Sendmail is awkward in this area, because the new features/tables have been added over time. Postfix abstracts deciding whether to accept mail a little bit. You use smtpd_recipient_restrictions in your main.cf, which lists a series of tests to be done on each mail. RBLs are listed individually, one per line. An example would be reject_rbl_client relays.ordb.org. You can list as many as you like; I have six.
Most of the other tests use external.db files for speed. These are flat text lists of two arguments each; source and either destination or action, and are compiled into a binary lookup file with the postmap command. (you have to run postmap on a file every time you change it.) How the two arguments are parsed depends on the context in which you call it. They all have the same basic format... argument1 argument2.
Some of the possible tests are:
A check_helo_access clause points at a file with one or more SMTP HELO tests. On my server, for instance, anyone that says they're in my domain, or that they're any of my IP addresses, or that they're 127.0.0.1, get immediately bounced. This file is formatted as source and REJECT or OK. check_recipient_access lets you specify a list where particular recipients will be accepted or rejected; most sites accept postmaster mail unconditionally, as an example. Again source and REJECT or OK. check_client_access points at a list of IP addresses, with REJECT or OK. (there are several more possibilities as well, I won't talk about all of them.)
Postfix goes through all the tests listed in its smtpd_recipient_restrictions clause, looking for an OK or a REJECT. If it gets either, it stops further testing, and immediately processes the mail. If it gets no response from any of its tests, it accepts the mail. You could put an explicit deny rule last, if you wanted to reverse that behavior.
I haven't used sendmail in a very long time, so I'm not sure what local-host-names does. If that's 'who can relay through me', that's usually done by setting the my_networks argument, and then using a permit_mynetworks clause in smtpd_recipient_restrictions. That's not normally done through a file lookup, although you could if you wanted.
Aliases and virtual domains are done through/etc/aliases (same format as sendmail, for compatibility), and the virtual file. The virtual file can list as many domains as you like. Each line, like all other database lookup files, is a source/target pairing, interpreted a bit differently than the files above.
If the source is just a naked word, it's assumed to be a user, and you can redirect mail from one user account to another this way. If the source is user@domain, then only exact address matches will be redirected to the target. And if the source is @domain, it redirects everything from that domain to a specific place.
Some examples:
root useraccount -- redirects from root to that user test@example.com useraccount -- sends only mail to test@example.com to useraccount. Other addresses are rejected. @example.com useraccount -- send all mail for example.com that isn't matched by someone else to useraccount. Can be used as a catchall.
Postfix has two concepts for domains.. the main one it serves, and all the rest, which are virtual. If you have a user 'joe', and someone sends mail to 'joe@example.com', joe will only get the mail if that's your primary domain. If it's virtual, joe@example.com will bounce, unless you explicitly set up a redirect./etc/aliases is used only for the primary domain. I believe if you point 'joe@example.com', through the virtual file, at the 'jane' account, and/etc/aliases redirects 'jane' to 'bob', bob will get the mail. (test this to be sure... and this is a bad way to do it anyway, you really only want to alias once.)
I suspect the access table is just handled through the tests I
It's not a drop-in replacement, in the sense that it doesn't use the same config files. (You can read postfix files:) ) Unless you have an _extremely_ complex environment, though, it usually won't take very long to write the postfix equivalents to do what you need.
The two main configuration files are master.cf and main.cf. Master is the configuration for how the daemons work and talk with one another, and it's used to add in other programs for weird delivery arrangements. For 'normal' mailservers, you probably won't have to mess with that too much. Main.cf, on the other hand, is where you'll do almost all the configuration work... virtually everything goes there.
Stuff that requires lookups, like virtual addresses (the 'virtual' file) or transports (the 'transport' file), is set up in child files, flat text. The 'postmap' program compiles the text files into.db format, which lets Postfix do fast queries on them.
You should probably expect to spend a day or two setting up a server the very first time you use it. Nothing is that hard, but it can be a little frustrating figuring out where to look for a given feature. Everything is easy, there's just a lot of it.
Once you have it running, the configuration becomes practically self-documenting, so it's *really* easy to make changes. Sendmail is write-only... you can get it working, come back a week later, and have _no_ idea what you're looking at. Postfix isn't like that... if it works, it will generally be pretty obvious how and why it works. (and it will usually be pretty clear about why things AREN'T working, too.)
If it has a weak point, it's probably that the documentation is rather scattered... expect to do a lot of googling while setting up.
It's really worth the effort. It's one of the best pieces of free software out there. And it's one-time only effort, unlike sendmail.:)
I haven't worked with it much (and milter not at all), but the Postfix equivalent is the 'policy daemon interface'. It's not identical, but quite similar, from what I've read.
Yes, I realize this is too late for those of you running Sendmail now, and please don't take this as criticism for using it.... it's a solid mail program. But it was written when the Net was a much nicer place, and it's proving, once again, that retrofitting security is either very difficult or impossible. For a long time, it seemed like practically every third exploit was for Sendmail... it got pretty frustrating.
The two major alternatives are Qmail and Postfix; Courier is sort of an up-and-comer, but they've had quite a number of security holes in those packages. (of course, that may also be related to the fact that Courier does a lot more than just deliver mail.) Of the three, I prefer Postfix. It's exceedingly solid, very fast, and fairly easy to configure. The initial learning curve is a little steep (mostly because there's about a billion things you can set), but the config files are readable when you're done. You don't have to relearn the whole program every six months. It's also very secure... I'm only aware of two security problems in its entire history. (I don't remember the details, but I think one was minor, and the other was moderately serious.)
QMail is also solid, fast, and secure. But the author has decided that Unix machines should be configured a particular way, with files in particular places, and he uses his code as a weapon to try to force you to do things the way he wants. So I won't run it unless I have to. I don't deny that he's a brilliant coder and forty-eight times smarter than I am, but I refuse to be dictated to.
Postfix can take a beating.. it is Truly Great Software. It will handle any load that Sendmail will handle, it's easier to administer, and the security is better. And, of course, it's truly free... Wietse won't try to make your administration decisions for you.
Yeah, that does make sense. Like it or not, the defense industry isn't quite most others.
If they'd been clueful, they'd have realized that it simply didn't matter... with the source being open, there's no way they could embed a DoD-specific backdoor. But they don't have a clue, which is why they hire other people, I suppose.
I still dislike very much the outcome, but... you're right.
They're putting down GoDaddy because, most likely, they're doing this because Microsoft offered them a huge wad of cash. Microsoft is buying marketshare.
For parked domains, it's unlikely GoDaddy cares in the least what server is underneath... but you can bet Microsoft does. That should tell you which way the money is flowing in this relationship.
As a system and network admin, security is something I think about quite a bit. As far as I can determine, truly good security people are the best of the best in the computer world. There is _nothing_ in computers as difficult.
As an admin/architect, you need a prodigious memory; you have to know all the software you're deploying, with all its various warts. You have to know your operating systems, and their interactions with your chosen hardware, both system and network. And you have to understand your network layout and be able to troubleshoot.
As a programmer, you need less knowledge and more raw brainpower. You still need to know how other people do things, but a great deal of the job is raw invention on the spot. Knowledge in the programming field tends to be narrow, specialized, and very deep.
As a security person, at least to be a GOOD one, you need all the skills of both fields, plus more besides. You have to be able to audit source code and find weaknesses; you have to be able to probe a network remotely and understand its layout and where its holes are likely to be. Defensively, you have to understand all the possible ramifications and interactions with combinations of software. Offensively, you have to be able to find the holes that nobody else has seen before.
Both programming and sysadminning can lead into security, but if you want to be GOOD, I'd strongly suggest trying to be both. You might want to program first; that's usually harder to break into, and it can be easier to get a job out of college. Admins tend to like experience as much or more than education, so once you have a good degree of programming skill, you can probably branch out and pick up what you need in terms of system administration. You don't necessarily need the day-to-day details, but you do need a very, very deep understanding of _exactly_ what the operating system and programs are _actually_ doing... not just the cruder models most of us tend to use.
It is a very interesting field, but it'll take everything you have and then some just to keep up.
Governments have special restrictions, because they are the government. I repeat: in a free country, one is neither rewarded nor punished by the government for one's political opinions.
Turning recursion off is likely to result in lots of support calls from people who are dependent on your servers. A better solution is to deny queries that don't come from trusted hosts.
First, make an ACL that lists all the IP addresses for which you want to provide general DNS services. These are IP addresses you should trust... any of these can use your server as a DoS attacker.
acl internal { 127.0.0.0/8; 1.2.3.0/24; };// we trust 1.2.3.0 not to DoS anyone
Then, in the zone definitions for the domains you want to serve to the whole internet: zone "example.com" {
type master;
file "/path/to/db.example.com";
allow-query {any;}; };
This will explicitly allow you to trust and offer name service resolution to particular entities (like, say, your home network, if you're just an Average Joe, or your netblocks, at an ISP), while explicitly refusing to talk to anyone else about any zones for which you're not authoritative.
You're still vulnerable to DNS-poisoning for non-authoritative domains from internal hosts, but at least in theory, you should be able to track those down and make life painful for the miscreant.
"Right to Work" means different things in different states. In California, it means you can't be held to non-competes.... in general, California is very employee-friendly.
In Georgia (and most of the South), the employer has all the power. Down here, "Right to Work" means "Right to Get Screwed".
Totally wrong, eh? I've been saying "November 2006 in Japan" for months. "March 2007 in the US" MAY have been incorrect on my part, but remember... just six months ago, March 2006 was Sony's "firm" Japan launch date. You'll excuse me if I have some doubts that they will actually launch worldwide in November.
And I stand behind the rest of what I said... trying to be all things to all people is a BAD idea, and trying to match Microsoft's coding prowess is gonna be tough. I think 'gigantic faceplant' is very, very possible here.
As far as being wrong... they'll prove me wrong when I can actually buy hardware. We'll see when that happens.
I don't see anything in that link that really contradicts what I'm saying. They're claiming they won't even have final dev kits until June. They're gonna have to push hard to make a November launch.... and there was NEVER a chance they'd ship in March. They've been lying their heads off to try to get you to hold off buying a 360.
From the rumors that have been floating around, they're trying to make it All Things to All People, which is the surest way to please few of them.
I've been saying here since early January that we wouldn't see the PS3 officially launched in the States until March of 2007 at the earliest. (and to the AC who called me a 'good liddle fanboy', thpppt!)
It's now March of 2006. They do not yet have, to my knowledge, working hardware for the video game end of things. They don't have working Blu-Ray drives, and in fact the specs there are changing. (latest news: no degradation on analog HDTV sets, which is good.) They don't seem to have decided on a final feature set. I think a November launch might still be possible, but it's gonna take a lot of overtime by a LOT of people. And they'll have to decide on their final feature set _right now_ and push like hell to make it happen.
Sony seems to be in defensive mode, beset by rivals. It doesn't feel like they have a unified vision of what the PS3 should be. Rather, at least if you can believe the zeitgeist of the rumor sites, they seem to be in defensive mode, where they claim they'll do everything that all the other consoles do, better. That's not gonna happen. They don't have the time or the manpower to make it happen. If they keep trying, the PS3 is going to be the Duke Nukem Forever of consoles... because the 360 and Revolution will be moving targets. Now that Microsoft has hardware on the ground, new features are just a matter of writing code. If there's one company on the planet who's got expertise in doing that, it's Microsoft.
At this point, I'm not sure that the PS3 will make November. Whenever it does ship, it will be monumentally expensive, but the wealthy Japanese consumers will buy it in droves anyway; it will be successful in Japan. When they ship it in the US, they're not going to be willing to take the enormous financial hit it would take to sell it at $400; they're going to be priced higher than that, maybe a lot higher.
Now, this part gets _really_ speculative. They saw the EBay market for the 360 (many 360s sold at $800+), so I bet they're going to try a very expensive US introduction. And, paradoxically, I think it will be completely rejected as 'too expensive' by the American consumer, even though the _exact same people_ would turn around and spend $800 for one on EBay. It's okay, you see, for the Average Joe to be rapacious and greedy, but when corporations do it, it's "wrong". And I'm not sure Sony will get that.
Even if they're smart and take the financial hit of introducing at $400, I still think they're likely to end up in third place, this time around. The 360 is really solid; it's an excellent machine and they're doing lots of interesting stuff with it. And the Revolution is _really_ interesting; Nintendo is focused on doing stuff that's fun.
This time around, Microsoft shipped a Mustang. It's big, loud, and powerful. Sony is going to ship a Porsche; quieter, a little faster, more expensive. (if they choose to eat the extra cost, that would make it a great deal for the consumer.) Nintendo is going to ship a Miata. They don't win drag-races, but Miatas are cheap and fun to drive.
Overall, I suspect Nintendo has a good chance of being the big winner this time around. They'll do well in all markets. I suspect the 360 will place a solid (and profitable) second.. they'll do really well in the US and Europe, but will be lucky to sell 25 consoles in Japan. Sony will do well in Japan, simply from a combination of brand- and country-loyalty, but I now suspect they'll do a huge faceplant in the US and Europe.
My NVidia machine is my Windows gaming box, so I'm using NVidia's standard Forceware drivers. Instant bluescreen on the Ethernet driver.... intensely frustrating. The KT333 is my Linux server, and I'm annoyed with _that_ because the box is unstable in APIC mode, and I don't get very good throughput on gigabit. But those are separate issues.:)
If that's an accurate reading, something is wrong. You can run stable at those temps, but you should NOT be seeing those on a standard XP 1800+...45C is about as hot as those chips should get, with reasonable air cooling.
The KT133 was terrible. You must not work your computers very hard. The KT133 was a disaster in all respects, and it gave the early Athlons an undeserved bad name. The CPUs were excellent, but the boards were complete shit, no matter who made them. A quick search on Google for KT133 problems shows NINETY THOUSAND hits.
The KT266 and 333 were pretty good as Windows desktops. But I'm using one as a Linux server now, and it's... not great. I have to run it with APIC disabled. Turning on APIC (in recent 2.6 kernels) causes all kinds of problems with software RAID. And I don't get very good throughput; using an Intel gigabit network adapter, I'm lucky to push 150 megabits onto a (very fast) SCSI array. And that's with no other load _at all_. Even pulling or pushing to a tmpfs, the absolute best I can manage is about 200Mb. In theory, I ought to be able to get north of 300 on vanilla PCI, but the chipset doesn't seem to have very good throughput. (this is without jumbo frames, but with a lot of other optimizations on the Linux side; I get similar results from both Windows and Mac gigabit clients.)
NVidia chipsets are pretty good, with the exception of their IDE and Ethernet drivers. The most recent Ethernet drivers instantly bluescreen my DFI Lanparty NF3 250 machine. The older version works, but you have to disable all TCP offloading and firewalling for full stability. WoW in particular does _not_ like offloading. And the IDE driver is slow and buggy... it's best to stick with standard Windows drivers.
That sounds pretty damning, but it's really quite good, other than that. But keep in mind I've only run this board with Windows. The KT333 I mention above worked fine in Windows too, but isn't so hot in Linux.
Intel may be behind in the CPU department, but their chipsets remain the best...extremely solid. In the high end, the NForce4 Professional on Opterons is supposedly good... but for low- to mid-range servers, where I won't be around to check on a system regularly, I'd much rather do Intel.
Then again, I have a personal Intel server with an 865 chipset that's hosted somewhere in Texas. It kernel panics randomly on every version of 2.6.15 I've tried, but is absolutely solid on 2.6.14 and earlier.
Even Intel hardware is no panacea against the crappy 2.6 kernel development process.
It seems like every other day, they promise the PS3 will do something new, cool, and wonderful... any idea that anyone else has, the PS3 will have too! Only better, cooler, faster!
I suspect the PS3 is going to be a disaster... trying to please everyone is one of the surest ways of pleasing nobody at all. You do have to give them credit for one thing, though... they're fighting a great war of words.
Words are cheap, though, so they should be using even more of them. They could get some great press by offering to send out hookers to fellate every customer who pre-orders.
Yeah, it'd be (another) lie, but at least it would be a good one!
(I say, "lying." They say, "marketing." Same thing. *handwave*)
The reason this change was made is simple... it lets the bosses in the patent office, in the words of Dilbert, expand their tiny fiefdoms.
If more things CAN be patented, then more things WILL be patented. That means the patent office needs more people. Supervisors in the government are paid based on how many people they supervise. If they expand the job description of the bureaucracy they manage, that means raises, and eligibility for promotions into even larger fiefdoms.
Slashdot Mirror
Sendmail is awkward in this area, because the new features/tables have been added over time. Postfix abstracts deciding whether to accept mail a little bit. You use smtpd_recipient_restrictions in your main.cf, which lists a series of tests to be done on each mail. RBLs are listed individually, one per line. An example would be reject_rbl_client relays.ordb.org. You can list as many as you like; I have six.
.db files for speed. These are flat text lists of two arguments each; source and either destination or action, and are compiled into a binary lookup file with the postmap command. (you have to run postmap on a file every time you change it.) How the two arguments are parsed depends on the context in which you call it. They all have the same basic format... argument1 argument2.
/etc/aliases (same format as sendmail, for compatibility), and the virtual file. The virtual file can list as many domains as you like. Each line, like all other database lookup files, is a source/target pairing, interpreted a bit differently than the files above.
/etc/aliases is used only for the primary domain. I believe if you point 'joe@example.com', through the virtual file, at the 'jane' account, and /etc/aliases redirects 'jane' to 'bob', bob will get the mail. (test this to be sure... and this is a bad way to do it anyway, you really only want to alias once.)
Most of the other tests use external
Some of the possible tests are:
A check_helo_access clause points at a file with one or more SMTP HELO tests. On my server, for instance, anyone that says they're in my domain, or that they're any of my IP addresses, or that they're 127.0.0.1, get immediately bounced. This file is formatted as source and REJECT or OK.
check_recipient_access lets you specify a list where particular recipients will be accepted or rejected; most sites accept postmaster mail unconditionally, as an example. Again source and REJECT or OK.
check_client_access points at a list of IP addresses, with REJECT or OK.
(there are several more possibilities as well, I won't talk about all of them.)
Postfix goes through all the tests listed in its smtpd_recipient_restrictions clause, looking for an OK or a REJECT. If it gets either, it stops further testing, and immediately processes the mail. If it gets no response from any of its tests, it accepts the mail. You could put an explicit deny rule last, if you wanted to reverse that behavior.
I haven't used sendmail in a very long time, so I'm not sure what local-host-names does. If that's 'who can relay through me', that's usually done by setting the my_networks argument, and then using a permit_mynetworks clause in smtpd_recipient_restrictions. That's not normally done through a file lookup, although you could if you wanted.
Aliases and virtual domains are done through
If the source is just a naked word, it's assumed to be a user, and you can redirect mail from one user account to another this way. If the source is user@domain, then only exact address matches will be redirected to the target. And if the source is @domain, it redirects everything from that domain to a specific place.
Some examples:
root useraccount -- redirects from root to that user
test@example.com useraccount -- sends only mail to test@example.com to useraccount. Other addresses are rejected.
@example.com useraccount -- send all mail for example.com that isn't matched by someone else to useraccount. Can be used as a catchall.
Postfix has two concepts for domains.. the main one it serves, and all the rest, which are virtual. If you have a user 'joe', and someone sends mail to 'joe@example.com', joe will only get the mail if that's your primary domain. If it's virtual, joe@example.com will bounce, unless you explicitly set up a redirect.
I suspect the access table is just handled through the tests I
It's not a drop-in replacement, in the sense that it doesn't use the same config files. (You can read postfix files :) ) Unless you have an _extremely_ complex environment, though, it usually won't take very long to write the postfix equivalents to do what you need.
.db format, which lets Postfix do fast queries on them.
:)
The two main configuration files are master.cf and main.cf. Master is the configuration for how the daemons work and talk with one another, and it's used to add in other programs for weird delivery arrangements. For 'normal' mailservers, you probably won't have to mess with that too much. Main.cf, on the other hand, is where you'll do almost all the configuration work... virtually everything goes there.
Stuff that requires lookups, like virtual addresses (the 'virtual' file) or transports (the 'transport' file), is set up in child files, flat text. The 'postmap' program compiles the text files into
You should probably expect to spend a day or two setting up a server the very first time you use it. Nothing is that hard, but it can be a little frustrating figuring out where to look for a given feature. Everything is easy, there's just a lot of it.
Once you have it running, the configuration becomes practically self-documenting, so it's *really* easy to make changes. Sendmail is write-only... you can get it working, come back a week later, and have _no_ idea what you're looking at. Postfix isn't like that... if it works, it will generally be pretty obvious how and why it works. (and it will usually be pretty clear about why things AREN'T working, too.)
If it has a weak point, it's probably that the documentation is rather scattered... expect to do a lot of googling while setting up.
It's really worth the effort. It's one of the best pieces of free software out there. And it's one-time only effort, unlike sendmail.
Oh, and use postgrey to do greylisting.
You fulfilled my .sig's prophecy, by the way. You were correcting my grammar, and you have a misspelling... "grammatically" has two Ms. :)
:)
Error grammar must I make, fulfill prophecy to.
I haven't worked with it much (and milter not at all), but the Postfix equivalent is the 'policy daemon interface'. It's not identical, but quite similar, from what I've read.
Yes, I realize this is too late for those of you running Sendmail now, and please don't take this as criticism for using it.... it's a solid mail program. But it was written when the Net was a much nicer place, and it's proving, once again, that retrofitting security is either very difficult or impossible. For a long time, it seemed like practically every third exploit was for Sendmail... it got pretty frustrating.
The two major alternatives are Qmail and Postfix; Courier is sort of an up-and-comer, but they've had quite a number of security holes in those packages. (of course, that may also be related to the fact that Courier does a lot more than just deliver mail.) Of the three, I prefer Postfix. It's exceedingly solid, very fast, and fairly easy to configure. The initial learning curve is a little steep (mostly because there's about a billion things you can set), but the config files are readable when you're done. You don't have to relearn the whole program every six months. It's also very secure... I'm only aware of two security problems in its entire history. (I don't remember the details, but I think one was minor, and the other was moderately serious.)
QMail is also solid, fast, and secure. But the author has decided that Unix machines should be configured a particular way, with files in particular places, and he uses his code as a weapon to try to force you to do things the way he wants. So I won't run it unless I have to. I don't deny that he's a brilliant coder and forty-eight times smarter than I am, but I refuse to be dictated to.
Postfix can take a beating.. it is Truly Great Software. It will handle any load that Sendmail will handle, it's easier to administer, and the security is better. And, of course, it's truly free... Wietse won't try to make your administration decisions for you.
Yeah, that does make sense. Like it or not, the defense industry isn't quite most others.
... you're right.
If they'd been clueful, they'd have realized that it simply didn't matter... with the source being open, there's no way they could embed a DoD-specific backdoor. But they don't have a clue, which is why they hire other people, I suppose.
I still dislike very much the outcome, but
They're putting down GoDaddy because, most likely, they're doing this because Microsoft offered them a huge wad of cash. Microsoft is buying marketshare.
For parked domains, it's unlikely GoDaddy cares in the least what server is underneath... but you can bet Microsoft does. That should tell you which way the money is flowing in this relationship.
As a system and network admin, security is something I think about quite a bit. As far as I can determine, truly good security people are the best of the best in the computer world. There is _nothing_ in computers as difficult.
As an admin/architect, you need a prodigious memory; you have to know all the software you're deploying, with all its various warts. You have to know your operating systems, and their interactions with your chosen hardware, both system and network. And you have to understand your network layout and be able to troubleshoot.
As a programmer, you need less knowledge and more raw brainpower. You still need to know how other people do things, but a great deal of the job is raw invention on the spot. Knowledge in the programming field tends to be narrow, specialized, and very deep.
As a security person, at least to be a GOOD one, you need all the skills of both fields, plus more besides. You have to be able to audit source code and find weaknesses; you have to be able to probe a network remotely and understand its layout and where its holes are likely to be. Defensively, you have to understand all the possible ramifications and interactions with combinations of software. Offensively, you have to be able to find the holes that nobody else has seen before.
Both programming and sysadminning can lead into security, but if you want to be GOOD, I'd strongly suggest trying to be both. You might want to program first; that's usually harder to break into, and it can be easier to get a job out of college. Admins tend to like experience as much or more than education, so once you have a good degree of programming skill, you can probably branch out and pick up what you need in terms of system administration. You don't necessarily need the day-to-day details, but you do need a very, very deep understanding of _exactly_ what the operating system and programs are _actually_ doing... not just the cruder models most of us tend to use.
It is a very interesting field, but it'll take everything you have and then some just to keep up.
Governments have special restrictions, because they are the government. I repeat: in a free country, one is neither rewarded nor punished by the government for one's political opinions.
In a free country, you're entitled to have any opinion you want, and the government will neither punish nor reward you for it.
Covering your cell phone is definitely important. If it were exposed to RF, it could accidentally function.
This sounds like a solid design effort, worthy of most video game levels.
After all, I see prisons with baggage carousels _all the time_.
Folks, a high gamertag score is NOT an achievement. It's just bullshit marketing.
Don't buy the hype. "Ooh, my number is bigger than yours! I'm better/smarter/faster!"
Turning recursion off is likely to result in lots of support calls from people who are dependent on your servers. A better solution is to deny queries that don't come from trusted hosts.
// we trust 1.2.3.0 not to DoS anyone
First, make an ACL that lists all the IP addresses for which you want to provide general DNS services. These are IP addresses you should trust... any of these can use your server as a DoS attacker.
acl internal { 127.0.0.0/8; 1.2.3.0/24; };
options {
allow-query { internal; };
[...](other options)
};
Then, in the zone definitions for the domains you want to serve to the whole internet:
zone "example.com" {
type master;
file "/path/to/db.example.com";
allow-query {any;};
};
This will explicitly allow you to trust and offer name service resolution to particular entities (like, say, your home network, if you're just an Average Joe, or your netblocks, at an ISP), while explicitly refusing to talk to anyone else about any zones for which you're not authoritative.
You're still vulnerable to DNS-poisoning for non-authoritative domains from internal hosts, but at least in theory, you should be able to track those down and make life painful for the miscreant.
"Right to Work" means different things in different states. In California, it means you can't be held to non-competes.... in general, California is very employee-friendly.
In Georgia (and most of the South), the employer has all the power. Down here, "Right to Work" means "Right to Get Screwed".
Totally wrong, eh? I've been saying "November 2006 in Japan" for months. "March 2007 in the US" MAY have been incorrect on my part, but remember... just six months ago, March 2006 was Sony's "firm" Japan launch date. You'll excuse me if I have some doubts that they will actually launch worldwide in November.
And I stand behind the rest of what I said... trying to be all things to all people is a BAD idea, and trying to match Microsoft's coding prowess is gonna be tough. I think 'gigantic faceplant' is very, very possible here.
As far as being wrong... they'll prove me wrong when I can actually buy hardware. We'll see when that happens.
I don't see anything in that link that really contradicts what I'm saying. They're claiming they won't even have final dev kits until June. They're gonna have to push hard to make a November launch.... and there was NEVER a chance they'd ship in March. They've been lying their heads off to try to get you to hold off buying a 360.
Remember: this is Sony. Sony lies. A lot.
From the rumors that have been floating around, they're trying to make it All Things to All People, which is the surest way to please few of them.
I've been saying here since early January that we wouldn't see the PS3 officially launched in the States until March of 2007 at the earliest. (and to the AC who called me a 'good liddle fanboy', thpppt!)
It's now March of 2006. They do not yet have, to my knowledge, working hardware for the video game end of things. They don't have working Blu-Ray drives, and in fact the specs there are changing. (latest news: no degradation on analog HDTV sets, which is good.) They don't seem to have decided on a final feature set. I think a November launch might still be possible, but it's gonna take a lot of overtime by a LOT of people. And they'll have to decide on their final feature set _right now_ and push like hell to make it happen.
Sony seems to be in defensive mode, beset by rivals. It doesn't feel like they have a unified vision of what the PS3 should be. Rather, at least if you can believe the zeitgeist of the rumor sites, they seem to be in defensive mode, where they claim they'll do everything that all the other consoles do, better. That's not gonna happen. They don't have the time or the manpower to make it happen. If they keep trying, the PS3 is going to be the Duke Nukem Forever of consoles... because the 360 and Revolution will be moving targets. Now that Microsoft has hardware on the ground, new features are just a matter of writing code. If there's one company on the planet who's got expertise in doing that, it's Microsoft.
At this point, I'm not sure that the PS3 will make November. Whenever it does ship, it will be monumentally expensive, but the wealthy Japanese consumers will buy it in droves anyway; it will be successful in Japan. When they ship it in the US, they're not going to be willing to take the enormous financial hit it would take to sell it at $400; they're going to be priced higher than that, maybe a lot higher.
Now, this part gets _really_ speculative. They saw the EBay market for the 360 (many 360s sold at $800+), so I bet they're going to try a very expensive US introduction. And, paradoxically, I think it will be completely rejected as 'too expensive' by the American consumer, even though the _exact same people_ would turn around and spend $800 for one on EBay. It's okay, you see, for the Average Joe to be rapacious and greedy, but when corporations do it, it's "wrong". And I'm not sure Sony will get that.
Even if they're smart and take the financial hit of introducing at $400, I still think they're likely to end up in third place, this time around. The 360 is really solid; it's an excellent machine and they're doing lots of interesting stuff with it. And the Revolution is _really_ interesting; Nintendo is focused on doing stuff that's fun.
This time around, Microsoft shipped a Mustang. It's big, loud, and powerful. Sony is going to ship a Porsche; quieter, a little faster, more expensive. (if they choose to eat the extra cost, that would make it a great deal for the consumer.) Nintendo is going to ship a Miata. They don't win drag-races, but Miatas are cheap and fun to drive.
Overall, I suspect Nintendo has a good chance of being the big winner this time around. They'll do well in all markets. I suspect the 360 will place a solid (and profitable) second.. they'll do really well in the US and Europe, but will be lucky to sell 25 consoles in Japan. Sony will do well in Japan, simply from a combination of brand- and country-loyalty, but I now suspect they'll do a huge faceplant in the US and Europe.
My NVidia machine is my Windows gaming box, so I'm using NVidia's standard Forceware drivers. Instant bluescreen on the Ethernet driver.... intensely frustrating. The KT333 is my Linux server, and I'm annoyed with _that_ because the box is unstable in APIC mode, and I don't get very good throughput on gigabit. But those are separate issues. :)
If that's an accurate reading, something is wrong. You can run stable at those temps, but you should NOT be seeing those on a standard XP 1800+...45C is about as hot as those chips should get, with reasonable air cooling.
The KT133 was terrible. You must not work your computers very hard. The KT133 was a disaster in all respects, and it gave the early Athlons an undeserved bad name. The CPUs were excellent, but the boards were complete shit, no matter who made them. A quick search on Google for KT133 problems shows NINETY THOUSAND hits.
The KT266 and 333 were pretty good as Windows desktops. But I'm using one as a Linux server now, and it's... not great. I have to run it with APIC disabled. Turning on APIC (in recent 2.6 kernels) causes all kinds of problems with software RAID. And I don't get very good throughput; using an Intel gigabit network adapter, I'm lucky to push 150 megabits onto a (very fast) SCSI array. And that's with no other load _at all_. Even pulling or pushing to a tmpfs, the absolute best I can manage is about 200Mb. In theory, I ought to be able to get north of 300 on vanilla PCI, but the chipset doesn't seem to have very good throughput. (this is without jumbo frames, but with a lot of other optimizations on the Linux side; I get similar results from both Windows and Mac gigabit clients.)
NVidia chipsets are pretty good, with the exception of their IDE and Ethernet drivers. The most recent Ethernet drivers instantly bluescreen my DFI Lanparty NF3 250 machine. The older version works, but you have to disable all TCP offloading and firewalling for full stability. WoW in particular does _not_ like offloading. And the IDE driver is slow and buggy... it's best to stick with standard Windows drivers.
That sounds pretty damning, but it's really quite good, other than that. But keep in mind I've only run this board with Windows. The KT333 I mention above worked fine in Windows too, but isn't so hot in Linux.
Intel may be behind in the CPU department, but their chipsets remain the best...extremely solid. In the high end, the NForce4 Professional on Opterons is supposedly good... but for low- to mid-range servers, where I won't be around to check on a system regularly, I'd much rather do Intel.
Then again, I have a personal Intel server with an 865 chipset that's hosted somewhere in Texas. It kernel panics randomly on every version of 2.6.15 I've tried, but is absolutely solid on 2.6.14 and earlier.
Even Intel hardware is no panacea against the crappy 2.6 kernel development process.
It seems like every other day, they promise the PS3 will do something new, cool, and wonderful... any idea that anyone else has, the PS3 will have too! Only better, cooler, faster!
I suspect the PS3 is going to be a disaster... trying to please everyone is one of the surest ways of pleasing nobody at all. You do have to give them credit for one thing, though... they're fighting a great war of words.
Words are cheap, though, so they should be using even more of them. They could get some great press by offering to send out hookers to fellate every customer who pre-orders.
Yeah, it'd be (another) lie, but at least it would be a good one!
(I say, "lying." They say, "marketing." Same thing. *handwave*)
The reason this change was made is simple... it lets the bosses in the patent office, in the words of Dilbert, expand their tiny fiefdoms.
If more things CAN be patented, then more things WILL be patented. That means the patent office needs more people. Supervisors in the government are paid based on how many people they supervise. If they expand the job description of the bureaucracy they manage, that means raises, and eligibility for promotions into even larger fiefdoms.
Next up: patenting biological processes.
Boy, if you wanted any proof that the Starforce people are _serious_ assholes, there it is.