Problem is, there's nothing stopping the spambots from collecting your address from mylinks.js. If it's accessable to a browser, it's accessable to an e-mail address harvester (assuming they bother reading.js files, which I think is a fair assumption). It's security through obscurity at best.
Spammers routinely rotate domain names on their address lists, for one thing. Say, if you have bob@example.com, joe@example.com, etc, it's likely these addresses will also exist @example.org. Change the example domains to @aol.com and @msn.com, each with millions of active mailboxes, and you've got a pretty good chance of hitting a high number of people. Change the domains to any domain you can find, regardless of size, you'll hit some (albiet not as many). Don't worry about the bad addresses bouncing, just forge someone else's return address and you won't have to deal with it (another common practice).
Another method they use is a dictionary attack type of thing, where they'll try random combinations of names, initials, numbers, etc, in the hopes of finding live mailboxes.
Gah, now I'm getting all pissed off about it. Bastards.
Related question: Is there any way to make Mozilla on Linux (Redhat/KDE) not attempt to load www.<whatever is on your clipboard>.com any time you middle click or depress left and right mouse buttons on a web page? I have a habit of playing with my mouse buttons when I'm reading and this is a source of endless annoyance for me.
A quick search on bn.com and amazon.com turn up exactly one Procmail book, published just this past November. Why something that can be so powerful and complex hasn't had a book written about it before is beyond me.
At the risk of being modded down as redundant (and undoing the positive moderation I gave another post in this thread), you really want to check out Survival Research Laboratories. "Producing the Most Dangerous Shows on Earth", as they say.
You can occasionally catch their performances in the San Francisco area, or just look for pictures and video on their web site.
While I don't mean to suggest that you were in the wrong to want to contact this person through means other than e-mail, I sincerely hope Earthlink didn't really just give out the phone number of one of their customers.
If someone did do this, I hope they were severly reprimanded.
[Usenet] "As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one." There is a tradition in many groups that, once this occurs, that thread is over, and whoever mentioned the Nazis has automatically lost whatever argument was in progress. Godwin's Law thus practically guarantees the existence of an upper bound on thread length in those groups. However there is also a widely- recognized codicil that any intentional triggering of Godwin's Law in order to invoke its thread-ending effects will be unsuccessful.
This is interesting? Wow, I should post FUD more often then.
As I think most people realize, Earthlink is not now, nor have they ever been owned by the Church of Scientology. Earthlink was founded by a member of the CoS, true, but the CoS as a whole has never had a controlling interest in the company.
Earthlink is currently owned by it's shareholders, of course.
It's a good think nobody suggested that the government do this filtering then, isn't it? "Uncle Sam's" box won't do this, the ISP's own routers will be configured to (as they should be doing already). The government has nothing to do with the original poster's suggestion outside of "coaxing" ISPs to do it.
Yes if he was working for you you would have forced him to use something he does not want to use. As a result of your coersion his web server would be killed by the nimda virus just like every else was (according to him). You then would have blamed him for being an incompetent admin.
If an IIS machine under his control was infected by Nimda, then he is an incompetent admin. If you knew more about IIS and/or Nimda you would know that patches for the exploited hole had been available for months before it hit. I personally maintain two internet-connected IIS machines and neither one had the slightest problem with Code Red or Nimda.
I'd still rather be using Apache (on *nix of course, not Win32), but I make a point of trying my best to understand what I'm doing before I do it, which is why my machines weren't hosed along with half the IIS servers on the internet.
Mind you, actually keeping up-to-date on hotfixes actually became possible with the release of HFNETCHK. Before then, it was virtually impossible for any normal sysadmin to keep up with all of Microsoft's patches and apply only the ones they were supposed to.
Virtually impossible? Between Bugtraq, NTBugtraq, and the Microsoft security bulletins mailing list, there's no excuse for not knowing about these patches as soon as they're available. Any NT admin not on at least two of these three lists is simply not doing his job.
Exactly. They should have unplugged after the first round of RIAA trouble. Then they could play the roll of martyrs and their dignity would remain intact.
The result of their chosen path is that very few people (compared to their previous user base) seem to have any respect left for them, and they are largely viewed as irrelevant today. A has-been. I don't expect this new incarnation will be around long.
Forgive my ignorance on this matter, but don't ISP's ALREADY log every task you complete? I could be wrong, but I would think they have records of what websites and newsgroups and such you've been to.
Speaking as an employee of one of the top five largest ISPs in the world, I can say there is no way we could do that. Do you have any idea the hardware and disk space it would require to log everything our users do?
Not to mention that we don't care. It isn't any of our business unless you're breaking the law or violating our AUP (eg, spamming, etc), in which case we find out about it when we get complaints.
128k isn't that bad if you're just serving up a few pages. I've been running a low traffic web server off my DSL line for over two years with only 128k upstream. I used to think I'd have to upgrade to 384k SDSL or some such but the need hasn't come up yet.
But then, I keep indivual pages < 80k including images (anything bigger is too slow for dial-up connections). And "low traffic" is key, I can handle a few simultaneous readers with no slow-down, but I wouldn't want my URL posted to the front page of/., for example.
I've been working for Earthlink for years and I'm afraid you're mistaken about this. (Even if I didn't work for them, I've been sending mail through their servers with non-Earthlink From: addresses on a daily basis for quite some time). The only restriction is that your From: address must be a valid domain. Are you maybe confusing this with port 25 blocking as some others here are?
Good lord, where are you people getting your information?
MAPS and ORBS don't sue people, they blacklist them
Earthlink has never required you to use an Earthlink or Earthlink hosted From: address when sending mail through their mail servers.
Port 25 blocking is being used on dialups, but this has absolutely nothing to do with what addresses you can use when sending mail through the designated Earthlink servers. Sheesh. --
Have crack, will moderate.
I don't see why it is their responsibility to relay mail that isn't also hosted by them.
Because if I (speaking hypothetically) am a paying dialup/DSL/whatever customer of theirs, this can be verified by my IP address. Restricting the From: addresses used in this way cripples the functionality of their mail servers. It's no business of theirs what account I prefer to receive my mail at, be it theirs or one located elsewhere.
Slashdot Mirror
Problem is, there's nothing stopping the spambots from collecting your address from mylinks.js. If it's accessable to a browser, it's accessable to an e-mail address harvester (assuming they bother reading .js files, which I think is a fair assumption). It's security through obscurity at best.
Highly unlikely.
Spammers routinely rotate domain names on their address lists, for one thing. Say, if you have bob@example.com, joe@example.com, etc, it's likely these addresses will also exist @example.org. Change the example domains to @aol.com and @msn.com, each with millions of active mailboxes, and you've got a pretty good chance of hitting a high number of people. Change the domains to any domain you can find, regardless of size, you'll hit some (albiet not as many). Don't worry about the bad addresses bouncing, just forge someone else's return address and you won't have to deal with it (another common practice).
Another method they use is a dictionary attack type of thing, where they'll try random combinations of names, initials, numbers, etc, in the hopes of finding live mailboxes.
Gah, now I'm getting all pissed off about it. Bastards.
Related question: Is there any way to make Mozilla on Linux (Redhat/KDE) not attempt to load www.<whatever is on your clipboard>.com any time you middle click or depress left and right mouse buttons on a web page? I have a habit of playing with my mouse buttons when I'm reading and this is a source of endless annoyance for me.
Thomas Crapper -- inventor of indoor plumbing
Sorry, this "Thomas Crapper" story is just an urban legend.
A quick search on bn.com and amazon.com turn up exactly one Procmail book, published just this past November. Why something that can be so powerful and complex hasn't had a book written about it before is beyond me.
At the risk of being modded down as redundant (and undoing the positive moderation I gave another post in this thread), you really want to check out Survival Research Laboratories. "Producing the Most Dangerous Shows on Earth", as they say.
You can occasionally catch their performances in the San Francisco area, or just look for pictures and video on their web site.
While I don't mean to suggest that you were in the wrong to want to contact this person through means other than e-mail, I sincerely hope Earthlink didn't really just give out the phone number of one of their customers.
If someone did do this, I hope they were severly reprimanded.
Actually, it does.
Godwin's Law prov.
[Usenet] "As a Usenet discussion grows longer, the probability of a comparison involving Nazis or Hitler approaches one." There is a tradition in many groups that, once this occurs, that thread is over, and whoever mentioned the Nazis has automatically lost whatever argument was in progress. Godwin's Law thus practically guarantees the existence of an upper bound on thread length in those groups. However there is also a widely- recognized codicil that any intentional triggering of Godwin's Law in order to invoke its thread-ending effects will be unsuccessful.
Ahh, but the truly cool ones are :)
This is interesting? Wow, I should post FUD more often then.
As I think most people realize, Earthlink is not now, nor have they ever been owned by the Church of Scientology. Earthlink was founded by a member of the CoS, true, but the CoS as a whole has never had a controlling interest in the company.
Earthlink is currently owned by it's shareholders, of course.
It's a good think nobody suggested that the government do this filtering then, isn't it? "Uncle Sam's" box won't do this, the ISP's own routers will be configured to (as they should be doing already). The government has nothing to do with the original poster's suggestion outside of "coaxing" ISPs to do it.
That would be great! We could get a Slashdot interview while they're halfway across.
Yes if he was working for you you would have forced him to use something he does not want to use. As a result of your coersion his web server would be killed by the nimda virus just like every else was (according to him). You then would have blamed him for being an incompetent admin.
If an IIS machine under his control was infected by Nimda, then he is an incompetent admin. If you knew more about IIS and/or Nimda you would know that patches for the exploited hole had been available for months before it hit. I personally maintain two internet-connected IIS machines and neither one had the slightest problem with Code Red or Nimda.
I'd still rather be using Apache (on *nix of course, not Win32), but I make a point of trying my best to understand what I'm doing before I do it, which is why my machines weren't hosed along with half the IIS servers on the internet.
* Open with Internet Explorer 5
* Open with Internet Explorer 4
How did you get IE 4 and 5 installed on the same system?
Mind you, actually keeping up-to-date on hotfixes actually became possible with the release of HFNETCHK. Before then, it was virtually impossible for any normal sysadmin to keep up with all of Microsoft's patches and apply only the ones they were supposed to.
Virtually impossible? Between Bugtraq, NTBugtraq, and the Microsoft security bulletins mailing list, there's no excuse for not knowing about these patches as soon as they're available. Any NT admin not on at least two of these three lists is simply not doing his job.
Exactly. They should have unplugged after the first round of RIAA trouble. Then they could play the roll of martyrs and their dignity would remain intact.
The result of their chosen path is that very few people (compared to their previous user base) seem to have any respect left for them, and they are largely viewed as irrelevant today. A has-been. I don't expect this new incarnation will be around long.
Well, it wouldn't be the first time someone 0wn3d Slashdot and posted their own story to the front page.
Mine is similar: "I like my women like I like my coffee: Pale and bitter"
But then, I like goth chicks, so go figure.
Forgive my ignorance on this matter, but don't ISP's ALREADY log every task you complete? I could be wrong, but I would think they have records of what websites and newsgroups and such you've been to.
Speaking as an employee of one of the top five largest ISPs in the world, I can say there is no way we could do that. Do you have any idea the hardware and disk space it would require to log everything our users do?
Not to mention that we don't care. It isn't any of our business unless you're breaking the law or violating our AUP (eg, spamming, etc), in which case we find out about it when we get complaints.
128k isn't that bad if you're just serving up a few pages. I've been running a low traffic web server off my DSL line for over two years with only 128k upstream. I used to think I'd have to upgrade to 384k SDSL or some such but the need hasn't come up yet.
But then, I keep indivual pages < 80k including images (anything bigger is too slow for dial-up connections). And "low traffic" is key, I can handle a few simultaneous readers with no slow-down, but I wouldn't want my URL posted to the front page of /., for example.
s/pizza/beer
It's the only way to be sure.
--
Have crack, will moderate.
I've been working for Earthlink for years and I'm afraid you're mistaken about this. (Even if I didn't work for them, I've been sending mail through their servers with non-Earthlink From: addresses on a daily basis for quite some time). The only restriction is that your From: address must be a valid domain. Are you maybe confusing this with port 25 blocking as some others here are?
--
Have crack, will moderate.
Good lord, where are you people getting your information?
- MAPS and ORBS don't sue people, they blacklist them
- Earthlink has never required you to use an Earthlink or Earthlink hosted From: address when sending mail through their mail servers.
Port 25 blocking is being used on dialups, but this has absolutely nothing to do with what addresses you can use when sending mail through the designated Earthlink servers. Sheesh.--
Have crack, will moderate.
Earthlink has never done this (I don't know about legacy Mindspring) and Earthlink/Mindspring does not do this now.
You're not the first person to claim this. I don't know where you're getting your information from, but it isn't accurate.
--
Have crack, will moderate.
I don't see why it is their responsibility to relay mail that isn't also hosted by them.
Because if I (speaking hypothetically) am a paying dialup/DSL/whatever customer of theirs, this can be verified by my IP address. Restricting the From: addresses used in this way cripples the functionality of their mail servers. It's no business of theirs what account I prefer to receive my mail at, be it theirs or one located elsewhere.
--
Have crack, will moderate.