That jumped out at me, too. Sure, SCSI-based hardware RAID is great, and the performance will be outstanding and the disks will be much more reliable, too. But like you say, they didn't have to do it, they could have just used software RAID on Linux.
A third possibility just crossed my mind: maybe his staff knew perfectly well that they could use software RAID, but they wanted hardware RAID because it rocks and they had some machines that could benefit from the performance and reliability, but they figured they had a boss who A) Wouldn't approve the hardware RAID if he knew of a cheaper way to do it, and B) Could be conned because he didn't know much about Linux, so they told him they needed hardware RAID and he fell for it:-)
So what you're saying is that since the warehouse is owned by a corporation, that somehow this corporation should not have the same right to be secure in its property that you and I do?
OK, maybe you think that. Instead of trying to change your mind about that, I'll put it another way.
Let's say a vandal spraypaints graffiti on the side of a Fry's somewhere. It needs to be removed, so the store manager calls in a company to take care of it. Let's say they charge the store $1000 for cleanup and repainting, and this happens once a week. That's $48,000 a year for the cost of vandalism. If throughout their chain they have ten stores so vandalized every week, that's $480,000 a year.
How many more people could they employ with the $480,000? Or how much will the cost of their merchandise go up to pay for it?
Do you get the point now? Taggers are criminals, and should get restitution plus a good flogging. Whether the property they vandalize is yours or mine personally, or the property of a business from which we buy, or the property of a government to which we pay taxes, taggers are taking money out of the public's pocket.
Temper it for the circumstances? OK, how about this: if you tag a private individual's property, the number of strokes is doubled. If it's not your first offense, the number of strokes doubles again. If that's too many strokes for one day you get half one day, a a few days in jail to recover, then you get the rest. Then you go home.
If engineers find problems in a project, you think the answer is to "innovate our management skills?" Is that really even English?
Don't look now, but Dilbert and The Way of The Weasel is making fun of PHBs, it's not a management blueprint? Well, actually, it is a rather good guide to managing successfully, but the key is to read what's in the book and *not do* those things.
If engineers on a project, whether it's hardware, software, or something else, come to management and say "We have found problems with this project that will have a negative impact on its quality or possibly cause it to fail" the answer is not to sweep those concerns under the rug or blow them off. The answer is "OK, what do you need to fix those problems so that this project will succeed and reach its full potential?" When they tell you, obviously, there may be a cost/benefit tradeoff between some of the items, but basically you have to send them out to fix the problems so that the project will succeed.
If engineers tell you "You can't do X for Y amount of money, it's just not possible," you should listen to them. Knowing what can be done, and for what price it can be done, is their job.
If the engineering team comes to you and says "This project is so broken that it can't succeed, the best thing we can do is scrap it and do a total redesign," then you had better listen good. They are probably right, and the ass they save will be your own. The money sunk into the project is gone; don't make it worse by throwing good money after bad.
Being committed to quality and excellence in a project are not "old thinking and old views that hold us back." They are the things that make projects successful. That's my company has a successful product, is growing fast, and is making money. Is yours?
Aside to those who modded the parent Insightful: I never believed it before, but now I'm convinced that (some of) the mods really are on crack.
Yes, as a matter of fact, we *should* start caning graffiti vandals in this country. It's an effective deterrent and fits the crime. The caning should, of course, be in addition to restitution to the victims. If they can't find enough people willing to do it, I'm willing to be sworn in as a caner and help them out after work. However, I don't think they'll have much of a problem finding caners. You may recall that at the time of that incident, the vast majority of Americans thought he was getting exactly what he deserved, and more than a few people thought he should get twice as many strokes as he got.
Please note my deliberate use of the word vandal. People who go around spray-painting other people's property are not artists; they are vandals and criminals. It costs real people real money to clean up their property after someone vandalizes it with graffiti, and quite commonly, as soon as it's cleaned, the vandals come back and do it again. When you put graffiti on your own property, that you bought and paid for, you can call yourself an artist if you want. When you put graffiti on somebody else's property without permission, you're a criminal and should be treated as such.
Please don't drag out Kevin Mitnick here. Kevin Mitnick broke the law, was caught, convicted, and sentenced fairly. He's a criminal. He's done his time and deserves a fresh start so he can make something honest of himself, but there is nothing good about the actions that led him to prison, and those who would defend him and call him a victim need to get a grip on reality.
Promise cards are directly supported by the kernel, though, so you don't have to use Promise's crappy drivers.
I'm writing this on a Debian Sid system with a 2.4.20 kernel, that I installed to RAID 1 on a Promise 20265 (onboard chip). To get the support into your kernel, you need:
CONFIG_BLK_DEV_ATARAID_HPT=y CONFIG_BLK_DEV_ATA RAID_SII is not set
Note that the following should not be set. If they are, you will not get the ATARAID functionality, and the Promise will be seen as just an ordinary IDE controller:
A Debian install CD that supports Promise chips in RAID mode is out there, it's what I used to install this system. I don't remember where I got it, but Google can help. The kernel is 2.4.20, and it also supports Reiser and devfs.
Speaking as an ISP sysadmin, blocklists are extremely effective against spam (we use them) and there is nothing at all evil in either their methods or their use, because:
- No one forces any ISP or other business to use blocklists; we do so voluntarily b/c they are effective against spam and our customers like that. Moreover, our spam filters are completely optional and are off by default; any customer of ours who rejects your mail has consciously done so by activating our filters;
- I have never, ever seen an IP address falsely added to a blocklist, nor have I ever used a blocklist that did not have a removal procedure;
- You don't have the *right* to send email to anyone. Deliverability is at the sufferance of the recipient, and if the recipient chooses to block mail from your server via a blocklist, you have no cause for complaint. It's not your server, bandwidth, or money that is used to receive the mail.
So if you don't like the existence of blocklists, well, tough. They have a right to exist and we have a right to use them. We aren't going away, and neither are the lists.
Geography and flexibility may have a big influence on that. I have about the same amount of admin experience as you, plus network engineering experience (mostly Cisco) and live in the southern half of California, which is where I'm from, although I spent a number of years abroad and just returned to California in June.
Bad time to get into a bad job market? Yes, absolutely, although signs of recovery are around. For the first month or so, I only applied for jobs in my county (which, due to population distribution, effectively meant jobs within 30 miles of my parents' home, where I'm crashing on the computer room floor while I search for work). Things were tough. No calls, no interviews. Not many places even send form rejection notices anymore.
About that time, I decided to broaden my search to include all major job markets in Southern California. While I didn't really want to move, I didn't want to stay unemployed, either. As a result of that broadened search, I've had two interviews in the last three weeks. The second one, just last week, was a waste of my time. The company I interviewed with first made me an offer today, and I've accepted it. I start in two weeks, as soon as my boss gets back from vacation.
I have to move about 100 miles away, and I'm not getting the kind of money I would have seen in SoCal a few years ago, but I'm now employed and the money will get better down the line as the economy does.
In closing, to respond directly to the comment to which you replied, it's true that there are certainly ads out there for sysadmins and network engineers. The problem is the ratio of positions to those seeking positions. There are a lot of unemployed sysadmins, underemployed sysadmins, and poorly paid sysadmins out there who are all applying for those jobs. The competition is truly intense. In my entire life, I have (before this job search) only rarely failed to get an interview anytime I applied for a job, and was subsequently hired in almost every case. My overall success ratio was about 80%. I've never experienced anything like the current job market. Since mid-June I've applied for over 50 jobs and only had two calls. Granted, one of those two hired me, but the ratio of applications to calls was still terrible. That's more jobs (by far) than I've applied for in my entire life previously. I have a job now, but my success ratio is shot:-p
When people buy SCO stocks, it's not about SCO lovers (is there such a thing?) or Linux haters.
To "get inside the heads" of people who buy SCO stock, you have to understand that they are buying it for the same reason that other people buy other stocks: they believe they will make money on it. That's why people buy stock - they think that either through future price increases, good dividends, or both, the stock will be a profitable investment. You could extrapolate from it that people buying SCO stock think SCO will win in court, or maybe they just think that greater fools than they will push the price up even further.
Few people buy stock based on their opinion of the ethics, or lack thereof, of a company. Their opinion of the merits of a lawsuit, or of a company's business plan is a criteria only to the extent that it affects their estimation of whether or not the stock price will go up. If they think a company has no ethics, a filed lawsuit is frivolous, and the overall business plan will end in failure and bankruptcy, but also think that other people don't notice these problems right away and will buy the stock, so might shrewd investors buy, because they will probably profit. Of course, on the other hand, a lot of dork investors who do not understand technology, the law, or the GPL as well as they ought will also buy. Some of them will profit, others will get burned by holding too long and will see SCO go down in flames, and its stock with it.
Investors bought SCO stock a few months ago have made a significant profit. Some of them were probably fully aware that SCO's claims and lawsuits are without merit, but were just as fully aware that the price would probably go up.
1) BSD predates any 32-bit version of Windows; how do you think BSD code wound up in the first version of Windows NT?
2) Microsoft had a UNIX license and sold its own proprietary version (Xenix) way before it embarked on any Windows project. Yes, before any Windows project, including the original Windows which ran on XT and AT-class PCs and was followed by Windows 286 and Windows 386.
3) At that time, people who had never seen a line of Unix source were nevertheless writing code that was at least as secure as Unix and possibly moreso, for a variety of platforms. Seeing Unix code is not a prerequisite to writing good code. The security problems that plague Windows mostly result from architectural decisions made by Microsoft, combined with (in some cases) poor coding practices and the inevitable slips that tend to happen in a code base that is both huge and not peer-reviewed.
The MSBlast worm delivers about a 16 kbps stream, so whether the zombie is sitting on a 56k dial, a 256k upstream DSL or cable connection, or has a T-1 or larger uplink doesn't really matter. DDOS zombies don't usually consume all of the available bandwidth, since doing so would be rather counterproductive to the goal of making a DDOS attack.
If an average user, being mostly computer-illiterate but knowing that a reboot fixes most Windows problems for a while, finds that his/her computer can't connect to the Internet (the symptom of having all of your upstream bandwidth utilized), the most likely response will be a reboot. This lowers the effectiveness of the DDOS attack compared to a large number of zombies making the attack without their owners' knowledge, which allows them to continue uninterrupted.
Numbers of attackers are the key to a highly successful DDOS attack, not using up all the bandwidth at the zombie's dispoal. MSBlast could take a lot more bandwidth and still be not noticed by broadband users, but the authors have clearly crafted it to work and not be noticed on machines with dial-up and other low-bandwidth connections (I saw a 32-workstation LAN in a third world country; there was a 64k uplink for the whole office; things like that aren't unusual in many parts of the world. The likelihood of those machines being uptodate on patches is very low, which makes them a good target for MSBlaster.
My purpose for being there was to install a hardware firewall in front of their network, so they are far less likely to get infected, but there are many vulnerable machines like that out there with no protection. A good DDOS client can use them; one that consumes all available bandwidth can't.
Well, actually, that's entirely possible. Desktop PCs have had the ability to wake up on various events for a long time. If it in fact turned itself on, that could also be completely unrelated to the software. All it takes is to have wake-on-modem set and for the phone to ring.
The article also doesn't mention if this was a notebook or a desktop. Probably a desktop, but we don't know. If a notebook, that makes it even easier - hitting the off button on many notebooks doesn't turn them off, it just makes them hibernate. I have met many people sufficiently computer illiterate that they don't know that you shut down a Windows system by choosing shutdown from the menu - they think you just turn it off like a lightswitch. Judging by what was in the article, the owner of the computer in question seems to be at about that level of computer literacy.
In short, the fact that a computer-illiterate claims it turned itself on, and the fact that those sorts of things are actually possible and have been for a while, makes it at least possible, and maybe even plausible, that it did what he says it did (or at least, he thinks it did that).
As a former abuse admin at an ISP, I actually find his story pretty plausible. It's been common for a couple of years now for Outlook/Outlook Express worms to have their own SMTP engine for propagating themselves. "Special viewers" from "free" pr0n sites that disconnect a dialup connection and dial back to a 900 number or similar in an offshore location have been around since the early days of the commercial Internet. They're apparently a huge problem in Japan, because Japanese long distance companies were for a long time (and could still be) including warnings about that scam along with their bills.
There are countless varieties of peer-to-peer networking programs out there. Lots of spyware, too.
In other words, all the technology to create a worm that will, upon installing itself, set up to dial the Internet, harvest child pornography, and make it available to other zombies with the same program, is already on the shelf. All some sicko has to do is assemble it and release it in the wild. I find it entirely plausible that someone already has. Very disturbing, but plausible.
It must be a real bitch to learn English as a second language.
My wife is bilingual (English is her second language). I'm bilingual (but my second language is not my wife's first language, and my first language is English), and a number of my friends are bilingual native speakers of my second language, and a couple of my friends speak 5 or 6 languages, of which English is one of the "second" ones. A number of my wife's friends are also bilingual speakers of her first language.
Everyone in that group except me says that English is the hardest language to learn:-)
Actually, since I have a background in linguistics, I agree with them: English is tough. The grammar has an impossible number of exceptions, it's really hard to know how a word is pronounced by looking at it, and for speakers of a lot of languages, particularly East Asian ones, English pronunciation is really tough. My wife thinks she will never lose her accent, and she's probably right.
The FSF's response to the new APSL absolutely leaves me shaking my head. There's just no pleasing some people, and if I were Apple, right about now I would be fully prepared to tell them to piss off, and go back to the old APSL terms. Sheesh. Stallman and friends need to lighten up once in a while.
That notwithstanding, there are a few things wrong with your post, or so they strike me.
First, the GPL is the FSF's license, to do with as they please, just as much as Apple's code is Apples, to do with what they please. They have the right to change the GPL anyway they like. Others can have opinions about it, just as they can have opinions about Apple's PSL, but just as they can't make Apple change the APSL, neither should anyone be able to make the FSF change the GPL. Fair is fair, whether anyone likes the FSF or not.
Also, changes to the GPL are *not* retroactive. Any code released under GPL 1.0 is still covered by GPL 1.0, unless the author later re-releases it under a later version of the GPL. The FSF has no power to change that, except with respect to code they have themselves produced. Even then, they must explicitly re-license it under the later version of the GPL.
With regard to the FSF's power, well, they have none, really. No one who writes code is forced to release it under the GPL, unless that code is a derivative work of GPLed code. Even then, they aren't really forced, because no one forced them to write that derivative work. They could have not written it, or done a clean-room implementation of the same functionality. Code is licensed under the GPL only by people who wish to so license their code, and doing so gives no particular power to the FSF. The FSF has power over its own code, that's it. Even then, their power is limited compared to what any proprietary vendor has over its code. It's not unusual these days to see a EULA that along with the normal restrictions on redistribution (covered by copyright law) to also find restrictions on what you may do with the software. Now *that's* power. If someone - even the FSF - licenses code to me under the GPL, I can put that code to any use I wish, foreseen or unforeseen, intended or unintended, and they cannot stop me. The GPL says so.
Finally, with respect to the FSF and socialism, I see that comparison made all the time, but those who make it understand neither the FSF nor socialism. If they did, they wouldn't make the comparison. Read Marx and Lenin, and you'll find out. In the meantime, I'll give a little thumbnail sketch to help out:
Socialism: the software you produce belongs to the state, not you. The state sells it under a proprietary license and keeps the money. They pay you a salary, provide you with the necessities of life, etc. In theory, anyway. In practice, history has shown that it generally doesn't quite work out that way.
FSF: The software you produce is yours, and you are free to make money off of it in any way you can think of, with the exception of making it proprietary. The source must be freely shared with everyone, and they in turn are bound by the same rule of sharing their modifications with everyone.
Socialism: they will enforce this ideology at the point of a gun. If you don't agree, you can take a nice long trip to the gulag.
FSF: If you think they can take their ideology and stick it where the sun doesn't shine, there's nothing they can do except complain and whine about it in public. OK, they can do a clean-room implementation of your functionality if they feel like it, but so can any number of proprietary software vendors. So what?
In this respect, the FSF more nearly resembles anarchy than socialism, but it isn't a terribly good fit there, either. A much better fit is what social anthropologists call "gift cultures." ESR wrote something about this in one of his essays. Gift cultures are uncommon (probably unknown) in Europe, but were common among Polynesian tribes. In a nutshell, social standing comes from what you give away,
Would you like to make spam drop off tremendously overnight?
The technology is there right now. All ISPs have to do is is block outbound port 25 TCP and the problem will almost vanish.
What makes it that easy is the economics of spam. Spammers are generally not paying for the resources they use, which is how they can make a profit even at their incredibly small success rates.
Consider the case of a spammer who uses a DSL or cable line to send spam. Assume a relatively expensive plan offering high bandwidth costing $125/month and how many referrals does a spammer need to generate to cover that cost? At $20/referral, the sixth one moves the spammer into the black. If the spammer pumps out 1,000,000 spams per month and gets a 0.1% hit rate, that's 1000 per month. If the spammer gets paid for them all, that's $20,000. Even if only 10% of those hits turn out to be legit leads and the spammer gets paid for only those, that's still $2,000. Put another way, it pays for the spammer's PC and DSL hookup costs in the first month, with profit left over.
But let's assume this spammer knows a friendly ISP and is paying $1000 for a T-1, including local loop (you can go cheaper than that in many areas). If the spammer gets the same $2000 in referrals, that covers the cost of the T-1 and the PC. The next month covers the cost of the T-1 and leaves $1000 left over.
Major spammers send many millions of mails each month, and even the small-scale ones probably do over a million, so these numbers are pretty conservative.
What the spammers must do, however, that doesn't appear in the above numbers, is find some SMTP host(s) to carry their mail, since sending it from their own netblocks gets them quickly locked out by a great many MXes, invites DDOS attacks, results in people calling their upstream to get them shut down, etc.
Enter the open relay. Open relay mail servers are (sadly), not uncommon even today. A pox on all the clueless mail admins who run these things. Spammers need to send outbound traffic on port 25 to get to the open relays. If all ISPs closed off outbound port 25 traffic in their consumer dial, cable, and DSL pools, the spam problem would shrink tremendously. I worked for an ISP that followed this practice, and we almost never had spammers (just a few times a year), and those we did get disappeared in a *hurry* because we would know they were there in short order because they couldn't exploit any open relay; they had to use *our* outbound SMTP hosts because we closed port 25. That mean that if someone started a spam run, their account wouldn't survive the day. By the time the first complaint arrived, we could write back and say "This account has already been terminated."
That still leaves the problem of open proxies, of which there are also many, but those have to be dealt with via RBLs. That notwishtstanding, if all ISPs closed outbound 25 and required their dial, cable, and DSL customers to smarthost through their outbound SMTP hosts, it would take a huge bite out of spam, so to speak:-)
I concur. I was working for an ISP at the time he started sending that stuff out. We saw hundreds of them, and at first we thought it was a troll to gather known-good addresses for future spamming.
The stuff kept showing up from time to time, and eventually, on a day when we didn't have much to do, we did some tracking ourselves. Like you, we found that the guy apparently really believes it. We even found a web site where someone had posted his communications with the guy.
I'm all for getting his Internet access cut off so that he can't bother people, but I think people shouldn't toy with him. He obviously needs help and has enough problems with people baiting him.
Slashdot Mirror
Heheh. I have seen, and been paid to translate (by the rightful recipient), NDA material that was sent by email in clear text :-p
That jumped out at me, too. Sure, SCSI-based hardware RAID is great, and the performance will be outstanding and the disks will be much more reliable, too. But like you say, they didn't have to do it, they could have just used software RAID on Linux.
:-)
A third possibility just crossed my mind: maybe his staff knew perfectly well that they could use software RAID, but they wanted hardware RAID because it rocks and they had some machines that could benefit from the performance and reliability, but they figured they had a boss who A) Wouldn't approve the hardware RAID if he knew of a cheaper way to do it, and B) Could be conned because he didn't know much about Linux, so they told him they needed hardware RAID and he fell for it
Oops, quick update.
If you have an SII RAID, use:
CONFIG_BLK_DEV_ATARAID_SII=y
not
CONFIG_BLK_DEV_ATARAID_SII is not set
Sorry about that. Granted, anyone compiling a kernel most likely caught this already, but just in case.
So what you're saying is that since the warehouse is owned by a corporation, that somehow this corporation should not have the same right to be secure in its property that you and I do?
OK, maybe you think that. Instead of trying to change your mind about that, I'll put it another way.
Let's say a vandal spraypaints graffiti on the side of a Fry's somewhere. It needs to be removed, so the store manager calls in a company to take care of it. Let's say they charge the store $1000 for cleanup and repainting, and this happens once a week. That's $48,000 a year for the cost of vandalism. If throughout their chain they have ten stores so vandalized every week, that's $480,000 a year.
How many more people could they employ with the $480,000? Or how much will the cost of their merchandise go up to pay for it?
Do you get the point now? Taggers are criminals, and should get restitution plus a good flogging. Whether the property they vandalize is yours or mine personally, or the property of a business from which we buy, or the property of a government to which we pay taxes, taggers are taking money out of the public's pocket.
Temper it for the circumstances? OK, how about this: if you tag a private individual's property, the number of strokes is doubled. If it's not your first offense, the number of strokes doubles again. If that's too many strokes for one day you get half one day, a a few days in jail to recover, then you get the rest. Then you go home.
Hmmm, it might work. On the other hand, it might become a sort of badge of honor or something.
:-)
Having your ass whipped with a bamboo cane is not likely to ever become a badge of honor.
We could try both and see which is worse
Actually, I do work for a software company. The managers are engineers, and we are successful and profitable.
Say what?!
If engineers find problems in a project, you think the answer is to "innovate our management skills?" Is that really even English?
Don't look now, but Dilbert and The Way of The Weasel is making fun of PHBs, it's not a management blueprint? Well, actually, it is a rather good guide to managing successfully, but the key is to read what's in the book and *not do* those things.
If engineers on a project, whether it's hardware, software, or something else, come to management and say "We have found problems with this project that will have a negative impact on its quality or possibly cause it to fail" the answer is not to sweep those concerns under the rug or blow them off. The answer is "OK, what do you need to fix those problems so that this project will succeed and reach its full potential?" When they tell you, obviously, there may be a cost/benefit tradeoff between some of the items, but basically you have to send them out to fix the problems so that the project will succeed.
If engineers tell you "You can't do X for Y amount of money, it's just not possible," you should listen to them. Knowing what can be done, and for what price it can be done, is their job.
If the engineering team comes to you and says "This project is so broken that it can't succeed, the best thing we can do is scrap it and do a total redesign," then you had better listen good. They are probably right, and the ass they save will be your own. The money sunk into the project is gone; don't make it worse by throwing good money after bad.
Being committed to quality and excellence in a project are not "old thinking and old views that hold us back." They are the things that make projects successful. That's my company has a successful product, is growing fast, and is making money. Is yours?
Aside to those who modded the parent Insightful: I never believed it before, but now I'm convinced that (some of) the mods really are on crack.
Yes, as a matter of fact, we *should* start caning graffiti vandals in this country. It's an effective deterrent and fits the crime. The caning should, of course, be in addition to restitution to the victims. If they can't find enough people willing to do it, I'm willing to be sworn in as a caner and help them out after work.
However, I don't think they'll have much of a problem finding caners. You may recall that at the time of that incident, the vast majority of Americans thought he was getting exactly what he deserved, and more than a few people thought he should get twice as many strokes as he got.
Please note my deliberate use of the word vandal. People who go around spray-painting other people's property are not artists; they are vandals and criminals. It costs real people real money to clean up their property after someone vandalizes it with graffiti, and quite commonly, as soon as it's cleaned, the vandals come back and do it again. When you put graffiti on your own property, that you bought and paid for, you can call yourself an artist if you want. When you put graffiti on somebody else's property without permission, you're a criminal and should be treated as such.
Please don't drag out Kevin Mitnick here. Kevin Mitnick broke the law, was caught, convicted, and sentenced fairly. He's a criminal. He's done his time and deserves a fresh start so he can make something honest of himself, but there is nothing good about the actions that led him to prison, and those who would defend him and call him a victim need to get a grip on reality.
Promise cards are directly supported by the kernel, though, so you don't have to use Promise's crappy drivers.
D _PDC=y
A RAID_SII is not set
2 02XX_NEW
I'm writing this on a Debian Sid system with a 2.4.20 kernel, that I installed to RAID 1 on a Promise 20265 (onboard chip). To get the support into your kernel, you need:
CONFIG_EXPERIMENTAL=y
from code maturity options, and:
CONFIG_BLK_DEV_ATARAID=y
CONFIG_BLK_DEV_ATARAI
from IDE chipset support/bugfixes.
If you have a Highpoint or SII, use:
CONFIG_BLK_DEV_ATARAID_HPT=y
CONFIG_BLK_DEV_AT
Note that the following should not be set. If they are, you will not get the ATARAID functionality, and the Promise will be seen as just an ordinary IDE controller:
CONFIG_BLK_DEV_PDC202XX_OLD
CONFIG_BLK_DEV_PDC
A Debian install CD that supports Promise chips in RAID mode is out there, it's what I used to install this system. I don't remember where I got it, but Google can help. The kernel is 2.4.20, and it also supports Reiser and devfs.
Speaking as an ISP sysadmin, blocklists are extremely effective against spam (we use them) and there is nothing at all evil in either their methods or their use, because:
- No one forces any ISP or other business to use blocklists; we do so voluntarily b/c they are effective against spam and our customers like that. Moreover, our spam filters are completely optional and are off by default; any customer of ours who rejects your mail has consciously done so by activating our filters;
- I have never, ever seen an IP address falsely added to a blocklist, nor have I ever used a blocklist that did not have a removal procedure;
- You don't have the *right* to send email to anyone. Deliverability is at the sufferance of the recipient, and if the recipient chooses to block mail from your server via a blocklist, you have no cause for complaint. It's not your server, bandwidth, or money that is used to receive the mail.
So if you don't like the existence of blocklists, well, tough. They have a right to exist and we have a right to use them. We aren't going away, and neither are the lists.
Geography and flexibility may have a big influence on that. I have about the same amount of admin experience as you, plus network engineering experience (mostly Cisco) and live in the southern half of California, which is where I'm from, although I spent a number of years abroad and just returned to California in June.
:-p
Bad time to get into a bad job market? Yes, absolutely, although signs of recovery are around. For the first month or so, I only applied for jobs in my county (which, due to population distribution, effectively meant jobs within 30 miles of my parents' home, where I'm crashing on the computer room floor while I search for work). Things were tough. No calls, no interviews. Not many places even send form rejection notices anymore.
About that time, I decided to broaden my search to include all major job markets in Southern California. While I didn't really want to move, I didn't want to stay unemployed, either. As a result of that broadened search, I've had two interviews in the last three weeks. The second one, just last week, was a waste of my time. The company I interviewed with first made me an offer today, and I've accepted it. I start in two weeks, as soon as my boss gets back from vacation.
I have to move about 100 miles away, and I'm not getting the kind of money I would have seen in SoCal a few years ago, but I'm now employed and the money will get better down the line as the economy does.
In closing, to respond directly to the comment to which you replied, it's true that there are certainly ads out there for sysadmins and network engineers. The problem is the ratio of positions to those seeking positions. There are a lot of unemployed sysadmins, underemployed sysadmins, and poorly paid sysadmins out there who are all applying for those jobs. The competition is truly intense. In my entire life, I have (before this job search) only rarely failed to get an interview anytime I applied for a job, and was subsequently hired in almost every case. My overall success ratio was about 80%. I've never experienced anything like the current job market. Since mid-June I've applied for over 50 jobs and only had two calls. Granted, one of those two hired me, but the ratio of applications to calls was still terrible. That's more jobs (by far) than I've applied for in my entire life previously. I have a job now, but my success ratio is shot
When people buy SCO stocks, it's not about SCO lovers (is there such a thing?) or Linux haters.
To "get inside the heads" of people who buy SCO stock, you have to understand that they are buying it for the same reason that other people buy other stocks: they believe they will make money on it. That's why people buy stock - they think that either through future price increases, good dividends, or both, the stock will be a profitable investment. You could extrapolate from it that people buying SCO stock think SCO will win in court, or maybe they just think that greater fools than they will push the price up even further.
Few people buy stock based on their opinion of the ethics, or lack thereof, of a company. Their opinion of the merits of a lawsuit, or of a company's business plan is a criteria only to the extent that it affects their estimation of whether or not the stock price will go up. If they think a company has no ethics, a filed lawsuit is frivolous, and the overall business plan will end in failure and bankruptcy, but also think that other people don't notice these problems right away and will buy the stock, so might shrewd investors buy, because they will probably profit. Of course, on the other hand, a lot of dork investors who do not understand technology, the law, or the GPL as well as they ought will also buy. Some of them will profit, others will get burned by holding too long and will see SCO go down in flames, and its stock with it.
Investors bought SCO stock a few months ago have made a significant profit. Some of them were probably fully aware that SCO's claims and lawsuits are without merit, but were just as fully aware that the price would probably go up.
Umm, no.
1) BSD predates any 32-bit version of Windows; how do you think BSD code wound up in the first version of Windows NT?
2) Microsoft had a UNIX license and sold its own proprietary version (Xenix) way before it embarked on any Windows project. Yes, before any Windows project, including the original Windows which ran on XT and AT-class PCs and was followed by Windows 286 and Windows 386.
3) At that time, people who had never seen a line of Unix source were nevertheless writing code that was at least as secure as Unix and possibly moreso, for a variety of platforms. Seeing Unix code is not a prerequisite to writing good code. The security problems that plague Windows mostly result from architectural decisions made by Microsoft, combined with (in some cases) poor coding practices and the inevitable slips that tend to happen in a code base that is both huge and not peer-reviewed.
Where it gets really bad is if you have a 60-year-old PHB :-)
Mod him up. I'm an ISP sysadmin, and he knows whereof he speaks.
:-)
Aside to Trailer Trash: when I saw "mtadistributors" it took me a sec to realize that it didn't mean they were in the Mail Transfer Agent business
Let us not say that.
The MSBlast worm delivers about a 16 kbps stream, so whether the zombie is sitting on a 56k dial, a 256k upstream DSL or cable connection, or has a T-1 or larger uplink doesn't really matter. DDOS zombies don't usually consume all of the available bandwidth, since doing so would be rather counterproductive to the goal of making a DDOS attack.
If an average user, being mostly computer-illiterate but knowing that a reboot fixes most Windows problems for a while, finds that his/her computer can't connect to the Internet (the symptom of having all of your upstream bandwidth utilized), the most likely response will be a reboot. This lowers the effectiveness of the DDOS attack compared to a large number of zombies making the attack without their owners' knowledge, which allows them to continue uninterrupted.
Numbers of attackers are the key to a highly successful DDOS attack, not using up all the bandwidth at the zombie's dispoal. MSBlast could take a lot more bandwidth and still be not noticed by broadband users, but the authors have clearly crafted it to work and not be noticed on machines with dial-up and other low-bandwidth connections (I saw a 32-workstation LAN in a third world country; there was a 64k uplink for the whole office; things like that aren't unusual in many parts of the world. The likelihood of those machines being uptodate on patches is very low, which makes them a good target for MSBlaster.
My purpose for being there was to install a hardware firewall in front of their network, so they are far less likely to get infected, but there are many vulnerable machines like that out there with no protection. A good DDOS client can use them; one that consumes all available bandwidth can't.
Well, actually, that's entirely possible. Desktop PCs have had the ability to wake up on various events for a long time. If it in fact turned itself on, that could also be completely unrelated to the software. All it takes is to have wake-on-modem set and for the phone to ring.
The article also doesn't mention if this was a notebook or a desktop. Probably a desktop, but we don't know. If a notebook, that makes it even easier - hitting the off button on many notebooks doesn't turn them off, it just makes them hibernate. I have met many people sufficiently computer illiterate that they don't know that you shut down a Windows system by choosing shutdown from the menu - they think you just turn it off like a lightswitch. Judging by what was in the article, the owner of the computer in question seems to be at about that level of computer literacy.
In short, the fact that a computer-illiterate claims it turned itself on, and the fact that those sorts of things are actually possible and have been for a while, makes it at least possible, and maybe even plausible, that it did what he says it did (or at least, he thinks it did that).
As a former abuse admin at an ISP, I actually find his story pretty plausible. It's been common for a couple of years now for Outlook/Outlook Express worms to have their own SMTP engine for propagating themselves. "Special viewers" from "free" pr0n sites that disconnect a dialup connection and dial back to a 900 number or similar in an offshore location have been around since the early days of the commercial Internet. They're apparently a huge problem in Japan, because Japanese long distance companies were for a long time (and could still be) including warnings about that scam along with their bills.
There are countless varieties of peer-to-peer networking programs out there. Lots of spyware, too.
In other words, all the technology to create a worm that will, upon installing itself, set up to dial the Internet, harvest child pornography, and make it available to other zombies with the same program, is already on the shelf. All some sicko has to do is assemble it and release it in the wild. I find it entirely plausible that someone already has. Very disturbing, but plausible.
My wife is bilingual (English is her second language). I'm bilingual (but my second language is not my wife's first language, and my first language is English), and a number of my friends are bilingual native speakers of my second language, and a couple of my friends speak 5 or 6 languages, of which English is one of the "second" ones. A number of my wife's friends are also bilingual speakers of her first language.
Everyone in that group except me says that English is the hardest language to learn
Actually, since I have a background in linguistics, I agree with them: English is tough. The grammar has an impossible number of exceptions, it's really hard to know how a word is pronounced by looking at it, and for speakers of a lot of languages, particularly East Asian ones, English pronunciation is really tough. My wife thinks she will never lose her accent, and she's probably right.
The FSF's response to the new APSL absolutely leaves me shaking my head. There's just no pleasing some people, and if I were Apple, right about now I would be fully prepared to tell them to piss off, and go back to the old APSL terms. Sheesh. Stallman and friends need to lighten up once in a while.
That notwithstanding, there are a few things wrong with your post, or so they strike me.
First, the GPL is the FSF's license, to do with as they please, just as much as Apple's code is Apples, to do with what they please. They have the right to change the GPL anyway they like. Others can have opinions about it, just as they can have opinions about Apple's PSL, but just as they can't make Apple change the APSL, neither should anyone be able to make the FSF change the GPL. Fair is fair, whether anyone likes the FSF or not.
Also, changes to the GPL are *not* retroactive. Any code released under GPL 1.0 is still covered by GPL 1.0, unless the author later re-releases it under a later version of the GPL. The FSF has no power to change that, except with respect to code they have themselves produced. Even then, they must explicitly re-license it under the later version of the GPL.
With regard to the FSF's power, well, they have none, really. No one who writes code is forced to release it under the GPL, unless that code is a derivative work of GPLed code. Even then, they aren't really forced, because no one forced them to write that derivative work. They could have not written it, or done a clean-room implementation of the same functionality. Code is licensed under the GPL only by people who wish to so license their code, and doing so gives no particular power to the FSF. The FSF has power over its own code, that's it. Even then, their power is limited compared to what any proprietary vendor has over its code. It's not unusual these days to see a EULA that along with the normal restrictions on redistribution (covered by copyright law) to also find restrictions on what you may do with the software. Now *that's* power. If someone - even the FSF - licenses code to me under the GPL, I can put that code to any use I wish, foreseen or unforeseen, intended or unintended, and they cannot stop me. The GPL says so.
Finally, with respect to the FSF and socialism, I see that comparison made all the time, but those who make it understand neither the FSF nor socialism. If they did, they wouldn't make the comparison. Read Marx and Lenin, and you'll find out. In the meantime, I'll give a little thumbnail sketch to help out:
Socialism: the software you produce belongs to the state, not you. The state sells it under a proprietary license and keeps the money. They pay you a salary, provide you with the necessities of life, etc. In theory, anyway. In practice, history has shown that it generally doesn't quite work out that way.
FSF: The software you produce is yours, and you are free to make money off of it in any way you can think of, with the exception of making it proprietary. The source must be freely shared with everyone, and they in turn are bound by the same rule of sharing their modifications with everyone.
Socialism: they will enforce this ideology at the point of a gun. If you don't agree, you can take a nice long trip to the gulag.
FSF: If you think they can take their ideology and stick it where the sun doesn't shine, there's nothing they can do except complain and whine about it in public. OK, they can do a clean-room implementation of your functionality if they feel like it, but so can any number of proprietary software vendors. So what?
In this respect, the FSF more nearly resembles anarchy than socialism, but it isn't a terribly good fit there, either. A much better fit is what social anthropologists call "gift cultures." ESR wrote something about this in one of his essays. Gift cultures are uncommon (probably unknown) in Europe, but were common among Polynesian tribes. In a nutshell, social standing comes from what you give away,
Would you like to make spam drop off tremendously overnight?
:-)
The technology is there right now. All ISPs have to do is is block outbound port 25 TCP and the problem will almost vanish.
What makes it that easy is the economics of spam. Spammers are generally not paying for the resources they use, which is how they can make a profit even at their incredibly small success rates.
Consider the case of a spammer who uses a DSL or cable line to send spam. Assume a relatively expensive plan offering high bandwidth costing $125/month and how many referrals does a spammer need to generate to cover that cost? At $20/referral, the sixth one moves the spammer into the black. If the spammer pumps out 1,000,000 spams per month and gets a 0.1% hit rate, that's 1000 per month. If the spammer gets paid for them all, that's $20,000. Even if only 10% of those hits turn out to be legit leads and the spammer gets paid for only those, that's still $2,000. Put another way, it pays for the spammer's PC and DSL hookup costs in the first month, with profit left over.
But let's assume this spammer knows a friendly ISP and is paying $1000 for a T-1, including local loop (you can go cheaper than that in many areas). If the spammer gets the same $2000 in referrals, that covers the cost of the T-1 and the PC. The next month covers the cost of the T-1 and leaves $1000 left over.
Major spammers send many millions of mails each month, and even the small-scale ones probably do over a million, so these numbers are pretty conservative.
What the spammers must do, however, that doesn't appear in the above numbers, is find some SMTP host(s) to carry their mail, since sending it from their own netblocks gets them quickly locked out by a great many MXes, invites DDOS attacks, results in people calling their upstream to get them shut down, etc.
Enter the open relay. Open relay mail servers are (sadly), not uncommon even today. A pox on all the clueless mail admins who run these things. Spammers need to send outbound traffic on port 25 to get to the open relays. If all ISPs closed off outbound port 25 traffic in their consumer dial, cable, and DSL pools, the spam problem would shrink tremendously. I worked for an ISP that followed this practice, and we almost never had spammers (just a few times a year), and those we did get disappeared in a *hurry* because we would know they were there in short order because they couldn't exploit any open relay; they had to use *our* outbound SMTP hosts because we closed port 25. That mean that if someone started a spam run, their account wouldn't survive the day. By the time the first complaint arrived, we could write back and say "This account has already been terminated."
That still leaves the problem of open proxies, of which there are also many, but those have to be dealt with via RBLs. That notwishtstanding, if all ISPs closed outbound 25 and required their dial, cable, and DSL customers to smarthost through their outbound SMTP hosts, it would take a huge bite out of spam, so to speak
I concur. I was working for an ISP at the time he started sending that stuff out. We saw hundreds of them, and at first we thought it was a troll to gather known-good addresses for future spamming.
The stuff kept showing up from time to time, and eventually, on a day when we didn't have much to do, we did some tracking ourselves. Like you, we found that the guy apparently really believes it. We even found a web site where someone had posted his communications with the guy.
I'm all for getting his Internet access cut off so that he can't bother people, but I think people shouldn't toy with him. He obviously needs help and has enough problems with people baiting him.
Foreskins were indispensable when hurricanes struck Florida???
Not him, though. He'd want money from everybody who went in there.
Students will wear caps with sensors called "iBadges" pinned to them
Those caps wouldn't actually be tinfoil hats by any chance, would they?