Slashdot Mirror


User: Alioth

Alioth's activity in the archive.

Stories
0
Comments
5,690
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,690

  1. Re:This is ... on Microsoft Offers A Bounty On Virus Writers · · Score: 1

    Judging by the quality of the code in modern worms, most worm writers are skript kiddies.

    Skript kiddies tend to have over-inflated egos and brag to one and other what exploits they've been up to. With a $250K bounty in the offing, a skript kiddie will probably turn in a fellow skript kiddie. It's inevitable the writer of SoBig etc. will have bragged to other skript kiddies about doing so.

    Sure, if *I* wrote some malware, I would not tell a soul about it. But then again, malware writers are scum and I'd never do such a thing.

  2. Re:If I ran an ISP... on Swedish ISP Blocks Computers That Send Spam · · Score: 1

    Yes... this is a very good idea... so why aren't you the president of an ISP

    The market is saturated. I live on an island whose population is 76,000 and we have not one, but FOUR ISPs already. (One ISP only caters for business though). The wires are sold by a monopoly telco, Manx Telecom (they sell ADSL wholesale to the ISPs).

    However, one of the ISPs (Domicilium) has just been granted a license to use the fixed base wireless system to provide 5Mbit/s connectivity, competing with MT's wires. They haven't settled on pricing yet, but IF the price is right, I may run a "community ISP" - incoroporate as a non-profit, get a 5Mbit/s link, then share it amongst my neighbourhood via cat5e wiring on my side of the street, and some breed of 802.11x for others in range.

    We'll see what happens.
  3. Re:If I ran an ISP... on Swedish ISP Blocks Computers That Send Spam · · Score: 1

    It's a pretty flawed reason, too, IMHO. Trying to milk extra money for static IP addresses means it costs them more to run their abuse department - and there's probably a vanishingly small market of people who would pay extra just for a static IP (I suspect in .be that static IP gets bundled with other 'business' services, like different contention, and cannot be unbundled)

  4. If I ran an ISP... on Swedish ISP Blocks Computers That Send Spam · · Score: 3, Interesting

    If I ran a broadband ISP:

    1. All users would get a static IP (since there's an expectation that they are always on, there's no point in NOT doing so. In the dialup days you'd have fewer IP addresses than customers, for broadband you can't really do that). Customers having static IPs would make abuse much easier to trace.
    2. The initial sign-up would say "Would you like to be protected by our firewall?" with the default option set to YES. The vast majority of normal home users would get some default level of security (known troublesome services, including outbound port 25 filtered, and incoming CIFS filtered etc, plus all Microsoft executables for their ISP email address rejected automatically). People who select NO to this option will be warned of the dangers of doing so, but will have no filtering at all applied to their accounts.
    3. A system such as Snort would be run analysing incoming/outgoing traffic and looking for trouble. If a user is trojaned and sending out crap, they get the plug pulled.

  5. Re:Seven of Nine on The Issues of Nano-Safety · · Score: 1

    Think of the ways we can help the environment, our bodies, our society

    How about remove our bodies? Just imagine at some stage in the future, we have the technology to offload what's stored in our brain to a machine directly. We could get rid of our feeble bodies. Instead of having to send heavy spacecraft out with life support, you ARE the spacecraft. You just choose a body for your needs - self repairing, thanks to nanotechnology. Perhaps our ultimate evolution is away from fragile flesh and bones, and to machine beings.
  6. Re:No good news here on Spammer DDoS-By-Virus On spamhaus.org · · Score: 1

    self-modifying defensive systems will happen exactly as the parasites have evolved: because this is what happens in natural systems.


    I have a pet prediction that the first true artificial intelligence will be accidentally created. And the first system that will become self-aware? It'll be a spam filter!
  7. Re:One redeeming aspect of MMORPGs on Gaming Communities Cause Of TV Ratings Decline? · · Score: 1

    I can give you an idea. I live in the Isle of Man, which is served by the BBC (I don't have a TV at the moment, but when I watch TV at my Dad's, I tend to watch BBC channels). There are no adverts on BBC.

    I also lived in North Carolina and then Texas for a while.

    In a half hour slot, Fox gets in one episode of the Simpsons.
    The BBC gets in two episodes of the Simpsons in one half hour slot. The Simpsons is barely more than 15 minutes of content! The rest is all ads.

    Star Trek: TNG lasts 40 minutes on the BBC. It lasts an hour on US TV - so in the one hour slot for ST, there's 20 minutes of advertising: not as bad as the 50% advertising that's in a half hour show, but it's at least 33% advertising.

    I eventually gave up on TV in the USA because it was too ad filled (I only had cable for internet access). Worst of all were the car dealership ads where the dude in charge of the dealership shouts at you. Car ads were the most obnoxious on the radio too. Absolutely no creativity. All shouted an echo effects around the "amazing deals".

  8. Re:Amazing Apple XCode was not highlighted !?!?! on Mac OS X 10.3 vs. Linux · · Score: 3, Insightful

    Linux people never remember linux was a ripoff of MINUX source code originally, and a rippoff of GNU tools), True its come a long way in recent years, but a lot of those types of hobbyists ARE buying macs


    Linux people never remember that because it wasn't a rip-off of Minix. Linux was developed from scratch. In the early days, you needed to compile the kernel using GCC running on Minix - but that doesn't mean it's a rip-off of Minix any more than a program compiled with a compiler running on Windows is a ripoff of Windows.

    Linux is not a rip-off of GNU either. GNU runs on Linux. That's why it's called GNU/Linux: it's the Linux kernel with the GNU userland. That's no different to, say, taking the OpenBSD kernel and packaging it up with the GNU userland. Or indeed, taking a Mac and installing the GNU userland.
  9. Re:Why? on Distributed Data Storage on a LAN? · · Score: 1

    > and a bunch of old PIIs running Lunix

    Lunix doesn't run on a PII. It only runs on machines like a Commodore 64.

  10. Re:Where were those G5 going?!? on Microsoft Fires Mac Fan For Blog Photo · · Score: 1

    Why they took it so 'personally'? There may be previous history with this employee (or former one) that we're not aware of.

    My former employer (who, I hastened to add, left on honorable terms when I moved somewhere where the company doesn't have an office), who only happened to be IBM, had a strict 'no cameras without permission' policy (and for good reason). There was at least one case of attempted industrial espionage at our relatively small IBM location.

  11. Re:whoopsie?? on LG CD-ROMs Destroyed by Mandrake 9.2 · · Score: 1

    Oh, for heaven's sake, the very name Slashdot should tell you that it's a *NIX oriented site, and not a Windows oriented site.

    If Slashdot was about Windows, it would be \. and not /. and the domain would be Backslashdot.org.

  12. Linux and OpenBSD user on Linux Users Try FreeBSD 5, Windows · · Score: 3, Interesting

    I've never used Free or NetBSD. In fact, I'd not used the BSDs at all (apart from SunOS 4.x which is BSD-derived) until recently. I've been using Linux since January 1992.

    What I felt about OpenBSD? Having heard of OpenBSD's security reputation, and the goodness of 'pf', I wanted to evaluate it to replace a CheckPoint FireWall 1 system (expensive software rental that MS can only dream of). I had already determined that OpenBSD will do all the things we currently do with CheckPoint.

    Installation - it felt like installing SLS or Slackware back in 1994. Now that's not all negative - I had OpenBSD installed and ready in minutes and all off a single CD. Deciding to investigate further features of OpenBSD, I started doing a desktop install - put X on first (and got X and fvwm95 - I'd forgotten how fast X is with a simple UI). I then decided to install KDE from ports as I was missing Konqueror too much.

    Evaluation: Ports is nice, but apt-get is better.
    KDE works pretty much like it does under Linux.
    Compiling stuff from source seems to all work the same way. Mostly you can find it in ports, but I've built a few other things too.

    Things I miss: Other than Debian's apt, I really miss the /proc filesystem and 'killall '. Also, the ability to run User Mode Linux (or in this case, it'd be User Mode OpenBSD).

    However, for the real eval, I was mostly looking at pf and altq.

    I think OpenBSD shines here. The syntax of pf rules in pf.conf is far clearer than Linux iptables. Also, altq (for queuing and traffic control) has much easier syntax than the Linux equivalent. I don't have to go diving for the FAQ - the manual page for pf.conf is clear, concise and understandable and makes constructing the pf.conf rules file a piece of cake.

    Generally, I'm impressed with OpenBSD, particularly having a compact default install which is very useful if you want something as a firewall or a server. Although I will stick with Linux (Debian for servers, RedHat for desktops), for firewalling, my future installations will be OpenBSD due to the ease of use and power of pf and altq.

  13. Re:There once was a little blue planet... on Electric Grid is a Vast Machine · · Score: 1

    There was no loss of life or injuries in the Three Mile Island accident (in fact, there was no release of radiation).

    The design of nuclear reactors is such that they won't blow up. They aren't the same as nuclear bombs.

  14. Re:What happens when it wakes up on Electric Grid is a Vast Machine · · Score: 1

    No, it won't be the telephone system.

    The first system that will become self-aware will be a SPAM filter. Think of how complex spam filters will need to become to stay effective. Then think of how terrible it will be when they become self-aware...having learned everything they know by reading gigabytes of spam!

  15. Re:Proof... on The State of Violent Gaming · · Score: 1

    No, it's after the endless sessions of playing endless Doom on the network that you and a friend are walking past a construction site, and see a 55-gallon oil drum.

    You look at each other, and you just know that both of you have just had the same idea and are really wishing for the shotgun right about now :-)

  16. Re:My prediction on Frontiers: A New Xlib Compatible Window System · · Score: 1

    It's likely to be the toolkit, not X11.

    I was using X11R6 in the days of 80486 systems - the underlying X11 hasn't changed since then (a few more extensions here and there). Change WM to fvwm, and X11 is lightning-fast for desktop use. Of course, then the desktop isn't very pretty. But it's blindingly fast.

    As for games, I happily play RTCW:ET with Xfree86 in 1600x1200 with a GeForce 4.

  17. That already exists. on SendMail CTO Sounds Off On Spam and FTC · · Score: 3, Informative

    That already exists.

    It's called the Distributed Checksum Clearinghouse (http://www.rhyolite.com/dcc). I use the DCC as part of my SpamAssassin configuration (sitewide, called by Exim) and around 85% of spam I receive is already listed in the DCC. The latest version (2.60) of SpamAssassin, plus the SBL plus the DCC works as a very effective shield. My JE (link in the sig) describes my recent experience with SA 2.60.

  18. Re:P2P is *horrible* for networks on Schools to Avoid: University of Florida · · Score: 1

    I have nothing against *reasonable* usage i.e. people maintaining a bit of self-control. If I had my druthers, the dorm networks would all get very high speed Internet access.

    But the leeches have to spoil it for everyone else. I have nothing against people gaming from the dorm rooms. True; no single user can max the pipe out, but a handful of leeches who are downloading music 24/7 can. If these people could excercise some self control and maybe limit themselves to a couple of mp3s a day, everyone would be happy (well, perhaps not the RIAA, but everyone else would be). Instead they have to get greedy.

    Is the Internet any fun when the addicted music downloaders are hammering the shared network resources so hard that you can't have fun playing games? Or surf the web? Or IRC? Or get the latest Debian updates or Red Hat ISOs? I'd argue that it is no longer fun at that point. If the dorm rooms are still to get really high speed access that the admins would prefer the users to have - policy decisions have to be made to enforce reasonable use.

    And that's without even getting into the matter of the percentage of P2P filesharing that is trading copyright material without the permission of the copyright holder.

  19. Re:P2P is *horrible* for networks on Schools to Avoid: University of Florida · · Score: 1

    Oh for crying out loud, what's the university network there for? Wholesale music copying or _academic uses_? They are LUSERS, not users.

    On a university network, music copying, playing games MUST take second place to academic uses. Increasing the pipe size to accomodate uses that the network is NOT there for just diverts money away from things like buying new computers for the university. If users download reasonable amounts of music, or only play games where it won't be stopping another student getting their coursework, fair game. But when the leeches just max out the pipe with a use that cannot even be vaguely justified as a proper use of the university network, the line has to be drawn. If you want to download music 24/7, buy your own sodding bandwidth.

    It IS for the network admins to decide. You are wrong. They are leeches. Having your big pipe maxed out for music copying is leeching. There's absolutely no need.

    If I was a taxi driver, it IS my fucking business where you want to go. If you want to go to Liverpool docks at 2am, sorry, I'm not taking you there. Similarly, if I'm running an _academic_ network it is my fucking business if you abuse that network for non-academic uses. A university network is not, never has been and never will be there for sharing commercial music. The only time a university network can legitimately be used for sharing music is where it involves the music faculty. And they have a perfectly good webserver for that, and don't need Kazaa.

  20. Re:The broken-ness of email on How to Kill Spam Without the State · · Score: 1

    That's the whole point of having a certificate revocation list - if spammers get a license and use their MTA to spam, their license gets suspended or revoked. Forgeries will be an extremely tiny problem with cryptographic digital signatures (a licensed MTA would add its digital signature to the headers of any message it sent - this is how other MTAs recognise it's licensed). To forge the certificate, the forger would have to steal the licensing authority's private key. And if that happens, the certificate revocation list will take care of it (and the licensing authority will have the embarrassment of having to issue new licenses for everyone it serves, so they are likely to keep their CA key very very secure).

  21. P2P is *horrible* for networks on Schools to Avoid: University of Florida · · Score: 5, Informative

    I disagree with scanning people's PCs.

    However, P2P sharing is the *worst* thing your network can be beset with. The leeches hog incredible amounts of bandwidth. Kazaa et al. are also very network hostile with measures to get around a sysadmin's attempt to shape traffic.

    It takes more and more admin time just blocking malware and P2P music sharing. The university network is there primarily for academic purposes, not wholesale music piracy.

    It's a frigging nightmare. If I were a University admin, my goal would be to not block ports or traffic because I want proper end-to-end connectivity. But then you get the cancer that is Kazaa which actively tries to evade your attempts at sharing traffic. The only route left for the admin is a strict anti-music sharing policy. If only the leeches could control themselves instead of getting not only their mouths in the trough, but their front trotters too, it wouldn't be such a big deal. But of course, they show no restraint.

    If I were a university admin, I'd make it very plain what the policy is when students get their connection. The policy would be no music sharing, no spam, no malware (if you want to share legitimate music, then you either put it on the music department's website or rent your own server). Anyone caught sharing music otherwise would have their account locked and would have to come to me for a bollocking. Three offences and it'd be disciplinary action.

  22. More like trailer parks and tornadoes on Closest Asteroid Yet Flies Past Earth · · Score: 1

    Trailer parks make up a very small percentage of the surface of Oklahoma. However, tornadoes manage to hit them very frequently. Perhaps meteorites hitting humans is a bit like tornadoes hitting trailer parks - humans exhibit some strange magnetism for meteorites...

  23. The broken-ness of email on How to Kill Spam Without the State · · Score: 5, Interesting

    We need more than this to stop spam. There's too many idiots about who'll buy spammer's products.

    I don't think SMTP itself is fundamentally broken - we just need some improvements to the administration.

    In the early days of road transport, drivers were unlicensed - anyone with the money could buy a car and drive it. As traffic built up, eventually this was no longer tenable. As email traffic builds up - lack of licensing for MTA operators is becoming untenable. My server has rejected over 1.2 *gigabytes* of malware in the last week (mostly Swen worms). SpamAssassin kills 80 spam messages a day in my mailbox alone - and still about 15 a day get through. The option of "doing nothing" about email is no longer viable. Schemes like "sender pays" are untenable too (and unfair - why should I pay yet another fee to use bandwidth I'm already paying for once?)

    What is really needed is a licensing scheme for people who operate MTAs, just like there is for amateur radio. In brief, here's an outline of what could be implemented. I know this will probably draw the ire of Slashdotters who think they should be able to just run an MTA on their cable modem connection with no qualifications - but this is *exactly* where the problem stems from: to be sure of not dropping too much 'ham' we have to accept SMTP connections from more or less anyone. And this means we get flooded with over a gigabyte of Swen worm traffic in a week.

    This list of requirements is by no means comprehensive - it's just a starting point for discussion.

    * If you want to run an MTA, you must be licensed to do so.
    * A licensed MTA operator may only relay mail from their own network or from other licensed MTA operators. In the case of a home user, this means they can only relay mail from their LAN. In the case of an ISP, from their own netblocks etc.
    * A licensed MTA operator may only receive mail from other licensed MTAs. This means you must reject email from the unlicensed (virus/spam spewing) MTA on adsl-192.14.5.6.pacbell.net.
    * A licensed MTA operator may only send mail to other licensed MTAs.

    MTA licensing can be based on digital certificates. The MTA oper's signature will appear in the header of the email.

    To obtain a license, the MTA operator would have to take an exam. The awarding and administering of licenses will be done by TLD. (A good idea would be that the licensing authority must not be the same company or subsidiary of the company that runs the TLD, so VeriSign is not allowed to be the licensing authority for .com/.net, and Nominet is not allowed to be the licensing authority for .uk, and Domicilium is not allowed to be the licensing authority for .im) There can be more than one licensing authority per TLD.

    The upshot of this is that if a licensed MTA operator passes spam or malware, they can have their license suspended or revoked, or fines levied. MTA operators at the ISP level will be *very* careful to ensure they don't harbour spammers because they'll lose their MTA license. They will be *very* careful they configure their system to not allow executable attachments, or at least scan them for malware. Small MTA operators will be *very* careful not to accidentally configure their mail server to be an open relay.

    To obtain an MTA license, an exam should be passed not for a specific MTA such as Exim or Sendmail, but general good practise in operating an email server, and general knowledge about internetworking - just like amateur radio licenses don't have exams on a specific model of ICOM radio. Additionally, the MTA operator must provide positive ID when applying for the license - this way, we make sure the MTA oper is accountable for what their MTA emits.

    Of course, an actual implemented system like this will be more complex than what's outlined in this posting. Of course, most Slashdotters will hate the idea expressed above - I wouldn't really like to have to take exams to keep running the mail server I already

  24. Re:Security versus usability on Changes in the Network Security Model? · · Score: 1

    Maybe VOIP is being rolled out incorrectly.

    If I were in charge of a VOIP rollout, I'd use IP-based phones (NOT software) and make the VOIP network physically separate, just like the old phone network was separate. Therefore, you'd have a separate firewall whose job is VOIP only and you don't have to open up your workstation network to a security nightmare.

    If people really insist on a computer-based VOIP system, a separate low-cost workstation can be used connected to the physically separate VOIP socket on the wall.

  25. High time for MTA licensing. on Anti-Spammers DDoSed Out Of Existence · · Score: 2, Insightful

    It's high time for MTA operator licensing.

    I think we need to implement a system where operators of MTA software need to be licensed, just like radio operators. The licensing should be open to anyone. The rules need to be:

    1. The licensee's MTA is only allowed to receive email from their own network to forward, and only receive email from other licensed MTAs from outside their network.
    This means that licensed MTAs will reject email from adsl-1-2-3-4.somebigisp.com, but will accept email from mail.somebigisp.com. A cryptographically signed list is distributed containing the list of MTAs that are licensed.
    2. If a licensed MTA operator's MTA is used to send spam or viruses, the MTA operator has their license suspended. Egregious violations can be punished by fines, or in extreme cases, imprisonment.
    3. ISPs (as opposed to an MTA run by an individual or a small company) would have to be licensed themselves to send email, and hire only licensed MTA operators to run the mail gateway. If an ISP is guilty of allowing spam or malware through their MTA, they can lose their MTA license, and in egregious cases, be fined.

    Licensing exams must relate to MTA operation best practise, rather than the specifics of operating a particular piece of MTA software. Licensees will be expected to learn how to properly configure and test their software before putting it online. Hopefully, the risk of a license suspension/revocation will provide ample incentive to ensure the MTA is configured correctly.

    Licensing rules would have to be agreed by international treaty. The licensing authority should probably be national governments, but could be the administrator of the DNS TLD for the full DNS name of the MTA in question.

    Effectively, licensing will be a big whitelist of mail server operators who have a minimum mandated level of clue, and a code of conduct enforced by the rule of law.

    In the early days of road vehicles, there were no drivers licenses. However, you'd have to be nuts to argue that driver's licenses (and most are internationally recognised) are a bad thing these days. The same really needs to go for mail servers - doing nothing at all is no longer an option. In the last 48 hours, Exim on my server has rejected just under 3000 instances of the Swen worm and SpamAssassin has canned 400 spam emails. Indications are that it will ONLY get worse. Rewriting SMTP won't help - we need proper rules about email, and proper remedies that can be applied (license revocations, fines, imprisonment) when people fail to follow those rules. With proper MTA licensing, ISPs will ensure they can properly identify all users and can so punish people who try and abuse their MTA, instead of just ignoring the problem like they do now. I'm beginning to wonder if email is worth it any more unless measures like this are put in place.

    In the short term, ISPs can help by blocking all outbound port 25 access apart from their mail gateway. Slashbot whiners who don't like this can stump up for a business broadband account and a static IP if they really must run their own MTA.