Or, if you're not willing to sacrifice (or mess with) your MDA, check out ASK. It does about the same thing and works with sendmail, procmail, qmail, etc.
ASK is a system similar to yours with some tweaks: If you send someone email, and they reply to it, leaving in your.sig, they are automatically whitelisted.
It is my understanding that case makes a huge difference for other character sets. I'm afraid that I have no evidence to point at, but I've been told this by several people, so it MUST be true.
How are they supposed to know which ones to restart?
Or you're suggesting that I simply restart the ones I need to - how do I know the ones to restart?
You'll note another post I made, FreeBSD suggests you recompile the whole system (before rebooting). I don't know where SUN's update page is for this one, but I bet they recommend a restart, too.
The bottom line is: if you feel confident restarting some demons and leaving the rest, Apple isn't stopping you. The truth is, this was a VERY BIG fix to some of the core OS functionality - authentication, after all!
Bottom line: if YOU are serious about stability and reliability, you have a set of failover servers, anyway. Reboot them sequentially. Heck, you probably do that already, don't you?
Are tiny Apple security updates really Slashdot material?
The Apple update is not the most interesting part of this article. The most interesting part is what they DO NOT make you do. I'm beginning to really doubt my OS choice for a server. From the FreeBSD update on the same issues: ### Subject: FreeBSD Security Advisory FreeBSD-SA-02:33.openssl [REVISED]... === FreeBSD-SA-02:33.openssl Security Advisory The FreeBSD Project
2) To patch your present system: The following patch has been verified to apply to FreeBSD 4.4, 4.5, and 4.6 systems. ... c) Recompile the operating system as described in http://www.freebsd.org/doc/handbook/makeworld.html. ###
Recompile THE WHOLE DAMN OS.
To fix your OSX Server... Grab the update from apple and reboot.
I've switched for my desktop - time to think about the server, too.
Steve is disassociating their handwriting software from a system that flopped LONG AGO. Most people don't know what a newton was. Those that do, know it flopped. Never mind the reasons or how great it was - it flopped. End of story.
The only folks that care that it was based on that tech are a few (very few) newton fans. Face it, as a marketing bullet, "newton tech" is at best salt shot.
OSX is, essentially, OpenStep 6.0 + Aqua (window system) + Carbon (Mac Apps) on Apple hardware. OpenStep ran on all kinds of hardware, including Intel. Aqua is new, and I'm sure written with an eye toward porting. Carbon once ran (somewhat) on Intel (I forget the codename of that one), and certainly it's far more portable now that it is just a set of libraries and not 'the whole OS stack'.
OK, so the Dual Processor machines are sweet (I'm typing from one), but so are the TiBooks! They are PLENTY fast enough for just about any dev work (though maybe upgrade the disk (after market)).
Plug in a monitor, and you're dual-headed.
Plug in a USB keyboard & mouse, and you're feeling like a desktop.
The only downside to the TiBooks is that you don't get FANTASTIC airport reception, like the iBooks do...
I forge my spam to appear to be coming from a mailing list. Abra-Cadabra, your filter is useless...
No, it lands in the Junk box, which is where mailing list mail goes unless you tell ASK about that list.
If you don't and misconfigure ASK so that it does autoreply to mailing lists...
ASK does not reply to mailing lists.
Or, if everyone has procmail that auto-replies to ASK challenges, I forge my spam to appear to be coming from someone who uses ASK... You'll bounce a reply to them who'll autoreply back to you, and the spam goes through.
I'll worry about that when it happens. Probably just cross-check for the References: tag and make sure the confirmation verification is from the same place as the confirmation was sent. Do you have any more suggestions?
Thats why ASK won't work..
Works great.
Well, I'll treat their words with the same respect they treat mine, and bitbucket them.
ASK doesn't bitbucket. It verifies the sender's intent.
Now, tell me what would happen if everyone ran that program?
"everyone" would read less spam.
Would mailing list posts get through automatically?
Essentially, yes.
Or would this thing post to the mailing list asking for confirmation? Or would each sender on the mailing list be asked to 'authenticate' their post?
Absolutely not.
Also, how would you like to, every other time you sent an email, have to handle a braindead acknowledgement.
If you reply to one of my email, and you include my footer, you'll automatically be whitelisted and never know I use ASK. If you send me mail once and confirm, you'll be whitelisted, and never see it again.
...Hell, in that case, I'd hack my outgoing queue to send a test message first, to confirm that the person doesn't have this sort of crap, and if they do, I'd not bother to contact them for any reason.
Tell you what -- why don't you do something a bit more helpful and write a procmail that automatically replies to an ASK challenge? Virtually all spammers supply a bogus (failing) address, so I'd be happy to see this.
I do not, can not, and refuse to accept that as a solution. Anyone who does use it (so far, nobody that I know), will be procmailed into the bitbucket without question.
I guess if "everyone" starts using ASK, you'll do a lot less email correspondence.
I think that IBM's exit is about more than the marketplace being competative. I think it's about the marketplace being dead. Think about it: how much did you spend on your first 256M HD? How much does a 256M USB NVRAM "drive" cost today?
My bet is that IBM is dumping this business because it's going the way of the tape drive. Yeah, still useful for LARGE amounts of data, but it looks like it should be easy to build NVRAM drives for damn cheap, and that have a MTBF that's longer than most of us will live.
How much would it cost to build a 20G NVRAM drive that performs 10x better than a platter?
I think they mean "OS X runs like a snail when it has too little RAM." It runs VERY nicely on my iBook with 640M. If you're doing any kind of dev work, you want more than 256M.
I got my extra RAM from a 3rd party vendor so as to avoid the apple-tax.
That's a terrible analogy. Why is spam 'noise'? Just because you don't want to see it? If that's the case, how is forwarding spam to spamcop any different than trying to apply a filter to a signal to try to cut out the noise?
As for fixing the problem of spam via email, I use ASK, which has fixed the problem for me (to the tune of 99.9%).
When Apple redesigns their laptop motherboards to use built-in USB keyboards, instead of built-in ADB keyboards, they will have fixed the problem. They have not yet done so.
I don't get it. How will that help?
If that's really what's holding you back (and I doubt it is): check this out
Slashdot Mirror
I imagine it would see 'lisp' a bunch of times and let it through.
Or, if you're not willing to sacrifice (or mess with) your MDA, check out ASK. It does about the same thing and works with sendmail, procmail, qmail, etc.
A-S-K
I'd go one step further. All you need is a good mailto link with a magic subject or body:
mail me
ASK is a system similar to yours with some tweaks: .sig, they are automatically whitelisted.
If you send someone email, and they reply to it, leaving in your
Mailing lists are handled automagically.
Check it out:
http://a-s-k.sf.net
It is my understanding that case makes a huge difference for other character sets. I'm afraid that I have no evidence to point at, but I've been told this by several people, so it MUST be true.
How are they supposed to know which ones to restart?
Or you're suggesting that I simply restart the ones I need to - how do I know the ones to restart?
You'll note another post I made, FreeBSD suggests you recompile the whole system (before rebooting). I don't know where SUN's update page is for this one, but I bet they recommend a restart, too.
The bottom line is: if you feel confident restarting some demons and leaving the rest, Apple isn't stopping you. The truth is, this was a VERY BIG fix to some of the core OS functionality - authentication, after all!
Bottom line: if YOU are serious about stability and reliability, you have a set of failover servers, anyway. Reboot them sequentially. Heck, you probably do that already, don't you?
Are tiny Apple security updates really Slashdot material?
...
...
...l .
The Apple update is not the most interesting part of this article. The most interesting part is what they DO NOT make you do. I'm beginning to really doubt my OS choice for a server. From the FreeBSD update on the same issues:
###
Subject: FreeBSD Security Advisory FreeBSD-SA-02:33.openssl [REVISED]
===
FreeBSD-SA-02:33.openssl Security Advisory The FreeBSD Project
Topic: openssl contains multiple vulnerabilities
2) To patch your present system:
The following patch has been verified to apply to FreeBSD 4.4, 4.5, and 4.6 systems.
c) Recompile the operating system as described in
http://www.freebsd.org/doc/handbook/makeworld.htm
###
Recompile THE WHOLE DAMN OS.
To fix your OSX Server... Grab the update from apple and reboot.
I've switched for my desktop - time to think about the server, too.
Because you could be running any number of demons that were linked to these libraries.
apache
sshd
stunnel
To name 3 that I'm running. Note that Apple only knows about 2 of these. Rebooting is the right thing to do in this case.
It did not achieve marketshare.
Steve must really hate the Newton...
Steve is disassociating their handwriting software from a system that flopped LONG AGO. Most people don't know what a newton was. Those that do, know it flopped. Never mind the reasons or how great it was - it flopped. End of story.
The only folks that care that it was based on that tech are a few (very few) newton fans. Face it, as a marketing bullet, "newton tech" is at best salt shot.
OSX is, essentially, OpenStep 6.0 + Aqua (window system) + Carbon (Mac Apps) on Apple hardware. OpenStep ran on all kinds of hardware, including Intel. Aqua is new, and I'm sure written with an eye toward porting. Carbon once ran (somewhat) on Intel (I forget the codename of that one), and certainly it's far more portable now that it is just a set of libraries and not 'the whole OS stack'.
I also plan on picking up Objective C along with making some GUI toys for XML authoring I've been tinkering with on Linux using QT.
Chuckle. Maybe you'd better keep away from "cocoa". Once you start using ObjC and InterfaceBuilder, it's REAL hard to go back...
OK, so the Dual Processor machines are sweet (I'm typing from one), but so are the TiBooks! They are PLENTY fast enough for just about any dev work (though maybe upgrade the disk (after market)).
Plug in a monitor, and you're dual-headed.
Plug in a USB keyboard & mouse, and you're feeling like a desktop.
The only downside to the TiBooks is that you don't get FANTASTIC airport reception, like the iBooks do...
I forge my spam to appear to be coming from a mailing list. Abra-Cadabra, your filter is useless...
No, it lands in the Junk box, which is where mailing list mail goes unless you tell ASK about that list.
If you don't and misconfigure ASK so that it does autoreply to mailing lists...
ASK does not reply to mailing lists.
Or, if everyone has procmail that auto-replies to ASK challenges, I forge my spam to appear to be coming from someone who uses ASK... You'll bounce a reply to them who'll autoreply back to you, and the spam goes through.
I'll worry about that when it happens. Probably just cross-check for the References: tag and make sure the confirmation verification is from the same place as the confirmation was sent. Do you have any more suggestions?
Thats why ASK won't work..
Works great.
Well, I'll treat their words with the same respect they treat mine, and bitbucket them.
ASK doesn't bitbucket. It verifies the sender's intent.
Now, tell me what would happen if everyone ran that program?
...Hell, in that case, I'd hack my outgoing queue to send a test message first, to confirm that the person doesn't have this sort of crap, and if they do, I'd not bother to contact them for any reason.
"everyone" would read less spam.
Would mailing list posts get through automatically?
Essentially, yes.
Or would this thing post to the mailing list asking for confirmation? Or would each sender on the mailing list be asked to 'authenticate' their post?
Absolutely not.
Also, how would you like to, every other time you sent an email, have to handle a braindead acknowledgement.
If you reply to one of my email, and you include my footer, you'll automatically be whitelisted and never know I use ASK. If you send me mail once and confirm, you'll be whitelisted, and never see it again.
Tell you what -- why don't you do something a bit more helpful and write a procmail that automatically replies to an ASK challenge? Virtually all spammers supply a bogus (failing) address, so I'd be happy to see this.
I do not, can not, and refuse to accept that as a solution. Anyone who does use it (so far, nobody that I know), will be procmailed into the bitbucket without question.
I guess if "everyone" starts using ASK, you'll do a lot less email correspondence.
Someone suggested spamassassin, but I really like ASK
At least I can't make a windows machine stable enough to run Neverwinter or my brain would be toast
Hey, Taco, get a Mac.
I think that IBM's exit is about more than the marketplace being competative. I think it's about the marketplace being dead. Think about it: how much did you spend on your first 256M HD? How much does a 256M USB NVRAM "drive" cost today?
My bet is that IBM is dumping this business because it's going the way of the tape drive. Yeah, still useful for LARGE amounts of data, but it looks like it should be easy to build NVRAM drives for damn cheap, and that have a MTBF that's longer than most of us will live.
How much would it cost to build a 20G NVRAM drive that performs 10x better than a platter?
If that's really what's holding you back (and I doubt it is): check this out
I think they mean "OS X runs like a snail when it has too little RAM." It runs VERY nicely on my iBook with 640M. If you're doing any kind of dev work, you want more than 256M.
I got my extra RAM from a 3rd party vendor so as to avoid the apple-tax.
That's a terrible analogy.
Why is spam 'noise'? Just because you don't want to see it? If that's the case, how is forwarding spam to spamcop any different than trying to apply a filter to a signal to try to cut out the noise?
As for fixing the problem of spam via email, I use ASK, which has fixed the problem for me (to the tune of 99.9%).
I always found IPSEC to be FAR more trouble than it was worth. I use VTUN, with seems to be much easier.
Also, I hear OpenVPN is good.
When Apple redesigns their laptop motherboards to use built-in USB keyboards, instead of built-in ADB keyboards, they will have fixed the problem. They have not yet done so.
I don't get it. How will that help?
If that's really what's holding you back (and I doubt it is): check this out
Actually, sshd (which is what is needed to connect to the machine) is in /usr/sbin
It's not the ssh terminal opening up on OSX that does it. Heck, you could probably ssh from DOS.
/usr/bin :-)
It's ssh'ing TO the iBook and doing an
ls
that brings a smile to my face!!!