I recently bought 4 250GB 7200.8 drives. They are nice. They are replacing two Maxtor 250gb PATA drives. I have had two Maxtor drives fail in the last month, and another in the last year. At work Maxtor drives have been dropping like flies. I would recommend staying away from them.
Even if the Abit has a slight performance lead, I like all the features on the Gigabyte more. It is nice to see two pata connectors instead of just one like the other two boards. It also has more PCI slots than the Abit.
The patch fixes the vunerability that XP SP2/2003 still has. This worm depends on more than just the vunerability. It also needs a valid login, which it won't have in the case of XP SP2/2003.
It wouldn't surprise me to see a second revision of this worm that fixes this limitation in some way.
The blurb mentions 1207, but the article only talks about M2(940). I have read mention of 1207 in relation to chips with the PCIe controller onboard. But not signs of tha in this roadmap.
This roadmap seems to suggest at least that virtualization will only come in chips with the M2 socket. I will be disappointed if that is true. I had planned to upgrade to dual core chip with virtualization, but keep my 939 board. Maybe by then I will be looking to upgrade to PCIe and won't care. I have an AGP board now.
Yeah, evince rocks. It is finally a true xpdf replacement. The one feature that isn't in gpdf, but is in xpdf is text search. evince has text search. gpdf also in my experience was far from stable.
My solution is to use hdup with gpg encryption combined with additional measures. hdup does an incremental backup via itself+tar+gz+ssh+gpg. The server logs in to the backup server and dumps it's files in a home directory just for the server backing up. A cron job runs after the backup which runs chattr +i against all the files. Still not perfect, but I like it.
There is probably some engineering trick to work around this. It might be possible to use mirrors to shine on the opposite side of the sail. Almost surely wouldn't be as fast, but seems like it would be doable.
In my experience a catch-all has worked out well. While I do see dictionary attacks constantly at work, I don't think I have ever seen one on my personal domain. I am not sure why, but I can think of many possible reasons. One being that I have a.org instead of a.com or.net. In that isps with lots of customers use.com or.net, but generally not.org. Another is that there may be some minimal number of addresses from the same list for them to dictionary attack it. Overall my domain doesn't seem to really be on the spammers' radars. I do get spam to root@, postmaster@, sales@, etc.
An even better method than a classic catch-all would be a extension catch-all. ie something+(anything)@domain.com instead of (anything)@domain.com. An example jsmith+amazon@domain.com. You can do this with many MTAs and the two most common extensions are + and -. - will work more universally, but if users want some-thing@domain.com as an e-mail address it won't work with - as the extension. Supposedly a few uncommon e-mail clients, and a few very uncommon mtas have a problem with it.
The best method I have for cutting down spam is a greylisting, http://www.greylisting.org/. It cut spam down in volume from 10x real mail to 1x. So instead of 90% of mail being spam, 50% of mail is spam.
I have heard reports before this that all offical keys were of pid 640, but even pid 640 keys generated by the old key generator don't work. It really wouldn't be that hard for Microsoft to have a master list. I probably said it wrong when I said sold. It is probably more of keys shipped. They probably have a plan to add the next batch to the master list just before it ships.
There is a very important change to version five of Windows update. If you have a corporate product key it compares it to Microsoft's list of keys that have been sold. It won't let you update without a valid key. It makes the key generator worthless, and will create a black market in legitimate corporate keys.
The service pack itself doesn't seem to care, and there will still be other methods like Windows update catalog, but they are closing the big loophole.
No, I have been looking at dspam as a replacement for spamassassin and no it currently can't modify the subject.
It does add headers to mark messages as spam, which should be usable with any decent e-mail client(ie Not Outlook Express).
On the flip side it does modify the body of the message to add a unique id for training purposes. The unique id is something like "!DSPAM:515511e1266781311173362!". It comes out looking like a signature. It is somewhat ugly on html mail since often there isn't a line break at the end of the html. Which results in it being appended to the last line as if it was part of the sentence.
I think WordPerfect got huge market share with lawyers back in the day, and then they all standardized on it. I see this today in lots of customers' offices that are law firms.
Where did you read that.us needs to be added? I have been reviewing the bind mailing lists daily, and I don't remember seeing.us mention. The latest being.org
In classic Microsoft style it is hidden under a non-obvious name. Try Personalize Windows Updates. I just learned about it the other day from a co-worker.
The phirate patch works much better and is more configurable than the patch in the original post. Plus it seems just as fast. There is a serious issue with the patch in the original post.
The phirate patch does require some work to make work with distributions other than debian. For Red Hat you need to remove the debian rules part of the patch, and then add --enable-nx-hack to the spec file. You also need to add a autoconf before configure. Once installed you have to put the nx-hack option in the options section at the top of named.conf. nx-hack isn't a standalone option like zone.
There may be a serious issue with the above patch.
Manually applied to bind-9.2.2, and it does result in NXDOMAIN for typoed domains as desired, but seems to result in painful slow web access for sites that depend on a dns server using this patch. I am not sure if it is killing the TTL or what, but instant speed up after reverting to unpatched version.
Slashdot Mirror
I recently bought 4 250GB 7200.8 drives. They are nice. They are replacing two Maxtor 250gb PATA drives. I have had two Maxtor drives fail in the last month, and another in the last year. At work Maxtor drives have been dropping like flies. I would recommend staying away from them.
Even if the Abit has a slight performance lead, I like all the features on the Gigabyte more. It is nice to see two pata connectors instead of just one like the other two boards. It also has more PCI slots than the Abit.
The patch fixes the vunerability that XP SP2/2003 still has. This worm depends on more than just the vunerability. It also needs a valid login, which it won't have in the case of XP SP2/2003.
It wouldn't surprise me to see a second revision of this worm that fixes this limitation in some way.
The blurb mentions 1207, but the article only talks about M2(940). I have read mention of 1207 in relation to chips with the PCIe controller onboard. But not signs of tha in this roadmap.
This roadmap seems to suggest at least that virtualization will only come in chips with the M2 socket. I will be disappointed if that is true. I had planned to upgrade to dual core chip with virtualization, but keep my 939 board. Maybe by then I will be looking to upgrade to PCIe and won't care. I have an AGP board now.
It is part of what comes with the XP x64. I am thinking of the OS in a broader sense.
Actually, it comes with IE 32bit and IE 64bit.
I have yet to see a copy of XP x64 that doesn't have activation. Not to say that they haven't or won't make one some time in the future.
I get the impression they cheated. When I looked at Windows Media Player 10 in XP x64, the task manager said it was 32bit.
XP x64 isn't fully 64bit. One example is Windows Media Player 10, which is still 32bit.
Yeah, evince rocks. It is finally a true xpdf replacement. The one feature that isn't in gpdf, but is in xpdf is text search. evince has text search. gpdf also in my experience was far from stable.
My solution is to use hdup with gpg encryption combined with additional measures. hdup does an incremental backup via itself+tar+gz+ssh+gpg. The server logs in to the backup server and dumps it's files in a home directory just for the server backing up. A cron job runs after the backup which runs chattr +i against all the files. Still not perfect, but I like it.
There is probably some engineering trick to work around this. It might be possible to use mirrors to shine on the opposite side of the sail. Almost surely wouldn't be as fast, but seems like it would be doable.
In my experience a catch-all has worked out well. While I do see dictionary attacks constantly at work, I don't think I have ever seen one on my personal domain. I am not sure why, but I can think of many possible reasons. One being that I have a .org instead of a .com or .net. In that isps with lots of customers use .com or .net, but generally not .org. Another is that there may be some minimal number of addresses from the same list for them to dictionary attack it. Overall my domain doesn't seem to really be on the spammers' radars. I do get spam to root@, postmaster@, sales@, etc.
An even better method than a classic catch-all would be a extension catch-all. ie something+(anything)@domain.com instead of (anything)@domain.com. An example jsmith+amazon@domain.com. You can do this with many MTAs and the two most common extensions are + and -. - will work more universally, but if users want some-thing@domain.com as an e-mail address it won't work with - as the extension. Supposedly a few uncommon e-mail clients, and a few very uncommon mtas have a problem with it.
The best method I have for cutting down spam is a greylisting, http://www.greylisting.org/. It cut spam down in volume from 10x real mail to 1x. So instead of 90% of mail being spam, 50% of mail is spam.
I mean I already have the cd isos.
Always have the cd isos and working on the dvd iso with a 10mbit pipe. :)
Suprised to see FC3 Test1 so soon.
I have heard reports before this that all offical keys were of pid 640, but even pid 640 keys generated by the old key generator don't work. It really wouldn't be that hard for Microsoft to have a master list. I probably said it wrong when I said sold. It is probably more of keys shipped. They probably have a plan to add the next batch to the master list just before it ships.
There is a very important change to version five of Windows update. If you have a corporate product key it compares it to Microsoft's list of keys that have been sold. It won't let you update without a valid key. It makes the key generator worthless, and will create a black market in legitimate corporate keys.
The service pack itself doesn't seem to care, and there will still be other methods like Windows update catalog, but they are closing the big loophole.
No, I have been looking at dspam as a replacement for spamassassin and no it currently can't modify the subject.
It does add headers to mark messages as spam, which should be usable with any decent e-mail client(ie Not Outlook Express).
On the flip side it does modify the body of the message to add a unique id for training purposes. The unique id is something like "!DSPAM:515511e1266781311173362!". It comes out looking like a signature. It is somewhat ugly on html mail since often there isn't a line break at the end of the html. Which results in it being appended to the last line as if it was part of the sentence.
I think WordPerfect got huge market share with lawyers back in the day, and then they all standardized on it. I see this today in lots of customers' offices that are law firms.
Where did you read that .us needs to be added? I have been reviewing the bind mailing lists daily, and I don't remember seeing .us mention. The latest being .org
In classic Microsoft style it is hidden under a non-obvious name. Try Personalize Windows Updates. I just learned about it the other day from a co-worker.
All the bind patches, including ISC, that I have tried have bugs. I think ISC will be coming out with a new patch soon.
There is a bug in this patch. There is already talk of releasing another patch.
The bug is that NS lookups for non-cached domains fails.
nslookup
set type=ns
geek.com
Fails if not already cached by named
nslookup
geek.com
set type=ns
geek.com
Always works
The phriate patch has a bug.
y .h tml
Sep 17 07:40:09 ns2 named[11142]: rdataset.c:226: REQUIRE(rdataset->methods != ((void *)0)) failed
There are now ISC patches.
http://www.isc.org/products/BIND/delegation-onl
The phirate patch works much better and is more configurable than the patch in the original post. Plus it seems just as fast. There is a serious issue with the patch in the original post.
The phirate patch does require some work to make work with distributions other than debian. For Red Hat you need to remove the debian rules part of the patch, and then add --enable-nx-hack to the spec file. You also need to add a autoconf before configure. Once installed you have to put the nx-hack option in the options section at the top of named.conf. nx-hack isn't a standalone option like zone.
There may be a serious issue with the above patch.
Manually applied to bind-9.2.2, and it does result in NXDOMAIN for typoed domains as desired, but seems to result in painful slow web access for sites that depend on a dns server using this patch. I am not sure if it is killing the TTL or what, but instant speed up after reverting to unpatched version.