That's right. The people own the roads - not individuals. The government licenses those who have shown a basic knowledge of laws and driving ability to drive a motor vehicle on the roads that the people have paid for, and enforces the regulations regarding the use of vehicles on those roads to ensure the safety of all people.
Some people seem to think that they, as individuals, can do whatever they like on public property. This is incorrect. Public property is a shared resource and our government has been given power by us to protect that property and all those who use it. In fact, you can't do anything you want on your own property either. You can't kill anyone, you have to follow building code and zoning laws, etc. You are not alone in this world - we all share it. It's what civilization is all about.
If you are doing 60 in a 30 and have an accident, I have no problems with the insurance companies jacking up your rates. In fact, I have no problem with them charging you $30,000 a year. Maybe that will keep insane drivers that refuse to drive responsibly off the road (the courts don't seem to.) Driving is a priviledge; not a right.
I have many reasons to hate insurance companies: how they handle claims, all the little exclusions, getting billing and coverage correct, etc. Jacking rates to irresponsible drivers is not one of them. With the exception of getting rear-ended while sitting at a red light TWICE by idiots talking on their cell phones, and a deer that ran into my rear passenger door (in the middle of a city no less) I haven't had an accident or ticket in over 20 years. My rates are actually quite reasonable.
Back to the subject at hand, I'm on the fence on the black box issue. On one hand, It's a privacy violation. On the other hand, it's a great tool to identify liars (one of the idiots that rear-ended me tried to claim that I was backing up. Needless to say, the cops didn't believe her when looking at the skid marks.) When concrete evidence is lacking (skid marks in my case) the black boxes can help identify what really happened (especially when one or more of the people involved is dead.)
Remember: these boxes only store a brief period of time; 30 seconds or so - not your entire driving history.
Re:Get generic benadryl and save money!
on
Sleeping Problems?
·
· Score: 1
Careful on the benadryl. Took them for a while and developed a pain in the groin. Went into the doctor for it and had him stumped. Out of the blue, he asked me if I was taking benaryl. Told me to stop. It can do bad things to guys if you take it for prolonged periods of time. Pain went away in about a week.
Anyway, I would ignore most of the advice here on taking drugs or drinking, etc. Talk to your doctor. That's what they are for.
I've also dropped my iPod about 5-6 times, and it still keeps on ticking!
Shouldn't they be designed for that?
I have an old Sony Vaio laptop that fell off the arm of a couch and landed on the edge, jamming the wireless card into the PCMCIA slots, ripping the connectors off the motherboard, tearing the traces.
It still works great except for the pcmcia slots - I just use the USB / firewire ports instead.
I agree - especially on the bandwidth. It's amazing how many worms pound on my email server door.
On the IT comment however, if a worm gets into your organization and starts patching, doesn't that say something about the effectivness of the IT group? Doesn't that tell you that your security systems and policies are broken? I know companies that wait MONTHS to patch their systems. That's just too long. Many of the worms that are out there exploit bugs that have had patches available for many months prior. I'm all for testing but it has to be reasonable and prompt. Machines that can't be patched for whatever reason need to be secured.
It seems it would be possible to start a jail, give it an IP address, install FreeBSD into the jail, NAT out the SSH port from the jail and give the root password of the jail to the "virtual server admin".
Indeed, that is exactly what some hosting companies are doing. I played around inside a BSD jail as root with one of these $15 / month virtual servers. It actually worked Very well, allowing me to compile my own applications including installing the BSD ports collection. I'm quite impressed. Apparently this hosting company runs up to 120 jails per system. The system I was on only had about 30, and I was seeing loads of up to 20. For this reason, I canceled the account, but the concept is quite sound.
The BSD jail more like a super chroot than usermode linux- a LOT more isolation than just the file system, but less than a true VM. It seems to have much less overhead than a full VM such as vmware or UML. Hardware is not virtualized, but rather just more restricted.
This is great for running things like mail servers, web servers, etc. especially where you want to give applications the ability to run external scripts / CGI's without most the security issues that come along with it.
Your car analogy is flawed as well. New cars are easy to get into, but require vast amounts of training and equipment to fix. You might as well weld the hood shut for most people.
Not at all. I don't expect "grandma" to fix her own car, but I DO expect that she could take it to any qualified independant mechanic to get it fixed. With the welded-shut hood, even Jiffy Lube wouldn't be able to change your oil. Independant qualified mechanics are going to HAVE the training and equipment to fix even newer cars - the only difference is that they are INDEPENDANT. In fact, many times the independants are BETTER. My analogy is just fine - it's your ability to comprehend what you're reading that is flawed.
Few people fix cars in comparison to the total number of car owners. That "few" is still in the millions. Ditto for OSS. But that's not the point. He is saying that a blanket statement is a myth. It's not. It's a FACT. He backs up his "myth" claim with other statements that have no bearing on the validity of the fact. Those statements do not disprove the fact and turn it into a myth. Again, for the reading comprehention impaired: Just because YOU don't personally have the ability to fix an OSS bug does not mean that the ABILITY to fix the bug has no value.
Thoughout my multi-decade IT career, I have run into bugs that people had to workaround for years due to lack of source. Many software packages that were replaced were replaced because it was no longer supported - due to lack of source, they could not be supported internally. Otherwise, they worked fine. Applications that DID have source are still being used today, decades later, on a totally different platform (One app I worked on had been ported 9 times.)
Linux is a HUGE example. It's been ported to over a dozen architecures. Linus didn't do all that himself. He also didn't create all the patches to linux himself. Or the drivers. Or the installation scripts. Or the management tools.
I'm sorry you are too blind to see the value in not having your hood welded shut.
BTW, the industry average is 1 IT person for 43 employees. That's over 2% of the total workforce. While a minority, they are certainly more than "hardly anybody."
I don't believe you understand the DMCA or the DeCSS issue.
The MPAA was calling the CSS system a "trade secret". While a copyright exists on implementations, independent implementations to not violate copyright of the original CSS.
The DMCA made software or devices that are designed to bypass technological restrictions on accessing OTHER copyrighted works illegal. It's the fact that DeCSS bypassed those restrictions that got it into trouble - NOT that it violated the CSS "formula" copyright.
I think YOU are missing the point. The author is dismissing one of the strengths of OSS saying that it is a myth. The reality of the situation is that corporate users (for example) will have staff on hand (as they already do) to customize software to fit their needs or fix bugs - something that is impossible with closed source software. Once a project is released as OSS, it doesn't die even if the original author does. Anyone can pick up the project and continue it. Closed source programs die all the time when the original company discontinues a product or goes out of business.
Not everyone NEEDS to be a programmer for that strength of OSS to be true. There is an old analogy about cars that works well. Which car has more value: one with the hood welded shut that can only be serviced by the manufacturer or one that doesn't and has maintenance manuals available so any qualified mechanic can fix it? Even if you never even change your own oil, the "open" car has more value.
That's a nit and you know it. I was not using nobody in an absolute but rather in the near absolute which matches the authors intent. Kinda like when your hear "nobody pays attention to the speed limit" when in reality that's not a true statement.
His term "hardly anybody" implies near zero when we all know by the software we use everyday that it is much, much more than that. The evidence is all around but statistics are virtually impossible to gather due to the nature of OpenSource development. One indicator that IS verifiable is SourceForge which has over 84,000 projects and almost a million registered users. Anyway, I call "BullShit" on the author. His statement is totally unsubstantiated and flies in the face of reason.
I'll takle an EASY target: "Open Source software allows you to get under the hood and fix problems"
He claims that it's hard and that nobody does it "in the real world." If that was really the case, the open source world we have today would not exist. Linux would not exist. BSD would not exist. Apache would not exist. PHP would not exist. MySQL would not exist. But they do. They are all thriving projects with thousands of contributors. Does EVERYONE contribute? No, but they don't need to. Not everyone HAS the skills, but not everyone needs to have the skills. That's why (if you were a corporation) you hire people with those skills to support the systems you use.
I know that I personally have fixed bugs in dozens of FOSS applications, and greatly exteneded functionality in dozens as well. It's not that you MUST get "under the hood and fix problems," it's that you CAN. This is not a myth. It's an indisputable fact. Any competent programmer can work with FOSS software. Not all programmers are competent. Not all people are programmers. These facts don't change the base fact.
I spend a fair amount of time helping people in various lists. It's part of my contribution to open source, and to return the favor to others for all they help I have received over the years. Spreading goodwill.
Let me be perfectly clear. I wouldn't spend one extra dime or work trying to email someone who asks a question yet makes it difficult for me to send a response. Likke the clueless people with C/R systems, they would go in my blacklist forever.
Most corporate users would Never use a system like this. It makes interacting with customers and other businesses too cumbersome.
Remember: The MPAA and the RIAA have bought extentions to copyright over and over. It's now "forever" for most practical purposes (more than my lifetime anyway.) They also brought us the DMCA. Congress and the courts are in their back pockets.
... And style sheets eliminate the need to use the font tag in your pages at all. Separate presentation from content. It's too bad that crap like FP, and even worse MS Word, do such a horrible job of working with the standards, and create such crappy html.
Check out the MTBF numbers. They look similar until you see that desktop drives are rated with a low duty cycle - the typical 8 hour day as opposed to the 24 hour day servers are deigned to run.
As for real performance, my old 18G 7200 RPM IBM scsi drives are faster than my brand-new SATA raptors in real world applications (compiling the linux kernel for example.)
So here's what I do. I use my scsi drives for my everyday stuff, and archive on the SATA drives (MP3's, old source / packages, etc.) That way I get my performance and reliability, and space. Since I have two of each, I just raid mirror.
As for real world server applications, we run some Large raid arrays. We don't need the space as much as we need the performance you get with dozens of spindles spread over multiple channels on 64bit controllers.
I disagree. Each time a domain implements SPF, the "forgeable" domain list goes down. You are correct in that it will force spammers to use other forged domains, but it will also start highlighting domains that aren't secure. This act of highlighting will eventually catch up to the domain owners, and hopefully they'll implement SPF themselves.
You DO realize the the number of possible domains is virtually infinate, right? There are SPF records for less than 1% of domains. Probably more like 0.01%, but we will use the larger number. Hell, let's make it 50%. Great. Whoop dee doo. So now we have identified that 50% of the domains are not secure. That's going to help you exactly how? Spammers can still spoof half the domains on the net. Hey, it's only a hundred million or so...
SPF is all nice and such, but it won't help stop spam at all. All it will do is encourage spammers to use other forged domains that don't have SPF records (which is most of them.)
Adoption of SPF or other technologies (domain keys for example) needs to be near 100% to be useful in reducing spam. Lack of records can be somewhat useful as a scoring tool in spamassassin for example, but that's about it. Spammers will just find another way to spam - maybe they will start publishing SPF records on the 8782374651872356 domains that they have registered or taken over.
Spammers already control a large percentage of windows machines - they really don't care if what they are doing is illegal or not. Grandma's machine will start spewing spam using her real email address via her ISP slowly - a few dozen messages every day. Of course there are millions of other grandmother's machines to use.
They don't. You are misreading what I wrote. What those proposed standards basically do is say that server X and Y are the legit senders for domain Z. That takes care of the lack of *sending* DNS records. MX records are only for *receiving* servers. That's it.
How this would theorietically be used is if spammer sends as blah@domainZ from a comcast PC, the receiving server says "you don't present the right crypto credentials / and/or are not server X or Y", and rejects the mail.
Again, unless DK or SPF is near universally adopted, it won't be effective as spammers will just use blah@domainT which doesn't have SPF / DK records. Adoption is THE key. Anyone claiming DK or SPF will eliminate spam is talking out of their ass. It only says who is legit. It CAN be used as a scoring tool in SpamAssassin however.
I actually ran into the per-processor licensing with database connector software on Linux. A Xeon shows up in linux as two processors due to the hyper threading. Of course hyperthreading is not as fast as 2 distinct CPU's either. It threw the salesman for a loop - he had no idea what the license would be. Turned out they were way overpriced anyway, and a FOSS driver worked fine.
Oracle was licensing based on power units a while back. Any idea if they are stiill doing that? From what I understand, they basically benchmarked certain machines and price the software based on the performance of the box rather than pure # of CPU's. That solves the issue completely. Course we use MySQL and Postgres anyway, with a smattering of MS SqlServer (Yeah I know, but it IS a pretty good DB, and needed by some apps.)
Or use port 587 which is the new MUA standard. Port 25 should be for MTA's only. Since most residential AUP's don't allow servers, people shouldn't be running MTA's anyway. For those that do, they can Still set it to smarthost via port 587.
Blocking outbound port25 from dynamics is good. Clients that need to use alternative mail servers can use the submission port (587).
On the mail server front, while many smaller sites send mail from MX listed servers, this isn't always true at larger sites (such as most ISP's) as they use different sending servers than receiving servers. This is what SPF, domainkeys, etc are supposed to take care of. Until they are universally adopted, blocking based on those DNS records (or lack thereof) will not be effective.
Slashdot Mirror
That's right. The people own the roads - not individuals. The government licenses those who have shown a basic knowledge of laws and driving ability to drive a motor vehicle on the roads that the people have paid for, and enforces the regulations regarding the use of vehicles on those roads to ensure the safety of all people.
Some people seem to think that they, as individuals, can do whatever they like on public property. This is incorrect. Public property is a shared resource and our government has been given power by us to protect that property and all those who use it. In fact, you can't do anything you want on your own property either. You can't kill anyone, you have to follow building code and zoning laws, etc. You are not alone in this world - we all share it. It's what civilization is all about.
If you are doing 60 in a 30 and have an accident, I have no problems with the insurance companies jacking up your rates. In fact, I have no problem with them charging you $30,000 a year. Maybe that will keep insane drivers that refuse to drive responsibly off the road (the courts don't seem to.) Driving is a priviledge; not a right.
I have many reasons to hate insurance companies: how they handle claims, all the little exclusions, getting billing and coverage correct, etc. Jacking rates to irresponsible drivers is not one of them. With the exception of getting rear-ended while sitting at a red light TWICE by idiots talking on their cell phones, and a deer that ran into my rear passenger door (in the middle of a city no less) I haven't had an accident or ticket in over 20 years. My rates are actually quite reasonable.
Back to the subject at hand, I'm on the fence on the black box issue. On one hand, It's a privacy violation. On the other hand, it's a great tool to identify liars (one of the idiots that rear-ended me tried to claim that I was backing up. Needless to say, the cops didn't believe her when looking at the skid marks.) When concrete evidence is lacking (skid marks in my case) the black boxes can help identify what really happened (especially when one or more of the people involved is dead.)
Remember: these boxes only store a brief period of time; 30 seconds or so - not your entire driving history.
Careful on the benadryl. Took them for a while and developed a pain in the groin. Went into the doctor for it and had him stumped. Out of the blue, he asked me if I was taking benaryl. Told me to stop. It can do bad things to guys if you take it for prolonged periods of time. Pain went away in about a week.
Anyway, I would ignore most of the advice here on taking drugs or drinking, etc. Talk to your doctor. That's what they are for.
As long as both the hardware and drivers support this, it's fine.
I've also dropped my iPod about 5-6 times, and it still keeps on ticking!
Shouldn't they be designed for that?
I have an old Sony Vaio laptop that fell off the arm of a couch and landed on the edge, jamming the wireless card into the PCMCIA slots, ripping the connectors off the motherboard, tearing the traces.
It still works great except for the pcmcia slots - I just use the USB / firewire ports instead.
I agree - especially on the bandwidth. It's amazing how many worms pound on my email server door.
On the IT comment however, if a worm gets into your organization and starts patching, doesn't that say something about the effectivness of the IT group? Doesn't that tell you that your security systems and policies are broken? I know companies that wait MONTHS to patch their systems. That's just too long. Many of the worms that are out there exploit bugs that have had patches available for many months prior. I'm all for testing but it has to be reasonable and prompt. Machines that can't be patched for whatever reason need to be secured.
It seems it would be possible to start a jail, give it an IP address, install FreeBSD into the jail, NAT out the SSH port from the jail and give the root password of the jail to the "virtual server admin".
Indeed, that is exactly what some hosting companies are doing. I played around inside a BSD jail as root with one of these $15 / month virtual servers. It actually worked Very well, allowing me to compile my own applications including installing the BSD ports collection. I'm quite impressed. Apparently this hosting company runs up to 120 jails per system. The system I was on only had about 30, and I was seeing loads of up to 20. For this reason, I canceled the account, but the concept is quite sound.
The BSD jail more like a super chroot than usermode linux- a LOT more isolation than just the file system, but less than a true VM. It seems to have much less overhead than a full VM such as vmware or UML. Hardware is not virtualized, but rather just more restricted.
This is great for running things like mail servers, web servers, etc. especially where you want to give applications the ability to run external scripts / CGI's without most the security issues that come along with it.
Go on the vacation plan. It doesn't cancel service - just suspend.
Your car analogy is flawed as well. New cars are easy to get into, but require vast amounts of training and equipment to fix. You might as well weld the hood shut for most people.
Not at all. I don't expect "grandma" to fix her own car, but I DO expect that she could take it to any qualified independant mechanic to get it fixed. With the welded-shut hood, even Jiffy Lube wouldn't be able to change your oil. Independant qualified mechanics are going to HAVE the training and equipment to fix even newer cars - the only difference is that they are INDEPENDANT. In fact, many times the independants are BETTER. My analogy is just fine - it's your ability to comprehend what you're reading that is flawed.
Few people fix cars in comparison to the total number of car owners. That "few" is still in the millions. Ditto for OSS. But that's not the point. He is saying that a blanket statement is a myth. It's not. It's a FACT. He backs up his "myth" claim with other statements that have no bearing on the validity of the fact. Those statements do not disprove the fact and turn it into a myth. Again, for the reading comprehention impaired: Just because YOU don't personally have the ability to fix an OSS bug does not mean that the ABILITY to fix the bug has no value.
Thoughout my multi-decade IT career, I have run into bugs that people had to workaround for years due to lack of source. Many software packages that were replaced were replaced because it was no longer supported - due to lack of source, they could not be supported internally. Otherwise, they worked fine. Applications that DID have source are still being used today, decades later, on a totally different platform (One app I worked on had been ported 9 times.)
Linux is a HUGE example. It's been ported to over a dozen architecures. Linus didn't do all that himself. He also didn't create all the patches to linux himself. Or the drivers. Or the installation scripts. Or the management tools.
I'm sorry you are too blind to see the value in not having your hood welded shut.
BTW, the industry average is 1 IT person for 43 employees. That's over 2% of the total workforce. While a minority, they are certainly more than "hardly anybody."
I don't believe you understand the DMCA or the DeCSS issue.
The MPAA was calling the CSS system a "trade secret". While a copyright exists on implementations, independent implementations to not violate copyright of the original CSS.
The DMCA made software or devices that are designed to bypass technological restrictions on accessing OTHER copyrighted works illegal. It's the fact that DeCSS bypassed those restrictions that got it into trouble - NOT that it violated the CSS "formula" copyright.
I think YOU are missing the point. The author is dismissing one of the strengths of OSS saying that it is a myth. The reality of the situation is that corporate users (for example) will have staff on hand (as they already do) to customize software to fit their needs or fix bugs - something that is impossible with closed source software. Once a project is released as OSS, it doesn't die even if the original author does. Anyone can pick up the project and continue it. Closed source programs die all the time when the original company discontinues a product or goes out of business.
Not everyone NEEDS to be a programmer for that strength of OSS to be true. There is an old analogy about cars that works well. Which car has more value: one with the hood welded shut that can only be serviced by the manufacturer or one that doesn't and has maintenance manuals available so any qualified mechanic can fix it? Even if you never even change your own oil, the "open" car has more value.
That's a nit and you know it. I was not using nobody in an absolute but rather in the near absolute which matches the authors intent. Kinda like when your hear "nobody pays attention to the speed limit" when in reality that's not a true statement.
His term "hardly anybody" implies near zero when we all know by the software we use everyday that it is much, much more than that. The evidence is all around but statistics are virtually impossible to gather due to the nature of OpenSource development. One indicator that IS verifiable is SourceForge which has over 84,000 projects and almost a million registered users. Anyway, I call "BullShit" on the author. His statement is totally unsubstantiated and flies in the face of reason.
I'll takle an EASY target: "Open Source software allows you to get under the hood and fix problems"
He claims that it's hard and that nobody does it "in the real world." If that was really the case, the open source world we have today would not exist. Linux would not exist. BSD would not exist. Apache would not exist. PHP would not exist. MySQL would not exist. But they do. They are all thriving projects with thousands of contributors. Does EVERYONE contribute? No, but they don't need to. Not everyone HAS the skills, but not everyone needs to have the skills. That's why (if you were a corporation) you hire people with those skills to support the systems you use.
I know that I personally have fixed bugs in dozens of FOSS applications, and greatly exteneded functionality in dozens as well. It's not that you MUST get "under the hood and fix problems," it's that you CAN. This is not a myth. It's an indisputable fact. Any competent programmer can work with FOSS software. Not all programmers are competent. Not all people are programmers. These facts don't change the base fact.
I spend a fair amount of time helping people in various lists. It's part of my contribution to open source, and to return the favor to others for all they help I have received over the years. Spreading goodwill.
Let me be perfectly clear. I wouldn't spend one extra dime or work trying to email someone who asks a question yet makes it difficult for me to send a response. Likke the clueless people with C/R systems, they would go in my blacklist forever.
Most corporate users would Never use a system like this. It makes interacting with customers and other businesses too cumbersome.
... And monkeys might fly out of my butt.
Remember: The MPAA and the RIAA have bought extentions to copyright over and over. It's now "forever" for most practical purposes (more than my lifetime anyway.) They also brought us the DMCA. Congress and the courts are in their back pockets.
... And style sheets eliminate the need to use the font tag in your pages at all. Separate presentation from content. It's too bad that crap like FP, and even worse MS Word, do such a horrible job of working with the standards, and create such crappy html.
Check out the MTBF numbers. They look similar until you see that desktop drives are rated with a low duty cycle - the typical 8 hour day as opposed to the 24 hour day servers are deigned to run.
As for real performance, my old 18G 7200 RPM IBM scsi drives are faster than my brand-new SATA raptors in real world applications (compiling the linux kernel for example.)
So here's what I do. I use my scsi drives for my everyday stuff, and archive on the SATA drives (MP3's, old source / packages, etc.) That way I get my performance and reliability, and space. Since I have two of each, I just raid mirror.
As for real world server applications, we run some Large raid arrays. We don't need the space as much as we need the performance you get with dozens of spindles spread over multiple channels on 64bit controllers.
I disagree. Each time a domain implements SPF, the "forgeable" domain list goes down. You are correct in that it will force spammers to use other forged domains, but it will also start highlighting domains that aren't secure. This act of highlighting will eventually catch up to the domain owners, and hopefully they'll implement SPF themselves.
You DO realize the the number of possible domains is virtually infinate, right? There are SPF records for less than 1% of domains. Probably more like 0.01%, but we will use the larger number. Hell, let's make it 50%. Great. Whoop dee doo. So now we have identified that 50% of the domains are not secure. That's going to help you exactly how? Spammers can still spoof half the domains on the net. Hey, it's only a hundred million or so...
That's easy. The mail server does a DNS lookup on the domain. If it doesn't exist, reject. Many mail servers do this by default now.
SPF is all nice and such, but it won't help stop spam at all. All it will do is encourage spammers to use other forged domains that don't have SPF records (which is most of them.)
Adoption of SPF or other technologies (domain keys for example) needs to be near 100% to be useful in reducing spam. Lack of records can be somewhat useful as a scoring tool in spamassassin for example, but that's about it. Spammers will just find another way to spam - maybe they will start publishing SPF records on the 8782374651872356 domains that they have registered or taken over.
Spammers already control a large percentage of windows machines - they really don't care if what they are doing is illegal or not. Grandma's machine will start spewing spam using her real email address via her ISP slowly - a few dozen messages every day. Of course there are millions of other grandmother's machines to use.
See RFC 2476. That's standard enough. If you read the spec, servers are required to use SMTP Auth. That solves the spammer issue.
They don't. You are misreading what I wrote. What those proposed standards basically do is say that server X and Y are the legit senders for domain Z. That takes care of the lack of *sending* DNS records. MX records are only for *receiving* servers. That's it.
How this would theorietically be used is if spammer sends as blah@domainZ from a comcast PC, the receiving server says "you don't present the right crypto credentials / and/or are not server X or Y", and rejects the mail.
Again, unless DK or SPF is near universally adopted, it won't be effective as spammers will just use blah@domainT which doesn't have SPF / DK records. Adoption is THE key. Anyone claiming DK or SPF will eliminate spam is talking out of their ass. It only says who is legit. It CAN be used as a scoring tool in SpamAssassin however.
I actually ran into the per-processor licensing with database connector software on Linux. A Xeon shows up in linux as two processors due to the hyper threading. Of course hyperthreading is not as fast as 2 distinct CPU's either. It threw the salesman for a loop - he had no idea what the license would be. Turned out they were way overpriced anyway, and a FOSS driver worked fine.
Oracle was licensing based on power units a while back. Any idea if they are stiill doing that? From what I understand, they basically benchmarked certain machines and price the software based on the performance of the box rather than pure # of CPU's. That solves the issue completely. Course we use MySQL and Postgres anyway, with a smattering of MS SqlServer (Yeah I know, but it IS a pretty good DB, and needed by some apps.)
Or use port 587 which is the new MUA standard. Port 25 should be for MTA's only. Since most residential AUP's don't allow servers, people shouldn't be running MTA's anyway. For those that do, they can Still set it to smarthost via port 587.
Blocking outbound port25 from dynamics is good. Clients that need to use alternative mail servers can use the submission port (587).
On the mail server front, while many smaller sites send mail from MX listed servers, this isn't always true at larger sites (such as most ISP's) as they use different sending servers than receiving servers. This is what SPF, domainkeys, etc are supposed to take care of. Until they are universally adopted, blocking based on those DNS records (or lack thereof) will not be effective.