Because the race conditions that exist in many OSs are not fixable by its users but are fixable by the software that you do have source for. From what I can tell, qmail has more patches out there than any other MTA and I'm guessing they were written for a reason.
But have you noticed the qualifiers? Sendmail works around bugs in the OS (and most of the CERT warnings involving sendmail are because of OS related issues and other delivery programs, not the sendmail core).
How many of the race conditions fixed in sendmail and apache exist today in qmail? Does qmail work around any linux kernal problems?
Problem is this guy is in a country where even if they threw the book at him they would let him off because the thought of having the book thrown at him would be too stressful.
But I'm willing to put up NZ$1000 of my very own money to get this guy in front of the courts and the reporter that turned him in will make sure it stays news.
This guy has costs Kiwi businesses millions of dollars in bandwidth costs. He sells illegal drugs. He advertises adult items to children. There ought to be something to bust him on.
He claims he has reformed but if he had, he would be naming his associates.
That syas if 50% of them fail in the 1st year, 50% of them could fail in year 20. I've got several drives that have been running for more than a decade.
Christchurch is a small town and I will run into the jerk at some time in the future and he owes me for every mesage my spam filters had to nuke. He better name every one of his "associates" and do it soon.
Also I'll put up NZ$500 for the 1st person that can provide information to the proper authorites that leads to his arrest and jail time for this jerk. He broke NZ law by selling unlicensed drugs. If you want to claim it, get in touch with me. Any chance we can get this guy extradited someplace where he won't get a slap on the wrist? Maybe the US where peddling adult products to minors as well as selling illegal drugs will show the world that spaming is a bad idea.
A grad student that used to work in the same computer lab that I did would disagree with you. He was paid about $50 for each new virus he turned in. Everytime he needed a bit of cash a new virus was born.
The sequent system was closer to the Unix version 10 (used in phone switches) than sys V R 1->5. SCO never got the rigths to the phone switch unix. SCO is playing stupid games with the biggest patent holders in the world. If for some strange reason SCO wins aginst IBM, IBM will simply say "ok we owe you $X billion but we would like to talk about how your going to pay for the licenses for some of our patents".
There seems to be a very strong correlation between zip codes where the mail boxes are in a central location and not on the houses and id theft rates. Most places where the mail boxes are on houses have very low counts of ID theft while places where everybodys mail box is in a cluster have very high rates of ID theft. I'm guessing people find it easier to pick up someone elses mail when they don't have to walk up to someone elses house.
The USPS keeps raising the rates but can't get someone to walk the route in all new areas?
Why do you think the banks want you to use your Visa Check card? Its so you sit on the liability till its settled adn not them. Either way, in the end the merchant that took the bad card pays. Its jsut a matter of who hold the liability until it gets worked out. I prefer that the bank does. I don't use debit cards that work though the credit card system.
That size can be put back together and its not hard. You start by scaning all the bits and you then generate a run length encoded version of the outside of each rectangle. Then you sort all the bits by their encoded RL and that tells you which bits go next to what other bits. You need a rectangle size that is smaller than the empty white space between lines. It also needs to cut rectangles, not polygons or else there are other clues to put stuff back together. Real document destrucion requires smaller than 1mm x 1mm.
Go ask your company accountant about what an asset is worth if it can't be resold for its intended purpose. What this means is that expensive cisco grear that is being deprecated over 5 years is fraud (the kind your CEO can get thrown in jail for). The device only has scrap value once you open the box so it must be deprecated in one tax year. What does this make MCI worth seeing how much cisco gear they own and no one in their right mind would buy all of them.
Your idea might just be a workable compromise to the extreeme that the founders copyright people are going for.
Up until the 1970's any copyright book could be found at a library if it wasn't still in the bookstores. Some times it took some hunting or an interlibrary loan but you could get your hands on just about any book that was still in copyright. About the only thing that didn't fit that was movies. Copyright for software doesn't work well over the long term when a product is no longer supported. In some ways patent law would be a better match to protect the consumers and software creators but with the US patent office being so incompetent, thats not a fix either.
Have you seen the price of automatic blinds? They need to be closed at night to keep the stupid street lights out and open when the sun comes up. Thats tricky with the $6 wal-mart blinds.
Starlight is enough light for humans to walk by if they haven't been oever sensitized to bright lights. Just remember it takes 1/2 hr for the rods of your eyes to readjust after they have been flooded with too much light.
A guy that works at the local pub has created a very nice book on Napal. Some how he got the idea that he would try to get enough orders by sending out email and he found an opt-in company that had a list of people that would be interested the topick. They charged him nearly $5000 to send the spam to something like 100,000 people. I told him it was a scam as soon as he told me about it but he had already wire the money to a place in Floridia. Their test run of 100 got nearly 100 people to visit his web site comparted to the average of about 13 a day. Just after the spam went out he hit nearly 20 on one day. The result is $5000 into a spamers pocket and I'm not sure they even sent out any spam.
A few days ago I found out a guy at work is spaming usenet. Claims only one message a month per group. When did that become acceptable? I told him if I ever see one of his ads in a group I run, I'll break into his server and destory it. Considering he comes around to ask us BOFHs for security advice and we keep pointing out why things are wide open, he understands the threat is real and I think he has seen the light. If I've run into two real spamers that don't have a clue in the past few months, how many are there running around? I think too many and may mailbox agrees.
This looks like the MP3 player I just got for AU$200 (US$130). Teh only place I listen to MP3s anymore is in the car and for some reason the car has a cassette deck. I've got a cheap walkman to cassette adapters but it makes me wonder why someone hasn't made an mp3 player the right size to fit in a car radio. With the right sensors, you could trun the tape direction control into a skip to the next one, and turn off when the caspin stops spining. That way I could take the MP3 player in to the house, load it full of stuff and when it was in the car, it would work like a smart cassette.
Been there, done that.
on
Replacing SMTP?
·
· Score: 3, Informative
There is a solution on the table and US law that requires the US government to use it. Its called X.400 and it is a mess. For a start you have to register your server and that used to cost something like $25,000 or maybe $40,000 for businesses. The Gossip program for gov email requires all email systems to migrate to this x.400 nonsense but I manged to get them to allow a migration path through SMTP (the others were worse and the only two that were even consididered that worked were SMTP and UUCP). The only encrytion addon for sendmail happens to be a result of work that started from encrypting x.400 stuff.
If you want to fire up your own X400 server to play with, grab isode and try to get it to compile on your machine without gagging if you can. Its one nasty bit of bad code.
SMTP isn't that broken. It works for about a billion people. Any attempt to "fix" it will break it for way too many of them.
After looking through the posts here (most of the +5 should be -5 Stupid), its clear that most of the experts don't understand email in the real world.
Encryption: The 1st tings is email must be interceptable. Many governments won't allow high level encryption that isn't full of holes that allow them to play pack recorded streams. Most large email servers can't deal with the CPU load of full encryption anyway so 100% solid encryption is out.
Authentication: Authenticating the server is very importaint to many sites. Once you start doing some level of encryption, you need to make sure you know who your connecting to.
Authenticating the client is the where spam issue comes from. There are many ways to do this but none of them are being done and none of them work 100% (which is why none of them work)
There is no way of knowing of a new business is a spamer or not. Therefore there is no way to filter out spamers that have enough cash to hook up to new ISPs all the time. (there are some stupid ideas like charging--my isp is rich enough, forcing all email out--my isp's mail server is up 100% doesn't understand MX,I can run my own server and it works so why chnage?)
reverse MX record checks only work if you can trust the ISP to get reverse dns working correctly and they won't deligate it to a spam house. The other choice is a verisgn like company to whitelist everyone or some sort of distributed whitelist (which the spamers will try to hack into)
As far as fixes: The solution is patch sendmail, qmail, postfix, exim to understand email on port 26 (pointed to by a srv record) and if mail comes in on the new port, then it must be checked with a reverse MX record or its dropped. Get the clients to stop handing off email on port 25 (sendmail allows port 587 for that) Use something like the SSH transport layer to encrypt (i.e. set up the encrypted channel 1st and then figure out whos talking). Add a new smtp verify_message command so I can ask another server "did you send me messages Xcxczxczqweczx?". Patches for all 4 systems must come out at the same time but be tested aginst each other. The when an ISP figures enough of its mail comes in on something other than 25, kill port 25 forever. That will kill all the proxies and all the old email gateways that haven't been updated in years.
Or save up your money and buy your self an X.400 gateway license adn tell all your friends about your cool new email address with all thouse nice slashes and no @.
I applied for a job with GTE in Floridia. They did the piss test before the interview.
I got a call a few days later saying they lost the results and need me to come back for another test. GTE was even willing to pay for another flight down for the piss test. I should have had them send me the palen ticket and not shown up for the test. Free vaction to FLa.
I know 40 Aussies that went through SARS HK just because there are too many horror stories about people from a country (that happens to be the US's best ally) get treated like shit by the US. I figure the people I know is about $40,000 or a typical airline employee pay for a year. If the Aussies as telling the US travel business to F*ck off, then the US travel industry has as major problem.
Also why do airline tickets have the plane depatrure time? There are only two people on the plane that care what time it will leave and they get the front two seats. Everyone one else cares about what time they need to be there to check in. No other time matters to them.
The airlines that do the stupid tricks to get business passengers to pay more are also seem to have problems. The ones that do flat rate are doing very good. Why are the US tax payers bailing out stupid business models?
I have a pilots license so do I don't have to play the stupid airline games anymore (for now)
Early CDs (1986 or so) were sometimes 12 bits are rearly more than 14 in a 16 bit frame. Rip one your self and see all thouse nice 0's....
The offical CD track format can be any reasonable number of bits from about 7 to 22 not just 16. I'm supprised the record compaines haven't gone to 22 bit just to stop the rippers.
Slashdot Mirror
Because the race conditions that exist in many OSs are not fixable by its users but are fixable by the software that you do have source for. From what I can tell, qmail has more patches out there than any other MTA and I'm guessing they were written for a reason.
your mail box users are real users on your box? why?
Qmail has a guarantee
But have you noticed the qualifiers? Sendmail works around bugs in the OS (and most of the CERT warnings involving sendmail are because of OS related issues and other delivery programs, not the sendmail core).
How many of the race conditions fixed in sendmail and apache exist today in qmail? Does qmail work around any linux kernal problems?
Problem is this guy is in a country where even if they threw the book at him they would let him off because the thought of having the book thrown at him would be too stressful.
But I'm willing to put up NZ$1000 of my very own money to get this guy in front of the courts and the reporter that turned him in will make sure it stays news.
This guy has costs Kiwi businesses millions of dollars in bandwidth costs. He sells illegal drugs. He advertises adult items to children. There ought to be something to bust him on.
He claims he has reformed but if he had, he would be naming his associates.
That syas if 50% of them fail in the 1st year, 50% of them could fail in year 20. I've got several drives that have been running for more than a decade.
Christchurch is a small town and I will run into the jerk at some time in the future and he owes me for every mesage my spam filters had to nuke. He better name every one of his "associates" and do it soon.
Also I'll put up NZ$500 for the 1st person that can provide information to the proper authorites that leads to his arrest and jail time for this jerk. He broke NZ law by selling unlicensed drugs. If you want to claim it, get in touch with me. Any chance we can get this guy extradited someplace where he won't get a slap on the wrist? Maybe the US where peddling adult products to minors as well as selling illegal drugs will show the world that spaming is a bad idea.
A grad student that used to work in the same computer lab that I did would disagree with you. He was paid about $50 for each new virus he turned in. Everytime he needed a bit of cash a new virus was born.
The sequent system was closer to the Unix version 10 (used in phone switches) than sys V R 1->5. SCO never got the rigths to the phone switch unix. SCO is playing stupid games with the biggest patent holders in the world. If for some strange reason SCO wins aginst IBM, IBM will simply say "ok we owe you $X billion but we would like to talk about how your going to pay for the licenses for some of our patents".
There seems to be a very strong correlation between zip codes where the mail boxes are in a central location and not on the houses and id theft rates. Most places where the mail boxes are on houses have very low counts of ID theft while places where everybodys mail box is in a cluster have very high rates of ID theft. I'm guessing people find it easier to pick up someone elses mail when they don't have to walk up to someone elses house.
The USPS keeps raising the rates but can't get someone to walk the route in all new areas?
Why do you think the banks want you to use your Visa Check card? Its so you sit on the liability till its settled adn not them. Either way, in the end the merchant that took the bad card pays. Its jsut a matter of who hold the liability until it gets worked out. I prefer that the bank does. I don't use debit cards that work though the credit card system.
That size can be put back together and its not hard. You start by scaning all the bits and you then generate a run length encoded version of the outside of each rectangle. Then you sort all the bits by their encoded RL and that tells you which bits go next to what other bits. You need a rectangle size that is smaller than the empty white space between lines. It also needs to cut rectangles, not polygons or else there are other clues to put stuff back together. Real document destrucion requires smaller than 1mm x 1mm.
Since when can open office produce a document that looks as nice as TeX?
Go ask your company accountant about what an asset is worth if it can't be resold for its intended purpose. What this means is that expensive cisco grear that is being deprecated over 5 years is fraud (the kind your CEO can get thrown in jail for). The device only has scrap value once you open the box so it must be deprecated in one tax year. What does this make MCI worth seeing how much cisco gear they own and no one in their right mind would buy all of them.
Your idea might just be a workable compromise to the extreeme that the founders copyright people are going for.
Up until the 1970's any copyright book could be found at a library if it wasn't still in the bookstores. Some times it took some hunting or an interlibrary loan but you could get your hands on just about any book that was still in copyright. About the only thing that didn't fit that was movies. Copyright for software doesn't work well over the long term when a product is no longer supported. In some ways patent law would be a better match to protect the consumers and software creators but with the US patent office being so incompetent, thats not a fix either.
Have you seen the price of automatic blinds? They need to be closed at night to keep the stupid street lights out and open when the sun comes up. Thats tricky with the $6 wal-mart blinds.
Starlight is enough light for humans to walk by if they haven't been oever sensitized to bright lights. Just remember it takes 1/2 hr for the rods of your eyes to readjust after they have been flooded with too much light.
A guy that works at the local pub has created a very nice book on Napal. Some how he got the idea that he would try to get enough orders by sending out email and he found an opt-in company that had a list of people that would be interested the topick. They charged him nearly $5000 to send the spam to something like 100,000 people. I told him it was a scam as soon as he told me about it but he had already wire the money to a place in Floridia. Their test run of 100 got nearly 100 people to visit his web site comparted to the average of about 13 a day. Just after the spam went out he hit nearly 20 on one day. The result is $5000 into a spamers pocket and I'm not sure they even sent out any spam.
A few days ago I found out a guy at work is spaming usenet. Claims only one message a month per group. When did that become acceptable? I told him if I ever see one of his ads in a group I run, I'll break into his server and destory it. Considering he comes around to ask us BOFHs for security advice and we keep pointing out why things are wide open, he understands the threat is real and I think he has seen the light. If I've run into two real spamers that don't have a clue in the past few months, how many are there running around? I think too many and may mailbox agrees.
This looks like the MP3 player I just got for AU$200 (US$130). Teh only place I listen to MP3s anymore is in the car and for some reason the car has a cassette deck. I've got a cheap walkman to cassette adapters but it makes me wonder why someone hasn't made an mp3 player the right size to fit in a car radio. With the right sensors, you could trun the tape direction control into a skip to the next one, and turn off when the caspin stops spining. That way I could take the MP3 player in to the house, load it full of stuff and when it was in the car, it would work like a smart cassette.
There is a solution on the table and US law that requires the US government to use it. Its called X.400 and it is a mess. For a start you have to register your server and that used to cost something like $25,000 or maybe $40,000 for businesses. The Gossip program for gov email requires all email systems to migrate to this x.400 nonsense but I manged to get them to allow a migration path through SMTP (the others were worse and the only two that were even consididered that worked were SMTP and UUCP). The only encrytion addon for sendmail happens to be a result of work that started from encrypting x.400 stuff.
If you want to fire up your own X400 server to play with, grab isode and try to get it to compile on your machine without gagging if you can. Its one nasty bit of bad code.
SMTP isn't that broken. It works for about a billion people. Any attempt to "fix" it will break it for way too many of them.
After looking through the posts here (most of the +5 should be -5 Stupid), its clear that most of the experts don't understand email in the real world.
Encryption:
The 1st tings is email must be interceptable. Many governments won't allow high level encryption that isn't full of holes that allow them to play pack recorded streams. Most large email servers can't deal with the CPU load of full encryption anyway so 100% solid encryption is out.
Authentication:
Authenticating the server is very importaint to many sites. Once you start doing some level of encryption, you need to make sure you know who your connecting to.
Authenticating the client is the where spam issue comes from. There are many ways to do this but none of them are being done and none of them work 100% (which is why none of them work)
There is no way of knowing of a new business is a spamer or not. Therefore there is no way to filter out spamers that have enough cash to hook up to new ISPs all the time. (there are some stupid ideas like charging--my isp is rich enough, forcing all email out--my isp's mail server is up 100% doesn't understand MX,I can run my own server and it works so why chnage?)
reverse MX record checks only work if you can trust the ISP to get reverse dns working correctly and they won't deligate it to a spam house. The other choice is a verisgn like company to whitelist everyone or some sort of distributed whitelist (which the spamers will try to hack into)
As far as fixes:
The solution is patch sendmail, qmail, postfix, exim to understand email on port 26 (pointed to by a srv record) and if mail comes in on the new port, then it must be checked with a reverse MX record or its dropped. Get the clients to stop handing off email on port 25 (sendmail allows port 587 for that) Use something like the SSH transport layer to encrypt (i.e. set up the encrypted channel 1st and then figure out whos talking). Add a new smtp verify_message command so I can ask another server "did you send me messages Xcxczxczqweczx?". Patches for all 4 systems must come out at the same time but be tested aginst each other. The when an ISP figures enough of its mail comes in on something other than 25, kill port 25 forever. That will kill all the proxies and all the old email gateways that haven't been updated in years.
Or save up your money and buy your self an X.400 gateway license adn tell all your friends about your cool new email address with all thouse nice slashes and no @.
I applied for a job with GTE in Floridia. They did the piss test before the interview.
I got a call a few days later saying they lost the results and need me to come back for another test. GTE was even willing to pay for another flight down for the piss test. I should have had them send me the palen ticket and not shown up for the test. Free vaction to FLa.
Damn they are incompentent.
I know 40 Aussies that went through SARS HK just because there are too many horror stories about people from a country (that happens to be the US's best ally) get treated like shit by the US. I figure the people I know is about $40,000 or a typical airline employee pay for a year. If the Aussies as telling the US travel business to F*ck off, then the US travel industry has as major problem.
Also why do airline tickets have the plane depatrure time? There are only two people on the plane that care what time it will leave and they get the front two seats. Everyone one else cares about what time they need to be there to check in. No other time matters to them.
The airlines that do the stupid tricks to get business passengers to pay more are also seem to have problems. The ones that do flat rate are doing very good. Why are the US tax payers bailing out stupid business models?
I have a pilots license so do I don't have to play the stupid airline games anymore (for now)
I don't know where your getting your odds from (they appear way high) but you forgot that there have been about 10^17 seconds for all that to happen.
The 1st creatures didn't have 100 proteins. In a world where nothing is around to eat you, a creature won't need a defense.
Have you ever been on a wood coster? Part of the unique feeling is how the wood gives way in the curves. The steel pipe ones never had the same feel.
In the states its not law (most of them), its the insurance compaines that will force you to get a fence around the pool.
Early CDs (1986 or so) were sometimes 12 bits are rearly more than 14 in a 16 bit frame. Rip one your self and see all thouse nice 0's....
The offical CD track format can be any reasonable number of bits from about 7 to 22 not just 16. I'm supprised the record compaines haven't gone to 22 bit just to stop the rippers.