I can't say your analogy is much better. Pursuing it nonetheless, your smtp server should probe the smtp server on the same machine as the smtp client. I have no problem with that. If somebody wants to send you email, they might reasonably expect you to contact their smtp server with a reply.
No, it's on my iPAQ. Reflash the bootloader, reboot to *run* the bootloader, and upload a Linux filesystem. The bootloader knows to look in the filesystem to find the kernel, and whoosh, you're up and running X. On a handheld.
It's quite frustrating, you see, because the Pretec GPS CF receiver works just fine. The difference between the two is that the Navman sleeve doesn't have any CIS, so that cardmgr doesn't know anything about the UART. If I could manage to figure out how the pcmcia code is mapping the UART into memory, then I could do the same thing for the Navman's sleeve.
But as you admitted, you're too stupid to help me with this. BTW, I was only pulling sudog's leg about "stalking" Ian. Man oh man did ever go ballistic. But he and I have made up. Now if you were only as mature as him.... -russ
Oh? Some feminists say that all men are potential rapists. Some also say that rapists should be castrated. Does it then follow that all men should be castrated? No, of course not, because there is no guilt where there is only potential. And an open relay is only a potential source of abuse. -russ
you seem real bitter about the "get a life" thing. maybe deep down it really hits close to home, eh?
No, actually it's because I really *do* want to figure out how to access the UART on the Navman sleeve. Unfortunately, ARM Linux seems to either be caching that section of RAM (which is shouldn't be, given that that memory was allocated using ioremap), or else it's not pointing the memory at the actual hardware address of the UART. -russ
No. Ian forged addresses intended to trick the SMTP server into forwarding the email. Ian also used a false envelope sender (blah@localhost) which is unusable for returning a bouncing email. -russ
Nice try, Fred. Unfortunately, Ian put *no* limitations on which servers would be spammed by ORBZ. Your assertion "this is the only way that any host gets scanned by orbz" is simply a lie. Not to mention that you didn't phrase it in the past tense.
By the way, the host which was scanned was one that is listed in the MAPS RSS. That host NEVER contacts anybody under any circumstances except one: because somebody sent email to that server. So even *if* you are correct and that ORBZ tested only because an SMTP client on that host contacted somebody's SMTP server, it could only have been by that person's request. I didn't initiate the contact; they did. They cannot then claim that "[I] initiated contact that led to the scan".
Stopping people from continuing ORBZ abuse is being productive. There are enough fanatics (e.g. you) who think that ORBZ has done no wrong that one of you will likely re-implement it. -russ
p.s. this is typical of the witty repartee which passes for commentary from ORBZ supporters. Honestly, if you wish to convince me that I'm wrong about how anti-spam activists shouldn't be spamming innocent servers in their holy quest to identify open relays, you're going to have to supply more of an argument than "get a life." I already have a life. What I *need* is a way to talk to the Navman iPAQ sleeve from Linux. And I doubt that you're smart enough to help me with that.
I told Ian, time and time again, that he shouldn't be testing innocent servers. Test servers that have sent spam, yes, by all means. But you can't go around invading innocent servers. -russ
Nope. Read Ian's message. He said that he wasn't closing ORBZ because of *this* case. He was closing it because of the subsequent cases. -russ
Re:The open relay testers send me unsolicited e-ma
on
ORBZ Shuts Down
·
· Score: 2
By all means, explain what those ulterior motives might be. I am paid by nobody for my anti-spam efforts, so I have no pecuniary interest.
My motives are exactly as I laid out on the orbz mailing list: I don't want to be attacked by open relay probes, and I don't want other innocent hosts to be similarly attacked. I have no problem with testing a host which has sent you spam. I have no problem with testing a host on behalf of someone who was sent spam. But unless you have a copy of the spam in hand, testing the host is completely irresponsible. -russ
Re:The open relay testers send me unsolicited e-ma
on
ORBZ Shuts Down
·
· Score: 2
I had no opinion about Ian before he spammed me. Clearly that was not a good first impression for him to make on me! My opinion is that Ian is a teenager who has a sense of idealism -- that he should be able to create something wonderful, something perfect. His creation is a list of each and every open relay on the Internet. I have no problem with that. It is a worthy goal. Unfortunately, his methods involve sending fraudulently-addressed email to innocent SMTP servers. He and I disagree on whether he should use this method to discover open relays. He doesn't see anything wrong with this. I agree with him that testing for an open relay requires that he send such email. That would be perfectly fine if he was defending *his* SMTP server against attacks by someone running an SMTP client. It's perfectly reasonable to see if that host is also running an SMTP server which is an open relay. Self-defense is a perfectly fine reason for doing this. Ian went far, far beyond this, and tested (dare I say "abused"?) servers with no history of abuse. This is why he is now in the position of having to defend himself against charges of abuse. -russ
Re:The open relay testers send me unsolicited e-ma
on
ORBZ Shuts Down
·
· Score: 2
See the part where it says Return-Path: bounce-xxxxxxx@localhost? That's the part where Ian is lying about his email address. His email address is not and has never been anything @localhost. -russ
By the way, I liked the way you banned me from #ORBZ without me even saying a word. It's clear to me that your philosophy is intellectually bankrupt, when you can't have someone who disagrees with you listen to you. -russ p.s. When the court finds that Ian has passed on copies of his software, they're not going to be happy. Rule #1: never, never piss off the judge.
h0bia said: Worst of all, I sent repeated requests to people like orbs.org asking to be excluded and they replied with very rude e-mails which contained vulgarities, etc.
Typical ORBZ supporter said: Don't be such a retard..
Why does this not surprise me? -russ p.s. hi sudog. You're wasting your time again.
Re:Where do you draw the line ??
on
ORBZ Shuts Down
·
· Score: 2
You agree that fraud is a crime. Fine. Ian sent fraudulently addressed email. He admits to this and says that it is required because that is what spammers do. You say it's a crime, and Ian admits to doing it. Seems like an open and shut case to me. -russ
Re:The open relay testers send me unsolicited e-ma
on
ORBZ Shuts Down
·
· Score: 2
"Professionally" my ass. Ian lied about the source of the email. He used envelope sender addresses which would not return a bounce message back to him. He used envelope recipient addresses which were not only invalid, but which were specially crafted to break through a server's anti-relay defenses. These are the actions of a professional, yes -- a professional spammer. -russ
Re:The open relay testers send me unsolicited e-ma
on
ORBZ Shuts Down
·
· Score: 2
That doesn't work, just as it doesn't work for most spammers. Your see, like most other spammers, ORBZ lies about its hostname.
-russ
Indeed, a relay probe is spam.
on
ORBZ Shuts Down
·
· Score: 2
You would think that Ian would have gotten a clue from all the people whom his probes angered. If he only restricted himself to testing systems for which he had spam on record, then he would have a defense. "Yes, your honor, I crashed the system, but I was only defending myself against more relayed spam." As it is, he had to fold because he has no justification for probing those systems. -russ
I cannot think of anybody associated with the Internet that I trust more than Dave Farber, Peter Neumann, and Lauren Weinstein. Sure, PFIR would be a fine organization, although they suggest IAB as a more appropriate organization. -russ
Slashdot Mirror
Innocent until proven guilty. And innocent means that you can't go rifling through their server looking for an address it will accept and relay.
-russ
I can't say your analogy is much better. Pursuing it nonetheless, your smtp server should probe the smtp server on the same machine as the smtp client. I have no problem with that. If somebody wants to send you email, they might reasonably expect you to contact their smtp server with a reply.
This is NOT probing innocent servers.
-russ
No, it's on my iPAQ. Reflash the bootloader, reboot to *run* the bootloader, and upload a Linux filesystem. The bootloader knows to look in the filesystem to find the kernel, and whoosh, you're up and running X. On a handheld.
-russ
It's quite frustrating, you see, because the Pretec GPS CF receiver works just fine. The difference between the two is that the Navman sleeve doesn't have any CIS, so that cardmgr doesn't know anything about the UART. If I could manage to figure out how the pcmcia code is mapping the UART into memory, then I could do the same thing for the Navman's sleeve.
But as you admitted, you're too stupid to help me with this. BTW, I was only pulling sudog's leg about "stalking" Ian. Man oh man did ever go ballistic. But he and I have made up. Now if you were only as mature as him....
-russ
An open relay is not an innocent server.
Oh? Some feminists say that all men are potential rapists. Some also say that rapists should be castrated. Does it then follow that all men should be castrated? No, of course not, because there is no guilt where there is only potential. And an open relay is only a potential source of abuse.
-russ
you seem real bitter about the "get a life" thing.
maybe deep down it really hits close to home, eh?
No, actually it's because I really *do* want to figure out how to access the UART on the Navman sleeve. Unfortunately, ARM Linux seems to either be caching that section of RAM (which is shouldn't be, given that that memory was allocated using ioremap), or else it's not pointing the memory at the actual hardware address of the UART.
-russ
AFAIK, ORBZ sends the emails to itself
No. Ian forged addresses intended to trick the SMTP server into forwarding the email. Ian also used a false envelope sender (blah@localhost) which is unusable for returning a bouncing email.
-russ
Nice try, Fred. Unfortunately, Ian put *no* limitations on which servers would be spammed by ORBZ. Your assertion "this is the only way that any host gets scanned by orbz" is simply a lie. Not to mention that you didn't phrase it in the past tense.
By the way, the host which was scanned was one that is listed in the MAPS RSS. That host NEVER contacts anybody under any circumstances except one: because somebody sent email to that server. So even *if* you are correct and that ORBZ tested only because an SMTP client on that host contacted somebody's SMTP server, it could only have been by that person's request. I didn't initiate the contact; they did. They cannot then claim that "[I] initiated contact that led to the scan".
Stopping people from continuing ORBZ abuse is being productive. There are enough fanatics (e.g. you) who think that ORBZ has done no wrong that one of you will likely re-implement it.
-russ
AC: get an account. jackass.
-russ
p.s. this is typical of the witty repartee which passes for commentary from ORBZ supporters. Honestly, if you wish to convince me that I'm wrong about how anti-spam activists shouldn't be spamming innocent servers in their holy quest to identify open relays, you're going to have to supply more of an argument than "get a life." I already have a life. What I *need* is a way to talk to the Navman iPAQ sleeve from Linux. And I doubt that you're smart enough to help me with that.
Hollings has his head up his "Analog hole".
-russ
I told Ian, time and time again, that he shouldn't be testing innocent servers. Test servers that have sent spam, yes, by all means. But you can't go around invading innocent servers.
-russ
Nope. Read Ian's message. He said that he wasn't closing ORBZ because of *this* case. He was closing it because of the subsequent cases.
-russ
By all means, explain what those ulterior motives might be. I am paid by nobody for my anti-spam efforts, so I have no pecuniary interest.
My motives are exactly as I laid out on the orbz mailing list: I don't want to be attacked by open relay probes, and I don't want other innocent hosts to be similarly attacked. I have no problem with testing a host which has sent you spam. I have no problem with testing a host on behalf of someone who was sent spam. But unless you have a copy of the spam in hand, testing the host is completely irresponsible.
-russ
I had no opinion about Ian before he spammed me. Clearly that was not a good first impression for him to make on me! My opinion is that Ian is a teenager who has a sense of idealism -- that he should be able to create something wonderful, something perfect. His creation is a list of each and every open relay on the Internet. I have no problem with that. It is a worthy goal. Unfortunately, his methods involve sending fraudulently-addressed email to innocent SMTP servers. He and I disagree on whether he should use this method to discover open relays. He doesn't see anything wrong with this. I agree with him that testing for an open relay requires that he send such email. That would be perfectly fine if he was defending *his* SMTP server against attacks by someone running an SMTP client. It's perfectly reasonable to see if that host is also running an SMTP server which is an open relay. Self-defense is a perfectly fine reason for doing this. Ian went far, far beyond this, and tested (dare I say "abused"?) servers with no history of abuse. This is why he is now in the position of having to defend himself against charges of abuse.
-russ
See the part where it says Return-Path: bounce-xxxxxxx@localhost? That's the part where Ian is lying about his email address. His email address is not and has never been anything @localhost.
-russ
That's *ORBS*, not *ORBZ*.
-russ
By the way, I liked the way you banned me from #ORBZ without me even saying a word. It's clear to me that your philosophy is intellectually bankrupt, when you can't have someone who disagrees with you listen to you.
-russ
p.s. When the court finds that Ian has passed on copies of his software, they're not going to be happy. Rule #1: never, never piss off the judge.
h0bia said: Worst of all, I sent repeated requests to people like orbs.org asking to be excluded and they replied with very rude e-mails which contained vulgarities, etc.
Typical ORBZ supporter said: Don't be such a retard..
Why does this not surprise me?
-russ
p.s. hi sudog. You're wasting your time again.
You agree that fraud is a crime. Fine. Ian sent fraudulently addressed email. He admits to this and says that it is required because that is what spammers do. You say it's a crime, and Ian admits to doing it. Seems like an open and shut case to me.
-russ
"Professionally" my ass. Ian lied about the source of the email. He used envelope sender addresses which would not return a bounce message back to him. He used envelope recipient addresses which were not only invalid, but which were specially crafted to break through a server's anti-relay defenses. These are the actions of a professional, yes -- a professional spammer.
-russ
That doesn't work, just as it doesn't work for most spammers. Your see, like most other spammers, ORBZ lies about its hostname.
-russ
You would think that Ian would have gotten a clue from all the people whom his probes angered. If he only restricted himself to testing systems for which he had spam on record, then he would have a defense. "Yes, your honor, I crashed the system, but I was only defending myself against more relayed spam." As it is, he had to fold because he has no justification for probing those systems.
-russ
Gee, my wife *insisted* that I install Linux on her computer. She was tired of Windoze crashing all the time.
-russ
I cannot think of anybody associated with the Internet that I trust more than Dave Farber, Peter Neumann, and Lauren Weinstein. Sure, PFIR would be a fine organization, although they suggest IAB as a more appropriate organization.
-russ
There's a lot to be said for this plan.