Wikipedia should cite the best sources possible, but closed access is bad.
Here's the problem: the best possible sources are closed access, especially when we are talking about
things in medical research and life sciences.
It is beneficial for active content creators to have access to these.
They will be able to create citations supporting articles on subjects that couldn't even be written otherwise.
Notability is a frequent issue on Wikipedia with articles on important subjects frequently getting deleted, because high quality citations have not been made to establish their notability ---- citations good enough to meet the criteria are only available through closed-access sources, such as professional journals.
Finally... the purpose of Wikipedia is to be the encyclopedia anyone can edit,
Nobody ever said anything about the sources used by Wikipedia having to be the same
It would hobble the encyclopedia and greatly limit its coverage, if only free citations can be used.
I love the idea of a free encyclopedia..... and I love the idea of open access journals, BUT let's not delude ourselves into thinking that the canonical work in the sciences are always the open access articles.
E.g. In article discussing relativity, I would much rather see the cite in the journal where Einstein actually published,
than some 4th order / quarternary source that someone preferred since it was an online magazine article available free of charge.
I would also point out... open access today doesn't mean open access tomorrow.
Many times Online sources later go offline, or the publisher breaks the URL!
Now, what would be really cool is if Wikipedia could get a fair use "Excerpting" / "Automatic clipping" service,
where readers of an article could click on an "Excerpt" link by the citation and see an archived exceprt from the
article from online or scanned version, with the cited portion highlighted in yellow, and a bunch of context.
Then adopt a policy indicating that an excerptable source should be included for every referenced fact or assertion, when possible.
It would be cheaper and more effective to hire a security guard at that point.
That's total nonsense, or you have no clue how much legally hiring a security guard actually costs. You're talking less than $100 worth in extra materials to physically secure and conceal your hardware. The overall installation of cameras and a good security system is less than $10k, even after you add physical hardening, fencing, a pet dog, and add some additional layers of protection and defense.
For a security guard; you're talking bare minimum $10 an hour 300 hours a month = $40,000 a year.
Also, security guards are fallible and sometimes fail to show up or don't do their job properly, so they need to be managed as well, and you might have an incident you aren't alerted to.
You also have liability to be concerned about should the guard be injured --- better hire someone who is insured and bonded.
P.S. A security guard is no replacement for a security system.
Nor should you consider hiring additional guard support before you have completed the other lines of defense included adding alarms, cameras, and physical controls.
In terms of getting a home security system, get one that works.
Yeah... Step 1. A good solid alarm panel such as a Vista 20P.
With dual-path reporting minimum: smoke detectors in every bedroom plus one additional per floor hallway, wired sensors for every perimeter door and window, glass break sensors for every window: motion sensors covering major walkways, and high-value areas. Dense sensor coverage over the room/access corridor near the security and communications panels as well.
make sure the NAS is located in the party of the house that won't be searched for valuables such as an entry hallway closet.
Yeah... The control panels for monitored alarm and security cameras should also ideally be at opposite ends of the building; communications and internet connectivity should be in a third place, so attempting to tamper with all 3 systems would be time-consuming.
Make sure to use a NAS that can be mounted in an enclosure and locked. All security and comms enclosures should be out of sight, and the enclosure should either be flush mounted, or hidden pretty well with no wires going out into the room.
The best location for the NAS, or a continuous backup of the NAS might be in a nearby building.
The next best place for your NAS is probably in a locked flush-mounted cabinet near the floor of a closet.
Another option would be a steel enclosure bolted to the floor with concrete anchors.
If 10% of your time is actually spent interacting with the computer, then just charge 900% of your normal hourly fee.
This makes sense.... you are actually getting paid for everything you do.
The number of hours you are actually coding is just being used as a benchmark; it should only be a proportion of the time, if your work is high quality ---- BUT it should still be a proportion of your time.
If you're spending 1 hour of thinking for every 1 hour of coding, then the hourly rate should be triple what it would be if you were just spending 0 hours of thinking for every 1 hour of coding.
Also, people want to pay for something they can see.
So you could do "live thinking" where you jot some notes, and you create some 'draft' text files and do a couple rough sketches.
In civilized countries you can't call "butter" anything with plant oils in it,
Yeah..... feel free to call your plant oil substitute "Plant Oil Spread" or "New Butter Replacement"
Just don't lie to us and attempt to create consumer confusion to benefit your sales by calling your product Butter if it is chemically different from
what is traditionally called butter.
The difference is that the whole selling point of Just Mayo is that it’s egg-free.
I don't see that it's sold any differently by looking at the name of the product.
The average consumer is likely to assume it is just mayonnaise, because the name of the product IS the label.
Hell it's called "Just" mayo.
The little bit of text somewhere else under the headline is the "fine print", And few people will read it after recognizing the name stating that the product is Mayo, because people know what mayo is and what mayo tastes like as well.
I think the bottom line is that their business relies on deceiving people into buying their new alternative products, Because if people realized their "Just Mayo" product, for example, contained a plant alternative to eggs by having it presented at the time of purchase..... many people would not buy.
IMO; the new alternatives are not proven though. I would be wary about them.
I think there is good reason to be wary about them.
That doesn't mean they do not have value ---- esp. to vegans
Even with a hard case and real lock, they're vulnerable.
Until someone secures their luggage with a $200 hardened padlock that even 36" boltcutters can't even put a scratch in?
But Yeah; someone could just swipe the entire luggage case at the luggage pick-up, and now it's "lost" to never be seen again, regardless of how good the lock was
Your average laptop owner doesn't know their device's MAC address.
This should be done with cooperation from device manufacturers.. so the owner just has to pay a nominal fee and have registered their product or know the serial number, "theft reporting key", and model number, and the manufacturer looks up a Device ID and a Key, publishes a "device stolen" record.
Ideally.... i'd like to see them have all devices broadcast an encrypted implant though when doing something else with the wireless. Basically a hash that can be submitted to a trusted clearinghouse for a definitive Stolen/Not-Stolen check.
Also, if every manufacture could publish a URL with a daily list of digitally signed "Stolen device IDs" list, that every operating system will periodically download and submit to the hardware.
If a device finds itself on the list, it should enter a "lockdown" mode, where many functions would be disabled. That cannot be cancelled without contacting the manufacturer with the "device recovered" password.
Also.... the class that damages are awarded to should include All workers of a similar calibre in the industry: not just those that the anti-poaching applied to.
Due to the economics involved. IF such and such position was poached, then I could have applied to it, Or the economic effects across the country might be such that my salary at another company would be higher than it was.
But it isn't an either/or situation. People can think about multiple things.
People are not very good at doing that.
suddenly a talking point environmentalists, who in similar form are outraged that compact florescent light bulbs have a tiny bit of mercury in them, yet have been throwing their 4 foot long lamps out in the regular garbage since forever.
The 4ft long lamps were a small minority of the lightning market, they have a long life time and are usually installed by pros. in commercial environments in well-protected enclosures; the CFLs are being sold as an incandescent replacement which most lightbulbs are, And the mercury is more of a safety issue for the users.
So what should we do? Eliminate the EPA? We certainly aren't going to give them more people or oversight.
Get them out of the business of doing cleanups, and only lay down the requirements and restrictions.
was Constant Contact. And boy were they pissed! They actually tried to tell my users we were doing something wrong...
We used to block ConstantContact on the inbound indirection, because we found them (1) Using more than half a dozen IP addresses to contact our mail servers AND putting high stress on our mail servers, and apparently defeating our 5-Messages-per-Second per-IP-Address rate limits; instead they were sending hundreds upon hundreds of messages per second, And (2) Frequently being a source of mail that generated complaints from our users about getting too much spam.
It ended very badly: when a couple state governmental agencies started using ConstantContact for various newsletters between related org, we literally got state IT officials and district attorneys breathing down our necks. Management required we whitelist them, AND since ConstantContact munges the sender address on all mail to in.constantcontact.com, instead of using a return path matching the internal header From: domain, We have no way of separating the newsletters in question and only whitelisting those.
Therefore, we are essentially required to maintain a whitelisting for ConstantContact.
Unrequested marketing junk *is* spam.
The industry has come to the conclusion that opt-in marketing newsletters are not Unsolicited, and if it's not unsolicited, there have been cases where providers were successfully sued over blocking the messages.
We're not part of the 'request' transaction, so if the user did or didn't Opt in to the marketing bulletin: we have no direct way of knowing.
I don't believe in that either. There is no global warming, and no poisoning or pollution of anything.
I am willing to stipulate that global warming happens and concerns may have some bearing, if you will just agree that toxic chemical releases and water contamination are a bigger more immediately pressing issue that GW should not distract us from.
Also, we have done most of what is within our power regarding GW, and if we weren't so distracted, we could have much more beneficial improvements
if our officials would concentrate on fixing things that are the most seriously broken that they can have the greatest positive impact on.
Especially when we have credible scientists warning that the EPA is so negligent in the latest accident that it seemed like it could have been a planned accident to get their way politically.
I'm giving the EPA the benefit of the doubt that they were just grossly negligent ---- if BP, or a private cleanup company had committed a clearly incorrect decision with these kinds of disastrous results, there would be billion dollar fines and likely executives going to jail.
If you have clients whose accounts are compromised, then [...]
It's not the same users over and over again. It's a different user almost every time.
The couple users that DID get re-compromised, after we unlocked their account,
were cancelled as a customer after the 3rd incident, and their computer was legitimately infected ---- It is just totally not our job as ISP to
help them clean up their infection for free. There are about 3,000 hosted and ISP mailboxes and 500 domains.
We do incoming and outgoing mail relay for by last count several thousand private mail servers as well.
We deactivate the account immediately when we find them, and delete all their queued messages.
The problem is finding them, because spammers are not always calling attention to themselves.
Generally, found issues come from accounts that the spammer gained access to through brute force.
We have many defense mechanisms against brute force, including password policy for new passwords,
not all digits, not all lower, not all upper, banning any IP after 10 successive failed logins,
and lockout if more than X IP addresses detected active on an account over Y minutes.
And nevertheless, there are still users that fall for phishing or get their password guessed.
It seems like these come in waves, like the spammers are saving them up and acting upon them at an "opportune" time.
Some spam events areinfected systems if they are relaying off of us, since we provide a free SMTP relay host for our ISP customers.
We're damned if we don't do that, because we publish end users' dynamic IP address ranges in the Spamhaus PBL, and we always
get blamed by customer if a customer's private mail server on their own premises gets blacklisted or has other issues, because "It's our IP address".
It is not straightforward at all to look at an outgoing mailflow and determine if account(s) are compromised.
Often something will appear to be outgoing spam, But then turn out just to be an ISP user's free e-mail account that
they set to forward all their e-mail to example@gmail.com, OR Out-of-Office responses sent from Microsoft Exchange.
In the past we even got auto-generated spam complaints about forwarded mail, based on the recipient's own forwarding rules!
Many, many spamming IP addresses are hijacked hosts that are cleaned up eventually.
My mail servers IPs have been hijacked for spamming many times, probably about 3 or 4 times a month,
but as far as I know, they are generally cleaned up within a few hours, and usually the volume is restricted by message rate controls.
The biggest problem is We have no idea when it is happening, or if there are complaints, which messages are actually true spam,
and which messages are just "legitimate marketing" that look spammy.
Also, the RBLS have destroyed mutual cooperation between operators against spam.... we all just have our blacklists, and then we start
having equally huge whitelists that represent the hundreds of thousands of legitimate mail transactions that blacklists have incorrectly interfered with.
Nobody really sends detailed abuse complaints anymore or provide any data that could be meaningfully used for reliable spam content identification without false positives. They just put IP addresses straight to blacklist
. Heck, the abuse@ contact address and IP address space WHOIS abuse contacts get no messages at all from humans for the most part, except (ironically) marketing attempts, DMCA letters, and DoS amplification reports.
So the "eventually" part, is because noone's even bothering to lend a hand against the spammers.
Perhaps everyone is just overwhelmed and desensitized.
You'll just wake up after some sneaky spammer has been abusing your mail server starting at 4am, and after you find your IP with a bad reputation on a bunch of blocklists with not a single actionable abuse complaint. You will have most RBLs that tell you "their spam traps are secret," and you need to wait 3 days before requesting removal, so they won't even reveal what the spam message looked like, or enough information to identify the abuser on a multi-tenant mail server.
Then there are 'fascist' blacklists who decide, they want to blackmail you and force you to pay a fee for removal.
In a number of cases, we have referred those guys to our lawyers, to see if we can do anything about them.
Hopefully, law enforcement will eventually lay down the criminal charges against paid-removal blacklists for racketeering.
Then there are reputation services such as Cisco's which has no remediation or contact to resolve the listings at all, And they are highly secretive about how they even work.
Then there are RBLs that insist on blacklisting you for 48 hours, or 5 days, because some spammer managed to go to town for a few hours one night.....
Most often: it is some customer mailboxes whose password has been guessed by spammers who then proceed to abuse the account.
Or a mailbox on a customer mail server relaying off of ours.
It is not so easy to tell when it has happened, because there are plenty of customers running legitimate "newsletters" off their mailbox.
We limit each customer to an average rate of 1200 messages per day for some domains, and 250 messages per day for others,
but "legitimate" bulk mailers using their normal account to e-mail blast frequently hit the limits and complain about it,
Meanwhile, there are spammers who are relentless and send a trickle of messages just below the limits sometimes.
Then there are spammers who use IP addresses of non-mail servers such as workstations..... by co-opting random systems and running random malware that pretends to be a SMTP server, Or they install a local SMTP server and relay off of it.
The latter are frequently short-lived attacks. By the time anything is in a RBL: the spammer has already probably moved on to the next batch of IP addresses to disrupt.
Reducing one's use of paper products will not reduce global deforestation
I suggest banning the sale of lumber products taken from natural forests, Or of farm or other products created on formerly forested land without paying a heft fee per hectare of land.
Let the economic ramifications work their way back through the system and remove any significant incentive for people to deforest land.
Instead of being concerned about the REAL environmental issues.... such as plastics and pollution of our bodies of water, hazardous chemical releases by our own government's negligence, and corruption of potable water supplies.
Or Texas Sharpshooter fallacy.
It was always fun shooting bullets at the barn, and then afterwards painting the targets with the bullseye around each bullet.
Recorded history isn't that long.
If you start with a conclusion, then you are always going to find evidence for it.
There is some probability of such events happening with OR without climate change.
Sounds to me like you are banking on kernel exploits being more rare than they actually are.
Well, from a chroot environment running as a non-root user: it is going to be a technical challenge to make calls to the kernel directly, and for all you know a syscall filtering mechanism is in place, And chroot is just one of the early lines of defense.
yet it has never been clear to me which variables get passed over to the root session ans which do not
All exported environment variables, just as if you started a spawned a shell binary with the same user.
Except on systems that implemented PAM su, on these systems, PAM modules might be used to change
the values of ulimits or some other environment variables, or clear some.
They might do this because it is the desire of whoever configured the system to assign additional characteristics to
certain interactive root or other-user shells.
Slashdot Mirror
Wikipedia should cite the best sources possible, but closed access is bad.
Here's the problem: the best possible sources are closed access, especially when we are talking about things in medical research and life sciences.
It is beneficial for active content creators to have access to these.
They will be able to create citations supporting articles on subjects that couldn't even be written otherwise.
Notability is a frequent issue on Wikipedia with articles on important subjects frequently getting deleted, because high quality citations have not been made to establish their notability ---- citations good enough to meet the criteria are only available through closed-access sources, such as professional journals.
Finally... the purpose of Wikipedia is to be the encyclopedia anyone can edit, Nobody ever said anything about the sources used by Wikipedia having to be the same
It would hobble the encyclopedia and greatly limit its coverage, if only free citations can be used.
I love the idea of a free encyclopedia..... and I love the idea of open access journals, BUT let's not delude ourselves into thinking that the canonical work in the sciences are always the open access articles.
E.g. In article discussing relativity, I would much rather see the cite in the journal where Einstein actually published, than some 4th order / quarternary source that someone preferred since it was an online magazine article available free of charge.
I would also point out... open access today doesn't mean open access tomorrow. Many times Online sources later go offline, or the publisher breaks the URL!
Now, what would be really cool is if Wikipedia could get a fair use "Excerpting" / "Automatic clipping" service, where readers of an article could click on an "Excerpt" link by the citation and see an archived exceprt from the article from online or scanned version, with the cited portion highlighted in yellow, and a bunch of context.
Then adopt a policy indicating that an excerptable source should be included for every referenced fact or assertion, when possible.
It would be cheaper and more effective to hire a security guard at that point.
That's total nonsense, or you have no clue how much legally hiring a security guard actually costs. You're talking less than $100 worth in extra materials to physically secure and conceal your hardware. The overall installation of cameras and a good security system is less than $10k, even after you add physical hardening, fencing, a pet dog, and add some additional layers of protection and defense.
For a security guard; you're talking bare minimum $10 an hour 300 hours a month = $40,000 a year.
Also, security guards are fallible and sometimes fail to show up or don't do their job properly, so they need to be managed as well, and you might have an incident you aren't alerted to.
You also have liability to be concerned about should the guard be injured --- better hire someone who is insured and bonded.
P.S. A security guard is no replacement for a security system. Nor should you consider hiring additional guard support before you have completed the other lines of defense included adding alarms, cameras, and physical controls.
Besides, everyone knows that System Administrator appreciation day is July 29th.
And programmers and those other computer people are just considered one and the same.
Also, if it makes you feel any better... then just call it Developer / Operators Day, or DevOps day.
In terms of getting a home security system, get one that works.
Yeah... Step 1. A good solid alarm panel such as a Vista 20P. With dual-path reporting minimum: smoke detectors in every bedroom plus one additional per floor hallway, wired sensors for every perimeter door and window, glass break sensors for every window: motion sensors covering major walkways, and high-value areas. Dense sensor coverage over the room/access corridor near the security and communications panels as well.
make sure the NAS is located in the party of the house that won't be searched for valuables such as an entry hallway closet.
Yeah... The control panels for monitored alarm and security cameras should also ideally be at opposite ends of the building; communications and internet connectivity should be in a third place, so attempting to tamper with all 3 systems would be time-consuming.
Make sure to use a NAS that can be mounted in an enclosure and locked. All security and comms enclosures should be out of sight, and the enclosure should either be flush mounted, or hidden pretty well with no wires going out into the room.
The best location for the NAS, or a continuous backup of the NAS might be in a nearby building.
The next best place for your NAS is probably in a locked flush-mounted cabinet near the floor of a closet.
Another option would be a steel enclosure bolted to the floor with concrete anchors.
If 10% of your time is actually spent interacting with the computer, then just charge 900% of your normal hourly fee.
This makes sense.... you are actually getting paid for everything you do. The number of hours you are actually coding is just being used as a benchmark; it should only be a proportion of the time, if your work is high quality ---- BUT it should still be a proportion of your time.
If you're spending 1 hour of thinking for every 1 hour of coding, then the hourly rate should be triple what it would be if you were just spending 0 hours of thinking for every 1 hour of coding.
Also, people want to pay for something they can see.
So you could do "live thinking" where you jot some notes, and you create some 'draft' text files and do a couple rough sketches.
In civilized countries you can't call "butter" anything with plant oils in it,
Yeah..... feel free to call your plant oil substitute "Plant Oil Spread" or "New Butter Replacement"
Just don't lie to us and attempt to create consumer confusion to benefit your sales by calling your product Butter if it is chemically different from what is traditionally called butter.
The difference is that the whole selling point of Just Mayo is that it’s egg-free.
I don't see that it's sold any differently by looking at the name of the product.
The average consumer is likely to assume it is just mayonnaise, because the name of the product IS the label. Hell it's called "Just" mayo.
The little bit of text somewhere else under the headline is the "fine print", And few people will read it after recognizing the name stating that the product is Mayo, because people know what mayo is and what mayo tastes like as well.
I think the bottom line is that their business relies on deceiving people into buying their new alternative products, Because if people realized their "Just Mayo" product, for example, contained a plant alternative to eggs by having it presented at the time of purchase..... many people would not buy.
IMO; the new alternatives are not proven though. I would be wary about them. I think there is good reason to be wary about them.
That doesn't mean they do not have value ---- esp. to vegans
Even with a hard case and real lock, they're vulnerable.
Until someone secures their luggage with a $200 hardened padlock that even 36" boltcutters can't even put a scratch in?
But Yeah; someone could just swipe the entire luggage case at the luggage pick-up, and now it's "lost" to never be seen again, regardless of how good the lock was
Can you walk upstairs and ask him to give my phone back?
This isn't how you frame the question. You need to have a little chat with your buddy in the department and buy 'em a beer.
Political connections also help.
Your average laptop owner doesn't know their device's MAC address.
This should be done with cooperation from device manufacturers.. so the owner just has to pay a nominal fee and have registered their product or know the serial number, "theft reporting key", and model number, and the manufacturer looks up a Device ID and a Key, publishes a "device stolen" record.
Ideally.... i'd like to see them have all devices broadcast an encrypted implant though when doing something else with the wireless. Basically a hash that can be submitted to a trusted clearinghouse for a definitive Stolen/Not-Stolen check.
Also, if every manufacture could publish a URL with a daily list of digitally signed "Stolen device IDs" list, that every operating system will periodically download and submit to the hardware.
If a device finds itself on the list, it should enter a "lockdown" mode, where many functions would be disabled. That cannot be cancelled without contacting the manufacturer with the "device recovered" password.
Also.... the class that damages are awarded to should include All workers of a similar calibre in the industry: not just those that the anti-poaching applied to.
Due to the economics involved. IF such and such position was poached, then I could have applied to it, Or the economic effects across the country might be such that my salary at another company would be higher than it was.
But it isn't an either/or situation. People can think about multiple things.
People are not very good at doing that.
suddenly a talking point environmentalists, who in similar form are outraged that compact florescent light bulbs have a tiny bit of mercury in them, yet have been throwing their 4 foot long lamps out in the regular garbage since forever.
The 4ft long lamps were a small minority of the lightning market, they have a long life time and are usually installed by pros. in commercial environments in well-protected enclosures; the CFLs are being sold as an incandescent replacement which most lightbulbs are, And the mercury is more of a safety issue for the users.
So what should we do? Eliminate the EPA? We certainly aren't going to give them more people or oversight.
Get them out of the business of doing cleanups, and only lay down the requirements and restrictions.
was Constant Contact. And boy were they pissed! They actually tried to tell my users we were doing something wrong ...
We used to block ConstantContact on the inbound indirection, because we found them (1) Using more than half a dozen IP addresses to contact our mail servers AND putting high stress on our mail servers, and apparently defeating our 5-Messages-per-Second per-IP-Address rate limits; instead they were sending hundreds upon hundreds of messages per second, And (2) Frequently being a source of mail that generated complaints from our users about getting too much spam. It ended very badly: when a couple state governmental agencies started using ConstantContact for various newsletters between related org, we literally got state IT officials and district attorneys breathing down our necks. Management required we whitelist them, AND since ConstantContact munges the sender address on all mail to in.constantcontact.com, instead of using a return path matching the internal header From: domain, We have no way of separating the newsletters in question and only whitelisting those.
Therefore, we are essentially required to maintain a whitelisting for ConstantContact.
Unrequested marketing junk *is* spam.
The industry has come to the conclusion that opt-in marketing newsletters are not Unsolicited, and if it's not unsolicited, there have been cases where providers were successfully sued over blocking the messages.
We're not part of the 'request' transaction, so if the user did or didn't Opt in to the marketing bulletin: we have no direct way of knowing.
I don't believe in that either. There is no global warming, and no poisoning or pollution of anything.
I am willing to stipulate that global warming happens and concerns may have some bearing, if you will just agree that toxic chemical releases and water contamination are a bigger more immediately pressing issue that GW should not distract us from.
Also, we have done most of what is within our power regarding GW, and if we weren't so distracted, we could have much more beneficial improvements if our officials would concentrate on fixing things that are the most seriously broken that they can have the greatest positive impact on.
Especially when we have credible scientists warning that the EPA is so negligent in the latest accident that it seemed like it could have been a planned accident to get their way politically.
I'm giving the EPA the benefit of the doubt that they were just grossly negligent ---- if BP, or a private cleanup company had committed a clearly incorrect decision with these kinds of disastrous results, there would be billion dollar fines and likely executives going to jail.
If you have clients whose accounts are compromised, then [...]
It's not the same users over and over again. It's a different user almost every time.
The couple users that DID get re-compromised, after we unlocked their account, were cancelled as a customer after the 3rd incident, and their computer was legitimately infected ---- It is just totally not our job as ISP to help them clean up their infection for free.
There are about 3,000 hosted and ISP mailboxes and 500 domains.
We do incoming and outgoing mail relay for by last count several thousand private mail servers as well.
We deactivate the account immediately when we find them, and delete all their queued messages.
The problem is finding them, because spammers are not always calling attention to themselves.
Generally, found issues come from accounts that the spammer gained access to through brute force. We have many defense mechanisms against brute force, including password policy for new passwords, not all digits, not all lower, not all upper, banning any IP after 10 successive failed logins, and lockout if more than X IP addresses detected active on an account over Y minutes.
And nevertheless, there are still users that fall for phishing or get their password guessed. It seems like these come in waves, like the spammers are saving them up and acting upon them at an "opportune" time.
Some spam events areinfected systems if they are relaying off of us, since we provide a free SMTP relay host for our ISP customers. We're damned if we don't do that, because we publish end users' dynamic IP address ranges in the Spamhaus PBL, and we always get blamed by customer if a customer's private mail server on their own premises gets blacklisted or has other issues, because "It's our IP address".
It is not straightforward at all to look at an outgoing mailflow and determine if account(s) are compromised. Often something will appear to be outgoing spam, But then turn out just to be an ISP user's free e-mail account that they set to forward all their e-mail to example@gmail.com, OR Out-of-Office responses sent from Microsoft Exchange.
In the past we even got auto-generated spam complaints about forwarded mail, based on the recipient's own forwarding rules!
Many, many spamming IP addresses are hijacked hosts that are cleaned up eventually.
My mail servers IPs have been hijacked for spamming many times, probably about 3 or 4 times a month, but as far as I know, they are generally cleaned up within a few hours, and usually the volume is restricted by message rate controls.
The biggest problem is We have no idea when it is happening, or if there are complaints, which messages are actually true spam, and which messages are just "legitimate marketing" that look spammy.
Also, the RBLS have destroyed mutual cooperation between operators against spam.... we all just have our blacklists, and then we start having equally huge whitelists that represent the hundreds of thousands of legitimate mail transactions that blacklists have incorrectly interfered with.
Nobody really sends detailed abuse complaints anymore or provide any data that could be meaningfully used for reliable spam content identification without false positives. They just put IP addresses straight to blacklist
. Heck, the abuse@ contact address and IP address space WHOIS abuse contacts get no messages at all from humans for the most part, except (ironically) marketing attempts, DMCA letters, and DoS amplification reports.
So the "eventually" part, is because noone's even bothering to lend a hand against the spammers. Perhaps everyone is just overwhelmed and desensitized.
You'll just wake up after some sneaky spammer has been abusing your mail server starting at 4am, and after you find your IP with a bad reputation on a bunch of blocklists with not a single actionable abuse complaint. You will have most RBLs that tell you "their spam traps are secret," and you need to wait 3 days before requesting removal, so they won't even reveal what the spam message looked like, or enough information to identify the abuser on a multi-tenant mail server.
Then there are 'fascist' blacklists who decide, they want to blackmail you and force you to pay a fee for removal. In a number of cases, we have referred those guys to our lawyers, to see if we can do anything about them. Hopefully, law enforcement will eventually lay down the criminal charges against paid-removal blacklists for racketeering.
Then there are reputation services such as Cisco's which has no remediation or contact to resolve the listings at all, And they are highly secretive about how they even work.
Then there are RBLs that insist on blacklisting you for 48 hours, or 5 days, because some spammer managed to go to town for a few hours one night.....
Most often: it is some customer mailboxes whose password has been guessed by spammers who then proceed to abuse the account.
Or a mailbox on a customer mail server relaying off of ours.
It is not so easy to tell when it has happened, because there are plenty of customers running legitimate "newsletters" off their mailbox. We limit each customer to an average rate of 1200 messages per day for some domains, and 250 messages per day for others, but "legitimate" bulk mailers using their normal account to e-mail blast frequently hit the limits and complain about it, Meanwhile, there are spammers who are relentless and send a trickle of messages just below the limits sometimes.
Then there are spammers who use IP addresses of non-mail servers such as workstations..... by co-opting random systems and running random malware that pretends to be a SMTP server, Or they install a local SMTP server and relay off of it.
The latter are frequently short-lived attacks. By the time anything is in a RBL: the spammer has already probably moved on to the next batch of IP addresses to disrupt.
Reducing one's use of paper products will not reduce global deforestation
I suggest banning the sale of lumber products taken from natural forests, Or of farm or other products created on formerly forested land without paying a heft fee per hectare of land.
Let the economic ramifications work their way back through the system and remove any significant incentive for people to deforest land.
Instead of being concerned about the REAL environmental issues.... such as plastics and pollution of our bodies of water, hazardous chemical releases by our own government's negligence, and corruption of potable water supplies.
Or Texas Sharpshooter fallacy. It was always fun shooting bullets at the barn, and then afterwards painting the targets with the bullseye around each bullet.
Recorded history isn't that long. If you start with a conclusion, then you are always going to find evidence for it.
There is some probability of such events happening with OR without climate change.
Sounds to me like you are banking on kernel exploits being more rare than they actually are.
Well, from a chroot environment running as a non-root user: it is going to be a technical challenge to make calls to the kernel directly, and for all you know a syscall filtering mechanism is in place, And chroot is just one of the early lines of defense.
Gonna be kind of tthough to have a ahell without a tty, aka /dev/*tty*So yeah, you need /dev.
False. In fact you're false on so many counts, that I'll just show with a session excerpt to a jailed shell.
[~]# uname -ir /etc/passwd /var/jail/etc/passwd /proc/uptime /proc/uptime /proc/uptime: No such file or directory /dev . .. /proc /proc: No such file or directory
/usr/share/terminfo/p/putty-256color
/usr/share/terminfo/p/putty
/usr/share/terminfo/p/putty-vt100 /lib64/ld-linux-x86-64.so.2 /bin/date /bin/date > date ./date ./date: Permission denied /lib64/ld-linux-x86-64.so.2 ./date
./date: error while loading shared libraries: ./date: failed to map segment from shared object: Operation not permitted /lib64/ld-2.12.so /bin/date /lib64/ld-2.12.so ./date
./date: error while loading shared libraries: ./date: failed to map segment from shared object: Operation not permitted
/etc/ld.so.cache
/etc/ld.so.conf
/usr/bin/ldd
/lib64/ld-2.12.so
/lib64/ld-linux-x86-64.so.2
2.6.32-573.1.1.el6.x86_64 x86_64 [~]# grep support1
support1:x:1411:1411::/var/jail/./home/support1:/usr/sbin/jk_chrootsh
[~]# grep support1
support1:x:1411:1411::/home/support1:/bin/bash
[~]# cat
246835.99 239072.52
[~]# su - support1
[~]$ cat
cat:
[~]$ ls -la
total 8
drwxr-xr-x. 2 root root 4096 Aug 19 10:01
drwxr-xr-x. 10 root root 4096 Aug 19 10:07
[~]$ ls
ls: cannot access
[~]$ find / | grep tty
find: `/home.a/lost+found': Permission denied
[~]$ whoami
support1
[~]$ ld
bash: ld: command not found
[~]$
Mon Aug 31 01:35:54 CDT 2015
[~]$ cat
[~]$
bash:
[~]$
[~]$
Mon Aug 31 01:37:17 CDT 2015
[~]$
[/home.a/support1]$ find / | grep '/ld'
[~]$
Have security vulnerabilities ever 'destroyed' any piece of software?
Java browser applet plugin.
It's largely not used anymore, and major browsers block it by default.
In a couple weeks there won't even be a way to get it running on Chrome, if you want to.
I thought systemd was the new emacs???
Systemd might be a rewrite of emacs from the ground up. They just haven't gotten to the text editor and mail client parts quite yet.
yet it has never been clear to me which variables get passed over to the root session ans which do not
All exported environment variables, just as if you started a spawned a shell binary with the same user.
Except on systems that implemented PAM su, on these systems, PAM modules might be used to change the values of ulimits or some other environment variables, or clear some.
They might do this because it is the desire of whoever configured the system to assign additional characteristics to certain interactive root or other-user shells.