A language-flamewar never goes well, but from what I've seen most desktop java apps are horribly slow, they depend on the user having the correct JVM installed, and so forth.
With C a quick recompile gives you a lean and mean system, without being horribly slow and having to muck around with different JVMs and so forth.
Sure, I'm easily convinced that it's more fun to code java. It's a pain in ass to use the programs that are made, though.
Okay, I'm lying a bit. I like to play tactic-games like Command and Conquer and so forth for a couple of hour against friends.
On the other hand, at the moment, I'm paying FreeCiv in my 60th hour - and to be quite frank, I don't think I'll be finished before spending a couple of hundred hours there.
But the greatest game(s) of all time was Ultima 7 Part I and Part II... and you didn't finish those games in the first 200 hours.
The well known security scanner in question is probably Nessus.
It reports _truly_ obscure things, as it should, but which security consluttants has a tendency to blow out of proportion.
One of the points of security consluttants is to use tools to MAP the network. Then they should determine what your network SHOULD do, and which services SHOULD be running - and doing _what_.
Then they should check this against the map of the network, and remove all items which are irrelevant, and interpret the facts.
THEN they should return the report.
Sorry. I don't consider it a hole that the webserver reports which Apache version it's running. Neither do I consider it a hole that BIND returns which version it is. Neither do I consider it a hole that the FTP server puts up a banner identifying it... and so forth
Open BIOS? Of course you want an open, standardised BIOS. If you've ever run large server parks with loads of different hardware, you would know to appreciate them.
Oh, and:
http://www.openbios.info/
If only PC-hardware guys could ever start implementing something like Suns boot> prompt - oh and the LOM prompt of course, things would be so much nicer.
I started to nod when reading the article. I too, do tech-support for my parents. The cool thing is, I've convinced them to run Linux. My father use Linux on his laptop - and will be doing his first upgrade for himself next week (up from SuSE 9.0 to SuSE 9.2). My mother also use SuSE on her stationary.
The only time I do windows tech-support is for the bicycle workshop I use to get my bike fixed. The deal is quite excellent. I update/fix his computer while he fix my bike. I don't charge for my work, he doesn't charge for his work - but we both have to pay for the hardware (i.e I pay for new tires, he pays for more RAM/disk/CPU/whatever).
Some would claim he is getting the better deal, but remember that I get my bike fixed "at once", while other customers have to wait up to a week to get their bike fixed.;)
I would think not even the allmighty google would be able to store all the email received for all the accounts.
Without any real active use, just some mailing lists, I've received 47MB already. In just a few months. They're not even very active mailinglists.
Add all those that use google as storage, that get big attachments, and so forth ad infinitum.
Just a guess, but gmail, how many users do they have yet? One million? Ten? Take that numbers, times 100MB.. in less than a year.
Now remember that things have to be redundant, searchable, indexed, and so forth.
The _immense_ ammount of storage that will be needed in a couple of years points to that they will have to delete email in the future. They can't store everything forever... i think.:)
OpenNTPD, a network time protocol daemon and server, recently released.
From what I can gather from various NTP mailing lists, this is an SNTP-implementation, not an NTP-implementation. SNTP is just a subset of NTP, and not a fully functional NTP daemon.
If I'm not entirely mistaken, you're not allowed to join into the pool.ntp.org -pool if you're running OpenNTPD.
Hope the OpenNTPD developers will address this and make the service fully compliant.
Not that the logo makes a difference when it comes to the OS (which I absolutely love. NetBSD is one of my favorite OSs) - but I think the new logo sucks.
I loved the look of the old one. The BSD daemons scrambling to raise their banner. It gave me a nice feel.
Now we've got this.. flag.. and nothing more. It doesn't tell me anything. It's got no feelings, no 'struggle', no cooperation.. and no _daemons_.
But sure.. it's clean looking.. but.. I really don't care about that.
TWINKLE hasn't yet been built and, in its original form, probably never will be.
I stand corrected. I always thought it was a real machine, but after reading up on wikipedia, it turns out that wikipedia supports you - and I yield to both of you.:)
As far as anyone knows, that integer (rsa-512) has never been used as the public modulus of an RSA key.
I don't know RSA good enough, but I seem to remember a ruckus a year or two ago, where some certificates were given out with keys shorter than 512bits - I would think that was the public modulus of the key, but I'm not certain.
I have, by the way, read The Codebook by Simon Singh, but I'm not a matematician.
Which, while possible, is very unlikely (it would be the cryptography equivolent of finding a way to turn lead into gold).
Well, they _may_ have found a method to factor products of large primes more efficiently. There has been made major strides to that goal during the last ten years or so (or so it seems to me, a non-matematician).
TWINKLE broke the 512bit RSA key. Bernstein has a proposal on how a machine could break a 1024bit key. For all we know, the NSA may have found better methods - which are able to factor 2048bit keys in a short timespan.
How likely it is.. I've got no clue.
However, what IS certain is that pure bruteforcing is out of the question. Whatever the paranoids may believe, not even the NSA sit on fast enough computers to break into a single SSH session if they use todays public knowledge on algorithms. Not even all the worlds computers combined would be able to break into such a session with reasonable time. Breaking into lots of them in parallell -- "yeah right".
Well, what do you think they'll do with it? Decrypt it of course!
Not very likely. They need to have found major weaknesses in several algorithms to be able to do that.
They can't do it brute force. That is not computationally feasable. Thus, they need to have found major weaknesses. The question is -- is there such major weaknesses?
Ask a farmer what he/she thinks about the latest pesticides, or if terracing has conserved as much soil as environmental proponents say. You'll get an easy hour of discussion out of a farmer that way. It'll bore you to freaking tears, but you'll get an easy hour of discussion out of a farmer that way.
I don't know much about this on beforehand. It would on the other hand be very interesting to discuss this with a farmer once. I would actually find it very interesting - even though it's information that is totally useless for me.
I like to learn, and I like to dicuss.
Ask a teacher what he/she thinks about No Child Left Behind.
While I have no idea what "No Child Left Behind" is (I'm not an american) - I'm sure I would find it a very interesting discussion too.
I like to learn, and I like to discuss.
Ask an automotive engineer what he/she thinks about the disappearance of shade-tree mechanics.
I have no idea what you're talking about - maybe if you told me what it meant in Norwegian.;) I'm pretty sure I would find that too interesting to talk about, even though I'm generally not very interested in cars. Mechanics on the other hand, is interesting.
Now, what I find incredibly irritating is people that don't want to learn about other things. People that say "nah, I don't need to learn about that" - or "nah, i'm not interesting in learning anything about that".. or "Nah, i'm not good with that".
Black and white sure copped him some flack, but the man is always coming up with wacky new idea's, look at Syndicate, Magic Carpet, Black and white - Populous - the man does things differently and he's not frightened to experiment.
I wish for a remake of Syndicate and Magic Carpet. What I would really love would be Syndicate with more maps/areas (smaller countries), ability to play more players in multiplayer, and so forth. It was one of the coolest games I've ever played. Add TCP/IP options to Syndicate!:)
Magic Carpet would be similarly cool as a remake. It was one of those Great Games, and it would be really, really, really cool to be able to play it over the Internet.:)
Uh? What relevance does this has to do with what I'm saying?
The definition of a release candidate is something you THINK is free of release-critical bugs. There may of course be more than one - but when you release the first, you should not have the second in your thoughts yet. It should ONLY arrive if show-stoppers are found in the first.
If no show-stoppers are found, the release candidate should be retagged to be the final release.
In other words - having "RC2" in the plans for the beginning shows that RC1 isn't really a release-candidate.
So this is the candidate for the preview release for the final release? What is this called? Release Candidate Candidate?
Personally I think the entire concept of "Release Candidate" has been abused severly in many Open Source projects. A Release Candidate should be released, and if no showstoppers is found it in - it should become the FINAL release.
I shuddered when KDE had both "RC1" and "RC2" in their release schedule long before they had actually reached that stage. An RC2 should never - in my opinion - be planned on beforehand.
Anyways. "Final Beta" would probably be a nice name for it.;)
This will certainly burn some bridges, but if you think it's worth it - and that you are wroth it - then do it.
Please remember, it's not a good thing to burn bridges at all if you're not outstanding at what you do - but if you're one of the most excellent people at our place, and you will be missed due to your skills, then it may be worth it.
However, from your story - it seems that your workplace isn't very fond of you, and that it will be interpreted as sour grapes if you do anything. That will not be a good thing.
Anyways, if by chance, you are a very productive, very well skilled person - then write up a letter on why you are leaving the company, why your direct superior is an asshole, and so forth. Tailor several letters. The one about your superior should be slipped to his superior. The one about other people should be slipped to their superiors. Make it perfectly clear why you are leaving the job - and make sure to let the real bosses know what work you've actually done that is very, very good.
Normally, though. If it's you that do not fit in, don't play any pranks - just inform your boss that you're not happy with the work environment, and that you've found another place where your skills will be used properly. That you wish this would be the case at the place you're leaving - but that the situation wasn't working out.
At the risk of going over very old and well-trodden ground, if PG wanted to be useful for "scholarly purposes" it should long ago have corrected the original mistake of using plain text,
Personally I'm of the opinion that allmost everything is better represented as plain text. In extreme cases, maybe plain text + italics, bold, and the ability to link in pictues.
I can understand other arguments, but in general, I think plain text is the most universal and common format - and thus best suited.
Maybe everything should have a 'source' with more meta-formatting, but with plaintext as the default 'export'.
I've not stopped because of pirating. I pirated games at the time I bought games in addition. The reason I've stopped buying games is that I won't buy games that are released in boxed edition as windows only. On the other hand, I've stopped pirating games too.
Sorry mac, not gonna pay for that.
I'm probably in a real tiny minority here, but hey, that's my reason. If they want me as their customer, make the games available for the system I use. Then I'll buy them. Not before.
Does this discovery point to any kind of meaningful exploit?
Yes, I can think of one immediately.
File sharing networks, where someone can inject garbage with the correct hash - for example in a bittorrent network. I don't know which hashing function bt uses, but if it turns out to be easy to generate collisions - you could wreak havoc against movie-sharers all over the globe.
I'm pretty sure the MPAA / RIAA would throw a gigantic party if such a break became easy.
This is really good advice, but you can do more.:-)
Well, one can always do more.:-)
Most ISPs really appreciate the complete header of the mail, and sometimes even the body in case of spam.
In the case of spam - indeed. In the case of viruses, there is really no need, especially not after gaining the ISPs trust by sending chunk after chunk of correct virus reports. The only part they actually need is the 'Received: from' line, and the name of the virus. It's not like they're going to close the poor bastards account or anything - just call him and give him a heads up about "Eyh mate, we're receiving reports that your computer is sending virus to others.. you should get yourself a virus scanner.. we can recommend the following ones".... and if he doesn't do anything about it - and they get more complaints, they'll just shut his account UNTIL he can confirm, by phone that "uh, yeah, sorry about that, I had a virus.. it's removed know.. honestly!"
First of all it adds to the authenticity, and second they'll be able to forward your complaint to the responsible ISPs if you had too much beer while reading a spoofed header (more so for spam than virus mails).
Well, if it's spam you should of course add the entire mail - as we're talking about permanently remove the suckers account then. In the case of viruses it's another cup of tea - at least in my experience.
And, well, there isn't too much to be spoofable. I check who sent the email to the mailserver I admin, and then just ship of a report to the ISP that admins that IP space.:) Most viruses doesn't seek out open relays to mail themselves from, and if they do - the ISP will know since I include the name of the virus (thus they know whether they've got a user with a virus, or a user with an open relay).
If I've sent the email to the wrong ISP, I prefer being hit with a cluebat, instead of them having to relay the message for me.;)
To aid in identifying the correct abuse addresses I can recommend the hinfo utility as a complement to whois.
Hm, what does that tool do? What databases does it look up? Just the "hinfo" part of DNS?
Oh and if you're stuck with a standard whois, consider replacing it with the one made by Marco d'Itri - it's the default in Debian, and has the ability to guess the correct whois hosts to ask.
I tend to use the stock one that comes with suse. According to --version, its written by some "md plus whois at linux dot it" (obfuscated on purpose) -- which seems to match the name your mentioning.:)
Nah. We only get around 50 viruses per day, and I've made a list of the responsive ISPs. I tend to email the responsive ISP's one email per day, containing nothing but the relevant headers.
The ISPs just receives an email with the name of the virus, and the Received: from header(s) they need to track down the person with that virus.
Most is automatically generated by my scripts. I just paste it into my mail client and send it off with a few nice words on top of the list - and if I'm very pleased with the ISPs responsiveness in the past -- some nice words of encouragement for their great work.
The cool thing is that I'm seeing an actual reduction in viruses received from the responsive ISPs, and when they're bogged down - I've gotten my "IMPORTANT!" emails moved quickly up the queue. One particular instance with someone that was pounding our mailserver several times per minute - I got a response from the ISP within 20 minutes.:-)) (The same ISP usually responds within one business day, but they moved that particular request up the queue very, very fast:-)
Slashdot Mirror
A language-flamewar never goes well, but from what I've seen most desktop java apps are horribly slow, they depend on the user having the correct JVM installed, and so forth.
With C a quick recompile gives you a lean and mean system, without being horribly slow and having to muck around with different JVMs and so forth.
Sure, I'm easily convinced that it's more fun to code java. It's a pain in ass to use the programs that are made, though.
Okay, I'm lying a bit. I like to play tactic-games like Command and Conquer and so forth for a couple of hour against friends.
... and you didn't finish those games in the first 200 hours.
On the other hand, at the moment, I'm paying FreeCiv in my 60th hour - and to be quite frank, I don't think I'll be finished before spending a couple of hundred hours there.
But the greatest game(s) of all time was Ultima 7 Part I and Part II
The well known security scanner in question is probably Nessus.
.. and so forth
It reports _truly_ obscure things, as it should, but which security consluttants has a tendency to blow out of proportion.
One of the points of security consluttants is to use tools to MAP the network. Then they should determine what your network SHOULD do, and which services SHOULD be running - and doing _what_.
Then they should check this against the map of the network, and remove all items which are irrelevant, and interpret the facts.
THEN they should return the report.
Sorry. I don't consider it a hole that the webserver reports which Apache version it's running. Neither do I consider it a hole that BIND returns which version it is. Neither do I consider it a hole that the FTP server puts up a banner identifying it.
To drive someone completely insane. add the following in their .bashrc:
.bashrc
echo "sleep 1" >>
Unless they're extremely 'above smart' they'll spend some time figuring it out.. and it's _extremely_ annoying.
Open BIOS? Of course you want an open, standardised BIOS. If you've ever run large server parks with loads of different hardware, you would know to appreciate them.
Oh, and:
http://www.openbios.info/
If only PC-hardware guys could ever start implementing something like Suns boot> prompt - oh and the LOM prompt of course, things would be so much nicer.
I started to nod when reading the article. I too, do tech-support for my parents. The cool thing is, I've convinced them to run Linux. My father use Linux on his laptop - and will be doing his first upgrade for himself next week (up from SuSE 9.0 to SuSE 9.2). My mother also use SuSE on her stationary.
;)
The only time I do windows tech-support is for the bicycle workshop I use to get my bike fixed. The deal is quite excellent. I update/fix his computer while he fix my bike. I don't charge for my work, he doesn't charge for his work - but we both have to pay for the hardware (i.e I pay for new tires, he pays for more RAM/disk/CPU/whatever).
Some would claim he is getting the better deal, but remember that I get my bike fixed "at once", while other customers have to wait up to a week to get their bike fixed.
I would think not even the allmighty google would be able to store all the email received for all the accounts.
.. in less than a year.
.. i think. :)
Without any real active use, just some mailing lists, I've received 47MB already. In just a few months. They're not even very active mailinglists.
Add all those that use google as storage, that get big attachments, and so forth ad infinitum.
Just a guess, but gmail, how many users do they have yet? One million? Ten? Take that numbers, times 100MB
Now remember that things have to be redundant, searchable, indexed, and so forth.
The _immense_ ammount of storage that will be needed in a couple of years points to that they will have to delete email in the future. They can't store everything forever.
OpenNTPD, a network time protocol daemon and server, recently released.
.
From what I can gather from various NTP mailing lists, this is an SNTP-implementation, not an NTP-implementation. SNTP is just a subset of NTP, and not a fully functional NTP daemon.
If I'm not entirely mistaken, you're not allowed to join into the pool.ntp.org -pool if you're running OpenNTPD
Hope the OpenNTPD developers will address this and make the service fully compliant.
Not that the logo makes a difference when it comes to the OS (which I absolutely love. NetBSD is one of my favorite OSs) - but I think the new logo sucks.
.. flag .. and nothing more. It doesn't tell me anything. It's got no feelings, no 'struggle', no cooperation .. and no _daemons_.
.. but .. I really don't care about that.
I loved the look of the old one. The BSD daemons scrambling to raise their banner. It gave me a nice feel.
Now we've got this
But sure.. it's clean looking
Bad choice, imho.
Garbage.
:)
TWINKLE hasn't yet been built and, in its original form, probably never will be.
I stand corrected. I always thought it was a real machine, but after reading up on wikipedia, it turns out that wikipedia supports you - and I yield to both of you.
As far as anyone knows, that integer (rsa-512) has never been used as the public modulus of an RSA key.
I don't know RSA good enough, but I seem to remember a ruckus a year or two ago, where some certificates were given out with keys shorter than 512bits - I would think that was the public modulus of the key, but I'm not certain.
I have, by the way, read The Codebook by Simon Singh, but I'm not a matematician.
Which, while possible, is very unlikely (it would be the cryptography equivolent of finding a way to turn lead into gold).
.. I've got no clue.
Well, they _may_ have found a method to factor products of large primes more efficiently. There has been made major strides to that goal during the last ten years or so (or so it seems to me, a non-matematician).
TWINKLE broke the 512bit RSA key. Bernstein has a proposal on how a machine could break a 1024bit key. For all we know, the NSA may have found better methods - which are able to factor 2048bit keys in a short timespan.
How likely it is
However, what IS certain is that pure bruteforcing is out of the question. Whatever the paranoids may believe, not even the NSA sit on fast enough computers to break into a single SSH session if they use todays public knowledge on algorithms. Not even all the worlds computers combined would be able to break into such a session with reasonable time. Breaking into lots of them in parallell -- "yeah right".
Well, what do you think they'll do with it?
Decrypt it of course!
Not very likely. They need to have found major weaknesses in several algorithms to be able to do that.
They can't do it brute force. That is not computationally feasable. Thus, they need to have found major weaknesses. The question is -- is there such major weaknesses?
The average person isn't apathetic or stupid.
;) I'm pretty sure I would find that too interesting to talk about, even though I'm generally not very interested in cars. Mechanics on the other hand, is interesting.
.. or "Nah, i'm not good with that".
Yes he is.
Ask a farmer what he/she thinks about the latest pesticides, or if terracing has conserved as much soil as environmental proponents say. You'll get an easy hour of discussion out of a farmer that way. It'll bore you to freaking tears, but you'll get an easy hour of discussion out of a farmer that way.
I don't know much about this on beforehand. It would on the other hand be very interesting to discuss this with a farmer once. I would actually find it very interesting - even though it's information that is totally useless for me.
I like to learn, and I like to dicuss.
Ask a teacher what he/she thinks about No Child Left Behind.
While I have no idea what "No Child Left Behind" is (I'm not an american) - I'm sure I would find it a very interesting discussion too.
I like to learn, and I like to discuss.
Ask an automotive engineer what he/she thinks about the disappearance of shade-tree mechanics.
I have no idea what you're talking about - maybe if you told me what it meant in Norwegian.
Now, what I find incredibly irritating is people that don't want to learn about other things. People that say "nah, I don't need to learn about that" - or "nah, i'm not interesting in learning anything about that"
Black and white sure copped him some flack, but the man is always coming up with wacky new idea's, look at Syndicate, Magic Carpet, Black and white - Populous - the man does things differently and he's not frightened to experiment.
:)
:)
;)
I wish for a remake of Syndicate and Magic Carpet. What I would really love would be Syndicate with more maps/areas (smaller countries), ability to play more players in multiplayer, and so forth. It was one of the coolest games I've ever played. Add TCP/IP options to Syndicate!
Magic Carpet would be similarly cool as a remake. It was one of those Great Games, and it would be really, really, really cool to be able to play it over the Internet.
Ooh, how I wish those could come true.
Oh, and I want linux ports.
Ultima 7, both of them.
The games are more than 10 years old, but still the best couple of RPGs ever produced, imho.
Uh? What relevance does this has to do with what I'm saying?
The definition of a release candidate is something you THINK is free of release-critical bugs. There may of course be more than one - but when you release the first, you should not have the second in your thoughts yet. It should ONLY arrive if show-stoppers are found in the first.
If no show-stoppers are found, the release candidate should be retagged to be the final release.
In other words - having "RC2" in the plans for the beginning shows that RC1 isn't really a release-candidate.
So this is the candidate for the preview release for the final release? What is this called? Release Candidate Candidate?
;)
Personally I think the entire concept of "Release Candidate" has been abused severly in many Open Source projects. A Release Candidate should be released, and if no showstoppers is found it in - it should become the FINAL release.
I shuddered when KDE had both "RC1" and "RC2" in their release schedule long before they had actually reached that stage. An RC2 should never - in my opinion - be planned on beforehand.
Anyways. "Final Beta" would probably be a nice name for it.
This will certainly burn some bridges, but if you think it's worth it - and that you are wroth it - then do it.
Please remember, it's not a good thing to burn bridges at all if you're not outstanding at what you do - but if you're one of the most excellent people at our place, and you will be missed due to your skills, then it may be worth it.
However, from your story - it seems that your workplace isn't very fond of you, and that it will be interpreted as sour grapes if you do anything. That will not be a good thing.
Anyways, if by chance, you are a very productive, very well skilled person - then write up a letter on why you are leaving the company, why your direct superior is an asshole, and so forth. Tailor several letters. The one about your superior should be slipped to his superior. The one about other people should be slipped to their superiors. Make it perfectly clear why you are leaving the job - and make sure to let the real bosses know what work you've actually done that is very, very good.
Normally, though. If it's you that do not fit in, don't play any pranks - just inform your boss that you're not happy with the work environment, and that you've found another place where your skills will be used properly. That you wish this would be the case at the place you're leaving - but that the situation wasn't working out.
At the risk of going over very old and well-trodden ground, if PG wanted to be useful for "scholarly purposes" it should long ago have corrected the original mistake of using plain text,
Personally I'm of the opinion that allmost everything is better represented as plain text. In extreme cases, maybe plain text + italics, bold, and the ability to link in pictues.
I can understand other arguments, but in general, I think plain text is the most universal and common format - and thus best suited.
Maybe everything should have a 'source' with more meta-formatting, but with plaintext as the default 'export'.
I've not stopped because of pirating. I pirated games at the time I bought games in addition. The reason I've stopped buying games is that I won't buy games that are released in boxed edition as windows only. On the other hand, I've stopped pirating games too.
Sorry mac, not gonna pay for that.
I'm probably in a real tiny minority here, but hey, that's my reason. If they want me as their customer, make the games available for the system I use. Then I'll buy them. Not before.
Does this discovery point to any kind of meaningful exploit?
Yes, I can think of one immediately.
File sharing networks, where someone can inject garbage with the correct hash - for example in a bittorrent network. I don't know which hashing function bt uses, but if it turns out to be easy to generate collisions - you could wreak havoc against movie-sharers all over the globe.
I'm pretty sure the MPAA / RIAA would throw a gigantic party if such a break became easy.
I must conceed to the Windows OS, Any OS that is easier than making a pie chart in Open Office must be far suppior.
You didn't really get the joke in the paper, did you?
It was a joke paper. "0wnership" with a 0 instead of an O, as in "0wn another persons computer", as in "break into another persons computer".
Well, I'm not sure whether Immunity Inc is serious or not - but Dave Aitel, the guy that posted it to bugtraq has been a bughunter for years.
:)
I think you could compare him a tad to Georgi Gunninski in his microsoft bashing, though
This is really good advice, but you can do more. :-)
:-)
.. .. and if he doesn't do anything about it - and they get more complaints, they'll just shut his account UNTIL he can confirm, by phone that "uh, yeah, sorry about that, I had a virus.. it's removed know.. honestly!"
:) Most viruses doesn't seek out open relays to mail themselves from, and if they do - the ISP will know since I include the name of the virus (thus they know whether they've got a user with a virus, or a user with an open relay).
;)
:)
:)
Well, one can always do more.
Most ISPs really appreciate the complete header of the mail, and sometimes even the body in case of spam.
In the case of spam - indeed. In the case of viruses, there is really no need, especially not after gaining the ISPs trust by sending chunk after chunk of correct virus reports. The only part they actually need is the 'Received: from' line, and the name of the virus. It's not like they're going to close the poor bastards account or anything - just call him and give him a heads up about "Eyh mate, we're receiving reports that your computer is sending virus to others.. you should get yourself a virus scanner.. we can recommend the following ones"
First of all it adds to the authenticity, and second they'll be able to forward your complaint to the responsible ISPs if you had too much beer while reading a spoofed header (more so for spam than virus mails).
Well, if it's spam you should of course add the entire mail - as we're talking about permanently remove the suckers account then. In the case of viruses it's another cup of tea - at least in my experience.
And, well, there isn't too much to be spoofable. I check who sent the email to the mailserver I admin, and then just ship of a report to the ISP that admins that IP space.
If I've sent the email to the wrong ISP, I prefer being hit with a cluebat, instead of them having to relay the message for me.
To aid in identifying the correct abuse addresses I can recommend the hinfo utility as a complement to whois.
Hm, what does that tool do? What databases does it look up? Just the "hinfo" part of DNS?
Oh and if you're stuck with a standard whois, consider replacing it with the one made by Marco d'Itri - it's the default in Debian, and has the ability to guess the correct whois hosts to ask.
I tend to use the stock one that comes with suse. According to --version, its written by some "md plus whois at linux dot it" (obfuscated on purpose) -- which seems to match the name your mentioning.
Anyways, thanks for a nice reply
Damn, you must have a lot of time on your hands..
:-)) (The same ISP usually responds within one business day, but they moved that particular request up the queue very, very fast :-)
Nah. We only get around 50 viruses per day, and I've made a list of the responsive ISPs. I tend to email the responsive ISP's one email per day, containing nothing but the relevant headers.
The ISPs just receives an email with the name of the virus, and the Received: from header(s) they need to track down the person with that virus.
Most is automatically generated by my scripts. I just paste it into my mail client and send it off with a few nice words on top of the list - and if I'm very pleased with the ISPs responsiveness in the past -- some nice words of encouragement for their great work.
The cool thing is that I'm seeing an actual reduction in viruses received from the responsive ISPs, and when they're bogged down - I've gotten my "IMPORTANT!" emails moved quickly up the queue. One particular instance with someone that was pounding our mailserver several times per minute - I got a response from the ISP within 20 minutes.