I discussed and dismissed this possibility years ago. The problems with implementation are these:
Microsoft can't own the kernel, within legal compliance of GPL. So any modifications they're doing are going to be restricted to a layer running above the kernel, and the possibility of restricting this in a way as to only allow the "Microsoft World" to run is low.
If it's anything running on X, then other X apps will run. Very little win.
If it's a customized X environment, incompatible with standard X servers, then at the worst users are restricted to running two displays on their system, and toggling between them.
As you might notice, most of these options imply a significant loss in functionality, which raises the question of why anyone would choose such a product (this does assume, of course, choice...).
If there's one thing Linux excels at, it's running worlds within worlds. Xnest, VNC, VMWare, Xen, UML, and remote access all provide ways of accessing multiple environments simultaneously, whether hosted locally or remotely. The ability to lock-in the user on a given environment (among Microsoft's key success factors) is exceptionally difficult to attain.
My summary of this scenario, posted in 1998, read:
Microsoft can supply a Win32 API to Linux.
They can probably not integrate it with the OS due to the GPL.
They can probably not deny simultaneous access to alternate APIs on the same machine.
Without the OS/API/machine stranglehold, MS loses its leverage over the PC and the computer industry.
MS can participate in the Linux market. They cannot do so on the terms they have become accustomed to in the past decade.
I don't see anything that's changed in 7 years (other than the lines in my face getting clearer....)
If you really want some benchmarks on that, try the book Death in Yellowstone. Among the first stories is about a man who tried rescuing his dog from a hot pool, at about 200F.
He survived. For about 24 hours.
The book details a number of other ways you can die in the woods (or waters as the case may be).
See here for FINA standards (international swimming governance body).
From my own experience as both a competitive swimmer and doing lifeguarding / pool maintenance (back in the day), anything over 80F is uncomfortably warm after a brief period at workout / competitive efforts. 78F is cool enough to keep you moving, but not cramped. Down as far as ~74 is tolerable, barely, if you keep moving. Anything below that and you'll be adversely affected by the cold, though yes, you can swim in temps well below that, with conditioning. Open-water swimmers compensate by wetsuits, skin coatings, or unusual metabolisms.
Because of the heat density of water, temperature bounds are pretty tight. And yes, if you are a recreational / rehabilitative swimmer, competition temps are going to be too low for you. This is bloody typical of "athletic clubs" as well (term used advisedly).
It's not uncommon to see swimmers, in the middle of winter, in overheated pools, hauled out on deck -- to cool off. Sweating doesn't do much for you when you're surrounded by water.
.... makes me want to just >plonk</. A f*cking modicum of RTFA would be appropriate.
Recommends: CowboyNeal loses posting privs. Better: gets canned. This is unprofessional to the extreme, and seriously undercuts any credibility Slashdot has.
What drives me batshit crazy is the fact that the only way to get a copy of a typical legacy MS Windows error message is to screenshot it. Even GNOME managed to allow a copy buffer for its dialogs. Makes the task of either getting valid user reports, or Googleable text, so much easier. CLI of course is even better in this regard.
The combination of 1) content-free error messages and 2) no ready means to copy text means tracking stuff down is orders of magnitude more effed. Thankfully, I don't play there much.
When I'm admining my server as root, I need to be able to run every application...
And su -c 'command' nobody fails you how? 'sux' for X access, or learn to use xauth properly.
Other than single-user maintenance mode, you should be logged on full root anyway -- log on as user, sudo to root for actions, or run a root shell if necessary. No need to be blatantly stupid.
Given possible exploits in such things as, say, man, an alias or shell function wrapper to do this automatically, as root, might not be all bad.
Yeah. I mean, the whole "everything's a file" concept is so hard. Things like being able to assign ownership to your (p)tty. Cuts root right out of the picture.
If you can exploit a box without gaining root, why bother gaining root. Matters little to me how a box is being utilized, rather more that it is. The distinction is a red herring. If someone's using your system in an unauthorized manner, it's effectively exploited, root or no root (yes, there are different implications, you and I both know that, stick to the point).
That said, I've seen Linux boxes cracked, and I've seen 'em spamming. I'm generally not tracking which is what, but reporting on spam. If you're so keen on finding 'sploited Linux boxes, you can search news.admin.net-abuse.email on my email address, find my reports, and query the IPs yourself to find out what they're running and whether you think they're cracked. That's your question, I'm not your consulting department. Fresh crop of ~250 hosts posted daily.
And that said, http://www.123stereo.com/ turned up serving a PayPal phish Aprl 6. It's already been cleaned. But that would be a PHP site which was conned into loading and serving pages. Couldn't tell you it was cracked for certain, but it smells like it. No, not spamming, but that's just what I saw. Satisfied?
Anyway, turnabout's fair play: prove to me that no compromised Linux boxes are spewing spam. You've got a week.
Yes (as I was explaining to the school LAN admin yesterday afternoon), I can deliver a perfectly insecure GNU/Linux box. Yes, GNU/Linux is inherently much more securable than legacy MS Windows.
That wasn't the point. You made an unsubstantiated claim that no spam is being sent from GNU/Linux boxes. I've seen plenty that was. I've seen boxes run by generally paranoid admins hacked. You're far more credible when you stick to the truth, Brandioch. Temper your enthusiasm. It sells better.
The OS alone doesn't guarantee security. GNU/Linux boxes are used in various attacks. Easy-to-find and widely deployed (on fat pipes no less) PHP holes all the moreso. Keep up on your security bulletins and site updates, monitor your logs, run an IDS, scan your perimiter, check your traffic, read your abuse mail. You'll be ahead of the game.
(aptitude|urpmi|yum|yast) install security isn't sufficient by itself. Stop selling that myth.
How many cracked Linux boxes do you think the spammers use? None? Well, it would seem that the OSS community is dealing with the problem at the technological root.
Brandioch, actually, I've got the spams and the admin replies to demonstrate, that Linux (and BSD) systems aren't immune. The big culprit since about November has been PHP mailform scripts, and I've seen quite a few of these sites acknowledged and wiped off systems by their administrators. Many at hosting sites.
Yes, it's apparently proxies or dedicated "bulletproof" hosting systems that are the primary sources. but Linux isn't a silver bullet. Oh, and PHP has its share of problems. awstats p0wned, anywone?
The low-tech approach would be an augmented locate service, providing additional metadata. This still requires a periodic filesystem scan as with current locate/slocate.
The high-tech approach would be to add hooks to the filesystem driver allowing metadata (user/group, [ca]time dates, filename, permissions) to be written to an index. Need not change underlying filesystem symantics at all.
Microsoft, of course, prefer the spaghetti solution.
I've been writing nastygrams to NPR all week, viz: ChoicePoint were not "hacked", and the data were not "stolen". ChoicePoint sold the data through their regular sales channels. And presumably the fraud ring made payments, 'coz they kept this up for a year.
And yes, ChoicePoint are likely only the tip of the iceberg, though they're one of the larger, and newer firms. Larger means more data and more attractive target. Newer means they've had less time to get experienced (trans: to f*ck up before and get burned), so their internal controls are poor. Economies of scale in data accumulation and sales means that ChoicePoint are among the bigger targets. Doing research a few weeks ago (before the story broke) I found a lot of trails leading back to them.
That said: there are many sources of such information, and we can expect to see more similar stories emerge.
I've had a decade-plus career in the information business -- healthcare, consumer credit. And several gigs have use CP or its predecessors for data sources. Trust, it's scary shit.
Routing of packets, and resolution of DNS (for the non-geek reading this, and yes, I mean you: the system that converts host names (like www.ibm.com) to computer-friendly IP addresses (like 129.42.18.99)) are ultimately at the control of the user, not the sender.
So, yes: what I've done is create a list of domains for which I'm not interested in their cr*p (doubleclick and X10 were two of the first additions). And all traffic, thanks to my local DNS server (yeah, it sounds like I'm geeking out, but it's not that tough) goes to a local webserver. Just one of the Linux boxes on the LAN. It serves up a clear gif. Not even a proper "proxy" server, just some DNS hackery.
I had similar ways of combatting spyware servers and other problems, at a tech lab for the local Boys & Girls Club. Web filtering software for the obvious stuff. A list of ~60,000 domains which were denied access (culled from spammer lists and such). And for a few bad boys, firewall denial of all incoming and outgoing to known bad IPs. Staff boxes were a mass of viruses and spyware, but the systems 350 kids ran were clean, despite running MS WinXP.
While I'll freely admit that setting this up takes a wee bit of technical skills now, there's really no reason it should. And zero-configuration tools to provide similar capabilities to Joe & Jane Sixpack would be most excellent.
FWIW, Skipstone, another Geck-based Linux browser, offered tabbed browsing before Galeon picked it up. The feature was AFAIR nabbed from Opera. There are a few other browsers which may have had tabs going way back, including the Tcl-based BrowseX (not "brow-sex").
My understanding though is that Galeon really nailed tabbed browsing with sane preferences: opening order & location, moving tabs, detaching tabs, and moving tabs to another window. Incidentally, if you've avoided the 1.3.x branch because of its feature purge and GNOME fuckwittedness, it's getting a lot better. Reclaimed my preferred browser status with few qualms.
Yeah, I remember the Office 95/97 landmine. Got hit by the PPT format cutover about that point to. While revising slides. At the conference. And found I couldn't open my presentation any more.....
Microsoft also created a set of read-only tools for Word, PPT, and Excel. Except....
Under Linux, if you've got a document reader, spurious typing is generally ignored. Microsoft's solution? A fscking popup window telling you "Sorry, you can't edit this document" (or words to the effect). For someone trained to use the spacebar to scroll through docs, absolutely maddening.
less with LESSPIPE is my preferred viewer today. In fact, there's cool hacks to support Word and Excel within mutt -- all in cosole. Hrm. Not sure about PPT, but strings works remarkably well (no kidding).
I'd just submitted the same item, but with some additional background...
Moreford isn't the only person noting crap quality of Microsoft. The New York Times saw fit to run 2300 words on erasing a hard drive and reinstalling the OS, to terminate spyware with extreme prejudice. I mean, when was nuking your C:\ drive national news? A few months earlier, I was interviewed for an expose of the adware/spyware industry in Barbiarians at the Digital Gates. My own technical followup, Spyware, Adware, Windows, GNU/Linux, and Software Culture has garnered a number of responses, most variations of "why do people put up with this cr*p?!"
Even the local small-town paper's usually Microsoft partisan columnist is suggesting it's time for the Microsoft Empire to begin to crumble. And he's not the only one.
The point is that these aren't geeks and gearheads talking out, it's the current in the popular press. Ordinary people. Which wouldn't be so significant if there weren't clearly identifiable, far better alternatives. Linux. Mac OS X. ABMS - Anything but Microsoft.
Under Debian (or Debian-based distros: Ubuntu, Linspire, Lycoris, Xandros, Progeny, etc.), install dwww and you'll have a system documentation browser at http://localhost/dwww, including a menu. Oh, and search. Need more? your/usr/share/doc/ directory is also accessible. By the way, this stuff is also available online, for those readers not fortunate enough to be reading on a Debian system. The point I'm hammering home here is that the information ison the system.
Sure, but that's the raw stuff. How about books or guides? Well, there's HOWTOs (that's your TLDP, BTW), Rute User's Tutorial and Exposition, and hundreds of other docs.
PDFs suck for online readability. Web content is far more accessible, and it's somewhat ironic that manpages actually translate well to HTML (better than info pages).
Yes, I've harped on man pages a lot. Arcane, difficult to read, you have to know what you're looking for. But (under Debian), Policy requires every system executable have a manpage. What's the value in that? Well... I've watched a $50/15 min Windows consultant try tracking down processes on a suspect Win2K server. By typing the names from the Task Manager into MSIE and looking them up on Google. You want to know what something is in Linux? man command. No manpage? If it's a system command, file a bug. If it's not, you've got something to look at -- a possible security exploit. Note too that other distros and projects, GNOME and GNU in particular, deprecate manpages. This is not only wrong, but dangerous.
Your MP3 player should should show up in an apropos query: apropos mp3. And yes, users should know how to search for things, though the system should also assist in this. Though if you're not accessing the commandline:
Accessing an MP3 file should launch your MP3 file player.
Linux app design tends not to be format-specific as Windows tools are. Your audio player should be indifferent to MP3s, Oggs, WAVs, AUs, or other sound formats.
Robin: There's a few bugs filed on this, my own is 1103753, which includes an attached screenshot. The actual bug can show up in a number of different ways, though this is common. Sometimes (usually in the relationships / user settings pages) all the content is pushed a screenwidth to the right, rendered as black text on black background. Annoying to say the least.
Response is that the bug is a browser fault. but I'd return that until Slashdot presents something remotely approching standards-compliant HTML, you've got a problem here.
The upside is that I'm using the "light" user prefs setting and a custom stylesheet to give the page the "Slashdot" look. Or any other page. Some fun....:
Details... Well, they're floating around a fractional percent to nearly 6% of spam, by month. I label mail by ASN as I report it to news.admin.net-abuse.sightings, so you can search for ASNs 1221 and 4763 there. Bounces around a lot. July was about the worst, since it's been about 0.1-0.2% of spam (2-87 messages).
If you have anything else in mind, drop me a line (email works). Note that Telstra's pretty much in the same boat as most mainstream ISPs. Given Oz is a moderately-sized, but advanced, economy, and Telstra's got a monopoly on network services, it's not entirely surprising that the share is up there.
Again, Spamhaus provides per-ISP stats, and might be a good place to start your research. I see one current ROKSO listing. And there's a current news item, Follow Australia describing progress in killing AU spam. Though other initiatives with Savvis and China have produced few tangible results.
Slashdot Mirror
To what end?
I discussed and dismissed this possibility years ago. The problems with implementation are these:
My summary of this scenario, posted in 1998, read:
I don't see anything that's changed in 7 years (other than the lines in my face getting clearer....)
If you really want some benchmarks on that, try the book Death in Yellowstone. Among the first stories is about a man who tried rescuing his dog from a hot pool, at about 200F.
He survived. For about 24 hours.
The book details a number of other ways you can die in the woods (or waters as the case may be).
See here for FINA standards (international swimming governance body).
From my own experience as both a competitive swimmer and doing lifeguarding / pool maintenance (back in the day), anything over 80F is uncomfortably warm after a brief period at workout / competitive efforts. 78F is cool enough to keep you moving, but not cramped. Down as far as ~74 is tolerable, barely, if you keep moving. Anything below that and you'll be adversely affected by the cold, though yes, you can swim in temps well below that, with conditioning. Open-water swimmers compensate by wetsuits, skin coatings, or unusual metabolisms.
Because of the heat density of water, temperature bounds are pretty tight. And yes, if you are a recreational / rehabilitative swimmer, competition temps are going to be too low for you. This is bloody typical of "athletic clubs" as well (term used advisedly).
It's not uncommon to see swimmers, in the middle of winter, in overheated pools, hauled out on deck -- to cool off. Sweating doesn't do much for you when you're surrounded by water.
.... makes me want to just >plonk< /. A f*cking modicum of RTFA would be appropriate.
Recommends: CowboyNeal loses posting privs. Better: gets canned. This is unprofessional to the extreme, and seriously undercuts any credibility Slashdot has.
What drives me batshit crazy is the fact that the only way to get a copy of a typical legacy MS Windows error message is to screenshot it. Even GNOME managed to allow a copy buffer for its dialogs. Makes the task of either getting valid user reports, or Googleable text, so much easier. CLI of course is even better in this regard.
The combination of 1) content-free error messages and 2) no ready means to copy text means tracking stuff down is orders of magnitude more effed. Thankfully, I don't play there much.
And su -c 'command' nobody fails you how? 'sux' for X access, or learn to use xauth properly.
Other than single-user maintenance mode, you should be logged on full root anyway -- log on as user, sudo to root for actions, or run a root shell if necessary. No need to be blatantly stupid.
Given possible exploits in such things as, say, man, an alias or shell function wrapper to do this automatically, as root, might not be all bad.
Yeah. I mean, the whole "everything's a file" concept is so hard. Things like being able to assign ownership to your (p)tty. Cuts root right out of the picture.
"Those who fail to understand Unix are forced to reimplement it. Poorly." Henry Spencer.
Bullox, Brandy.
A single counterexampe will suffice. I gave you my datasource. You've got nmap -O. Start tracking. Or pay me for my time.
If you can exploit a box without gaining root, why bother gaining root. Matters little to me how a box is being utilized, rather more that it is. The distinction is a red herring. If someone's using your system in an unauthorized manner, it's effectively exploited, root or no root (yes, there are different implications, you and I both know that, stick to the point).
That said, I've seen Linux boxes cracked, and I've seen 'em spamming. I'm generally not tracking which is what, but reporting on spam. If you're so keen on finding 'sploited Linux boxes, you can search news.admin.net-abuse.email on my email address, find my reports, and query the IPs yourself to find out what they're running and whether you think they're cracked. That's your question, I'm not your consulting department. Fresh crop of ~250 hosts posted daily.
And that said, http://www.123stereo.com/ turned up serving a PayPal phish Aprl 6. It's already been cleaned. But that would be a PHP site which was conned into loading and serving pages. Couldn't tell you it was cracked for certain, but it smells like it. No, not spamming, but that's just what I saw. Satisfied?
Anyway, turnabout's fair play: prove to me that no compromised Linux boxes are spewing spam. You've got a week.
Yes (as I was explaining to the school LAN admin yesterday afternoon), I can deliver a perfectly insecure GNU/Linux box. Yes, GNU/Linux is inherently much more securable than legacy MS Windows.
That wasn't the point. You made an unsubstantiated claim that no spam is being sent from GNU/Linux boxes. I've seen plenty that was. I've seen boxes run by generally paranoid admins hacked. You're far more credible when you stick to the truth, Brandioch. Temper your enthusiasm. It sells better.
The OS alone doesn't guarantee security. GNU/Linux boxes are used in various attacks. Easy-to-find and widely deployed (on fat pipes no less) PHP holes all the moreso. Keep up on your security bulletins and site updates, monitor your logs, run an IDS, scan your perimiter, check your traffic, read your abuse mail. You'll be ahead of the game.
(aptitude|urpmi|yum|yast) install security isn't sufficient by itself. Stop selling that myth.
Brandioch, actually, I've got the spams and the admin replies to demonstrate, that Linux (and BSD) systems aren't immune. The big culprit since about November has been PHP mailform scripts, and I've seen quite a few of these sites acknowledged and wiped off systems by their administrators. Many at hosting sites.
Yes, it's apparently proxies or dedicated "bulletproof" hosting systems that are the primary sources. but Linux isn't a silver bullet. Oh, and PHP has its share of problems. awstats p0wned, anywone?
...doesn't require a full new filesystem.
The low-tech approach would be an augmented locate service, providing additional metadata. This still requires a periodic filesystem scan as with current locate/slocate.
The high-tech approach would be to add hooks to the filesystem driver allowing metadata (user/group, [ca]time dates, filename, permissions) to be written to an index. Need not change underlying filesystem symantics at all.
Microsoft, of course, prefer the spaghetti solution.
There are schemes which allow two parties to validate to one another (as opposed to one-way) without either revealing their secret. Effectively:
I've been writing nastygrams to NPR all week, viz: ChoicePoint were not "hacked", and the data were not "stolen". ChoicePoint sold the data through their regular sales channels. And presumably the fraud ring made payments, 'coz they kept this up for a year.
And yes, ChoicePoint are likely only the tip of the iceberg, though they're one of the larger, and newer firms. Larger means more data and more attractive target. Newer means they've had less time to get experienced (trans: to f*ck up before and get burned), so their internal controls are poor. Economies of scale in data accumulation and sales means that ChoicePoint are among the bigger targets. Doing research a few weeks ago (before the story broke) I found a lot of trails leading back to them.
That said: there are many sources of such information, and we can expect to see more similar stories emerge.
I've had a decade-plus career in the information business -- healthcare, consumer credit. And several gigs have use CP or its predecessors for data sources. Trust, it's scary shit.
Routing of packets, and resolution of DNS (for the non-geek reading this, and yes, I mean you: the system that converts host names (like www.ibm.com) to computer-friendly IP addresses (like 129.42.18.99)) are ultimately at the control of the user, not the sender.
So, yes: what I've done is create a list of domains for which I'm not interested in their cr*p (doubleclick and X10 were two of the first additions). And all traffic, thanks to my local DNS server (yeah, it sounds like I'm geeking out, but it's not that tough) goes to a local webserver. Just one of the Linux boxes on the LAN. It serves up a clear gif. Not even a proper "proxy" server, just some DNS hackery.
I had similar ways of combatting spyware servers and other problems, at a tech lab for the local Boys & Girls Club. Web filtering software for the obvious stuff. A list of ~60,000 domains which were denied access (culled from spammer lists and such). And for a few bad boys, firewall denial of all incoming and outgoing to known bad IPs. Staff boxes were a mass of viruses and spyware, but the systems 350 kids ran were clean, despite running MS WinXP.
While I'll freely admit that setting this up takes a wee bit of technical skills now, there's really no reason it should. And zero-configuration tools to provide similar capabilities to Joe & Jane Sixpack would be most excellent.
...that entire domain appears to be served off a local, nonroutable IP, on which a webserver provides only a clear 1x1 gif for all requests....
...and it's not the only one</you may say I'm a dreamer>
FWIW, Skipstone, another Geck-based Linux browser, offered tabbed browsing before Galeon picked it up. The feature was AFAIR nabbed from Opera. There are a few other browsers which may have had tabs going way back, including the Tcl-based BrowseX (not "brow-sex").
My understanding though is that Galeon really nailed tabbed browsing with sane preferences: opening order & location, moving tabs, detaching tabs, and moving tabs to another window. Incidentally, if you've avoided the 1.3.x branch because of its feature purge and GNOME fuckwittedness, it's getting a lot better. Reclaimed my preferred browser status with few qualms.
Yeah, I remember the Office 95/97 landmine. Got hit by the PPT format cutover about that point to. While revising slides. At the conference. And found I couldn't open my presentation any more.....
Microsoft also created a set of read-only tools for Word, PPT, and Excel. Except....
Under Linux, if you've got a document reader, spurious typing is generally ignored. Microsoft's solution? A fscking popup window telling you "Sorry, you can't edit this document" (or words to the effect). For someone trained to use the spacebar to scroll through docs, absolutely maddening.
less with LESSPIPE is my preferred viewer today. In fact, there's cool hacks to support Word and Excel within mutt -- all in cosole. Hrm. Not sure about PPT, but strings works remarkably well (no kidding).
I'd just submitted the same item, but with some additional background...
Moreford isn't the only person noting crap quality of Microsoft. The New York Times saw fit to run 2300 words on erasing a hard drive and reinstalling the OS, to terminate spyware with extreme prejudice. I mean, when was nuking your C:\ drive national news? A few months earlier, I was interviewed for an expose of the adware/spyware industry in Barbiarians at the Digital Gates. My own technical followup, Spyware, Adware, Windows, GNU/Linux, and Software Culture has garnered a number of responses, most variations of "why do people put up with this cr*p?!"
Even the local small-town paper's usually Microsoft partisan columnist is suggesting it's time for the Microsoft Empire to begin to crumble. And he's not the only one.
The point is that these aren't geeks and gearheads talking out, it's the current in the popular press. Ordinary people. Which wouldn't be so significant if there weren't clearly identifiable, far better alternatives. Linux. Mac OS X. ABMS - Anything but Microsoft.
I think we're finally seeing the ediface crumble.
Um. 27,000 pages of documentation (typical install) isn't sufficient? 60,000 manpages (all of Debian unstable) is "sparse?
I call massive bullshit.
Under Debian (or Debian-based distros: Ubuntu, Linspire, Lycoris, Xandros, Progeny, etc.), install dwww and you'll have a system documentation browser at http://localhost/dwww, including a menu. Oh, and search. Need more? your /usr/share/doc/ directory is also accessible. By the way, this stuff is also available online, for those readers not fortunate enough to be reading on a Debian system. The point I'm hammering home here is that the information is on the system.
Sure, but that's the raw stuff. How about books or guides? Well, there's HOWTOs (that's your TLDP, BTW), Rute User's Tutorial and Exposition, and hundreds of other docs.
Bugs? Your distro should have a queryable bug-tracking system.
PDFs suck for online readability. Web content is far more accessible, and it's somewhat ironic that manpages actually translate well to HTML (better than info pages).
Yes, I've harped on man pages a lot. Arcane, difficult to read, you have to know what you're looking for. But (under Debian), Policy requires every system executable have a manpage. What's the value in that? Well... I've watched a $50/15 min Windows consultant try tracking down processes on a suspect Win2K server. By typing the names from the Task Manager into MSIE and looking them up on Google. You want to know what something is in Linux? man command. No manpage? If it's a system command, file a bug. If it's not, you've got something to look at -- a possible security exploit. Note too that other distros and projects, GNOME and GNU in particular, deprecate manpages. This is not only wrong, but dangerous.
Your MP3 player should should show up in an apropos query: apropos mp3. And yes, users should know how to search for things, though the system should also assist in this. Though if you're not accessing the commandline:
Hope that helps.
Robin: There's a few bugs filed on this, my own is 1103753, which includes an attached screenshot. The actual bug can show up in a number of different ways, though this is common. Sometimes (usually in the relationships / user settings pages) all the content is pushed a screenwidth to the right, rendered as black text on black background. Annoying to say the least.
Response is that the bug is a browser fault. but I'd return that until Slashdot presents something remotely approching standards-compliant HTML, you've got a problem here.
The upside is that I'm using the "light" user prefs setting and a custom stylesheet to give the page the "Slashdot" look. Or any other page. Some fun....:
Slashdot:
The stylesheet itself is available as:
Misc sites:
Fetching w/ btdownloadcurses gives a file error. Could you check the seed?
Details... Well, they're floating around a fractional percent to nearly 6% of spam, by month. I label mail by ASN as I report it to news.admin.net-abuse.sightings, so you can search for ASNs 1221 and 4763 there. Bounces around a lot. July was about the worst, since it's been about 0.1-0.2% of spam (2-87 messages).
If you have anything else in mind, drop me a line (email works). Note that Telstra's pretty much in the same boat as most mainstream ISPs. Given Oz is a moderately-sized, but advanced, economy, and Telstra's got a monopoly on network services, it's not entirely surprising that the share is up there.
Again, Spamhaus provides per-ISP stats, and might be a good place to start your research. I see one current ROKSO listing. And there's a current news item, Follow Australia describing progress in killing AU spam. Though other initiatives with Savvis and China have produced few tangible results.