No, the envelope senders are fine, think about it the vast majority of SPAM is sent from zombied windows machines and open web proxies which is why greylisting works so well.
SPF checks if enforced would achieve pretty much the same thing without some of the other side effects of greylisting (ie. dumb servers that don't retry after a softfail).
Microsoft has noticed this, if enough of the larger ISPs take a hardline then it wouldn't be long before we'd have the vast majority of domains with valid SPF records.
This would close off the current avenue for spammers. Forcing them to register domains does make it slightly easier to prosecute and will certainly slow down their operations.
Well for mail/web scanning boxes Clam is sufficient. I believe that Watchguard for instance have plugged it into some of their firewalls for these applications Clam is up to it and is displacing paid for unix anti-virus. Particularly as most anti-virus vendors don't seem to know how to sell unix versions properly - McAffe and the eternal "demo" springs to mind.
I do completely agree that most open source software is continually in that coming along stage. Always missing the final usability, polish, documentation and managability completeness that makes it completely inadequate for desktop or the end user.
A classic example is Firefox, Windows Group Policy support seems to be handled via add-ons and not well properly contained within the core product. If that was in place then firefox could really start climbing in corporate acceptance and widespread usage. Convince 1 IT and management team and firefox could be pushed out to thousands of desktops within a single organisation.
No, I'm just saying that Clam is up to the job and its very hard to compete with free. Its certainly not worth Microsoft pursuing unix anti-virus with Clam for competition and a platform which is well outside their development and marketing focus.
Whats the point when clam is comming along so nicely?
Virus scanners on unix are only any good for protecting downstream windows clients and clam is ideal for this, although admittedly not quite ideal for real-time scanning of NFS/SMB shares, but for mail / web virus scanning its more than sufficient.
If clam continues the way it is, there will be a very small market for unix virus scanners.
The fact that any idiot* can report a message as SPAM and get you blocked for 24-48 hours from large sections of the internet is enough reason to be seriously concerned about blacklists. If an idiot can get you listed, I'd hate to think what a malicious person could achieve.
(* = handwritten e-mail sent to approx 20 people, person receiving e-mail had met sender in person several times in previous week and had signed up in pen and ink to receive info on further seminars, non-commercial and also sent from a.gov.uk)
You're in the wrong department, this usually happens in sales rather than IT. Typically a sales guy gets poached on the basis that they'll bring their wealth of contacts with them (ie. walk out with their contact database and any anything else they can carry with them).
Its quite easy to create windows bootable CDs with service packs, hotfixes, your specific drivers and other customisations using nlite which is a free download from http://www.nliteos.com/.
Its worth keeping an Nlite disk up to date so then when you rebuild a system you don't have to spend so long applying service packs and downloading drivers. You can also easily apply unattended settings so that you can slap the cd in the drive, reboot and have the system up with no user intervention whatsoever.
Well those were the best figures available from Netcraft.
Netcraft shows 3.9 million active sites for the top 7 Linux distributions. FreeBSD is showing 2.5 million. No stats are available for the other BSDs, so its hard to make a comparison.
The important point here is that the BSDs host far more sites than are commonly believed, so you could make like to like comparisons of Linux vs BSDs for web hosting, without feeling that there would be to much bias for or against linux based on the notion that Linux is far more popular. The truth is that there is not all that much in it.
There is alot of cross pollination of ideas but each distribution is seperately maintained and has a slightly different feature set.
FreeBSD in general has better hardware support for common server hardware than the others and has the largest number of add-on packages available.
The volume of packages available to quickly install makes it well worth installing a FreeBSD system if only for evaluating open source software prior to installing on another Linux or BSD system.
NetBSD has the most ports to other architectures out of all the BSDs. Of course if you don't need to install on alternative architectures this will be of no interest.
OpenBSD is renowned for its tight security, however most of the software developed (ie. PF firewall & OpenSSH) usually finds its way back into the other BSDs and Linux systems.
Things are a bit different on BSDs to Linux, often slightly differing command line syntax for the basic file management commands, different device names, configuration and startup script locations.
However once you've learned a Linux distribution and a BSD distribution you can flip between the two styles without alot of difficulty, once you've had some exposure to a different way of doing things you can usually find your way around other operating systems such as Solaris or SCO.
Theres no right or wrong answer here, usually its best to standardise for production systems on one operating system to make patching and so on simpler. If you're learning then theres no harm and huge benefits from exposing yourself to as many operating systems as possible, as you never know what may land unexpectedly on your desk.
FreeBSD is used more frequently than any single Linux distribution.
FreeBSD was placed at 2.5 Million active sites in June 2004.
Redhat (the most use Linux distro) was placed at 1.6 million active sites in March 2005. We can even add Redhat and Debian together and still get a number lower than FreeBSDs active site count.
Linux may be more popular overall, but FreeBSD is the strong leader if compared to any single Linux distribution.
So yes you could safely compare FreeBSD against Debian & Redhat.
All depends how much electricity the charge uses. I can see people taking advantage of off peak electricity charges (economy 7) to recharge the batteries. From midnight to 7am on the cheap or thereabouts.
With enterprise features you're looking for administration tools so that the IT department can manage software installations and deal for instance with lost password issues. This is completely lacking with truecrypt and as such couldn't even be considered as an enterprise encryption solution, employee drops dead, quits or forgets password and then all the data is lost.
It also does not allow you to easily encrypt your operating system volume, nor does it support two-factor authentication.
While the app looks promising until these features are in place its not going to find its way onto corporate laptops.
Har har. We had a Cisco guy arrive for a video conferencing demonstation. I offered to sort out our firewall so we could see the system in action, they just wanted to go right ahead without it.
Their wonderful video conferencing demo consisted of a remote techy guy talking into a standard telephone and telling the other guy in the room to advance the slides on the powerpoint presentation.
It was about the most comical product demonstration I've ever seen considering the technology involved.
Any reasonable system will lock out the account (even if temporarily) for a period of time.
For various reasons at work we permit one failed login a minute over a 30 minute period. If that figure is breached then the account is locked out for an hour. That limits the number of passwords that can be brute forced to 59 an hour providing that they are aware of these timing restraints.
With enforced password changes every 6 months a grand total of 50K passwords can be attempted via brute force assuming that brute force checking starts from the minute the password is changed. Thats nowhere near enough to realistically breach security through brute force.
Microsoft done alot of damage last time they bundled anti-virus. I think Dos 6.2 included a virus scanner, unfortunately there were no updates, the result was that millions of PCs had very out of date anti-virus protection. In some ways this was worse than having none as there was a false sense of security. In retrospect free anti-virus but no means for updates was a bad move.
Microsoft should be very careful with this product (and the anti-spyware too). They must commit to making a GOOD product, a half assed affair could do alot of damage, particularly as Microsoft software could seriously dent the competitions sales.
>Firewall is disabled by default. To enable it, you will need to recompile a kernel (you need to install with sources).
You don't need to recompile the kernel. pf & ipfw are available as modules.
I suggest you have a look at/boot/defaults/loader.conf.
ipfw_load="YES" pf_load="YES" etc.
or
kldload pf kldload ipfw
There are very few reasons why you'd need to build a new kernel in most situations.
Its a shame that this isn't made very clear in the handbook. The only situation where you might want to recompile a kernel is for SMP, but using freebsd-update you can just download a precompiled one.
Most of the docs tell you how to recompile the kernel to enable a feature and then as an after thought mention the kernel modules.
Really all those kernel compiles should be stripped from the handbook. As its completely unnessassary and scares off users.
Keylogging software that I've used had lines similar to [COPY] [PASTE]SOMEPASTEDVALUE[/PASTE] when copy/paste functionality was used. It also logged ALT+TABS plus the title of the current window.
This was 5 years ago. It was trivially easy to work out the good stuff and all obfuscation tricks mentioned so far in this thread would be rendered useless.
Keylogging was for a rogue accountant who we were about to fire for some dodgy practices but who was keeping all passwords too close (one reason for the fire).
One approach I've used is to alter file permissions so that it's not permitted to read the file. That usually stops the very stubbon ones in their tracks.
The differences between the BSDs are not that great. Compatibility isn't an issue. The same software that runs on Linux runs on BSD, that also goes for binaries. In fact you can run old linux binaries (Redhat 6 for example) that are near to impossible to run on the latest Fedora.
Getting back to your source example, FreeBSD's ports system handles your particular requirement for that package:
echo WITH_SVGALIB=1 >>/etc/make.conf cd/usr/ports/www/links make install
I suspect pretty much any customisation you'd typically make is available within the ports system.
You can install RPMS on FreeBSD too, if you really, really want to. Both RPM3 and RPM4 are in the ports system.
Which leads to another major benefit. You are not forced to use the particular version of a package that the distribution forces on you with their latest distribution. A good example is mysql which has 4 different versions available through the ports system to install. Most major apps have at least the last 2 major versions (eg: Apache 1.3 & Apache 2.0) and often a cutting edge development/beta.
If you install FreeBSD for anything, install a box just to try out software. It'll save you so much time if you just want to try an app out to see if its worth using on your main systems.
Of course the other option is to go abroad and study, that way you can learn another language AND get a degree.
The trick to being able to manage a degree abroad is to study english, that way your knowledge of their language will not impede your studies too much. As you'll have a big head start over the locals.
It would take 3 years of complete immersion to become a relatively fluent speaker.
Slashdot Mirror
No, the envelope senders are fine, think about it the vast majority of SPAM is sent from zombied windows machines and open web proxies which is why greylisting works so well.
SPF checks if enforced would achieve pretty much the same thing without some of the other side effects of greylisting (ie. dumb servers that don't retry after a softfail).
Microsoft has noticed this, if enough of the larger ISPs take a hardline then it wouldn't be long before we'd have the vast majority of domains with valid SPF records.
This would close off the current avenue for spammers. Forcing them to register domains does make it slightly easier to prosecute and will certainly slow down their operations.
Jason.
Well for mail/web scanning boxes Clam is sufficient. I believe that Watchguard for instance have plugged it into some of their firewalls for these applications Clam is up to it and is displacing paid for unix anti-virus. Particularly as most anti-virus vendors don't seem to know how to sell unix versions properly - McAffe and the eternal "demo" springs to mind.
I do completely agree that most open source software is continually in that coming along stage. Always missing the final usability, polish, documentation and managability completeness that makes it completely inadequate for desktop or the end user.
A classic example is Firefox, Windows Group Policy support seems to be handled via add-ons and not well properly contained within the core product. If that was in place then firefox could really start climbing in corporate acceptance and widespread usage. Convince 1 IT and management team and firefox could be pushed out to thousands of desktops within a single organisation.
Oh well.
Jason.
No, I'm just saying that Clam is up to the job and its very hard to compete with free. Its certainly not worth Microsoft pursuing unix anti-virus with Clam for competition and a platform which is well outside their development and marketing focus.
Jason.
Whats the point when clam is comming along so nicely?
Virus scanners on unix are only any good for protecting downstream windows clients and clam is ideal for this, although admittedly not quite ideal for real-time scanning of NFS/SMB shares, but for mail / web virus scanning its more than sufficient.
If clam continues the way it is, there will be a very small market for unix virus scanners.
Jason
The fact that any idiot* can report a message as SPAM and get you blocked for 24-48 hours from large sections of the internet is enough reason to be seriously concerned about blacklists. If an idiot can get you listed, I'd hate to think what a malicious person could achieve.
.gov.uk)
(* = handwritten e-mail sent to approx 20 people, person receiving e-mail had met sender in person several times in previous week and had signed up in pen and ink to receive info on further seminars, non-commercial and also sent from a
You're in the wrong department, this usually happens in sales rather than IT. Typically a sales guy gets poached on the basis that they'll bring their wealth of contacts with them (ie. walk out with their contact database and any anything else they can carry with them).
Jason.
Its quite easy to create windows bootable CDs with service packs, hotfixes, your specific drivers and other customisations using nlite which is a free download from http://www.nliteos.com/.
Its worth keeping an Nlite disk up to date so then when you rebuild a system you don't have to spend so long applying service packs and downloading drivers. You can also easily apply unattended settings so that you can slap the cd in the drive, reboot and have the system up with no user intervention whatsoever.
Jason.
Well those were the best figures available from Netcraft.
Netcraft shows 3.9 million active sites for the top 7 Linux distributions. FreeBSD is showing 2.5 million. No stats are available for the other BSDs, so its hard to make a comparison.
The important point here is that the BSDs host far more sites than are commonly believed, so you could make like to like comparisons of Linux vs BSDs for web hosting, without feeling that there would be to much bias for or against linux based on the notion that Linux is far more popular. The truth is that there is not all that much in it.
FreeBSD.
OpenBSD.
NetBSD.
There is alot of cross pollination of ideas but each distribution is seperately maintained and has a slightly different feature set.
FreeBSD in general has better hardware support for common server hardware than the others and has the largest number of add-on packages available.
The volume of packages available to quickly install makes it well worth installing a FreeBSD system if only for evaluating open source software prior to installing on another Linux or BSD system.
NetBSD has the most ports to other architectures out of all the BSDs. Of course if you don't need to install on alternative architectures this will be of no interest.
OpenBSD is renowned for its tight security, however most of the software developed (ie. PF firewall & OpenSSH) usually finds its way back into the other BSDs and Linux systems.
Things are a bit different on BSDs to Linux, often slightly differing command line syntax for the basic file management commands, different device names, configuration and startup script locations.
However once you've learned a Linux distribution and a BSD distribution you can flip between the two styles without alot of difficulty, once you've had some exposure to a different way of doing things you can usually find your way around other operating systems such as Solaris or SCO.
Theres no right or wrong answer here, usually its best to standardise for production systems on one operating system to make patching and so on simpler. If you're learning then theres no harm and huge benefits from exposing yourself to as many operating systems as possible, as you never know what may land unexpectedly on your desk.
Jason.
FreeBSD is used more frequently than any single Linux distribution.
FreeBSD was placed at 2.5 Million active sites in June 2004.
Redhat (the most use Linux distro) was placed at 1.6 million active sites in March 2005. We can even add Redhat and Debian together and still get a number lower than FreeBSDs active site count.
Linux may be more popular overall, but FreeBSD is the strong leader if compared to any single Linux distribution.
So yes you could safely compare FreeBSD against Debian & Redhat.
These figures are from Netcraft.
Jason.
All depends how much electricity the charge uses. I can see people taking advantage of off peak electricity charges (economy 7) to recharge the batteries. From midnight to 7am on the cheap or thereabouts.
Jason
I don't agree with your comments about truecrypt.
With enterprise features you're looking for administration tools so that the IT department can manage software installations and deal for instance with lost password issues. This is completely lacking with truecrypt and as such couldn't even be considered as an enterprise encryption solution, employee drops dead, quits or forgets password and then all the data is lost.
It also does not allow you to easily encrypt your operating system volume, nor does it support two-factor authentication.
While the app looks promising until these features are in place its not going to find its way onto corporate laptops.
Jason
Har har. We had a Cisco guy arrive for a video conferencing demonstation. I offered to sort out our firewall so we could see the system in action, they just wanted to go right ahead without it.
Their wonderful video conferencing demo consisted of a remote techy guy talking into a standard telephone and telling the other guy in the room to advance the slides on the powerpoint presentation.
It was about the most comical product demonstration I've ever seen considering the technology involved.
Jason.
Any reasonable system will lock out the account (even if temporarily) for a period of time.
For various reasons at work we permit one failed login a minute over a 30 minute period. If that figure is breached then the account is locked out for an hour. That limits the number of passwords that can be brute forced to 59 an hour providing that they are aware of these timing restraints.
With enforced password changes every 6 months a grand total of 50K passwords can be attempted via brute force assuming that brute force checking starts from the minute the password is changed. Thats nowhere near enough to realistically breach security through brute force.
Jason
How are they going to have the resources to expand if they are laying off staff?
They'll need those 9 people to babysit the existing operations while others are supporting the new operations.
Sounds like a troubled expansion plan to me.
Mine has "Locally Administered MAC Address" for Dell Truemobile 1400. Dell D800 laptop.
While not all cards have this option many do.
Jason.
huh? I've yet to see a card that doesn't have mac address changing. On windows its usually under the advanced settings for the card.
Jason.
Microsoft done alot of damage last time they bundled anti-virus. I think Dos 6.2 included a virus scanner, unfortunately there were no updates, the result was that millions of PCs had very out of date anti-virus protection. In some ways this was worse than having none as there was a false sense of security. In retrospect free anti-virus but no means for updates was a bad move.
Microsoft should be very careful with this product (and the anti-spyware too). They must commit to making a GOOD product, a half assed affair could do alot of damage, particularly as Microsoft software could seriously dent the competitions sales.
Jason.
>Firewall is disabled by default. To enable it, you will need to recompile a kernel (you need to install with sources).
/boot/defaults/loader.conf.
You don't need to recompile the kernel. pf & ipfw are available as modules.
I suggest you have a look at
ipfw_load="YES"
pf_load="YES" etc.
or
kldload pf
kldload ipfw
There are very few reasons why you'd need to build a new kernel in most situations.
Its a shame that this isn't made very clear in the handbook. The only situation where you might want to recompile a kernel is for SMP, but using freebsd-update you can just download a precompiled one.
Most of the docs tell you how to recompile the kernel to enable a feature and then as an after thought mention the kernel modules.
Really all those kernel compiles should be stripped from the handbook. As its completely unnessassary and scares off users.
Jason
UK Office PRO educational costs around 30UKP,
professional costs corporate users around 180-200UKP.
Educational pricing is significantly cheaper than corporate costs.
We've already had one of those, it caused alot more problems than it solved.
For more info google for Nachi.
Jason.
Keylogging software that I've used had lines similar to [COPY] [PASTE]SOMEPASTEDVALUE[/PASTE] when copy/paste functionality was used. It also logged ALT+TABS plus the title of the current window.
This was 5 years ago. It was trivially easy to work out the good stuff and all obfuscation tricks mentioned so far in this thread would be rendered useless.
Keylogging was for a rogue accountant who we were about to fire for some dodgy practices but who was keeping all passwords too close (one reason for the fire).
Jason.
One approach I've used is to alter file permissions so that it's not permitted to read the file. That usually stops the very stubbon ones in their tracks.
Jason.
The differences between the BSDs are not that great. Compatibility isn't an issue. The same software that runs on Linux runs on BSD, that also goes for binaries. In fact you can run old linux binaries (Redhat 6 for example) that are near to impossible to run on the latest Fedora.
/etc/make.conf /usr/ports/www/links
Getting back to your source example, FreeBSD's ports system handles your particular requirement for that package:
echo WITH_SVGALIB=1 >>
cd
make install
I suspect pretty much any customisation you'd typically make is available within the ports system.
You can install RPMS on FreeBSD too, if you really, really want to. Both RPM3 and RPM4 are in the ports system.
Which leads to another major benefit. You are not forced to use the particular version of a package that the distribution forces on you with their latest distribution. A good example is mysql which has 4 different versions available through the ports system to install. Most major apps have at least the last 2 major versions (eg: Apache 1.3 & Apache 2.0) and often a cutting edge development/beta.
If you install FreeBSD for anything, install a box just to try out software. It'll save you so much time if you just want to try an app out to see if its worth using on your main systems.
Of course the other option is to go abroad and study, that way you can learn another language AND get a degree.
The trick to being able to manage a degree abroad is to study english, that way your knowledge of their language will not impede your studies too much. As you'll have a big head start over the locals.
It would take 3 years of complete immersion to become a relatively fluent speaker.
Jason