Basically, in your example, you're saying that the company doesn't care if anyone can forge "@someisp.net" onto their spam/worm messages. That you're not willing to take steps to protect the use of that brand/domain.
AC, you either a) replied to the wrong message, or b) have not learned the Golden Rule about 'assume'.
I understand that images are important in e-mail, but if you are capable of receiving yourname@yourjob.com, then theoretically you should be able to connect to the actual yourjob.com mailserver.
The fact that you haven't had to up to this point is a security hole, not a feature.
Feature Example: If you are 1 of 25 workers who have the task of dealing with usenet@someisp.net complaints/help, you'll all need to be able to pretend to be usenet@someisp.net when responding, even if you're responding from home or abroad. Giving all 25 people remote direct access to the usenet@someisp.net is not a good idea at all.
Reply-To: doesn't help. It can (and will) cause serious problems.
Don't agree with me? Take a close look at what websites you visit on a regular basis. Convince yourself you visit a new webiste with a view different from yours every day....
I do try. It's one of the very valuable lessons I learned from my late grandmother.
I was the only person in our family that didn't think she was slightly crazy, I just thought she was interesting (example: all of us grandkids had to know the alphabet backwards just as well as we did forwards).
One of the most 'odd' things she did was completely refuse to read the same newspaper publication two days in a row. If the news boxes were out of the other competing ones on a given day, she would drive around town until she found one.
There were ones she didn't particularly like, but she read them anyway.
I was too young to understand at the time but a short while after her death I finally realized how much more capable I was to think critically and separate the chaff from the wheat.
To this day, I do my best to read alternate my news sources as much as possible.
Add to that people had to work with fractions when calculating how many programs would fit on a betamax tape.
When I was a teenager, I worked at some video/vcr/tv stores when Betamax and VHS both had a strong market share. When it came to VCR's, the #1 question I heard was 'how many shows & movies will fit on a tape?'.
Explaining betamax record speeds did tend to confuse people much more than explaining the 2-4-6 hour speeds of VHS.
Instead of writing more secure code or locking down system services by default, MS is going after the people who write viri.
That sentence gave me a flashback.
I remember (in the early anti-virus software days) when Anti-Virus companies made the error of giving bounties for new virii found. After a bit, more sane minds realized that giving bounties accellerated the production of new ones.
Challenging virus creators on their own ground will always be a mistake.
I looked at buying their update service, but paying $60 a year for each of my four personal boxes was crazy, and I tried paying them for just one, but it was too messy to manage the updates for the rest of the boxes separately.
Share the up2date directory of the updated box with the other boxes. Upgrading rpm's is a breeze that way.
so I feel it is only appropriate to discontinue the benefits once enjoyed by Red Hat users as part of that community. RH newbies now get the same answer I give to Microsoft users. Call the provider of your software
I pay for 1 copy of every RedHat major release and I asked for 'Official' RedHat support ONCE 2 year ago because I was having problems configuring an ISDN card on a box.
Not only was the reply to my question misspeeled (not to mention the atrocious grammmmur), the instuctions gave me very excellent answers on how to troubleshoot ASDL, not ISDN.
(my speeeling and grammeur aren't the best, but then again I'm not paid to deal directly with paying customers)
Not a bad deal when users are paying $60/yr per system.
Not to nitpick, but that should read '...when users are paying $60/yr per network'.
To keep all of the boxes on my network updated, I only have to have one updated. The rest are updated from that box.
I pay for every major release of RedHat, but I'll admit that I'm getting an extremely sweet deal because I can share those updates across the local network very easily.
If you or anyone else has some links to QUALITY discussions on the subject of improving tempurature detection, I'd appreciate it. Google is nice, but OTOH, I've found that only a small portion of the pages I find in technical matters actually show references backing up their assertions.
I will be soon setting up web/mail/ftp/etc hosting boxes on a t3 for a new job. Knowing how to calibrate (improve) tempurature monitoring will save me a lot of headaches later.
A 40F change in the tempurature AT the probe in 30 seconds isn't likely.
Not to mention, the monitor says that my normal CPU tempurature is 105C (hence, the auto-bios shutdown after 10 minutes of FPS gameplay).
I removed the bios tempurature alarms and the box doesn't crash. The monitor says 100-105C. The cpu CAN'T actually be hotter than ~200 degrees. I'm pretty sure I'd be experiencing some technical difficulties now and then or frying eggs on my cpu.
Unfortunately, this is all academic because motherboard temperature sensors are notoriously non-calibrated, and I've seen them be 10C off or more!
I second that motion. My ATV333 w/2100+ CPU tempurature monitor is more than 20C off (over). This caused the bios auto-shutdown-voice-alarm-thingy to kick in after playing Quake3 for 10 minutes or so when I first put this box together.
To compensate for the problem, I left the box unpowered for 1 evening and looked at the (alleged) cpu and motherboard tempuratures right after booting up. The CPU tempurature monitor turned out to be reading ~20C over the actual tempurature.
Not really. AOL isn't doing it for any Evil Intent.
Usually, the most important data is the first page hit. WHICH PAGE/SITE REFERRED THE PERSON TO THIS WEB SITE? In most cases, where the person is connecting from is not nearly important as where they found the link.
An ecommerce example: When showing site statistics, I advise my ecommerce clients to put their money in the referring sites that yield the highest 'bought a product' ratio.*
Once in a while, the client will be awed by the AOL total hits statistics and want to put money there. I then explain that they will most likely increase their bandwidth use with little return and have to pay AOL for the privilege.
A site that depends on banner ads example:
Put money in referrer sites where the referred person viewed the most pages AND clicked the most ads per person. Accurate statistics for that are easy with PHP scripting (or your language of choice). Bonus points for using a script that counts returning visitors and compares that to where they were originally referred from.
* It has crossed my mind that I could be mean/funny and generate 'how many attempts it takes an AOL user to fill out a form correctly' statistics.
2. Root server notices it's of the 'non-existent top level domain' variety.
3. Root server sends back information pointing to an ip that shows a web page with a nicer version of 'either you clicked a FrontPage created link, you are a monkey banging a banana on the keyboard, or your ISP administrators don't have a clue'.
Advantages: It'll embarrass ISP's. It'll cut down on the traffic to the Root Servers.
Disadvantages: It'll only be noticeable with web queries.
Law Enforcement Agencies in California, impressed with Overlord's Crappy Recording Advancement Program[TM] are now preparing to flood the drug market with 'Weak' Crack Cocaine.
4 out of 5 RIAA Experts agree that like Overlord's massive CRAP undertaking, the new Crack Lite Adulteration Program will undoubtably discourage users from wanting any more of the product.
Unfortunately, the arguments against freedom of quality encryption systems included that drug dealers would use them to keep track of something or other...I'm kind of foggy on the exact arguments the War On Families has been using over the years. I'm not sure if there ever was a good one.
That didn't scare the common citizen much. After all, envisioning common crack/whatever dealers using systems like that is kind of silly if though about long enough.
But now, the scare tactic is that good encryption systems are the teherorizsts tool of choice.
The Teherorizst 'card' will unfortunately push back high quality disk-based encryption for the masses.
Put a decoy server box next to the switch. (switch has a UPS with a high rating so it could run for a day or so without AC). For fun, only run a DARE program website on the decoy. For extra fun, mirror an ACLU web site as well. (Imagine a slashdot ACLU WEB SITE SEIZED story)
Disconnect the switch's leds for the connection to the real server.
Hide that server WELL with a UPS. After all, there really isn't any reason to physically access it unless there is a hardware failure. Put it under the garage floor or something. Even if the Men In Black are very well trained, it's not likely they'll find it, or at least it will be hours before they do.
The well trained officers will be inside the house anyway unless they can't find what they are looking for. (They'll have the newbies checking the garage and property at first unless it's a murder/kidnapping investigation)
When the Men In Black show up, if you don't have time to pull the cable for the server (which will trigger the server to start wiping), say something like "PLEASE DONT THROW MY SWITCH IN THE BRIAR PATCH MR WOLF IM CLEANING UP MY HARD DRIVES AND YOU HAVE NO RIGHT TO DISCONNECT MY EQUIPMENT WHICH WILL STOP IT FROM FINISHING THE JOB"*
*Dirty Harry's Law: If you tell Law Enforcement Officers that they don't have the right to do something to you or your belongings, they will ahead and do it if the only witnesses are other officers.
It's not as if Slashdot is going to get scooped on one of these.
I don't disagree, and that wasn't the point in any case. Those were examples to show that there are a lot of things to consider about taking all control away from a web site owner.
Some examples may be silly to me and you, but they might be serious to some site owners. And, it's not always easy to tell a 'rinky-dink virutal site' from a good one...even most admins when asked will say that their web server is good if they haven't had any problems in the past.
Or, just put a short questionnaire before downloading like PGP and other encryption software downloads are handled.
'you are not a citizen of (or located in) the USA [CHECKOX]'
Download is accepted if the box is checked. If not, then an 'USA downloads are not allowed due to X complications with USA laws' error is displayed.
Naturally, just like with all other software and license agreements, people will click whatever it takes to get what they want and then Kazaa has covered their ass.
Slashdot Mirror
Basically, in your example, you're saying that the company doesn't care if anyone can forge "@someisp.net" onto their spam/worm messages. That you're not willing to take steps to protect the use of that brand/domain.
AC, you either a) replied to the wrong message, or b) have not learned the Golden Rule about 'assume'.
I understand that images are important in e-mail, but if you are capable of receiving yourname@yourjob.com, then theoretically you should be able to connect to the actual yourjob.com mailserver.
The fact that you haven't had to up to this point is a security hole, not a feature.
Feature Example: If you are 1 of 25 workers who have the task of dealing with usenet@someisp.net complaints/help, you'll all need to be able to pretend to be usenet@someisp.net when responding, even if you're responding from home or abroad. Giving all 25 people remote direct access to the usenet@someisp.net is not a good idea at all.
Reply-To: doesn't help. It can (and will) cause serious problems.
Don't agree with me? Take a close look at what websites you visit on a regular basis. Convince yourself you visit a new webiste with a view different from yours every day....
I do try. It's one of the very valuable lessons I learned from my late grandmother.
I was the only person in our family that didn't think she was slightly crazy, I just thought she was interesting (example: all of us grandkids had to know the alphabet backwards just as well as we did forwards).
One of the most 'odd' things she did was completely refuse to read the same newspaper publication two days in a row. If the news boxes were out of the other competing ones on a given day, she would drive around town until she found one.
There were ones she didn't particularly like, but she read them anyway.
I was too young to understand at the time but a short while after her death I finally realized how much more capable I was to think critically and separate the chaff from the wheat.
To this day, I do my best to read alternate my news sources as much as possible.
Add to that people had to work with fractions when calculating how many programs would fit on a betamax tape.
When I was a teenager, I worked at some video/vcr/tv stores when Betamax and VHS both had a strong market share. When it came to VCR's, the #1 question I heard was 'how many shows & movies will fit on a tape?'.
Explaining betamax record speeds did tend to confuse people much more than explaining the 2-4-6 hour speeds of VHS.
Not to mention, our arrogance.
Whoops, I guess I missed the part of internet history where google became the correct answer to everything.
I'm off to ask google "What is the answer to life, the universe, and everything?"
Instead of writing more secure code or locking down system services by default, MS is going after the people who write viri.
That sentence gave me a flashback.
I remember (in the early anti-virus software days) when Anti-Virus companies made the error of giving bounties for new virii found. After a bit, more sane minds realized that giving bounties accellerated the production of new ones.
Challenging virus creators on their own ground will always be a mistake.
Please don't do that. I'll have to update my 'GET OFF YOUR CELL PHONE AND DRIVE' bumper sticker.
I saw that guy in a dream once.
He was saying 'can you read your bill now sucker!'.
Do you mean that I could take a cam-cell phone, visit strip clubs, say things like 'can you see me now', and make money while doing it?
I'm there!
I looked at buying their update service, but paying $60 a year for each of my four personal boxes was crazy, and I tried paying them for just one, but it was too messy to manage the updates for the rest of the boxes separately.
Share the up2date directory of the updated box with the other boxes. Upgrading rpm's is a breeze that way.
so I feel it is only appropriate to discontinue the benefits once enjoyed by Red Hat users as part of that community. RH newbies now get the same answer I give to Microsoft users. Call the provider of your software
I pay for 1 copy of every RedHat major release and I asked for 'Official' RedHat support ONCE 2 year ago because I was having problems configuring an ISDN card on a box.
Not only was the reply to my question misspeeled (not to mention the atrocious grammmmur), the instuctions gave me very excellent answers on how to troubleshoot ASDL, not ISDN.
(my speeeling and grammeur aren't the best, but then again I'm not paid to deal directly with paying customers)
Not a bad deal when users are paying $60/yr per system.
Not to nitpick, but that should read '...when users are paying $60/yr per network'.
To keep all of the boxes on my network updated, I only have to have one updated. The rest are updated from that box.
I pay for every major release of RedHat, but I'll admit that I'm getting an extremely sweet deal because I can share those updates across the local network very easily.
Gotchya, my mistake was assuming.
If you or anyone else has some links to QUALITY discussions on the subject of improving tempurature detection, I'd appreciate it. Google is nice, but OTOH, I've found that only a small portion of the pages I find in technical matters actually show references backing up their assertions.
I will be soon setting up web/mail/ftp/etc hosting boxes on a t3 for a new job. Knowing how to calibrate (improve) tempurature monitoring will save me a lot of headaches later.
Thank you very much for your input.
A 40F change in the tempurature AT the probe in 30 seconds isn't likely.
Not to mention, the monitor says that my normal CPU tempurature is 105C (hence, the auto-bios shutdown after 10 minutes of FPS gameplay).
I removed the bios tempurature alarms and the box doesn't crash. The monitor says 100-105C. The cpu CAN'T actually be hotter than ~200 degrees. I'm pretty sure I'd be experiencing some technical difficulties now and then or frying eggs on my cpu.
Unfortunately, this is all academic because motherboard temperature sensors are notoriously non-calibrated, and I've seen them be 10C off or more!
I second that motion. My ATV333 w/2100+ CPU tempurature monitor is more than 20C off (over). This caused the bios auto-shutdown-voice-alarm-thingy to kick in after playing Quake3 for 10 minutes or so when I first put this box together.
To compensate for the problem, I left the box unpowered for 1 evening and looked at the (alleged) cpu and motherboard tempuratures right after booting up. The CPU tempurature monitor turned out to be reading ~20C over the actual tempurature.
Not really. AOL isn't doing it for any Evil Intent.
Usually, the most important data is the first page hit. WHICH PAGE/SITE REFERRED THE PERSON TO THIS WEB SITE? In most cases, where the person is connecting from is not nearly important as where they found the link.
An ecommerce example: When showing site statistics, I advise my ecommerce clients to put their money in the referring sites that yield the highest 'bought a product' ratio.*
Once in a while, the client will be awed by the AOL total hits statistics and want to put money there. I then explain that they will most likely increase their bandwidth use with little return and have to pay AOL for the privilege.
A site that depends on banner ads example:
Put money in referrer sites where the referred person viewed the most pages AND clicked the most ads per person. Accurate statistics for that are easy with PHP scripting (or your language of choice). Bonus points for using a script that counts returning visitors and compares that to where they were originally referred from.
* It has crossed my mind that I could be mean/funny and generate 'how many attempts it takes an AOL user to fill out a form correctly' statistics.
1. Bad request received by a root server
2. Root server notices it's of the 'non-existent top level domain' variety.
3. Root server sends back information pointing to an ip that shows a web page with a nicer version of 'either you clicked a FrontPage created link, you are a monkey banging a banana on the keyboard, or your ISP administrators don't have a clue'.
Advantages: It'll embarrass ISP's. It'll cut down on the traffic to the Root Servers.
Disadvantages: It'll only be noticeable with web queries.
This Just In:
Law Enforcement Agencies in California, impressed with Overlord's Crappy Recording Advancement Program[TM] are now preparing to flood the drug market with 'Weak' Crack Cocaine.
4 out of 5 RIAA Experts agree that like Overlord's massive CRAP undertaking, the new Crack Lite Adulteration Program will undoubtably discourage users from wanting any more of the product.
That would be a powerful setup.
Unfortunately, the arguments against freedom of quality encryption systems included that drug dealers would use them to keep track of something or other...I'm kind of foggy on the exact arguments the War On Families has been using over the years. I'm not sure if there ever was a good one.
That didn't scare the common citizen much. After all, envisioning common crack/whatever dealers using systems like that is kind of silly if though about long enough.
But now, the scare tactic is that good encryption systems are the teherorizsts tool of choice.
The Teherorizst 'card' will unfortunately push back high quality disk-based encryption for the masses.
Use workstations.
Put a decoy server box next to the switch. (switch has a UPS with a high rating so it could run for a day or so without AC). For fun, only run a DARE program website on the decoy. For extra fun, mirror an ACLU web site as well. (Imagine a slashdot ACLU WEB SITE SEIZED story)
Disconnect the switch's leds for the connection to the real server.
Hide that server WELL with a UPS. After all, there really isn't any reason to physically access it unless there is a hardware failure. Put it under the garage floor or something. Even if the Men In Black are very well trained, it's not likely they'll find it, or at least it will be hours before they do.
The well trained officers will be inside the house anyway unless they can't find what they are looking for. (They'll have the newbies checking the garage and property at first unless it's a murder/kidnapping investigation)
When the Men In Black show up, if you don't have time to pull the cable for the server (which will trigger the server to start wiping), say something like "PLEASE DONT THROW MY SWITCH IN THE BRIAR PATCH MR WOLF IM CLEANING UP MY HARD DRIVES AND YOU HAVE NO RIGHT TO DISCONNECT MY EQUIPMENT WHICH WILL STOP IT FROM FINISHING THE JOB"*
*Dirty Harry's Law: If you tell Law Enforcement Officers that they don't have the right to do something to you or your belongings, they will ahead and do it if the only witnesses are other officers.
YM, 'it becomes public property', HTH
It's not as if Slashdot is going to get scooped on one of these.
I don't disagree, and that wasn't the point in any case. Those were examples to show that there are a lot of things to consider about taking all control away from a web site owner.
Some examples may be silly to me and you, but they might be serious to some site owners. And, it's not always easy to tell a 'rinky-dink virutal site' from a good one...even most admins when asked will say that their web server is good if they haven't had any problems in the past.
Merriam-Webster:
Terrorism : the systematic use of terror especially as a means of coercion
Not to mention, most terrorists don't have a political agenda, they have a Religious one.
Or, just put a short questionnaire before downloading like PGP and other encryption software downloads are handled.
'you are not a citizen of (or located in) the USA [CHECKOX]'
Download is accepted if the box is checked. If not, then an 'USA downloads are not allowed due to X complications with USA laws' error is displayed.
Naturally, just like with all other software and license agreements, people will click whatever it takes to get what they want and then Kazaa has covered their ass.