From running an Exchange server and dealing with users who're all on Outlook, I learned very quickly to hate Microsoft.
Their server relies on entirely proprietary storage methods, and when the "message store" decides to corrupt itself, it's a nightmare to recover.
The Outlook client is another nightmare, given its ability to let users receive virus files and infect their own machines because "Bill_Gates_piece.jpg.pif" appears as "Bill_Gates_piece.jpg" when they're looking at it.
Now, I've got a better reason to hate Outlook/Exchange even more - my parents are currently going through recovery from a nasty little W95.MTX infection, which wouldn't have happened if they were using just about *any* other POP3 client for their e-mail.
I've heard all of the arguments about the calendar, the address book, directory services, et cetera ad nauseam. Let's be realistic - nobody but the PHBs actually *relies* on the calendar/scheduling functions, and any LDAP server will work as the directory (Stalker's CommuniGate Pro, for example, includes LDAP services as part of the installation - and it doesn't require migration to NT to run it, either.)
I'm still using Eudora in an office where most of the employees have to call the Help Desk once or twice a week because Outlook or Exchange is misbehaving. I'm just glad that I'm no longer the one that has to support that monstrosity.
I've only been using the 6.0 release for about fifteen minutes now, and have noticed that some of the GUI items are broken (setting a theme in Preferences doesn't allow you to click "OK" to get out, among others) and that my Logitech MouseMan's scroll wheel no longer works.
Other than that, I haven't crashed it, and it seems to deal with odd Java and Javascript well enough. It's better for me than MSIE, but not quite as good as iCab.
6.1 should be better, once they get around to bonking the marketroids' skulls who thought that an earlier release with some bugs would be better than a better release a little later...
It never ceases to amaze me that companies will spend millions on network security, firewalls, antivirus software, and then leave a laptop sitting on a desk where any bozo can snatch it.
Then there are companies that have a security officer at every door, photo ID badges, physical bag checks, and let their employees connect modems to their desktops and connect from remote using PCAnywhere or the like.
Without a combination of physical *and* network/IS security, *nothing* in the building is "safe."
Of all of the probes I've seen run against the networks with which I'm associated, @Home is far and away the *largest* source of such probes.
RoadRunner comes in a close second.
When notified that one of their users was attempting an RPC exploit against one of our machines, an @Home representative said, "I didn't think any of our customers were smart enough to do that."
I pointed out that it may not have been @Home's customer making the attempt, but that one of their customers' machines may have been "owned" by some pathetic script kiddie - he was shocked.
I don't think he'd considered the possibility that the entire @Home network is a smurf-cluster (or other "relocated" attack) just waiting to happen...
I know that the two I mentioned don't quite fit the bill - I was making a blanket recommendation to check out the Samsung *line* of flat panel displays.
Don't they teaching "reading the subtext" in high school any more?
Samsung makes a couple of flat panels that may suit you better. I've been rather happy with the 770TFT and the 170MP that I've had a chance to play with.
The @Home "network staff" doesn't even know what SubSeven, Back Orifice, or NetBus are - if they don't understand the fundamentals of network security, what makes anyone think that they'll be able to tell the difference between an SSL-encrypted web connection and a VPN connection?
If you're *that* worried about it, just set your VPN up on 8000 or 8080. They'll *never* notice the difference.
Doesn't anyone remember the old 660AV models that included the "integrated Multimedia Connector," which carried power, sound, and ADB from the CPU to the monitor/base?
If they're holding to the same pattern, you should be able to find a dongle that'll break out the individual cables, allowing you to use a "regular" monitor with such a device, or using a display with the connector on a "regular" machine.
I'm not convinced that the decision has anything to do with their "ethics."
I don't think Earthlink's mail servers have any spare horsepower to run such an application, given their history of yo-yo antics (They're up! They're down!) and spotty availability through their own webmail.earthlink.net "service," which doesn't work very often, either.
When they say it'll degrade customer service, though, I think they're right. At this point, a tech sneezing in MAE East would degrade Earthlink's service.
This is silly - a number of criminals return from prison to make money telling people how to stop them from committing the same crime again. I'd think that a number of companies would be more than willing to hire Mitnick as a security consultant. Under the terms of his probation, he can't do that. But ordering him to stop *talking* about his experiences smacks of the "silence" orders issued to Eastern Bloc "citizens."
Problem: In the case of Usenet, there is *no* "public, unownable street." Every server is owned by *someone*, and the pipe from any server to another is owned by *someone*. You pay your ISP for access to *their* news server. There is no guarantee, and no "right" that any message you post will be propagated anywhere but your own ISP's news server.
Within my own newsfeed, if I want to drop every message from "Zasf Qertyuiop", and not bother to waste my CPU time and/or bandwidth propagating those messages, then I can. You did *not* pay *me* for access to my news spool - you paid *your* ISP for that.
I don't owe *anything* to @Home users, except maybe a recommendation to get a *real* provider. Even AOL appears to have more of a clue than @Home at this time.
You obviously missed the point. FakeBO is a *fake* Back Orifice server, set up to catch the script kiddies who use Back Orifice in the first place.
I was merely observing that the majority of probes that I see come from @Home, and that if they were truly serious about letting people know that abuse would not be tolerated, they'd just lock it down.
Why bother? They don't answer e-mail to abuse@home.com, and it would appear that they don't *act* on that e-mail, either.
Instead of contacting anyone else there, I've simply started redirecting my customers to other broadband providers that *do* take their abuse mail seriously.
I'd bet that I've cost them somewhere between seventy and one hundred customers in the last six months. Conservatively, and assuming I don't redirect any other potential customers, and I've cost them only 15 customers per month over the last six, at $35 per month per customer, I figure they've already lost over $10,000 in potential revenue simply because every time someone mentions high-speed internet access, I direct them to a provider *other* than @Home.
Yup. Don't bother e-mailing abuse@home.com. Call their toll-free number instead, and tell the first live person that you get that you're going to keep calling back until you get to speak to someone in the abuse department.
You'll get the same result, being *nothing*, but it's far more satisfying than an autoresponse.
I'd agree that e-mailed spam from @Home presents a larger problem to me than the Usenet spam, but I've seen the same response to e-mail spam that I have to Usenet spam - NOTHING.
I've e-mailed abuse@home.com on multiple occasions. In one particular case, I got on the phone, and refused to quit until I spoke to someone within the "abuse" department.
Over an hour later, I finally spoke to someone who told me flatly that they weren't going to turn off a paying customer's account just because they were spamming.
So, the several small businesses and many residential customers that I *would* have directed to @Home are now happy SpeedChoice users, and they're not having to deal with a UDP...
If @Home would simply get off of their collective ass and *fix* the problem instead of band-aiding it, (if you spam thirty more times at 10,000 users per spam, we're going to have to warn you again!) the problem would cease to be a problem.
So @Home is large. Cry me a freakin' river. If UUNet can get their act together, and AOL can get *their* act together, then maybe, just maybe, @Home can find a clue and get their house in order, too.
If @Home's accountants would get together with the lawyers and support personnel, and come to the conclusion that if they signed people up for a two-year contract, paid monthly, with the remainder TO BE FORFEIT if the account is terminated for spamming, they wouldn't lose the income from the spammers, and the spamming would *stop*.
While they're at it, they could filter all traffic on ports 12345 and 31337 - FakeBO runs on my firewall, and it has a field day with @Home lusers.
Exactly what I was thinking. I'm sitting here in the middle of three Linux machines (one's an Alpha) and two Macs. Strange that I haven't seen this kind of outcry about the morons on the various @Home networks that leave their Wintel machines open for mail relaying, or the widespread use of Back Orifice on those same networks to base secondary attacks. We're not talking about a "vulnerability" here - we're talking about the fact that an attack can be "relayed" due to a flaw in the way that the Mac OS implements the Mentat Streams. I know where there's a Mac IIsi running AIMS that's had *zero* downtime for the past 27 months, with one exception - they shut down the power to that closet without telling anyone, and the UPS kept it going until the bitter end. As soon as the power came back on, it brought itself back up and kept right on going. Were anyone to examine the percentages, I think they'd find that Windows machines (of *all* flavors) present a much greater and much more widespread threat in "relaying" attacks such as this.
Idea: test Mosaic *first* by using it within the United States Postal Service. See how many "unbalanced" or "violently inclined" people are working there.
The problem that I can see with this is that we don't know who is defining "disturbed" or "violently inclined," and we don't know what their definition will be.
Certainly, the inclination to show up at school with a propane-based fuel-air explosive device would be "violent." What about stuffing the freshman geek into a locker? The infamous "screaming wedgie?"
The "jocks" have what are commonly called "harmless" methods of blowing off steam. When a jock perpetrates violence on fellow students (i.e., the "screaming wedgie" and/or locker-stuffing) it's usually laughed off. Even in college, the "jocks" are granted privileges that even the "normal" students don't get. (How many Arizona State University football players does it take to change a lightbulb? Only one, but he gets four credit hours for it.)
Which one is more "violently inclined": the student who daily gives more than two wedgies, and weekly stuffs more than three students into lockers, or the hapless geek who's been stuffed into the locker three times a week for several months and brings a gun to school to make sure it doesn't happen again because the administration laughs at him every time he brings the problem to them?
No, Mindcraft's credibility remains where it was - they're awfully good at selecting their data to insure that the reader draws the conclusion that Mindcraft's sponsor is looking for:
Microsoft wanted data showing that NT was faster than Linux. Mindcraft arranged it. Then, they wanted data showing that Linux users are juvenile delinquents. Guess what? They got it - they sorted through all of the letters that they received, and picked out the ones that showed Linux users in the worst possible light.
Slashdot Mirror
From running an Exchange server and dealing with users who're all on Outlook, I learned very quickly to hate Microsoft.
Their server relies on entirely proprietary storage methods, and when the "message store" decides to corrupt itself, it's a nightmare to recover.
The Outlook client is another nightmare, given its ability to let users receive virus files and infect their own machines because "Bill_Gates_piece.jpg.pif" appears as "Bill_Gates_piece.jpg" when they're looking at it.
Now, I've got a better reason to hate Outlook/Exchange even more - my parents are currently going through recovery from a nasty little W95.MTX infection, which wouldn't have happened if they were using just about *any* other POP3 client for their e-mail.
I've heard all of the arguments about the calendar, the address book, directory services, et cetera ad nauseam. Let's be realistic - nobody but the PHBs actually *relies* on the calendar/scheduling functions, and any LDAP server will work as the directory (Stalker's CommuniGate Pro, for example, includes LDAP services as part of the installation - and it doesn't require migration to NT to run it, either.)
I'm still using Eudora in an office where most of the employees have to call the Help Desk once or twice a week because Outlook or Exchange is misbehaving. I'm just glad that I'm no longer the one that has to support that monstrosity.
I've only been using the 6.0 release for about fifteen minutes now, and have noticed that some of the GUI items are broken (setting a theme in Preferences doesn't allow you to click "OK" to get out, among others) and that my Logitech MouseMan's scroll wheel no longer works.
Other than that, I haven't crashed it, and it seems to deal with odd Java and Javascript well enough. It's better for me than MSIE, but not quite as good as iCab.
6.1 should be better, once they get around to bonking the marketroids' skulls who thought that an earlier release with some bugs would be better than a better release a little later...
It never ceases to amaze me that companies will spend millions on network security, firewalls, antivirus software, and then leave a laptop sitting on a desk where any bozo can snatch it.
Then there are companies that have a security officer at every door, photo ID badges, physical bag checks, and let their employees connect modems to their desktops and connect from remote using PCAnywhere or the like.
Without a combination of physical *and* network/IS security, *nothing* in the building is "safe."
Of all of the probes I've seen run against the networks with which I'm associated, @Home is far and away the *largest* source of such probes.
RoadRunner comes in a close second.
When notified that one of their users was attempting an RPC exploit against one of our machines, an @Home representative said, "I didn't think any of our customers were smart enough to do that."
I pointed out that it may not have been @Home's customer making the attempt, but that one of their customers' machines may have been "owned" by some pathetic script kiddie - he was shocked.
I don't think he'd considered the possibility that the entire @Home network is a smurf-cluster (or other "relocated" attack) just waiting to happen...
Taco inserted the "mentioned before" comment *well* after the story appeared.
It's called revisionism.
Geez. Point out that they're recycling old news (*Really* old news!) and get moderated down to "Redundant?"
Why not moderate the whole freakin' "news" story down to "redundant" since it was originally posted in January of 1999?
Why bother? None of the submissions I've ever made have gone *anywhere* in favor of recycling old news.
No, there are *no* decent contenders. At this point, my vote will be decided by choosing the lesser of two evils.
I'm thinking that Douglas Adams has the right idea:
"Anyone who is capable of getting themselves made President should on no account be allowed to do the job."
I know that the two I mentioned don't quite fit the bill - I was making a blanket recommendation to check out the Samsung *line* of flat panel displays.
Don't they teaching "reading the subtext" in high school any more?
Samsung makes a couple of flat panels that may suit you better. I've been rather happy with the 770TFT and the 170MP that I've had a chance to play with.
The @Home "network staff" doesn't even know what SubSeven, Back Orifice, or NetBus are - if they don't understand the fundamentals of network security, what makes anyone think that they'll be able to tell the difference between an SSL-encrypted web connection and a VPN connection?
If you're *that* worried about it, just set your VPN up on 8000 or 8080. They'll *never* notice the difference.
Ah, yes... The Sun optical mouse that required the steel mousepad with the lines printed on it?
Is that the mouse to which you are referring?
I was under the impression that it was an option at the time, not standard.
Doesn't anyone remember the old 660AV models that included the "integrated Multimedia Connector," which carried power, sound, and ADB from the CPU to the monitor/base?
If they're holding to the same pattern, you should be able to find a dongle that'll break out the individual cables, allowing you to use a "regular" monitor with such a device, or using a display with the connector on a "regular" machine.
As a Canadian customer of @Home, you should be far more worried about your neighbors snooping through your e-mail than the FBI.
Over half of the script kiddies detected trying to connect to machines that I control come from Canadian @Home connections.
I'm not convinced that the decision has anything to do with their "ethics."
I don't think Earthlink's mail servers have any spare horsepower to run such an application, given their history of yo-yo antics (They're up! They're down!) and spotty availability through their own webmail.earthlink.net "service," which doesn't work very often, either.
When they say it'll degrade customer service, though, I think they're right. At this point, a tech sneezing in MAE East would degrade Earthlink's service.
This is silly - a number of criminals return from prison to make money telling people how to stop them from committing the same crime again. I'd think that a number of companies would be more than willing to hire Mitnick as a security consultant. Under the terms of his probation, he can't do that. But ordering him to stop *talking* about his experiences smacks of the "silence" orders issued to Eastern Bloc "citizens."
Problem: In the case of Usenet, there is *no* "public, unownable street." Every server is owned by *someone*, and the pipe from any server to another is owned by *someone*. You pay your ISP for access to *their* news server. There is no guarantee, and no "right" that any message you post will be propagated anywhere but your own ISP's news server.
Within my own newsfeed, if I want to drop every message from "Zasf Qertyuiop", and not bother to waste my CPU time and/or bandwidth propagating those messages, then I can. You did *not* pay *me* for access to my news spool - you paid *your* ISP for that.
I don't owe *anything* to @Home users, except maybe a recommendation to get a *real* provider. Even AOL appears to have more of a clue than @Home at this time.
You obviously missed the point. FakeBO is a *fake* Back Orifice server, set up to catch the script kiddies who use Back Orifice in the first place.
I was merely observing that the majority of probes that I see come from @Home, and that if they were truly serious about letting people know that abuse would not be tolerated, they'd just lock it down.
Why bother? They don't answer e-mail to abuse@home.com, and it would appear that they don't *act* on that e-mail, either.
Instead of contacting anyone else there, I've simply started redirecting my customers to other broadband providers that *do* take their abuse mail seriously.
I'd bet that I've cost them somewhere between seventy and one hundred customers in the last six months. Conservatively, and assuming I don't redirect any other potential customers, and I've cost them only 15 customers per month over the last six, at $35 per month per customer, I figure they've already lost over $10,000 in potential revenue simply because every time someone mentions high-speed internet access, I direct them to a provider *other* than @Home.
Yup. Don't bother e-mailing abuse@home.com. Call their toll-free number instead, and tell the first live person that you get that you're going to keep calling back until you get to speak to someone in the abuse department.
You'll get the same result, being *nothing*, but it's far more satisfying than an autoresponse.
I'd agree that e-mailed spam from @Home presents a larger problem to me than the Usenet spam, but I've seen the same response to e-mail spam that I have to Usenet spam - NOTHING.
I've e-mailed abuse@home.com on multiple occasions. In one particular case, I got on the phone, and refused to quit until I spoke to someone within the "abuse" department.
Over an hour later, I finally spoke to someone who told me flatly that they weren't going to turn off a paying customer's account just because they were spamming.
So, the several small businesses and many residential customers that I *would* have directed to @Home are now happy SpeedChoice users, and they're not having to deal with a UDP...
If @Home would simply get off of their collective ass and *fix* the problem instead of band-aiding it, (if you spam thirty more times at 10,000 users per spam, we're going to have to warn you again!) the problem would cease to be a problem.
So @Home is large. Cry me a freakin' river. If UUNet can get their act together, and AOL can get *their* act together, then maybe, just maybe, @Home can find a clue and get their house in order, too.
If @Home's accountants would get together with the lawyers and support personnel, and come to the conclusion that if they signed people up for a two-year contract, paid monthly, with the remainder TO BE FORFEIT if the account is terminated for spamming, they wouldn't lose the income from the spammers, and the spamming would *stop*.
While they're at it, they could filter all traffic on ports 12345 and 31337 - FakeBO runs on my firewall, and it has a field day with @Home lusers.
Exactly what I was thinking. I'm sitting here in the middle of three Linux machines (one's an Alpha) and two Macs. Strange that I haven't seen this kind of outcry about the morons on the various @Home networks that leave their Wintel machines open for mail relaying, or the widespread use of Back Orifice on those same networks to base secondary attacks. We're not talking about a "vulnerability" here - we're talking about the fact that an attack can be "relayed" due to a flaw in the way that the Mac OS implements the Mentat Streams. I know where there's a Mac IIsi running AIMS that's had *zero* downtime for the past 27 months, with one exception - they shut down the power to that closet without telling anyone, and the UPS kept it going until the bitter end. As soon as the power came back on, it brought itself back up and kept right on going. Were anyone to examine the percentages, I think they'd find that Windows machines (of *all* flavors) present a much greater and much more widespread threat in "relaying" attacks such as this.
Idea: test Mosaic *first* by using it within the United States Postal Service. See how many "unbalanced" or "violently inclined" people are working there.
The problem that I can see with this is that we don't know who is defining "disturbed" or "violently inclined," and we don't know what their definition will be.
Certainly, the inclination to show up at school with a propane-based fuel-air explosive device would be "violent." What about stuffing the freshman geek into a locker? The infamous "screaming wedgie?"
The "jocks" have what are commonly called "harmless" methods of blowing off steam. When a jock perpetrates violence on fellow students (i.e., the "screaming wedgie" and/or locker-stuffing) it's usually laughed off. Even in college, the "jocks" are granted privileges that even the "normal" students don't get. (How many Arizona State University football players does it take to change a lightbulb? Only one, but he gets four credit hours for it.)
Which one is more "violently inclined": the student who daily gives more than two wedgies, and weekly stuffs more than three students into lockers, or the hapless geek who's been stuffed into the locker three times a week for several months and brings a gun to school to make sure it doesn't happen again because the administration laughs at him every time he brings the problem to them?
Where is the line drawn?
No, Mindcraft's credibility remains where it was - they're awfully good at selecting their data to insure that the reader draws the conclusion that Mindcraft's sponsor is looking for:
Microsoft wanted data showing that NT was faster than Linux. Mindcraft arranged it. Then, they wanted data showing that Linux users are juvenile delinquents. Guess what? They got it - they sorted through all of the letters that they received, and picked out the ones that showed Linux users in the worst possible light.
So Mindcraft's reputation hasn't changed a bit...