Ok, maybe this is the wrong case, he IS running an open relay but there a bigger issue here is how much power and freedom are we willing to give up? When do operators of these lists get TOO MUCH power? Who watches the watcher? If the list operator makes a mistake what is our power to remedy it? If government was running the list, would we feel the same way?
Case in point, there is a certain BlackHole list out there that is blocking my email server. Why you ask? Is it because I send a lot of spam? No. Is it because I have an open relay? No. They block the whole class B belonging to my ISP because "there were many SPAMers on my ISP". Ok, I feel their pain - I hate spammers too (praise the SpamAssassin allmighty!!!). But they are no longer blocking just the spammers, they are blocking innocent bystanders as well. A quick check will reveal that there are no open relays anywhere on *MY* part of the network. So, why should *I* suffer for someone else's inability to handle SPAM problems?
I know, I know, there is the obvious "Well, change the ISP then." -- well easier said than done. For mirriad of reason - not the least of which is financial - this is pretty much out of the question.
My solution was to ignore the idiots and they'll go away. I do not think all too many people use the mentioned blackhole list anymore. I am guessing this is probably because their list is pretty much worthless if it blocks whole class B's. I have not seen a message bounce because of it in over a year. But there are much more respected lists out there, and what happens when one of them makes a mistake and refuses to fix it? Is there a remedy for the small guy who is getting screwed by this mistake?
In ideal world the list is controlled by it's subscribers and if it is inaccurate, they would not use it. But in ideal world there would not be spam, and last check of my SpamAssassin's "spam" folder tells me we are not living in ideal world. None of the subscribers give a damn untill the problem hits them.
Do you think MS would provide hardware without a clause in the contract stating New Orleans would have to give the computers back if they installed other operating systems on them?:)
In the article, it said it was saving us $100 million. Except that New Orleans doesn't have $100 million to spend.
$100 million in what? Software? So, how much for the hardware? This number is meaningless as it is set by the same people who give this "discount"? This message costs $100 trillion to read. Congratulation, you just saved $100 trillion you did not have.
It's all a game. New Orleans will pay more for maintaining these systems then they would for building realiable systems to begin with. There is an old russian saying - "A cheap man pays twice."
Now on the other hand, if M$ is springing for the hardware (yeah, right!)I say let them do it, then wipe it clean and build a reliable system on the hardware.
About 10-15 years ago, in an abandoned train station in Brooklyn.It was not an ad though, just a short art project "movie". The station's columns acted as frame separators. I think it was "D/Q" line somewhere near downtown Brooklyn on the way to Manhatten...
Actually, I'd recommend a combination between a nasty spam filter that kills off close to anything that might conceivably be spam and white-lists of senders who are automatically cleared.
Ok, so all the spammer needs to do is add 10x number of usual words in "safe" words (or sentances) at the end of the message? So will SPAM will now not be only annoying, but also eat up several times the bandwidth it currently does?
There is nothing new here, except for a more methodical way to provide "scoring" of the words.
Does not use of someone elses password to get in and alter computer services in the US you do not own a criminal offence and under new US laws considered "Terrorism"?
Can US (and not like they would do it, but...) demand extradition of the Italian Police as a "terrorist organization" commiting a "terrorist act" on US soil?
Not really all that usefull. In a real production environment it is easier to place OS and web server data on a CD blank and boot from it (already mentioned) on a machine with CD-ROM and no HDD. However this does not solve much as a smart hacker can just overwrite contents in the memory cache. Granted it is much easier to recover from a defacement in such a scenario by simply rebooting the server. You can probably even write a script that will monitor and reboot any web server in event of changes. If you have a decent load ballancer and a few web servers, this will work just fine.
As for the DB problems mentioned, that could be solved with a real DB (not MS Access). If you make multiple users and limit the public web site write access to only parts that are absolutely necessary, you can probably get rid of majority of the risk.
You are never perfectly safe though, and I do not see this multi-headed HDD to be much of an improvement on current situation.
Now if they could make all of the web servers read from a single hard drive... or wait, they already have that, it's called a NetApp:-)
Could RIAA then be sued for downloading their own music from these swappers?
If they do not download, how do they know it is there and that it is the real music (as opposed to loops)?
If they do download the music, are they not taking a part in the "crime"?
If they claim that they have a right to download it because they already own the rights to this music, does that not legitimize the distribution as long as the downloader already owns rights (under "fair use")?
Can Microsoft DoS anyone who they suspect to be running illegal copies of their products? (some may argue they already do, but that is a different topic)
It would be easy to put in a check in any software that compares the serial number to known pirated ones and, say, wipes your hard drive clean. Would that be legal?
Would anyone be allowed to attack any system that is in "Public Domain" (as they are part of the "Public" thus share the copyright?
Do you read over the entire source code for all of the apps you install?
You forgot to include "and completely understand" in the above quotation.
Well, but you know that including the virus source code cannot happen because they simply cannot release it. To do so will destroy intelectual property rights for everyone! It is a major national security risk and a cancer to the entire software industry. Not to mention it is simply un-American!! Mic^H^H^HVirus programmers would never do it!
I am going to file for a patent for "operating a business generating income by obtaining patents for obvious things and filing lawsuits against small companies who do these things." Then every time they sue someone, I'll sue them.... ok, so maybe it is not a solution, but I bet I can make me a fortune;-)
TiVo and ReplayTV both always have been subscription based services, forcing the PVR to get information from the company servers. TiVo charged monthly fees and offered a yearly/lifetime fees. Up to, and including, replay4000, ReplayTV included (hid) the cost of the subscription in the price of the unit, making ReplayTV units about $100-$200 more expensive than similar TiVo units. This seems to be changing with these new 4500 units.
As to what Replay4000 has that TiVo does not - the 4000 units have broadband capability with many usefull features coming out of that like ability to connect multiple units in the household and sending content between units across the internet (and sharing video with PC's, though it is not part of official spec) (BTW, some of these features can be done with TiVo if you hack it and add a network card. - TiVo units are Linux based, making it much easier to extend their functionality)
Replay4500 will probably have some new features as well, but who knows.
SFTP itself is an extension of SSH and is defined in your sshd_config file (/etc/ssh/sshd_config under RedHat) You can easily disable that there. However an enterprising user can still find a method around it (Heck, SecureCRT SSH client still supports Z-Modem)
At it's core an SSH connection is just a logical equivalent of a serial channel, so you can encode anything on it as long as you can run an encoder/decoder on both ends. The only way to limit file transfer is to tighten down the ssh config and more importantly shell option (a good example - rbash). As long as a user can run certan binaries or build own executable code on remote end, there is a way around the restrictions.
Buttom line is if you do not want a user to put/execute files on remote machine - don't give them shell access.
This is very, very simpleminded and outright wrong.
Simpleminded is the point.
But no matter what the real reason is, please don't assume that if get spam to a made-up, one-time-use address, that the person you originally gave that address to is at fault. I can assure you that that is simply not the case.
Perhaps, perhaps not. Somehow I doubt a major will let itself be compromised that way for a benefit of a spammer. And if it does, easier to track if there was only a few transaction with this address. Still, the better point is that it provides an easy way to remove yourself from a spammers list without being at a mercy of the spammer.
Besides, while theoretically possible, I never seen this occur. (of course it is just me, so who knows)
A year or two ago I came to the conclusion that you cannot stop all the spammers using filters. You can use any filtering program you want, but either you going to loose some e-mail or some spam will get though (or both). You can use fake e-mail addresses but many sites now-days check by sending you a confirmation e-mail that requires you to do something with information you get in the e-mail. But what you CAN do is control how they get your e-mail address in the first place.
Here is my easy method to track the bastard that sold your address. All you need is your own domain and control over the e-mail server - as many of my fellow geeks do.
Using my domain - I created an account for dealing with spam. I then created an alias which will put all e-mails without a specific mailbox into that account. (for example - the qmail/vmailmgr allows you to create "+" alias as such catch-all address)
Now comes the fun part- every time I need to use my e-mail in public - I make up an e-mail address that makes it easy to figure out where I used it. To make sure I do not create a real mailbox with same name - I use a specific prefix (like ns- for no spam) to make all of those e-mail addresses stand out (example - when signing up for e-bay, I sign up with ns-ebay@mydomain.com. Now when that spam arrives I can find out which e-mail address it is destined to - and which place it came from.
The last part of this comes after a while. Eventually some addresses start getting too much spam and you seem to end up where you started. No problem. I create a new alias that bounces or/dev/null's email coming into that account.
If I find that I gave out an address to a trustworthy source, I can even create an alias to go to my main mailbox.
Of course, if you go to a source that is guaranteed to leak your address to spammers, no point to even bother with all this - that's what the free webmail accounts are for;-).
The interesting part of all this is that to my own surprise I find that most sites are pretty good at keeping your privacy when you sign up. So far the biggest culprits were postings on USENET (well, duh!) and ebay - but e-bay were all from massmailings by people I bought from and they were good at removing my address when asked to.
It took me less than a minute to compute the solution and I bet no one will be able to beat this by writing a program. Anyone who actually wrote a program to tackle this problem should be banned from university - programming is a poor substitute for thinking.
I do not think you understand what programming is. Programing is not a substitute for thinking - it's an extension. It's a tool. It's like saying anyone who solves it with a pencil and paper is an idiot because they cannot do it in their head. Bottom line is that it takes just as much thinking, if not more to write a program, because you solve the problem conceptually in your head, and then write the code to do the mechanincs.
In this case, I'd say the coding is probably as much trouble as the pen-and-paper approach, but in general as an employer I'd rather hire a person knowing and using proper tools over the person who tries to do everything brute force, because when the problem gets tougher, or even if the same problem was much much longer (think "War and Peace" encoded) - the programming solution takes exact same amount of time (plus a few ms for processing) and the pen-and-paper approach will take forever.
Just because you broke some method of encryption doesn't necessarily make you a good computer science student. What about good design or object oriented techniques? How about math skills and knowledge of discrete mathmatics and its relation to programing language design?
Yes and no. It does not prove you are already good at computer science, but if you were, why bother with learning it again? It just proves that you want to learn and you have some basic skills to base your learning on.
I am not a CS (and would probably kill myself if I had to code for a living), but for kicks and grins I solved this thing. It took 1 minute of looking at it and 1 minute of coding - but to de-code it you DO have to understand some basic math and CS concepts and if it werent for that, I'd probably never solve it.
So, it does not make you a good CS professor, or even a good CS graduate, but it does make you potentially a good CS student. And it sure does weed out the "i don't know what I wanna do in college, but I hear those computer thingys pay well" crowd.
Lem is Polish, but I believe he was exiled to france and Solaris may have been written in French. Not that it is all that relevant.
Solaris movie was awesome, though I am not a big fan of Tarkowski's. However perhaps a better big Tarkowski Sci-Fi movie is Stalker. Loosely based on "Roadside Picnic" By A & B Strugatski (an excelent book and probably the best science fiction to come out of russia and possibly the world (also mentioned in the initial post)) The script for the movie was written by Strugatskii brothers themselves. I've recently came across some alternate versions of the scripts for the movie, and I must say they show off the amaizing writing abilities. They take the same story and change the main character - and it is a completely different story.
Generally I can say this much for russian science fiction - It is much more centered on the people, rather than scince. Whatever sci-fi concepts there are, and there are many, from alien worlds to transporters and Internet (much more impressive when you realize we are talking about stuff written in 40's, 50's) the science fiction is always in the background to the human factor. Someone (I thing Theodore Sturgeon) wrote in an intro to one of the Strugatskiis' books that great scince fiction must first be great fiction - that is what this is all about. I know that many of the US science-fiction fans miss this point. Too bad.
Slashdot Mirror
I'd rather plug it INTO the receiver - much more flexible this way :-)
Ok, maybe this is the wrong case, he IS running an open relay but there a bigger issue here is how much power and freedom are we willing to give up? When do operators of these lists get TOO MUCH power? Who watches the watcher? If the list operator makes a mistake what is our power to remedy it? If government was running the list, would we feel the same way?
Case in point, there is a certain BlackHole list out there that is blocking my email server. Why you ask? Is it because I send a lot of spam? No. Is it because I have an open relay? No. They block the whole class B belonging to my ISP because "there were many SPAMers on my ISP". Ok, I feel their pain - I hate spammers too (praise the SpamAssassin allmighty!!!). But they are no longer blocking just the spammers, they are blocking innocent bystanders as well. A quick check will reveal that there are no open relays anywhere on *MY* part of the network. So, why should *I* suffer for someone else's inability to handle SPAM problems?
I know, I know, there is the obvious "Well, change the ISP then." -- well easier said than done. For mirriad of reason - not the least of which is financial - this is pretty much out of the question.
My solution was to ignore the idiots and they'll go away. I do not think all too many people use the mentioned blackhole list anymore. I am guessing this is probably because their list is pretty much worthless if it blocks whole class B's. I have not seen a message bounce because of it in over a year. But there are much more respected lists out there, and what happens when one of them makes a mistake and refuses to fix it? Is there a remedy for the small guy who is getting screwed by this mistake?
In ideal world the list is controlled by it's subscribers and if it is inaccurate, they would not use it. But in ideal world there would not be spam, and last check of my SpamAssassin's "spam" folder tells me we are not living in ideal world.
None of the subscribers give a damn untill the problem hits them.
So, what is the little guy to do?
Do you think MS would provide hardware without a clause in the contract stating New Orleans would have to give the computers back if they installed other operating systems on them? :)
No, but we can dream, can't we....
A central control system monitors all stations and tracks wafer lots via 802.11 wireless communications
:-D
Well I sure hope they do not have a microwave oven in the breakroom
In the article, it said it was saving us $100 million. Except that New Orleans doesn't have $100 million to spend.
$100 million in what? Software? So, how much for the hardware? This number is meaningless as it is set by the same people who give this "discount"? This message costs $100 trillion to read. Congratulation, you just saved $100 trillion you did not have.
It's all a game. New Orleans will pay more for maintaining these systems then they would for building realiable systems to begin with. There is an old russian saying - "A cheap man pays twice."
Now on the other hand, if M$ is springing for the hardware (yeah, right!)I say let them do it, then wipe it clean and build a reliable system on the hardware.
About 10-15 years ago, in an abandoned train station in Brooklyn.It was not an ad though, just a short art project "movie". The station's columns acted as frame separators. I think it was "D/Q" line somewhere near downtown Brooklyn on the way to Manhatten...
;-)
Literaly prior art?
Actually, I'd recommend a combination between a nasty spam filter that kills off close to anything that might conceivably be spam and white-lists of senders who are automatically cleared.
Yeah, it's called SpamAssassin.
Ok, so all the spammer needs to do is add 10x number of usual words in "safe" words (or sentances) at the end of the message? So will SPAM will now not be only annoying, but also eat up several times the bandwidth it currently does?
There is nothing new here, except for a more methodical way to provide "scoring" of the words.
Does not use of someone elses password to get in and alter computer services in the US you do not own a criminal offence and under new US laws considered "Terrorism"?
Can US (and not like they would do it, but...) demand extradition of the Italian Police as a "terrorist organization" commiting a "terrorist act" on US soil?
Not really all that usefull. In a real production environment it is easier to place OS and web server data on a CD blank and boot from it (already mentioned) on a machine with CD-ROM and no HDD. However this does not solve much as a smart hacker can just overwrite contents in the memory cache. Granted it is much easier to recover from a defacement in such a scenario by simply rebooting the server. You can probably even write a script that will monitor and reboot any web server in event of changes. If you have a decent load ballancer and a few web servers, this will work just fine.
:-)
As for the DB problems mentioned, that could be solved with a real DB (not MS Access). If you make multiple users and limit the public web site write access to only parts that are absolutely necessary, you can probably get rid of majority of the risk.
You are never perfectly safe though, and I do not see this multi-headed HDD to be much of an improvement on current situation.
Now if they could make all of the web servers read from a single hard drive... or wait, they already have that, it's called a NetApp
-Em
Could RIAA then be sued for downloading their own music from these swappers?
If they do not download, how do they know it is there and that it is the real music (as opposed to loops)?
If they do download the music, are they not taking a part in the "crime"?
If they claim that they have a right to download it because they already own the rights to this music, does that not legitimize the distribution as long as the downloader already owns rights (under "fair use")?
-Em
I can see a lot of scary situations.
Can Microsoft DoS anyone who they suspect to be running illegal copies of their products? (some may argue they already do, but that is a different topic)
It would be easy to put in a check in any software that compares the serial number to known pirated ones and, say, wipes your hard drive clean. Would that be legal?
Would anyone be allowed to attack any system that is in "Public Domain" (as they are part of the "Public" thus share the copyright?
This is why you should READ the article before looking at pictures and posting comments.
It is clearly described as 1-5 AM
-Em
Do you read over the entire source code for all of the apps you install?
You forgot to include "and completely understand" in the above quotation.
Well, but you know that including the virus source code cannot happen because they simply cannot release it. To do so will destroy intelectual property rights for everyone! It is a major national security risk and a cancer to the entire software industry. Not to mention it is simply un-American!! Mic^H^H^HVirus programmers would never do it!
-Em
Well, you can always install a "TurboNET" network card from folks at www.9thtee.com and use your broadband instead of the phone :-)
This is where they are heading with Series2 anyway.
Granted, that voids the warranty, but nothing's perfect.
I am going to file for a patent for "operating a business generating income by obtaining patents for obvious things and filing lawsuits against small companies who do these things." Then every time they sue someone, I'll sue them .... ok, so maybe it is not a solution, but I bet I can make me a fortune ;-)
TiVo and ReplayTV both always have been subscription based services, forcing the PVR to get information from the company servers. TiVo charged monthly fees and offered a yearly/lifetime fees. Up to, and including, replay4000, ReplayTV included (hid) the cost of the subscription in the price of the unit, making ReplayTV units about $100-$200 more expensive than similar TiVo units. This seems to be changing with these new 4500 units. As to what Replay4000 has that TiVo does not - the 4000 units have broadband capability with many usefull features coming out of that like ability to connect multiple units in the household and sending content between units across the internet (and sharing video with PC's, though it is not part of official spec) (BTW, some of these features can be done with TiVo if you hack it and add a network card. - TiVo units are Linux based, making it much easier to extend their functionality) Replay4500 will probably have some new features as well, but who knows.
Yes. Sort of.
SFTP itself is an extension of SSH and is defined in your sshd_config file (/etc/ssh/sshd_config under RedHat) You can easily disable that there. However an enterprising user can still find a method around it (Heck, SecureCRT SSH client still supports Z-Modem)
At it's core an SSH connection is just a logical equivalent of a serial channel, so you can encode anything on it as long as you can run an encoder/decoder on both ends. The only way to limit file transfer is to tighten down the ssh config and more importantly shell option (a good example - rbash). As long as a user can run certan binaries or build own executable code on remote end, there is a way around the restrictions.
Buttom line is if you do not want a user to put/execute files on remote machine - don't give them shell access.
-Em Ellel
This is very, very simpleminded and outright wrong.
Simpleminded is the point.
But no matter what the real reason is, please don't assume that if get spam to a made-up, one-time-use address, that the person you originally gave that address to is at fault. I can assure you that that is simply not the case.
Perhaps, perhaps not. Somehow I doubt a major will let itself be compromised that way for a benefit of a spammer. And if it does, easier to track if there was only a few transaction with this address. Still, the better point is that it provides an easy way to remove yourself from a spammers list without being at a mercy of the spammer.
Besides, while theoretically possible, I never seen this occur. (of course it is just me, so who knows)
A year or two ago I came to the conclusion that you cannot stop all the spammers using filters. You can use any filtering program you want, but either you going to loose some e-mail or some spam will get though (or both). You can use fake e-mail addresses but many sites now-days check by sending you a confirmation e-mail that requires you to do something with information you get in the e-mail. But what you CAN do is control how they get your e-mail address in the first place.
/dev/null's email coming into that account.
;-).
Here is my easy method to track the bastard that sold your address. All you need is your own domain and control over the e-mail server - as many of my fellow geeks do.
Using my domain - I created an account for dealing with spam. I then created an alias which will put all e-mails without a specific mailbox into that account. (for example - the qmail/vmailmgr allows you to create "+" alias as such catch-all address)
Now comes the fun part- every time I need to use my e-mail in public - I make up an e-mail address that makes it easy to figure out where I used it. To make sure I do not create a real mailbox with same name - I use a specific prefix (like ns- for no spam) to make all of those e-mail addresses stand out (example - when signing up for e-bay, I sign up with ns-ebay@mydomain.com. Now when that spam arrives I can find out which e-mail address it is destined to - and which place it came from.
The last part of this comes after a while. Eventually some addresses start getting too much spam and you seem to end up where you started. No problem. I create a new alias that bounces or
If I find that I gave out an address to a trustworthy source, I can even create an alias to go to my main mailbox.
Of course, if you go to a source that is guaranteed to leak your address to spammers, no point to even bother with all this - that's what the free webmail accounts are for
The interesting part of all this is that to my own surprise I find that most sites are pretty good at keeping your privacy when you sign up. So far the biggest culprits were postings on USENET (well, duh!) and ebay - but e-bay were all from massmailings by people I bought from and they were good at removing my address when asked to.
Hope this helps.
-Em
Damn... there goes my membership card....
It took me less than a minute to compute the solution and I bet no one will be able to beat this by writing a program. Anyone who actually wrote a program to tackle this problem should be banned from university - programming is a poor substitute for thinking.
I do not think you understand what programming is. Programing is not a substitute for thinking - it's an extension. It's a tool. It's like saying anyone who solves it with a pencil and paper is an idiot because they cannot do it in their head. Bottom line is that it takes just as much thinking, if not more to write a program, because you solve the problem conceptually in your head, and then write the code to do the mechanincs.
In this case, I'd say the coding is probably as much trouble as the pen-and-paper approach, but in general as an employer I'd rather hire a person knowing and using proper tools over the person who tries to do everything brute force, because when the problem gets tougher, or even if the same problem was much much longer (think "War and Peace" encoded) - the programming solution takes exact same amount of time (plus a few ms for processing) and the pen-and-paper approach will take forever.
Just because you broke some method of encryption doesn't necessarily make you a good computer science student. What about good design or object oriented techniques? How about math skills and knowledge of discrete mathmatics and its relation to programing language design?
Yes and no. It does not prove you are already good at computer science, but if you were, why bother with learning it again? It just proves that you want to learn and you have some basic skills to base your learning on.
I am not a CS (and would probably kill myself if I had to code for a living), but for kicks and grins I solved this thing. It took 1 minute of looking at it and 1 minute of coding - but to de-code it you DO have to understand some basic math and CS concepts and if it werent for that, I'd probably never solve it.
So, it does not make you a good CS professor, or even a good CS graduate, but it does make you potentially a good CS student. And it sure does weed out the "i don't know what I wanna do in college, but I hear those computer thingys pay well" crowd.
>Since I know scripting languages, am I an elite hacker? No, cuz all the real "elite hackers" know how to spell 313373 ;-)
Lem is Polish, but I believe he was exiled to france and Solaris may have been written in French. Not that it is all that relevant.
Solaris movie was awesome, though I am not a big fan of Tarkowski's. However perhaps a better big Tarkowski Sci-Fi movie is Stalker. Loosely based on "Roadside Picnic" By A & B Strugatski (an excelent book and probably the best science fiction to come out of russia and possibly the world (also mentioned in the initial post)) The script for the movie was written by Strugatskii brothers themselves. I've recently came across some alternate versions of the scripts for the movie, and I must say they show off the amaizing writing abilities. They take the same story and change the main character - and it is a completely different story.
Generally I can say this much for russian science fiction - It is much more centered on the people, rather than scince. Whatever sci-fi concepts there are, and there are many, from alien worlds to transporters and Internet (much more impressive when you realize we are talking about stuff written in 40's, 50's) the science fiction is always in the background to the human factor. Someone (I thing Theodore Sturgeon) wrote in an intro to one of the Strugatskiis' books that great scince fiction must first be great fiction - that is what this is all about. I know that many of the US science-fiction fans miss this point. Too bad.