Why would you use something like this when there are several existing software packages that do this for free? Hell, I did this kind of thing YEARS ago with a trivial procmail script.
There are many reasons why confirmation style whitelisting systems suck and are not workable in the REAL world that I could tell you about, but I find it much more entertaining watching people use such stupid systems, crow about how great they are, and then end up abandoning them a few months down the road when they figure it out for themselves.
Have you thought to ask WHY webmasters.com was dropping the replys? Sounds like YOUR hosting company was doing something bad and wanted to hide it from you - like hosting a spammer. To block a bounce message from getting back to you takes Special configuration. Why would they do that if they had nothing to hide?
I have manually blacklisted MANY companies, netblocks, and even entire countries (china and korea come to mind) for bad behavior of various types. My bounce message is usually a little more informative than "you loser" though.
Spews is another list I use. It's INTENT is to punish ISP's that exhibit bad behavior (such as supporting spammers) by increasing the netblock size listed over time as they continue to harbor spammers. By DESIGN, this will piss off people like YOU that don't spam, as all of a sudden YOUR email is blocked and YOU didn't do anything wrong. This should prompt you to bitch at your ISP to find out why they are harboring spammers, and when they plan on getting spammers off their network. By using an ISP that harbors spammers, you are supporting spamming, although indirectly.
Spews is harsh. It intends to be. Listings only occur when ISPs fail to take action in getting rid of the spammers on their network, NOT when they are being proactive. Spam is ugly and needs harsh punishment if we are to do anything to curb it. ISPs need to be held accountable for the spam created on or supported by their network.
Well, sure, but there are other ways to get this. If Cisco had a web form that you pasted the output of "sh ver" to, it could direct you to the exact file. Email is a pathetic solution.
Um, I never heard of "chain saw class". Ive also never heard of any rental shop requiring training for ANYTHING, although most will show you how to use the equipment if you claim you don't know how. Which country are you from?
In the US, drivers education classes are not required (except for under 18 kids driving with provisional licenses, and even then it varies state to state.) All you need to do is pass a test. The test does not require you to know how to change a tire or the oil though, just that you have basic skills to drive and a very basic understanding of the laws. Cars are probably a closer analogy...
But computers are not cars, and there are no requirements at all on knowlege required for computer use. Good thing too, considering how many things have computers in them.
If anything, this can be handled in the private sector without any government intervention. ISP's can have AUP's and usage agreements that require that users maintain their systems and allow for account suspensions or terminations when someone's system has been compromised or is somehow causing problems to others.
Actually, most ISP's ALREADY have something like this in their AUP, but It's Very rare for any ISP to actually enforce those provisions. If ISP's actually starting suspending peoples service when the users are propogating worms or whatever, we might see more people taking an interest in maintaining their systems.
Filtering does not stop the spammer from using your (and your ISP's) network bandwidth and server resources. It adds up. How well will your filter work when you get 72634 spams a day?
If the law forbids sending spam no matter where the physical server resides, it solves one of your issues. You follow the money. Spam is selling something - a service or product. Money trails are fairly easy for the feds to follow.
Second, the law needs to address theft of network and computer services - again no matter where the theft occurs. It's ALREADY illegal (in the US and some other countries) to break into a machine and install a trojan.
While laws don't cover every case (foreign spammer from foreign servers), they WILL have an impact on levels of spam. Spam is not just a local problem to the US, and if the US has a tough law that really works (on US based spammers) I bet other countries will follow.
Like any computer security issue, spam fighting is a multi-layered approach. Laws are but ONE tool, and while they don't cover every case (foreign spammer from foreign servers), they WILL have an impact on levels of spam. Spam is not just a local problem to the US, and if the US has a tough law that really works (on US based spammers) I bet other countries will follow.
Technical measures are definately a big weapon in the arsenal. We can not wait, however, for a whole new protocol to be developed, coded, and deployed over thousands of platforms and hundreds of millions of systems - that would take Many years. Even then, what if spammers find a way around the anti-spam mechanism? Do you start over?
Blacklisting is another valuable tool to basically force badly behaving networks to change thier behavior, but it doesn't help when ISP's are PART of the problem. Outlaw spam and the ISP's will have no choice but to address the problem. Blacklisting entire countries (like many have done with China and Korea) is a good way to encourage those countries to address the spam problem as well.
If you read the NANAE newsgroup, you can see how blacklists such as SPEWS really do work to change behavior.
Technical measures alone will not stop spam (without a major impact to either privacy, ease of communication, freedom of speech, etc.), laws alone will not stop spam, and both together will not stop spam BUT they will reduce it. If you don't have the weight of laws behind you, there will be NOTHING stopping spammers from finding a way around any technical measure.
Spam is getting much worse very quickly because our lawmakers are pathetically slow to react (and are WAY too easily swayed by the DMA and other industry groups), And most ISP's are still unwilling to implement technical measures or are too busy making money by allowing spammers to spew from their networks.
A business line is MUCH less than $60 / month at least in the 9 states I've worked with. The difference is that you generally pay by the minute even for local calls, although plans can be had (still for much less than $60 / month) that include unlimited local calls.
Businesses also generally have a wider array of providers to choose from. Any larger busness is going to be getting service via a T1 / PRI ISDN frequently direct from a CLEC or ILEC.
Yeah, exactly. It annoys me when companies refuse to release docs to allow people to write their own drivers. I just won't buy their crap.
Whenever I buy hardware now, I make sure that the company has a good track record with open source support either by releasing Good quality drivers directly, or at least by proving full technical information. Why support a company that doesn't? The bottom line is they can have technically the best hardware out there, but unless I can use it with MY OS reliably, it's junk (and that goes for Windows support too.)
Sigh. Didn't hit preview. My last line was supposed to include a link to http://www.zfmicro.com/zfx86.html which is a basically an entire PC on one chip.
Maybe because those little things are Very limited in what they can do?
They can't route beyond a very simplistic inside/outside net.
They only have VERY simplisitic firewall capabilities
They can't directly connect to a T1
Few can do VPN, and ones that do are much more than $60.
Basically, those little things are fine for little home networks where you want to share your cable / dsl modem over a few PC's, but that's about it. Those SOHO "routers" are not 4-port routers by the way. They are basically a 2 port router with a built-in 4 port hub (or switch). BIG difference.
Finally, why the FUCK would you think that anyone is going to use any LRP type distro on an old 386 with a noisy power supply and 4 shitty 10M network cards? Maybe they will run it on an Openbrick or some little box with this chip in it.
The funny thing is, I had just looked at LRP as an option to dump on a machine just a month ago, and didn't use it. It was still running a 2.2 kernel, and I wanted to use iptables. I had also looked at the last release date which was I think over a year old (can't check - the site is/.ed)
There have been lots of security issues over the past year in various items related to the kernel and other packages, and it's hard for me to believe that LRP has been invunerable to any of them. Why would you use something that doesn't get maintained? IMHO, LRP died long ago, it just didn't get burried. It was a rotting corpse on the street.
I just moved to a small town in Maine, and while Verizon is the local telco and provides DSL, there are also no less that 20 DSL providers that provide service. We also have a competitive telco that is laying fiber to every single business and home in the area. Bigger cities have even more choices.
Shrink-wrap license agreements are dubious. I don't think there is a strong case where they have held up or struck down actually, and the software industry is in no hurry to have them all declaired null and void. In fact, there was a case fairly recently where (and my memory is not 100% on the details) where I believe someone wrote a review about some security software without getting permission from the publisher (was this NAI?) and got sued. The reviewer won and the court stated that the restrictions in the "license" were unenforcable. -- Can anyone give a pointer an the article on this? The bottom line is that publishers can't just stick any old restrictions in the agreement and have them be enforcable.
The problem with shrink-wrap licenses as I understand it is that you don't have the ability to negotiate, and there is no explicit legally binding acceptance of the agreement. Of course, IANAL, but this has been an issue for Many years. Some software publishers actually have some of the text of the license agreement on the outside of the box now, to cover themselves better.
Anyway, as to your last sentance, there is no contract - only copyright law. A contract is a legally binding agreement, Usually written but some times spoken, that both parties agree to.
Most ISP's only block outbound port 25. There is no good reason to block inbound. If your ISP blocks inbound 25, it's time to look for a better ISP - there are lots.
I've got one that's worse. Some dipshit used my email address for a "buffy the vampire slayer" notification from Amazon.com. This obnoxios spam periodically sends out an email whenever anything new "buffy" related arives at amazon. After trying to login with the "forgot password" stuff which couldn't find the account, I tried for the next 6 months to get the morons at Amazon to remove my email address from their system. It still comes. So I put a 5XX level reject on the SMTP server so that anything from amazon gets rejected. 3 years later, amazon STILL tries to connect to my server, and Still gets rejected. It seems the idiot admins at amazon NEVER EVER remove bad email address from their system.
So besides the "one click patent" reason to avoid amazon, this is another good reason. I have never bought anything from amazon, and never will.
Actually, I think it's much more simple than that. Microsoft obviously wants to retain the option of spamming. Anti-spam laws might hurt its marketing ability.
Considering the current state of affairs (spam increasing at an exponential rate) it's clear that nothing currently being done from a technical standpoint is working. To anyone with a clue, it's also quite obvious that we can't wait for new email protocols to be invented, coded for hundreds of platforms, and deployed to almost a billion machines. I look at spam laws as a stop-gap measure. It won't solve the problem, but it can make a dent in it. Maybe 10 years from now when we are on IPv6 and some new email protocol, those laws will be obsolete. Somehow, I doubt it though.
Actually, California's law is very permissive in regards to spam. It mainly just requires that the spammer use ADV in the subject line (which few do.) Unfortunately, it only allows ISP's to sue.
For a pretty good summary of laws for all states, see the spamlaws site.
Gentoo, while interesting, actually has a relativly small userbase. BTW, your second link is to kernel.org - what's your point? Kernel.org is not a distro.
People don't generally use a development kernel for production meaning that 2.5.X isn't widely used. That's the point the original poster was making, and it's 100% correct.
I found it interesting that they have dropped some claims about linux like the comment that it was like a bicycle compared to UNIX being a luxury car. I also find it funny that they cite IBM's Linux investment as evidence that they stole code. Wouldn't a big investment like IBM's indicate that they were doing NEW development as opposed to just taking it from somewhere else?
What I REALLY wonder about is all the idiots buying SCO stock, and why it's still hovering around $10 as opposed to the 1 cent it's really worth.
Um, it all depends on the terms of your contract. IBM's license agreement probably looks NOTHING AT ALL like a typical EULA. It's Very Normal in the business world to have an irrevocable license. That's how you protect yourself against crap like SCO is trying to pull. I've negotiated dozens of licensing contracts and made DAMN sure that my companies interests were protected.
These contracts are not "take it or leave it" type things like EULA's are. You negotiate.
Slashdot Mirror
Why would you use something like this when there are several existing software packages that do this for free? Hell, I did this kind of thing YEARS ago with a trivial procmail script.
There are many reasons why confirmation style whitelisting systems suck and are not workable in the REAL world that I could tell you about, but I find it much more entertaining watching people use such stupid systems, crow about how great they are, and then end up abandoning them a few months down the road when they figure it out for themselves.
Have you thought to ask WHY webmasters.com was dropping the replys? Sounds like YOUR hosting company was doing something bad and wanted to hide it from you - like hosting a spammer. To block a bounce message from getting back to you takes Special configuration. Why would they do that if they had nothing to hide?
I have manually blacklisted MANY companies, netblocks, and even entire countries (china and korea come to mind) for bad behavior of various types. My bounce message is usually a little more informative than "you loser" though.
Spews is another list I use. It's INTENT is to punish ISP's that exhibit bad behavior (such as supporting spammers) by increasing the netblock size listed over time as they continue to harbor spammers. By DESIGN, this will piss off people like YOU that don't spam, as all of a sudden YOUR email is blocked and YOU didn't do anything wrong. This should prompt you to bitch at your ISP to find out why they are harboring spammers, and when they plan on getting spammers off their network. By using an ISP that harbors spammers, you are supporting spamming, although indirectly.
Spews is harsh. It intends to be. Listings only occur when ISPs fail to take action in getting rid of the spammers on their network, NOT when they are being proactive. Spam is ugly and needs harsh punishment if we are to do anything to curb it. ISPs need to be held accountable for the spam created on or supported by their network.
Well, sure, but there are other ways to get this. If Cisco had a web form that you pasted the output of "sh ver" to, it could direct you to the exact file. Email is a pathetic solution.
Um, I never heard of "chain saw class". Ive also never heard of any rental shop requiring training for ANYTHING, although most will show you how to use the equipment if you claim you don't know how. Which country are you from?
In the US, drivers education classes are not required (except for under 18 kids driving with provisional licenses, and even then it varies state to state.) All you need to do is pass a test. The test does not require you to know how to change a tire or the oil though, just that you have basic skills to drive and a very basic understanding of the laws. Cars are probably a closer analogy...
But computers are not cars, and there are no requirements at all on knowlege required for computer use. Good thing too, considering how many things have computers in them.
If anything, this can be handled in the private sector without any government intervention. ISP's can have AUP's and usage agreements that require that users maintain their systems and allow for account suspensions or terminations when someone's system has been compromised or is somehow causing problems to others.
Actually, most ISP's ALREADY have something like this in their AUP, but It's Very rare for any ISP to actually enforce those provisions. If ISP's actually starting suspending peoples service when the users are propogating worms or whatever, we might see more people taking an interest in maintaining their systems.
Can someone who has a clue as to the internet's origin please mod this as funny?
Doesn't matter where the SERVER is, it matters where the MONEY goes. Follow the money, find the spammer. Most are in the US.
Filtering does not stop the spammer from using your (and your ISP's) network bandwidth and server resources. It adds up. How well will your filter work when you get 72634 spams a day?
If the law forbids sending spam no matter where the physical server resides, it solves one of your issues. You follow the money. Spam is selling something - a service or product. Money trails are fairly easy for the feds to follow.
Second, the law needs to address theft of network and computer services - again no matter where the theft occurs. It's ALREADY illegal (in the US and some other countries) to break into a machine and install a trojan.
While laws don't cover every case (foreign spammer from foreign servers), they WILL have an impact on levels of spam. Spam is not just a local problem to the US, and if the US has a tough law that really works (on US based spammers) I bet other countries will follow.
Like any computer security issue, spam fighting is a multi-layered approach. Laws are but ONE tool, and while they don't cover every case (foreign spammer from foreign servers), they WILL have an impact on levels of spam. Spam is not just a local problem to the US, and if the US has a tough law that really works (on US based spammers) I bet other countries will follow.
Technical measures are definately a big weapon in the arsenal. We can not wait, however, for a whole new protocol to be developed, coded, and deployed over thousands of platforms and hundreds of millions of systems - that would take Many years. Even then, what if spammers find a way around the anti-spam mechanism? Do you start over?
Blacklisting is another valuable tool to basically force badly behaving networks to change thier behavior, but it doesn't help when ISP's are PART of the problem. Outlaw spam and the ISP's will have no choice but to address the problem. Blacklisting entire countries (like many have done with China and Korea) is a good way to encourage those countries to address the spam problem as well.
If you read the NANAE newsgroup, you can see how blacklists such as SPEWS really do work to change behavior.
Technical measures alone will not stop spam (without a major impact to either privacy, ease of communication, freedom of speech, etc.), laws alone will not stop spam, and both together will not stop spam BUT they will reduce it. If you don't have the weight of laws behind you, there will be NOTHING stopping spammers from finding a way around any technical measure.
Spam is getting much worse very quickly because our lawmakers are pathetically slow to react (and are WAY too easily swayed by the DMA and other industry groups), And most ISP's are still unwilling to implement technical measures or are too busy making money by allowing spammers to spew from their networks.
A business line is MUCH less than $60 / month at least in the 9 states I've worked with. The difference is that you generally pay by the minute even for local calls, although plans can be had (still for much less than $60 / month) that include unlimited local calls.
Businesses also generally have a wider array of providers to choose from. Any larger busness is going to be getting service via a T1 / PRI ISDN frequently direct from a CLEC or ILEC.
Yeah, exactly. It annoys me when companies refuse to release docs to allow people to write their own drivers. I just won't buy their crap.
Whenever I buy hardware now, I make sure that the company has a good track record with open source support either by releasing Good quality drivers directly, or at least by proving full technical information. Why support a company that doesn't? The bottom line is they can have technically the best hardware out there, but unless I can use it with MY OS reliably, it's junk (and that goes for Windows support too.)
Um, freenet? Yes, it's Very slow, but it generally works.
Sigh. Didn't hit preview. My last line was supposed to include a link to http://www.zfmicro.com/zfx86.html which is a basically an entire PC on one chip.
Basically, those little things are fine for little home networks where you want to share your cable / dsl modem over a few PC's, but that's about it. Those SOHO "routers" are not 4-port routers by the way. They are basically a 2 port router with a built-in 4 port hub (or switch). BIG difference.
Finally, why the FUCK would you think that anyone is going to use any LRP type distro on an old 386 with a noisy power supply and 4 shitty 10M network cards? Maybe they will run it on an Openbrick or some little box with this chip in it.
The funny thing is, I had just looked at LRP as an option to dump on a machine just a month ago, and didn't use it. It was still running a 2.2 kernel, and I wanted to use iptables. I had also looked at the last release date which was I think over a year old (can't check - the site is /.ed)
There have been lots of security issues over the past year in various items related to the kernel and other packages, and it's hard for me to believe that LRP has been invunerable to any of them. Why would you use something that doesn't get maintained? IMHO, LRP died long ago, it just didn't get burried. It was a rotting corpse on the street.
I just moved to a small town in Maine, and while Verizon is the local telco and provides DSL, there are also no less that 20 DSL providers that provide service. We also have a competitive telco that is laying fiber to every single business and home in the area. Bigger cities have even more choices.
Shrink-wrap license agreements are dubious. I don't think there is a strong case where they have held up or struck down actually, and the software industry is in no hurry to have them all declaired null and void. In fact, there was a case fairly recently where (and my memory is not 100% on the details) where I believe someone wrote a review about some security software without getting permission from the publisher (was this NAI?) and got sued. The reviewer won and the court stated that the restrictions in the "license" were unenforcable. -- Can anyone give a pointer an the article on this? The bottom line is that publishers can't just stick any old restrictions in the agreement and have them be enforcable.
The problem with shrink-wrap licenses as I understand it is that you don't have the ability to negotiate, and there is no explicit legally binding acceptance of the agreement. Of course, IANAL, but this has been an issue for Many years. Some software publishers actually have some of the text of the license agreement on the outside of the box now, to cover themselves better.
Anyway, as to your last sentance, there is no contract - only copyright law. A contract is a legally binding agreement, Usually written but some times spoken, that both parties agree to.
Most ISP's only block outbound port 25. There is no good reason to block inbound.
If your ISP blocks inbound 25, it's time to look for a better ISP - there are lots.
Did you know that you can switch ISPs? It's a free market.
Frankly, my guess is that your ISP was lying to you. It's much easier to blame someone else than to pony up to the truth sometimes.
I've got one that's worse. Some dipshit used my email address for a "buffy the vampire slayer" notification from Amazon.com. This obnoxios spam periodically sends out an email whenever anything new "buffy" related arives at amazon. After trying to login with the "forgot password" stuff which couldn't find the account, I tried for the next 6 months to get the morons at Amazon to remove my email address from their system. It still comes. So I put a 5XX level reject on the SMTP server so that anything from amazon gets rejected. 3 years later, amazon STILL tries to connect to my server, and Still gets rejected. It seems the idiot admins at amazon NEVER EVER remove bad email address from their system.
So besides the "one click patent" reason to avoid amazon, this is another good reason. I have never bought anything from amazon, and never will.
Actually, I think it's much more simple than that. Microsoft obviously wants to retain the option of spamming. Anti-spam laws might hurt its marketing ability.
Considering the current state of affairs (spam increasing at an exponential rate) it's clear that nothing currently being done from a technical standpoint is working. To anyone with a clue, it's also quite obvious that we can't wait for new email protocols to be invented, coded for hundreds of platforms, and deployed to almost a billion machines. I look at spam laws as a stop-gap measure. It won't solve the problem, but it can make a dent in it. Maybe 10 years from now when we are on IPv6 and some new email protocol, those laws will be obsolete. Somehow, I doubt it though.
Actually, California's law is very permissive in regards to spam. It mainly just requires that the spammer use ADV in the subject line (which few do.) Unfortunately, it only allows ISP's to sue.
For a pretty good summary of laws for all states, see the spamlaws site.
Gentoo, while interesting, actually has a relativly small userbase. BTW, your second link is to kernel.org - what's your point? Kernel.org is not a distro.
People don't generally use a development kernel for production meaning that 2.5.X isn't widely used. That's the point the original poster was making, and it's 100% correct.
I found it interesting that they have dropped some claims about linux like the comment that it was like a bicycle compared to UNIX being a luxury car. I also find it funny that they cite IBM's Linux investment as evidence that they stole code. Wouldn't a big investment like IBM's indicate that they were doing NEW development as opposed to just taking it from somewhere else?
What I REALLY wonder about is all the idiots buying SCO stock, and why it's still hovering around $10 as opposed to the 1 cent it's really worth.
Um, it all depends on the terms of your contract. IBM's license agreement probably looks NOTHING AT ALL like a typical EULA. It's Very Normal in the business world to have an irrevocable license. That's how you protect yourself against crap like SCO is trying to pull. I've negotiated dozens of licensing contracts and made DAMN sure that my companies interests were protected.
These contracts are not "take it or leave it" type things like EULA's are. You negotiate.
Actually, OS/2 was a great product at the perfect time, but suffered from poor marketing and Microsoft's anti-competitive licensing scheme.