And I have control without having to be in the IT department. This is where OpenSSH shines for me. I can set up port forwarding and proxy off my home machine with a cable connection and IT can't see shit for what I'm doing. It all looks like a bunch of telnet and ftp to them, all to one place. So if they are actually monitoring usage by port I'm coming up extremely low on the usage.
At home I use junkbuster and watch all the unlogged internet there is without ads, too. OpenSSH also gives me access to nntp, smtp, and pop over a secured connection between my office and home.
So before you go off yelling about office proxies and you have dsl or cable connections at home, set something like this up and go the distance.
Being tossed off the front of a moving ship is called keel-hauling. Usually you're tied to a rope around the waist, thrown off the front and then you must swim down to prevent being hit by the keel and rudder. When (and if) you survive coming out the aft you're pulled up and out of the water only to be thrown back off the front.
chmls21.cp.ipsvc.net is an AT&T relay which accepted an email by a host which misidentified itself as coming from yahoo. I get tons of these a week and each email is unreadable.
However, I hope i am translating the above properly, but I'm glad I have a spamassassin rule to flag ALL email from hinet.net and seed.net as spam which goes directly to my catchall folder for spam.
Even if the above relay wasn't AT&T's own relay, then AT&T should express some pressure on ipsvc.net and get that relay secured where header spoofing is not allowed.
Gee, if only AT&T would shut their OWN OPEN RELAYS!!
Here's a header of one such email that gets through their open relay: Received: from lo (61-216-36-158.HINET-IP.hinet.net [61.216.36.158])
by chmls21.cp.ipsvc.net (8.11.6/8.11.6) with SMTP id g1ENgSp04151;
Thu, 14 Feb 2002 18:42:30 -0500 (EST) Date: Thu, 14 Feb 2002 18:42:30 -0500 (EST) Received: from yahoo
by yahoo.com with SMTP id jKPDvKWyIdxNwan;
Fri, 15 Feb 2002 07:37:42 +0800 Message-ID: From: mark@sayhi.com.tw To: 0125ok.txt@chmls21.cp.ipsvc.net, 0102ok.txt@chmls21.cp.ipsvc.net, 0103ok.txt@chmls21.cp.ipsvc.net, 0104ok.txt@chmls21.cp.ipsvc.net, 0105ok.txt@chmls 21.cp.ipsvc.net, 0106ok.txt@chmls21.cp.ipsvc.net, 0107ok.txt@chmls 21.cp.ipsvc.net, 0108ok.txt@chmls21.cp.ipsvc.net, 0109ok.txt@chmls 21.cp.ipsvc.net, 0110ok.txt@chmls21.cp.ipsvc.net, 0111ok.txt@chmls 21.cp.ipsvc.net, 0112ok.txt@chmls21.cp.ipsvc.net, 0113ok.txt@chmls 21.cp.ipsvc.net, 0114ok.txt@chmls21.cp.ipsvc.net, 0115ok.txt@chmls 21.cp.ipsvc.net, 0116ok.txt@chmls21.cp.ipsvc.net, 0117ok.txt@chmls 21.cp.ipsvc.net, 0118ok.txt@chmls21.cp.ipsvc.net, 0119ok.txt@chmls 21.cp.ipsvc.net, 0122¼Özéok.txt@chmls21.cp.ipsvc.net, 0101ok.txt@c hmls21.cp.ipsvc.net
Now, thankfully I use spamassassin and I can modify the filter, but AT&T better work on their own mail servers, too.
I agree. I use FreeBSD and have had my computer lose power during a "make buildworld". Upon rebooting the fsck took a few minutes, but with softupdates I didn't lose much work. In fact, I issued the "make buildworld" command again and it completed without a hitch.
For those of you that don't know, or aren't familiar with FreeBSD, you can build the entire OS from source with one command. It's not a port or package, but the entire base OS (kernel, filesystem utils, OpenSSH, OpenSSL, bind, sendmail, all the crypto, etc...).
I do agree that softupdates would be preferencial in most cases. McKusick had his shit in order when he wrote SU. Journaling had its place a year or two ago, but with today's more robust systems and affordable UPSs, why not invest more attention in a unified VM, or better system tools?
For me, FreeBSD has a kick-ass VM and a rock solid filesytem. Using SU in linux wouldn't hurt, but you'd need to port over UFS to make it work. But that wouldn't be hard since BSD code is pretty much there for the taking. YMMV.
All the more reason to pipe your communications through known, and accepted secure protocols like OpenSSH and GPG (for documents).
Wireless protocols are not peer reviewed to the extent AES was, so why not run your communication through an AES tunnel? It only makes sense to do so. And since OpenSSH supports AES (128bit, 192bit, and 256bit) it makes good sense to take advantage of the encryption.
I can personally vouch for Spamassassin as I just installed it this week on my FreeBSD system running exim.
Here's a nice sample log entry of what I see when an email is flagged as spam:
2002-02-15 14:07:17 From: tyu7@mail.com Subject: ***** SPAM ***** Add that extra room
X-Spam-Status: Yes, hits=13.2 required=5.0 tests=NO_REAL_NAME, MSGID_SPAMSIGN_1, FAKED_UNDISC_RECIPS, TO_MALFORMED, INVALID_MSGID, FREQ_SPAM_PHRASE, RCVD_IN_OSIRUSOFT_COM version=2.01 Sender: tyu7@mail.com
The highest hit count so far? 26.7 from a yahoo spam email.
It is so nice having Spamassassin on my mail server so that all users can choose what they want or not. Since Spamassassin only flags email as spam, it is up to the MUA how the email is disposed.
Don't forget spamassassin. I installed this yesterday and it has caught every bit of spam entering my mail server from all sorts of mailing lists.
Configuration is simple and straight forward and it integrates nicely with any email system. Personally I'm using exim to pipe all received email through spamc/spamd and then the mail is received by exim after the spam check. There is only one check for spam per email entering my system.
Spamassassin only flags the email as spam, but it's up to the MUA to actually delete it.
This is log output from exim+SA: 2002-02-12 17:21:35 From: Subject: *****SPAM***** save money for dank
X-Spam-Status: Yes, hits=14.1 required=5.0 tests=NO_REAL_NAME, FROM_ENDS_IN_NUMS, INVALID_DATE_NO_TZ, REPLY_REMOVE_SUBJECT, EXCUSE_3,REMOVE_SUBJ, TO_BE_REMOVED_REPLY, SUPERLONG_LINE, FREQ_SPAM_PHRASE, FORGED_YAHOO_RCVD version=2.01 Sender: owner-freebsd-questions@freebsd.org
I'll soon move all my email users' to email filtered by spamassassin. This is just too damn simple.
Rent the movie "A Christmas Story". In US radio history there was a children's show that gave out secret messages to the kids. The kids had to order a secret decoder ring to decode these "secret messages." Remember it's a kids show - and remember sponsors like their brands remembered.
It was habit in this show to put the sponsor's brand in the secret message. The particular message decoded when the film's protagonist decoded his first secret message with the decoder ring was, you guessed it: "Be sure to drink your ovaltine."
Sorry, but I think I ressurected this phrase a few days ago with this link and this link.
Easy... I'm not doing anything special with the ircd. I'm only allowing the connection to the ircd through stunnel. This makes it a layered application. I can't code my way out of a wet paper bag so I can't contribute. However I am an engineer so I takes bits a pieces and use them to best suit my needs.
Stunnel is set up to listen on one port and forward the decrypted data to the port where the ircd is listening.
My setup isn't a solution, but it's a combination available software; I'm not integrating one into the other.
stunnel helps to encrypt normally non-encrypted data streams.
I've got my own ircd which I require the clients to use stunnel or an ssl-enabled client to connect. Soon, I can limit access purely by accepted certs, thereby keeping lusers out.
Of course the same can be done with OpenSSH. I use that at work to bypass my office firewall and use my home cable connection for a proxy to usenet, email, and other service. The best part of this is I can bypass my ofice proxy so they don't record where I netsurf. it looks a lot like a bunch of ftp and telnet to them.
This kind of contest reminds me of the move "A Christmas Story" when the young boy gets his decoder ring and is finaly able to decode Secret Annie's message.
This interesting to learn. Good thing I run FreeBSD.
Re:I'll never tourch RPM again if I have too
on
OpenPKG 1.0 Released
·
· Score: 2
I don't have the dependency problem with FreeBSD. All the dependencies are handled automagically with the pkg/ports system. If the dependency isn't there it is downloaded and installed automatically.
That's the beauty of the ports system!
I have these targets and more with the ports collection: fetch - Retrieves DISTFILES (and PATCHFILES if defined) into DISTDIR as necessary.
fetch-list - Show list of files that would be retrieved by fetch.
fetch-recursive - Retrieves DISTFILES (and PATCHFILES if defined), for port and dependencies into DISTDIR as necessary.
fetch-recursive-list - Show list of files that would be retrieved by fetch-recursive.
extract - Unpacks DISTFILES into WRKDIR.
patch - Apply any provided patches to the source.
configure - Runs either GNU configure, one or more local configure scripts or nothing, depending on what's available.
build - Actually compile the sources.
install - Install the results of a build.
reinstall - Install the results of a build, ignoring "already installed" flag.
deinstall - Remove the installation.
package - Create a package from an _installed_ port.
describe - Try to generate a one-line description for each port for use in INDEX files and the like.
checkpatch - Do a "patch -C" instead of a "patch". Note that it may give incorrect results if multiple patches deal with the same file.
checksum - Use distinfo to ensure that your distfiles are valid.
checksum-recursive - Run checksum in this port and all dependencies.
makesum - Generate distinfo (only do this for your own ports!).
clean - Remove WRKDIR and other temporary files used for building.
clean-depends - Do a "make clean" for all dependencies.
I'll never go back to RedHat or use RPMs or deb files again.
Slashdot Mirror
You can even encrypt the voip using various encryption algorithms so all your other geeky friends around the planet can talk for free.
Boxen is the plural form of "box" when spoken in Finnish, well, Finglish actually.
The suffix -en denotes the plural form.
And I have control without having to be in the IT department. This is where OpenSSH shines for me. I can set up port forwarding and proxy off my home machine with a cable connection and IT can't see shit for what I'm doing. It all looks like a bunch of telnet and ftp to them, all to one place. So if they are actually monitoring usage by port I'm coming up extremely low on the usage.
At home I use junkbuster and watch all the unlogged internet there is without ads, too. OpenSSH also gives me access to nntp, smtp, and pop over a secured connection between my office and home.
So before you go off yelling about office proxies and you have dsl or cable connections at home, set something like this up and go the distance.
I use it quite a bit to sign emails and the interface is pretty clean, too.
But for the real women we must ask, "Are those real or fake?"
This bill is SR-253 for those of you who didn't look it up on the committee schedule. I just called (4:35 PM EST) and it was in conference.
I urged Senator Max Cleland (via his staff) to NOT SUPPORT SR-253 since it will be bad for consumers and all the other stuff.
The staff member also took my name and address as a "verification" of my constituency.
Uh, no. In this case the porn is the filtrate. And the boring stuff is the filtrant.
Being tossed off the front of a moving ship is called keel-hauling. Usually you're tied to a rope around the waist, thrown off the front and then you must swim down to prevent being hit by the keel and rudder. When (and if) you survive coming out the aft you're pulled up and out of the water only to be thrown back off the front.
Rinse - lather - repeat.
I mean, 99% of the time my TV is off. Why do I need HDTV to watch it collect dust.
I'll never pay for an HDTV and I can't afford one. So why do I need to pay out my wahzoo for one of eighteen methods of viewing HDTV?
I'd rather go to Europe and watch my stuff on PAL. At least PAL is affordable and widely available and also has a much better picture than NTSC.
HDTV will just suck too much to gain any viewing pleasure from it.
chmls21.cp.ipsvc.net is an AT&T relay which accepted an email by a host which misidentified itself as coming from yahoo. I get tons of these a week and each email is unreadable.
However, I hope i am translating the above properly, but I'm glad I have a spamassassin rule to flag ALL email from hinet.net and seed.net as spam which goes directly to my catchall folder for spam.
Even if the above relay wasn't AT&T's own relay, then AT&T should express some pressure on ipsvc.net and get that relay secured where header spoofing is not allowed.
Gee, if only AT&T would shut their OWN OPEN RELAYS!!
s 21.cp.ipsvc.net, 0106ok.txt@chmls21.cp.ipsvc.net,s 21.cp.ipsvc.net, 0108ok.txt@chmls21.cp.ipsvc.net,s 21.cp.ipsvc.net, 0110ok.txt@chmls21.cp.ipsvc.net,s 21.cp.ipsvc.net, 0112ok.txt@chmls21.cp.ipsvc.net,s 21.cp.ipsvc.net, 0114ok.txt@chmls21.cp.ipsvc.net,s 21.cp.ipsvc.net, 0116ok.txt@chmls21.cp.ipsvc.net,s 21.cp.ipsvc.net, 0118ok.txt@chmls21.cp.ipsvc.net,s 21.cp.ipsvc.net, 0122¼Özéok.txt@chmls21.cp.ipsvc.net,c hmls21.cp.ipsvc.net
Here's a header of one such email that gets through their open relay:
Received: from lo (61-216-36-158.HINET-IP.hinet.net [61.216.36.158])
by chmls21.cp.ipsvc.net (8.11.6/8.11.6) with SMTP id g1ENgSp04151;
Thu, 14 Feb 2002 18:42:30 -0500 (EST)
Date: Thu, 14 Feb 2002 18:42:30 -0500 (EST)
Received: from yahoo
by yahoo.com with SMTP id jKPDvKWyIdxNwan;
Fri, 15 Feb 2002 07:37:42 +0800
Message-ID:
From: mark@sayhi.com.tw
To: 0125ok.txt@chmls21.cp.ipsvc.net, 0102ok.txt@chmls21.cp.ipsvc.net, 0103ok.txt@chmls21.cp.ipsvc.net, 0104ok.txt@chmls21.cp.ipsvc.net,
0105ok.txt@chml
0107ok.txt@chml
0109ok.txt@chml
0111ok.txt@chml
0113ok.txt@chml
0115ok.txt@chml
0117ok.txt@chml
0119ok.txt@chml
0101ok.txt@
Now, thankfully I use spamassassin and I can modify the filter, but AT&T better work on their own mail servers, too.
I agree. I use FreeBSD and have had my computer lose power during a "make buildworld". Upon rebooting the fsck took a few minutes, but with softupdates I didn't lose much work. In fact, I issued the "make buildworld" command again and it completed without a hitch.
For those of you that don't know, or aren't familiar with FreeBSD, you can build the entire OS from source with one command. It's not a port or package, but the entire base OS (kernel, filesystem utils, OpenSSH, OpenSSL, bind, sendmail, all the crypto, etc...).
I do agree that softupdates would be preferencial in most cases. McKusick had his shit in order when he wrote SU. Journaling had its place a year or two ago, but with today's more robust systems and affordable UPSs, why not invest more attention in a unified VM, or better system tools?
For me, FreeBSD has a kick-ass VM and a rock solid filesytem. Using SU in linux wouldn't hurt, but you'd need to port over UFS to make it work. But that wouldn't be hard since BSD code is pretty much there for the taking. YMMV.
All the more reason to pipe your communications through known, and accepted secure protocols like OpenSSH and GPG (for documents).
Wireless protocols are not peer reviewed to the extent AES was, so why not run your communication through an AES tunnel? It only makes sense to do so. And since OpenSSH supports AES (128bit, 192bit, and 256bit) it makes good sense to take advantage of the encryption.
I can personally vouch for Spamassassin as I just installed it this week on my FreeBSD system running exim.
Here's a nice sample log entry of what I see when an email is flagged as spam:
2002-02-15 14:07:17 From: tyu7@mail.com Subject: ***** SPAM ***** Add that extra room
X-Spam-Status: Yes, hits=13.2 required=5.0 tests=NO_REAL_NAME, MSGID_SPAMSIGN_1, FAKED_UNDISC_RECIPS, TO_MALFORMED, INVALID_MSGID, FREQ_SPAM_PHRASE, RCVD_IN_OSIRUSOFT_COM version=2.01 Sender: tyu7@mail.com
The highest hit count so far? 26.7 from a yahoo spam email.
It is so nice having Spamassassin on my mail server so that all users can choose what they want or not. Since Spamassassin only flags email as spam, it is up to the MUA how the email is disposed.
Configuration is simple and straight forward and it integrates nicely with any email system. Personally I'm using exim to pipe all received email through spamc/spamd and then the mail is received by exim after the spam check. There is only one check for spam per email entering my system.
Spamassassin only flags the email as spam, but it's up to the MUA to actually delete it.
This is log output from exim+SA: 2002-02-12 17:21:35 From: Subject: *****SPAM***** save money for dank X-Spam-Status: Yes, hits=14.1 required=5.0 tests=NO_REAL_NAME, FROM_ENDS_IN_NUMS, INVALID_DATE_NO_TZ, REPLY_REMOVE_SUBJECT, EXCUSE_3,REMOVE_SUBJ, TO_BE_REMOVED_REPLY, SUPERLONG_LINE, FREQ_SPAM_PHRASE, FORGED_YAHOO_RCVD version=2.01 Sender: owner-freebsd-questions@freebsd.org
I'll soon move all my email users' to email filtered by spamassassin. This is just too damn simple.
I will not be installing gnome bloatware^H^H^H^H^H^H^H^H^Hcomponents on my workstation.
I just want my boss to leave me alone. I don't necessarily want to hear him, but I sure as hell don't want to see him.
It was habit in this show to put the sponsor's brand in the secret message. The particular message decoded when the film's protagonist decoded his first secret message with the decoder ring was, you guessed it: "Be sure to drink your ovaltine."
Sorry, but I think I ressurected this phrase a few days ago with this link and this link.
Easy... I'm not doing anything special with the ircd. I'm only allowing the connection to the ircd through stunnel. This makes it a layered application. I can't code my way out of a wet paper bag so I can't contribute. However I am an engineer so I takes bits a pieces and use them to best suit my needs.
Stunnel is set up to listen on one port and forward the decrypted data to the port where the ircd is listening.
My setup isn't a solution, but it's a combination available software; I'm not integrating one into the other.
I've got my own ircd which I require the clients to use stunnel or an ssl-enabled client to connect. Soon, I can limit access purely by accepted certs, thereby keeping lusers out.
Of course the same can be done with OpenSSH. I use that at work to bypass my office firewall and use my home cable connection for a proxy to usenet, email, and other service. The best part of this is I can bypass my ofice proxy so they don't record where I netsurf. it looks a lot like a bunch of ftp and telnet to them.
This kind of contest reminds me of the move "A Christmas Story" when the young boy gets his decoder ring and is finaly able to decode Secret Annie's message.
The message? DONT FORGET TO DRINK YOUR OVALTINE
I got a much shorter message: DRINK YOUR OVALTINE
Why not go directly to 4.4-STABLE or chance 4.5-PRERELEASE? It's definitely nice and stable. Much better than 2.2 or 2.4.
# uptime
7:39AM up 31 days, 7:46, 8 users, load averages: 1.00, 1.00, 1.00
#uname -a
FreeBSD somewhere 4.4-STABLE FreeBSD 4.4-STABLE #10: Sat Dec 1 13:37:45 EST 2001 root@gw.smnolde.com:/usr/obj/usr/src/sys/FIREWALL i386
Well, maybe I am trolling, but you linux d00ds still don't get it.
This interesting to learn. Good thing I run FreeBSD.
That's the beauty of the ports system! I have these targets and more with the ports collection:
fetch - Retrieves DISTFILES (and PATCHFILES if defined) into DISTDIR as necessary.
fetch-list - Show list of files that would be retrieved by fetch.
fetch-recursive - Retrieves DISTFILES (and PATCHFILES if defined), for port and dependencies into DISTDIR as necessary.
fetch-recursive-list - Show list of files that would be retrieved by fetch-recursive.
extract - Unpacks DISTFILES into WRKDIR.
patch - Apply any provided patches to the source.
configure - Runs either GNU configure, one or more local configure scripts or nothing, depending on what's available.
build - Actually compile the sources.
install - Install the results of a build.
reinstall - Install the results of a build, ignoring "already installed" flag.
deinstall - Remove the installation.
package - Create a package from an _installed_ port.
describe - Try to generate a one-line description for each port for use in INDEX files and the like.
checkpatch - Do a "patch -C" instead of a "patch". Note that it may give incorrect results if multiple patches deal with the same file.
checksum - Use distinfo to ensure that your distfiles are valid.
checksum-recursive - Run checksum in this port and all dependencies.
makesum - Generate distinfo (only do this for your own ports!).
clean - Remove WRKDIR and other temporary files used for building.
clean-depends - Do a "make clean" for all dependencies.
I'll never go back to RedHat or use RPMs or deb files again.