Hey, AOL used to supply me with my Linux security system! I used a Mac AOL floppy for my Slackware boot disk, while my puter booted that Redmondian sludge natively. Anyone snooping that floppy got a visit from General Failure (unless they tried booting from it).
"Oh... no wonder! It's a Mac disk."
OK, so it wasn't C-2, but my threat model wasn't too strenuous.
Originally, every computer on the Arpanet had one single name, and, before smart routers entered the seen, a person had to enter
a bang-path listing every hop to get to the destination:
Pathalias! When I started out, UUNET was the base of the UUCP universe and we banged everything. uunet!comcon!cybrspc!me would find me from just about anywhere (as would me@uunet!comcon!cybrspc, when our neighbors weren't brain-dead). Pathalias was a real hog, and you had to collect the maps from Usenet. Advertise carefully... I once got found to be the best route between 2 university mainframes in the maps, so when they started pouring hundreds of error reports through me...
Previous to that, they would send messages via a binary transmission device called a TELEGRAPH that sent information in an
encoded format called Morse.
The messages were called telegrams. Has anyone here ever sent or received an actual telegram? Recently? (and if recent, what was the procedure? my last experience was 30 some years ago)
I second the AIWA MP3 unit. I've had mine for a month, and it's very nice. It does tend to be picky about media, preferring 4X burns to 8X, but the 192 KBps MP3's are so close to actual CD audio that I can't tell the difference when the truck is running.
Ogg may be technically superior to MP3, but I don't listen to my music only on my computer. Until there's hardware to portably play Ogg files, it loses a couple of points to MP3.
This, of course, is a business opportunity. And being the gadget geek that I am, I'd probably buy something that would play Ogg files off a CDR (as long as it would also play MP3, because I don't want to go re-rip all my CDs)
I could understand a dictionary attack, if I were seeing loads of bogus names with the same content. But I've only seen single items... never two from the same source. That's what makes me wonder if there isn't some other attack mechanism at work here. The really strange part is that I'd expected some followup, but never saw any. One might think the bounces were being used to confirm a working mailserver at the domain, but as I say, no further traffic from the originators (at least, none I could recognize).
I bet the trawlers sell off munged email addresses in the list regardless, anyway.
I have a pretty large collection of spam sent to my personal domains. One recurring destination address is a Message-ID from a USENET post somewhen in 1991.
A curious point, for me, is the number of spam pieces sent to usernames that not only don't exist, but never existed. And not just easy guesses like "sales@...", but plausible-looking usernames. These addresses could not have been trawled. I haven't seen any of them repeat, so they're probably not on lists. But I still wonder what the utility of sending spam to an address guaranteed to bounce might be. Are they spamming the postmaster through the bounce log?
Re:Connection failure != 404 error
on
MAPS Sued Again
·
· Score: 1
Unless your ipchains are wrong (preventing replies on the loopback interface), if you aren't running a server on port 80 any
attempt to connect to http://127.0.0.1 will immediately fail with errno == ECONNREFUSED.
(A moment's thought...)
Ah. I'm running a stealthed firewall on this machine. Unpopulated ports do not return any sort of error, so the connection timeout will apply.
Perhaps I should have said YMWPV.
Connection failure != 404 error
on
MAPS Sued Again
·
· Score: 1
That's what the/etc/hosts re-binding does, it forces a 404 error.
Not exactly. Rebinding an ad server to 127.0.0.1 causes your browser to attempt a connection to localhost to fetch the document. When there is no server to respond to the connection request, your browser will wait its timeout limit before deciding that the document is not available.
However, running a local server on port 80 that responds immediately with a 404 error short-circuits the browser's timeout and the consequent delay in rendering the containing page.
NB: this is not theory, but the result of empirical observation on my humble box, using Netscape 4.08. (the 4.5+ releases are too bloated and did little to improve the browser... and since I don't use NS for mail, I see no reason to accept the bloat) YMMV.
Re:Spam is the worst kind of free speech.
on
MAPS Sued Again
·
· Score: 1
For banner ads, it's relatively easy: bind the ad picture server's DNS entry to 127.0.0.1 in etc/hosts (don't do this to
images.slashdot.org, you'll lose the headline graphics! Besides, those are the ads that you don't mind too much!). The
468x60 gif files will be replaced by a red X icon!
Netscape, in particular, has an annoyingly long timeout for broken image links. To make this work much better, run TinyWeb so the images will return an immediate 404 error.
The downside is that a well-populated HOSTS file will block ads, but also prevents access to some sites. They seem to have some convoluted redirect scheme that requires the ads to display.
There used to be a loose organization called the American Society of Reverse Engineers. They had a low-volume mailing list, to which I subscribed many years ago. It looks like someone has carried on the tradition at this page
Sadly, it seems you CAN'T switch your second line to a different long distance service from your primary one.
That must be a local option thing. I have two lines: the primary line is on MCI LD, and the 'puter line is on Sprint. I'm in Minnesota, but had a similar situation in Michigan a couple of years ago.
It does get entertaining sometimes. The local telco has been known to get really confused. It's also handy for LD roulette, since I never make LD calls on the modem line. So when the checks come in, I cash them and switch the modem line. Then when the next check comes in...
The one point about SOAP that caught my attention immediately was the assertion that SOAP simplified active mobile code because it runs over HTTP, so it would pass through firewalls easily.
Is it just me, or does this engender a whole new tier of security implications? Currently, the Access exploit can load and run arbitrary code located on a remote Windows share. With SOAP, it should be able to load and run code from any old SOAP-enabled server. Fun, huh?
Got to add:
"CMOS batteries? We've got Lithium batteries..."
(must have forgotten to take his)
"What do you mean by a battery cross-reference book? All the batteries are labelled! Just look for 'calculator'!"
Slashdot Mirror
"Oh... no wonder! It's a Mac disk."
OK, so it wasn't C-2, but my threat model wasn't too strenuous.
And the blue lighting is awesome at night.
I like that Crystal MP3 player, too, but same deal... no apparent retail availability.
- My Rio PMP-300
- My Genica MP3/CDR player
- My Apex AD-600A
Ogg may be technically superior to MP3, but I don't listen to my music only on my computer. Until there's hardware to portably play Ogg files, it loses a couple of points to MP3.This, of course, is a business opportunity. And being the gadget geek that I am, I'd probably buy something that would play Ogg files off a CDR (as long as it would also play MP3, because I don't want to go re-rip all my CDs)
Shrug...
A curious point, for me, is the number of spam pieces sent to usernames that not only don't exist, but never existed. And not just easy guesses like "sales@...", but plausible-looking usernames. These addresses could not have been trawled. I haven't seen any of them repeat, so they're probably not on lists. But I still wonder what the utility of sending spam to an address guaranteed to bounce might be. Are they spamming the postmaster through the bounce log?
Ah. I'm running a stealthed firewall on this machine. Unpopulated ports do not return any sort of error, so the connection timeout will apply.
Perhaps I should have said YMWPV.
However, running a local server on port 80 that responds immediately with a 404 error short-circuits the browser's timeout and the consequent delay in rendering the containing page.
NB: this is not theory, but the result of empirical observation on my humble box, using Netscape 4.08. (the 4.5+ releases are too bloated and did little to improve the browser... and since I don't use NS for mail, I see no reason to accept the bloat) YMMV.
The downside is that a well-populated HOSTS file will block ads, but also prevents access to some sites. They seem to have some convoluted redirect scheme that requires the ads to display.
Must go explore it now.
It does get entertaining sometimes. The local telco has been known to get really confused. It's also handy for LD roulette, since I never make LD calls on the modem line. So when the checks come in, I cash them and switch the modem line. Then when the next check comes in...
A friend of mine once ran a C64 BBS. He kept his PS in a shallow saucepan, upside-down, in a couple inches of water.
Is it just me, or does this engender a whole new tier of security implications? Currently, the Access exploit can load and run arbitrary code located on a remote Windows share. With SOAP, it should be able to load and run code from any old SOAP-enabled server. Fun, huh?
Got to add: "CMOS batteries? We've got Lithium batteries..." (must have forgotten to take his) "What do you mean by a battery cross-reference book? All the batteries are labelled! Just look for 'calculator'!"