Right, but staying on topic, the solution isn't to block any mail which may or may not be spam.
In my last case, the person who marked the message as abuse, therefore blocking all my mail to AOL, was a subscribed newsletter subscriber. I feel I have to qualify that. These are verified users. Users who signed up to a site, and clicked the link in their confirmation Email, to verify that it was their Email address, with the option of "Receive Newsletter by Email" selected. I have no interest in sending to people who aren't users, they may or may not want to read the news.
Our newsletters are exactly that. The news of the day. Well, two days. If you want on the list, you sign up, and have the option turned on. You want off the list, you uncheck the box in your options, or write to us to be removed. There is no advertising in the newsletter. Otherwise, I would question what we were doing. Are we trying to sell something, or provide the news?
Now, people who mail spam crap need to be stopped. Arbitrary blocks are not the solution.
Here's a specific case. I had someone call me this morning, complaining that every Email he sent out to friends bounced. It turned out because another user on his ISP sent out a spam, his entire ISP was blacklisted. Now, should every user on that ISP suffer because someone they don't even know sent out something that was considered abuseive??
How about we continue this blacklist idea into real life. If a person in an apartment complex is annoying, put everyone on the block under house arrest, and put them in jail if they try to leave. Stupid, right?
There are better methods available, which unfortunately require the cooperation of the hosting companies and bandwidth providers. If you don't cooperate, your connectivity gets cut, and your hosting is disabled.
Unfortunately, connectivity and hosting mean money to the provider. They aren't necessarly cooperative with the idea. I do work for a hosting company. If we find someone has spammed, say through a script on their hosted site, if that customer did it, they lose their hosting account. If it was an exploitable script, either the script is disabled, or fixed. I'm very helpful with our customers, I'll fix their scripts for them.
I have plenty of problems with getting things without my concent. My postal mailbox is my biggest problem. My box is literally full of stuff I never asked for, mostly "Current Resident" stuff. I can't just automatically filter them. I have to dig through, and find if there's any real mail mixed in. Of course, no one bitches about that.
AOL and Earthlink's method of blocking anyone who may have potentially offended, is very bad. With their methodology, I should need to call every ISP to ask not to be blocked, because one of my customers may want to send one of their customers a message.
I just pulled a report from one of our membership databases. Of 370,918 users, there were 39,692 distinct domain names. In the top 50 of that list are a few I can't call. wanadoo.fr . t-online.de, libero.it, bluewin.ch, tin.it, planet.nl. You get the idea.
If everyone took up AOL's anti-spam scheme, I would need a staff of people who's sole job was to call all the ISP's, and make sure we weren't blocked.
The *BETTER* method is not to block based on any one rule. It's what you see with hotmail, mail.yahoo.com, gmail, etc.. Bad mail is received, and filtered into a spam box.
With our mail servers, we do the same thing. We use mailscanner (mailscanner.info), with spamassassin, 5 blacklists, and two virus scanners. If the score is high enough, it simply adds a bit to the subject line.
[UBE/UCE/SPAM] original subject
My users have the option of deleting those automatically, or filtering them off to another box.
Right now, I have 6,634 messages in my spam box, and 1052 in my inbox. You could say 15.8% of my mail is real, but that's not completely accurate. A lot of the "real" messages in my inbox are automated messages, such as server notifications.
The ***HUGE*** difference between what I do and what AOL does is this.. When I get a message, even though the mail server suspects it is spam, it still gets delivered into my spam box. **I** have the option of choosing what **I** want done with it. If **I** want to delete it, I can. If **I** want to have the mail server delete it before it even gets to my box, I can. If **I** want to keep them all, so I can make statistics about how many spams I get, I can. And if someone says "I sent you an Email, but never got a reply", I can check my spam box. The last time that happened was over 6 months ago. It's very rare that a legitimate message gets flagged as spam.
Since I know for a fact that AOL blocks legitimate messages, that means that they are completely in the wrong with their methodology.
I've spent several conference calls on with AOL. They believe that they are the Internet. They are the only mail server, and anyone who isn't using AOL is some sort of evil hacker. It was really frustrating, when every reference they made indicated there was only AOL. They said that their blacklist protects all mail servers. Even mine? Yes. So I asked how I got that protection. They don't know. It's just there. Like divine intervention, or eye boogers. I tried to explain that I'm a SysAdmin, and I may know a little bit about the magic of the Internet. He refered me to their standard page, http://postmaster.info.aol.com
Yes, we are already in the "feedback loop". They know all our networks. They have the email and phone number of a contact who's always available. The contact watches the abuse mail for the occasional misguided soul who hits "Abuse" instead of "Reply". Every month or two, we get some part of the network blacklisted. We call up, and they promise to 'whitelist' us. We dance around this with a few dozen calls, and then everything is fine for a month or two. Lather, rinse, repeat.
It's *REALLY* annoying to **NEED** to call another company to ask for their permission to play on their Internet with them.. Like I said at the beginning of this message, almost 40,000 domains. If everyone played this way, that would mean 40,000 calls so people could send out EMail. That *ALSO* means I would need to have phone support people ready to answer 40,000 calls. I don't really want that. My budget for staff is better used for staff who do a job which is helpful to the company.
I guess if 40,000 providers did hire say 8 employees to handle calls (4 outbound, 4 inb
AOL is definately a group that deserves a bit of their own treatment. I've found so many networks get blocked for insignificant things. I have a mailing list of just my members, and no one else. Because one person accidently hit "Abuse" (of the 40 AOL people on the list), we were blacklisted. Not just an IP, but a/24 , which was already in their "feedback loop". {sigh}
It's not the first encounter I've had with AOL. Anyone who sends mail eventually finds themselves blacklisted with AOL. They're just a pain in the ass. Unfortunately, you can't just convince anyone using AOL's email to switch to someone else. If only it were so easy.
At one time, AOL blacklisted my home IP. It was a static IP, which I was the only user of. I don't know which genius did it, but someone who I was personally mailing (like, not even Bcc lists or newsletters) must have hit the abuse button.
I'm sure it helps them out. If they can knock out 25% of their mail load at any given time, it's 25% less mail they have to process. Who cares which 25%, eh?
1) Optimistic. Those that are hopeful for a good outcome
2) Pessimistic. Those that are doubtful anything but bad can happen.
3) Realistic. Those that recognize that the optimist and pessimist are wrong some of the time.
The optimist will say "Something will survive"
The pessimist will say "nothing will survive"
The realist will say "In these circumstances, some will survive, in other circumstances, none will survive. What these circumstances are need need to be fully evaluated."
An optimist would conclude he was immortal.
A pessimist would say he was close to death.
A realist would research it, and find he killed himself over lost love.
Just because he survived 7 deadly events, he wasn't invincible.
Well, they can terraform mars. They could terraform the earth, after a major disaster. The question would be, how many people would survive in the time it would take to do it?
Anyone reading this site should understand how important redundancy is. Why do we prefer RAID5 over single hard drives? Why do we put up server clusters, rather than single servers. Why are backups suppose to be kept off-site? Because there can always be a single point of failure.
As humans, we have several single points of failure. The largest is that we're all on the same planet.
We speculate "what if", about asteroids crashing into the earth; about black holes; about the life cycle of a star. We understand that the time we can spend on this planet is finite.
If we were to expand beyond this planet, not necessarly in our solar system, but beyond, the fate of this single planet wouldn't mean life or death for humanity.
Sure, we can plan for 25 years for that particular asteriod to hit. But it takes substantially less time for a solar discharge to reach earth. A huge solar flare could have already started. There would be no reason to report it, because if it was large enough in magnitude, there would be absolutely nothing we could do about it. Think, life on this planet wiped out in a matter of seconds.
Why did humanity disappear? It still has the single point of failure. It's our own fault. We've reached the stage of advancement to be able to do something about it. We *CAN* build spacecraft. But, we focus our energies on war and profit. How much more can I have rather than my neighbor, and how will I take his away from him.
There's a fault in that logic. Just because they've survived before, doesn't mean that they'll survive in the future.
200 million years ago, you could have argued that the dinosaurs had survived several extinction events, so they'd survive. 65 million years ago, you would have lost that bet.
If the planet became very volcanic again, and the atmosphere was filled with ash and poisonous gasses, it could be possible nothing survives.
It's ok, people make that fault in logic all the time. For example, every time a hurricane blows through Florida, you always hear about someone who had told his friends "I've lived here all my life, and I've survived every hurricane, I'm not afraid of these storms", and after that storm passes, they find his body.
There will be no eulogy. Humanity will die quickly.
Denial will reign, as no preparations are done to evacuate the planet. Some will say there is no way to evacuate everyone. Others will say there's nowhere else to go. The real thinkers will know, if we had started years ago, we would have had a chance.
Most will die from the intial impact.
The impact will crack the planet's crust, resulting in volcanos, earthquakes, and tsunamis, which continue for years.
Many will die due to the dependance on transportation systems, or more specifically the failure of them.
A very few will survive in the cold dust and ash filled atmosphere, through the shaking ground, and giant destroying the costal areas. They will survive for many months on their preserved food reserves, and filtered air. Alone, they will consider themselves the lucky ones.
In the end, none will survive.
Many millennia later, other civilizations will have grown in far outlying areas of the universe. They will look at the dry and barren planet, covered by rocks and dirt, and say "nothing could have ever lived here. It's always been a dead planet"
Eventually, despite taunts, archeologists will find disputed traces of life on the planet. Some artifacts will be found. They will be found frozen in the ice of the polar ice caps, or burried in the sands of the vast deserts. Still others will be below hundreds of feet of dirt, on the iced tops of frozen oceans.
The artifacts will be carefully examined for many years. There will be many theories to what they are, and what the markings may mean. Could there have been life on this far distant planet? Could a civilization have thrived in this desolate place? Maybe these creatures could be a clue to our ancestory?
In the end, their markings will be considered random discolorations. The artifacts will be labeled as "common rocks", and thoughtfully put into storage well away from public sight.
No, as egotistical as we are, there will ne eulogy. There will be no memory of anything we've accomplished. We will be part of the dust on a barren planet, spinning slowly around a dying star.
Unfortunately, in our case it's not the boss I have to explain it to. It's the stupid credit card processing company. They threaten to cut us loose if we don't have a low score, so I have to keep the score low, even though it's bullshit.
I talked at length with the credit card company about it, but since it had come up from their bosses, it was unchangeable. Oddly enough, I can't get an audience with the president of those companies to get anything changed.
One of our credit card processing companies got a wild hair up their ass about security. Security is a good thing, I fully believe in it. But they hired their own 3rd party company to scan us. Over, and over, and over again.
The 3rd party sent them a big list, where we were just on the friendly side of a passing score. I'm not pleased with "just" passing. They sent me the list, and "suggested" that we fix all these obvious holes in our security.
Some of them were that the sites resolved in DNS. Ummm, you go to example.com, it's gotta resolve.
Another was that we had a firewall up. Because packets disappeared into our network (dropped, instead of rejected), it was a clue to potential hackers that we had a firewall up.. {sigh} Ok, so our firewall did exactly what we wanted, and we get scored down??
The remainder of the list were assumptions. They (through fingerprinting) identified that we were using *nix machines, we are running Apache running on the web servers in question. At the time, Apache_SSL was about 2 subrevisions behind Apache itself, which made it impossible to stay with Apache_SSL, and pass their test. Their beef with it was that there was an exploit for Win32 and OS2 for the particular version we were running. I wrote them a nice email and said "Ok, so there's an exploit for Win32 and OS2 for that version, but we're running on *nix".
The temporary fix for the Apache "warning" was to not display the version of Apache. I later changed over to mod_ssl, and stuck with the current version.
We still get quarterly reports from them. I sigh every time I see them. They just piss me off. Not that we're getting a security review, but the fact that I have to explain why perfectly acceptable things are listed. I can never get my score to 0 threats. Even if I firewalled off the machine, so they couldn't see it, I'd still get points against me, because they can see there is a black hole, where they know there is a machine. {sigh}
I glance over the list when it comes in, and look for anything interesting. Do they have anything relevant to tell me? Nope? Ok, put it off til next week to decorate around their mental problems. Most days, I have real work to deal with, and don't feel like doing stupid tricks for their entertainment. Of course, if I have the time, I love messing with them. Let them wonder why I'm running Apache 4.9.1 on an unknown platform.:)
circa 1970. They designed it and started building. It took a few years to get the designed product built.
From what I understand, they did finally upgrade the computers with ones that had color screens, and ran faster than 1Mhz.:)
NASA would never build shuttles in bulk. Their price doesn't go down with volume. You forget, these are government contracts. $14,000 hammers, and the whole mess. They don't even put two in orbit at once, I'd never expect them to have a 'fleet' of them. It won't happen until they discover gold on the moon, or alien artifacts (like, a spaceship) on Mars.
From what I heard from some NASA folks a while back, humans aren't really required on the shuttle. Everything can be managed by the onboard systems, and by ground control. We keep sending people up because it's better PR. If we send a rocket up, big deal. If we send a rocket up with people onboard, they're all hero's.
No offense was intended for the astronauts that *DO* fly it. That's a job that takes some balls. I wouldn't ride in a plane that crashes every few hundred flights, and has significant parts falling off on a regular basis.
Ok, that's a lie. I'd fly on it in a heart beat, if they would let me. They could tell me they forgot to install a couple windows, and I'd duct tape some sheet metal over the hole, and go along for the ride.:)
According to This Page there are two airlocks, one for the Americans, and one for the Russians. I believe the shuttle itself only has one, so if the disabled one is docked up, you'd either have to EVA through the other airlock, or keep the working one in orbit near by while they work on it.
I believe the door on the side is strictly an emergency escape, not an airlock. If they open it, it would purge all the inside air.
Switching shuttles on the ISS is a much more involved than rearranging cars in your driveway. It takes them quite some time to dock up. They don't want much velocity when approaching. The lack of friction makes things interesting. Think of trying to gently make contact with an egg, without stopping first.. With a snowplow.. On an frozen lake. 1000 miles from the nearest help if you screw up, and if you break that egg, it's your life.
I thought docked shuttles and supply ships were used to adjust orbits.
According to This Story a Russian supply ship was used to move it by 3 kilometers. As long as the shuttles OMS thrusters were working, it should have no problem maintaining its orbit. If the thrusters weren't working, well, they wouldn't be docking in the first place.:)
My guess on the docking question would be that the Shuttle has a relatively short period where it's life support is designed to operate. While the shuttle is operating sufficently, that's fine, but once it's systems start failing (like, running short on power, oxygen, etc), then it's an additional load on the ISS.
Also, this sounds like a last resort choice, so they'd only be docking up once they're relatively close to running out of supplies.
Also, if I remember correctly, the shuttle's solar panels are deployed from the cargo bay, which would be impossible to deploy while docked with the ISS. At very least, it would make it impractical to move the shuttle into a more favorable attitude for good exposure to the sun.
Myself, if I knew I was floating around in a big tube in space, which was the only thing keeping me alive, leaving a big crippled airplane tied to the site through a narrow tube, I'd rather not keep the door open very long. If something happened, I'd rather it peacefully float away, rather than risking that narrow tube become a relatively big hole in the side of my big tube I called home.
When floating inside a helium balloon, avoid pins.
I'm not convinced that the IP belongs to Linuxense.
But, it could be a box at the guy's house. Or it could be the box at his enemies house.
I have no reason to care either way. I'm only passively entertained by the whole thing. But, there are plenty of kids out there, that will try, and someone may get in.
My only questions is, how do we know that it's his system?
That IP belongs to a cablemodem in India.
The company is in India also, but it's hosted in Texas.
They're implying there's sufficent bandwidth for the whole freakin' internet to beat on it, but even with a few hundred hackers trying, that's going to swamp his cablemodem.
For all we know, it's some kid in India trying to take down some other kids computer. He definately doesn't now, and probably won't for a while, have any usable bandwidth.
Right now, I'm looking at ping times ranging from 338ms to 1446ms, and a traceroute shows that most of the latency is in the last hop. I'm not going beyond that. I'm not sufficently convinced that this is a legitimate deal.
If it *IS* his box, he's just trying to collect methodology on how people break into machines. I don't really feel good about pulling out all the tricks I know, and having him log every one of them. It would be just like me posting all the hacking tricks I know in my/. journal. I know a lot of things, because I've seen a lot of attempts against my own equipment, but there's no freakin' way I'm going to just hand that over to someone else who may or may not be an evil hacker.
I want them to read though.:) The news, and my opinions are open to everyone to read. If I bitch about the government, they're the best people to read it.
I agree with what you did. If faced with someone reporting "This is child pornography", I'd prefer that it was reported, and hopefully something was done about them.
I think it should be a matter of doing the right thing, rather than having the threat of fines and/or jail time if you didn't, for whatever reason. Sure, not everyone does the right thing, but plenty of people will continue doing the right thing.
I think a lot of people don't understand what you're saying.
I've been working with adult sites for years. You can't surprise me with anything any more. I don't even have an interest in looking at them any more. That's why I started a news site.
After a while, every picture is just another porn picture. It doesn't matter what she's doing with a champagne bottle, or with 1/2 dozen exotic models.
Sometimes I fall asleep watching TV, and sometimes it'll be Cinemax. I'm actually annoyed that softcore porn is on, and switch it to anything else.
But, thank goodness the general population hasn't been as jaded as we are. That's why porn still covers the bills of most hosting companies.
That's a silly question. Several of our servers reach 2Gb of logs in 12 hours with normal access.
There are a set of 15 mirrored servers, which serve one site, where each server would collect 2Gb of log files in approximately 6 hours. I won't link to the site itself (adult), but Here is the Alexa reference. It's rough hosting a site that's one of the largest on the Internet.
If we need the logs on a temporary basis (like for abuse monitoring), we 'cat/dev/null > logfile' every couple hours. Otherwise, we don't even keep the logs at all.
I like the sites, where we have the luxury of keeping logs, and it doesn't take forever to grep them for interesting things. My own site is frequented by interesting agencies daily. That's all I read the logs for any more. The NSA and CIA visited on Feb 9th. We have a few regular readers at the Department of Homeland Security. It's no secret, We say "Hi" once in a while.:)
Zzzz.. That's easy to fix. At least I've done it a lot under various Linux's
1) sniff the traffic.
2) change your MAC address over to theirs
3) change your IP over to theirs.
4) become them.
root @ evil (/root) ifconfig eth1 hw ether 01:01:01:01:01:01
root @ evil (/root) ifconfig eth1 | head -1
eth1 Link encap:Ethernet HWaddr 01:01:01:01:01:01
root @ evil (/root) ifconfig eth0 | head -1
eth0 Link encap:Ethernet HWaddr 10:10:10:10:10:10
root @ evil (/root) ping yahoo.com
PING yahoo.com (216.109.112.135) 56(84) bytes of data.
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=1 ttl=57 time=91.5 ms
64 bytes from w2.rc.vip.dcn.yahoo.com (216.109.112.135): icmp_seq=2 ttl=57 time=80.4 ms
Prism - 802.11b
RealTek RTL8139 100baseTX
Broadcom BCM5704 1000baseTX
That's all I have handy to mess with, but I've done it on others.
My laptop is attached to a Cisco 2924 right now, and it came up fine. Even the switch's mac-address-table shows it.
1010.1010.1010 Dynamic 1 FastEthernet0/8
MAC addresses are nothing, if you can trust that your users won't be changing their information.
Right, but staying on topic, the solution isn't to block any mail which may or may not be spam.
In my last case, the person who marked the message as abuse, therefore blocking all my mail to AOL, was a subscribed newsletter subscriber. I feel I have to qualify that. These are verified users. Users who signed up to a site, and clicked the link in their confirmation Email, to verify that it was their Email address, with the option of "Receive Newsletter by Email" selected. I have no interest in sending to people who aren't users, they may or may not want to read the news.
Our newsletters are exactly that. The news of the day. Well, two days. If you want on the list, you sign up, and have the option turned on. You want off the list, you uncheck the box in your options, or write to us to be removed. There is no advertising in the newsletter. Otherwise, I would question what we were doing. Are we trying to sell something, or provide the news?
Now, people who mail spam crap need to be stopped. Arbitrary blocks are not the solution.
Here's a specific case. I had someone call me this morning, complaining that every Email he sent out to friends bounced. It turned out because another user on his ISP sent out a spam, his entire ISP was blacklisted. Now, should every user on that ISP suffer because someone they don't even know sent out something that was considered abuseive??
How about we continue this blacklist idea into real life. If a person in an apartment complex is annoying, put everyone on the block under house arrest, and put them in jail if they try to leave. Stupid, right?
There are better methods available, which unfortunately require the cooperation of the hosting companies and bandwidth providers. If you don't cooperate, your connectivity gets cut, and your hosting is disabled.
Unfortunately, connectivity and hosting mean money to the provider. They aren't necessarly cooperative with the idea. I do work for a hosting company. If we find someone has spammed, say through a script on their hosted site, if that customer did it, they lose their hosting account. If it was an exploitable script, either the script is disabled, or fixed. I'm very helpful with our customers, I'll fix their scripts for them.
I have plenty of problems with getting things without my concent. My postal mailbox is my biggest problem. My box is literally full of stuff I never asked for, mostly "Current Resident" stuff. I can't just automatically filter them. I have to dig through, and find if there's any real mail mixed in. Of course, no one bitches about that.
If you're an AOL user, you're paying a flat rate.
You can't be telling me that the spam you receive is anything like the porn you download and jerk off to all day at work.
AOL and Earthlink's method of blocking anyone who may have potentially offended, is very bad. With their methodology, I should need to call every ISP to ask not to be blocked, because one of my customers may want to send one of their customers a message.
I just pulled a report from one of our membership databases. Of 370,918 users, there were 39,692 distinct domain names. In the top 50 of that list are a few I can't call. wanadoo.fr . t-online.de, libero.it, bluewin.ch, tin.it, planet.nl. You get the idea.
If everyone took up AOL's anti-spam scheme, I would need a staff of people who's sole job was to call all the ISP's, and make sure we weren't blocked.
The *BETTER* method is not to block based on any one rule. It's what you see with hotmail, mail.yahoo.com, gmail, etc.. Bad mail is received, and filtered into a spam box.
With our mail servers, we do the same thing. We use mailscanner (mailscanner.info), with spamassassin, 5 blacklists, and two virus scanners. If the score is high enough, it simply adds a bit to the subject line.
[UBE/UCE/SPAM] original subject
My users have the option of deleting those automatically, or filtering them off to another box.
Right now, I have 6,634 messages in my spam box, and 1052 in my inbox. You could say 15.8% of my mail is real, but that's not completely accurate. A lot of the "real" messages in my inbox are automated messages, such as server notifications.
The ***HUGE*** difference between what I do and what AOL does is this.. When I get a message, even though the mail server suspects it is spam, it still gets delivered into my spam box. **I** have the option of choosing what **I** want done with it. If **I** want to delete it, I can. If **I** want to have the mail server delete it before it even gets to my box, I can. If **I** want to keep them all, so I can make statistics about how many spams I get, I can. And if someone says "I sent you an Email, but never got a reply", I can check my spam box. The last time that happened was over 6 months ago. It's very rare that a legitimate message gets flagged as spam.
Since I know for a fact that AOL blocks legitimate messages, that means that they are completely in the wrong with their methodology.
I've spent several conference calls on with AOL. They believe that they are the Internet. They are the only mail server, and anyone who isn't using AOL is some sort of evil hacker. It was really frustrating, when every reference they made indicated there was only AOL. They said that their blacklist protects all mail servers. Even mine? Yes. So I asked how I got that protection. They don't know. It's just there. Like divine intervention, or eye boogers. I tried to explain that I'm a SysAdmin, and I may know a little bit about the magic of the Internet. He refered me to their standard page, http://postmaster.info.aol.com
Yes, we are already in the "feedback loop". They know all our networks. They have the email and phone number of a contact who's always available. The contact watches the abuse mail for the occasional misguided soul who hits "Abuse" instead of "Reply". Every month or two, we get some part of the network blacklisted. We call up, and they promise to 'whitelist' us. We dance around this with a few dozen calls, and then everything is fine for a month or two. Lather, rinse, repeat.
It's *REALLY* annoying to **NEED** to call another company to ask for their permission to play on their Internet with them.. Like I said at the beginning of this message, almost 40,000 domains. If everyone played this way, that would mean 40,000 calls so people could send out EMail. That *ALSO* means I would need to have phone support people ready to answer 40,000 calls. I don't really want that. My budget for staff is better used for staff who do a job which is helpful to the company.
I guess if 40,000 providers did hire say 8 employees to handle calls (4 outbound, 4 inb
AOL is definately a group that deserves a bit of their own treatment. I've found so many networks get blocked for insignificant things. I have a mailing list of just my members, and no one else. Because one person accidently hit "Abuse" (of the 40 AOL people on the list), we were blacklisted. Not just an IP, but a
It's not the first encounter I've had with AOL. Anyone who sends mail eventually finds themselves blacklisted with AOL. They're just a pain in the ass. Unfortunately, you can't just convince anyone using AOL's email to switch to someone else. If only it were so easy.
At one time, AOL blacklisted my home IP. It was a static IP, which I was the only user of. I don't know which genius did it, but someone who I was personally mailing (like, not even Bcc lists or newsletters) must have hit the abuse button.
I'm sure it helps them out. If they can knock out 25% of their mail load at any given time, it's 25% less mail they have to process. Who cares which 25%, eh?
There are three type of people..
1) Optimistic. Those that are hopeful for a good outcome
2) Pessimistic. Those that are doubtful anything but bad can happen.
3) Realistic. Those that recognize that the optimist and pessimist are wrong some of the time.
The optimist will say "Something will survive"
The pessimist will say "nothing will survive"
The realist will say "In these circumstances, some will survive, in other circumstances, none will survive. What these circumstances are need need to be fully evaluated."
There was a guy who was hit by lightning seven times.
An optimist would conclude he was immortal.
A pessimist would say he was close to death.
A realist would research it, and find he killed himself over lost love.
Just because he survived 7 deadly events, he wasn't invincible.
Well, they can terraform mars. They could terraform the earth, after a major disaster. The question would be, how many people would survive in the time it would take to do it?
Anyone reading this site should understand how important redundancy is. Why do we prefer RAID5 over single hard drives? Why do we put up server clusters, rather than single servers. Why are backups suppose to be kept off-site? Because there can always be a single point of failure.
As humans, we have several single points of failure. The largest is that we're all on the same planet.
We speculate "what if", about asteroids crashing into the earth; about black holes; about the life cycle of a star. We understand that the time we can spend on this planet is finite.
If we were to expand beyond this planet, not necessarly in our solar system, but beyond, the fate of this single planet wouldn't mean life or death for humanity.
Sure, we can plan for 25 years for that particular asteriod to hit. But it takes substantially less time for a solar discharge to reach earth. A huge solar flare could have already started. There would be no reason to report it, because if it was large enough in magnitude, there would be absolutely nothing we could do about it. Think, life on this planet wiped out in a matter of seconds.
Why did humanity disappear? It still has the single point of failure. It's our own fault. We've reached the stage of advancement to be able to do something about it. We *CAN* build spacecraft. But, we focus our energies on war and profit. How much more can I have rather than my neighbor, and how will I take his away from him.
There's a fault in that logic. Just because they've survived before, doesn't mean that they'll survive in the future.
200 million years ago, you could have argued that the dinosaurs had survived several extinction events, so they'd survive. 65 million years ago, you would have lost that bet.
If the planet became very volcanic again, and the atmosphere was filled with ash and poisonous gasses, it could be possible nothing survives.
It's ok, people make that fault in logic all the time. For example, every time a hurricane blows through Florida, you always hear about someone who had told his friends "I've lived here all my life, and I've survived every hurricane, I'm not afraid of these storms", and after that storm passes, they find his body.
There will be no eulogy. Humanity will die quickly.
Denial will reign, as no preparations are done to evacuate the planet. Some will say there is no way to evacuate everyone. Others will say there's nowhere else to go. The real thinkers will know, if we had started years ago, we would have had a chance.
Most will die from the intial impact.
The impact will crack the planet's crust, resulting in volcanos, earthquakes, and tsunamis, which continue for years.
Many will die due to the dependance on transportation systems, or more specifically the failure of them.
A very few will survive in the cold dust and ash filled atmosphere, through the shaking ground, and giant destroying the costal areas. They will survive for many months on their preserved food reserves, and filtered air. Alone, they will consider themselves the lucky ones.
In the end, none will survive.
Many millennia later, other civilizations will have grown in far outlying areas of the universe. They will look at the dry and barren planet, covered by rocks and dirt, and say "nothing could have ever lived here. It's always been a dead planet"
Eventually, despite taunts, archeologists will find disputed traces of life on the planet. Some artifacts will be found. They will be found frozen in the ice of the polar ice caps, or burried in the sands of the vast deserts. Still others will be below hundreds of feet of dirt, on the iced tops of frozen oceans.
The artifacts will be carefully examined for many years. There will be many theories to what they are, and what the markings may mean. Could there have been life on this far distant planet? Could a civilization have thrived in this desolate place? Maybe these creatures could be a clue to our ancestory?
In the end, their markings will be considered random discolorations. The artifacts will be labeled as "common rocks", and thoughtfully put into storage well away from public sight.
No, as egotistical as we are, there will ne eulogy. There will be no memory of anything we've accomplished. We will be part of the dust on a barren planet, spinning slowly around a dying star.
Unfortunately, in our case it's not the boss I have to explain it to. It's the stupid credit card processing company. They threaten to cut us loose if we don't have a low score, so I have to keep the score low, even though it's bullshit.
I talked at length with the credit card company about it, but since it had come up from their bosses, it was unchangeable. Oddly enough, I can't get an audience with the president of those companies to get anything changed.
I so sympathize with this.
:)
One of our credit card processing companies got a wild hair up their ass about security. Security is a good thing, I fully believe in it. But they hired their own 3rd party company to scan us. Over, and over, and over again.
The 3rd party sent them a big list, where we were just on the friendly side of a passing score. I'm not pleased with "just" passing. They sent me the list, and "suggested" that we fix all these obvious holes in our security.
Some of them were that the sites resolved in DNS. Ummm, you go to example.com, it's gotta resolve.
Another was that we had a firewall up. Because packets disappeared into our network (dropped, instead of rejected), it was a clue to potential hackers that we had a firewall up.. {sigh} Ok, so our firewall did exactly what we wanted, and we get scored down??
The remainder of the list were assumptions. They (through fingerprinting) identified that we were using *nix machines, we are running Apache running on the web servers in question. At the time, Apache_SSL was about 2 subrevisions behind Apache itself, which made it impossible to stay with Apache_SSL, and pass their test. Their beef with it was that there was an exploit for Win32 and OS2 for the particular version we were running. I wrote them a nice email and said "Ok, so there's an exploit for Win32 and OS2 for that version, but we're running on *nix".
The temporary fix for the Apache "warning" was to not display the version of Apache. I later changed over to mod_ssl, and stuck with the current version.
We still get quarterly reports from them. I sigh every time I see them. They just piss me off. Not that we're getting a security review, but the fact that I have to explain why perfectly acceptable things are listed. I can never get my score to 0 threats. Even if I firewalled off the machine, so they couldn't see it, I'd still get points against me, because they can see there is a black hole, where they know there is a machine. {sigh}
I glance over the list when it comes in, and look for anything interesting. Do they have anything relevant to tell me? Nope? Ok, put it off til next week to decorate around their mental problems. Most days, I have real work to deal with, and don't feel like doing stupid tricks for their entertainment. Of course, if I have the time, I love messing with them. Let them wonder why I'm running Apache 4.9.1 on an unknown platform.
circa 1970. They designed it and started building. It took a few years to get the designed product built.
From what I understand, they did finally upgrade the computers with ones that had color screens, and ran faster than 1Mhz.
NASA would never build shuttles in bulk. Their price doesn't go down with volume. You forget, these are government contracts. $14,000 hammers, and the whole mess. They don't even put two in orbit at once, I'd never expect them to have a 'fleet' of them. It won't happen until they discover gold on the moon, or alien artifacts (like, a spaceship) on Mars.
From what I heard from some NASA folks a while back, humans aren't really required on the shuttle. Everything can be managed by the onboard systems, and by ground control. We keep sending people up because it's better PR. If we send a rocket up, big deal. If we send a rocket up with people onboard, they're all hero's.
:)
No offense was intended for the astronauts that *DO* fly it. That's a job that takes some balls. I wouldn't ride in a plane that crashes every few hundred flights, and has significant parts falling off on a regular basis.
Ok, that's a lie. I'd fly on it in a heart beat, if they would let me. They could tell me they forgot to install a couple windows, and I'd duct tape some sheet metal over the hole, and go along for the ride.
According to This Page there are two airlocks, one for the Americans, and one for the Russians. I believe the shuttle itself only has one, so if the disabled one is docked up, you'd either have to EVA through the other airlock, or keep the working one in orbit near by while they work on it.
I believe the door on the side is strictly an emergency escape, not an airlock. If they open it, it would purge all the inside air.
Switching shuttles on the ISS is a much more involved than rearranging cars in your driveway. It takes them quite some time to dock up. They don't want much velocity when approaching. The lack of friction makes things interesting. Think of trying to gently make contact with an egg, without stopping first.. With a snowplow.. On an frozen lake. 1000 miles from the nearest help if you screw up, and if you break that egg, it's your life.
I thought docked shuttles and supply ships were used to adjust orbits.
According to This Story a Russian supply ship was used to move it by 3 kilometers. As long as the shuttles OMS thrusters were working, it should have no problem maintaining its orbit. If the thrusters weren't working, well, they wouldn't be docking in the first place.
My guess on the docking question would be that the Shuttle has a relatively short period where it's life support is designed to operate. While the shuttle is operating sufficently, that's fine, but once it's systems start failing (like, running short on power, oxygen, etc), then it's an additional load on the ISS.
Also, this sounds like a last resort choice, so they'd only be docking up once they're relatively close to running out of supplies.
Also, if I remember correctly, the shuttle's solar panels are deployed from the cargo bay, which would be impossible to deploy while docked with the ISS. At very least, it would make it impractical to move the shuttle into a more favorable attitude for good exposure to the sun.
Myself, if I knew I was floating around in a big tube in space, which was the only thing keeping me alive, leaving a big crippled airplane tied to the site through a narrow tube, I'd rather not keep the door open very long. If something happened, I'd rather it peacefully float away, rather than risking that narrow tube become a relatively big hole in the side of my big tube I called home.
When floating inside a helium balloon, avoid pins.
Be paranoid.
The IP is a cablemodem in India.
Linuxense.com is in india, but hosted in Texas.
I'm not convinced that the IP belongs to Linuxense.
But, it could be a box at the guy's house. Or it could be the box at his enemies house.
I have no reason to care either way. I'm only passively entertained by the whole thing. But, there are plenty of kids out there, that will try, and someone may get in.
My only questions is, how do we know that it's his system?
/. journal. I know a lot of things, because I've seen a lot of attempts against my own equipment, but there's no freakin' way I'm going to just hand that over to someone else who may or may not be an evil hacker.
That IP belongs to a cablemodem in India.
The company is in India also, but it's hosted in Texas.
They're implying there's sufficent bandwidth for the whole freakin' internet to beat on it, but even with a few hundred hackers trying, that's going to swamp his cablemodem.
For all we know, it's some kid in India trying to take down some other kids computer. He definately doesn't now, and probably won't for a while, have any usable bandwidth.
Right now, I'm looking at ping times ranging from 338ms to 1446ms, and a traceroute shows that most of the latency is in the last hop. I'm not going beyond that. I'm not sufficently convinced that this is a legitimate deal.
If it *IS* his box, he's just trying to collect methodology on how people break into machines. I don't really feel good about pulling out all the tricks I know, and having him log every one of them. It would be just like me posting all the hacking tricks I know in my
Actually, I just punched "Los Angeles, CA" into terraserver.microsoft.com (forgive me), and it gave me those coordinates.
Hopefully they'd call first, so we can arrange for a pickup.
> "I claim your planet in the name of Earth. Surrender or die."
:)
Imagine if the SETI folks received a message like that from another planet. If it managed to make mainstream news, people would be freaking out.
I want to send the message "Ecosystem failing. Need ride off this rock. Pick up at Long -118.20193 Lat 33.85908, Earth."
I want them to read though.
It's written in PHP. I can put a banner across the top of the site. But I don't want to scare them off too badly.
I agree with what you did. If faced with someone reporting "This is child pornography", I'd prefer that it was reported, and hopefully something was done about them.
I think it should be a matter of doing the right thing, rather than having the threat of fines and/or jail time if you didn't, for whatever reason. Sure, not everyone does the right thing, but plenty of people will continue doing the right thing.
I think a lot of people don't understand what you're saying.
I've been working with adult sites for years. You can't surprise me with anything any more. I don't even have an interest in looking at them any more. That's why I started a news site.
After a while, every picture is just another porn picture. It doesn't matter what she's doing with a champagne bottle, or with 1/2 dozen exotic models.
Sometimes I fall asleep watching TV, and sometimes it'll be Cinemax. I'm actually annoyed that softcore porn is on, and switch it to anything else.
But, thank goodness the general population hasn't been as jaded as we are. That's why porn still covers the bills of most hosting companies.
That's a silly question. Several of our servers reach 2Gb of logs in 12 hours with normal access.
/dev/null > logfile' every couple hours. Otherwise, we don't even keep the logs at all.
:)
There are a set of 15 mirrored servers, which serve one site, where each server would collect 2Gb of log files in approximately 6 hours. I won't link to the site itself (adult), but Here is the Alexa reference. It's rough hosting a site that's one of the largest on the Internet.
If we need the logs on a temporary basis (like for abuse monitoring), we 'cat
I like the sites, where we have the luxury of keeping logs, and it doesn't take forever to grep them for interesting things. My own site is frequented by interesting agencies daily. That's all I read the logs for any more. The NSA and CIA visited on Feb 9th. We have a few regular readers at the Department of Homeland Security. It's no secret, We say "Hi" once in a while.