We use Remedy to post and track all requests, their resolution etc.. Seems to work pretty well.
Have you seen the invoice yet?
I was once involved in a Remedy project at a government agency. We spent close to $500,000 (license, consultants, staff time, equipment) to get about 20% more functionality than we would have out of a $5,000 Bugzilla project.
We originally used bugzilla to track software bugs. It's now used for a dozen different processes. Everything from IT requests where someone's desktop breaks, emergency hardware failures, business analyst questions, etc.
Last place I worked used it for everything too. Worked very well. The database structure is pretty simple, so we were easily able to set up a monitor that showed real-time stats (issues opened, issues closed, where they were piling up, etc.) as well as all sorts of client-accessible read-only interfaces via web and email.
This at the top of the explanation page, and as far as I can tell, is already broken. This is because it assumes that you can tell where a message is coming from. This is true if the sender wants you to know where it's coming from. However, IP address spoofing is quite easy. Simply put an IP address other than your own in the source field of an IP packet header. In this case, you'd use an IP address that was on the "permitted" list.
Cool, you know a way to send an entire email message in a single SYN packet? Do share.
I have no idea on this, as I understand dns at a minor level, but wouldn't it be entirely possible to patch NAMED to send ranges and not just individual addys? IE: 24/1.7.168.192.in-addr._smtp_client.hotmail.com. TXT "spf=allow" -and patch sendmail (which will already have to be patched to use this system) to understand the network bit?
Nice sentiment, but this would be horrid. You can't just "patch" programs to operate differently at protocol boundaries. What about everyone who's NOT using BIND or Sendmail? Or who didn't hear about your spontaneous change to the protocol? What are they going to do when they see "24/1.6.168.192.in-addr._smtp_client.hotmail.com"? They're going to fail completely, because it's a format they weren't programmed to understand. The people who put together the SPF proposal were very careful to make sure that implementing it on the origination end wouldn't break any protocols or software.
The correct answer is that named can be told to respond to a large number of patterned queries using the appropriate configuration directives.
Hate to see what Hotmails DNS will look like with a few million: 1.7.168.192.in-addr._smtp_client.hotmail.com. TXT "spf=allow"
entries in it . ..
Don't worry, you'll never have to see that. Their servers are all in a few ranges, so they can use wildcards: *.7.168.192.in-addr._smtp_client.hotmail.com.
This seems WAY to complicated as an answer to a problem that's solved much better by PGP/GPG
Your statement is intrinsically false: There is no known problem for which PGP/GPG is not the most complicated (and least user-friendly) possible solution.
I must assume you need the $100,000 to pay an immigration lawyer to get you into the USA. Because Speakeasy is all over the country. New York and San Francisco are the most expensive places in the lower 48, and it would cost you $4500 to move to either one of them from any other point in the lower 48. ($300 for a plane ticket, $1200 to ship your stuff, $2000 security deposit, and $1000 first month's rent).
Postfix can check to see if the hostname you claim to be from matches your IP. ... It is -incredibly- effective against blocking spam
It's also -incredibly- effective at blocking legitimate mail. Anyone who uses a single mail server to handle outbound mail only for more than one domain (and that's a LOT of people) can't mail you.
I cannot imagine anyone turning this on unless they really had no interest in receiving their email. I would guess that the way you describe it is not how it actually works.
This poses a couple of problems. If a spammer starts spoofing email from a domain all over will this create a secondary DDoS by making massive requests on a legit host?
When spammer spoofs email from an innocent domain, they've already created a much larger DDoS in the form of bounces and complaints. The SPF DNS traffic would be trivial by comparison.
We did one to a guy in my dorm that no one liked. We taped Saran wrap across the door opening (made sure it was pulled tight so that it wasn't visible through the peep hole). Of course, the RA and security guards were in on this. Anyway, the next morning, he runs out the door late for class, and completely wraps himself up in the Saran Wrap.
My neighbor in the dorm (let's call him "Nik") was constantly pulling pranks on his fairly humorless roommate (let's call him "Hans"), and since I was the only one on the floor with a toolbox, I usually got involved.
My favorite one:
Background: (1) The door had a keyhole on the outside and a simple pushbutton on the inside so you could lock it while you were home. (2) Hans invariably left his keys in his girlfriend's room.
So we unwired the phone jack, and then reversed the doorknob assembly, so that the button was on the outside. Nik sat in the room and waited for Hans to arrive, then said "goodbye" and darted out the door, pulled it shut, and pushed the button. He taped a sign on the door asking people not to open it no matter what they heard on the other side.
Soon we had a big crowd outside laughing at the whole thing. Hans was banging furiously on the door, screaming murderous threats of revenge. But then suddenly he went all quiet. And stayed that way.
Curiosity was getting the better of us, and by the time fifteen minutes passed, Nik was really fighting the urge to open the door.
The riddle was solved, though, when someone came running up the stairs to tell us he was just out in the courtyard and some crazy person was throwing clothing, books, and CDs out through a window on our floor! When we opened the door, Hans had Nik's stereo in his arms.
OTOH, if it were my computer that got fucked with, I wouldn't go to the boss. I'd have another kind of practical joke handy: I'd kick the guy's teeth down his throat.
Which just goes to show that ultimately, it's not about what specific prank gets pulled. Almost any of the things described in this discussion could be funny if done by and to the right people - even the things (most of them, really) that struck me as pretty dorky or over-the-top.
However, there are some people who just can't be funny, no matter how hard they try. It's like being tone-deaf. When they try to pull this stuff, it just makes them look nasty or stupid. Usually they learn this early on and stop trying.
And there are people like you who just don't make good recipients of this sort of humor. Aside from the threat of violence (which I'd say would put you in asshole territory) the onus is squarely on the pranker to select targets carefully and avoid pulling tricks on people who are just going to get pissed off and create bad feeling all around.
The downside for the humorless people, of course, is that they lose out on bonding opportunities and the associated networking advantages, which in the long term is bad for their careers and social life. Some compensate to a degree with other qualities, but it still has a cost - anyone with a sense of humor is going to be better off socially and career-wise than an otherwise identical person without one.
I think that's called entrapment. I could be wrong.
Indeed you are wrong. Entrapment is when law enforcement officers persuade someone to commit a crime they would not have otherwise committed.
It has nothing to do with civil matters, such as the relationship between employer and employee. And even if it did, it wouldn't seem to apply in this case, where the supposedly (I don't believe this story either) fired employee could not reasonably argue that a crashed computer constitued persuasion to just sit on his thumbs for an hour.
Instead, hit the IP addresses of sitefinder and sitefinder-idn.verisign.com directly with bogus HTTP requests instead.
Instead, take the time to decipher the javascript in the trk_link function and teach us how to send random bogus data to omniture.
I'd do it, but the JavaScript is making my eyes hurt and too much is going on with my machine at the moment to be able to meaningfully capture anything with tcpdump.
What silly (translation: dork) mod set him Flamebait for posting his opinion. I feel the same way, the redirect isn't terrible for everyone.
Yes it is; they just don't know it. Read and learn. It breaks other non-web software.
It's like if someone were to put a giant billboard at the entrance to the city, that had all kinds of helpful info: Which exits to use, what restaurants were best, an instantly-updated list of available parking spots, etc. But the billboard was 7 feet off the ground.
Tourists and suburbanites would find this great - all sorts of info, right there overhead. No more driving around looking for parking!
But suddenly people in delivery trucks have to drive several miles out of the way because they can't fit under the sign.
The same thing is happening here. It may appear convenient for you as a user (especially if you don't value your privacy). But for people who provide essential services - maintaining the plumbing of the network and filtering out your spam and all that, it's an unholy pain in the ass that adds huge operational costs. And you're going to pay those costs, one way or another.
Well, actually, in Belgium there is a city where public transport is free (yes, as in beer) for everybody. Or more correctly, everybody pays, regardless if they use it or not(payed for by taxes).
Isn't this also the case in the center of Portland or Seattle? One of those rainy cities, anyway.
This is a really bad idea. Most students have cellular phones these days, so having any sort of voice capabilities in dorms is a waste of resources.
One of the reasons they are doing this, and which I think justifies the entire thing on its own, is that they want to study the social and infrastructural impacts of a widescale wifi/voip deployment. That kind of knowledge is going to be useful for all of us, either directly or through the next-generation networks that build on it.
OTOH, students have extremely high data transfer needs.
You're confusing yourself with the 99% of society who do not have "extremely high data transfer needs" and are much happier on the phone than on Slashdot.
Because apparently www.fuckverisignuptheass.com leads to their wonderful service.
I'm sure nobody's going through them one-by-one, but they surely do look at the domains that get the most hits to try to figure out how to make money off that information.
So, two courses of action present themselves:
Saturate with bogus but plausible requests so that the "intelligence" they gather causes them to squander money on stupid things.
Saturate with rude messages so that they get the picture that childish people (like me) out there are not pleased.
For either of these to be effective it would to be distributed and voluminous. Perhaps an easy-to-use background application that could be passed around to the willing (no, not with a worm).
Slashdot Mirror
It exists, but not yet in the mainline code. See here.
Have you seen the invoice yet?
I was once involved in a Remedy project at a government agency. We spent close to $500,000 (license, consultants, staff time, equipment) to get about 20% more functionality than we would have out of a $5,000 Bugzilla project.
Nobody used the extra 20%.
Last place I worked used it for everything too. Worked very well. The database structure is pretty simple, so we were easily able to set up a monitor that showed real-time stats (issues opened, issues closed, where they were piling up, etc.) as well as all sorts of client-accessible read-only interfaces via web and email.
Cool, you know a way to send an entire email message in a single SYN packet? Do share.
Nice sentiment, but this would be horrid. You can't just "patch" programs to operate differently at protocol boundaries. What about everyone who's NOT using BIND or Sendmail? Or who didn't hear about your spontaneous change to the protocol? What are they going to do when they see "24/1.6.168.192.in-addr._smtp_client.hotmail.com"? They're going to fail completely, because it's a format they weren't programmed to understand. The people who put together the SPF proposal were very careful to make sure that implementing it on the origination end wouldn't break any protocols or software.
The correct answer is that named can be told to respond to a large number of patterned queries using the appropriate configuration directives.
Don't worry, you'll never have to see that. Their servers are all in a few ranges, so they can use wildcards: *.7.168.192.in-addr._smtp_client.hotmail.com.
Your statement is intrinsically false: There is no known problem for which PGP/GPG is not the most complicated (and least user-friendly) possible solution.
It's also -incredibly- effective at blocking legitimate mail. Anyone who uses a single mail server to handle outbound mail only for more than one domain (and that's a LOT of people) can't mail you.
I cannot imagine anyone turning this on unless they really had no interest in receiving their email. I would guess that the way you describe it is not how it actually works.
When spammer spoofs email from an innocent domain, they've already created a much larger DDoS in the form of bounces and complaints. The SPF DNS traffic would be trivial by comparison.
Open applications folder, command-A, command-O.
I can't think of any other likely way to make this happen (i.e., a way that might actually occur).
My neighbor in the dorm (let's call him "Nik") was constantly pulling pranks on his fairly humorless roommate (let's call him "Hans"), and since I was the only one on the floor with a toolbox, I usually got involved.
My favorite one:
Background: (1) The door had a keyhole on the outside and a simple pushbutton on the inside so you could lock it while you were home. (2) Hans invariably left his keys in his girlfriend's room.
So we unwired the phone jack, and then reversed the doorknob assembly, so that the button was on the outside. Nik sat in the room and waited for Hans to arrive, then said "goodbye" and darted out the door, pulled it shut, and pushed the button. He taped a sign on the door asking people not to open it no matter what they heard on the other side.
Soon we had a big crowd outside laughing at the whole thing. Hans was banging furiously on the door, screaming murderous threats of revenge. But then suddenly he went all quiet. And stayed that way.
Curiosity was getting the better of us, and by the time fifteen minutes passed, Nik was really fighting the urge to open the door.
The riddle was solved, though, when someone came running up the stairs to tell us he was just out in the courtyard and some crazy person was throwing clothing, books, and CDs out through a window on our floor! When we opened the door, Hans had Nik's stereo in his arms.
Which just goes to show that ultimately, it's not about what specific prank gets pulled. Almost any of the things described in this discussion could be funny if done by and to the right people - even the things (most of them, really) that struck me as pretty dorky or over-the-top.
However, there are some people who just can't be funny, no matter how hard they try. It's like being tone-deaf. When they try to pull this stuff, it just makes them look nasty or stupid. Usually they learn this early on and stop trying.
And there are people like you who just don't make good recipients of this sort of humor. Aside from the threat of violence (which I'd say would put you in asshole territory) the onus is squarely on the pranker to select targets carefully and avoid pulling tricks on people who are just going to get pissed off and create bad feeling all around.
The downside for the humorless people, of course, is that they lose out on bonding opportunities and the associated networking advantages, which in the long term is bad for their careers and social life. Some compensate to a degree with other qualities, but it still has a cost - anyone with a sense of humor is going to be better off socially and career-wise than an otherwise identical person without one.
Is that a Kuwaiti license plate on his wall?
Indeed you are wrong. Entrapment is when law enforcement officers persuade someone to commit a crime they would not have otherwise committed.
It has nothing to do with civil matters, such as the relationship between employer and employee. And even if it did, it wouldn't seem to apply in this case, where the supposedly (I don't believe this story either) fired employee could not reasonably argue that a crashed computer constitued persuasion to just sit on his thumbs for an hour.
My favorite along those lines was changing "isn't" to "ain't".
Sure you can, otherwise the hash key would be as long as an optimally-compressed version of the data.
Of course, it's not easy.
Instead, take the time to decipher the javascript in the trk_link function and teach us how to send random bogus data to omniture.
I'd do it, but the JavaScript is making my eyes hurt and too much is going on with my machine at the moment to be able to meaningfully capture anything with tcpdump.
Yes it will, if it's a .com or .net domain. The other registrars pay Verisign.
Yes it is; they just don't know it. Read and learn. It breaks other non-web software.
It's like if someone were to put a giant billboard at the entrance to the city, that had all kinds of helpful info: Which exits to use, what restaurants were best, an instantly-updated list of available parking spots, etc. But the billboard was 7 feet off the ground.
Tourists and suburbanites would find this great - all sorts of info, right there overhead. No more driving around looking for parking!
But suddenly people in delivery trucks have to drive several miles out of the way because they can't fit under the sign.
The same thing is happening here. It may appear convenient for you as a user (especially if you don't value your privacy). But for people who provide essential services - maintaining the plumbing of the network and filtering out your spam and all that, it's an unholy pain in the ass that adds huge operational costs. And you're going to pay those costs, one way or another.
Isn't this also the case in the center of Portland or Seattle? One of those rainy cities, anyway.
+1, Funny.
One of the reasons they are doing this, and which I think justifies the entire thing on its own, is that they want to study the social and infrastructural impacts of a widescale wifi/voip deployment. That kind of knowledge is going to be useful for all of us, either directly or through the next-generation networks that build on it.
You're confusing yourself with the 99% of society who do not have "extremely high data transfer needs" and are much happier on the phone than on Slashdot.
Actually I think you're just jealous.
They're behind by one. See CAN-2003-0695.
I'm sure nobody's going through them one-by-one, but they surely do look at the domains that get the most hits to try to figure out how to make money off that information.
So, two courses of action present themselves:
Saturate with bogus but plausible requests so that the "intelligence" they gather causes them to squander money on stupid things.
Saturate with rude messages so that they get the picture that childish people (like me) out there are not pleased.
For either of these to be effective it would to be distributed and voluminous. Perhaps an easy-to-use background application that could be passed around to the willing (no, not with a worm).