a DOS clone?" Yeah, 1976 copyright. Its the clone.
"TurboC... WordPerfect... [other stuff]. Is there anything from Microsoft on this?"
I suppose mouse drivers. But I have a trackball for the laptop.
...
LAST FALL, when I helped remove a rootkit from a friend's brother's Linux box [which came with a billion services on, including the dreadfully unsecure rpcbind)...
The intel boxes run a variety of OSs. I've got the legal source for all of them.
I've used IPFilter to help harden my Irix, SunOS, Solaris and BSD boxes... The Apples (Mac IIci and Classic 2 running BSD and a laptop running OS X) are behind a self built firewall/WiFI/IPSec endpoint/boot from readonly CF box for extra security.
The housenet ran Kerberos for a while,because it's often a testbed for my work. You run Kerberos at your homes for authentication, right? Everything in the house uses IPv6 except for a printer. Stupid printer. Oh, and the terminal server. Anyone have IPv6 firmware for a microAnnex? They are on a subnet of the firewall (an IPv4 DMZ).
So no "soft chewy center" to that network.
Now try as I might, I can't get these viruses and worms to run on my machines. Perhaps I can use an emulator. But I'd likely have to buy a virus runtime environment from MS.
Want why that F*cking daemon can't be told to listen to ONLY port 127.0.0.1/::1 or even basics like "talk only to this (set of) subnet(s)".
It's REALLY hard to get BASICS in like IPFilter and tcpwrappers and a non-stupid inetd in a corporate and phearful environment. "But it's not supported!"
With SunOS 4.1.2, I started just compiling my own X11(R4 or R6) and fvwm (yeah, I can dump olvwm) and the tools I needed. Then I didn't HAVE to be on a Sun. And it worked on an Alpha I had for a while, and on a BSDi box. And it was all the same on all the platforms. Motif? OpenLook? CDE (shudder - committee designed environment)? Thanks, but no.
Do you think it would be any different if the world was all running Linux? Or Solaris? Or MacOS.
Yeah. Yeah I do. Because those OSs don't have (1) a dirty syringe attractor and (2) a dialog box that pops up and says "Would you like to jam this into your arm?".
The underlying windows platform is flawed. There are WEEKLY buffer overflows and it's clear that aside from the VAST amount of unsecure old code in it, that new code is rife with holes too.
How many times was outlook fixed to stop running code in preview mode (hint, it's >1).
In bending over backwards to make it easy for users to run things on windows, they leave themselves open. Anyone recall when the "good times virus" that promised a worm from opening an attachment was ridiculous because no program would treat data as executable code!? I miss that now.
Re: nmapping back?
When I scan 200 machines and ALL of them are running windows and ALL of them are sending me mydoom, that's not just bad luck of the draw.
I was blocking 140 mydoom.a messages a minute the day AFTER it started.
Most of the worms and trojans and crap that are going around lately are all user spawned
By "lately" you just mean that 12 or so since new years. I guess when you have so many, it's hard to recall back to last summer and the previous 30 security holes.
When a client groused about the cost of an antivirus program for scanning mail at their college, I pointed out that the WHOLE cost should be borne by the Windows support group. The 10-20% of the school taht wasn't using windows had no (zero, none, nil, nada) need for filtering out viruses that autoexecute in their environment.
At another (very very large wall st) client, I was delighted to see security and a manager show up and FIRE someone for using outlook. 3 warnings about it and AGAIN, he brought a virus in. They'd figured the cost of each incident and banned it. Bravo!
So YES, driving a line of cars through town filled with explosives is bad, even if you tell them not so smoke.
Letting a former addict go hang out with crackheads and spend lots of time with them is BAD.
Letting ignorant Windows users have machiens that can be reached for the net is BAD. That windows machine is just jonesing for a virus fix.
Earthlink filters port25. And I'm grateful for it.
That said, I have a box elsewhere that also listens
with AUTH only on 587 (mail submission port). Living the high life am I.
I also have an IPv6 tunnel to that remote (by 3k miles) box. Protocol 41/port25 is not filtered:)
The all new, shiny, "UhOh"'s (this decade) style CONSUMER internet is not the [D]ARPA-Net that some of us grew up with. Not even the "rough town" internet of the mid 90s to the late 90s.
No this is the network for those people who believe that one network of the Internet is the "intranet." Where even those that thought SMB and IPX were good ideas were considered "technical." (I remember the first time I deal with a Novell network, asking my friend the admin how to turn off the curses interface and get to the real command line. "No, that's it." I setup my Sun IPC to do print and file service and his box with PC-NFS and asked why they thought novell was worth $20k) (the IPC was fairly used at the time, but BSDi 1.0 was just out too, for less on them Pentium/33s).
The consumer net has people who need protection. Perhaps under the banner of "to help them" but just as important is to protect ME from them.
I long ago proposed that AOL, Compusa, Prodigy (the trailer park of the Internet) and those guys have OC48's between them and a 56k modem to the rest of us. Didn't happen and now those people are all around dumping sewage into our streams.
I'm about set to refuse mail that DIDN'T come from an IPv6 address and regress.
So filter port 25. The net is in crisis from the consumer FatPipe providers.
Motivate the vendors (MS, but also the Linux distros, Sun and everyone else to NOT COME OUT OF THE BOX WITH 20+ ports listening!!).
I clean up hacked Linux and Sun regularly. We need "echo" on for WHAT good reason? If Sun can't come up with a simple CLI tool to manage inetd.conf (it's a perl script), then they shouldn't be playing on the net.
Linux needs rpc's by default why?
99%* of linux user use packages built by strangers for what good reason? (at least with source, 1 of thousand of users can LOOK at mutt-1.4i.tar.gz that md5 checksums to:
a67bcdf1a1cd53d61ccd3ebf3993ba59
With a binary, it's a crapshoot.
The internet is a bad neighborhood and some folks need protecting and we need protecting from some folks. Just don't tell gramma that we're walling her IN, just 'splain that the wall is to keep the baddies OUT.)
--
Mr Cranky
(in my 22nd year of using this new fangled "network" thingy. Archie was good enough for me.)
* ok, I made up 99% but anyone have real numbers that frighten less?
More of consequence in my mind are the MILLIONS of machines acting as bots for a DDOS attack. It's less spam (spam is bad, m'kay?) than the ENOURMOUS connection points that are running and spreading viruses that can harm me.
My house has been Windows-free since it was on the Internet (1983 or so). When I helped remove a rootkit from a brother of a friends linux box (again, a nat box woulda done wonders), he looked at my rack with ~9 working machines (the others are elsewhere) and asked which windows *I* ran. I looked at the SGI, Sun, NeXTs, Alpha and couple Intel boxes and said, "none. But I have a linux box to play games on."
My systems are generally fine until 5000 windows boxes running worms wake up and decide to visit and visit and visit until my bandwidth is used up.
Spam annoying as hell.
Viruses dangerous to everyone around.
As I see it, it's that the users are using Windows, not that they are coming in high speed.
While unix boxes went through 25 years (since ARPA contracted UCBerkeley to make this "TCP" thingy) of evolution on networks that were, in retrospect, pretty safe.
The Morris Worm in '88 woke a lot of us up, but we've known for decades about "doors" and "locks" and such.
Windows is/was/and will be a consumer operating systems whose main impetus is features to push sales. Security hasn't appeared to be on their radar screen except as a check box ("did you think about security?" Um, yeah. "Good enough for us. Ship it").
I'm getting hammered by spam and worms and EVERYTIME I nmap back to the sender (okay 0.001% of senders, randomly chosen as I get pissed off), it's a windows box.
I love broadband.
I love VOIP to mom and video and streaming stuff to relatives (all legal)
I hate the bad neighbors running windows. The metaphorical slaughterhouse next door.
So I should turn off the 2 CPU Ultra box that I have running FreeBSD? Cause you're saying that it doesn't work. And my 2x Intel netbsd box? Damn, it's really handy.
At least with the BSDs in general and OpenBSD specifically, I don't have to run out and add a security patch every couple days.
Some of us actually use opensource and "compile" the binaries on our systems rather than relying on vendors and strangers to give us RPMs and the like.
(okay, that's not fair. I'm using NetBSD's pkgsrc on Linux (and solaris (and OS X (and Netbsd)))).
But really, why are you guys so afraid of source?
Or am I mistaken? Is the O.P. referring to what so many of the/. folks use: Windows? In which case I'll just note that a DL380 with 2 CPUs @ 3GHz running Windows is almost as fast as my 1 CPU Athlon/1500 running a Unix.
Then find, as I wrote, you can do it every MINUTE (or even 30 seconds) and use a gazillionth the resources that point to point "streaming" does.
Or hell, have the "give it to me NOW" trip off a fresh stream if the last one is more than N seconds old.
The absolute WORST case scenario (with N=0) would be the same amount of traffic as MS/Real Streaming. The most likely scenario would be far FEWER streams and far MORE bandwidth.
WHat to do with said extra BW? Well, suddently, these streams could come down larger. Rather than cramming 5000 64bps streams, you could send one high quality stream (voice is fine at 22kbps or even 11 (phone quality is less)).
If you run a fresh stream replaying from the start every 5 minutes ("tape delay"), then people can listen to that stream. Over 3 hours of replay, that's only 36 streams.
Currently popular technology would use the same bandwidth for just 36 listeners.
With M'cast, from hop to hop would have at most 1 packet flow of (each) stream. Not 1 packet flow per listener.
Think of it like how Pay Per View works. They show the same movie with a 30 minute offset on different channels.
If your 2hr show/keynote/conference has no listeners, no bandwidth is used.
You can setup a new stream every MINUTE(!) starting anew and people would half up to 60 seconds to wait for the start at most and you'd still be using less bandwidth than most small events.
Most stacks can't take more than 10,000 connections at a time. With M'Cast it's just ONE
connection per stream, not 1/listener.
I listened to the Stones and to Severe Tire Damage(*) back in 94 with MULTICAST. C'mon people! This streaming crap is over, it's so NCP, so microsoft.
It's just ungraceful and inefficient. Oh wait, I already said microsoft.
Yes, you need a format. Some might suggest OGG, or mp3, but AIFF would work just fine.
From the source, the sound leaves ONCE!
If I listen to it, my little request packet heads towards the source. The routers along the way get the notification that I want to listen to M'Cast address xxx on port P. I get to the source as the first person. There is now a "stream" running to my machine.
If my neighbor decides to listen, her packets go upstream and hit the router we share. DONE, that router gets 1 stream in and sends it to both of our machines. (where right now with stupid cast, it gets 2 in and sends one to each machine).
50,000 people on comcast listening? Fine, the comcast cloud gets 1 feed in and sends them through the it's cloud to 50k people. If 20k are in austin and another 30k are in boston, then a stream goes to each city ONCE and the local routers send them to all the people.
Grace; elegance.
Neither Real nor MS would know crap about that, eh?
-
* STD was, in fact, the FIRST BAND EVER to be played on the Internet's MBONE when they were playing at a picnic at PARC(?) at Van Jacobsen was just looking for something to blast out nearby. Google found me this. I'd hate to actually work to find this stuff...
The companies in the US are moving hard towards a generic "wireless", as in "wireless services."
Which makes me immediately think of my (accursed) 2.4GHz cordless house phone or my (interfered with) WiFi.
As a motorcycling fending off idiots every commute:
Perhaps it would better be.distractedDriver .annoyingYuppie?
Though I DO like.5 (or.6 - see below):)
IPv6
They can have a TLD, but it must not be populated with ANYTHING in the IPv4 name space. eg:
You must be THIS ----------------->
tall to play in the.mobile space.
There are many things you can say that don't work in writing - usually style, slang, etc. We abbreviate a lot in speech where it's not appropriate in written language. But then in speech we can *inflect* and use tone to impart meaning as well.
So saying that "we put the mic 14 inches from the amp, 45 degrees of center" can replace what we might say: "we mic'ed the amp 14" away and 45 degrees off center."
Right, "mike" is ok, by the same logic that "aks" (ax?) is an ok alternative for "ask".
We can also broach making "affect" and "effect" the same; we've already wrecked the differences between unsecure (as in a computer) vs. insecure (people are insecure; computers don't like to be anthopomorphized:).
Oh, "coke" is an abbreviation because its made with extracts of the coca plant. As in cocaine, as in coke. See also common terms of the pre-60s for types of coal called "coke" which put the word in people's mouths at the time.
Ketchup/Catsup? without working much, I find:
this which suggests, among other things, that "Ketchup"
might be a brand name. But 30 seconds of google isn't enough research for me to stand too strongly by that. Oh for my OED (the book or the subscription service).
Now, this is too off topic to be continued (yet oddly informative!).
You don't want things with fans in a room with an open mic (not "mike", people).
I've recorded a lot. In pro, semi pro settings and in converted barns. Especially when doing voices, you want a SILENT room. A little acoustic
padding on the walls, but perhaps not. I've taken
dead rooms (too dead) and hung maple plaques up to liven it a little bit.
But machines with fans go OUTSIDE, even if temporarily. I've tossed a laptop out of a room because the DISK was non-silent.
That might mean you rig up a closet as a voice room (you can even leave the clothes in it). It might mean you run the mac in the hall for 5 minutes while you record.
But no fans near mics. And no deep mods to your case. A dual processor 1GHz machine in a tight space needs lots of airflow.
Because regex parsing is notable SLOW. Watch spam assassin and it's time to run a message.
However, I have a $300 box that's 2GHz.
We could afford to move into the future somewhat.
I've had flashbacks to third year CS and writing compilers and languages (in VMS, ick). Basically, you have a special purpose language that your program compiles into something not unique. Perhaps assembly in the end.
I look at sendmail's rule language as a lot like the BASIC I learned on 1970's Wang "PCs". That basic tokenized (PRINT became a single hex byte on storage). And I start to think that a compiler that takes something closer to human and emits sendmail rules would be dandy. For the record, m4 does not count as "closer to human."
editting sendmail.cf
on
Postfix
·
· Score: 5, Informative
I've made a LOT of money taking people's old sendmail configs and turning them into managable m4s. Esp when 4-5 system admins have passed through and just made "a little tweak."
Postfix seems ok, I'd recommend it for folks setting up straightforward machines who didn't know sendmail
But people whine that "sendmail is too complex" and at the same time they WANT complex things to happen.
I had a guy come up to me at an event and shout:
Guy: Sendmail is too hard.
ok
Guy: and is there any way to make it only send large (> 1MB) messages out after 7PM when my ISDN rates are lower?
sure. 5 lines in your m4 file.
Sendmail.cf is a binary. It is intended to be read and parsed quickly by a binary. Sendmail still runs on 4MB Sun 3 machines. You don't edit/bin/ls to effect a change there, you edit "ls.c".
Similarly, you edit the.mc file to effect a change in the.cf.
More, when sendmail changes major revisions (eg. you fianlly move from Sendmail 8.8 to 8.12), you regen your.cf and, barring some minor changes to remove defunct features or take advantage of new ones, you have a new working.cf file. You can't just move a 8.8 cf file to an 8.12 machine and expect it to work well and use new features.
Having worked on HUNDREDS or THOUSANDS of config files (one set went onto 10,000 machines at a site), there's NOTHING you can do in the.cf that can't be done in the.mc.
That said, the rule language is painfully... complex? No, just the opposite. It's painfully simple. My experience with 6502 assm and a BASIC that had neither ELSE nor AND/OR options helped to make me really good at writing sendmail rules.
Dealing with booleans (just to ruleset^Wsubroutine saving buffer, put time in buffer.
Is message less than 1MB? then return
is time after 1900 hrs? Yes? return dsmtp.
Is time < 700 hrs? Yes? return dsmtp.
Otherwise just return.
In calling routine, look for return value and if it's dsmtp, put the saved buffer to the dsmtp mailer. Otherwise continue with the saved buffer.
Hard? No, not really.
Painful? You betcha. I'd love to have variables and ANDs and ELSEs. I've taken to putting complex logic in a perl milter at the RCPT TO phase and calling it a day.
sub choosemailer {
if ((($time > 1900) || ($time < 700)) && $size > 1MB) THEN $mailer=dsmtp
}
But the rulesets are just read by a parser. It's not rocket science (just computer science).
It would be nice to have (perl) regex's and such built in.
And that's where Postfix starts to have an advantage. I can live without UUCP for that. I'd just hope that new sendmail versions might rethink the whole language for processing mail. It's good to have competition. (qmail2 also looks promising to raise the envelope).
But lets just recall that's its not about Sendmail vs postfix vs exim vs qmail.
It's any of these VS Exchange/Notes/Gropewise. And we're losing.
In the UK, it's 999. Which boggles me. When I lived there in the early 90's, there was no touch tone. I have a phone with buttons but it pulse dials. 9 br-br-br-br-br-br-br-br-br 9 br-br-br-br-br-br-br-br-br 9 br-br-br-br-br-br-br-br-br
"Lets take the LONGEST sequence to dial and make it our emergency number." It goes long with "take an animal's organ, and make it into a pastry." very british.
The current problem is with (bad) american TV, kids around the world, notably in the UK, "know" to dial "911". Which doesn't work in the UK.
I'm a capitalist, and as such my instictive reaction is that the market should dictate whether or not providers support 911.
Hello, 911. What is the nature of your emergency?
A fire, I see. What are you willing to pay us to respond? <pause > I see. I'm sorry, that's not enough. We have another situation with richer folks that you and they pay us FAR more than that. I'm sorry. Perhaps you can use a bucket.
Because government should be run like business - Profitably and only for those willing to pay.
eat the poor.
No, you don't. If you call 911 in the East Bay (of San Francisco), you get the CHP in Concord (town in
the north, inland part of the East Bay - 30 miles from me).
I think the initial notion was that mobile phones are used most often in cars (and they were) and for
auto issues where the CHP has direct jurisdiction.
They will route you to the right people, but when you're dealing with an emergency, minutes can be critical.
I learned this joy calling in a fire in a adrenalin-fueled rush ("Marge, what's the number for 911?"). "You're WHERE? Concord? Massachusetts? Why are you not in $MyTown? There's a concord here? Well anyway. !FIRE!"
Fortunately, a fire in the East Bay is also called in by 5000 home owners*.
If VOIP wants to be in the phone game, they need 911. Welcome to the 80s. And trust me, if you or a loved on slashes half his/her arm off, you don't wanna be trying to find a phone book and the firedept's number. ("I know you're bleeding, just tell me where you left the white pages").
MrChuck
* the fire was blown through eucalyptus into a cemetary (really). They found thousands of bodies afterwards;).
Burton! Of course. I'd discussed him in the past and let him out.
Though a woody allen star wars (as a study of a young emporer, perhaps) could be amusing...
Terry Gilliam would be outstanding; peter jackson obvious.
Y'all can snipe at Tarantino, but I'm not seeing productive critisism here (Luc Besson? Transporter? Wasabi? Thanks, no - now Truffaut? Sure. But he's dead. Dead directors are banned from this thread).
So who should direct the 3rd trilogy?
on
Skywalker Ranch Wines
·
· Score: 0, Flamebait
Face it: George can't direct. He got a wooden performance from Alec Guinness, one of the great actors of the 20th century. Let him do the effects. He likes that. However, someone else should handle the actors (and perhaps the script:
I'm thinking Jim Jarmusch does one; David Lynch does another (though his Dune work might disqualify him);
Quentin Tarantino definitely is in the short list. Steve Speilberg is out (the dancing teddy bears were enough saccharin for the series). Rick Berman? Not!
Slashdot Mirror
Sumps work via evaporative efforts rather than refridgerants. here is 4 seconds of google "work"
Oh, and limiting areas of heat ingress - shades and canopies over windows that let the sun in.
Practice!
no, that's Carnegie Hall.
Their policies and name are withheld cause they made me sign a frightenly large pile of papers.
But a "go to the website and CHECK HERE to open up inbound port 25".
At the least, I'd be delighted to see $PROVIDER to a scan and relay check of all their customers' port 25 .
And I can survive, begrudingly, with sending OUTBOUND mail via smarthost to their mail relay. AOL makes me. Hell, ME at *work* makes me now. less than 0.05% (5 in 10k) of mail from client*.comcast|attbi has comcast or attbi in the domain name. Granted, that's not guarantee of spam, but in looking at 20k FROM addresses, I'm not going far on a limb suggesting that it was a BIG win to block.
My house/life have been Windows and MS-DOS free since I was on the Internet (1983 or so). I *did* inherit a zenith 8086 laptop (battery is now dead), but as a friend I visited at MS looked through and saw "DR-DOS... is that a DOS clone?"
Yeah, 1976 copyright. Its the clone.
"TurboC... WordPerfect... [other stuff]. Is there anything from Microsoft on this?"
I suppose mouse drivers. But I have a trackball for the laptop.
The intel boxes run a variety of OSs. I've got the legal source for all of them.
I've used IPFilter to help harden my Irix, SunOS, Solaris and BSD boxes... The Apples (Mac IIci and Classic 2 running BSD and a laptop running OS X) are behind a self built firewall/WiFI/IPSec endpoint/boot from readonly CF box for extra security.
The housenet ran Kerberos for a while,because it's often a testbed for my work. You run Kerberos at your homes for authentication, right? Everything in the house uses IPv6 except for a printer. Stupid printer. Oh, and the terminal server. Anyone have IPv6 firmware for a microAnnex? They are on a subnet of the firewall (an IPv4 DMZ).
So no "soft chewy center" to that network.
Now try as I might, I can't get these viruses and worms to run on my machines. Perhaps I can use an emulator. But I'd likely have to buy a virus runtime environment from MS.
It's REALLY hard to get BASICS in like IPFilter and tcpwrappers and a non-stupid inetd in a corporate and phearful environment. "But it's not supported!"
With SunOS 4.1.2, I started just compiling my own X11(R4 or R6) and fvwm (yeah, I can dump olvwm) and the tools I needed. Then I didn't HAVE to be on a Sun. And it worked on an Alpha I had for a while, and on a BSDi box. And it was all the same on all the platforms. Motif? OpenLook? CDE (shudder - committee designed environment)? Thanks, but no.
Open Source* Rules!
* and san dimas high school football ;)
Yeah. Yeah I do. Because those OSs don't have (1) a dirty syringe attractor and (2) a dialog box that pops up and says "Would you like to jam this into your arm?".
The underlying windows platform is flawed. There are WEEKLY buffer overflows and it's clear that aside from the VAST amount of unsecure old code in it, that new code is rife with holes too.
How many times was outlook fixed to stop running code in preview mode (hint, it's >1).
In bending over backwards to make it easy for users to run things on windows, they leave themselves open. Anyone recall when the "good times virus" that promised a worm from opening an attachment was ridiculous because no program would treat data as executable code!? I miss that now.
Re: nmapping back?
When I scan 200 machines and ALL of them are running windows and ALL of them are sending me mydoom, that's not just bad luck of the draw.
I was blocking 140 mydoom.a messages a minute the day AFTER it started.
Most of the worms and trojans and crap that are going around lately are all user spawned
By "lately" you just mean that 12 or so since new years. I guess when you have so many, it's hard to recall back to last summer and the previous 30 security holes.
When a client groused about the cost of an antivirus program for scanning mail at their college, I pointed out that the WHOLE cost should be borne by the Windows support group. The 10-20% of the school taht wasn't using windows had no (zero, none, nil, nada) need for filtering out viruses that autoexecute in their environment.
At another (very very large wall st) client, I was delighted to see security and a manager show up and FIRE someone for using outlook. 3 warnings about it and AGAIN, he brought a virus in. They'd figured the cost of each incident and banned it. Bravo!
So YES, driving a line of cars through town filled with explosives is bad, even if you tell them not so smoke.
Letting a former addict go hang out with crackheads and spend lots of time with them is BAD.
Letting ignorant Windows users have machiens that can be reached for the net is BAD. That windows machine is just jonesing for a virus fix.
I also have an IPv6 tunnel to that remote (by 3k miles) box. Protocol 41/port25 is not filtered :)
The all new, shiny, "UhOh"'s (this decade) style CONSUMER internet is not the [D]ARPA-Net that some of us grew up with. Not even the "rough town" internet of the mid 90s to the late 90s.
No this is the network for those people who believe that one network of the Internet is the "intranet." Where even those that thought SMB and IPX were good ideas were considered "technical." (I remember the first time I deal with a Novell network, asking my friend the admin how to turn off the curses interface and get to the real command line. "No, that's it." I setup my Sun IPC to do print and file service and his box with PC-NFS and asked why they thought novell was worth $20k) (the IPC was fairly used at the time, but BSDi 1.0 was just out too, for less on them Pentium/33s).
The consumer net has people who need protection. Perhaps under the banner of "to help them" but just as important is to protect ME from them.
I long ago proposed that AOL, Compusa, Prodigy (the trailer park of the Internet) and those guys have OC48's between them and a 56k modem to the rest of us. Didn't happen and now those people are all around dumping sewage into our streams.
I'm about set to refuse mail that DIDN'T come from an IPv6 address and regress.
So filter port 25. The net is in crisis from the consumer FatPipe providers.
Motivate the vendors (MS, but also the Linux distros, Sun and everyone else to NOT COME OUT OF THE BOX WITH 20+ ports listening!!).
I clean up hacked Linux and Sun regularly. We need "echo" on for WHAT good reason? If Sun can't come up with a simple CLI tool to manage inetd.conf (it's a perl script), then they shouldn't be playing on the net.
Linux needs rpc's by default why?
99%* of linux user use packages built by strangers for what good reason? (at least with source, 1 of thousand of users can LOOK at mutt-1.4i.tar.gz that md5 checksums to:
a67bcdf1a1cd53d61ccd3ebf3993ba59
With a binary, it's a crapshoot.
The internet is a bad neighborhood and some folks need protecting and we need protecting from some folks. Just don't tell gramma that we're walling her IN, just 'splain that the wall is to keep the baddies OUT.)
--
Mr Cranky
(in my 22nd year of using this new fangled "network" thingy. Archie was good enough for me.)
* ok, I made up 99% but anyone have real numbers that frighten less?
More of consequence in my mind are the MILLIONS of machines acting as bots for a DDOS attack. It's less spam (spam is bad, m'kay?) than the ENOURMOUS connection points that are running and spreading viruses that can harm me.
My house has been Windows-free since it was on the Internet (1983 or so). When I helped remove a rootkit from a brother of a friends linux box (again, a nat box woulda done wonders), he looked at my rack with ~9 working machines (the others are elsewhere) and asked which windows *I* ran. I looked at the SGI, Sun, NeXTs, Alpha and couple Intel boxes and said, "none. But I have a linux box to play games on."
My systems are generally fine until 5000 windows boxes running worms wake up and decide to visit and visit and visit until my bandwidth is used up.
Spam annoying as hell.
Viruses dangerous to everyone around.
While unix boxes went through 25 years (since ARPA contracted UCBerkeley to make this "TCP" thingy) of evolution on networks that were, in retrospect, pretty safe.
The Morris Worm in '88 woke a lot of us up, but we've known for decades about "doors" and "locks" and such.
Windows is/was/and will be a consumer operating systems whose main impetus is features to push sales. Security hasn't appeared to be on their radar screen except as a check box ("did you think about security?" Um, yeah. "Good enough for us. Ship it").
I'm getting hammered by spam and worms and EVERYTIME I nmap back to the sender (okay 0.001% of senders, randomly chosen as I get pissed off), it's a windows box.
I love broadband.
I love VOIP to mom and video and streaming stuff to relatives (all legal)
I hate the bad neighbors running windows. The metaphorical slaughterhouse next door.
At least with the BSDs in general and OpenBSD specifically, I don't have to run out and add a security patch every couple days.
Some of us actually use opensource and "compile" the binaries on our systems rather than relying on vendors and strangers to give us RPMs and the like.
(okay, that's not fair. I'm using NetBSD's pkgsrc on Linux (and solaris (and OS X (and Netbsd)))).
But really, why are you guys so afraid of source?
Or am I mistaken? Is the O.P. referring to what so many of the /. folks use: Windows? In which case I'll just note that a DL380 with 2 CPUs @ 3GHz running Windows is almost as fast as my 1 CPU Athlon/1500 running a Unix.
Or hell, have the "give it to me NOW" trip off a fresh stream if the last one is more than N seconds old.
The absolute WORST case scenario (with N=0) would be the same amount of traffic as MS/Real Streaming. The most likely scenario would be far FEWER streams and far MORE bandwidth.
WHat to do with said extra BW? Well, suddently, these streams could come down larger. Rather than cramming 5000 64bps streams, you could send one high quality stream (voice is fine at 22kbps or even 11 (phone quality is less)).
Currently popular technology would use the same bandwidth for just 36 listeners.
With M'cast, from hop to hop would have at most 1 packet flow of (each) stream. Not 1 packet flow per listener.
Think of it like how Pay Per View works. They show the same movie with a 30 minute offset on different channels.
If your 2hr show/keynote/conference has no listeners, no bandwidth is used.
You can setup a new stream every MINUTE(!) starting anew and people would half up to 60 seconds to wait for the start at most and you'd still be using less bandwidth than most small events.
Most stacks can't take more than 10,000 connections at a time. With M'Cast it's just ONE connection per stream, not 1/listener.
And it was good.
It's just ungraceful and inefficient. Oh wait, I already said microsoft.
Yes, you need a format. Some might suggest OGG, or mp3, but AIFF would work just fine.
From the source, the sound leaves ONCE!
If I listen to it, my little request packet heads towards the source. The routers along the way get the notification that I want to listen to M'Cast address xxx on port P. I get to the source as the first person. There is now a "stream" running to my machine.
If my neighbor decides to listen, her packets go upstream and hit the router we share. DONE, that router gets 1 stream in and sends it to both of our machines. (where right now with stupid cast, it gets 2 in and sends one to each machine). 50,000 people on comcast listening? Fine, the comcast cloud gets 1 feed in and sends them through the it's cloud to 50k people. If 20k are in austin and another 30k are in boston, then a stream goes to each city ONCE and the local routers send them to all the people.
Grace; elegance.
Neither Real nor MS would know crap about that, eh?
-
* STD was, in fact, the FIRST BAND EVER to be played on the Internet's MBONE when they were playing at a picnic at PARC(?) at Van Jacobsen was just looking for something to blast out nearby. Google found me this. I'd hate to actually work to find this stuff...
Which makes me immediately think of my (accursed) 2.4GHz cordless house phone or my (interfered with) WiFi.
As a motorcycling fending off idiots every commute: .distractedDriver
.annoyingYuppie?
Perhaps it would better be
Though I DO like .5 (or .6 - see below) :)
IPv6
They can have a TLD, but it must not be populated with ANYTHING in the IPv4 name space. eg: .mobile space.
You must be THIS ----------------->
tall to play in the
There are many things you can say that don't work in writing - usually style, slang, etc. We abbreviate a lot in speech where it's not appropriate in written language. But then in speech we can *inflect* and use tone to impart meaning as well.
So saying that "we put the mic 14 inches from the amp, 45 degrees of center" can replace what we might say: "we mic'ed the amp 14" away and 45 degrees off center."
We can also broach making "affect" and "effect" the same; we've already wrecked the differences between unsecure (as in a computer) vs. insecure (people are insecure; computers don't like to be anthopomorphized :).
Oh, "coke" is an abbreviation because its made with extracts of the coca plant. As in cocaine, as in coke. See also common terms of the pre-60s for types of coal called "coke" which put the word in people's mouths at the time.
Ketchup/Catsup? without working much, I find: this which suggests, among other things, that "Ketchup" might be a brand name. But 30 seconds of google isn't enough research for me to stand too strongly by that. Oh for my OED (the book or the subscription service).
Now, this is too off topic to be continued (yet oddly informative!).
I've recorded a lot. In pro, semi pro settings and in converted barns. Especially when doing voices, you want a SILENT room. A little acoustic padding on the walls, but perhaps not. I've taken dead rooms (too dead) and hung maple plaques up to liven it a little bit.
But machines with fans go OUTSIDE, even if temporarily. I've tossed a laptop out of a room because the DISK was non-silent.
That might mean you rig up a closet as a voice room (you can even leave the clothes in it). It might mean you run the mac in the hall for 5 minutes while you record.
But no fans near mics. And no deep mods to your case. A dual processor 1GHz machine in a tight space needs lots of airflow.
However, I have a $300 box that's 2GHz.
We could afford to move into the future somewhat.
I've had flashbacks to third year CS and writing compilers and languages (in VMS, ick). Basically, you have a special purpose language that your program compiles into something not unique. Perhaps assembly in the end.
I look at sendmail's rule language as a lot like the BASIC I learned on 1970's Wang "PCs". That basic tokenized (PRINT became a single hex byte on storage). And I start to think that a compiler that takes something closer to human and emits sendmail rules would be dandy. For the record, m4 does not count as "closer to human."
Postfix seems ok, I'd recommend it for folks setting up straightforward machines who didn't know sendmail
But people whine that "sendmail is too complex" and at the same time they WANT complex things to happen.
I had a guy come up to me at an event and shout:
Guy: Sendmail is too hard.
ok
Guy: and is there any way to make it only send large (> 1MB) messages out after 7PM when my ISDN rates are lower?
sure. 5 lines in your m4 file.
Sendmail.cf is a binary. It is intended to be read and parsed quickly by a binary. Sendmail still runs on 4MB Sun 3 machines. You don't edit /bin/ls to effect a change there, you edit "ls.c". .mc file to effect a change in the .cf.
Similarly, you edit the
More, when sendmail changes major revisions (eg. you fianlly move from Sendmail 8.8 to 8.12), you regen your .cf and, barring some minor changes to remove defunct features or take advantage of new ones, you have a new working .cf file. You can't just move a 8.8 cf file to an 8.12 machine and expect it to work well and use new features.
Having worked on HUNDREDS or THOUSANDS of config files (one set went onto 10,000 machines at a site), there's NOTHING you can do in the .cf that can't be done in the .mc.
That said, the rule language is painfully ... complex? No, just the opposite. It's painfully simple. My experience with 6502 assm and a BASIC that had neither ELSE nor AND/OR options helped to make me really good at writing sendmail rules.
Dealing with booleans (just to ruleset^Wsubroutine saving buffer, put time in buffer.
Is message less than 1MB? then return
is time after 1900 hrs? Yes? return dsmtp.
Is time < 700 hrs? Yes? return dsmtp.
Otherwise just return.
In calling routine, look for return value and if it's dsmtp, put the saved buffer to the dsmtp mailer. Otherwise continue with the saved buffer.
Hard? No, not really.
Painful? You betcha. I'd love to have variables and ANDs and ELSEs. I've taken to putting complex logic in a perl milter at the RCPT TO phase and calling it a day.
sub choosemailer {
if ((($time > 1900) || ($time < 700)) && $size > 1MB) THEN $mailer=dsmtp
}
But the rulesets are just read by a parser. It's not rocket science (just computer science).
It would be nice to have (perl) regex's and such built in.
And that's where Postfix starts to have an advantage. I can live without UUCP for that. I'd just hope that new sendmail versions might rethink the whole language for processing mail. It's good to have competition. (qmail2 also looks promising to raise the envelope).
But lets just recall that's its not about Sendmail vs postfix vs exim vs qmail.
It's any of these VS Exchange/Notes/Gropewise. And we're losing.
"Lets take the LONGEST sequence to dial and make it our emergency number." It goes long with "take an animal's organ, and make it into a pastry." very british.
The current problem is with (bad) american TV, kids around the world, notably in the UK, "know" to dial "911". Which doesn't work in the UK.
Hello, 911. What is the nature of your emergency?
A fire, I see. What are you willing to pay us to respond? <pause > I see. I'm sorry, that's not enough. We have another situation with richer folks that you and they pay us FAR more than that. I'm sorry. Perhaps you can use a bucket.
Because government should be run like business - Profitably and only for those willing to pay.
eat the poor.
I think the initial notion was that mobile phones are used most often in cars (and they were) and for auto issues where the CHP has direct jurisdiction.
They will route you to the right people, but when you're dealing with an emergency, minutes can be critical.
I learned this joy calling in a fire in a adrenalin-fueled rush ("Marge, what's the number for 911?"). "You're WHERE? Concord? Massachusetts? Why are you not in $MyTown? There's a concord here? Well anyway. !FIRE!"
Fortunately, a fire in the East Bay is also called in by 5000 home owners*.
If VOIP wants to be in the phone game, they need 911. Welcome to the 80s. And trust me, if you or a loved on slashes half his/her arm off, you don't wanna be trying to find a phone book and the firedept's number. ("I know you're bleeding, just tell me where you left the white pages").
MrChuck
* the fire was blown through eucalyptus into a cemetary (really). They found thousands of bodies afterwards ;).
If you've been under a rock, they print out pictures (snapshot size to HUGE poster size) and do photo albums for Free.
About as involved in digital photography as you can get.
Though a woody allen star wars (as a study of a young emporer, perhaps) could be amusing...
Terry Gilliam would be outstanding; peter jackson obvious.
Y'all can snipe at Tarantino, but I'm not seeing productive critisism here (Luc Besson? Transporter? Wasabi? Thanks, no - now Truffaut? Sure. But he's dead. Dead directors are banned from this thread).
I'm thinking Jim Jarmusch does one;
David Lynch does another (though his Dune work might disqualify him);
Quentin Tarantino definitely is in the short list.
Steve Speilberg is out (the dancing teddy bears were enough saccharin for the series). Rick Berman? Not!
Who else is on the list?