Who would send over 1000 email a month other than a spammer?
Corporate customers of the ISP who don't have enough savvy to run their own SMTP server, that's who. There are several customers at the ISP where I work that each send over 1,000 legitimate emails a *day* through our SMTP smarthosts.
Technically, we could set a default of 1,000 per user and have exceptions for the users that need to exceed it - I could get this working in maybe 10 minutes. But since we are a reputable ISP, there's no need since spammers get kicked off the network and we block compromised boxen until fixed. Much more effective, and less of an administrative headache when people legitimately go over quota.
Bad analogy. Just as there are people who you can pay to repair cars, there are people who you can pay to secure computers as well. Of course, in both cases, not all of them know what they are doing or do a proper job, but you pays your money...
Frankly, given all of the recent mainstream press hype about PC security, exploits, worms and all the rest, even if it is rather thick with FUD, there really isn't much excuse for claiming ignorance anymore. Lot's of people don't know how to service their car, but pretty much everyone knows to get it serviced regularly don't they? My only hope is that the inevitable flood of NetBIOS spam raises the awareness level above the threshold necessary for J.Q. User to get of their butts and do something about it.
In the days when I used pkzip, I first bundled up the files into an uncompressed zipfile with -e0, and then compressed that. This gives you a few percent over compressing the files straight into a zipfile, when they are compressed individually.?
You're the first other person I've found who noticed that, although I never bothered with -e0 on the first pass. For some bizarre reason, PKZip didn't (doesn't?) compress the archive table of contents at all, and since it is essentially an ASCII list of filenames, it should (and does) compress rather well. It becomes *really* noticable when archiving large numbers of small files like icons for example.
Windows 2000 was however rumoured to have shipped with roughly 65000 unresolved bugs.
<OLDJOKE>It actually shipped with far more than that, but Microsoft's bug tracking system itself had a bug whereby it couldn't handle more than 65,535 bugs.<\OLDJOKE>
port 80 as used for http is a tcp port, not a udp port
True. But there is no reason why you couldn't run your VoIP system on UDP:80. A better bet though would be to choose UDP:53, provided that the remote end wasn't also running DNS of course. They'd have a fun time if they tried to firewall off *that* particular UDP port on their "great fireall of Panama".;)
I don't know about Seti@Home, but if I were designing the WU submission / verification procedure, I'd be looking for anomalous submissions and verifying them on my own, trusted hardware. That includes all high positives and any units where you management DB is reporting a data validation mismatches - like more units returned than dispatched.
Ultimately the league tables are just a bit of fun to entice more people into getting involved, Seti@Home probably doesn't care about who leads the tables in the slightest, only about getting a result. As long as they are confident that a positive result will not slip by unnoticed, why get involved in an resource wasting arms race with the cheaters?
Quite. There seem to be quite a few people out yelling about the "death of the Internet", much like people used to go around with sandwich boards with "The end of the world is nigh!" written on them. Perhaps they should take a few minutes and go read this rather excellent article at the Register and get a dose of reality. And after that, perhaps a re-reading of "Chicken Little" just to hammer the point home.
I wouldn't be the slightest bit surprised if "CableCo Inc." wasn't getting paid upfront by "Annoying Pop-Unders Inc." to collect data for them. The money earned by CableCo would then be used to fund price reductions for the customers with any left over going straight onto the bottom line.
If you are smart, then you will naturally uninstall/use a dummy PC/self-install/whatever to avoid this, but what about the average, non technical user who has bought into the hype? I'd be very interested to see how much of this is mentioned in the T&C of the agreement. I'll bet it doesn't lay too great a point on the fact that your taste in pr0n will be given to another company. There's a class action or three in there sooner or later, I'm sure...
Try http://www.lavasoftusa.com/ instead. I'd have to agree on the spyware detectors though, run your favorite after any software installs that you don't trust implicitly. And that's all of 'em expect for those you coded yourself, right? I also run it once a month or so in case anything slipped through the net.
Yah..But how long before that "option" is removed from the screen, and instead an "error" is indicated? From the way the DMCA has been brought upon, I dont see far.
I'd tend to disagree. Microsoft does at least appear to have gained a clue about security recently, and if they refuse to allow unsigned drivers outright they are opening an ugly can of worms. It takes time to get that WHQL certification that marks a driver as signed, so consider what would happen in the scenario of an exploit being found in a WHQL driver and made public immediately.
The driver vendor might be able to issue a patch almost immediately, but would then have to submit it for WHQL approval before it can be installed. Even with somekind of "fasttrack emergency approval" mechanism for this situation, that's not going to happen overnight. Now imagine the outcry from those who do have a security clue if they are left vulnerable because Microsoft decided it was in their best interests not to allow them to install the patch because it was unsigned.
The security services have the definition right; a "trusted box" is one that has the capability to break your security policy. Think about it - your firewall is "trusted" right? Yet if it breaks and starts allowing all packets through, what just happened to security. Now, tell me again Microsoft, "Palladium" is "trusted computing" and this is a good thing?;)
It seems to me that a lot of people seem to think that Red Hat is doing this because they are running scared of the DMCA. Couple of points here:
Q. Which kernel hacker does Red Hat employ, outside of the US?
A. Alan Cox.
Q. Why won't Alan Cox visit the US because "the chances of his arrest are none zero"?
A. Use of the DMCA to indict Sklyarov.
It seems much more likely that Alan Cox is, with Red Hat's full support, taking a very good swipe at some of the more ludicrous aspects of the DMCA. Basically, what they are implying that this could lead to is the situation where a major security flaw can be disclosed to the entire world, except for the US, because of the DMCA. The obvious upshot of that is that every man and his dog outside of the US could have access to the knowledge required to shaft servers in the US, and the sysadmins in the US can't do a thing about it because of the DMCA.
The words "hoist", "own" and "petard" spring to mind.;)
It seems that half of the comments are from people who has not read the article!
The article talks of a radar system based on the reflected waves from mobile phones.
Like yourself maybe?;) It is actually talking about using mobile phone *masts* as a basic radar station and has nothing to do with handsets what so ever. The reasoning is that since the base station's transmissions generate echos in the same way as a conventional RADAR installation's transmissions do, then you can listen to and make sense of those echos. By monitoring the returning echos at the base station you can generate a RADAR type map of the surrounding area, and by intelligently looking for changes within that you can detect say, a group of Greenpeace members approaching Sizewell B. nuclear powerstation as a moving state change from the normally static background image.
I used this example on purpose; if the system was live, and given the picture at the BBC this seems to be an ideal site (ie. flat, limited access) for this kind of thing. If the system were live already then these people would be in jail right now while someone tried to determine whether they are really from Greenpeace, or from Al Qaida. So the tinfoil hat crowd can relax for the time being. But here's a thought: Have you ever considered what an *excellent* RADAR repeater a tinfoil hat makes? Seriously.
Actually, the fact that any kind of intruders managed to get onto a nuclear installation apres 9/11 is considerably worrying to me, but that's another matter.
If it's that slow a news day, then we will shortly see another announcement to the effect that Apache v2.0.43 has been released as well. It fixes CAN-2002-0840 which is the bug that was previously covered on Slashdot here.
Given the recent whiff of legitimacy KaZaA just garnered from it's partnership with Italian ISP Tiscali, I'm more interested in how Tiscali is going to react to this. Afterall, Tiscali is a paragon of virtue when compared with KaZaA, so I imagine they will be none too pleased with being the sponsor of a company that rips off charities.
Then again, when has ripping off/exploiting the impoverised ever stopped a corporate entity in its quest for an extra dollar of profit?
If you could point a link to an article regarding Bero's response about the gcc issues I would be grateful.
It's here in the Google cache. Bero's server seems to be somewhat swamped at the moment.;)
In addition, GCC's take on the matter is here, and associated Slashdot discussion here. Search Google and/or Slashdot for "GCC", "Redhat" and "Bero" for a *lot* more, but it's a bit of a flamefest in places.
Before you respond, read up on what Redhat is ACTUALLY doing to KDE rather than what you have heard from some gossip source.
Actually, I'm planning on waiting for the imminent release, rather than the "null" work in progress, having a play around with it and then making up my mind. There is so much FUD on this issue from the KDE and Gnome developers, as well as Red Hat and the community that this is the *only* way to go.
As a firm KDE desktop user who runs a lot of Gnome apps within it I'm all for making KDE and Gnome look alike for a consistent desktop. I've basically done this so far by using very similar themes on both window managers and tweaking out the differences where possible, and it was my impression that Red Hat had just taken this one stage futher, which was fine by me. However, for Bero to take this step, especially given that this is the same Bero that so eloquently dispersed the FUD around Red Hat's recent compiler choices, I'm getting a little concerned they may have gone a bit futher than that.
Red Hat has an excellent track record for me; I've had problems with most of the the other popular choices that Red Hat didn't even bat an eyelid at. They are also pretty on the ball with the security patches, unlike some distros I could mention, which is essential when you are responsible for numerous boxes out on the Internet.
All in all, I do hope they are not going to spoil their track record over this, but a large part of using open source code is about having the freedom to make a choice, isn't it? I don't see any reason why that shouldn't extend to the distro packagers too, and frankly I think it somewhat hypocritical to believe otherwise.
Yeah, it'd be worth $1b just to see the looks on Hilary Rosen's and Jack Valenti's faces when their paid for Senators told them to go and blow Cowboy Neal. Priceless!
Re:Is it that hard to supply a BIOS setup manual?
on
Secrets Of BIOS Tweaking
·
· Score: 4, Informative
I've always found Asus (they use Award's BIOS) to be another notable exception in this regard, and there are a few others I'm sure. It's definately not the the norm though, and BIOS help does indeed suck universally, except for some of those stupid BIOS-on-a-cutdown-Windows some Tier 1's used to use, but then, it's not hard to document the three available settings well, is it?:P
Of course, since there are really only half a dozen or so BIOS vendors, the mobo vendor manuals are pretty much interchangable, and/. not withstanding, I've found several web sites post documentation for them besides this one via Google.
Re:Oh that's very responsible of you, SlashDot
on
Microsoft News Update
·
· Score: 3, Insightful
But to link directly to the crash-windows-in-one-easy-step binary? That's just plain irresponsible.
Maybe it's not too smart, but neither is running a Windows box with SMB/CIFS enabled on the public Internet, which is what the program requires. SMB is a bit like having an open mail relay; a quick and easy solution which is fine on a private network, but try it on the Internet and you are probably going to get shafted sooner rather than later.
Of course they can (and will) bundle the DRM-stuff with the next service packs anyway, so sooner or later they will get DRM into all Windows machines.
Ah, but they are preventing users of pirated activation codes and Warez copies of XP from accessing the Windows Update site aren't they? Wouldn't that also preclude gaining access to the DRM "upgrade"?
All of a sudden that Windows XP.ISO and keygen I spotted on P2P seems a lot more appealing...;)
I don't know about Germany, but in the UK that would be the company where I currently work in one instance.
It was under the brandname "Powerline", and yes, it failed and was abandoned. This was due to noise on the line more than anything else - a huge chunk of the electricity switching network in the UK, the National Grid, is *old* and electrically noisy. When power is switched it causes a spike on the circuit which then rather noisily settles down, trashing the data that was transmitted. Not to mention all the inductive properties of wires for collecting interference. What we found was that the technology was sound, and it did indeed work (there are still some of the schools we used for the trial using it), just a lot slower than was hoped. Too slow for viable commercial use it was felt.
Basically, if you are a power company looking to get into data, and have a modern, low-noise, distribution network, then this may well be viable. Of course, for rural Scotland this will be a lot more viable than urban Manchester with fibre running everywhere, because you could charge more for it and still be cheaper than the competing technologies. Or alternatively have better response times than them - Quake via satellite broadband? ROTFLMAO.;)
Journalled file system and mounting read-only.
on
fsck-less Booting?
·
· Score: 3, Interesting
In addition to automating fsck's you could circumvent a large part of the issue by using one of the various journalling file systems (EXT3, JFS, ReiserFS, XFS). Being able to roll-back to a known good state is an ideal way of avoiding having to run fsck altogether.
Secondly, once the box is configured, edit your fstab file and change any partitions which don't need to be written to to be mounted read-only. If there are no writes to a volume, then there is no need to check the volume (this is how I used to speed up post hard-down boots before journalling filesystems). It's a good security practice as well - in combination with chattr it can be a very effective "escalation of priviledges" block.
Especially if they can recover from the/.'ing they're going to receive now.
Hey, if they can't survive the Slashdotting then there is no way they are going to be able to cope with all the customers they are going to get now. But if they can survive today I'm going to see if I can buy a *boatload* of their stock...
Slashdot Mirror
Corporate customers of the ISP who don't have enough savvy to run their own SMTP server, that's who. There are several customers at the ISP where I work that each send over 1,000 legitimate emails a *day* through our SMTP smarthosts.
Technically, we could set a default of 1,000 per user and have exceptions for the users that need to exceed it - I could get this working in maybe 10 minutes. But since we are a reputable ISP, there's no need since spammers get kicked off the network and we block compromised boxen until fixed. Much more effective, and less of an administrative headache when people legitimately go over quota.
Frankly, given all of the recent mainstream press hype about PC security, exploits, worms and all the rest, even if it is rather thick with FUD, there really isn't much excuse for claiming ignorance anymore. Lot's of people don't know how to service their car, but pretty much everyone knows to get it serviced regularly don't they? My only hope is that the inevitable flood of NetBIOS spam raises the awareness level above the threshold necessary for J.Q. User to get of their butts and do something about it.
You're the first other person I've found who noticed that, although I never bothered with -e0 on the first pass. For some bizarre reason, PKZip didn't (doesn't?) compress the archive table of contents at all, and since it is essentially an ASCII list of filenames, it should (and does) compress rather well. It becomes *really* noticable when archiving large numbers of small files like icons for example.
<OLDJOKE>It actually shipped with far more than that, but Microsoft's bug tracking system itself had a bug whereby it couldn't handle more than 65,535 bugs.<\OLDJOKE>
True. But there is no reason why you couldn't run your VoIP system on UDP:80. A better bet though would be to choose UDP:53, provided that the remote end wasn't also running DNS of course. They'd have a fun time if they tried to firewall off *that* particular UDP port on their "great fireall of Panama". ;)
Ultimately the league tables are just a bit of fun to entice more people into getting involved, Seti@Home probably doesn't care about who leads the tables in the slightest, only about getting a result. As long as they are confident that a positive result will not slip by unnoticed, why get involved in an resource wasting arms race with the cheaters?
Quite. There seem to be quite a few people out yelling about the "death of the Internet", much like people used to go around with sandwich boards with "The end of the world is nigh!" written on them. Perhaps they should take a few minutes and go read this rather excellent article at the Register and get a dose of reality. And after that, perhaps a re-reading of "Chicken Little" just to hammer the point home.
If you are smart, then you will naturally uninstall/use a dummy PC/self-install/whatever to avoid this, but what about the average, non technical user who has bought into the hype? I'd be very interested to see how much of this is mentioned in the T&C of the agreement. I'll bet it doesn't lay too great a point on the fact that your taste in pr0n will be given to another company. There's a class action or three in there sooner or later, I'm sure...
Try http://www.lavasoftusa.com/ instead. I'd have to agree on the spyware detectors though, run your favorite after any software installs that you don't trust implicitly. And that's all of 'em expect for those you coded yourself, right? I also run it once a month or so in case anything slipped through the net.
Um, no. You'd just need to physically rotate the screen 180 degrees to get the correct orientation. Occam's razor and all that.
I'd tend to disagree. Microsoft does at least appear to have gained a clue about security recently, and if they refuse to allow unsigned drivers outright they are opening an ugly can of worms. It takes time to get that WHQL certification that marks a driver as signed, so consider what would happen in the scenario of an exploit being found in a WHQL driver and made public immediately.
The driver vendor might be able to issue a patch almost immediately, but would then have to submit it for WHQL approval before it can be installed. Even with somekind of "fasttrack emergency approval" mechanism for this situation, that's not going to happen overnight. Now imagine the outcry from those who do have a security clue if they are left vulnerable because Microsoft decided it was in their best interests not to allow them to install the patch because it was unsigned.
The security services have the definition right; a "trusted box" is one that has the capability to break your security policy. Think about it - your firewall is "trusted" right? Yet if it breaks and starts allowing all packets through, what just happened to security. Now, tell me again Microsoft, "Palladium" is "trusted computing" and this is a good thing? ;)
Q. Which kernel hacker does Red Hat employ, outside of the US?
A. Alan Cox.
Q. Why won't Alan Cox visit the US because "the chances of his arrest are none zero"?
A. Use of the DMCA to indict Sklyarov.
It seems much more likely that Alan Cox is, with Red Hat's full support, taking a very good swipe at some of the more ludicrous aspects of the DMCA. Basically, what they are implying that this could lead to is the situation where a major security flaw can be disclosed to the entire world, except for the US, because of the DMCA. The obvious upshot of that is that every man and his dog outside of the US could have access to the knowledge required to shaft servers in the US, and the sysadmins in the US can't do a thing about it because of the DMCA.
The words "hoist", "own" and "petard" spring to mind. ;)
The article talks of a radar system based on the reflected waves from mobile phones.
Like yourself maybe? ;) It is actually talking about using mobile phone *masts* as a basic radar station and has nothing to do with handsets what so ever. The reasoning is that since the base station's transmissions generate echos in the same way as a conventional RADAR installation's transmissions do, then you can listen to and make sense of those echos. By monitoring the returning echos at the base station you can generate a RADAR type map of the surrounding area, and by intelligently looking for changes within that you can detect say, a group of Greenpeace members approaching Sizewell B. nuclear powerstation as a moving state change from the normally static background image.
I used this example on purpose; if the system was live, and given the picture at the BBC this seems to be an ideal site (ie. flat, limited access) for this kind of thing. If the system were live already then these people would be in jail right now while someone tried to determine whether they are really from Greenpeace, or from Al Qaida. So the tinfoil hat crowd can relax for the time being. But here's a thought: Have you ever considered what an *excellent* RADAR repeater a tinfoil hat makes? Seriously.
Actually, the fact that any kind of intruders managed to get onto a nuclear installation apres 9/11 is considerably worrying to me, but that's another matter.
If it's that slow a news day, then we will shortly see another announcement to the effect that Apache v2.0.43 has been released as well. It fixes CAN-2002-0840 which is the bug that was previously covered on Slashdot here.
Then again, when has ripping off/exploiting the impoverised ever stopped a corporate entity in its quest for an extra dollar of profit?
It's here in the Google cache. Bero's server seems to be somewhat swamped at the moment. ;)
In addition, GCC's take on the matter is here, and associated Slashdot discussion here. Search Google and/or Slashdot for "GCC", "Redhat" and "Bero" for a *lot* more, but it's a bit of a flamefest in places.
Actually, I'm planning on waiting for the imminent release, rather than the "null" work in progress, having a play around with it and then making up my mind. There is so much FUD on this issue from the KDE and Gnome developers, as well as Red Hat and the community that this is the *only* way to go.
As a firm KDE desktop user who runs a lot of Gnome apps within it I'm all for making KDE and Gnome look alike for a consistent desktop. I've basically done this so far by using very similar themes on both window managers and tweaking out the differences where possible, and it was my impression that Red Hat had just taken this one stage futher, which was fine by me. However, for Bero to take this step, especially given that this is the same Bero that so eloquently dispersed the FUD around Red Hat's recent compiler choices, I'm getting a little concerned they may have gone a bit futher than that.
Red Hat has an excellent track record for me; I've had problems with most of the the other popular choices that Red Hat didn't even bat an eyelid at. They are also pretty on the ball with the security patches, unlike some distros I could mention, which is essential when you are responsible for numerous boxes out on the Internet.
All in all, I do hope they are not going to spoil their track record over this, but a large part of using open source code is about having the freedom to make a choice, isn't it? I don't see any reason why that shouldn't extend to the distro packagers too, and frankly I think it somewhat hypocritical to believe otherwise.
Yeah, it'd be worth $1b just to see the looks on Hilary Rosen's and Jack Valenti's faces when their paid for Senators told them to go and blow Cowboy Neal. Priceless!
Of course, since there are really only half a dozen or so BIOS vendors, the mobo vendor manuals are pretty much interchangable, and /. not withstanding, I've found several web sites post documentation for them besides this one via Google.
Maybe it's not too smart, but neither is running a Windows box with SMB/CIFS enabled on the public Internet, which is what the program requires. SMB is a bit like having an open mail relay; a quick and easy solution which is fine on a private network, but try it on the Internet and you are probably going to get shafted sooner rather than later.
Ah, but they are preventing users of pirated activation codes and Warez copies of XP from accessing the Windows Update site aren't they? Wouldn't that also preclude gaining access to the DRM "upgrade"?
All of a sudden that Windows XP .ISO and keygen I spotted on P2P seems a lot more appealing... ;)
It was under the brandname "Powerline", and yes, it failed and was abandoned. This was due to noise on the line more than anything else - a huge chunk of the electricity switching network in the UK, the National Grid, is *old* and electrically noisy. When power is switched it causes a spike on the circuit which then rather noisily settles down, trashing the data that was transmitted. Not to mention all the inductive properties of wires for collecting interference. What we found was that the technology was sound, and it did indeed work (there are still some of the schools we used for the trial using it), just a lot slower than was hoped. Too slow for viable commercial use it was felt.
Basically, if you are a power company looking to get into data, and have a modern, low-noise, distribution network, then this may well be viable. Of course, for rural Scotland this will be a lot more viable than urban Manchester with fibre running everywhere, because you could charge more for it and still be cheaper than the competing technologies. Or alternatively have better response times than them - Quake via satellite broadband? ROTFLMAO. ;)
Secondly, once the box is configured, edit your fstab file and change any partitions which don't need to be written to to be mounted read-only. If there are no writes to a volume, then there is no need to check the volume (this is how I used to speed up post hard-down boots before journalling filesystems). It's a good security practice as well - in combination with chattr it can be a very effective "escalation of priviledges" block.
Hey, if they can't survive the Slashdotting then there is no way they are going to be able to cope with all the customers they are going to get now. But if they can survive today I'm going to see if I can buy a *boatload* of their stock...
About time someone told the *AA's where to go!
The odd URL is actually http://198.78.142.6/wawilsonrivermort.html by the way, but didn't respond for me.