What if the "spoils" are your life savings, i.e. someone is suing you? What if someone is suing you for malpractice/carelesness which led to the demise of a person? Would a "I'm sorry, fuck off, keep away from my savings, get me johnny" be good a good enough apology?
What if they are your life, i.e. you are on trial for a serious crime? What if you just fucked, stabbed, and murdered a couple of teens? What if you are a seriously disturbed mind with a serious sociological problem. Would a "I'm sorry, fuck off, I deserve freedom and a good life get me johnny" be a good enough apology?
Always remember that a society is what, we, the individuals make out of it. If your judicial system is fucked, then change the judicial system, do not try to beat it at any/all cost.
I too think this will ultimately be for the good of the web. Perhaps not necesarily in the security avenue, but in the user experience avenue. Adobe Reader, Apple QuickTime, Macromedia Flash, RealNetworks RealOne, all versions of Java, and Windows Media Player.
Most of these technologies have been used to deliver flashy adds to pages - the marketing freaks have gotten the best of them. Take a look at most comercial pages and you will see that most of them have Flash embedded. No way to turn it off (unless you are using firebird or some hacked browser). This will force web developers to rethink the way they will deliver their content. Users will choose NOT to load the embeded app, while accessing the rest of the content.
I am aware that it will also affect some legit uses of these technologies might have, but in the end, it might just be worth it.
How well does it scale? AutoCAD seems to be the current champion when it comes to vector graphics. I would not consider SVG until I could see some heavy duty 2D schematics done with this tool.
Our shop has been drawing in dwg format for the last 2 years, but when it comes to integrating our drawings with the final report we have always have to print it out and rescan it as raster to have semi-decent results in word. Its either that or spend a bundle in the Autoview's plugin for Word to be able to import into Word.
You use differente OSes, and you find hitting CTRL-ALT-DEL to log annoying?!?!?!? I would understand inconsistent desktops, inconsistent ways of handling applications, inconsistent ways of configuring the system, inconsistent file formats but having to hit CTRL-ALT-DEL to get a log prompt is definetly way down on my list of annoyances when it comes to handling different OSes.
Hey, good to see I am not the only one in this position. I also have an NT4 based domain which I am trying to figure out what to do with, though, my solution is a little bit more complex than just a PDC, it is an SBS server (Exchange, SQL-Server, Proxy, Fax server, print server) among other stuff. Im considering Linux too, but my current worry is Exchange, most of my users are too used to it. Any ideas on how to replace Exchange?
Thanks for the tip, Prop. Last time I did a migration was from an NT4 to another NT4. All the passwords and ACLs where lost. Seems this new tool would have comed handy then.
Actually, I think the most important feature is this: 10) Support for migrating from a Windows NT 4.0 domain to a Samba domain and maintaining user, group and domain SIDs. Why? NT Server is coming to the end of support period (Dec 2003). There are still LOTS of NT4 server out there. Last time I checked, you had to recreate ALL of the groups and users whenever you migrated them from NT4 to any other PDC (there is a little support for automating this activity, but it just saves you from retyping the users and groups names).
Sadly enough, they'd probably go after the people who did the DNS change in additon or instead.
What about a scenario like:
1. Hi, I would need some help getting rid of this DDoS attacks.
2. In case you need the password for my DNS it is XXXX, if that will help fending down the attacks.
3. Please don't anybody do what XXX suggests regarding pointing this name to an FBI/NSA/CIA other big government agency's IP blocks.
1. Was created with the ultimate goal of ease of information exchange between different applications (which obviously fails, based on the fact that nobody other than the creators is able to read MSWord of OO documents in this format).
2. Was supposed to be readable by humans without the need of a parser.
Uhh... man, I really hope you are kidding in your last statement. Let me comment a bit on it:
...suicide boming is wrong and very tough action is required to stop it, whether that be assassinations, torture, internment etc in addition to infiltration, spying/tapping etc. I will give you the fact that suicide bombing is wrong, but to respond to it through assassitions or torture is questionable to say the very least. This will only degenerate in a spiral of violence. It will not stop the bombings, on the contrary, it will motivate them.
that wall built it'll actually be pretty peaceful, though they may need to remove a bunch of israeli-arabs from israel first. I bet the germans thought just like this when they built their first ghettos. Wansn't the U.S. one of the first nations in the world to declare segreagation as unlawful?
There will always be people out there who will take advantage of the defenseless. Defenseless? Oh! you mean colateral damages. Yes, I agree, there will always be some colateral damages. It is certainly irresponsible not to stay ahead.
are available online (live streaming). This guy is an amateur, wait until he feels the slashdot effect on his server. His next presentation will be entitled, how to knock down any server by just posting an article.
ISPs who choose SPEWS as blackhole providers are basically clueless. They are basically saying its ok to block 1% fake positive (even worse if you mail comes from several parts of the world).
At this point I turn the tables on the blocking ISP. I notify the receiver that due to their current ISP's policies I am unable to comunicate with them. If the recipient is a provider for our business, I notify them the fact that their ISP is blocking our mail and thus disqualifying them as providers to our business (our procurement system sends email notifications). End of story.
Sorry, bud, but in the end, Microsoft is an American company, and will pander to the interests of that country. Good to know. I also hope the idiots who design this nasty things do also know that, and will therefore stick to infecting only US IPs. Duuuhhhh!!!
My condolences, but if you're working for a business that still gets 100% of their net access through dialup, you're rather behind the times, even if you're outside the US.What do you know about the state of telcos in other countries? Just curious since you seem eager to disqualify anybody who access the net based on dailup. Hell, I bet I can find places in the States where getting broadband is still prohibitively expensive for anything but big corporations.
No, the operating system isn't smart enough to know when I am expecting an important call. The operating system can't posibly tell what kind of billing am I to expect for a 4 hour telephone call (not every country in the world has free local telephone calls as in the US). Even if the OS would only download while the line was up and idle, in some cases it would simply not be able to download an upgrade until 3-4 months have gone by (think a new version of IE).
Downloading security patches through a dail-up is problematic (last machine I gave maintenance to required a 23 Mb download), at this point MS would be better served if it started handing out CDs like AOL does and asking mom & pop to install them on their computers.
Luckily, it's an easy one to stop: Download this security update. Once you've installed that patch, go here and download the removal tool." Not really... there have been several reports that the thing has flogged machines so badly that it might not be even posible to connect to windowsupdate/any other internet site. For proper removal instructions, take a look at CERT's advisory or Trendmicro's KB
I think this is a problem more to be blamed on clueless sys-admins than organizations like SPEWs. Remember, it is the sys admin, not the the black hole who is choosing to accept the message.
People who filter based on spews and others alike basically don't care about getting a 1%-10% of false positives. To an individual that might be cool, but try setting up that policy in your workplace server.
I have my filters based on spamhaus, blitzed and dsbl. The analysis, done by sgifford was a real eye opener. I recommend it to anybody in charge of running a realiable server with black list filtering enabled.
Mmhh... yea that could be a way to go, but given the Argentinian crisis, and the light shed by the article on how ISPs bennefit from this, it would be trivial for him to get reconnection; actually he probably has ISP sales personnel calling 24 hours a day the disconnected number.
Je... coming to thing about it, the only way to really block him would be to disconnect ALL of Argentina's IP range. A bit drastic IMO.
I think the real way to go is to keep driving their response rate down. Educate your users, set up those filters, and report the fishes that get through the filtering.
Thanks a lot for the tip; after several false positives in the company's SMTP server, I had decided to solely allow bayesian filter to handle the separation. Unfortunately the thing is still in "training" and it lets flow tons of garbage.
RBLing from guys like osirusoft did a great job until i figured that they had practically black listed every single IP in Mexico (and we get like 30% incoming mail from here).
Would you be kind enought to share the figures you arrived to with the rest of us?
... why don't they use a better codec?
wmv9 is up there along with divx4/mpeg4. Take a look here
But I doubt that is the reason why they are using wmv, more probably it is due to its DRM capabilities more than anything and its ability to self destroy past its expiration date.
Still, it would be interesting to see if you can still convert it using TMPGEnc to any of your preferred DRM free formats.
WinNT 4.0 end of support date is June 30 2003 Workstation yes. Server has still until ends of this year to live through. Most corporations will be performing the migration (if they do at all) until beginings of the next year.
but it just wouldn't work.
Well, why not try it? Most of the 19th century the U.S. kept to itself. Guess how many 9/11's it had to withstand.
Surprise, some countries/people would still detest the USA. That is a reasuring reason, glad you are around with your crystal ball to tell us this things.
Do you really think al-Qaeda would stop planning attacks if we pulled out of the Mid-East?
Try pull out of Mid-East and stop funding Israel. That should work.
Of course not, the fundamentalists would just continue their brutal ways while having the freedom to attack the USA at will. Then again, you might be right... get that TIA on the road, spy on everybody, think of the rest of the world as terrorist, bomb the hell out of inocent countries, finance any/all subversive groups of any government you dislike. I am sure the rest of the world loves to be addressed in that fashion.
Slashdot Mirror
What if the "spoils" are your life savings, i.e. someone is suing you?
What if someone is suing you for malpractice/carelesness which led to the demise of a person? Would a "I'm sorry, fuck off, keep away from my savings, get me johnny" be good a good enough apology?
What if they are your life, i.e. you are on trial for a serious crime?
What if you just fucked, stabbed, and murdered a couple of teens? What if you are a seriously disturbed mind with a serious sociological problem. Would a "I'm sorry, fuck off, I deserve freedom and a good life get me johnny" be a good enough apology?
Always remember that a society is what, we, the individuals make out of it. If your judicial system is fucked, then change the judicial system, do not try to beat it at any/all cost.
I too think this will ultimately be for the good of the web. Perhaps not necesarily in the security avenue, but in the user experience avenue.
Adobe Reader, Apple QuickTime, Macromedia Flash, RealNetworks RealOne, all versions of Java, and Windows Media Player.
Most of these technologies have been used to deliver flashy adds to pages - the marketing freaks have gotten the best of them. Take a look at most comercial pages and you will see that most of them have Flash embedded. No way to turn it off (unless you are using firebird or some hacked browser). This will force web developers to rethink the way they will deliver their content. Users will choose NOT to load the embeded app, while accessing the rest of the content.
I am aware that it will also affect some legit uses of these technologies might have, but in the end, it might just be worth it.
How well does it scale? AutoCAD seems to be the current champion when it comes to vector graphics. I would not consider SVG until I could see some heavy duty 2D schematics done with this tool.
Our shop has been drawing in dwg format for the last 2 years, but when it comes to integrating our drawings with the final report we have always have to print it out and rescan it as raster to have semi-decent results in word. Its either that or spend a bundle in the Autoview's plugin for Word to be able to import into Word.
You use differente OSes, and you find hitting CTRL-ALT-DEL to log annoying?!?!?!? I would understand inconsistent desktops, inconsistent ways of handling applications, inconsistent ways of configuring the system, inconsistent file formats but having to hit CTRL-ALT-DEL to get a log prompt is definetly way down on my list of annoyances when it comes to handling different OSes.
Congratulations for a nice setup and not allowing the sales FUD get the best of you.
In other news, Intel is looking to expand their business into central heating systems.
Hey, good to see I am not the only one in this position.
I also have an NT4 based domain which I am trying to figure out what to do with, though, my solution is a little bit more complex than just a PDC, it is an SBS server (Exchange, SQL-Server, Proxy, Fax server, print server) among other stuff.
Im considering Linux too, but my current worry is Exchange, most of my users are too used to it. Any ideas on how to replace Exchange?
Thanks for the tip, Prop. Last time I did a migration was from an NT4 to another NT4. All the passwords and ACLs where lost. Seems this new tool would have comed handy then.
Actually, I think the most important feature is this:
10) Support for migrating from a Windows NT 4.0 domain to a Samba domain and maintaining user, group and domain SIDs.
Why? NT Server is coming to the end of support period (Dec 2003). There are still LOTS of NT4 server out there. Last time I checked, you had to recreate ALL of the groups and users whenever you migrated them from NT4 to any other PDC (there is a little support for automating this activity, but it just saves you from retyping the users and groups names).
Sadly enough, they'd probably go after the people who did the DNS change in additon or instead.
What about a scenario like:
1. Hi, I would need some help getting rid of this DDoS attacks.
2. In case you need the password for my DNS it is XXXX, if that will help fending down the attacks.
3. Please don't anybody do what XXX suggests regarding pointing this name to an FBI/NSA/CIA other big government agency's IP blocks.
The little I know of XML:
1. Was created with the ultimate goal of ease of information exchange between different applications (which obviously fails, based on the fact that nobody other than the creators is able to read MSWord of OO documents in this format).
2. Was supposed to be readable by humans without the need of a parser.
Is XML heading the way RTF went?
Uhh... man, I really hope you are kidding in your last statement. Let me comment a bit on it:
I will give you the fact that suicide bombing is wrong, but to respond to it through assassitions or torture is questionable to say the very least. This will only degenerate in a spiral of violence. It will not stop the bombings, on the contrary, it will motivate them.
that wall built it'll actually be pretty peaceful, though they may need to remove a bunch of israeli-arabs from israel first.
I bet the germans thought just like this when they built their first ghettos. Wansn't the U.S. one of the first nations in the world to declare segreagation as unlawful?
There will always be people out there who will take advantage of the defenseless.
Defenseless? Oh! you mean colateral damages. Yes, I agree, there will always be some colateral damages. It is certainly irresponsible not to stay ahead.
are available online (live streaming).
This guy is an amateur, wait until he feels the slashdot effect on his server. His next presentation will be entitled, how to knock down any server by just posting an article.
ISPs who choose SPEWS as blackhole providers are basically clueless. They are basically saying its ok to block 1% fake positive (even worse if you mail comes from several parts of the world).
At this point I turn the tables on the blocking ISP. I notify the receiver that due to their current ISP's policies I am unable to comunicate with them. If the recipient is a provider for our business, I notify them the fact that their ISP is blocking our mail and thus disqualifying them as providers to our business (our procurement system sends email notifications). End of story.
Sorry, bud, but in the end, Microsoft is an American company, and will pander to the interests of that country.
Good to know. I also hope the idiots who design this nasty things do also know that, and will therefore stick to infecting only US IPs. Duuuhhhh!!!
My condolences, but if you're working for a business that still gets 100% of their net access through dialup, you're rather behind the times, even if you're outside the US.What do you know about the state of telcos in other countries? Just curious since you seem eager to disqualify anybody who access the net based on dailup. Hell, I bet I can find places in the States where getting broadband is still prohibitively expensive for anything but big corporations.
No, the operating system isn't smart enough to know when I am expecting an important call. The operating system can't posibly tell what kind of billing am I to expect for a 4 hour telephone call (not every country in the world has free local telephone calls as in the US). Even if the OS would only download while the line was up and idle, in some cases it would simply not be able to download an upgrade until 3-4 months have gone by (think a new version of IE).
Downloading security patches through a dail-up is problematic (last machine I gave maintenance to required a 23 Mb download), at this point MS would be better served if it started handing out CDs like AOL does and asking mom & pop to install them on their computers.
Luckily, it's an easy one to stop: Download this security update. Once you've installed that patch, go here and download the removal tool."
Not really... there have been several reports that the thing has flogged machines so badly that it might not be even posible to connect to windowsupdate/any other internet site. For proper removal instructions, take a look at CERT's advisory or Trendmicro's KB
I think this is a problem more to be blamed on clueless sys-admins than organizations like SPEWs. Remember, it is the sys admin, not the the black hole who is choosing to accept the message.
People who filter based on spews and others alike basically don't care about getting a 1%-10% of false positives. To an individual that might be cool, but try setting up that policy in your workplace server.
I have my filters based on spamhaus, blitzed and dsbl. The analysis, done by sgifford was a real eye opener. I recommend it to anybody in charge of running a realiable server with black list filtering enabled.
Mmhh... yea that could be a way to go, but given the Argentinian crisis, and the light shed by the article on how ISPs bennefit from this, it would be trivial for him to get reconnection; actually he probably has ISP sales personnel calling 24 hours a day the disconnected number.
Je... coming to thing about it, the only way to really block him would be to disconnect ALL of Argentina's IP range. A bit drastic IMO.
I think the real way to go is to keep driving their response rate down. Educate your users, set up those filters, and report the fishes that get through the filtering.
Thanks a lot for the tip; after several false positives in the company's SMTP server, I had decided to solely allow bayesian filter to handle the separation. Unfortunately the thing is still in "training" and it lets flow tons of garbage.
RBLing from guys like osirusoft did a great job until i figured that they had practically black listed every single IP in Mexico (and we get like 30% incoming mail from here).
Would you be kind enought to share the figures you arrived to with the rest of us?
wmv9 is up there along with divx4/mpeg4. Take a look here
But I doubt that is the reason why they are using wmv, more probably it is due to its DRM capabilities more than anything and its ability to self destroy past its expiration date.
Still, it would be interesting to see if you can still convert it using TMPGEnc to any of your preferred DRM free formats.
WinNT 4.0 end of support date is June 30 2003
Workstation yes. Server has still until ends of this year to live through. Most corporations will be performing the migration (if they do at all) until beginings of the next year.
AC troll wrote:
but it just wouldn't work.
Well, why not try it? Most of the 19th century the U.S. kept to itself. Guess how many 9/11's it had to withstand.
Surprise, some countries/people would still detest the USA.
That is a reasuring reason, glad you are around with your crystal ball to tell us this things.
Do you really think al-Qaeda would stop planning attacks if we pulled out of the Mid-East?
Try pull out of Mid-East and stop funding Israel. That should work.
Of course not, the fundamentalists would just continue their brutal ways while having the freedom to attack the USA at will.
Then again, you might be right... get that TIA on the road, spy on everybody, think of the rest of the world as terrorist, bomb the hell out of inocent countries, finance any/all subversive groups of any government you dislike. I am sure the rest of the world loves to be addressed in that fashion.
I bet I can pinpoint the location in Cuba without the need of any telco equipment.