Unless I misunderstand your post, I don't think isolating an application inside a VM will do all that much good. I mean, I can run Apache on Red Hat under a VMWare virtual server. However, it can still be broken into the same as a real machine.
Still, there's some merrit to the idea that having each service isolated in its own VM. At least there's some partitioning, and one "captured" service may not interfere with another. Though I'd argue that you should do this same partitioning by using real hardware.
Here's what I do, and it doesn't require that much more overhead:
At the IP level, I use iptables for a default-deny setup. Nothing gets in or out unless I explicity account for it, logging everything that violates policy and then silently dropping the packet.
At the kernel level, I use the grsecurity patch to shore up generic, known weaknesses (stack smashing, buffer overruns), as well as the various randomizations of PIDs, socket numbers, etc. I tried using StackGuard and libsafe for this kind of stuff, but found them too troublesome (plus, grsecurity addresses most of this stuff).
At the application level, I chroot what I can. I then use tcp_wrappers (for apps that use it) in a default-deny config, plus any ACLs that the application itself manages.
Of course, I try to keep up with gaping security holes in services I run. However, I don't find myself scrambling out of fear that my boxes are in much danger when there is an advisory.
These many layers add up to a pretty secure box, that's functional and no more of a hassle to admin that a stock installation.
Firstly, you and your wife must decide in advance the following: 1) Natural birth or with pain killers (drugs, epidural, etc.); 2) To snip or not snip if it's a boy (we opted to not circumsize, as it's not required) and don't let your doctor give you shit either way; 3) To snip her or not (the episiotomy). Getting these medical questions settled beforehand will ease the stress during the thick of things.
Go out and buy yourself a copy of The Complete Tightwad Gazette. It'll be the best $13 you ever spend. Don't let the title scare you -- in addition to providing novel ideas on how to save money (my wife and I are frugal blackbelts), there's a lot of stuff dealing with children (the author had six).
Accept the fact that your lives will suck at some level until 18 years after the birth of your last child. Most will be due to money (diapers and wipes are a horrible money sink), time (once they hit school age, you've lost 9 months of vacation opportunities), and/or stress (why won't he stop screaming?!?). Life will suck, in some form, for a long while. The degrees will vary, but it will be constant. But it's unavoidable.:) Don't judge me on this assertion -- I wouldn't change having kids (4-yo boy, 7-yo girl) for anything. I'm just pragmatic about parenthood. There are some things that are simply better about life when childless.
On the flip-side, always remember that there will be joys introduced into your life that you cannot even fathom right now. I cannot provide examples, as they differ for each kid and each parent. These joys will more than compensate for the rough road ahead.
Until my son was born (the wife and daughter were a package deal), I was all for both parents working. Having seen both kids in and out of daycare, I have to admit that I feel that at least one parent should stay at home at least until all kids reach first grade. They are much better off without the influence of other neglected kids often found at daycare (this is from observation).
Avoid letting the kids get sucked into TV. Personally, the only thing we now watch as a family is the occasional rental or ST:TNG on DVD (the series). We get 2 fuzzy channels that we don't ever watch (not cable or dish). You and the kids have much more time to do other things. Trust me on this. Don't let the tube be a babysitter!
Get the kids hooked on healthy food early in life. My kids don't get boxed cereal -- oatmeal, porridge (cooked steel-cut oats), and cracked wheat are our cereals. We all drink water instead of juices and sodas. We eat a ton of whole foods, and rarely ever buy pre-packaged/prepared foods. I'm appalled at the quality of the foods in public schools -- our daughter takes her lunches 95% of the time (and she complains about the food when she doesn't).
Keep the kids on the teat as long a possible. This should be self-explanatory. Formula (and the companies that make it) is evil, as well as expensinve.
Shun antibiotics unless really necessary. Our kids have yet to need them.
Make sure your wife stays fit during the entire pregnancy. My wife did some yoga and we took a brisk walk nearly every day. She popped out our son effortlessly, without any anesthetic, went grocery shopping with me the next day, and she healed very fast (wink-wink, nudge-nudge).
You're in for a great time!
Now is where I risk a negative moderation... We stopped at two (only enough to replace us both), and got fixed. While I attempt to not pass judgement on families with tons of kids, I urge all prospective parents to think about why they may want to have more than a few children. I live in small, rural town in the heart of Mormon country. LDS families are typically very large. I cannot believe how (to be polite) un-tamed most kids are where we live, and most are from large (geater than 3 kids) families. Yes, this is
If some satellite company goofed and beamed unencrypted HBO over the northern hemisphere for 24 hours, would they have a legal case to sue people who tuned in? Of course not!
So, if you're broadcasting your access singnal, unlicensed and unencrypted into another residence, I say all bets are off.
The corporate world, where they are definately king, is who they care about.
What idiot on a corporate IT team would overclock a CPU? Not many worth their paycheck, that's for sure. At least not while it has any value on the books.
My guess is that Intel is targeting the home market so the clever neighbor kid can't install a $100 Celery in some guy's PC and overclock it to beat the latest $500 CPU in benchmarks.
Or, more likely, they're trying to combat shady overclocking practices by vendor which might have bad reliability issues and give Intel a bad name.
Nagios is pretty sweet -- we use it at our shop. It's handy to be notified as soon as a key server goes down.
One thing I like to do personally is randomly pick a startup script (that's actually used in a particular server's configuration), and bury a single line in it that emails me "hostname has rebooted!" as the subject whenever it reboots. That way I know if a machine is ever rebooted with or (more importantly) without my knowledge.
Dont' be an ass. It simply proved he's either read the Jargon File or one to many alt.sysadmin.recovery threads. Give the guy a break. Hell, an occasional "boxen" slips into my email/posts, and I'm a far cry from 13 these days.
However, if I were to buy a full sized one, I'd go for either: 1) A multi-LED drop-in for my 3 D-cell Mag Lites (any good ones out there?); 2) The Inova tactical light (drool!); or 3) the Lightwave linked to in the original post.
Who the hell cares if he never disarms? It's not our damned country. We have no room to talk about nukes -- we've been the only nation thus far to ever use one in combat. It sickens me, my country's arrogance.
Every person on earth knows that if a single nuke were launched from any rougue nation (like Iraq), they'd be vasprozed from the planet by every nuclear power that existed. They'd get only one shot.
I'd risk a single act of random violence upon myself if it meant we lived in a freer nation (Ashcroft) and the world didn't dispise us (Bush).
My wife told me that if I ever bought her gold or diamonds, she'd leave me.:) We both don't care for gold, and both traditionally wore silver before we ever met. She likes garnets, though.
We didn't do the engagement ring thing, and we bought 2 beautiful silver rings for our wedding bands. Total cost with shipping was just shy of $100. We're both proud of the cheapness factor, as we know the price of precious metals/stones is such a sham. Though, you'd be amazed at how many women turned their noses up at the rings. She doesn't care (that's my girl!) and neither to I. The rings are beautiful and we both love them, and that's all that really matters.
I got this ring, the knots symbolic of my science/math/mechanical nature. I'm the organized one in the pair; I bring order to the chaos. In turn, she has this ring, the ivy symbolic of her being the more "wild" of the two of us. She gets me out into the sun and has a better sense of adventure. We're a perfect match, and over the years our personalities have melded a bit, which goes well with silver (a highly malleable metal). I'm thinking for our 10th anniversary, we might get a new set of rings, but with both having the ivy and knots intertwined (that is, if the owner of this site will custom make them). We may even try to get them in platinum or tungsten, much more sturdy metals.
We've been married 5.5 years and are closer than ever.
Yeah, it's all symbolic, and has no utility value. But my going on about this is simply to illustrate that one can ditch the status quo and have much more meaningful symbolism than "Look! he spent 2 month's salary on this boring ring of gold with a fleck of clear rock on it!"
I encourage everyone to browse the site linked above: metalsmiths.com. The guy has rings made of meteorite that I'd like to get -- too cool! His work is truly unique.
My only suggestion for a practical ring would be either a sun dial type of ring (calibrated for your latitude, of course) or a very simple, solid and heavy ring of platinum which you could hawk if you ever got into a real jam. About the latter suggestion... I've ready to many "urban survival" threads in misc.survival.;-)
First let me explain that M$'s licensing tactics are designed to screw you the most painful way allowed under the law. Sure, it's not unique to M$, but they still try to milk you.
Also, Microsoft's licensing is often so complex, even Microsoft reps cannot answer licensing questions. I once worked for a Certifed MS Solution Provider, being one of the MCSEs which enabled the shop to qualify for such status. MS has these bundles of software, designed to allow solutions providers to run reasonable numbers of copies of most software so that they could better serve customers. One day we called into the regional MS office to ask a question about the licensing, to see if we were in compliance. The guy we spoke to didn't know, so we got bounced around for weeks until we were too disgusted to pursue it further. We eventually decided that we had exhibited "due dilligence" and felt we were in compliance.
In any event, use the worst case scenario (cost-wise) for determining the number of client licenese to purchase.
The advice we were given by a MS sales guy: Got five actual PCs but a hundred potential users? Purchase a hundred licenses. Got a hundred machines, but only five employees? Purchase a hundred licenses.
Perhaps there was somebody clever on the network who was using smbclient? There's also a good number of programs which will comb a network looking for SMB and NetBIOS services.
Even if it fails, the spirit of the attempt is worth the time, so long as the content remains Free.
I remember when the IMDB was a collection of huge text files passed around on USENET. Next, it was converted into DOS-based database application. The app and a few hundred megabytes were passed around the 'net. Once the WWW thing caught on, it went to the web. I don't know if there was ever a time it was on the web but not the pimped commercial version it currently is.
Since it was a community effort, I felt it worthwhile to add my own contributions. I haven't felt compelled to contribute (can you?) to the current commercial incarnation, as it's not Free anymore.
My biggest fear is that such a project will sell out like CDDB and IMDB did, riding on the backs of those who selflessly contributed content.
But I don't understand why everyone gets so bent about Hillary Rosen and focuses all their attention on her.
We despise these figure heads because they actually alter laws to favor the industry. Did you ever read the DeCSS depositions of Jack Valenti? They're a funny, if not scary, read. See them on 2600.com's website. I recall one place where good old Jack was being questioned by Corley's counsel. He was asking him all kinds of questions about the industry, and the opposing lawyer kept objecting, stating that Jack wasn't an expert witness and couldn't answer the questions. Finally, Corely's lawyer spouted off something that I found very telling (paraphrased): "You're telling me that this guy, who testifies before Congress and lobbies to change the laws, isn't an expert in these matters?!?"
The point is, Joe Beancounter from the RIAA or the MPAA doesn't get the publicity shots shaking Senator Hatch's hand (Orin Hatch, I believe, is pretty pro-industry in these matters, in spite of the appearance of his "Napster Hearings" some years ago). It's these hi-profile weenies (Hilary and Jack) who affect legislation.
If I recall, the voice of Hal in 2001 was done by a guy who had absolutely no nowledge of the movie production (or plot, I think). Of course, this was to give Hal that slightly unnerving detachment in the movie. But still...
Didn't Sean Conery record the voice of Draco for that awful movie (Dragonheart, was it?) without having much other involvement in the movie?
My opinion is not right or wrong -- it's an opinion, and one that seems to be held by quite a few admins. FTP and IRC servers often reject IPs without rDNS records, for example. IRC servers usually deny a site without identd running, too. This annoys the hell out of me, but I suck it up and consider it my burden to bear, not the remote admin's.
I'd wager that if most mail admins knew they could reduce their spam load by 90% by this single config change (assuming there are other MTAs as versatile as postfix), they would do it in a heartbeat.
Your inability to get RDNS entries for your machine is, to be blunt, your problem and not mine. Part of a full-service internet connection includes (or should, if you're paying for it) both halves of DNS service.
Once info is collected and sold, it doesn't matter. You think spyware companies keep that info all to themselves? They likely sell it for good money to whoever will target a certain demographic.
I say suing spyware companies is a good start. Just because "reputable" companies may not collect info, they almost certainly purchase info collected from disreputable ones.
I recently installed postfix for our domains and started rejecting IPs without a hostname (reject_unknown_client). Spam getting through dropped to a trickle, the reject-to-accept ratio being about 3:1, or about 1000 rejects a day. Unfortunately, there are many mis-configured sites out there, so some legit email was being denied.
One would think that the remote sender would complain to their mail admin first and they would get it fixed (distributed debugging, if you will). But no, they bitched to the person on my end (even though postfix's default boune messages are pretty self-evident) and then I'd end up adding an exception.
Initially, I would email {post,host}master@ the offending domain. While some were thankful for the notice, most either ignored me or flat out refused to add a rDNS entry for the mail server. Granted, it's not required by RFC, but in my opinion legit hosts should have DNS entries.
(And no, I can't just ignore the problem. When the person who writes your paycheck looses email, you're fighting a loosing battle.)
Actually, I gave up using reject_unknown_client today, except for large domains which are configured correctly (MSN, Hotmail, Microsoft, etc.) and a handful of Asian netblocks.
So back to the OP... I wouldn't hold out for admins to take care of the spam for you, especially if they're with a company you don't actually work for.
Furthermore, you and I need it too: how else would you know what's out there?
I don't buy that argument.
Think about how may items you buy on a regular basis. Now... think about how many of those items to see actually advertised.
See my point?
When my wife I go to the store for stuff, we buy a lot more than just shampoo, paper towels, beer, and tampons. How did we know about the bounty of other goods? Well... we see them on the shelves, for one. We simply know that certain things are needed. I dunno -- adverts don't seem to come into play much in what we buy. And I really think that it's the same for many others.
Well, because marketing, while it may seem silly and unimportant to you, is what makes companies sell shit.
Funny. I thought that having a good product, especially one that people use and want, caused people to buy shit.
Ah... there's the problem (or at least I consider it a problem). Many seem to believe that the economy should be push-driven (companies "sell shit") versus a pull-driven one (people "buy shit").
I've never understood goofy multi-million dollar superbowl adverts, trade shows, cold-calls, door-to-door salemen, pop-ups, or even everyday radio/tv commercials.
Hell, if I want to buy a car, I'm gonna research what's out there. You can be damned sure I'm not going to let a 30-second glossy TV ad influense a $25,000 purchase. That scales down to things as cheap as paper towels and tooth paste.
I realize that the big model is to make people believe thay want crap they don't need, whether that crap is quality or not (more often not). Here's a thought: make quality products that fill a real need (give me better reception on my cell phone, not a dazzling array of colored faceplates for the phone) and people will seek you out. In other words, "Build it, and they will come."
I once worked for a small software firm which produced a niche point-of-sale system. I talked with several of the sales droids there. They honestly believed that without Sales (that is, the department, not actual cash sales) that the world would collapse into economic ruin. I always took the opposing view, but they'd hear none of it.
It's one thing to have a passive presense to have your name in circulation (phone book entry, web page, small ads in the back of trade rags, etc.), but to devote so much money to something as wasteful as salesmen and advertising seems silly to me.
Maybe I'm just a more demanding "consumer" than most, but most everything I buy is based on my own opinion, not advertising.
Sometimes, I've decided to avoid brands solely because of how stupid the commercials are. May Utahns out there who have seen or heard the Totally Awesome Computers ads are sure to agree with me.
And yes, I realize that I just poked a hole into my argument in that past paragraph. That counterpoint to anti-advertising is "brand recognition" -- the philosophy that if you remember a brand (even in a negative way), the advert has done its job. Rubbish.
Slashdot Mirror
Still, there's some merrit to the idea that having each service isolated in its own VM. At least there's some partitioning, and one "captured" service may not interfere with another. Though I'd argue that you should do this same partitioning by using real hardware.
Here's what I do, and it doesn't require that much more overhead:
At the IP level, I use iptables for a default-deny setup. Nothing gets in or out unless I explicity account for it, logging everything that violates policy and then silently dropping the packet.
At the kernel level, I use the grsecurity patch to shore up generic, known weaknesses (stack smashing, buffer overruns), as well as the various randomizations of PIDs, socket numbers, etc. I tried using StackGuard and libsafe for this kind of stuff, but found them too troublesome (plus, grsecurity addresses most of this stuff).
At the application level, I chroot what I can. I then use tcp_wrappers (for apps that use it) in a default-deny config, plus any ACLs that the application itself manages.
Of course, I try to keep up with gaping security holes in services I run. However, I don't find myself scrambling out of fear that my boxes are in much danger when there is an advisory.
These many layers add up to a pretty secure box, that's functional and no more of a hassle to admin that a stock installation.
Wow! -- I didn't know Erma Bombeck read Slashdot! :) Thanks for the laugh!
Firstly, you and your wife must decide in advance the following: 1) Natural birth or with pain killers (drugs, epidural, etc.); 2) To snip or not snip if it's a boy (we opted to not circumsize, as it's not required) and don't let your doctor give you shit either way; 3) To snip her or not (the episiotomy). Getting these medical questions settled beforehand will ease the stress during the thick of things.
Go out and buy yourself a copy of The Complete Tightwad Gazette. It'll be the best $13 you ever spend. Don't let the title scare you -- in addition to providing novel ideas on how to save money (my wife and I are frugal blackbelts), there's a lot of stuff dealing with children (the author had six).
Accept the fact that your lives will suck at some level until 18 years after the birth of your last child. Most will be due to money (diapers and wipes are a horrible money sink), time (once they hit school age, you've lost 9 months of vacation opportunities), and/or stress (why won't he stop screaming?!?). Life will suck, in some form, for a long while. The degrees will vary, but it will be constant. But it's unavoidable. :) Don't judge me on this assertion -- I wouldn't change having kids (4-yo boy, 7-yo girl) for anything. I'm just pragmatic about parenthood. There are some things that are simply better about life when childless.
On the flip-side, always remember that there will be joys introduced into your life that you cannot even fathom right now. I cannot provide examples, as they differ for each kid and each parent. These joys will more than compensate for the rough road ahead.
Until my son was born (the wife and daughter were a package deal), I was all for both parents working. Having seen both kids in and out of daycare, I have to admit that I feel that at least one parent should stay at home at least until all kids reach first grade. They are much better off without the influence of other neglected kids often found at daycare (this is from observation).
Avoid letting the kids get sucked into TV. Personally, the only thing we now watch as a family is the occasional rental or ST:TNG on DVD (the series). We get 2 fuzzy channels that we don't ever watch (not cable or dish). You and the kids have much more time to do other things. Trust me on this. Don't let the tube be a babysitter!
Get the kids hooked on healthy food early in life. My kids don't get boxed cereal -- oatmeal, porridge (cooked steel-cut oats), and cracked wheat are our cereals. We all drink water instead of juices and sodas. We eat a ton of whole foods, and rarely ever buy pre-packaged/prepared foods. I'm appalled at the quality of the foods in public schools -- our daughter takes her lunches 95% of the time (and she complains about the food when she doesn't).
Keep the kids on the teat as long a possible. This should be self-explanatory. Formula (and the companies that make it) is evil, as well as expensinve.
Shun antibiotics unless really necessary. Our kids have yet to need them.
Make sure your wife stays fit during the entire pregnancy. My wife did some yoga and we took a brisk walk nearly every day. She popped out our son effortlessly, without any anesthetic, went grocery shopping with me the next day, and she healed very fast (wink-wink, nudge-nudge).
You're in for a great time!
Now is where I risk a negative moderation... We stopped at two (only enough to replace us both), and got fixed. While I attempt to not pass judgement on families with tons of kids, I urge all prospective parents to think about why they may want to have more than a few children. I live in small, rural town in the heart of Mormon country. LDS families are typically very large. I cannot believe how (to be polite) un-tamed most kids are where we live, and most are from large (geater than 3 kids) families. Yes, this is
So, if you're broadcasting your access singnal, unlicensed and unencrypted into another residence, I say all bets are off.
What idiot on a corporate IT team would overclock a CPU? Not many worth their paycheck, that's for sure. At least not while it has any value on the books.
My guess is that Intel is targeting the home market so the clever neighbor kid can't install a $100 Celery in some guy's PC and overclock it to beat the latest $500 CPU in benchmarks.
Or, more likely, they're trying to combat shady overclocking practices by vendor which might have bad reliability issues and give Intel a bad name.
One thing I like to do personally is randomly pick a startup script (that's actually used in a particular server's configuration), and bury a single line in it that emails me "hostname has rebooted!" as the subject whenever it reboots. That way I know if a machine is ever rebooted with or (more importantly) without my knowledge.
Dont' be an ass. It simply proved he's either read the Jargon File or one to many alt.sysadmin.recovery threads. Give the guy a break. Hell, an occasional "boxen" slips into my email/posts, and I'm a far cry from 13 these days.
However, if I were to buy a full sized one, I'd go for either: 1) A multi-LED drop-in for my 3 D-cell Mag Lites (any good ones out there?); 2) The Inova tactical light (drool!); or 3) the Lightwave linked to in the original post.
Every person on earth knows that if a single nuke were launched from any rougue nation (like Iraq), they'd be vasprozed from the planet by every nuclear power that existed. They'd get only one shot.
I'd risk a single act of random violence upon myself if it meant we lived in a freer nation (Ashcroft) and the world didn't dispise us (Bush).
We didn't do the engagement ring thing, and we bought 2 beautiful silver rings for our wedding bands. Total cost with shipping was just shy of $100. We're both proud of the cheapness factor, as we know the price of precious metals/stones is such a sham. Though, you'd be amazed at how many women turned their noses up at the rings. She doesn't care (that's my girl!) and neither to I. The rings are beautiful and we both love them, and that's all that really matters.
I got this ring, the knots symbolic of my science/math/mechanical nature. I'm the organized one in the pair; I bring order to the chaos. In turn, she has this ring, the ivy symbolic of her being the more "wild" of the two of us. She gets me out into the sun and has a better sense of adventure. We're a perfect match, and over the years our personalities have melded a bit, which goes well with silver (a highly malleable metal). I'm thinking for our 10th anniversary, we might get a new set of rings, but with both having the ivy and knots intertwined (that is, if the owner of this site will custom make them). We may even try to get them in platinum or tungsten, much more sturdy metals.
We've been married 5.5 years and are closer than ever.
Yeah, it's all symbolic, and has no utility value. But my going on about this is simply to illustrate that one can ditch the status quo and have much more meaningful symbolism than "Look! he spent 2 month's salary on this boring ring of gold with a fleck of clear rock on it!"
I encourage everyone to browse the site linked above: metalsmiths.com. The guy has rings made of meteorite that I'd like to get -- too cool! His work is truly unique.
My only suggestion for a practical ring would be either a sun dial type of ring (calibrated for your latitude, of course) or a very simple, solid and heavy ring of platinum which you could hawk if you ever got into a real jam. About the latter suggestion... I've ready to many "urban survival" threads in misc.survival. ;-)
Also, Microsoft's licensing is often so complex, even Microsoft reps cannot answer licensing questions. I once worked for a Certifed MS Solution Provider, being one of the MCSEs which enabled the shop to qualify for such status. MS has these bundles of software, designed to allow solutions providers to run reasonable numbers of copies of most software so that they could better serve customers. One day we called into the regional MS office to ask a question about the licensing, to see if we were in compliance. The guy we spoke to didn't know, so we got bounced around for weeks until we were too disgusted to pursue it further. We eventually decided that we had exhibited "due dilligence" and felt we were in compliance.
In any event, use the worst case scenario (cost-wise) for determining the number of client licenese to purchase.
The advice we were given by a MS sales guy: Got five actual PCs but a hundred potential users? Purchase a hundred licenses. Got a hundred machines, but only five employees? Purchase a hundred licenses.
Perhaps there was somebody clever on the network who was using smbclient? There's also a good number of programs which will comb a network looking for SMB and NetBIOS services.
I remember when the IMDB was a collection of huge text files passed around on USENET. Next, it was converted into DOS-based database application. The app and a few hundred megabytes were passed around the 'net. Once the WWW thing caught on, it went to the web. I don't know if there was ever a time it was on the web but not the pimped commercial version it currently is.
Since it was a community effort, I felt it worthwhile to add my own contributions. I haven't felt compelled to contribute (can you?) to the current commercial incarnation, as it's not Free anymore.
My biggest fear is that such a project will sell out like CDDB and IMDB did, riding on the backs of those who selflessly contributed content.
If only I had it so easy. Most of my charges have no problem looking stupid. :)
We despise these figure heads because they actually alter laws to favor the industry. Did you ever read the DeCSS depositions of Jack Valenti? They're a funny, if not scary, read. See them on 2600.com's website. I recall one place where good old Jack was being questioned by Corley's counsel. He was asking him all kinds of questions about the industry, and the opposing lawyer kept objecting, stating that Jack wasn't an expert witness and couldn't answer the questions. Finally, Corely's lawyer spouted off something that I found very telling (paraphrased): "You're telling me that this guy, who testifies before Congress and lobbies to change the laws, isn't an expert in these matters?!?"
The point is, Joe Beancounter from the RIAA or the MPAA doesn't get the publicity shots shaking Senator Hatch's hand (Orin Hatch, I believe, is pretty pro-industry in these matters, in spite of the appearance of his "Napster Hearings" some years ago). It's these hi-profile weenies (Hilary and Jack) who affect legislation.
That is why we despise these people so much.
Who the hell would drop several hundred bucks on a laptop without doing any research or shopping around, valuable time or not?
Didn't Sean Conery record the voice of Draco for that awful movie (Dragonheart, was it?) without having much other involvement in the movie?
I'd wager that if most mail admins knew they could reduce their spam load by 90% by this single config change (assuming there are other MTAs as versatile as postfix), they would do it in a heartbeat.
Your inability to get RDNS entries for your machine is, to be blunt, your problem and not mine. Part of a full-service internet connection includes (or should, if you're paying for it) both halves of DNS service.
I say suing spyware companies is a good start. Just because "reputable" companies may not collect info, they almost certainly purchase info collected from disreputable ones.
One would think that the remote sender would complain to their mail admin first and they would get it fixed (distributed debugging, if you will). But no, they bitched to the person on my end (even though postfix's default boune messages are pretty self-evident) and then I'd end up adding an exception.
Initially, I would email {post,host}master@ the offending domain. While some were thankful for the notice, most either ignored me or flat out refused to add a rDNS entry for the mail server. Granted, it's not required by RFC, but in my opinion legit hosts should have DNS entries.
(And no, I can't just ignore the problem. When the person who writes your paycheck looses email, you're fighting a loosing battle.)
Actually, I gave up using reject_unknown_client today, except for large domains which are configured correctly (MSN, Hotmail, Microsoft, etc.) and a handful of Asian netblocks.
So back to the OP... I wouldn't hold out for admins to take care of the spam for you, especially if they're with a company you don't actually work for.
Of course, I played those on a friend's computer. I only had a TI99/4A at the time. Munch Man, Alpiner, and Parsec were my favorinte games.
That would be the grsecurity patch. Search for it by name -- it's a really nice patch set. I use it for its other cool feature, too.
Why not. Damned near everything else is.
I don't buy that argument.
Think about how may items you buy on a regular basis. Now... think about how many of those items to see actually advertised.
See my point?
When my wife I go to the store for stuff, we buy a lot more than just shampoo, paper towels, beer, and tampons. How did we know about the bounty of other goods? Well... we see them on the shelves, for one. We simply know that certain things are needed. I dunno -- adverts don't seem to come into play much in what we buy. And I really think that it's the same for many others.
Funny. I thought that having a good product, especially one that people use and want, caused people to buy shit.
Ah... there's the problem (or at least I consider it a problem). Many seem to believe that the economy should be push-driven (companies "sell shit") versus a pull-driven one (people "buy shit").
I've never understood goofy multi-million dollar superbowl adverts, trade shows, cold-calls, door-to-door salemen, pop-ups, or even everyday radio/tv commercials.
Hell, if I want to buy a car, I'm gonna research what's out there. You can be damned sure I'm not going to let a 30-second glossy TV ad influense a $25,000 purchase. That scales down to things as cheap as paper towels and tooth paste.
I realize that the big model is to make people believe thay want crap they don't need, whether that crap is quality or not (more often not). Here's a thought: make quality products that fill a real need (give me better reception on my cell phone, not a dazzling array of colored faceplates for the phone) and people will seek you out. In other words, "Build it, and they will come."
I once worked for a small software firm which produced a niche point-of-sale system. I talked with several of the sales droids there. They honestly believed that without Sales (that is, the department, not actual cash sales) that the world would collapse into economic ruin. I always took the opposing view, but they'd hear none of it.
It's one thing to have a passive presense to have your name in circulation (phone book entry, web page, small ads in the back of trade rags, etc.), but to devote so much money to something as wasteful as salesmen and advertising seems silly to me.
Maybe I'm just a more demanding "consumer" than most, but most everything I buy is based on my own opinion, not advertising.
Sometimes, I've decided to avoid brands solely because of how stupid the commercials are. May Utahns out there who have seen or heard the Totally Awesome Computers ads are sure to agree with me.
And yes, I realize that I just poked a hole into my argument in that past paragraph. That counterpoint to anti-advertising is "brand recognition" -- the philosophy that if you remember a brand (even in a negative way), the advert has done its job. Rubbish.