Slashdot Mirror


User: Just+Some+Guy

Just+Some+Guy's activity in the archive.

Stories
0
Comments
11,329
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 11,329

  1. Re:Bout Time! on SpamAssassin Gets a Promotion · · Score: 4, Informative
    I "augmented" SpamAssassin with an extremely tight Postfix ruleset. A remote server has to jump through these hoops before SA ever gets a crack at it:

    1. HELO Filtering

    1. Reject any connection that doesn't start with HELO or EHLO.
    2. Allow any host on my LAN to continue on to step 2.
    3. Reject any host not on my LAN that sends a hostname or IP of a machine on my LAN.
    4. Reject non-FQDN hostnames (ala "mailserver").
    5. Reject invalid hostnames (ala "432$@@112").
    6. Let everyone who makes it this far continue on to step 2.

    2. Sender Filtering

    1. Allow authenticated senders to continue on to step 3.
    2. Allow hosts on my LAN to continue on to step 3.
    3. Reject non-FQDN sender domains ("foo@bar").
    4. Reject unknown sender domain ("foo@imaginarydomain.com") - after all, if I can resolve their domain, then I couldn't reply to them anyway, right?
    5. Let everyone who makes it this far continue on to step 3.

    3. Recipient Filtering

    1. Reject non-FQDN recipient domains (they'd bounce anyway).
    2. Reject unknown recipient domains (same as above).
    3. Allow authenticated users to send their mail and stop processing.
    4. Allow hosts on my LAN to send their mail and stop processing.
    5. Reject mail from anyone else that isn't to one of my domains, or one I'm an MX for.
    6. Use SPF to reject spoofed email.
    7. Use the relays.ordb.org, list.dsbl.org, and sbl-xbl.spamhaus.org DNS blackhole lists.
    8. Greylist all email not coming in from or going out to peer MXes.
    9. Pass everything else to step 4.

    4. Content Filtering and Delivery

    1. Use ClamAV to reject viruses. This takes a big load off SpamAssassin.
    2. Use SpamAssassin to tag messages.
    3. Use Cyrus's Sieve to reject high-probability spam, put medium-probability messages into a "review" folder, and filter everything else into the appropriate folders.

    I reject over 95% of all incoming mail before it ever gets to SpamAssassin. This means that SA's success rate isn't as good as on other systems (since I weed out all of the obvious spam), but my mailbox is happy and shiny.

    SpamAssassin is a brilliant last line of defense, but I wouldn't advise just dumping your raw incoming stream into it. Much of the useful information about a message isn't available to spamd (such as your list of local domain names, relay domains, etc.) and you should consider using a set of cheaper filters to flush out the blatant chaff.

  2. Re:Personally, I thought differently... on Fahrenheit 9/11 Discussion · · Score: 4, Insightful
    See the movie. I... say Moore is distorting... his supporting evidence.

    I just quoted your own words to prove that you think Moore is a liar. Those are your words, right? Then how could I possibly be misrepresenting your opinion?

  3. Re:Liability of sites that recommend IE? on Corporate Servers Spreading IE Virus [Updated] · · Score: 1
    Well, recently, our medical insurance provider updated their web-site and the site, which used to work fine with Netscape, now has features that will only work with IE.

    So today you send a followup:

    To: webmaster@insuranceco.com
    Cc: sales@insuranceco.com
    Subject: You really don't want our business?

    Because you're forcing us to violate our corporate security policies in order to use the new, dangerous features on your website, we feel compelled to explore the possibility of switching our business to one of your competitors. Please let us know if you are able to fix your site before we move too far along this mutually-expensive path.

    Always Cc: Sales on things like this. Web developers are much less likely to blow off your complaints when the sales manager is standing in their office with a baseball bat.

  4. Re:Why should I care? on Our Friend, The Meter · · Score: 1

    Congratulations on being the only poster in this thread to get it right. A liter of water doesn't have a defined weight, which would be measured in units of force and not mass. A liter of "standard" water at sea level weighs about 9.8N. A liter of water in orbit is approximately weightless. It does, however, have a mass of 1kg wherever it may be.

  5. Re:So on Yahoo Changes Protocol, Blocks Third Party Clients · · Score: 3, Interesting
    You can run your own server

    That by itself is enough to make it the clear leader for corporate use. I set up a server for our office LAN and our IT guy installed Psi on every employee's desktop. Now we have a private, low-latency communication system for passing short messages back and forth in real-time. There hasn't been a single problem with the roll-out; I started the server, spent 20 minutes telling the other employees how to use Psi, and walked away from it.

    With any other IM service, we'd have to deal with privacy policies (such as mandatory encryption of all messages) or other hassles. With Jabber, we can freely send sensitive information between employees without worrying about outside snooping. Beyond that, we wrote an notification API for use with our internal applications that allows you to send event notices to selected employees via either email or Jabber. It's nice to get instant notification of system status changes without depending on our Internet connection being available.

  6. Re:Adopting a new protocol on Yahoo Changes Protocol, Blocks Third Party Clients · · Score: 1
    I am sorry but jabber sucks.

    That's a great way to start a rational discussion.

    Do they at least have file transfer now?

    I believe so, although I've never - not once in my life - ever had the need to transmit a file via IM so I can't say for sure.

    Ok, how about video and audio conversation? Display pictures? Custom emoticons?

    All functions of the clients.

    And don't get me started on the need on transports to connect to other services...

    That is the worst point you could possibly hope to make. Yes, Jabber requires transports to link a server with other services. How do Yahoo and AIM handle cross-connections? Oh, that's right - they don't. Basically, you're bitching that Jabber allows you to use plugins to enable features that no other IM systems support. Did that make sense to you when you wrote it?

  7. Re:At least it's not a "For Dummies" book on Linux for Non-Geeks · · Score: 1

    When I worked in ISP tech support I sent someone to Barnes & Noble for "Dialup Networking For Complete And Utter Jackasses". I'm not sure if they found it or not, but they didn't call back...

  8. Re:my problem with spammers.. on Confession For Two: A Spammer Spills it All · · Score: 1
    That seems like a reasonable idea. I installed Postfix for the first time this weekend to replace Sendmail on a FreeBSD server, and I'm completely in love with it. I know I could set up the same filtering with Sendmail, but Postfix's config file is so incredibly easy to read that I've been having a great time experimenting with it.

    One of the things I'd always wanted to try with Sendmail but had never gotten around to was configuring TLS and SMTP auth. Those two jobs took me a total of about twenty minutes. Now that remote users have full permission to send outgoing messages from that server, I can't think of a single reason why I'd ever need to accept incoming messages with my domain in the from. Furthermore, I publish SPF records for all of my domains so it's increasingly unlikely that anyone outside my network would accept those messages anyway.

  9. Re:my problem with spammers.. on Confession For Two: A Spammer Spills it All · · Score: 2, Interesting
    .. is when they start forging email addresses. Like sending email to me with my own email address.

    I recently told Postfix to reject any SMTP session that start with "HELO $foo", where $foo is my public IP (I'm behind a NAT) or my domain name or any hosts in the domain, and the source is not in fact a machine on my LAN (or someone using authenticated SMTP to send an outbound message). I've also started rejecting all email that fails SPF - that is, email that specifically violates the alleged sending domain's SPF policy.

    In other words, if I catch you lying about who you are, especially if you're claiming to be me, then you can't talk to me anymore. It's amazing how quickly my maillog is filling with reject messages from those two filters and how quickly the load average on my mailserver is dropping.

  10. Re:Just for the balance on Vim 6.3 Released · · Score: 1

    OT: For all the "get a compliant browser" stuff at the bottom of that page, it doesn't validate. Just thought you ought to know.

  11. Re:Vim or Emacs on Vim 6.3 Released · · Score: 1
    I come from the school of thought that a piece of software should do one thing well

    Emacs does exactly one thing: execute elisp code. All the rest is just shine. :)

  12. Re:It's not that hard on Deep Inside the K Desktop Environment · · Score: 1
    I suppose one way of figuring this out would be that the default menu entries for these apps clearly state what they do.

    Ummm, no. The default menu entries on your particular distribution give descriptive names, but that's a configurable option.

    Right-click a panel and choose "Configure Panel", then the "Menus" tab. You'll get a selector like:

    Menu item format:

    • Name only
    • Name (Description)
    • Description (Name)

    My Debian install had the first option selected by default, but that may be because I was playing around with alpha releases of KDE 3.2 a while back and the settings might've stuck stuck around.

  13. Re:license issues? on Deep Inside the K Desktop Environment · · Score: 1
    Well, there does not appear to be a concise name for the class of software that I am discussing -- source free-as-in-beer-available and free-as-in-beer usable but not OSI-compliant.

    "Propietary", and I'm not trying to be flippant. I think that those apps are increasingly irrelevant in daily usage. I mean, why maintain your own local patch branch of a certain application when there's almost certain to be an Open Source or Free equivalent.

    more-poorly-served by Qt's license scheme than the license schemes that the FSF uses or Linus uses.

    What you're saying is true, but I just can't feel too sympathetic toward those apps. They would be wanting to use millions of man-hours of work without contributing back to the pool, and I don't think that's a reasonable position to adopt. It would've been spiffy if Trolltech had used the LGPL or BSD license, but I don't begrudge them their decision.

    Povray's kind of a disappointment. I completely understand why they can't release it under an open license, and I certainly don't hold those reasons against them, but it's sad that the (best? only?) source-available raytracer still has so many strings attached. Here's to hoping that they can get it all resolved.

  14. Re:Naming for normals? on Deep Inside the K Desktop Environment · · Score: 3, Insightful
    How does 'kopete' relate to 'chat' or 'instant messaging'?

    In much the same way that "Visual Studio" relates to programming (and not graphic design) for the unitiated, and Trillian relates to instant messaging, and Eudora relates to email, and Vivio relates to drawing diagrams.

    They only sound worse than the equally unrelated Windows names because you're not used to them yet, unless you really do independently associate the act of burning CDs with the name "Roxio".

  15. Re:license issues? on Deep Inside the K Desktop Environment · · Score: 1
    pine

    No, I don't use it. It's not Open Source.

    povray

    Yes, I would use it. They're working on making it Open Source.

    XFree86

    Yes, I use it. All version prior to xfree86.org's idiotic license change, and all new versions from X.org are Open Source.

    qmail

    No, I don't use it. It's not Open Source.

    xv

    No, I don't use it. It's not Open Source.

    Did you have any other questions? You seem to have a pretty tenuous grasp on what constitutes an Open Source license. I strongly suggest you read the definition before you make wild and incorrect claims about what it means.

  16. Re:I confess to a little excitement ... on Mike Melvill Chosen To Fly SpaceShipOne · · Score: 1

    Nope. STS-1 launched in 1981.

  17. Re:19 years experience as a test pilot? on Mike Melvill Chosen To Fly SpaceShipOne · · Score: 2, Funny
    But the job req asked for "15 years of experience as a test pilot, prior spice[sic] experience a plus,"

    It's not enough to ask - you have to require it:

    "Wanted: Test pilot for civilian sub-orbital vehicle. Requirements: a minimum of five successful flights to space in other civilian craft; 8 years programming in Java 2; 3 years with Windows Server 2003."

    At least, that's how it'd read if my last company's HR wrote the ad.

  18. Re:Pretty strong test pilot cred on Mike Melvill Chosen To Fly SpaceShipOne · · Score: 1
    D'oh! You're certainly correct. "Predator" and "UAV" were on adjacent lines and I ran them together.

    Still, it sounds like they got a good guy for the job.

  19. Re:I confess to a little excitement ... on Mike Melvill Chosen To Fly SpaceShipOne · · Score: 5, Insightful
    Tomorrow's flight reminds me of the excitement that I felt about space flight when I was growing up in the sixties and seventies.

    I was a kid when the Columbia took its first trip in '81, so I've never lived in a time when space flight wasn't a reality. However, when I looked at pictures of SpaceShipOne tonight and read about the people filling the motels for miles around the world's first civilian spaceport, I literally started crying out of pure joy. Space has always been the domain of guys with The Right Stuff - bigger-than-life heros that risked it all. However, as of tomorrow, the rest of us get to take our shot at it. Tomorrow, I fly into space, and the universe will be a lot closer for me and my children.

    Bring 'er home safe, Mike. A whole world full of regular Joes are praying for you.

  20. Pretty strong test pilot cred on Mike Melvill Chosen To Fly SpaceShipOne · · Score: 2, Interesting
    From his biography, he was the first test pilot of the Predator UAV. I don't know whether it was originally designed for manned flight and he convinced them from personal experience that it was too risky, or whether he flew in an airplane not designed to carry human cargo. Either way, he strapped himself into something that you couldn't force me into at gunpoint and brought it back home safely.

    When I was a little kid, I wanted to be Chuck Yeager. Now I'm sitting at home reading Slashdot. Sigh.

  21. What about radio tuners? on TV Tuners For The PC: Internal Or External · · Score: 1
    On the same subject, I'm looking for a Linux-compatible software-controllable radio tuner, either internal or external. I'd like a GUI interface for manual control, and a scriptable control for automated recording jobs.

    I've looked through various hardware compatibility lists, but haven't found any resources comparing different models. In other words, I don't just want something that supported, I want something that works well and that's used by more than just the person who wrote the drivers.

    Does such an animal exist? Any recommendations would be appreciated.

  22. Re:here's a view from under the middle class on Are IT Certifications Meaningless? · · Score: 1
    30 years old, 1.5 years till I get my bachelors

    I heard something extremely valuable from Ann Landers, of all people: if you don't want to start college because you'll be four years older than you are now when you finish, how old will you be four years from now if you don't go to college? I started back when I was 25 and finished when I was 29. I wasn't exactly ancient, but some of my non-college-going friends were amazed that I was doing it.

  23. Re:In a Word... YES on Are IT Certifications Meaningless? · · Score: 1
    Can't follow directions from MapQuest?

    I know plenty of experienced, intelligent people who can't read maps (no, I'm not one of them). What's that have to do with how well they can do their job?

    When in fact, so many guys have been too busy coding and fixing networks and upgrading systems to go out and get a piece of paper that says they passed a test on things that they've been doing for years.

    If that test is an opening to higher-paying jobs, and we all know that it is (whether justified or not), and you could just walk in and take it but haven't bothered to do so, then you are demonstrably lazy.

    Certifications are meaningless to me, too, but so are a lot of things that management requires in order to make more money.

  24. Re:here's a view from under the middle class on Are IT Certifications Meaningless? · · Score: 1
    One word of advice: move. Seriously. In the last city I lived in, population ~250,000, you could get a livable apartment for $350 per month. Given two entry-level jobs at $7.00 per hour, the two of you would be taking home about $24,000 per year, minus roughly $4,000 in rent, leaving you with nearly $20,000 left over for food, entertainment, and training. The university I graduated from cost about $3,000 per year for full-time tuition, and you can get student loans to defer most or all of that until you're out of the grunt jobs.

    Slashdot readership is inherent skewed toward big city residents since that's where the majority of IT jobs are located. That means that a large portion of this site doesn't realize that there is life elsewhere, and that many of us actually prefer it.

    Put another way, Velex, right now you are choosing to be poor. You may want to consider choosing to be middle class by relocating yourself to someplace with a much lower relative cost of living.

  25. Re:word of advice from a hiring mgr on Are IT Certifications Meaningless? · · Score: 2, Informative
    If I were said PHB, this quote would kill your job opportunity with me:
    Somehow I mysteriously broke seijinohki's SMTP server while changing some security settings last night due to some strange MyDoom bounces I got. Joe and I have been on a day-long quest to fix it today, and, just as we're about to give up and nominate mizuno to be the new SMTP and POP3 server, it fixes itself as the Macho Man Randy Savage begins rapping.
    Here it is, paraphrased as management would hear it:
    I was screwing around with someone I didn't understand and things stopped working. We almost abandoned the project and scrapped the server, but something else happened that we didn't understand and it began working again.
    That is the kind of thing that will keep you out of a server room forever. Feel free to keep your own blog, but make darn sure that noone can get there by Googling for the name you put on your resume.