Do you trust a supposedly "experienced" ISP admin to make sure his DNS server is secured, or do you trust yourself enough to make sure your local copy of BIND isn't hacked instead?
Probably neither. I certainly don't see what I've got in place as infallible. I guess the only good thing is that if I find my local copy of BIND has been hacked, I can fix it myself without relying on the folx at the ISP. I do keep BIND behind a firewall, but that pretty much just keeps out the viruses. Any serious hacking could probably breach both the firewall and my server. Maybe I'll install an alarm system....
Perhaps you know of an ORB list that is much more effective and free?
Unfortunately, no. Since I only run a mail server for local traffic, the ORB list isn't of much use. I leave that up to my ISP.
I would not agree that open relays are the primary avenue for spam
Yeah, I agree with you on this point. My big frustration is seeing all the cool new ways to limit spam, and not being able to implement them where I'd like to -- before they hit my Inbox at my ISP, or impact my bandwidth limits for my domain.
And yes, you'd want this particular delay to be as minimal as possible. In the long term, that means Greylisting will have to be a built-in to, or well-formed plug-in for, a mailserver if it is to minimize performance impact.
Agreed. And, of course, this slant on it completely changes the nature of his first question.
According to the text, it was the DHCP servers that were hijacked, so I think my technique would still protect me. However, your point is still valid. If they hijack the DNS server, I'm still in the same boat -- except that I end up locally caching most of my DNS lookups and I tend to hit the same web sites time and time again. In most cases, my provider would find and fix the problem before it nailed me. On the other hand, my local cache could still work against me after the intruder is ejected....
and that blocking open relays isn't significantly effective any longer in reducing spam.
I sort of disagree. I think it's holding down spam levels because it's providing incentives to close up the open relays and forcing spammers to use other techniques. Maybe one day the block lists will be really really small, though.
It delays all incoming emails for a certain amount of time. Unfortunate side effect of the algorithm. Can anyone tell me what the average extra time is?
Read the article. 1 hour.
I am not convinced that most of the spam comes from specialized email applications that can be fooled with a temporarily failure. Can anyone provide numbers on this?
Read the article. They had a 97% success rate.
How does the algorithm adapt when aforementioned email applications adapt to 'greylisting'?
Read the article. You can adjust some of the time values. Also, this spam-reduction method is meant to be used in conjunction with other methods because it reduces the choices available to spammers. Finally, adaptation to get past "greylisting" would still place larger resource burdens on spamhausen.
I see a lot of spam that was probably produced by applications that use an automated signup to yahoo/hotmail/etc. to obtain a temporary email address and leave the actual emailing to those services which will circumvent 'greylisting'.
This one is a good question. I think in most cases this email is only used as the reply-to or forged email address. Thus, the sending MTA would probably still be in the "hands" of the spammer and suffer from the same consequences. If not, yahoo can just use one of the techniques that requires a human to create the email account. (I think they already do).
How much of the total internet traffic is made up of email? What happends of we all install 'greylisting' filters and each email has to be resent several times? Is doubling/tripling the amount of email traffic going to be noticable?
Read the article. The greylist feature provides temporary whitelist for the sending triplet for a default period of 36 days after the first passed email. Excluding list email, which employs some techniques that cause problems with the greylisting idea, "good" email was delayed less than 5% of the time. In most cases, the spammer's MTA doesn't ever send a retry, so there's no double/tripling of spam traffic. Additionally, the temporary block is usually instituted just after the RCPT, so the email message is never actually sent until the block is removed. On their small sample of about 370,000 messages, they estimated a net savings of 1.67GB of traffic.
I bet there are plenty of pissant ISPs in the world with poorly configured DNS servers too
I think I've protected myself from this kind of thing. I've hard-coded the numeric IP addresses for DNS servers. Somebody correct me if I'm wrong and should be worried.
I hate southwest. I came home on leave via them once. Leaving san diego, we were late.
I've had exactly the opposite experience with them. They have always been on time flying out of BWI. What would be interesting would be to see how other airlines faired on that day flying out of San Diego. I used to fly out of Philadelphia all the time, and I believe that in my lifetime I've had all of two flights leave on time.
I sent an e-mail to Vonage asking about this possibility. They told me that while technically feasible, they wouldn't support it. IE, if I have problems, I'm on my own. According to them, the limitation is imposed by the manufacturer of the box. I never pursued it enough to find out exactly why the limitation was there. As I recall, I once had similar recommendations from the phone company for ISDN. I chose to ignore them and wired the entire house to my TA.
their dialup is considered a residential connection, their dsl is considered a high speed business connection.
Interesting. How much do they charge for DSL? I still have "small business" class cable modem, which carries better service at only a few $$$ more than residential. It ends up being equivalent to a T-1.
it's a lot easier and software-licence free to do it using css.
And it only works with CSS1-compliant browsers. This is not a limitation you want when you're trying to convice everybody in John Q. Public that your warped ideas are actually good ones.
Having said that, I think with some work you can get the CSS menus to at least show up as nested lists on non-compliant browsers.
Probably where the cable company isn't a huge monopoly and the telco is.
I can't honestly speak for anywhere but my locale, but here you recieve a static IP with DSL, you have a fixed guaranteed bandwidth rate up and down, it considered a business class connection with equivelent response and support, and it costs the same as cable.
Sounds like business class DSL. Not all DSL providers offer this at reasonable rates. Many do not provide static IP with residential service.
Cable internet on the other hand, has NO guaranteed bandwidth at all, it's 100 people on a t1
This is a vast oversimplification. The "shared" bandwidth is usually much larger than a T-1, and really depends on how the cable company has wired your loop. Some cable companies are even running separate fiber to each house. Lest you put too much stock in DSL, bear in mind that while you may have a dedicated line between you and the CO, from that point on, you may be sharing rather congested lines with others. Obviously, business class customers will fare better.
They also consider it theft if you use a router and nat your connection!
Nonsense. This all depends on the cable company. My cable company allows several computers even on the residential service. They allow double-digits worth on their business class services. Guess how they recommend that you implement. NAT.
You have agreed not to run a server of any kind.
This frequently applies to DSL as well. I checked into it before going with cable modem.
You have a capped upload speed that is slower than your down speed.
You frequently see this on DSL connections, too. Particularly the residential kind.
And for this I'm going to pay about $5/months more than DSL???
Here, the services are about the same in cost.
Is my area an exception or do you really think of a shared consumer grade connection as more stable than a guaranteed business class connection?
Absolutely not. But, you have to compare apples to apples. Compare residential DSL with residential cable modem, and business DSL with business cable modem.
I used to have business class cable modem service, and I was getting 4Mbps downstream and 3Mbps upstream, along with special DNS servers that responded faster than the residential ones. I was quite happy with this arrangement until I no longer needed those kinds of speeds. Service with my carrier has been wonderful -- although I've only had to call them with a problem once in the last couple years.
Wrong. This is a huge deal if you happen to have seen the problem 125m ahead and are taking evasive action other than braking, for example changing lanes or even swerving.
You know, the article doesn't say so, but I'm guessing this puppy is only engaged with cruise control, and is intended as a safeguard against highway hypnosis or simply falling asleep at the wheel. Otherwise, it just doesn't make sense. If you are taking evasive action, you probably don't have your cruise control on. And for last-minute evasive action when cruise control is on, I would guess Honda has already factored that into the device. It can probably detect sharp direction changes. Still, I'd want to be VERY reassured of those safeguards before I employed the technology. Let's wait and see how well the system works in Japan before we slam Honda too much.
But why? the added overhead and trouble involved in WEP and no-broadcast SSID would make a casual user think that it's "safe" and therefore would be more likely to transmit private data over the network than having it wide-open will.
Interesting point, but I disagree. I think the casual user will transmit private data over the network without thinking, regardless of security measures. Although, there's probably a smaller subset of the John Q. Public that would be intelligent enough to realize that they should be careful about what they send.
When a user signs on, all they have to do is install a card, and they're up.
I agree that it's certainly easier if the user doesn't have to mess around with their WLAN settings.
Do you really think that WEP would add anything at all? c'mon, really?
Absolutely. It's kind of like a home security system. You can certainly defeat one if you try, but there are plenty of other houses with no security systems (and no large dogs) that would be much easier targets. Plus, bypassing WEP security will probably make snoopers who are just interested in browsing the web move on to other targets rather than camping out and eating up your bandwidth.
I'm not sure that I understand: are you saying that I should both run WEP etc and not run WEP?
You cited two methods for making wireless computing secure. The first was WEP, which most of us don't trust (and rightfully so). The second was at the application level. I was merely suggesting the possibility of employing both WEP and application-level security. WEP keeps the casual war-drivers from eating up your internet bandwidth, while application-level security puts a much larger stumbling block in front of the more persistent crowd.
While I love the Godelian implications, I have not reached the state of enlightenment such that I can accept A and not-A together.
Perhaps a controlled substance might help with this?:-) (Just a joke -- I don't want to be seen as advocating illegal use of controlled substances).
I wish consumers would focus more of quality rather than cost...after all, if they did, we wouldn't have to deal with Wal-Mart anymore!
Educated consumers do, provided that there isn't a huge difference in cost. If I can pick up Linksys for $99 or pay $299 for a "better" product, I'm going to lean toward the cheaper option. Although, it depends on what I'm looking for.
BTW, since you're concerned about choosing the quality WLAN, do you know of a good comparative review of wireless products? I may be in the market for some more wireless stuff myself.
Because in an economy where technology has been struggling until recently, it's nice to see increased demand and spending for something, even if it was widely expected. Plus, seeing Linksys rise to the top was a bit interesting, as well as the blurb on Cisco buying Linksys. Also, I appreciated the list of other "top" vendors, as it gives me some to compare in the coming months. And finally, everybody was complaining about the hourly SCO updates./. editors had to put something else in.:-)
How do we get RTFA stupidness when it's Ask Slashdot and we don't have an FA to even have to click to?
We didn't.
A company I work for (in the U.S.A.) had submitted a statement of work to a client, who waited for a month before signing the work order.
I interpret this to mean that the work order is now signed. If you read the rest of the text, it implies that they started the work thinking that their clock started from the signing of the work order and are now getting pressure from the client to finish by the original agreed upon date. This means that the project is already in progress and it's probably far too late to enlist new resources.
The more logical thing to do would be to hire some more temorary workers to create the needed man hours, but of course that'd cost the company money....
Spoken like a true manager. Could you send us a picture of your pointy hair?:-) If you haven't already done so, might I suggest reading "The Mythical Man-month" by Frederick P. Brooks, Jr? Throwing additional workers at the problem this late in the game is likely to get things even more behind. Although, I agree with several other assessments that continuous 7x12 work will also probably have a negative impact on the project. Now, if only they had added the month of Flubuary right in between February and March earlier on in the project, they wouldn't have had to work so hard....:-)
Slashdot Mirror
And furthermore, they aren't even guaranteed to be unique.
Probably neither. I certainly don't see what I've got in place as infallible. I guess the only good thing is that if I find my local copy of BIND has been hacked, I can fix it myself without relying on the folx at the ISP. I do keep BIND behind a firewall, but that pretty much just keeps out the viruses. Any serious hacking could probably breach both the firewall and my server. Maybe I'll install an alarm system....
Unfortunately, no. Since I only run a mail server for local traffic, the ORB list isn't of much use. I leave that up to my ISP.
I would not agree that open relays are the primary avenue for spam
Yeah, I agree with you on this point. My big frustration is seeing all the cool new ways to limit spam, and not being able to implement them where I'd like to -- before they hit my Inbox at my ISP, or impact my bandwidth limits for my domain.
Agreed. And, of course, this slant on it completely changes the nature of his first question.
According to the text, it was the DHCP servers that were hijacked, so I think my technique would still protect me. However, your point is still valid. If they hijack the DNS server, I'm still in the same boat -- except that I end up locally caching most of my DNS lookups and I tend to hit the same web sites time and time again. In most cases, my provider would find and fix the problem before it nailed me. On the other hand, my local cache could still work against me after the intruder is ejected....
I sort of disagree. I think it's holding down spam levels because it's providing incentives to close up the open relays and forcing spammers to use other techniques. Maybe one day the block lists will be really really small, though.
Read the article. 1 hour.
I am not convinced that most of the spam comes from specialized email applications that can be fooled with a temporarily failure. Can anyone provide numbers on this?
Read the article. They had a 97% success rate.
How does the algorithm adapt when aforementioned email applications adapt to 'greylisting'?
Read the article. You can adjust some of the time values. Also, this spam-reduction method is meant to be used in conjunction with other methods because it reduces the choices available to spammers. Finally, adaptation to get past "greylisting" would still place larger resource burdens on spamhausen.
I see a lot of spam that was probably produced by applications that use an automated signup to yahoo/hotmail/etc. to obtain a temporary email address and leave the actual emailing to those services which will circumvent 'greylisting'.
This one is a good question. I think in most cases this email is only used as the reply-to or forged email address. Thus, the sending MTA would probably still be in the "hands" of the spammer and suffer from the same consequences. If not, yahoo can just use one of the techniques that requires a human to create the email account. (I think they already do).
How much of the total internet traffic is made up of email? What happends of we all install 'greylisting' filters and each email has to be resent several times? Is doubling/tripling the amount of email traffic going to be noticable?
Read the article. The greylist feature provides temporary whitelist for the sending triplet for a default period of 36 days after the first passed email. Excluding list email, which employs some techniques that cause problems with the greylisting idea, "good" email was delayed less than 5% of the time. In most cases, the spammer's MTA doesn't ever send a retry, so there's no double/tripling of spam traffic. Additionally, the temporary block is usually instituted just after the RCPT, so the email message is never actually sent until the block is removed. On their small sample of about 370,000 messages, they estimated a net savings of 1.67GB of traffic.
I think I've protected myself from this kind of thing. I've hard-coded the numeric IP addresses for DNS servers. Somebody correct me if I'm wrong and should be worried.
I've had exactly the opposite experience with them. They have always been on time flying out of BWI. What would be interesting would be to see how other airlines faired on that day flying out of San Diego. I used to fly out of Philadelphia all the time, and I believe that in my lifetime I've had all of two flights leave on time.
I sent an e-mail to Vonage asking about this possibility. They told me that while technically feasible, they wouldn't support it. IE, if I have problems, I'm on my own. According to them, the limitation is imposed by the manufacturer of the box. I never pursued it enough to find out exactly why the limitation was there. As I recall, I once had similar recommendations from the phone company for ISDN. I chose to ignore them and wired the entire house to my TA.
Interesting. How much do they charge for DSL? I still have "small business" class cable modem, which carries better service at only a few $$$ more than residential. It ends up being equivalent to a T-1.
And it only works with CSS1-compliant browsers. This is not a limitation you want when you're trying to convice everybody in John Q. Public that your warped ideas are actually good ones.
Having said that, I think with some work you can get the CSS menus to at least show up as nested lists on non-compliant browsers.
Which is worse: that the parent poster doesn't know this, or that we do? :-)
I may do so when they start allowing me to connect every handset in the house to one service.
Probably where the cable company isn't a huge monopoly and the telco is.
I can't honestly speak for anywhere but my locale, but here you recieve a static IP with DSL, you have a fixed guaranteed bandwidth rate up and down, it considered a business class connection with equivelent response and support, and it costs the same as cable.
Sounds like business class DSL. Not all DSL providers offer this at reasonable rates. Many do not provide static IP with residential service.
Cable internet on the other hand, has NO guaranteed bandwidth at all, it's 100 people on a t1
This is a vast oversimplification. The "shared" bandwidth is usually much larger than a T-1, and really depends on how the cable company has wired your loop. Some cable companies are even running separate fiber to each house. Lest you put too much stock in DSL, bear in mind that while you may have a dedicated line between you and the CO, from that point on, you may be sharing rather congested lines with others. Obviously, business class customers will fare better.
They also consider it theft if you use a router and nat your connection!
Nonsense. This all depends on the cable company. My cable company allows several computers even on the residential service. They allow double-digits worth on their business class services. Guess how they recommend that you implement. NAT.
You have agreed not to run a server of any kind.
This frequently applies to DSL as well. I checked into it before going with cable modem.
You have a capped upload speed that is slower than your down speed.
You frequently see this on DSL connections, too. Particularly the residential kind.
And for this I'm going to pay about $5/months more than DSL???
Here, the services are about the same in cost.
Is my area an exception or do you really think of a shared consumer grade connection as more stable than a guaranteed business class connection?
Absolutely not. But, you have to compare apples to apples. Compare residential DSL with residential cable modem, and business DSL with business cable modem.
I used to have business class cable modem service, and I was getting 4Mbps downstream and 3Mbps upstream, along with special DNS servers that responded faster than the residential ones. I was quite happy with this arrangement until I no longer needed those kinds of speeds. Service with my carrier has been wonderful -- although I've only had to call them with a problem once in the last couple years.
Yeah, and I bet you think all the fighting should be removed from ice hockey, too. :-)
After all, you are what you eat. :-)
You know, the article doesn't say so, but I'm guessing this puppy is only engaged with cruise control, and is intended as a safeguard against highway hypnosis or simply falling asleep at the wheel. Otherwise, it just doesn't make sense. If you are taking evasive action, you probably don't have your cruise control on. And for last-minute evasive action when cruise control is on, I would guess Honda has already factored that into the device. It can probably detect sharp direction changes. Still, I'd want to be VERY reassured of those safeguards before I employed the technology. Let's wait and see how well the system works in Japan before we slam Honda too much.
Interesting point, but I disagree. I think the casual user will transmit private data over the network without thinking, regardless of security measures. Although, there's probably a smaller subset of the John Q. Public that would be intelligent enough to realize that they should be careful about what they send.
When a user signs on, all they have to do is install a card, and they're up.
I agree that it's certainly easier if the user doesn't have to mess around with their WLAN settings.
Do you really think that WEP would add anything at all? c'mon, really?
Absolutely. It's kind of like a home security system. You can certainly defeat one if you try, but there are plenty of other houses with no security systems (and no large dogs) that would be much easier targets. Plus, bypassing WEP security will probably make snoopers who are just interested in browsing the web move on to other targets rather than camping out and eating up your bandwidth.
You cited two methods for making wireless computing secure. The first was WEP, which most of us don't trust (and rightfully so). The second was at the application level. I was merely suggesting the possibility of employing both WEP and application-level security. WEP keeps the casual war-drivers from eating up your internet bandwidth, while application-level security puts a much larger stumbling block in front of the more persistent crowd.
While I love the Godelian implications, I have not reached the state of enlightenment such that I can accept A and not-A together.
Perhaps a controlled substance might help with this? :-) (Just a joke -- I don't want to be seen as advocating illegal use of controlled substances).
Educated consumers do, provided that there isn't a huge difference in cost. If I can pick up Linksys for $99 or pay $299 for a "better" product, I'm going to lean toward the cheaper option. Although, it depends on what I'm looking for.
BTW, since you're concerned about choosing the quality WLAN, do you know of a good comparative review of wireless products? I may be in the market for some more wireless stuff myself.
Because in an economy where technology has been struggling until recently, it's nice to see increased demand and spending for something, even if it was widely expected. Plus, seeing Linksys rise to the top was a bit interesting, as well as the blurb on Cisco buying Linksys. Also, I appreciated the list of other "top" vendors, as it gives me some to compare in the coming months. And finally, everybody was complaining about the hourly SCO updates. /. editors had to put something else in. :-)
Have you considered doing both? Then, any teenager who is persistent enough to crack the security should feel free to surf the web.
We didn't.
A company I work for (in the U.S.A.) had submitted a statement of work to a client, who waited for a month before signing the work order.
I interpret this to mean that the work order is now signed. If you read the rest of the text, it implies that they started the work thinking that their clock started from the signing of the work order and are now getting pressure from the client to finish by the original agreed upon date. This means that the project is already in progress and it's probably far too late to enlist new resources.
Spoken like a true manager. Could you send us a picture of your pointy hair? :-) If you haven't already done so, might I suggest reading "The Mythical Man-month" by Frederick P. Brooks, Jr? Throwing additional workers at the problem this late in the game is likely to get things even more behind. Although, I agree with several other assessments that continuous 7x12 work will also probably have a negative impact on the project. Now, if only they had added the month of Flubuary right in between February and March earlier on in the project, they wouldn't have had to work so hard.... :-)