...more spam comming from all those junk domains that spammers buy. It's not like spammers only have a couple legitimate domains to work with.
I have a list of hundreds of such spam domains in the form
if expression both matches "*610000x*" delete "" if expression both matches "*64.74.124.113*" delete "" if expression both matches "*66.235.226.100*" delete "" if expression both matches "*abcpills4u*" delete "" if expression both matches "*about-mtg*" delete "" if expression both matches "*adweawen*" delete "" if expression both matches "*adweawen.biz*" delete ""
It's not going to stop spam. There's no shortage of DNS services to allow people with home connections the ability to set up Dynamic DNS so they can have a domain always pointing to their shifting IP.
The one advantage this has over filtering out links in e-mails is that I can do the filter with only the FROM and connecting IP. Currently I have to recieve the entire message. But since all this filtering happens server side, I still save at least 50% of the bandwidth.
In actuality the header is irrelavent. Spammers use affiliate programs. Nearly every spam has a link. And most of those links go to the same domains. Block 1 IP and you completely miss the target. Block 1 domain and you block every single spammer that uses it regardless of how garbled the header is or who it is.
Those few spams that don't have links just get deleted. By filtering links I reduce the amount of spam to a trickle, have 100% accuracy, and anything that manages to get through is so little that just hitting the delete button isn't an issue. Updating the filter is a quick and easy operation.
As for being anonymous. All you need to do is host a web-site and use a simple PHP script that connects through your mail server with a generic account and allows anyone to send e-mails to anyone using it. My contact form on my site uses such a script except the sender and recipient are hard coded. If someone wants to be contacted they just include their e-mail address and it's added to the message body.
By allowing the recipient to be set by the user you meet your good friend "plausable deniability."
And if you delete all the logs that the script generates, there's nothing for anyone to seize.
With a simple question/answer challenge you can prevent spammers from whoring your script out. Not using a generic script in a generic directory like "formmail" also helps.
And since unlike "sendmail" the PHP script isn't actually sending the messages so a valid account has to be given so it can log into the actual mail server where all the filtering and security rules are in place.
I saw a DVD playing on a Plasma display and it was terrible. You can clearly make out the compression artifacts. If you're putting together a home theater you'd be better off using something less crisp to blend the artifacts better. I actually prefer watching DVDs on a regular CRT tv set.
For the not rich:
Personally I'm building an LCD projector out of an overhead and LCD monitor. Not the PC kind. The TV kind like available for the latest game consoles. You can get Overhead LCD panels prebuilt but they're quite pricey. A decent 5" panel can be had for $100-$150 if you buy something like the GameCube screen and a decent overhead can be had for $150-$200. computergeeks.com has a 4" panel for $60. So for $200-$300 you have a nice LCD projector vs $1600 minimum for a "real" LCD projector. Overhead bulbs are $20 vs $200-$300 for an LCD projector bulb.
If you're feeling bold and daring you can take a PC LCD monitor apart and place it over the overhead for a full 15"-17" panel which will project to about 10' diag at only 10' back from the wall. That'll run you hundreds just for the panel but you're still hundreds ahead of a prebuild LCD projector and you're saving 90% on bulbs.
I don't get rich people. I'd rather build these things from parts than just open up a box.
I see a movie, walk out of the theater wanting the DVD but by the time the DVD comes out, I don't care to buy it. Gladiator and The Patriot come to mind on that one.
I would have walked into a store and bought Matchstick Men and Kill Bill that same day. I'm still going to buy those two but I have yet to purchase Gladiator or The Patriot.
I think Hollywood's reasoning is that you'll keep going back to the theater to see it. They know their books. Maybe enough people are seeing movies multiple times to warrent it.
If you could pay $15-$20 to buy a movie or $8 bucks to see it in a theater what would you do? If the movie was getting good reviews I'd probably just buy it and skip the theater. If it was getting bad reviews I'd probably pass on both. If you have a few people who want to see it, you buy/rent a copy save money on the movie and just hang out and buy pizza with the money you saved which is still cheaper than buying crap at the theater.
You can blame the MPAA but the theater chains have a lot to gain by forcing you to pay them to see a movie unless you want to wait several months to buy or rent it.
You agreed to pay the price. Nobody held a gun to your head and forced you to buy those CDs.
I'd agree they'd owe us more if they were selling something necessary like food or fuel products.
But they're not. They're selling luxeries. Things you don't need.
As it is, they're giving you a check based on the average overcharge. People who only bought a CD or two are getting the same amount as people who bought dozens or hundreds of CDs.
There's no way the RIAA is going to count reciepts for everyone that requested a check and give proportionatly the same to everyone. Do you even have reciepts for all those CDs to prove you bought them and when you bought them?
It's just a lot easier to divide the entire fine by everyone who requested compensation and give equal size checks to everyone regardless of how much they spent.
And this is perfectly reasonable since nobody forced you to buy any of those CDs. If you're mad about how much you pay for CDs, buy them used. Use that check to buy used CDs so that none of the money goes back to the RIAA. And then stop buying new CDs.
So what do people do? They install it, throw it directly on the line and assume it's secure "out of the box." So they don't worry about it.
I know Windows isn't secure. There's no way in hell I'm putting ANY OS directly on the line. I run a hardware firewall between every computer and the outside. Very few ports are open and I know exactly what's running on each of those ports.
For my IcarusIndie.com server it's logged in as an Administrator 24/7 365 days a year. Guess how many times it's been hacked?
Once someone erased all the usernames and passwords out of MySQL. They did it through a PHP page that uses MySQL. Nothing was actually damaged because they couldn't get anywhere. There is no way to remotely connect to MySQL. It's pretty lame that a semicolon can allow arbitrary commands to be issued to MySQL. And yes I'm running the latest version.
Another time someone I know decided to demonstrate a nearly server crashing bug GuildFTPd has. I updated to the latest version that claimed to have fixed the problem (ignoring your settings for not allowing more than X connections from a single IP) and it wasn't actually fixed. I now run BulletProof FTP server and it isn't affected by that DoS bug and has no known remote exploits.
I also run WinVNC. Except it's modified to use a whitelist. Only when you connect with given IPs do you even get the password prompt. And there's no way to remotely change the IP list unless you already have a whitelisted IP. So when my Cox IP changes I have to go down to the ISP to get physical access to update the whitelist.
No one has ever managed to hack Windows. Even though I'm running as "root." Only some very flaky software handling the above mentioned hacked services. But they've never managed to cause any real damage.
My web-site has been running logged in as Admin for going on 4 years. That's a very stellar record. And not hard to achieve if you're not blinded by propoganda. I even ran my server on WinME to start with and never got hacked.
It's an attitude problem. Not a hardware or software problem if your systems are being hacked into.
Theft deals with what YOU illegally aquire. If you aquired something illegally you STOLE it. And stealing is theft. It doesn't matter if it's physical property or not. If you illegally aquired it, you are a theif.
The court puts makes a distinction because the PENALTY is determined by what the victim lost. There only needs to be a LEGAL distinction for the sake of handing down punishment which requires calculating cost.
So yes, if you illegally aquire music or whatnot, you are a theif. The court will give you a more legalistic term since the punishment is different than if you stole say a car.
"Using politically motivated, inflamatory language ["theft"; "piracy"] does not make it any worse an act in reality."
That's right, stealing nonphysical property is exactly the same morally as stealing physical property.
Hiding behind legal distinctions that were invented to make handing down punishment clearer makes you no less what you are if you illegally aquire something; a theif.
Where did I claim this was a fully manual process?
Ripping out links is automatic. Along with who it's from, who it's going to and the subject. That makes clearing out legitimate e-mails real easy.
"Spammers frequently use tricks to confuse humans reading links. spammy%2Ecom type hex, www.fake.com/blahblahblah@real.biz "
That only confuses people who are reading the message. Not programs that harvest links with the other forementioned info from the message source.
You can either depend on a computer to handle the whole process and have a 100% chance of getting false positives or do only the repetative stuff automatically and have a 100% chance of filtering only spam domains.
Every few days I have only a handful of domains to add to the filter.
Seriously. Did you actually think I'm that dense to fail to use the source of the message and not just what it renders?
the links. Except for the rare text only spam most spams either have a picture or a link that goes to a domain.
Those domains are used by tons of spammers. So by filtering out a single domain blocks dozens (or more) of spammers. And there's zero risk of blocking a legitimate e-mail since no legitimate e-mails are going to link to those spam domains.
The other bonus is that IPs are free from the ISP but domains cost real money. I've harvested hundreds of domains from spams that have hit my mail server and at $7 a pop or more, I've just "cost" spammers thousands of dollars. They have to pay a chunk of change any time they want to spam me about something. Every few days enough spams get through to care to update my Mercury Mail server filter with the new URLs.
And thanks to the HTML protocol you can't obfuscate an URL. The best they can do is base-64 the entire message but those are easy to filter out as well. It does't matter if they plain text the URL either. It's not looking for an href. It's just looking for "topofferz.biz" or whatever. As long as you keep the ".com" or whatever you don't have to worry about random letter domains that have letter combinations that can show up in legitimate attachments. Attachments are encoded without the use of a "."
The filtering happens server side so I save 50% of the bandwidth cost for every message caught. Plus cost spammers real money they paid for their domains. It's a win-lose situation just like it should be.
it wasn't to prove he couldn't do it. It was to show how much force he was deflecting. It never claimed he couldn't do it. In order to claim that you'd have to know his tolerance.
And that physics book still sucks. Note to teachers: STOP USING IT.
Ben
The prognosis doesn't look good
on
Cyberchondria
·
· Score: -1, Troll
You are all diseased.
You are the all singing, all dancing crap of the world.
I suggest you all wash your hands and go to bed before you infect the rest of us.
Apache doesn't do anything useful for hackers. IIS is full of functionality. It's not just a web-server and it's tied directly into the OS.
Apache is just a web-server and runs on top of the OS. There's quite simply nothing to hack with Apache. With IIS there's all kinds of remote functionality to play with maliciously.
Comparing Apache to IIS is apples and oranges. If Apache did even close to what IIS is capable of doing then maybe there'd be a valid comparison.
I run Apache on 2K logged in as an admin. The only thing that's been hacked is MySQL and they couldn't get anywhere and nothing of value was stored in it. I never figured out how exactly they managed to do it or when but the assumed hole was fixed. It hasn't been hacked since so I'm guessing it works.
In order to take advantage of the hack they'd have to upload a PHP page since the mySQL port is blocked to the outside.
Oh yes, and GuildFTP was shown to be able to crash the server despite the author's claim that the hole was fixed. The only reason it didn't crash the server was because the person testing the exploit knows me. I now run BulletProof FTP server which has no known remote exploits.
MS's game department isn't what brings in all the money. It's their Windows and Office products that make the money.
They can grin a bear it when some games are pirated. Why do you think they (try to) crush companies that make mod chips for the XBox? Some things are more important.
And this is the source code to Windows. This is NOT just another product.
Anyone who dares to host it will be sat on until they are dead. Hell hath no fury.
Claiming this is just another product shows your definit lack of ability to comprehend the scope of this leak and the importance of it to MS's bottom line.
The legal costs required to shut down warez sites over a game generally are more than the amount of the losses. The legal costs required to crush the fools who dare to host the Windows source comes nowhere near the potential losses due to the leak.
at 3+ hours to download I've shared it long enough.
It's my bandwidth thank you very much. If I want to whore it out that's my choice. Not everyone can afford to share popular files for extended amounts of time. I'm sure you wouldn't mind me blowing a good chunk of my alloted monthly upstream bandwidth for this file but I do. And it's my bandwidth.
Feel free to download it from a fixed site if you're worried about everyone disappearing before you're done.
If I want to put up a page blasting a teacher for being terrible I have a right to be able to do so.
The only motivation this site should have for moderating people's opinions is to maximize credibility. If reviews consist of "he's a poopyhead" nobody is going to take it seriously.
It's also not criminal to make outlandish comments against people. Would a reasonable person believe the teacher is diseased in such a way? Then it's not libel. It's just stupid. This is why comedians can put words in people's mouths and not get sued. And it's why tabloids can avoid being sued.
If the teacher wants to do something to hurt the site he should start by pointing out it's without credibility and no better than a supermarket tabloid.
The site should go back up immediatly in protest and with a new review for the teacher: "anti-free speech."
If he just wanted the unfounded comments gone that would warrent some sympathy. But since he's attempting to put the whole site down, that's undeniably anti-free speech.
I don't see why companies think that they can fuck up and then expect the customer they fucked over to kiss their ass in order to get the company to take responsibility.
If a customer is pissed off, deal with it. I had angry people call tech support and instead of being an asshole I addressed their problem and *shock of shocks* they got nice.
"Geez, it might even begin to instill some politeness in some people."
People tend to be polite until you piss them off. Then they have every right to display their disgust with you. If you don't like it, don't piss them off. It's not very hard to quote company policy (which you should know) in order to convince people you can't help them with their particular problem. The problem with many employees who piss people off is that they don't know they policies and so the pissed off customer has no reason to believe that the employee isn't just being an ass who refuses to do something the customer is fully aware they are capable of doing and are required to do by store policy.
Forcing companies to deal with pissed off customers might instill some sense in the company to hire people who can actually do their job and uphold promises and other nutty things.
Dotster's automated system decided to throw a canned answer to my billing question which didn't even remotely address the question and then they claimed the issue was resolved. I sent them a very strongly worded e-mail telling them the problem was not resolved, that I was not legally responsible to pay the amount because the Capital One employee was an idiot and didn't cancel the card when I told her to (for all legal purposes the card was canceled) and told them to cancel the charge and that I was going to pay the amount on another card.
Instead of being idiots and whining about me not sending them flowers they did what I told them to do and they maintain free advertising on my site (something another registrar requested and I refused) and even though I could pay less, I'm sticking with Dotster. Simply because they dealt intelligently with my situation.
They understood I had a right to be annoyed, wasn't requesting anything absurd and simply did what I asked.
More companies need to figure that out. Companies that fuck up and try to make me kiss their ass permanently lose a customer for life. And I activly tell people not to use their services.
JavaScript is fine but restrictive in the types of things you can do with it. QuickBASIC on the other hand, is incredibly easy and allows virtually any type of game to be made. You can learn how to do sprite animation, binary file loading and saving, scrolling, double buffering, etc. And it's free.
I learned how to program by using the sample code from 3-2-1 Contact and then modifying it to see what happened.
After 8 years of pretty much mastering QB I made the leap to DirectX and C++ without flinching. I actually learned the two at the same time. The problem is that books like the above focus too much on syntax. Syntax is not important. It is not necessary to learn 'C' style syntax to learn how to code. What is necessary is *concepts.* I still use all the concepts learned in QB in my current projects.
The main problem with books like this is that they're boring. I learned how to program by inventing a game that would require learning certain *concepts* and then learning them. JavaScript is not good for making entertaining projects. And so kids will just get bored.
QB allows you do to anything. Text based adventures, text based scrolling games, card games, graphical games. And if they want to do applications they can do that as well.
So what if you can load a JPG if you can't do anything with it. I entered in 10000 lines of data by hand in a custom graphics format of my own design to be able to have graphics I drew be loaded into my first major game. I even figured out how to "digitize" hand drawn graphics by drawing pictures on graph paper and then filling in the boxes the lines passed through. I used dirty rectangles to animate a massive character for the ending sequence.
Those skills are basic skills needed for any project. You need to be able to design file formats. Whether it's for graphics or data. And you need to be able to be creative to solve problems.
It's amazing what smiling at random people will do. If you look pissed off, people will ignore you. If you smile at them, they tend to smile back.
Being interested. The more interested you are in things the more interesting you become. And that's pretty much the basis for everything. Being social is mostly about interacting with people. If you're not interested in anything then you're going to be boring and have nothing to talk about.
Hiding behind a computer screen does nothing to enhance your interests.
"Meanwhile, the others ARE interacting and getting better, and the bar to get involved with them is getting higher and higher."
WRONG. Nerds and generally obnoxious people have this problem: they don't know when to shut up. They're so busy waiting for their turn to talk they aren't bothering to listen. There's exactly nothing wrong with being a spectator. It goes back to being *interested.* If you're boring, shut up and listen to the interesting people.
Form an opinion. There's a difference between being a wallflower and being a spectator. Wallflowers have no interest in what's going on. Spectors listen and form opinions about what's being said.
You are not the center of attention. The interesting people are the center of attention. And you become interesting by being interested. Allow others to be the center of attention and express interest in what they do or say.
"Why is nobody doing studies of what "social skills" are"
You should talk to Miss Manners. It's not rocket science. It's human instinct. Anti-Social people tend to have a very skewed idea of what it is to be social. Shooting your mouth off constantly is not being social. Being the center of attention is not being social. Being social is being interested. Sometimes you're the one telling the joke, other times you're the one laughing. Both are equally important in being social. Sometimes you're telling the story, sometimes you're listening to the story.
If you're not comfortable interacting with people, fine, be a spectator. You can't be a spectator behind a computer screen. Go to a park and just observe people. Go to a coffee house on open mic night and just observe people. You're not expected to talk. You're just expected to listen. Be interested and form an opinion about what you heard and then ask people what they thought and listen to them.
You can't "learn" how to be social from books. You just have to put yourself out there. You have to observe social activity in the Real World.
Listen and be interested. Those are all the social skills you need to be interesting.
Harlow's name is bonded to experiments that might be questionable today. For example, he separated a baby monkey from its mother and raised it in a cage with two substitute "mothers." The wire "mother" had a bottle for the infant, the cloth one didn't. Tellingly, as soon as the infants finished nursing, they abandoned the wire monkey and clutched the cloth one.
Even though the experiment demonstrated the primacy of nurture to sustenance, the cloth mother was not an adequate replacement: the isolated monkeys grew up with severe emotional and behavioral problems, says Carlson, associate professor of neuroscience and psychology at Harvard Medical School.
Even when raised in cages where they could see, smell and hear -- but not touch -- other monkeys, the infants developed what she called an "autistic-like" syndrome, with grooming, self-clasping, social withdrawal and rocking.
-------------------
Like I said, the internet is the cloth monkey. It is NOT a substitute to real world socializing.
Feel free to do something nutty like actual research before trying to tell me I misrepresented something.
The test was to see if the monkey would choose comfort over food.
They had a fake monkey with fur that felt like a real mother and a wire monkey that had a bottle. They couldn't possibly thrive with the fake monkey considering they got no food by choosing it.
The babies always choose comfort over food and starved.
is not real. There's more to being friends with people than just talking. There's no substitute to being in the actual company of people. Besides that fact that very few people are the same people on-line as they are off-line. Relationships are also not simply based on talking. They're about doing things together and experiencing new things together.
Communication is also a lot more than just words. There's tone, body language, facial expressions, etc.
I'd consider it very unhealthy to view on-line socializing as a substitute. It's very easy for someone who's introverted to decide that chatting on-line is good enough. They'd rather be a fake somebody on-line than a real nobody that has panic attacks in real social situations.
The internet is the fake monkey with fur. The real world is the wire mesh monkey with a bottle. Sure the furry monkey may feel like it's supporting you but you'll just end up depressed and dead.
The real world may be harsh but you need it to survive and be actually happy. There's a picture of a cult member taken before she joined and after she joined. In the picture taken before, she's obviously happy. In the second picture she would tell you she was happy but she obviously was depressed. When she finally realized she wasn't happy and the cult was a sham she left. She can once again be genuinly happy.
It's the same with people who depend on the internet for socializing. They think they're happy. But in reality they're miserable. They're dead inside. They're just meat puppets who think they're happy because they keep saying they are and keep being told they are.
Humans are social creatures. People need to be in the actual company of other people interacting. Not just yapping to them in black and white.
Slashdot Mirror
...more spam comming from all those junk domains that spammers buy. It's not like spammers only have a couple legitimate domains to work with.
I have a list of hundreds of such spam domains in the form
if expression both matches "*610000x*" delete ""
if expression both matches "*64.74.124.113*" delete ""
if expression both matches "*66.235.226.100*" delete ""
if expression both matches "*abcpills4u*" delete ""
if expression both matches "*about-mtg*" delete ""
if expression both matches "*adweawen*" delete ""
if expression both matches "*adweawen.biz*" delete ""
It's not going to stop spam. There's no shortage of DNS services to allow people with home connections the ability to set up Dynamic DNS so they can have a domain always pointing to their shifting IP.
The one advantage this has over filtering out links in e-mails is that I can do the filter with only the FROM and connecting IP. Currently I have to recieve the entire message. But since all this filtering happens server side, I still save at least 50% of the bandwidth.
In actuality the header is irrelavent. Spammers use affiliate programs. Nearly every spam has a link. And most of those links go to the same domains. Block 1 IP and you completely miss the target. Block 1 domain and you block every single spammer that uses it regardless of how garbled the header is or who it is.
Those few spams that don't have links just get deleted. By filtering links I reduce the amount of spam to a trickle, have 100% accuracy, and anything that manages to get through is so little that just hitting the delete button isn't an issue. Updating the filter is a quick and easy operation.
As for being anonymous. All you need to do is host a web-site and use a simple PHP script that connects through your mail server with a generic account and allows anyone to send e-mails to anyone using it. My contact form on my site uses such a script except the sender and recipient are hard coded. If someone wants to be contacted they just include their e-mail address and it's added to the message body.
By allowing the recipient to be set by the user you meet your good friend "plausable deniability."
And if you delete all the logs that the script generates, there's nothing for anyone to seize.
With a simple question/answer challenge you can prevent spammers from whoring your script out. Not using a generic script in a generic directory like "formmail" also helps.
And since unlike "sendmail" the PHP script isn't actually sending the messages so a valid account has to be given so it can log into the actual mail server where all the filtering and security rules are in place.
Ben
I saw a DVD playing on a Plasma display and it was terrible. You can clearly make out the compression artifacts. If you're putting together a home theater you'd be better off using something less crisp to blend the artifacts better. I actually prefer watching DVDs on a regular CRT tv set.
For the not rich:
Personally I'm building an LCD projector out of an overhead and LCD monitor. Not the PC kind. The TV kind like available for the latest game consoles. You can get Overhead LCD panels prebuilt but they're quite pricey. A decent 5" panel can be had for $100-$150 if you buy something like the GameCube screen and a decent overhead can be had for $150-$200. computergeeks.com has a 4" panel for $60. So for $200-$300 you have a nice LCD projector vs $1600 minimum for a "real" LCD projector. Overhead bulbs are $20 vs $200-$300 for an LCD projector bulb.
If you're feeling bold and daring you can take a PC LCD monitor apart and place it over the overhead for a full 15"-17" panel which will project to about 10' diag at only 10' back from the wall. That'll run you hundreds just for the panel but you're still hundreds ahead of a prebuild LCD projector and you're saving 90% on bulbs.
I don't get rich people. I'd rather build these things from parts than just open up a box.
Ben
I see a movie, walk out of the theater wanting the DVD but by the time the DVD comes out, I don't care to buy it. Gladiator and The Patriot come to mind on that one.
I would have walked into a store and bought Matchstick Men and Kill Bill that same day. I'm still going to buy those two but I have yet to purchase Gladiator or The Patriot.
I think Hollywood's reasoning is that you'll keep going back to the theater to see it. They know their books. Maybe enough people are seeing movies multiple times to warrent it.
If you could pay $15-$20 to buy a movie or $8 bucks to see it in a theater what would you do? If the movie was getting good reviews I'd probably just buy it and skip the theater. If it was getting bad reviews I'd probably pass on both. If you have a few people who want to see it, you buy/rent a copy save money on the movie and just hang out and buy pizza with the money you saved which is still cheaper than buying crap at the theater.
You can blame the MPAA but the theater chains have a lot to gain by forcing you to pay them to see a movie unless you want to wait several months to buy or rent it.
Ben
You agreed to pay the price. Nobody held a gun to your head and forced you to buy those CDs.
I'd agree they'd owe us more if they were selling something necessary like food or fuel products.
But they're not. They're selling luxeries. Things you don't need.
As it is, they're giving you a check based on the average overcharge. People who only bought a CD or two are getting the same amount as people who bought dozens or hundreds of CDs.
There's no way the RIAA is going to count reciepts for everyone that requested a check and give proportionatly the same to everyone. Do you even have reciepts for all those CDs to prove you bought them and when you bought them?
It's just a lot easier to divide the entire fine by everyone who requested compensation and give equal size checks to everyone regardless of how much they spent.
And this is perfectly reasonable since nobody forced you to buy any of those CDs. If you're mad about how much you pay for CDs, buy them used. Use that check to buy used CDs so that none of the money goes back to the RIAA. And then stop buying new CDs.
Ben
Linux is touted as being secure "out of the box."
So what do people do? They install it, throw it directly on the line and assume it's secure "out of the box." So they don't worry about it.
I know Windows isn't secure. There's no way in hell I'm putting ANY OS directly on the line. I run a hardware firewall between every computer and the outside. Very few ports are open and I know exactly what's running on each of those ports.
For my IcarusIndie.com server it's logged in as an Administrator 24/7 365 days a year. Guess how many times it's been hacked?
Once someone erased all the usernames and passwords out of MySQL. They did it through a PHP page that uses MySQL. Nothing was actually damaged because they couldn't get anywhere. There is no way to remotely connect to MySQL. It's pretty lame that a semicolon can allow arbitrary commands to be issued to MySQL. And yes I'm running the latest version.
Another time someone I know decided to demonstrate a nearly server crashing bug GuildFTPd has. I updated to the latest version that claimed to have fixed the problem (ignoring your settings for not allowing more than X connections from a single IP) and it wasn't actually fixed. I now run BulletProof FTP server and it isn't affected by that DoS bug and has no known remote exploits.
I also run WinVNC. Except it's modified to use a whitelist. Only when you connect with given IPs do you even get the password prompt. And there's no way to remotely change the IP list unless you already have a whitelisted IP. So when my Cox IP changes I have to go down to the ISP to get physical access to update the whitelist.
No one has ever managed to hack Windows. Even though I'm running as "root." Only some very flaky software handling the above mentioned hacked services. But they've never managed to cause any real damage.
My web-site has been running logged in as Admin for going on 4 years. That's a very stellar record. And not hard to achieve if you're not blinded by propoganda. I even ran my server on WinME to start with and never got hacked.
It's an attitude problem. Not a hardware or software problem if your systems are being hacked into.
Ben
I'll go pick myself up a used movie from the video store with it.
Ben
Theft deals with what YOU illegally aquire. If you aquired something illegally you STOLE it. And stealing is theft. It doesn't matter if it's physical property or not. If you illegally aquired it, you are a theif.
The court puts makes a distinction because the PENALTY is determined by what the victim lost. There only needs to be a LEGAL distinction for the sake of handing down punishment which requires calculating cost.
So yes, if you illegally aquire music or whatnot, you are a theif. The court will give you a more legalistic term since the punishment is different than if you stole say a car.
"Using politically motivated, inflamatory language ["theft"; "piracy"] does not make it any worse an act in reality."
That's right, stealing nonphysical property is exactly the same morally as stealing physical property.
Hiding behind legal distinctions that were invented to make handing down punishment clearer makes you no less what you are if you illegally aquire something; a theif.
Ben
it's a FORM of theft.
Copyright infringement is a FORM of theft.
Calling it theft is therefore perfectly valid.
The only distinction is in the courtroom since the damages have be considered differently than when something is physically stolen.
Stealing is stealing. It doesn't matter whether it's physical or not. Giving it "nice" terms makes it no less wrong.
Ben
Where did I claim this was a fully manual process?
Ripping out links is automatic. Along with who it's from, who it's going to and the subject. That makes clearing out legitimate e-mails real easy.
"Spammers frequently use tricks to confuse humans reading links. spammy%2Ecom type hex, www.fake.com/blahblahblah@real.biz "
That only confuses people who are reading the message. Not programs that harvest links with the other forementioned info from the message source.
You can either depend on a computer to handle the whole process and have a 100% chance of getting false positives or do only the repetative stuff automatically and have a 100% chance of filtering only spam domains.
Every few days I have only a handful of domains to add to the filter.
Seriously. Did you actually think I'm that dense to fail to use the source of the message and not just what it renders?
-1 Insulting
Ben
Where did I claim this was an automated process?
That would be pretty stupid considering how many links people e-mail each other.
So there's exactly zero risk of filtering out legitimate domains.
Ben
the links. Except for the rare text only spam most spams either have a picture or a link that goes to a domain.
Those domains are used by tons of spammers. So by filtering out a single domain blocks dozens (or more) of spammers. And there's zero risk of blocking a legitimate e-mail since no legitimate e-mails are going to link to those spam domains.
The other bonus is that IPs are free from the ISP but domains cost real money. I've harvested hundreds of domains from spams that have hit my mail server and at $7 a pop or more, I've just "cost" spammers thousands of dollars. They have to pay a chunk of change any time they want to spam me about something. Every few days enough spams get through to care to update my Mercury Mail server filter with the new URLs.
And thanks to the HTML protocol you can't obfuscate an URL. The best they can do is base-64 the entire message but those are easy to filter out as well. It does't matter if they plain text the URL either. It's not looking for an href. It's just looking for "topofferz.biz" or whatever. As long as you keep the ".com" or whatever you don't have to worry about random letter domains that have letter combinations that can show up in legitimate attachments. Attachments are encoded without the use of a "."
The filtering happens server side so I save 50% of the bandwidth cost for every message caught. Plus cost spammers real money they paid for their domains. It's a win-lose situation just like it should be.
Ben
it wasn't to prove he couldn't do it. It was to show how much force he was deflecting. It never claimed he couldn't do it. In order to claim that you'd have to know his tolerance.
And that physics book still sucks. Note to teachers: STOP USING IT.
Ben
You are all diseased.
You are the all singing, all dancing crap of the world.
I suggest you all wash your hands and go to bed before you infect the rest of us.
Ben
Apache doesn't do anything useful for hackers. IIS is full of functionality. It's not just a web-server and it's tied directly into the OS.
Apache is just a web-server and runs on top of the OS. There's quite simply nothing to hack with Apache. With IIS there's all kinds of remote functionality to play with maliciously.
Comparing Apache to IIS is apples and oranges. If Apache did even close to what IIS is capable of doing then maybe there'd be a valid comparison.
I run Apache on 2K logged in as an admin. The only thing that's been hacked is MySQL and they couldn't get anywhere and nothing of value was stored in it. I never figured out how exactly they managed to do it or when but the assumed hole was fixed. It hasn't been hacked since so I'm guessing it works.
In order to take advantage of the hack they'd have to upload a PHP page since the mySQL port is blocked to the outside.
Oh yes, and GuildFTP was shown to be able to crash the server despite the author's claim that the hole was fixed. The only reason it didn't crash the server was because the person testing the exploit knows me. I now run BulletProof FTP server which has no known remote exploits.
Ben
MS's game department isn't what brings in all the money. It's their Windows and Office products that make the money.
They can grin a bear it when some games are pirated. Why do you think they (try to) crush companies that make mod chips for the XBox? Some things are more important.
And this is the source code to Windows. This is NOT just another product.
Anyone who dares to host it will be sat on until they are dead. Hell hath no fury.
Claiming this is just another product shows your definit lack of ability to comprehend the scope of this leak and the importance of it to MS's bottom line.
The legal costs required to shut down warez sites over a game generally are more than the amount of the losses. The legal costs required to crush the fools who dare to host the Windows source comes nowhere near the potential losses due to the leak.
Ben
by a 500LB gorilla.
It has nothing to do with morals. It's self preservation.
Most companies don't have the resources to kick the crap out of warez distributors. MS isn't one of those companies.
Ben
at 3+ hours to download I've shared it long enough.
It's my bandwidth thank you very much. If I want to whore it out that's my choice. Not everyone can afford to share popular files for extended amounts of time. I'm sure you wouldn't mind me blowing a good chunk of my alloted monthly upstream bandwidth for this file but I do. And it's my bandwidth.
Feel free to download it from a fixed site if you're worried about everyone disappearing before you're done.
Ben
People have a right to their opinions.
If I want to put up a page blasting a teacher for being terrible I have a right to be able to do so.
The only motivation this site should have for moderating people's opinions is to maximize credibility. If reviews consist of "he's a poopyhead" nobody is going to take it seriously.
It's also not criminal to make outlandish comments against people. Would a reasonable person believe the teacher is diseased in such a way? Then it's not libel. It's just stupid. This is why comedians can put words in people's mouths and not get sued. And it's why tabloids can avoid being sued.
If the teacher wants to do something to hurt the site he should start by pointing out it's without credibility and no better than a supermarket tabloid.
The site should go back up immediatly in protest and with a new review for the teacher: "anti-free speech."
If he just wanted the unfounded comments gone that would warrent some sympathy. But since he's attempting to put the whole site down, that's undeniably anti-free speech.
Put that on your resume and smoke it.
Ben
I have quite a few VHS tapes that I have no intention of editing but am digitizing so I can not have to worry about the tape degrading.
It makes sense to go with a digital camera even if you don't care about editing just so you can quickly back up your videos on DVD +/- R
It's a big giant pain to digitize things in real time.
Ben
that customers have a right to be pissed off.
I don't see why companies think that they can fuck up and then expect the customer they fucked over to kiss their ass in order to get the company to take responsibility.
If a customer is pissed off, deal with it. I had angry people call tech support and instead of being an asshole I addressed their problem and *shock of shocks* they got nice.
"Geez, it might even begin to instill some politeness in some people."
People tend to be polite until you piss them off. Then they have every right to display their disgust with you. If you don't like it, don't piss them off. It's not very hard to quote company policy (which you should know) in order to convince people you can't help them with their particular problem. The problem with many employees who piss people off is that they don't know they policies and so the pissed off customer has no reason to believe that the employee isn't just being an ass who refuses to do something the customer is fully aware they are capable of doing and are required to do by store policy.
Forcing companies to deal with pissed off customers might instill some sense in the company to hire people who can actually do their job and uphold promises and other nutty things.
Dotster's automated system decided to throw a canned answer to my billing question which didn't even remotely address the question and then they claimed the issue was resolved. I sent them a very strongly worded e-mail telling them the problem was not resolved, that I was not legally responsible to pay the amount because the Capital One employee was an idiot and didn't cancel the card when I told her to (for all legal purposes the card was canceled) and told them to cancel the charge and that I was going to pay the amount on another card.
Instead of being idiots and whining about me not sending them flowers they did what I told them to do and they maintain free advertising on my site (something another registrar requested and I refused) and even though I could pay less, I'm sticking with Dotster. Simply because they dealt intelligently with my situation.
They understood I had a right to be annoyed, wasn't requesting anything absurd and simply did what I asked.
More companies need to figure that out. Companies that fuck up and try to make me kiss their ass permanently lose a customer for life. And I activly tell people not to use their services.
Ben
JavaScript is fine but restrictive in the types of things you can do with it. QuickBASIC on the other hand, is incredibly easy and allows virtually any type of game to be made. You can learn how to do sprite animation, binary file loading and saving, scrolling, double buffering, etc. And it's free.
I learned how to program by using the sample code from 3-2-1 Contact and then modifying it to see what happened.
After 8 years of pretty much mastering QB I made the leap to DirectX and C++ without flinching. I actually learned the two at the same time. The problem is that books like the above focus too much on syntax. Syntax is not important. It is not necessary to learn 'C' style syntax to learn how to code. What is necessary is *concepts.* I still use all the concepts learned in QB in my current projects.
The main problem with books like this is that they're boring. I learned how to program by inventing a game that would require learning certain *concepts* and then learning them. JavaScript is not good for making entertaining projects. And so kids will just get bored.
QB allows you do to anything. Text based adventures, text based scrolling games, card games, graphical games. And if they want to do applications they can do that as well.
So what if you can load a JPG if you can't do anything with it. I entered in 10000 lines of data by hand in a custom graphics format of my own design to be able to have graphics I drew be loaded into my first major game. I even figured out how to "digitize" hand drawn graphics by drawing pictures on graph paper and then filling in the boxes the lines passed through. I used dirty rectangles to animate a massive character for the ending sequence.
Those skills are basic skills needed for any project. You need to be able to design file formats. Whether it's for graphics or data. And you need to be able to be creative to solve problems.
Ben
It's amazing what smiling at random people will do. If you look pissed off, people will ignore you. If you smile at them, they tend to smile back.
Being interested. The more interested you are in things the more interesting you become. And that's pretty much the basis for everything. Being social is mostly about interacting with people. If you're not interested in anything then you're going to be boring and have nothing to talk about.
Hiding behind a computer screen does nothing to enhance your interests.
"Meanwhile, the others ARE interacting and getting better, and the bar to get involved with them is getting higher and higher."
WRONG. Nerds and generally obnoxious people have this problem: they don't know when to shut up. They're so busy waiting for their turn to talk they aren't bothering to listen. There's exactly nothing wrong with being a spectator. It goes back to being *interested.* If you're boring, shut up and listen to the interesting people.
Form an opinion. There's a difference between being a wallflower and being a spectator. Wallflowers have no interest in what's going on. Spectors listen and form opinions about what's being said.
You are not the center of attention. The interesting people are the center of attention. And you become interesting by being interested. Allow others to be the center of attention and express interest in what they do or say.
"Why is nobody doing studies of what "social skills" are"
You should talk to Miss Manners. It's not rocket science. It's human instinct. Anti-Social people tend to have a very skewed idea of what it is to be social. Shooting your mouth off constantly is not being social. Being the center of attention is not being social. Being social is being interested. Sometimes you're the one telling the joke, other times you're the one laughing. Both are equally important in being social. Sometimes you're telling the story, sometimes you're listening to the story.
If you're not comfortable interacting with people, fine, be a spectator. You can't be a spectator behind a computer screen. Go to a park and just observe people. Go to a coffee house on open mic night and just observe people. You're not expected to talk. You're just expected to listen. Be interested and form an opinion about what you heard and then ask people what they thought and listen to them.
You can't "learn" how to be social from books. You just have to put yourself out there. You have to observe social activity in the Real World.
Listen and be interested. Those are all the social skills you need to be interesting.
Ben
http://whyfiles.org/087mother/4.html
Harlow's name is bonded to experiments that might be questionable today. For example, he separated a baby monkey from its mother and raised it in a cage with two substitute "mothers." The wire "mother" had a bottle for the infant, the cloth one didn't. Tellingly, as soon as the infants finished nursing, they abandoned the wire monkey and clutched the cloth one.
Even though the experiment demonstrated the primacy of nurture to sustenance, the cloth mother was not an adequate replacement: the isolated monkeys grew up with severe emotional and behavioral problems, says Carlson, associate professor of neuroscience and psychology at Harvard Medical School.
Even when raised in cages where they could see, smell and hear -- but not touch -- other monkeys, the infants developed what she called an "autistic-like" syndrome, with grooming, self-clasping, social withdrawal and rocking.
-------------------
Like I said, the internet is the cloth monkey. It is NOT a substitute to real world socializing.
Feel free to do something nutty like actual research before trying to tell me I misrepresented something.
Ben
The test was to see if the monkey would choose comfort over food.
They had a fake monkey with fur that felt like a real mother and a wire monkey that had a bottle. They couldn't possibly thrive with the fake monkey considering they got no food by choosing it.
The babies always choose comfort over food and starved.
Ben
is not real. There's more to being friends with people than just talking. There's no substitute to being in the actual company of people. Besides that fact that very few people are the same people on-line as they are off-line. Relationships are also not simply based on talking. They're about doing things together and experiencing new things together.
Communication is also a lot more than just words. There's tone, body language, facial expressions, etc.
I'd consider it very unhealthy to view on-line socializing as a substitute. It's very easy for someone who's introverted to decide that chatting on-line is good enough. They'd rather be a fake somebody on-line than a real nobody that has panic attacks in real social situations.
The internet is the fake monkey with fur. The real world is the wire mesh monkey with a bottle. Sure the furry monkey may feel like it's supporting you but you'll just end up depressed and dead.
The real world may be harsh but you need it to survive and be actually happy. There's a picture of a cult member taken before she joined and after she joined. In the picture taken before, she's obviously happy. In the second picture she would tell you she was happy but she obviously was depressed. When she finally realized she wasn't happy and the cult was a sham she left. She can once again be genuinly happy.
It's the same with people who depend on the internet for socializing. They think they're happy. But in reality they're miserable. They're dead inside. They're just meat puppets who think they're happy because they keep saying they are and keep being told they are.
Humans are social creatures. People need to be in the actual company of other people interacting. Not just yapping to them in black and white.
Ben