Is that worth violating copyright? If you think about it, sites like cnet get paid based on number of visitors. Slashdot can also get sued for violating copyright. Help keep sites like cnet free and slashdot online by discouraging this shit.
This is one of the things that gets me about Windows people sometimes. They don't realize that things exist outside of redmond.
Last time I checked, anything older than MacOS 10 is obsolete. Since Mac OS =>10 is pretty much unix, we now have platform independance. X is available on all those platforms now.
Um, well Yeah. This is the EULA for "workstation" products. You need to buy "SERVER" if you want to run server apps. MS has mdae it quite clear for YEARS (since NT4 came out) that this was the case.
These are not the two you are looking for. Move along.
Why wait? Go to a "business friently" state and start your own consulting company. I moved to a smaller town where the taxes are low, housing / land is cheap, and work can be had for anyone with a little ambition.
California has lost it completely. With the scools ranked 49th in the country, taxes approaching the highest, Loopy laws and fruitcake bezerkely behavior all over the place, housing prices among the top in the country, no jobs, environmentalist protecting fucking common garden worms, some of the most corrupt government officials (Davis and crew) on the planet, why the HELL would you stay?
Yeah, the bay area has traffic sensors all over the place, and you can (sometimes) get the data at the Caltrans website. Frequently though, the web site is broken, and only a few of the speed sensors are returning any data.
What the hell is the point when the system is more broken than functioning?
I've been using the same email address before spam really started. Back then, you didn't worry about giving out your email address. I had also registered several domains with my email address as the contact. That was back in 94. That email account is pretty useless now getting about 150 spams on an average day. It has an auto responder on it pointing people to a web form that they can use to email me to get my new address which doesn't get any spam (yet.) When my current address gets trashed, I'll probably have to do the same thing.
The problem is that spammers are still using my (and my ISP's) bandwidth as long as I use an autoresponder, which I want to do for obvious reasons.
BTW, even though SA is pretty good, it's not perfect. Depending on the settings, either I still get spams through or legit email gets nailed as spam. Some of the newer spam is so simple, just a short sentance and a URL, that it can't be realistically filtered.
No, we want the editors to pay attention to what the heck they are posting! This is happening almost every day, sometimes multiple times a day. You would think embarassing the editors into action would be enough. Apparently not.
Well, if you RTFA, you will see that Opera DOES claim that it's IE except that it also adds the fact that it's opera too. It's also a fact that IE identifies itself as Mozilla, yet MS uses different code for IE than it does for the REAL mozilla.
So what you are asking Opera to do is NOT tell web servers that it's really Opera. This is NOT cool. The web was built on open standards. What MS is tring to do is toss open standards out the window.
By the way, hotmail is MS too, so you can lump it in the same boat as MSN.
Any site that pulls this shit (doing browser checks and denying access or deliberatly delivering broken content to certain browsers) needs to stop that behavior immediatly. It harms us all.
If you RTFA, Opera engineers changed one part of the Agent string to read "Oprah" instead of "Opera" during their test and got the MSIE version which worked fine. This means that MSN deliberatly designed a page for Opera, and that it is broken. The question is WHY, and the answer is obvious. MS has a long history when it comes to the browser market.
Having worked for a mid to large commercial web site, I can assure you that the QA team tests with Multiple versions of multiple vendors browsers on several platforms. If MS with their ~$40B in spare cash doesn't do the testing that we did with a 40 person company on a shoestring budget then they are incompetant, arrogant, and criminally abusing their monopoly.
Oh please. If you RTFA, Opera works fine with the MSIE version of the pages. What MS is doing is deliberate sabotage. It's quite clear what they are doing, and anyone that knows anything about MS's historical behavior knows why.
Granted that you could probably build a user-space filter with a linux box pretty easily that would look for certain patterns and raise alarms / install blocks for certain packets.
Probably take me about a day or two to do it right, but it's a very realistic project considering how easy Netfilter is to use and program for. Performance impact is another question, but again, netfilter comes to the rescue. You can add a filter to your main firewall that routes all AIM traffic through another dedicated box.
Oh please. The guy was using another corporations logos and trademarks without permission. Of COURSE he is going to get a C&D. This kind of thing goes on all the time. The practice predates the internet by quite some time. This is not a "stifling effect" issue.
A car is not software. With software, once a patch is created, it can be replicated billions of times for nothing. There is no "cost per unit". Your analogy fails. Even if we were to use your flawed analogy, cars get recalled all the time for safety defects all repaired at the manufacturers expense. The reality is that manufacturers reserve part of the profit of the car to use in future recalls. It's a standard expense they KNOW they will have. So YES. I expect MS to fix their shit for a reasonable amount of time - say 5 years or so from date of last sale.
One of the reasons you buy commercial software is for support. Exchange is VERY EXPENSIVE. I expect (and customers should demand) that MS fix all security related issues in all current software without being forced to buy new software. MS has over 40 BILLION in cash. They can more than afford to fix their software, and they OWE their customers to do so.
Not to be a troll, but do you REALLY believe that? After all, MS has chosen functionality / features over security on a regular basis. If they were TRUELY serious about security issues and providing good value to their customers, they would offer patches for their existing products as opposed to forcing people to buy a new version to get a secure platform. By the way, I'm talking about patching design flaws, not bug fixing.
MS has not offered security up front. They have been pushed / shamed into it - kicking, screaming, and dragging their feet.
Microsoft's mission is to make as much money as possible. Their customer's needs and desires are secondary. Note that MS is not alone here. The standard business model of (most) commercial software is to sell upgrades. This is one of the main reasons that Open Source is taking off.
I've been using IMP for quite some time, and many large ISP's also use it. It's actually quite mature, and easy for end-users to learn. A post further down claims that installation is difficult, but I have not found that to be the case - in fact it only took about 20 minutes.
Note that IMP (email) is only one module of Horde. Adding the modules together and it trumps what MS WebMail offers by quite a bit.
Then the company is fucking stupid. I suppose they were running around with code-red servers for 6 months or so....
When a security hot-fix is released, it needs to be fast-tracked. Management needs to be on the ball here. The policy MUST MUST MUST take into account critical security issues or they might as well file chapter 11 now and just save everyone a bunch of time... Yes, you can still go through a reasonable process and keep everyone in the loop, but it doesn't mean that it should take months, or even weeks.
Um, writting secure software is fucking hard, which is why all software has bugs. Even in large projects where you have LOTS of REALLY GOOD coders analizing the code, bugs still happen. All a vendor can do is to try their best.
This said, I strongly believe MS has NOT tried hard enough. They keeping releasing stuff configured in an insecure manor as the default. There is no excuse for this. An example on how to do this right is how debian ships. Squid by default only accepts connections from localhost, and almost every service is disabled. Does debian still have bugs? Sure does. Lots. It is pretty easy to apply the fixes however, and takes very little time.
Oh please. I'm not a fan of MS either, but SQL Server is actually quite good (aside from the security hole of course.) Performance and feature wise it is a top notch product.
We are seeing this problem due to lazy network / sysadmins. This problem has had a fix for over six months already, and there is no reason network admins leave the front door wide fucking open.
Yes it is, but "privledged" vs "unprivledged" doesn't really mean anything anymore, especially since Windows ignores the convention (a "standard" that predates Windows 1.0 by the way.) How you handle this is with a connection tracking firewall. Netfilter on the Linux 2.4 kernel does this via the ip_conntrack module. Basically how it works is that access to UDP is denied unless a client machine on the protected side of the firewall has started a conversation first (note that it's not a connection as UDP is a connectionless protocol.) There is a reasonable timeout and then the connection is deleted from the conntrack table. You can see what is in this table via: cat/proc/net/ip_conntrack
The Cisco PIX also uses connection tracking. Most high-end firewalls do.
This worm is especially devistating and fast spreading due to the fact that UDP is used and no connection setup is needed as with traditional TCP.
This worm is just another wakeup call. People need to take some personal responsability and keep their software up to date. Doesn't matter what OS you use. ISP's also need to be more proactive so worms like this don't get out of control. Infected hosts need to be immediatly firewalled. Yeah, someone might bitch, but their other customers are going to thank them for being responsive.
First, Marijuana is not spam. Right or wrong, marijuana is defined as a controlled substance. Should Heroin be legal?
Second, FYI, the US already has laws mandating minimum MPG for cars / SUVs. It's not 45MPG at the moment, but maybe someday it will be. I personally think that minimum MPG laws are good. Obviously enough people agree with these laws that the minimum MPG is continually increasing. Anything that can reduce our dependance on foreign oil is a good thing IMHO.
Third, the constitution has NOTHING to do with spam. Commercial speech is NOT protected under the constitution which is why there are limits on what can be advertized, how, and where, and what claims can be made. These limits just haven't extended to the internet yet, and they probably should be.
Fourth, spam is theft. It is theft of computer and telecommunication resources. By some analysis, spam is now somewhere between 30 - 50% of all email on the net. Who pays for this? Guess what: It's not the spammers. It's you and me and everyone else in our internet access fees. They are stealing our disk space and bandwidth. If people want to advertize, there are PLENTY of other ways besides email. Nobody is restricting advertizers from putting up their own web page or buying banner ads.
It's too bad we don't educate our kids to learn how to use the Shift key.
But back to the topic at hand, if nobody can build a general purpose secure OS, how the fuck do you expect anyone to create a messaging system which the main purpose of is to allow any-to-any communication that is invunerable to spam and still a viable system to be used by businesses and the masses in general? Do you REALLY think that spammers won't find a way around technical limitations?
Imagine a society with no laws. You can be killed by anyone, have your stuff stolen, your daughter raped and no laws to stop it. Only the strong survive. Warlords control everything. This is essentially the internet as it is today.
Back in the "good old days" before AOL invaded Usenet, laws were not really needed. The community for the most part policed itself. This is no longer possible.
We now need laws to enforce proper behavior. Will this stop all spam? No. Do laws against shoplifting stop all theft? No. Do they discurage most people from shoplifting every time they enter a store? Yes, they do. They provide a way for shop owners to protect themselves.
The bottom line is that we KNOW anti-spam laws will not stop all spam. It will however reduce it significantly.
Oh please. Anyone with a little ingenuity can solve this problem. First, you can configure office so that the default file format is RTF. RTF supports most of what people do with Word which is letter writting, memos, and other simplistic documents. RTF importing is actually quite good.
A little procmail scripting coupled with a Windows machine (or 3) setup as automated document converter (a little VB scripting) solves external communication needs nicely.
If this is too tough for you, you can also setup an autoresponder system telling people to resend their documents in a more open format such as PDF or RTF, etc.
The argument that it's the de-facto industry standard so you can't change is a red-herring.
Complex spreadsheets are a little more difficult, but only a small fraction of people use them anyway. You leave them on Windows (or run vmware, crossover office, etc.) If you can convert 90% + of your office to Linux / OO, you win. It's actually amazing how good gnumeric and OO are with excel sheets.
Slashdot Mirror
C Pound does sound stupid, but so does "C Hash" or "C Octothorpe". :-) ON
:-) OFF (for the humor impaired)
By the way, why did those loonie Britons use a goofy character for money that can't be represented by ASCII?
Is that worth violating copyright? If you think about it, sites like cnet get paid based on number of visitors. Slashdot can also get sued for violating copyright. Help keep sites like cnet free and slashdot online by discouraging this shit.
Heh. Whenever I have mod points and see this shit, it's a -1 redundant. On the other hand, if it posted because of a slasdotting, I mod it up.
You can help by doing meta mod which should help reduce mod opportunities for stupid moderators that don't RTFA, etc.
This is one of the things that gets me about Windows people sometimes. They don't realize that things exist outside of redmond.
Last time I checked, anything older than MacOS 10 is obsolete. Since Mac OS =>10 is pretty much unix, we now have platform independance. X is available on all those platforms now.
Um, well Yeah. This is the EULA for "workstation" products. You need to buy "SERVER" if you want to run server apps. MS has mdae it quite clear for YEARS (since NT4 came out) that this was the case.
These are not the two you are looking for. Move along.
... but it CAN be trademarked... Hmm.
Why wait? Go to a "business friently" state and start your own consulting company.
I moved to a smaller town where the taxes are low, housing / land is cheap, and work can be had for anyone with a little ambition.
California has lost it completely. With the scools ranked 49th in the country, taxes approaching the highest, Loopy laws and fruitcake bezerkely behavior all over the place, housing prices among the top in the country, no jobs, environmentalist protecting fucking common garden worms, some of the most corrupt government officials (Davis and crew) on the planet, why the HELL would you stay?
Yeah, the bay area has traffic sensors all over the place, and you can (sometimes) get the data at the Caltrans website. Frequently though, the web site is broken, and only a few of the speed sensors are returning any data.
What the hell is the point when the system is more broken than functioning?
I've been using the same email address before spam really started. Back then, you didn't worry about giving out your email address. I had also registered several domains with my email address as the contact. That was back in 94. That email account is pretty useless now getting about 150 spams on an average day. It has an auto responder on it pointing people to a web form that they can use to email me to get my new address which doesn't get any spam (yet.) When my current address gets trashed, I'll probably have to do the same thing.
The problem is that spammers are still using my (and my ISP's) bandwidth as long as I use an autoresponder, which I want to do for obvious reasons.
BTW, even though SA is pretty good, it's not perfect. Depending on the settings, either I still get spams through or legit email gets nailed as spam. Some of the newer spam is so simple, just a short sentance and a URL, that it can't be realistically filtered.
No, we want the editors to pay attention to what the heck they are posting! This is happening almost every day, sometimes multiple times a day. You would think embarassing the editors into action would be enough. Apparently not.
Well, if you RTFA, you will see that Opera DOES claim that it's IE except that it also adds the fact that it's opera too. It's also a fact that IE identifies itself as Mozilla, yet MS uses different code for IE than it does for the REAL mozilla.
So what you are asking Opera to do is NOT tell web servers that it's really Opera.
This is NOT cool. The web was built on open standards. What MS is tring to do is toss open standards out the window.
By the way, hotmail is MS too, so you can lump it in the same boat as MSN.
Any site that pulls this shit (doing browser checks and denying access or deliberatly delivering broken content to certain browsers) needs to stop that behavior immediatly. It harms us all.
If you RTFA, Opera engineers changed one part of the Agent string to read "Oprah" instead of "Opera" during their test and got the MSIE version which worked fine. This means that MSN deliberatly designed a page for Opera, and that it is broken. The question is WHY, and the answer is obvious. MS has a long history when it comes to the browser market.
Having worked for a mid to large commercial web site, I can assure you that the QA team tests with Multiple versions of multiple vendors browsers on several platforms. If MS with their ~$40B in spare cash doesn't do the testing that we did with a 40 person company on a shoestring budget then they are incompetant, arrogant, and criminally abusing their monopoly.
Oh please. If you RTFA, Opera works fine with the MSIE version of the pages. What MS is doing is deliberate sabotage. It's quite clear what they are doing, and anyone that knows anything about MS's historical behavior knows why.
Sniffing and filtering are two different things.
Granted that you could probably build a user-space filter with a linux box pretty easily that would look for certain patterns and raise alarms / install blocks for certain packets.
Probably take me about a day or two to do it right, but it's a very realistic project considering how easy Netfilter is to use and program for. Performance impact is another question, but again, netfilter comes to the rescue. You can add a filter to your main firewall that routes all AIM traffic through another dedicated box.
Oh please. The guy was using another corporations logos and trademarks without permission. Of COURSE he is going to get a C&D. This kind of thing goes on all the time. The practice predates the internet by quite some time. This is not a "stifling effect" issue.
A car is not software. With software, once a patch is created, it can be replicated billions of times for nothing. There is no "cost per unit". Your analogy fails. Even if we were to use your flawed analogy, cars get recalled all the time for safety defects all repaired at the manufacturers expense. The reality is that manufacturers reserve part of the profit of the car to use in future recalls. It's a standard expense they KNOW they will have. So YES. I expect MS to fix their shit for a reasonable amount of time - say 5 years or so from date of last sale.
One of the reasons you buy commercial software is for support. Exchange is VERY EXPENSIVE. I expect (and customers should demand) that MS fix all security related issues in all current software without being forced to buy new software. MS has over 40 BILLION in cash. They can more than afford to fix their software, and they OWE their customers to do so.
Not to be a troll, but do you REALLY believe that? After all, MS has chosen functionality / features over security on a regular basis. If they were TRUELY serious about security issues and providing good value to their customers, they would offer patches for their existing products as opposed to forcing people to buy a new version to get a secure platform. By the way, I'm talking about patching design flaws, not bug fixing.
MS has not offered security up front. They have been pushed / shamed into it - kicking, screaming, and dragging their feet.
Microsoft's mission is to make as much money as possible. Their customer's needs and desires are secondary. Note that MS is not alone here. The standard business model of (most) commercial software is to sell upgrades. This is one of the main reasons that Open Source is taking off.
I've been using IMP for quite some time, and many large ISP's also use it. It's actually quite mature, and easy for end-users to learn. A post further down claims that installation is difficult, but I have not found that to be the case - in fact it only took about 20 minutes.
Note that IMP (email) is only one module of Horde. Adding the modules together and it trumps what MS WebMail offers by quite a bit.
Then the company is fucking stupid. I suppose they were running around with code-red servers for 6 months or so....
When a security hot-fix is released, it needs to be fast-tracked. Management needs to be on the ball here. The policy MUST MUST MUST take into account critical security issues or they might as well file chapter 11 now and just save everyone a bunch of time... Yes, you can still go through a reasonable process and keep everyone in the loop, but it doesn't mean that it should take months, or even weeks.
Um, writting secure software is fucking hard, which is why all software has bugs. Even in large projects where you have LOTS of REALLY GOOD coders analizing the code, bugs still happen. All a vendor can do is to try their best.
This said, I strongly believe MS has NOT tried hard enough. They keeping releasing stuff configured in an insecure manor as the default. There is no excuse for this. An example on how to do this right is how debian ships. Squid by default only accepts connections from localhost, and almost every service is disabled. Does debian still have bugs? Sure does. Lots. It is pretty easy to apply the fixes however, and takes very little time.
Oh please. I'm not a fan of MS either, but SQL Server is actually quite good (aside from the security hole of course.) Performance and feature wise it is a top notch product.
We are seeing this problem due to lazy network / sysadmins. This problem has had a fix for over six months already, and there is no reason network admins leave the front door wide fucking open.
Yes it is, but "privledged" vs "unprivledged" doesn't really mean anything anymore, especially since Windows ignores the convention (a "standard" that predates Windows 1.0 by the way.) How you handle this is with a connection tracking firewall. Netfilter on the Linux 2.4 kernel does this via the ip_conntrack module. Basically how it works is that access to UDP is denied unless a client machine on the protected side of the firewall has started a conversation first (note that it's not a connection as UDP is a connectionless protocol.) There is a reasonable timeout and then the connection is deleted from the conntrack table. You can see what is in this table via: /proc/net/ip_conntrack
cat
The Cisco PIX also uses connection tracking. Most high-end firewalls do.
This worm is especially devistating and fast spreading due to the fact that UDP is used and no connection setup is needed as with traditional TCP.
This worm is just another wakeup call. People need to take some personal responsability and keep their software up to date. Doesn't matter what OS you use. ISP's also need to be more proactive so worms like this don't get out of control. Infected hosts need to be immediatly firewalled. Yeah, someone might bitch, but their other customers are going to thank them for being responsive.
Please.
First, Marijuana is not spam. Right or wrong, marijuana is defined as a controlled substance. Should Heroin be legal?
Second, FYI, the US already has laws mandating minimum MPG for cars / SUVs. It's not 45MPG at the moment, but maybe someday it will be. I personally think that minimum MPG laws are good. Obviously enough people agree with these laws that the minimum MPG is continually increasing. Anything that can reduce our dependance on foreign oil is a good thing IMHO.
Third, the constitution has NOTHING to do with spam. Commercial speech is NOT protected under the constitution which is why there are limits on what can be advertized, how, and where, and what claims can be made. These limits just haven't extended to the internet yet, and they probably should be.
Fourth, spam is theft. It is theft of computer and telecommunication resources.
By some analysis, spam is now somewhere between 30 - 50% of all email on the net. Who pays for this? Guess what: It's not the spammers. It's you and me and everyone else in our internet access fees. They are stealing our disk space and bandwidth. If people want to advertize, there are PLENTY of other ways besides email. Nobody is restricting advertizers from putting up their own web page or buying banner ads.
Oh my.
It's too bad we don't educate our kids to learn how to use the Shift key.
But back to the topic at hand, if nobody can build a general purpose secure OS, how the fuck do you expect anyone to create a messaging system which the main purpose of is to allow any-to-any communication that is invunerable to spam and still a viable system to be used by businesses and the masses in general? Do you REALLY think that spammers won't find a way around technical limitations?
Imagine a society with no laws. You can be killed by anyone, have your stuff stolen, your daughter raped and no laws to stop it. Only the strong survive. Warlords control everything. This is essentially the internet as it is today.
Back in the "good old days" before AOL invaded Usenet, laws were not really needed. The community for the most part policed itself. This is no longer possible.
We now need laws to enforce proper behavior. Will this stop all spam? No. Do laws against shoplifting stop all theft? No. Do they discurage most people from shoplifting every time they enter a store? Yes, they do. They provide a way for shop owners to protect themselves.
The bottom line is that we KNOW anti-spam laws will not stop all spam. It will however reduce it significantly.
Oh please. Anyone with a little ingenuity can solve this problem. First, you can configure office so that the default file format is RTF. RTF supports most of what people do with Word which is letter writting, memos, and other simplistic documents. RTF importing is actually quite good.
A little procmail scripting coupled with a Windows machine (or 3) setup as automated document converter (a little VB scripting) solves external communication needs nicely.
If this is too tough for you, you can also setup an autoresponder system telling people to resend their documents in a more open format such as PDF or RTF, etc.
The argument that it's the de-facto industry standard so you can't change is a red-herring.
Complex spreadsheets are a little more difficult, but only a small fraction of people use them anyway. You leave them on Windows (or run vmware, crossover office, etc.) If you can convert 90% + of your office to Linux / OO, you win. It's actually amazing how good gnumeric and OO are with excel sheets.