All I want is a working Star Trek type transporter, the geographic coordinates of every spammer on Earth, and the coordinates to the center of the Sun. Good times
If that's all that you're using it for, it doesn't even have to be completely working...
What we'd be doing by adopting something like SPF is giving up our right to communicate with whomever we want and how we want using the Internet. It is the email equivalent of PKI. If your ISP (or whoever can influence it) wants to censor you or make you use a certain vendor's mail system then agreeing to standards like the SPF makes it that much easier.
I thought that when I first read about SPF, but after contemplating it for a while decided that it was worth the trade-off. The possibility for censorship is extremely limited.
A system like SPF only affects mail sent from @isp.com. If isp.com doesn't want to let you send mail directly from a certain IP without going through their relay -- fine -- nobody says you have to use your @isp.com account to send mail. In fact, many people prefer to have an ISP-neutral account so they can switch ISPs without having to change email addresses. Either use a third-party service or spend $10 a year to register jones.org. There are plenty of registrars that will let you park your DNS on their servers and some even offer mail forwarding to your @isp.com account.
With SPF, the only reqirement to send from jones.org is that the IP address is authorized -- which requires control of the DNS for jones.org. If you own the domain it's no problem. The only way your ISP can stop that is to block outbound port 25 traffic, which would have the same effect even without SPF or a similar mechanism.
But JPEG is a lossy compression format. The whole point of the format is to eliminate random noise because such noise would just be a waste of space to store. So if there's a picture with a lot of random noise, it's a pretty good sign that something else is going on. For one thing it will be a lot bigger because 'random' (or encrypted) data is much more difficult to compress.
When you outsource coding, this problem is highlighted more, meaning management can finally do something.
The only problem is that outsourced programming often times SUCKS. It's usually commissioned by management with little or no input from the people who will end up supporting it.
I have the unfortunate job of managing a large number of Windows 2000 workstations, but have them locked down so that users can't install random crapware or muck with the system settings.
Over the years we've had a few custom programs developed on a contract basis by outside companies. Most of them are buggy, slow (Visual Basic crap), and make assumptions they shouldn't. It annoys me to no end when users complain that the software isn't working and it turns out to be that the software is badly designed and is trying to write to files inside of the program directory or modify the HKEY_LOCAL_MACHINE registry hive. I mean you don't see many *NIX programs that demand write access to/usr/bin or/etc... I've even seen this in some commercial software: AutoCAD LT, ACT, etc.
Fortunately, our in-house developers are pretty clueful and their stuff usually works without a hitch.
Backup Exec DOES have its own domain-wide service account, which has Backup Operator rights on everything it needs to get to. Yet for some inexplicable reason it still needed anonymous access. See here or here for details.
And for the record, this discussion was about NULL-sessions and has nothing to do with the guest account (which is DISABLED on everything we use).
Setting restrictanonymous=1 is almost trivial. "almost trivial" = was trivial in my home, and corporate networks, but just might present problems on yours. Setting restrictanonymous to 2 is much more exciting - IIRC, it is completely unfeasible to do it on servers running Exchange 2k, or active directory boxes E2k will query.
Backup Exec didn't appreciate either setting one bit -- it refused to back up any server that had RestrictAnonymous set (with a cryptic and unhelpful error message). IIRC, McAfee management console crapped out as well.
Neither of the above make any difference. Any sane *nix installation doesn't allow root logins over the network, and as many have pointed out, all you really need to know is that you're after UID 0.
Somewhat less widely known is that the exact same is true on the Windows platform. The builtin Administrator account (which can't be disabled, is exempt from password lockout, and almost always CAN be used over the network) always has a RID of 500. The SID for the computer can be determined easily enough, so any anonymous user can find out exactly what you renamed your administrator account to.
You do realize that a null session (even more anonymous than guest and very hard to disable as many services depend on it) has the ability to query for your renamed Administrator account, right?
I doubt that there would be any complaint if you attempted to circumvent DRM to gain access to a work that is in the public domain.
But the problem is that the tools to circumvent DRM have been outlawed. It's as if locksmith tools were banned because they MIGHT be used to break into somebody else's house. It doesn't matter if you only needed them to get into your own after you lost the key, the tools themselves are illegal to have.
Slashdot Mirror
Have you ever run Konsole from KDE 3.1 side-by-side with GnomeTerminal from Gnome 2.4?
:-P
And then run xterm side-by-side with both of them?
And my USB2 hard drive is formatted Berkley FFS, but neither can be 'used with just about any operating system'.
Super Chinese Super Buffet!
If that's all that you're using it for, it doesn't even have to be completely working...
As an added bonus, pen drives can be used with just about any operating system
But don't forget to pay your MS FAT Patent Tax...
If you're using wine anyway...
Xvfb is all you need.
"Would Ansel Adams Have Gone Digital?"
Of course not. He didn't even go color.
He's just embarassed about using MS SQL server.
Dance... party... takes... away... Waco!
I thought that when I first read about SPF, but after contemplating it for a while decided that it was worth the trade-off. The possibility for censorship is extremely limited.
A system like SPF only affects mail sent from @isp.com. If isp.com doesn't want to let you send mail directly from a certain IP without going through their relay -- fine -- nobody says you have to use your @isp.com account to send mail. In fact, many people prefer to have an ISP-neutral account so they can switch ISPs without having to change email addresses. Either use a third-party service or spend $10 a year to register jones.org. There are plenty of registrars that will let you park your DNS on their servers and some even offer mail forwarding to your @isp.com account.
With SPF, the only reqirement to send from jones.org is that the IP address is authorized -- which requires control of the DNS for jones.org. If you own the domain it's no problem. The only way your ISP can stop that is to block outbound port 25 traffic, which would have the same effect even without SPF or a similar mechanism.
There is. Check out SPF. It's simple, built on existing protocols (DNS), and 100% djb-free.
But JPEG is a lossy compression format. The whole point of the format is to eliminate random noise because such noise would just be a waste of space to store. So if there's a picture with a lot of random noise, it's a pretty good sign that something else is going on. For one thing it will be a lot bigger because 'random' (or encrypted) data is much more difficult to compress.
When you outsource coding, this problem is highlighted more, meaning management can finally do something.
/usr/bin or /etc... I've even seen this in some commercial software: AutoCAD LT, ACT, etc.
The only problem is that outsourced programming often times SUCKS. It's usually commissioned by management with little or no input from the people who will end up supporting it.
I have the unfortunate job of managing a large number of Windows 2000 workstations, but have them locked down so that users can't install random crapware or muck with the system settings.
Over the years we've had a few custom programs developed on a contract basis by outside companies. Most of them are buggy, slow (Visual Basic crap), and make assumptions they shouldn't. It annoys me to no end when users complain that the software isn't working and it turns out to be that the software is badly designed and is trying to write to files inside of the program directory or modify the HKEY_LOCAL_MACHINE registry hive. I mean you don't see many *NIX programs that demand write access to
Fortunately, our in-house developers are pretty clueful and their stuff usually works without a hitch.
Linux or Windows for desktop.
:-P
BSD for servers.
They call it SFU now...
"Shut the F Up"?
Well, we already knew that's what MS thought about UNIX, but they haven't come right out and said it until now...
'nuff said
Backup Exec DOES have its own domain-wide service account, which has Backup Operator rights on everything it needs to get to. Yet for some inexplicable reason it still needed anonymous access. See here or here for details.
And for the record, this discussion was about NULL-sessions and has nothing to do with the guest account (which is DISABLED on everything we use).
Setting restrictanonymous=1 is almost trivial. "almost trivial" = was trivial in my home, and corporate networks, but just might present problems on yours. Setting restrictanonymous to 2 is much more exciting - IIRC, it is completely unfeasible to do it on servers running Exchange 2k, or active directory boxes E2k will query.
Backup Exec didn't appreciate either setting one bit -- it refused to back up any server that had RestrictAnonymous set (with a cryptic and unhelpful error message). IIRC, McAfee management console crapped out as well.
Neither of the above make any difference. Any sane *nix installation doesn't allow root logins over the network, and as many have pointed out, all you really need to know is that you're after UID 0.
Somewhat less widely known is that the exact same is true on the Windows platform. The builtin Administrator account (which can't be disabled, is exempt from password lockout, and almost always CAN be used over the network) always has a RID of 500. The SID for the computer can be determined easily enough, so any anonymous user can find out exactly what you renamed your administrator account to.
See NT Bugtraq or JSI for more details.
You do realize that a null session (even more anonymous than guest and very hard to disable as many services depend on it) has the ability to query for your renamed Administrator account, right?
http://www.jsiinc.com/SUBB/tip0500/rh0519.htm
But the problem is that the tools to circumvent DRM have been outlawed. It's as if locksmith tools were banned because they MIGHT be used to break into somebody else's house. It doesn't matter if you only needed them to get into your own after you lost the key, the tools themselves are illegal to have.
The only one worse than that was the Eighteenth amendment.
Best. Probability. Post. Ever.
Actually, in my experience, Windows (2000 Server running Exchange) clustering seems to make the service LESS reliable, not more...
Not to mention that Greedo was in the middle of a sentence and it makes absolutely NO sense for him to take a badly-aimed shot at Han then.