I can't believe I"m actually going to respond to this. It must be a character flaw.
That's probably because they don't. The checking MTA decides what subdomain (or whatever) it wants to use to flag a returning spamcheck.
Ok...I went back and re-read it. The only one recognizing the @spamtest was the host that originally used it, so ok, I see what you're saying.
True, but better that than deciding that every dynamic IP address in the world needs blocking. Also, better that than bogging down your server doing further spam and virus scans on mail you're going to throw away anyhow.
Yes, it's better than blocking all dynamic addresses, but just because it's better than a really stupid idea doesn't make it a good idea. Also, my servers easily handle the load of parsing and scanning incoming email. Doubling (or possibly tripling) the number of sockets in use for every message would not be as easy to manage. (sender -> me, me -> sender mx, sender mx -> me)
Firstly, if you had half a brain...
Hrm. Skirting the edges of personal attacks there. Running out of logical responses already?
As for the rest, "queuing those"? Queuing what? The messages to verify the sender's return address? You can't possibly mean that, considering your design. The incoming mail? You can't effectively rate-limit incoming mail in regards to the socket connections impact on your mailserver. It might help the remote box but you're still dealing with all those connections.
Oh...and your comment about too many recipients is only valid if they're actually sending one message to thousands of recipients instead of thousands ofmessages to one recipient each.
your server can't connect to any of their MXes, responds 550 I cannot find a way to return your message; or
your server connects to over.here's MX, which doesn't know someone, so you respond 550 your domain is disowning you; and
You're right, I don't see a problem with this at all. If all of your MXes are out, the occasional bounced (not lost) mail is the least of your worries.
I respectfully disagree. Lets say you have 3 MXs for domain spamproof.com. As long as the primary one where delivery/actually/ happens is available, everything works fine.
Primary MX goes down
user@spamproof.com sends an email to john@somedomain.org
somedomain.org connects back to spamproof.com and discovers the primary MX is down.
somedomain.org connects to the secondary MX, oops, I don't know if the user is valid or not.
1) Reject. It's unknown to me.
2) Accept and let the primary mx decide when it comes back online
OR, you have all mx's down:
user@downmx.com sends mail to support@mta.com
mta.com tries to connect to downmx.com to verify and fails.
mta.com bounces the message, which of course double bounces cause the remote end can't be reached, thus the user never receives anything to indicate his message went undelivered.
ame goes for all the users on that network who are unaware that the MXs are down and are still mailing business contacts, associates, etc
That's a major problem imo. Obviously, you don't care that much about the integrity of the email system, but a lot of us do. Just because a change might help accomplish a particular goal to some small extent doesn't make it a good idea. You have to look at the side effects. If I have a headache, blowing my brains out would certainly make it go away, but it's definately not going to improve my overall condition.
Ok. Your quoted piece only defines the mailloop. There's nothing in your original post to indicate that one or the other is supposed to see spamtest as a special string and handle it differently.
First problem, it means nobody can use spamtest as a subdomain. Granted, it's a minor one, but I don't like the precedent.
Second problem, the mailserver has to maintain a set of open connections and track what addresses its using for recognizing return checks.
Third problem. EvilSpammer sends a truckload of spam forged from domain Ipissoffspammers.com. Your mailserver opens a ton of return connections for every one of them as it tries to id each message and fails.
This abuse uses up your available sockets, loads down your mailserver, and not one, but two servers get pounded. You might as well be an open relay.
your server can't connect to any of their MXes, responds 550 I cannot find a way to return your message;
And you don't see a problem with this? So if the external mail exchanges for your domain are down, nobody will receive mail from you? That's A Bad Thing(tm)
This isn't a panacea, it will just force the spammers to use entirely real addresses (although maybe not their own) in their email, but not interfere much with genuine email.
I find this a distasteful outcome. It may irritate me to no end to have to deal with double bounce messages all day as the mail admin, but I'd much rather it be me than have my users dealing with truckloads of failure messages for spam that failed to deliver forged from their real address.
I'm not sure how you can define 150 failed mail messages mixed in with a users real email "not interering with genuine email".
That is, at the "MAIL FROM:" stage, my email server goes through most of the steps involved in sending a reply email back, to wit, finding a willing MX server, connecting to port 25 on it, falling back etc as you would normally do to send a reply, but do something like "MAIL FROM:id.3141592763@spamtest.mydomain.dom" when it came time to ID the sender. This will allow you to give positive responses to the other end if they in turn perform a similar check on you.
A nice idea in theory. But right off the bat it requires the remote system to be willing to give up email addresses to some unknown connecting host. No thanks. I specifically don't support EXPN for a reason, it's a good way to help spammers validate their addresses.
Next, lets consider the proccess.
A.MX connects to B.MX to send mail B.MX connects to C.MX to verify A@C.MX C.MX connects to B.MX to verify the verifier B.MX connects to C.MX to verify the verifier C.MX connects to B.MX to verify the verifier ... ack!
Obviously, there are some possible methods to
avoid the looping, but they get pretty complex
if you want to avoid spoofing. None of them are
particularly efficient, and all will raise the
workload of all mailservers and network traffic
significantly.
And what happens when the mailserver is down? What happens when spammers discover they can just cycle through lists of possible email addresses at all the various mailservers looking for valid ones and start pounding your mailserver? Ooops, well, lets turn off this verify thing....uhoh, now none of our going mail is being accepted.
Further, some mailservers don't have any idea what users are valid. An example, a lot of companies setup internal exchange server networks and have external SMTP gateways that simply accept and relay mail to the appropriate internal exchange servers. Now these servers *have* to be configured to do some type of user checking.
What happens when the MX is down? The SMTP might've come from a valid user, but you can't connect because of some network/power/server outage. Now you're wrongly refusing mail and it's getting lost.
You're missing the point. Postfix does NOT do this today. This is talking about the receiving end asking your server which domains are allowed to send mail for your domain.
This is really important, as I have the constant problem of people using one of my domains to send spam, creating made-up usernames and sending spam from tons of different providers.
So then I get the spam complaints, and I get all the Mailer Daemon messages. It's a real pain in the ass. If people couldn't
claim to be sending from a domain unless that domain had okayed the mailserver they were using this would not be a problem.
It is -incredibly- effective against blocking spam, but the problem is that many ISPs and company just don't have properly configured mail servers
I'd have to check the RFCs, but I think this is a somewhat stretched view. While it may not be semantically correct, I fail to see a huge problem with an isp's a.mx.domain.tld mailserver being listed as the MX for all the other domains they manage w/out setting a specific a.mx.customerdomain.tld record. It was a nice dream originally, but isn't all that practical today. I mean, originally, you were supposed to have a matching forward and reverse lookup record for your mailserver to send mail as well. Lets consider how well that would work if we required it today with our limited availability of IP addresses.
A WAN interface is an interface that connects you to a larger routed network. Traditionally, that's your nailed up line (T-1/leased-line/Frame connection/etc).
A WAN port is an open slot, usually on a router or similar appliance, that you can use to insert a card for handling a connection as above.
As others have indicated, this could potentially be used for your DSL connection by just putting an ethernet card in it. However the article seems to indicate that this is a USB port, and 1.1 at that, so they're probably right that it's better suited to connecting to a wireless LAN. Though that hardly makes it a WAN port.
Hrm. For some reason I think I knew this was out there, but oddly enough I'd never read it.
I did now. And I have to say, while I'm sure the author means well, his FAQ is pretty much worthless. I'm sure he believes everything in there, and to some extent it probably reflects his experience, but that hardly makes it "right".
The problem libertarinism has is the people who make it up. Like most parties, they have a core, and then they have a fringe. Only in the libertarian party, there are actually more (and generally more visible) people on the fringe than at their core.
So the people you meet and see, and who generally represent 'libertarians' in your mind, do not reflect the core. Nor do their views necessarily coincide with it.
Libertarians is not Anarchism, Objectivism, Capitalism or Anarcho-Capitalism, yet the people who follow those doctrines see libertarianism as the closest electable (i use that term loosely) option for them. Same for some single-issue people who see libertarians as the only ones willing to do things like eliminate the drug war.
So you meet people who proselytize for libertarianism, but who when explaining their position on things take an anarcho-capitalist viewpoint and you get the wrong idea of what libertarianism is. Unfortunately, some of those fractured groups actually have/party/ representation as well, which makes the party itself splintered and divided on the inside. These things keep them from being able to be successful.
Things like this FAQ don't help. It hits the actual principles of libertarianism in only a couple places, and does a lot of responding to lame arguments that the supports who probably understand what they think they believe the least.
That's like saying that linux sucks by responding to some AC on/. posting that "everyone should run redhat because MS is the antichrist, and its board of directors makes up the entirety of the illuminati and controls all the world governments. Use linux for freedom!" or whatever. That guy would hardly represent linux, and sure as hell isn't doing it well.
Myself, I'm a classical liberal. I don't particularly like libertarians because of what I listed above. But they are currently our best hope, IF and ONLY IF the core gets big enough that the all those other philosophies get pushed down enough to actually be the fringe. But as it stands, they look to be taking over the party. Which leaves us with liberals, moderates, and nobody actually defending our freedom, because the only party with a real chance of doing good for us is being torn down from within.
well, majority rules in a democracy. 25 to 1, we win.
Argh. This is not a democracy!
And honestly, how can you read your own post and not see exactly why it's not a democracy?
"A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury. From that moment on the majority always votes for the candidates promising the most money from the public treasury, with the result that a democracy always collapses over loose fiscal policy followed by a dictatorship." --Alexander Tyler
Sadly enough, a republic has the same weakness. It just takes longer.
Apparently you don't understand most firewalls. If your computer makes a connection first, any incoming traffic from the site is allowed regardless of which port it responds.
s/most firewalls/lame firewalls/
No firewall worth its salt allows all connections from a remote computer regardless of port just because you connected to it.
What it allows is that once you make a connection, it allows for two way communication that's part of THAT session. Not regardless of port. This is why certain protocols like FTP (in active mode) have to have special rules to handle what's called "related" traffic. FTP tries to make a connection from the server back to the client on a different port and the firewall has to be told that's related or it will block it if 21 is blocked by default.
This post is the epitome of why Linux is failing on the desktop!
A very eloquent post, but you completely missed the point.
You STILL assume that there is some goal for Linux to take over pervasive use and that we expect that to happen. You STILL are arguing from the POV that we should CARE if linux is in widespread use on the desktop.
Guess what, many (most?) of us don't! We couldn't care less. Linux was not created to replace windows. It was created to do the things that people like us (geeks) want to do which windows does not allow for. It was created because it was fun!
Well get over yourselves.
How about you people with your crusade to eradicate windows from the world get over yourselves. I don't care/how/ pervasive linux gets on the desktop, some people will STILL use windows. And mac, and bsd, and beos, and, and and.
Oops, there goes that "choice" again. That evil word. How in the world can we expect people to get anything done in a world full of choices!
I don't care that people expect to turn their computer on and get work done. That's great. They should pick a system that lets the get that work done, learn it, and use it. If it doesn't meet your needs, fine, get one that does.
This whole 'we need to commoditize linux so that it gets widespread use' is stupid. The whole reason most of us started using linux is that it/wasn't/ a homogenized operating system. You had real choices. And I gotta tell you, the arguments I'm seeing are that you want to be able to sit down anywhere and say oh, it's linux, and have it work.
Well guess what. Until you/prevent/ people from customizing their systems and using "non-standard" guis and such that's never going to be the case. Cause people/will/ change it.
Query: So now what do floppy/firewall/etc based distributions do? What about minimal distributions?
And I have to ask, what is the difference between learning a new interface jumping from windows to linux, and learning one jumping from one linux distro to another? If the first can be done, why not the second? It's not like the distributions change the interface on every boot or anything.
Point being what? Are you just contradicting him for the sake of it, or actually suggesting those changes require taking a new test?
So...if microsoft change the color of the background screen and re-arranged the buttons on the login page do you think that those changes should constitute a need to retake the MCSE exam?
(Yes, this analogy is broken, since indeed most MCSE's would be completely lost and need retraining if such happened, but you get my point I'm sure.)
Frankly, if I were a policeman under such conditions, I would give up my badge; I would not be party to gratuitious abrogation of the rights of others... THEIR loss of rights is MY loss of rights. This might come as a surprise to some Slashdotters, but virtually all the cops I've ever known were able to make that intellectual leap.
This, of course, assumes they'd notice that's what was going on. I don't have any problem believing that people would take this course of action were they thrown into it suddenly.
Unfortunately for us, it's a grandually occuring thing. Officers get asked inremental bites to infringe on us more and more, and guess what, they do. Because it's just a little thing, but put it all together and it's not.
We're at this point today. Police infringe on our freedom and liberty on a daily basis, and I don't hear about many of them turning in their badge over it.
Some of them prefer to try and be a 'good cop' and I applaud that, I think at this stage of the game it's probably the best course of action. But I know what kind of crap they have to put up with for doing the right thing. I'm sure many of them probably lose their job over it, since to their superiors they aren't doing their job satisfactorily. But the fact remainst that it's nowhere near 'most cops'. 'Most cops' like to think highly of themselves in that fashion, but then they think to themselves that the scenario is one of going around arresting people because of their nationality...oops, they do that already, better come up with something more extreme.
Want a specific example in the drug area? How about Dallas, where we have recently discovered a lot of people in jail because cops were planting fake drugs at the scene and then arresting them. They'd then be tried and imprisoned.
He's a self-proclaimed "gun nut," but why does that worry anyone? He's never used a weapon on anyone that I'm aware of, and until he shows a proclivity towards unjustifiable lethal violence, it's difficult to justify any sort of sanction.
Bruce Perens was certainly concerned when he posted this
Ooooh, appeal to authority. There's a justifiable reason for prior restraint if I ever heard one.
You have a document that says you have them - nice.
No. We have a document that RECOGNIZES we have them. That's the crucial difference. Whether you believe they are 'natural' or not is completely irrelevant. You can believe they don't, and you can believe the sun revolves around the earth. I don't care, and it doesn't affect reality in the least.
There are certain rights that all people have purely by virtue of their existance. They just "make sense". Our declaration recognizes them as granted 'by God' because the concepts stem from Christian/Jewish history if you go far enough up the thread.
Your lack of belief doesn't alter the fact that the constitution doesn't guarantee our rights. It recognizes them, and it's a critical difference. If the rights we hold are granted to us by our govt, then they have the power to alter or retract them.
If instead, as our constitution says, they are ours to begin with, and that we have consented to be governed by a group we elect, and that that group is restricted by this contract we have with them as to what powers they can excercise, then they cannot do that.
They may pass laws to the contrary. And they might enforce them with the weapons they hold, but they will not be constitutional.
"governments are instituted among men, deriving their just powers from the consent of the governed"
I like this bit - but (to quote Mao) "power flows from the barrel of a gun".
How do you propose to stop a government intent on doing what it wants:
"is the right of the people to alter or to abolish it, and to institute new government,"
- put your (applicable to 300M out of 6G)consitution in front of them and hope they play by the "rules"
Yes. It does. And this is part of why the restrictions this country has allowed our govt to put on us in regards to firearms ownership is such a bad thing.
It's also the reason that the second amendment is there in the first place, despite what some people think:
"Guard with jealous attention the public liberty. Suspect everyone who approaches that jewel
Unfortunately, nothing will preserve it but
downright force. Whenever you give up that
force, you are inevitably ruined."
--Patrick Henry
"What country before ever existed a century
and a half without a rebellion?... The tree
of liberty must be refreshed from time to time
with the blood of patriots and tyrants."
--Thomas Jefferson, 1787
"No free man shall ever be debarred the use of arms. The strongest reason for the people to
retain the right to keep and bear arms is, as a
last resort, to protect themselves against
tyranny in government."
--Thomas Jefferson
How do I propose to stop them? Well, yes, the first and best choice is to use the constitution. But as you so astutely noticed, it's just a piece of paper. A contract, and if the govt has no desire to honor its contract then it falls to the people at whose behest they govern to overthrow that government and re-establish a free nation.
To our founding fathers, the need for this was a forgone conclusion. They understood the tendency of men, power, and government. Eventually, rebellion would be necessary. Whether or not men will rise to the need at such a point is a debateable matter, and indeed some would say that point is long past. Some would even say that point came and the rebellion was quashed. Some say it is too late now. I have hope...only a very small amount...but still some hope...that that day might yet come. Though I reserve my greatest hope for the possibility of founding a new american nation once space travel and interstellar settlement becomes a reality. And the fact that I find that a more stable and likely hope than our country ever righting itself out to tell you how small that hope is.;-)
The middle road is where we really are. Those who care about old fashioned concepts like liberty, freedom (true freedom, not "freedom fries" freedom), personal responsibili
So many people with their own twisted view of american history. Hooray for public schooling.
An AC has already posted an adequate response to your revisionist history, so I won't bother to repeat him or his links here.
Why is it that so many people feel they have to twist history to fit their own ends and agenda? Wouldn't it be better (on both sides) to just read the facts and try to/learn/ something from our history? Why do people feel the need to try to characterize the "founding fathers" as either some sort of fanatically devoted priesthood with aims of a theocracy? Why does most of the remaining population feel the need to try and characterize them as being as far from that as possible, latching onto any comment or comprimise they might have made as evidence they had no Christian leanings at all?
If you read our history objectively, it's not hard at all to understand how our system of government came to be. The influences on those who framed it are pretty well known. Read the books they read at the time, the people and concepts they referred to.
We aren't a theocracy. This country was also not created out of some desire to protect everyone from any exposure to religion whatsoever. The first amendment is exactly what it says. The central government cannot form a 'national church' and make people join it and worship their laws. This is the protection we have. It was never intended to prevent our government officials from participating in any particular church. Or to prevent them from taking those views into account when making decisions that affect this country. Indeed, if that were the case, NOBODY could lead this country, as we ALL come to any particular problem with a perspective colored by the things we believe. (Including those of you who believe nothing. Yes, your views are colored by that too.)
I read elsewhere that the ten commandments are bad because anyone seeing them who isn't a christian would feel behind the 8 ball. Why? The 10 commandments are a foundation of law. They codify what some would call natural law. It is not the law people who come before the courts are judged by. Indeed, even Jews/Christians are unable to keep that law. (Which, if you are familiar with Christian theology, is the whole point of Grace in the first place.)
Nobody comes before the bench and has the prosecutor or the judge tell them they're guilty or not guilty based on the contents of the holy scriptures. No prosecuting attorney quotes references to scripture when making legal points in your case. No, they refer to the US and State laws which apply to your case. Because THAT is what you are being judged by, regardless of any plaques hanging on the walls, or statues sitting in the courthouse.
I heard today that some woman is in Fort Worth is upset and suing the city because they put a panther statue up. She feels it represents paganism and is offended by its religious connotations. GIVE ME A FREAKING BREAK! It's just a freaking statue! It's means something to some of the people who live in fort worth, and reflects a part of their history. They aren't WORSHIPPING it.
Same goes for the 10 commandments. AFAIK, no defendants have been marched before it and forced to read and accept it. No-one has been told if they don't believe and live the contents they'll not get a fair trial, or that they'll lose their citizenship.
These types of displays have been around for FOREVER. Hell, iirc, the 10 commandments were hanging on the wall of the supreme court when they ruled on Roe v. Wade, and wonder of wonders, they ruled against Christianity. I'm so SHOCKED, SHOCKED I tell you, that it didn't exert its horrible mind-control powers over those judges and force them to rule differently.
I think people are addicted to strife. And there's just not enough big fights to go around anymore, so they go picking on stupid things like statues, plaques, flags, and other meaningless crap..(Take a look at some of the absolut
I think XFree has been lacking a lot of things for a long time, like true alpha blending between windows and such
I disagree. This is not, or rather imo it should not be, a high priority. It's very pretty, but not exactly XFree's biggest problem. They need to solve the issues surrounding configuring X, and handling various input devices. They need to move it to a halfway usable build system. They need to stop forcing me to build and install a driver for every video card in the world even though I rarely even have more than 2 or 3 video cards in any one box. And most people only have one.
It needs to stop accessing hardware directly and work to play nice with the kernel. We can worry about alpha blending and such later.
While I'm not against going out on a limb and doing something innovative, I just wonder if it would have been better to try and accomplish this within the project that currently exists?
Well, maybe because the XFree team isn't interested in anything except improving graphics drivers? I mean, I love X, I think it's a great concept, but XFree86 needs improvement. Not necessarily in overal concept, but in implementation. Lots of cleanup and rewrite work to be done that could make X a lot better than it already is.
But if nobody in the core team is interested in any of that, then you have no choice but to try other methods of getting it accomplished. However, I'm disappointed that I don't see any of the X developers I"d expect to see listed on the project page. It makes me hesitant to jump on this thing as a great move. Regardless, I don't think it's a bad move, but it's not the fork I've been waiting to see. I guess we'll have to see how things play out.
I'm encouraged by their choice of repositories though. It'll be good to see how Arch works for them. I anticipate they'll be very happy with it.
But I'm thinking no. I like their ingenuity, and I think they're on the right track, but my initial assessment is no way.
Just to boil it down to the way I see it. If I buy a T-1 line for 400$/mo, and I offer it to 20 people in my neighborhood for 20$/mo, I still pay 200$/mo for the service. I mean, sure, I could limit it to just the first 10 people, or drop the price to 10$/mo to cover 20 people, but I'm not going to pay through the nose for half a T-1 when I'm not realistically going to get to use half the bandwidth. More than that, I'm sure as hell not going to offer it at a cost/person rate that's going to make/them/ a profit while continuing to cost me the same amount of money.
If they REALLY want to see this succeed, they should make it a profit sharing venture. Here's how I'd do it.
You can sign up as many people as you want, similar pricing options.
The usage can't go above a certain percentage of the line. (85%?) If it does, you have to upgrade or stop taking on customers. (This way their reputation doesn't get harmed.)
The total of what they contribute goes against your bill and you pay the balance if any.
If the amount exceeds the amount of the bill, you get a kickback. This doesn't have to be much. Say, 5-10% max.
I'd also have an incentive program. If your share is popular, and used by lots of people, they consider bringing you on as a paid employee/partnership business or something. Or maybe they give you a discounted rate on the line. (more important for adding customers than anything else)
Yes.
Scenario: 500 *nix servers, team of 10 administrators.
Solution 1:
Each user gets a login created on each machine,
and then they login, create an ssh key, and
distribute the public key to all other machines.
Later, when that person leaves, all those keys and all those user accounts get deleted.
(Given, you could use NIS/LDAP/etc to try and alleviate the user-account side of the issue. But you didn't mention that as part of your RSA solution, and note that each of these solutions has potential inherent security problems.)
Solution 2:
Setup kerberos. Authenticate all users for all machines securely from one location. Add and
delete user accounts from one location.
That's not how it works. With the system he was talking about if you don't have a valid caller-id setting a machine at the phone company answers and asks for your name/etc kinda like a collect call. The phone company then calls you (which shows up under privacy manager or whatever) and replays whatever was said and you decide if you want to connect the call or hang up.
It's a truly great service, because if they don't say anything or hang up before the initial part completes you don't get a call at all. Which happens quite frequently. However, those people you/want/ to talk to can still get through.
Possibly for the same reason I tend to use linux over *BSD most of the time. Whether it's true or not today, at the time that I was making my decision on which to get involved with the *BSD folks seemed to be very exclusive about who they let into their little club. Sure, anyone can use it, but they were really exclusive about contributions.
I can't say as I was one who made that particular argument, as I never really cared about macs much. They were another platform, like amiga, and if they wanted to go their own way that was cool.
However, I did put up protests about Windows, particularly as 3.1 became more and more popular. Not because it was more accessible to people, but because it was such a pain in the ass to use. It was horribly unreliable, and I could do things 10 times faster at the commandline than I could trying to work with that horrible interface.
Guess what, I still feel that way today. There are very few applications where GUI is faster and better. The primary one being web browsing. And really, even that's just fine in text mode, assuming you don't have stupid sites and you have your mouse working in your terminal window.
Does that mean you can't have your beloved mac? Hell no. It just means I don't care for it.
As for will Lindows be the next big thing? Could be. But I predict it faces a rough future. Apple is really coming around. OS-X is (fwict) a solid product and only getting better. Their support model is also improving, and as more users switch, the breadth of supported apps and hardware can only get better.
This will give lindows a rough time in its target market, but considering that the pricing model of Apple is still fairly high, I think there's plenty of room for both of them to compete, at least for the time being.
What scares me is that if lindows is widely deployed you'll have a bunch of users with the same security problems windows has. And they'll have relatively uniform setups which will make at least that distribution of linux a tempting target for the various virus/worm/trojan horse writers out there.
I know for a fact that this isn't true. I get bounces from my mail domain from spammers trying permutations of addresses all the time. Removing -'s, removing 'spam' from the address, etc.
An excellent point. Worse, users aren't
exactly careful about who they trust when
it comes to computers.
Scenario:
User opens email
User clicks attachment
Window pops up:
<blink>WARNING<>
This code has not been signed (or is signed by an unknown publisher) Click OK in this box could transmit a virus, destroy your hard drive, subvert your nations economy, summon flesh eating aliens and damn us all to eternal hell.
User clicks Ok
Yes, checking signatures on code you execute is a
good thing, but there are specifics to be concerned about in an implementation. How to you guarantee the signature? Obviously, some sort of authentication, and method of checking the signiture against, perhaps, a public key is needed. And to handle that you need a web of trust that's workable. But none of that matters a whit if users aren't careful about the trust, and don't investigate. Nor is it worth a darn if they ignore warnings. These problems (aka user education, and poorly designed secure systems) have to be taken care of before any of this will be useful.
Slashdot Mirror
That's probably because they don't. The checking MTA decides what subdomain (or whatever) it wants to use to flag a returning spamcheck.
Ok...I went back and re-read it. The only one recognizing the @spamtest was the host that originally used it, so ok, I see what you're saying.
True, but better that than deciding that every dynamic IP address in the world needs blocking. Also, better that than bogging down your server doing further spam and virus scans on mail you're going to throw away anyhow.
Yes, it's better than blocking all dynamic addresses, but just because it's better than a really stupid idea doesn't make it a good idea. Also, my servers easily handle the load of parsing and scanning incoming email. Doubling (or possibly tripling) the number of sockets in use for every message would not be as easy to manage. (sender -> me, me -> sender mx, sender mx -> me)
Firstly, if you had half a brain...
Hrm. Skirting the edges of personal attacks there. Running out of logical responses already?
As for the rest, "queuing those"? Queuing what? The messages to verify the sender's return address? You can't possibly mean that, considering your design. The incoming mail? You can't effectively rate-limit incoming mail in regards to the socket connections impact on your mailserver. It might help the remote box but you're still dealing with all those connections.
Oh...and your comment about too many recipients is only valid if they're actually sending one message to thousands of recipients instead of thousands ofmessages to one recipient each.
your server can't connect to any of their MXes, responds 550 I cannot find a way to return your message; or
your server connects to over.here's MX, which doesn't know someone, so you respond 550 your domain is disowning you; and
You're right, I don't see a problem with this at all. If all of your MXes are out, the occasional bounced (not lost) mail is the least of your worries.
I respectfully disagree. Lets say you have 3 MXs for domain spamproof.com. As long as the primary one where delivery /actually/ happens is available, everything works fine.
OR, you have all mx's down:
ame goes for all the users on that network who are unaware that the MXs are down and are still mailing business contacts, associates, etc
That's a major problem imo. Obviously, you don't care that much about the integrity of the email system, but a lot of us do. Just because a change might help accomplish a particular goal to some small extent doesn't make it a good idea. You have to look at the side effects. If I have a headache, blowing my brains out would certainly make it go away, but it's definately not going to improve my overall condition.
First problem, it means nobody can use spamtest as a subdomain. Granted, it's a minor one, but I don't like the precedent.
Second problem, the mailserver has to maintain a set of open connections and track what addresses its using for recognizing return checks.
Third problem. EvilSpammer sends a truckload of spam forged from domain Ipissoffspammers.com. Your mailserver opens a ton of return connections for every one of them as it tries to id each message and fails.
This abuse uses up your available sockets, loads down your mailserver, and not one, but two servers get pounded. You might as well be an open relay.
your server can't connect to any of their MXes, responds 550 I cannot find a way to return your message;
And you don't see a problem with this? So if the external mail exchanges for your domain are down, nobody will receive mail from you? That's A Bad Thing(tm)
This isn't a panacea, it will just force the spammers to use entirely real addresses (although maybe not their own) in their email, but not interfere much with genuine email.
I find this a distasteful outcome. It may irritate me to no end to have to deal with double bounce messages all day as the mail admin, but I'd much rather it be me than have my users dealing with truckloads of failure messages for spam that failed to deliver forged from their real address.
I'm not sure how you can define 150 failed mail messages mixed in with a users real email "not interering with genuine email".
A nice idea in theory. But right off the bat it requires the remote system to be willing to give up email addresses to some unknown connecting host. No thanks. I specifically don't support EXPN for a reason, it's a good way to help spammers validate their addresses.
Next, lets consider the proccess.
Obviously, there are some possible methods to avoid the looping, but they get pretty complex if you want to avoid spoofing. None of them are particularly efficient, and all will raise the workload of all mailservers and network traffic significantly.
And what happens when the mailserver is down? What happens when spammers discover they can just cycle through lists of possible email addresses at all the various mailservers looking for valid ones and start pounding your mailserver? Ooops, well, lets turn off this verify thing....uhoh, now none of our going mail is being accepted.
Further, some mailservers don't have any idea what users are valid. An example, a lot of companies setup internal exchange server networks and have external SMTP gateways that simply accept and relay mail to the appropriate internal exchange servers. Now these servers *have* to be configured to do some type of user checking.
What happens when the MX is down? The SMTP might've come from a valid user, but you can't connect because of some network/power/server outage. Now you're wrongly refusing mail and it's getting lost.
This is really important, as I have the constant problem of people using one of my domains to send spam, creating made-up usernames and sending spam from tons of different providers.
So then I get the spam complaints, and I get all the Mailer Daemon messages. It's a real pain in the ass. If people couldn't claim to be sending from a domain unless that domain had okayed the mailserver they were using this would not be a problem.
It is -incredibly- effective against blocking spam, but the problem is that many ISPs and company just don't have properly configured mail servers
I'd have to check the RFCs, but I think this is a somewhat stretched view. While it may not be semantically correct, I fail to see a huge problem with an isp's a.mx.domain.tld mailserver being listed as the MX for all the other domains they manage w/out setting a specific a.mx.customerdomain.tld record. It was a nice dream originally, but isn't all that practical today. I mean, originally, you were supposed to have a matching forward and reverse lookup record for your mailserver to send mail as well. Lets consider how well that would work if we required it today with our limited availability of IP addresses.
A WAN interface is an interface that connects you to a larger routed network. Traditionally, that's your nailed up line (T-1/leased-line/Frame connection/etc). A WAN port is an open slot, usually on a router or similar appliance, that you can use to insert a card for handling a connection as above. As others have indicated, this could potentially be used for your DSL connection by just putting an ethernet card in it. However the article seems to indicate that this is a USB port, and 1.1 at that, so they're probably right that it's better suited to connecting to a wireless LAN. Though that hardly makes it a WAN port.
Hrm. For some reason I think I knew this was out there, but oddly enough I'd never read it.
/party/ representation as well, which makes the party itself splintered and divided on the inside. These things keep them from being able to be successful.
/. posting that "everyone should run redhat because MS is the antichrist, and its board of directors makes up the entirety of the illuminati and controls all the world governments. Use linux for freedom!" or whatever. That guy would hardly represent linux, and sure as hell isn't doing it well.
I did now. And I have to say, while I'm sure the author means well, his FAQ is pretty much worthless. I'm sure he believes everything in there, and to some extent it probably reflects his experience, but that hardly makes it "right".
The problem libertarinism has is the people who make it up. Like most parties, they have a core, and then they have a fringe. Only in the libertarian party, there are actually more (and generally more visible) people on the fringe than at their core.
So the people you meet and see, and who generally represent 'libertarians' in your mind, do not reflect the core. Nor do their views necessarily coincide with it.
Libertarians is not Anarchism, Objectivism, Capitalism or Anarcho-Capitalism, yet the people who follow those doctrines see libertarianism as the closest electable (i use that term loosely) option for them. Same for some single-issue people who see libertarians as the only ones willing to do things like eliminate the drug war.
So you meet people who proselytize for libertarianism, but who when explaining their position on things take an anarcho-capitalist viewpoint and you get the wrong idea of what libertarianism is. Unfortunately, some of those fractured groups actually have
Things like this FAQ don't help. It hits the actual principles of libertarianism in only a couple places, and does a lot of responding to lame arguments that the supports who probably understand what they think they believe the least.
That's like saying that linux sucks by responding to some AC on
Myself, I'm a classical liberal. I don't particularly like libertarians because of what I listed above. But they are currently our best hope, IF and ONLY IF the core gets big enough that the all those other philosophies get pushed down enough to actually be the fringe. But as it stands, they look to be taking over the party. Which leaves us with liberals, moderates, and nobody actually defending our freedom, because the only party with a real chance of doing good for us is being torn down from within.
Cute.
Argh. This is not a democracy!
And honestly, how can you read your own post and not see exactly why it's not a democracy?
"A democracy cannot exist as a permanent form of government. It can only exist until the voters discover that they can vote themselves money from the public treasury. From that moment on the majority always votes for the candidates promising the most money from the public treasury, with the result that a democracy always collapses over loose fiscal policy followed by a dictatorship." --Alexander Tyler
Sadly enough, a republic has the same weakness. It just takes longer.
s/most firewalls/lame firewalls/
No firewall worth its salt allows all connections from a remote computer regardless of port just because you connected to it.
What it allows is that once you make a connection, it allows for two way communication that's part of THAT session. Not regardless of port. This is why certain protocols like FTP (in active mode) have to have special rules to handle what's called "related" traffic. FTP tries to make a connection from the server back to the client on a different port and the firewall has to be told that's related or it will block it if 21 is blocked by default.
The command line.
A very eloquent post, but you completely missed the point.
You STILL assume that there is some goal for Linux to take over pervasive use and that we expect that to happen. You STILL are arguing from the POV that we should CARE if linux is in widespread use on the desktop.
Guess what, many (most?) of us don't! We couldn't care less. Linux was not created to replace windows. It was created to do the things that people like us (geeks) want to do which windows does not allow for. It was created because it was fun!
Well get over yourselves.
How about you people with your crusade to eradicate windows from the world get over yourselves. I don't care /how/ pervasive linux gets on the desktop, some people will STILL use windows. And mac, and bsd, and beos, and, and and.
Oops, there goes that "choice" again. That evil word. How in the world can we expect people to get anything done in a world full of choices!
I don't care that people expect to turn their computer on and get work done. That's great. They should pick a system that lets the get that work done, learn it, and use it. If it doesn't meet your needs, fine, get one that does.
This whole 'we need to commoditize linux so that it gets widespread use' is stupid. The whole reason most of us started using linux is that it /wasn't/ a homogenized operating system. You had real choices. And I gotta tell you, the arguments I'm seeing are that you want to be able to sit down anywhere and say oh, it's linux, and have it work.
Well guess what. Until you /prevent/ people from customizing their systems and using "non-standard" guis and such that's never going to be the case. Cause people /will/ change it.
Query: So now what do floppy/firewall/etc based distributions do? What about minimal distributions?
And I have to ask, what is the difference between learning a new interface jumping from windows to linux, and learning one jumping from one linux distro to another? If the first can be done, why not the second? It's not like the distributions change the interface on every boot or anything.
So...if microsoft change the color of the background screen and re-arranged the buttons on the login page do you think that those changes should constitute a need to retake the MCSE exam?
(Yes, this analogy is broken, since indeed most MCSE's would be completely lost and need retraining if such happened, but you get my point I'm sure.)
This, of course, assumes they'd notice that's what was going on. I don't have any problem believing that people would take this course of action were they thrown into it suddenly.
Unfortunately for us, it's a grandually occuring thing. Officers get asked inremental bites to infringe on us more and more, and guess what, they do. Because it's just a little thing, but put it all together and it's not.
We're at this point today. Police infringe on our freedom and liberty on a daily basis, and I don't hear about many of them turning in their badge over it.
Some of them prefer to try and be a 'good cop' and I applaud that, I think at this stage of the game it's probably the best course of action. But I know what kind of crap they have to put up with for doing the right thing. I'm sure many of them probably lose their job over it, since to their superiors they aren't doing their job satisfactorily. But the fact remainst that it's nowhere near 'most cops'. 'Most cops' like to think highly of themselves in that fashion, but then they think to themselves that the scenario is one of going around arresting people because of their nationality...oops, they do that already, better come up with something more extreme.
Want a specific example in the drug area? How about Dallas, where we have recently discovered a lot of people in jail because cops were planting fake drugs at the scene and then arresting them. They'd then be tried and imprisoned.
Bruce Perens was certainly concerned when he posted this
Ooooh, appeal to authority. There's a justifiable reason for prior restraint if I ever heard one.
[close captioned for the sarcasm impaired]
No. We have a document that RECOGNIZES we have them. That's the crucial difference. Whether you believe they are 'natural' or not is completely irrelevant. You can believe they don't, and you can believe the sun revolves around the earth. I don't care, and it doesn't affect reality in the least.
There are certain rights that all people have purely by virtue of their existance. They just "make sense". Our declaration recognizes them as granted 'by God' because the concepts stem from Christian/Jewish history if you go far enough up the thread.
Your lack of belief doesn't alter the fact that the constitution doesn't guarantee our rights. It recognizes them, and it's a critical difference. If the rights we hold are granted to us by our govt, then they have the power to alter or retract them.
If instead, as our constitution says, they are ours to begin with, and that we have consented to be governed by a group we elect, and that that group is restricted by this contract we have with them as to what powers they can excercise, then they cannot do that.
They may pass laws to the contrary. And they might enforce them with the weapons they hold, but they will not be constitutional.
"governments are instituted among men, deriving their just powers from the consent of the governed" I like this bit - but (to quote Mao) "power flows from the barrel of a gun".
How do you propose to stop a government intent on doing what it wants: "is the right of the people to alter or to abolish it, and to institute new government," - put your (applicable to 300M out of 6G)consitution in front of them and hope they play by the "rules"
Yes. It does. And this is part of why the restrictions this country has allowed our govt to put on us in regards to firearms ownership is such a bad thing.
It's also the reason that the second amendment is there in the first place, despite what some people think:
"Guard with jealous attention the public liberty. Suspect everyone who approaches that jewel Unfortunately, nothing will preserve it but downright force. Whenever you give up that force, you are inevitably ruined." --Patrick Henry
"What country before ever existed a century and a half without a rebellion?... The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." --Thomas Jefferson, 1787
"No free man shall ever be debarred the use of arms. The strongest reason for the people to retain the right to keep and bear arms is, as a last resort, to protect themselves against tyranny in government." --Thomas Jefferson
How do I propose to stop them? Well, yes, the first and best choice is to use the constitution. But as you so astutely noticed, it's just a piece of paper. A contract, and if the govt has no desire to honor its contract then it falls to the people at whose behest they govern to overthrow that government and re-establish a free nation.
To our founding fathers, the need for this was a forgone conclusion. They understood the tendency of men, power, and government. Eventually, rebellion would be necessary. Whether or not men will rise to the need at such a point is a debateable matter, and indeed some would say that point is long past. Some would even say that point came and the rebellion was quashed. Some say it is too late now. I have hope...only a very small amount...but still some hope...that that day might yet come. Though I reserve my greatest hope for the possibility of founding a new american nation once space travel and interstellar settlement becomes a reality. And the fact that I find that a more stable and likely hope than our country ever righting itself out to tell you how small that hope is. ;-)
The middle road is where we really are. Those who care about old fashioned concepts like liberty, freedom (true freedom, not "freedom fries" freedom), personal responsibili
So many people with their own twisted view of american history. Hooray for public schooling.
/learn/ something from our history? Why do people feel the need to try to characterize the "founding fathers" as either some sort of fanatically devoted priesthood with aims of a theocracy? Why does most of the remaining population feel the need to try and characterize them as being as far from that as possible, latching onto any comment or comprimise they might have made as evidence they had no Christian leanings at all?
An AC has already posted an adequate response to your revisionist history, so I won't bother to
repeat him or his links here.
Why is it that so many people feel they have to twist history to fit their own ends and agenda? Wouldn't it be better (on both sides) to just read the facts and try to
If you read our history objectively, it's not hard at all to understand how our system of government came to be. The influences on those who framed it are pretty well known. Read the books they read at the time, the people and concepts they referred to.
We aren't a theocracy. This country was also not created out of some desire to protect everyone from any exposure to religion whatsoever. The first amendment is exactly what it says. The central government cannot form a 'national church' and make people join it and worship their laws. This is the protection we have. It was never intended to prevent our government officials from participating in any particular church. Or to prevent them from taking those views into account when making decisions that affect this country. Indeed, if that were the case, NOBODY could lead this country, as we ALL come to any particular problem with a perspective colored by the things we believe. (Including those of you who believe nothing. Yes, your views are colored by that too.)
I read elsewhere that the ten commandments are bad because anyone seeing them who isn't a christian would feel behind the 8 ball. Why? The 10 commandments are a foundation of law. They codify what some would call natural law. It is not the law people who come before the courts are judged by. Indeed, even Jews/Christians are unable to keep that law. (Which, if you are familiar with Christian theology, is the whole point of Grace in the first place.)
Nobody comes before the bench and has the prosecutor or the judge tell them they're guilty or not guilty based on the contents of the holy scriptures. No prosecuting attorney quotes references to scripture when making legal points in your case. No, they refer to the US and State laws which apply to your case. Because THAT is what you are being judged by, regardless of any plaques hanging on the walls, or statues sitting in the courthouse.
I heard today that some woman is in Fort Worth is upset and suing the city because they put a panther statue up. She feels it represents paganism and is offended by its religious connotations. GIVE ME A FREAKING BREAK!
It's just a freaking statue! It's means something to some of the people who live in fort worth, and reflects a part of their history. They aren't WORSHIPPING it.
Same goes for the 10 commandments. AFAIK, no defendants have been marched before it and forced to read and accept it. No-one has been told if they don't believe and live the contents they'll not get a fair trial, or that they'll lose their citizenship.
These types of displays have been around for FOREVER. Hell, iirc, the 10 commandments were hanging on the wall of the supreme court when they ruled on Roe v. Wade, and wonder of wonders, they ruled against Christianity. I'm so SHOCKED, SHOCKED I tell you, that it didn't exert its horrible mind-control powers over those judges and force them to rule differently.
I think people are addicted to strife. And there's just not enough big fights to go around anymore, so they go picking on stupid things like statues, plaques, flags, and other meaningless crap..(Take a look at some of the absolut
I disagree. This is not, or rather imo it should not be, a high priority. It's very pretty, but not exactly XFree's biggest problem. They need to solve the issues surrounding configuring X, and handling various input devices. They need to move it to a halfway usable build system. They need to stop forcing me to build and install a driver for every video card in the world even though I rarely even have more than 2 or 3 video cards in any one box. And most people only have one.
It needs to stop accessing hardware directly and work to play nice with the kernel. We can worry about alpha blending and such later.
Well, maybe because the XFree team isn't interested in anything except improving graphics drivers? I mean, I love X, I think it's a great concept, but XFree86 needs improvement. Not necessarily in overal concept, but in implementation. Lots of cleanup and rewrite work to be done that could make X a lot better than it already is.
But if nobody in the core team is interested in any of that, then you have no choice but to try other methods of getting it accomplished. However, I'm disappointed that I don't see any of the X developers I"d expect to see listed on the project page. It makes me hesitant to jump on this thing as a great move. Regardless, I don't think it's a bad move, but it's not the fork I've been waiting to see. I guess we'll have to see how things play out.
I'm encouraged by their choice of repositories though. It'll be good to see how Arch works for them. I anticipate they'll be very happy with it.
Just to boil it down to the way I see it. If I buy a T-1 line for 400$/mo, and I offer it to 20 people in my neighborhood for 20$/mo, I still pay 200$/mo for the service. I mean, sure, I could limit it to just the first 10 people, or drop the price to 10$/mo to cover 20 people, but I'm not going to pay through the nose for half a T-1 when I'm not realistically going to get to use half the bandwidth. More than that, I'm sure as hell not going to offer it at a cost/person rate that's going to make /them/ a profit while continuing to cost me the same amount of money.
If they REALLY want to see this succeed, they should make it a profit sharing venture. Here's how I'd do it.
I'd also have an incentive program. If your share is popular, and used by lots of people, they consider bringing you on as a paid employee/partnership business or something. Or maybe they give you a discounted rate on the line. (more important for adding customers than anything else)
Yes. Scenario: 500 *nix servers, team of 10 administrators. Solution 1: Each user gets a login created on each machine, and then they login, create an ssh key, and distribute the public key to all other machines. Later, when that person leaves, all those keys and all those user accounts get deleted. (Given, you could use NIS/LDAP/etc to try and alleviate the user-account side of the issue. But you didn't mention that as part of your RSA solution, and note that each of these solutions has potential inherent security problems.) Solution 2: Setup kerberos. Authenticate all users for all machines securely from one location. Add and delete user accounts from one location.
That's not how it works. With the system he was talking about if you don't have a valid caller-id setting a machine at the phone company answers and asks for your name/etc kinda like a collect call. The phone company then calls you (which shows up under privacy manager or whatever) and replays whatever was said and you decide if you want to connect the call or hang up. It's a truly great service, because if they don't say anything or hang up before the initial part completes you don't get a call at all. Which happens quite frequently. However, those people you /want/ to talk to can still get through.
Linux was more open to people in general.
However, I did put up protests about Windows, particularly as 3.1 became more and more popular. Not because it was more accessible to people, but because it was such a pain in the ass to use. It was horribly unreliable, and I could do things 10 times faster at the commandline than I could trying to work with that horrible interface.
Guess what, I still feel that way today. There are very few applications where GUI is faster and better. The primary one being web browsing. And really, even that's just fine in text mode, assuming you don't have stupid sites and you have your mouse working in your terminal window.
Does that mean you can't have your beloved mac? Hell no. It just means I don't care for it.
As for will Lindows be the next big thing? Could be. But I predict it faces a rough future. Apple is really coming around. OS-X is (fwict) a solid product and only getting better. Their support model is also improving, and as more users switch, the breadth of supported apps and hardware can only get better.
This will give lindows a rough time in its target market, but considering that the pricing model of Apple is still fairly high, I think there's plenty of room for both of them to compete, at least for the time being.
What scares me is that if lindows is widely deployed you'll have a bunch of users with the same security problems windows has. And they'll have relatively uniform setups which will make at least that distribution of linux a tempting target for the various virus/worm/trojan horse writers out there.
I know for a fact that this isn't true. I get bounces from my mail domain from spammers trying permutations of addresses all the time. Removing -'s, removing 'spam' from the address, etc.
Scenario:
This code has not been signed (or is signed by an unknown publisher) Click OK in this box could transmit a virus, destroy your hard drive, subvert your nations economy, summon flesh eating aliens and damn us all to eternal hell.
Yes, checking signatures on code you execute is a good thing, but there are specifics to be concerned about in an implementation. How to you guarantee the signature? Obviously, some sort of authentication, and method of checking the signiture against, perhaps, a public key is needed. And to handle that you need a web of trust that's workable. But none of that matters a whit if users aren't careful about the trust, and don't investigate. Nor is it worth a darn if they ignore warnings. These problems (aka user education, and poorly designed secure systems) have to be taken care of before any of this will be useful.