Will outbound port 25 blocking apply to all Verizon broadband customers?
Outbound port 25 blocking will be applied to FIOS and High Speed Internet services that use dynamic IP addresses. If you subscribe to a static IP address service, you will not be affected.
Sounds like you have only to change to static IP service to get around this. If you have static IPs, then call Verizon. Obviously there's something wrong. If you don't have static IPs, well, you're doing it wrong to begin with. Many well run mail systems won't accept a IP known to be dynamic.
As I've said numerous times before, if you don't like what the MPAA and RIAA do, buy nothing that has the slightest taint from them. Do not vote for politicians that support them.
I have not been to a MPAA associated movie in 16 years (even getting a rating from the MPAA is enough for me to boycott it). I do not buy RIAA artist's work. I write letters telling the producers and artists why I won't buy their works. I haven't bought any IP from Sony in more than twenty years for personal use. I try not to buy computers chips copyrighted by Sony at my work.
I stopped buying television in March 2009. If I can't get it for free over the air or on the Internet, I don't watch it. (I do not approve of IP Infringement and do not view things I know to be infringing.)
If you want to see someone doing IP right, go to www.baen.com/library and read Eric Flint's thoughts.
"There was a school of thought, which seemed to be picking up steam, that the way to handle the problem was with handcuffs and brass knucks. Enforcement! Regulation! New regulations! Tighter regulations! All out for the campaign against piracy! No quarter! Build more prisons! Harsher sentences!
Alles in ordnung!
I, ah, disagreed. Rather vociferously and belligerently, in fact."
Each time I voice my concerns about Apple products, I get mod'ed down to "troll". I'm not knocking Apple products to be a dweeb, I knock them because I see very serious flaws in how the Business of Apple is run. I don't have many qualms about the tech (it isn't to my taste, but that isn't a technical flaw), but if I pay bucks for a electronic device, I fail to see how having Steve Jobs be the gatekeeper of what I can run on that platform as a positive. I fail to see how having no choice in carrier (absent "jail breaking" the phone - what an odd turn of phrase to use on a device *I own*) is a positive. I fail to see how having Big Brother Apple dictate my choices and setting my limits is a positive. I wouldn't let a company dictate what I can load on my Linux or Windows boxes.
If you disagree, that's fine. I'd much rather have someone comment than just get rated "Troll".
There are plenty of doges you can use, perl, python, bash, and lots more. But all of them add a level of complexity to this that the batch file doesn't have. Which leads me to my second saying:
"If it's simple and it works, it's elegant."
Sounds like you've found an elegant solution to a problem. I'd stick with it if it works for you.
In the past few months, my employer has issued this directive:
"Employees that use social media that also discloses their employment with the company are directed and required to report that to HR, or to remove references to their employment with (redacted). If you disclose your employment, all postings must meet professional guidelines as defined in the employee handbook. Directives to edit or remove postings as directed by HR or Communications are non discretionary as long as the site identifies your employment. Employees that maintain a "comment" area of any kind are instructed to ensure all viewable "comments" are within the guidelines of the employee handbook. That the comments themselves are made by others is irrelevant - If these comments are visible to the general public, they must remain within published employee handbook guidelines if your site identifies your employment.
Violations of this policy are subject to review of employment (eg: getting fired)."
On balance, I see this as reasonable. If you say you work somewhere, then the employer may review the posts, regardless of who made them. If you don't say where you work, then what anyone says is none of their business.
If you want to say you work for XYZ Corp. Fine and dandy - as long as it conforms to their policy. If you don't want to conform to their policy, you are free to do so - as long as you don't say you work for XYZ.
1. Toyota's tend toward the "expensive" end, therefore only more wealthy drivers would buy 2. Older buyers tend to see the added value of more reliable brands, younger buyers tend to be more price sensitive. 3. Cheaper autos tend to use older tech 4. Older tech doesn't use "drive by wire" and extensive computer control 5. If the flaw is in computer control (sensors or servos), then automatically we'd see fewer problems in the younger set because they do not have this technology.
That said, I'm not convinced the issue is computer control as yet. I think it's a viable possibility, but to date the evidence isn't there - and that is also consistent. It's difficult to expect a log of a electronic system gone haywire to be conclusive. Logs are taken with expectations in mind. If an action is outside of expected input, then the log is also in question. And in this case, the logs are not all that detailed to start with.
If I knew more details, I'd have greater insight. In this case, the wisest course in my opinion is to implement more logging, both in data points and retention.
The reason being that when I look at our firewall logs or when we happen to get a system compromised, the US is way underrepresented. .
If you are looking at direct malicious activity, then you are quite correct. However, once you start looking at C&C servers and where they are (which you have to do somewhat indirectly), then you will find that many of them are indeed hosted on major ISPs in the US. So why would someone run C&C from US servers, but have the direct malicious action from outside the US?
I suspect one major factor is the difficulty in obtaining logs from the malicious system (either direct logs from the server or packet logs from the network). Another factor is jurisdiction issues - it is almost impossible to get the Chinese to do anything in their legal system about systems being used in malicious ways. Ditto for many other jurisdictions. So, even if you know where the C&C servers are, it's hard (but not impossible) to put together a case against the bad actors.
There are some interesting things going on with all this stuff, though I'm not party to any of it. I hope that in the next two years or so, it will be much harder for the hackers/spammers to continue to operate.
Good job, Skid-Row! You have hastened the end of PC gaming as you know it. Congrats. .
I think the companies that release stupid DRM'ed games have more to do with it. If I like a game,
I'll pay for it. Bucks aren't THAT hard to come by. Heck, I'll skip lunch a few days a week if things
are that tight. I could stand to lose some weight anyway.
First, why should a game cost $28M USD? More money doesn't a better game make.
If my single player game (legitimately purchased - I'm not advocating ripping off
someone that doesn't choose to place their product under GPL - their choice) borked because the crappy ISP dropped cell delineation, I'd consider that broken. By intent. Why would I buy something I know is broken from the get-go? Ubisoft has nothing to worry about on my account - I won't by their software, ever. I won't play
their games - ever. People that make such breathless mistakes as this DRM'ed abortion likely
made other mistakes as well. We just can't see them. It's closed source. If you need a crack to make
a game work correctly, I'd say you're better off without the game - or the crack.
I have to say, despite not being very pleased in other ways with Wells Fargo, that they are on top of the game with fraud as far as I can see. I've had five separate issues with my WF credit card in the last year, all of which were handled swiftly (once before I even reported it).
What I really want is a card that I can use for on-line purchases where I either transfer the money for the transaction in advance, or authorize it up to two hours later or it's canceled. I've looked (not very seriously) for two years, but I must be missing it. This seems an obvious evolution to CC use that benefits everyone. AmEx used to have a program like this, but I don't see it now. (NB: Gift cards - read the terms of service. These are NOT an option with those sorts of fees!)
Another thing that needs to stop is revolving charges without cardholder approval. I once used a card to buy a 1 year subscription to a magazine for a friend, then after the year, spent the next 12 months, every month, contesting the charge. I finally closed that card to stop it at it was taking 3 hours a month to file all the paperwork.
Last, there needs to be more enforcement done vis-a-vi credit card fraud. I administer a mail server farm - I see literally THOUSANDS of frauds sent every day. A swift, sure way to stop the merchant account is needed.
do you believe you can convince enough politicians of that to make it matter? .
It is unimportant what politicians believe if RIAA and MPAA are deprived of any income. Accept nothing from RIAA/MPAA, give nothing to RIAA/MPAA. RIAA/MPAA will go away as they so richly deserve. At work, I'll veto the purchase of a system that has too much Sony IP in it if I can obtain alternatives for less than a 10% difference. Mostly, the alternatives cost less with interoperability that is better than the Sony selection.
For the last few years, I have not purchased any IP (Imaginary Property) except post first sale. RIAA/MPAA get no income from secondary sales - but mostly, I simply do without because the vast majority of their output is pure drivel. I have more time to code, more time to pet the cats, raise my crops (spices for cooking), cook, wine and dine my ladies, read, and sleep in.
I haven't had cable/dish/over the air programming for the past year. I do miss Mike Rowe and the Mythbusters team, but you know, I can live with that to suck at least $150 a month out of the RIAA/MPAA/Stupid Networks/cable/dish networks. I miss 'em, but not $150 bucks a month worth.
So, why does snow accumulate on the lights in the first place? Because there are nooks and crannies where it can land. Eliminate those, you get rid of a lot of the problem. Next, snow and ice accumulate because the water is just above freezing, and the traffic light is below freezing. It hits, freezes, and sticks. Reengining the shape of the light won't fix that, but common sense of the part of drivers will. If approaching a traffic light and it's indication isn't clear, treat it as a stop sign.
But no, too many drivers would rather cripple or kill others because they are in a hurry...
Among the many choices you have, you can install a remote monitoring/administration card. But that's really using technology to solve the wrong problem. The problem is your ISP. Fire your ISP. You already have two very good reasons for doing so. First, they should simply ask for the logs, not demand entry into the system. Second, for taking down your server, breaking into it (what if you had data on there you didn't want unauthorized people to see?) without your express, positive, verified consent.
Using technology to solve a problem is a fine thing. However, the problem you are reporting isn't technical.
I was a DirecTV subscriber six years ago, and got fed up with them. Dish is much easier to deal with. Full disclosure: I disconed them too in March, not for poor service or high fees, - I got good service and the fees were OK - but in protest to the Copyright Cartel.
Some find it shocking that I don't watch TV anymore (not even on hulu.com). Until the Copyright Cartel quits their antics, NO COOKIE FOR YOU!
I run a server farm somewhere between a/14 and a/17.
All authorized mail servers have SPF records. Ranges that clearly have no legitimate business sending email are clearly identified with XXX-XXX-XXX-XXX.dynamic.TLD and listed with SpamHaus's PBL.
No servers have DKIM/DK. The software to do so is opaque, testing is difficult to impossible, and the benefits over SPF are unclear at best, dubious at worst.
On about 1/3 of the servers, all Yahoo email is blocked out of hand due to the disgust and irritation of the server owner over Yahoo!'s blocking/delaying/spam problems. One server owner told me, "My mail TO them is blocked or delayed. But unless I use DKIM/DK, they won't tell me what the problem *is*. Since my own spam load is roughly 40% FROM yahoo!, screw 'em."
Yahoo!'s insistence on DKIM/DK is highly suspect in the cases, like mine, where a responsive, active abuse desk that will address a spam issue if it's from our clearly identifiable ARIN allocation is available.
For those customers that choose not to accept Yahoo email, we return an error message generally worded like so:
"We're sorry, but due to Yahoo! polices we strongly disagree with, we will not accept your email. Please use another email service that doesn't have it's head up it's ass."
It isn't phrased quite so bluntly, but the flavor is still there.
When I get complaints that Yahoo! won't take a customer's email, I tell them, "Yahoo! is a free service. Their customers are getting all they pay for. I'd like to help you, but frankly, I can't get them on the phone or to give a reasonable response via e-mail. Your best bet is to require a contact method that refuses or bypasses Yahoo!. They aren't in the business of giving their customers reliable email service."
Do I have problems? I'm sure I do. But since Yahoo! won't discuss them without jumping through their useless DKIM/DK hoops, I'll just ignore it and move on.
One thing I'm struck by (over, and over, and over again) is just how frequently "solutions" to keep critical system from "ever failing" don't. I've personally witnessed a tens of multi-million dollar solution come crashing down due to a single failed server. And I'm not talking something that was whomped up in the back office by the team, I'm talking Major Vendors (you'd know the names if I could say them, but I can't; please don't ask), and by vendors that are not even given to being thought of as a simple lightweights (as some other, also nameless vendors are thought of). And in the case I'm thinking of, it wasn't a single point of failure. There were over two dozen other servers able to accept the virtual instance - but none did. So the whole house of cards came down. It was the final acceptance demo. Boy, was there a LOT of egg on faces.
About the only "highly available" services that I've really seen work are geo-seperated Xiotech sans, geo-separated Stratus systems - the old, old ones, running Motorola 680x0 chips, (8098 for example), IBM RS-6000's (with Oracle replicated databases), and (shudder) Sperry V-77's, hand built for wagering. (My GHU! People really still use Z80s!) My own private testing of 10 linux systems running in a cluster were more favorable than any major OEM's Windows/Intel solution, but as the creator of the demo, I can't claim to be completely unbiased. However, even with 5 of the 10 servers having had the power plug pulled (or SCSI card cable yanked, or in one memorable case, the mobo hit with a Taser - I hated that hardware and wanted to get rid of it), it did keep running just fine. Most times, the user did not have to authenticate again and the transaction was preserved, but a few tests, this didn't always work. The user had to log in again, and the transaction was rolled back and not completed.
I've never seen a "solution" put together with WinTel platforms that were absolutely reliable. They may be out there, but I've never witnessed one tested by the "Back Room Guys" that passed with flying colors. Perhaps this is because I'm stupid, ignorant, and can't construct a valid test. I'm open to being corrected... but so far, all I've ever heard are whines and nitpicks.
In a few cases, I wanted to tell the vendor "go put on your man pants and try again."
I'm not feeding the copyright cartel until they quit treating me like a criminal and going to insane lengths to monetize every last drop of creative talent. (And that's giving them credit and assuming that they have any.)
Aside from calling the IP allocations formerly used by criminals "slums", this is actually a very important question. All of McColo's space is still in my edge routers as "drop". I only checked because of the connection with this story. Does it make sense to drop those blocks now? I'm not entirely sure, and since no one is complaining (as yet), why WOULD I remove them?
Should we look to some authority to publish a list, something like the SpamHaus DROP list? Should we start looking to ICANN to more strongly enforce removing bad actors? What rules, which guide lines? Is sending spam ok, but not being known to host fraud sites? Why? Who decides?
I think it highly ironic that SAVVIS commented upon IP allocations that are "poison" for email. Perhaps it's a case of "the burned hand teaches best." Those that deal with more than a modicum of email will know the back story to that vis-a-vi SAVVIS networks.
I may not be smart enough to have the answers, but I think I'm smart enough to know when someone asks a pretty drun good question. I think this is one.
Part of the answer may be for a system of distributed log inspection. Obviously, some of the information will need to be sanitized before being sent to third parties. Just as obviously, some way to keep the system from being abused by governments needs to be considered. How to do that without giving repressive governments a very powerful tool is something I've been thinking about for over five years. To date, I don't know that it can be done. I do think that if it cannot be closely kept to identifying command and control or infected hosts, it should NOT be done.
I want to shut down and stop criminals - not stifle those that protest against their governments.
The point is that I don't want TiVO to continue to derive profit from my mistake in ever buying it in the first place. I should have simply said "no" and purchased a more open platform, but I had a weak moment and fell for the siren song of "you don't have to mess with it to get it to work." I tried Mythdora in 2007 and didn't have the hardware to make it work right at the time.
In other comments, "Don't rip off TiVO" is a mantra uttered by others - it isn't one I share. While I will not use my uber hacker powers to rip them off, it's quite obvious that others have drank deeply of the kool-ade and see any use of a TiVO device not compensating TiVO as theft of service. I happen to see it as the proper application of the "First Sale" principal vis-a-vi the hardware, anyway. (The "service" is unquestionably out of bounds for my ethics.) Others do not. It is an area where while I do not agree with them, I can see their point and admit that to their mind, this is a legitimate issue.
Just not one I happen to share.
I'll think about it a bit more, but absent removing the HD and reusing it, looks like the land fill just got another load of dirty diapers.
I'm not sure how far Murdoc would get with a suit if Google cut them off. After all, he has said publicly that google is stealing NewsCorp content. I wish that the FCC would disallow his ownership of US radio and TV stations, rather than adjusting their "allowed market" percentages to be increased so they wouldn't get in trouble. (Done while Michael Powell was chairman.)
I've seldom seen a "news" outlet so consistently get the facts wrong and not correct themselves. In fact, I don't recall ever seeing a single retraction for anything they got wrong vis-a-vi political reporting.
The problem with this approach is that you don't know who is lying to you, the applicant, or the headhunter. In the case of the article here, clearly the applicant is trying to be honest, and clearly the head hunter is twisting the CV. That isn't the fault of the applicant per se, though the applicant is also responsible (and doesn't know about the lies unless some one, like the interviewer, tells him) in the overall sense.
I've horror stories in abundance to tell about applicants that claim experience they don't have (like the one that blew up and yelled "I don't have time to memorize every three letter acronym!" to the question "What does SGA stand for?" when applying as a certified Oracle Administrator, or the guy that was supposed to work on alternators/generators that couldn't tell me which part was the field coil and which the brushes/commutator, or the one that was shaking and stuttering so badly they couldn't answer any questions - then fainted leaving the interview).
You can legitimately argue that it isn't your duty to figure out which is lying, but for myself, I'd sure try to find out. If an applicant is lying, well, that's just to be expected. If the head hunter is lying, I'd be absolutely sure my company would never, ever deal with them again in the future.
My employer no longer allows applications from staffing companies. We found we were lied to much too frequently by them. We do make use of Monster, HotJobs, and our own portal, but not headhunters.
My own experience with headhunters is this: I never got a job by using one. Every job I landed, I landed by pounding the pavement, making calls, filling out forms, and being willing (frequently on my own money) to fly in for an interview. And I'd like to say "Honesty". If I don't know, I'm not going to hesitate to tell you that, followed up by my method of finding the answer and my opinion/suspicion/imagination of what that answer might be.
And I'm here to tell you, it's downright scary what idiots and idiot programming is foisted on to K-12. While we've never reviewed the SchoolMax software, most of the software I see is "enterprise unaware": EG: no common credential store, little or no real testing, glaring flaws, and most have no concept of interoperability.
My favorite vendor excuse is "It's your network", followed by "No, you can't virtulize this, it has to run on it's own hardware and it can't have other services running." I laugh because our network outperforms most major ISVs (I used to work at one as a second job), and as far as virtulizaion, I've asked venors "why not?" and the answer is never technical, it's always "because we don't support it". 9 times out of ten, the support driods working on something never twig to the fact that their application is running just fine on a virt serv and has been for YEARS. But clue them in, and INSTANTLY the problem is the virtulization, not a bug.
The other thing that makes me laugh is that when you ask how much a license is, it's never "how many CPUs?" or "How many boxes", it's always per student, even if it would only be used by a single classroom, they want to license it for the entire student population.
In over 15 years of working K-12, I can count on one finger the number of vendors that I didn't think were complete idiots, fools, and/or scammers.
Note for people about to post -- check your contract. Both of mine explicitly stated you must not say anything nasty about the publisher. You want to go AC on this thread.
Double Ditto here folks. If you're published, DO NOT post unless it's as an AC. Same for me, but more publishers than two.
Slashdot Mirror
See this for Verizon: http://www22.verizon.com/residentialhelp/highspeed/general+support/top+questions/questionsone/124274.htm
Will outbound port 25 blocking apply to all Verizon broadband customers?
Outbound port 25 blocking will be applied to FIOS and High Speed Internet services that use dynamic IP addresses. If you subscribe to a static IP address service, you will not be affected.
Sounds like you have only to change to static IP service to get around this. If you have static IPs, then call Verizon. Obviously there's something wrong. If you don't have static IPs, well, you're doing it wrong to begin with. Many well run mail systems won't accept a IP known to be dynamic.
As I've said numerous times before, if you don't like what the MPAA and RIAA do, buy nothing that has the slightest taint from them. Do not vote for politicians that support them.
I have not been to a MPAA associated movie in 16 years (even getting a rating from the MPAA is enough for me to boycott it). I do not buy RIAA artist's work. I write letters telling the producers and artists why I won't buy their works. I haven't bought any IP from Sony in more than twenty years for personal use. I try not to buy computers chips copyrighted by Sony at my work.
I stopped buying television in March 2009. If I can't get it for free over the air or on the Internet, I don't watch it. (I do not approve of IP Infringement and do not view things I know to be infringing.)
If you want to see someone doing IP right, go to www.baen.com/library and read Eric Flint's thoughts.
"There was a school of thought, which seemed to be picking up steam, that the way to handle the problem was with handcuffs and brass knucks. Enforcement! Regulation! New regulations! Tighter regulations! All out for the campaign against piracy! No quarter! Build more prisons! Harsher sentences!
Alles in ordnung!
I, ah, disagreed. Rather vociferously and belligerently, in fact."
Each time I voice my concerns about Apple products, I get mod'ed down to "troll". I'm not knocking Apple products to be a dweeb, I knock them because I see very serious flaws in how the Business of Apple is run. I don't have many qualms about the tech (it isn't to my taste, but that isn't a technical flaw), but if I pay bucks for a electronic device, I fail to see how having Steve Jobs be the gatekeeper of what I can run on that platform as a positive. I fail to see how having no choice in carrier (absent "jail breaking" the phone - what an odd turn of phrase to use on a device *I own*) is a positive. I fail to see how having Big Brother Apple dictate my choices and setting my limits is a positive. I wouldn't let a company dictate what I can load on my Linux or Windows boxes.
If you disagree, that's fine. I'd much rather have someone comment than just get rated "Troll".
"If it's stupid and it works, it's not stupid."
There are plenty of doges you can use, perl, python, bash, and lots more. But all of them add a level of complexity to this that the batch file doesn't have. Which leads me to my second saying:
"If it's simple and it works, it's elegant."
Sounds like you've found an elegant solution to a problem. I'd stick with it if it works for you.
In the past few months, my employer has issued this directive:
"Employees that use social media that also discloses their employment with the company are directed and required to report that to HR, or to remove references to their employment with (redacted). If you disclose your employment, all postings must meet professional guidelines as defined in the employee handbook. Directives to edit or remove postings as directed by HR or Communications are non discretionary as long as the site identifies your employment. Employees that maintain a "comment" area of any kind are instructed to ensure all viewable "comments" are within the guidelines of the employee handbook. That the comments themselves are made by others
is irrelevant - If these comments are visible to the general public, they must remain within published employee
handbook guidelines if your site identifies your employment.
Violations of this policy are subject to review of employment (eg: getting fired)."
On balance, I see this as reasonable. If you say you work somewhere, then the employer may review the posts, regardless of who made them. If you don't say where you work, then what anyone says is none of their business.
If you want to say you work for XYZ Corp. Fine and dandy - as long as it conforms to their policy.
If you don't want to conform to their policy, you are free to do so - as long as you don't say you
work for XYZ.
1. Toyota's tend toward the "expensive" end, therefore only more wealthy drivers would buy
2. Older buyers tend to see the added value of more reliable brands, younger buyers tend to be more price sensitive.
3. Cheaper autos tend to use older tech
4. Older tech doesn't use "drive by wire" and extensive computer control
5. If the flaw is in computer control (sensors or servos), then automatically we'd see fewer problems in the younger set because they do not have this technology.
That said, I'm not convinced the issue is computer control as yet. I think it's a viable possibility, but to date the evidence isn't there - and that is also consistent. It's difficult to expect a log of a electronic system gone haywire to be conclusive. Logs are taken with expectations in mind. If an action is outside of expected input, then the log is also in question. And in this case, the logs are not all that detailed to start with.
If I knew more details, I'd have greater insight. In this case, the wisest course in my opinion is to implement more logging, both in data points and retention.
.
If you are looking at direct malicious activity, then you are quite correct. However, once you start looking at C&C servers and where they are (which you have to do somewhat indirectly), then you will find that many of them are indeed hosted on major ISPs in the US. So why would someone run C&C from US servers, but have the direct malicious action from outside the US?
I suspect one major factor is the difficulty in obtaining logs from the malicious system (either direct logs from the server or packet logs from the network). Another factor is jurisdiction issues - it is almost impossible to get the Chinese to do anything in their legal system about systems being used in malicious ways. Ditto for many other jurisdictions. So, even if you know where the C&C servers are, it's hard (but not impossible) to put together a case against the bad actors.
There are some interesting things going on with all this stuff, though I'm not party to any of it. I hope that in the next two years or so, it will be much harder for the hackers/spammers to continue to operate.
.
I think the companies that release stupid DRM'ed games have more to do with it. If I like a game, I'll pay for it. Bucks aren't THAT hard to come by. Heck, I'll skip lunch a few days a week if things are that tight. I could stand to lose some weight anyway.
First, why should a game cost $28M USD? More money doesn't a better game make. If my single player game (legitimately purchased - I'm not advocating ripping off someone that doesn't choose to place their product under GPL - their choice) borked because the crappy ISP dropped cell delineation, I'd consider that broken. By intent. Why would I buy something I know is broken from the get-go? Ubisoft has nothing to worry about on my account - I won't by their software, ever. I won't play their games - ever. People that make such breathless mistakes as this DRM'ed abortion likely made other mistakes as well. We just can't see them. It's closed source. If you need a crack to make a game work correctly, I'd say you're better off without the game - or the crack.
I have to say, despite not being very pleased in other ways with Wells Fargo, that they are on top of the game with fraud as far as I can see. I've had five separate issues with my WF credit card in the last year, all of which were handled swiftly (once before I even reported it).
What I really want is a card that I can use for on-line purchases where I either transfer the money for the transaction in advance, or authorize it up to two hours later or it's canceled. I've looked (not very seriously) for two years, but I must be missing it. This seems an obvious evolution to CC use that benefits everyone. AmEx used to have a program like this, but I don't see it now. (NB: Gift cards - read the terms of service. These are NOT an option with those sorts of fees!)
Another thing that needs to stop is revolving charges without cardholder approval. I once used a card to buy a 1 year subscription to a magazine for a friend, then after the year, spent the next 12 months, every month, contesting the charge. I finally closed that card to stop it at it was taking 3 hours a month to file all the paperwork.
Last, there needs to be more enforcement done vis-a-vi credit card fraud. I administer a mail server farm - I see literally THOUSANDS of frauds sent every day. A swift, sure way to stop the merchant account is needed.
do you believe you can convince enough politicians of that to make it matter?
.
It is unimportant what politicians believe if RIAA and MPAA are deprived of any income.
Accept nothing from RIAA/MPAA, give nothing to RIAA/MPAA. RIAA/MPAA will go away as they
so richly deserve. At work, I'll veto the purchase of a system that has too much Sony IP in it
if I can obtain alternatives for less than a 10% difference. Mostly, the alternatives cost
less with interoperability that is better than the Sony selection.
For the last few years, I have not purchased any IP (Imaginary Property) except post first sale.
RIAA/MPAA get no income from secondary sales - but mostly, I simply do without because the vast
majority of their output is pure drivel. I have more time to code, more time to pet the cats,
raise my crops (spices for cooking), cook, wine and dine my ladies, read, and sleep in.
I haven't had cable/dish/over the air programming for the past year. I do miss Mike Rowe and
the Mythbusters team, but you know, I can live with that to suck at least $150 a month out of
the RIAA/MPAA/Stupid Networks/cable/dish networks. I miss 'em, but not $150 bucks a month worth.
So, why does snow accumulate on the lights in the first place? Because there are nooks and crannies where it can land. Eliminate those, you get rid of a lot of the problem. Next, snow and ice accumulate because the water is just above freezing, and the traffic light is below freezing. It hits, freezes, and sticks. Reengining the shape of the light won't fix that, but common sense of the part of drivers will. If approaching a traffic light and it's indication isn't clear, treat it as a stop sign.
But no, too many drivers would rather cripple or kill others because they are in a hurry...
Among the many choices you have, you can install a remote monitoring/administration card.
But that's really using technology to solve the wrong problem. The problem is your ISP.
Fire your ISP. You already have two very good reasons for doing so. First, they
should simply ask for the logs, not demand entry into the system. Second, for taking
down your server, breaking into it (what if you had data on there you didn't want
unauthorized people to see?) without your express, positive, verified consent.
Using technology to solve a problem is a fine thing. However, the problem you are
reporting isn't technical.
I was a DirecTV subscriber six years ago, and got fed up with them.
Dish is much easier to deal with. Full disclosure: I disconed them too in March, not for poor service or high fees, - I got good service and the fees were OK - but in protest to the Copyright Cartel.
Some find it shocking that I don't watch TV anymore (not even on hulu.com). Until the Copyright Cartel quits their antics, NO COOKIE FOR YOU!
I run a server farm somewhere between a /14 and a /17.
All authorized mail servers have SPF records. Ranges that clearly have no legitimate business sending email are clearly identified with XXX-XXX-XXX-XXX.dynamic.TLD and listed with SpamHaus's PBL.
No servers have DKIM/DK. The software to do so is opaque, testing is difficult to impossible, and the benefits over SPF are unclear at best, dubious at worst.
On about 1/3 of the servers, all Yahoo email is blocked out of hand due to the disgust and irritation of the server owner over Yahoo!'s blocking/delaying/spam problems. One server owner told me, "My mail TO them is blocked or delayed. But unless I use DKIM/DK, they won't tell me what the problem *is*. Since my own spam load is roughly 40% FROM yahoo!, screw 'em."
Yahoo!'s insistence on DKIM/DK is highly suspect in the cases, like mine, where a responsive, active abuse desk that will address a spam issue if it's from our clearly identifiable ARIN allocation is available.
For those customers that choose not to accept Yahoo email, we return an error message generally worded like so:
"We're sorry, but due to Yahoo! polices we strongly disagree with, we will not accept your email. Please use another email service that doesn't have it's head up it's ass."
It isn't phrased quite so bluntly, but the flavor is still there.
When I get complaints that Yahoo! won't take a customer's email, I tell them, "Yahoo! is a free service. Their customers are getting all they pay for. I'd like to help you, but frankly, I can't get them on the phone or to give a reasonable response via e-mail. Your best bet is to require a contact method that refuses or bypasses Yahoo!. They aren't in the business of giving their customers reliable email service."
Do I have problems? I'm sure I do. But since Yahoo! won't discuss them without jumping through their useless DKIM/DK hoops, I'll just ignore it and move on.
One thing I'm struck by (over, and over, and over again) is just how frequently "solutions" to keep critical system from "ever failing" don't. I've personally witnessed a tens of multi-million dollar solution come crashing down due to a single failed server. And I'm not talking something that was whomped up in the back office by the team, I'm talking Major Vendors (you'd know the names if I could say them, but I can't; please don't ask), and by vendors that are not even given to being thought of as a simple lightweights (as some other, also nameless vendors are thought of). And in the case I'm thinking of, it wasn't a single point of failure. There were over two dozen other servers able to accept the virtual instance - but none did. So the whole house of cards came down. It was the final acceptance demo. Boy, was there a LOT of egg on faces.
About the only "highly available" services that I've really seen work are geo-seperated Xiotech sans, geo-separated Stratus systems - the old, old ones, running Motorola 680x0 chips, (8098 for example), IBM RS-6000's (with Oracle replicated databases), and (shudder) Sperry V-77's, hand built for wagering. (My GHU! People really still use Z80s!) My own private testing of 10 linux systems running in a cluster were more favorable than any major OEM's Windows/Intel solution, but as the creator of the demo, I can't claim to be completely unbiased. However, even with 5 of the 10 servers having had the power plug pulled (or SCSI card cable yanked, or in one memorable case, the mobo hit with a Taser - I hated that hardware and wanted to get rid of it), it did keep running just fine. Most times, the user did not have to authenticate again and the transaction was preserved, but a few tests, this didn't always work. The user had to log in again, and the transaction was rolled back and not completed.
I've never seen a "solution" put together with WinTel platforms that were absolutely reliable. They may be out there, but I've never witnessed one tested by the "Back Room Guys" that passed with flying colors. Perhaps this is because I'm stupid, ignorant, and can't construct a valid test. I'm open to being corrected... but so far, all I've ever heard are whines and nitpicks.
In a few cases, I wanted to tell the vendor "go put on your man pants and try again."
I'm not feeding the copyright cartel until they quit treating me like a criminal and going to insane lengths to monetize every last drop of creative talent. (And that's giving them credit and assuming that they have any.)
Means I phat fingered durn, and didn't catch it before hitting "submit".
Aside from calling the IP allocations formerly used by criminals "slums", this is actually a very important question. All of McColo's space is still in my edge routers as "drop". I only checked because of the connection with this story. Does it make sense to drop those blocks now? I'm not entirely sure, and since no one is complaining (as yet), why WOULD I remove them?
Should we look to some authority to publish a list, something like the SpamHaus DROP list?
Should we start looking to ICANN to more strongly enforce removing bad actors? What rules, which guide lines? Is sending spam ok, but not being known to host fraud sites? Why? Who decides?
I think it highly ironic that SAVVIS commented upon IP allocations that are "poison" for email. Perhaps it's a case of "the burned hand teaches best." Those that deal with more than a modicum of email will know the back story to that vis-a-vi SAVVIS networks.
I may not be smart enough to have the answers, but I think I'm smart enough to know when someone asks a pretty drun good question. I think this is one.
Part of the answer may be for a system of distributed log inspection. Obviously, some of the information will need to be sanitized before being sent to third parties. Just as obviously, some way to keep the system from being abused by governments needs to be considered. How to do that without giving repressive governments a very powerful tool is something I've been thinking about for over five years. To date, I don't know that it can be done. I do think that if it cannot be closely kept to identifying command and control or infected hosts, it should NOT be done.
I want to shut down and stop criminals - not stifle those that protest against their governments.
Sell it and be done with it.
The point is that I don't want TiVO to continue to derive profit from my mistake in ever buying it in the first place. I should have simply said "no" and purchased a more open platform, but I had a weak moment and fell for the siren song of "you don't have to mess with it to get it to work." I tried Mythdora in 2007 and didn't have the hardware to make it work right at the time.
In other comments, "Don't rip off TiVO" is a mantra uttered by others - it isn't one I share.
While I will not use my uber hacker powers to rip them off, it's quite obvious that others have drank deeply of the kool-ade and see any use of a TiVO device not compensating TiVO as theft of service. I happen to see it as the proper application of the "First Sale" principal vis-a-vi the hardware, anyway. (The "service" is unquestionably out of bounds for my ethics.) Others do not. It is an area where while I do not agree with them, I can see their point and admit that to their mind, this is a legitimate issue.
Just not one I happen to share.
I'll think about it a bit more, but absent removing the HD and reusing it, looks like the land fill just got another load of dirty diapers.
Well, there goes about a quarter of the scam email I see on my servers.
Per HOUR.
I'm not sure how far Murdoc would get with a suit if Google cut them off. After all, he has said publicly that google is stealing NewsCorp content. I wish that the FCC would disallow his ownership of US radio and TV stations, rather than adjusting their "allowed market" percentages to be increased so they wouldn't get in trouble. (Done while Michael Powell was chairman.)
I've seldom seen a "news" outlet so consistently get the facts wrong and not correct themselves. In fact, I don't recall ever seeing a single retraction for anything they got wrong vis-a-vi political reporting.
w3woody,
The problem with this approach is that you don't know who is lying to you, the applicant, or the headhunter. In the case of the article here, clearly the applicant is trying to be honest, and clearly the head hunter is twisting the CV. That isn't the fault of the applicant per se, though the applicant is also responsible (and doesn't know about the lies unless some one, like the interviewer, tells him) in the overall sense.
I've horror stories in abundance to tell about applicants that claim experience they don't have (like the one that blew up and yelled "I don't have time to memorize every three letter acronym!" to the question "What does SGA stand for?" when applying as a certified Oracle Administrator, or the guy that was supposed to work on alternators/generators that couldn't tell me which part was the field coil and which the brushes/commutator, or the one that was shaking and stuttering so badly they couldn't answer any questions - then fainted leaving the interview).
You can legitimately argue that it isn't your duty to figure out which is lying, but for myself, I'd sure try to find out. If an applicant is lying, well, that's just to be expected. If the head hunter is lying, I'd be absolutely sure my company would never, ever deal with them again in the future.
My employer no longer allows applications from staffing companies. We found we were lied to much too frequently by them. We do make use of Monster, HotJobs, and our own portal, but not headhunters.
My own experience with headhunters is this: I never got a job by using one. Every job I landed, I landed by pounding the pavement, making calls, filling out forms, and being willing (frequently on my own money) to fly in for an interview. And I'd like to say "Honesty". If I don't know, I'm not going to hesitate to tell you that, followed up by my method of finding the answer and my opinion/suspicion/imagination of what that answer might be.
And I'm here to tell you, it's downright scary what idiots and idiot programming is foisted on to K-12. While we've never reviewed the SchoolMax software, most of the software I see is "enterprise unaware": EG: no common credential store, little or no real testing, glaring flaws, and most have no concept of interoperability.
My favorite vendor excuse is "It's your network", followed by "No, you can't virtulize this, it has to run on it's own hardware and it can't have other services running." I laugh because our network outperforms most major ISVs (I used to work at one as a second job), and as far as virtulizaion, I've asked venors "why not?" and the answer is never technical, it's always "because we don't support it". 9 times out of ten, the support driods working on something never twig to the fact that their application is running just fine on a virt serv and has been for YEARS. But clue them in, and INSTANTLY the problem is the virtulization, not a bug.
The other thing that makes me laugh is that when you ask how much a license is, it's never "how many CPUs?" or "How many boxes", it's always per student, even if it would only be used by a single classroom, they want to license it for the entire student population.
In over 15 years of working K-12, I can count on one finger the number of vendors that I didn't think were complete idiots, fools, and/or scammers.
Note for people about to post -- check your contract. Both of mine explicitly stated you must not say anything nasty about the publisher. You want to go AC on this thread.
Double Ditto here folks. If you're published, DO NOT post unless it's as an AC. Same for me, but more publishers than two.
-turn on humor mode please-
OK, all you folks out there - rush out to buy a new $500 phone, give a DNA sample, sign a four year contract to get your new iBlood phone!
-OK, now turn it off-
This is sad. I have to have some dark humor here because the loss of a life over a phone prototype is just too tragic otherwise. What an utter waste.