Wouldn't Quake be a better choice? Low on resources, runs w/o use of Mesa, and skinnable so you can ID by a floating number or by the armor skin. Say, anything that's a penquin is a kernel program you don't want to mess with...
Yeah, it can be done.
--- Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
I heard of your work, though BO, and regard your group and others, including l0pht heavy ind, as a security group. However, I am left to wonder what tools you test your work with, and if you test your items on clean-installed copies of Windows (insert arbitrary version number here). It would go a long way towards deciding on running Win98 under the Bochs emulator just to secure it.
--- Spammed? Click here for free slack on how to fight it!
More people to be suckered into, less oversight, and more pain as patches are rolled in. It's best to get it locked down the first time around now, instead of running into the problems head-first like a car running into a Amtrak train at full speed.
--- Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
Unfortunately, yes, AOL is to blame. Most of their software is custom built, and they're at a point at which it is insanely easy to find exploits because of the extreem mass amount of AOL'ers. Even then, AOL won't (or quite possibly *can't*) cancel anyone's account for a TOS violation, and people can switch screen names too easily.
Unfortunately, most AOL users are too clueless to be paranoid over security.
I'm tempted to start filtering out AOL mail...
--- Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
Thank god there's some people with brains in the state legistlature!!! Everyone spread the word, and lets get the rest of the country on the bandwagon -- Evolution must be taught. When the states explicitly teaching Evolution hits the tens or twenties, we can ask Kansas and Colorado to think again.
--- Spammed? Click here for free slack on how to fight it!
I predict that in the future, depending on how badly we screw up ourselves, humans will evolve into hermaphrodites (or intersexuals). Hormones would be apropriately balanaced and vary over time.
This is similar to Bernard Dove's Chakat species.
--- Spammed? Click here for free slack on how to fight it!
I hope a few lines in the agreement NSI has will force it into a more proactive anti-spam stance. As is, it currently keeps tabs on.com,.org, and.net. There's a provision which allows ICANN to remove NSI from being the keeper of registrations for the three TopLevelDomains (TLD's). Lets hope ICANN has a anti-spam policy which removes DNS entries of spamming sites like with Toga DNS registar, ToNIC (for.to).
--- Spammed? Click here for free slack on how to fight it!
NSI is screwed up big time with this deal, and the Internet community, especially those who deal with net-abuse of this type and magnitude, does not like such a bad neighbor. Forward with full headers and apropriate password removed to MAPS RBL (http://www.mail-abuse.org) and post it to news:news.admin.net-abuse.email with the subject of NSI SPAM. Also document every phone call you've made to remove the free e-mail account and pass that along too. It's time we nip NSI in the bud about this.
--- Spammed? Click here for free slack on how to fight it!
I use this myself, and would definetly love to see some patches and upgrades for it. Therefore, I declare myself SLiRP's Maintainer. Please send your patches to tygris+slirp@erols.com, and I'll see about applying them to the base stock. Hopefully, I'll have a page up at http://www.erols.com/tygris/slirp for everyone's edification.
--- Spammed? Click here for free slack on how to fight it!
However, the posting from a slow connection wouldn't be affected (which is my main concern). Even if you're doing a quick one-liner it'll take a while to get it up to the server. Then pull another comment (takes a while)... yep, everything takes time! WHOOPS! The posting window just went by. You can post again.:)
Remember, the higher the karma, the lower the wait!
(I know, some like to imitate Katz, some just want to say "me too", and I rather have a four-liner or so that takes a minute or two...)
--- Spammed? Click here for free slack on how to fight it!
I think you can get away with it if you have sufficently high karma. Besides, which what I'm seeing with my own, and with others, is that it'll be insanely eazy to hit 10 or 20 point karma. The length of the comment adjusting the window a bit... If, say, you posted a concise two-liner and later at another story did a ten-line post (or the other way around, 10 lines followed by a two liner)? Now that's an idea.
--- Spammed? Click here for free slack on how to fight it!
Now this is just damned silly. Who is to say I'm not a newspaper editor, accustomed to writing and re-writing on the fly, therefore skilled at making useful points in a hurry?
Do we care? If you get more karma, you'll be able to get a smaller window, and be able to post more!
Further, I just happen to carefully regard what I'm planning to say long before I hit the reply link. I'm not always sure my arguments are valid before loading the posting page, so I wait and think it over before clicking that link. Many many times more often than not, I'll pass on the opportunity to post because upon further consideration, I find that I don't have anything really worthy of putting up. But when I do click the link, I'm nearly certain about what I plan to say, and can usually type it up in a minute or two, maximum, unless I'm feeling leisurely.
By that time, your four minutes (or less if your karma is high) would be up and you'll be able to post again. The time would be checked at posting. If you're in the window, you're be notified. And if I read you correctly, you'll take a minute or to actually read the article and think things through, and then write a two-minute post. Or move on.
Lastly, time-based bonuses for longer delays between clicking the post link and actually posting will just ensure that those who can't type get bonus points. Why should anyone get penalized just because they can type over 80 wpm?
It's not measured that way, it's measured between submissions of the posts (aka when you hit that Submit button). Yeah, you (or anyone else) can type 80 wpm. I can do around 30 or so. It doesn't matter since it's measured from when you hit Submit. In common useage (replying once or twice per article) it works well. If you're replying to several people in a few threads of an article, you may have a problem initally until your Karma gets high enough to decrease the wait window.
It's very similar in concept to login and how it delays.
--- Spammed? Click here for free slack on how to fight it!
So? Have 'em register! It would be 1 post per user or IP address (if not logged in) per 4 minutes (with smaller time window for good karma and larger for bad karma). Takes care of firewalled users.
--- Spammed? Click here for free slack on how to fight it!
Moderation notification: The current system is good, since putting up buttons by default for moderation when the user isn't being a moderator is going to put more load on the server, possibly crashing it again (AIEEE!!!!). Not a good idea.
Logged in but Anonymous This is worth it, but can be abused. But then, it's psudo-anomymous, so it has to be handled by users with care. Flamers? Kick 'em off.
Posting restrictions: A good writer would take about five minutes to write up a good post, with nessisary proof backing up the claim. A "Me Too!" post is under one minute. So does a cheapshot flame. I propose a one message per IP/user per 4 minutes time, with adjustments baised on Karma on the time limit (less time to wait for more Karma, more time for less). Do you really care about a subject enough to write a virtual essay, which would be moderated high, or some short statement which really doesn't add more to the topic and stays scored at one or zero? I'd say the most well written ones are ones in which some time is gotten into it, and it shows with the proof used to back it up -- and it takes time to gather that proof. The system is very tuned to how people write!!!
I wonder what my Karma is looking at now... Is there a Slashbox for Karma?
--- Spammed? Click here for free slack on how to fight it!
I'm glad you're programming it in, Rob. Even though I'm looking at things at level 1, I still see some improvement.
How about this: Allow a -2 and a -3. A -2 means that it's recorded, but only shown to moderators and Slashdot editors. If it gets moderated down to a -3, it's given 2 hours to live before it's nuked from the servers and the modpoints returned. The user or IP will only have a -1 attached. That way, it'll take three moderators to nuke a post, and all three take the blame, but we won't have any sideeffects.
--- Spammed? Click here for free slack on how to fight it!
Will the e2fs compression patches (at http://opensource.captech.com/e2compr/) be put in the mainstream kernel? What is the maximum state of intoxication allowable to be working on a computer? Should/dev/penguin be manitory on all Linux distro's, or just a bundled "plush Tux"? And by the way, what's the count of penguin at your house anyway?
--- Spammed? Click here for free slack on how to fight it!
There are many books with the printed source code to GIF's LZW compression scheme. Some dating back to the 1980's. What can Unisis do, force a recall?
And then the source code to LZW itself is spread far and wide. It's in libraries written in C, in plain C code, plain PASCAL code, heck, even QBASIC code! It's too far wide-spread.
The courts are going to have a field day when this hits the fan.
In addition, I hear that IBM also has a patent on LZW too. This may be a rumor, but wouldn't that invalidate Unisis' claims?
--- Spammed? Click here for free slack on how to fight it!
Don't you understand the implications of this message? MAPS has the power to block whole backbones? And anyone who gets shafted is "collateral damage?" I mean, really. Everyone here is acting as if MAPS is the underdog. These people have the power to bring down the whole net. And they act as an extremely blunt censor. NSI is one of the few gorrillia's bigger than MAPS -- so let them do the fighting for the rest of the net.
First of all, MAPS' RBL lists mail servres which get blocked, and it does it in a surgical manner. It is very slow and careful about which servers it blocks. Take Real Networks. It only has ten servers on the list -- the spam spewing servers. Normal communications not using those servers is unaffected.
Second, the RBL only blocks mail servers and the SMTP service to those who subscribe to it. Since these are hard-core spammers, isn't it worth while?
I volunteer to subscribe to MAPS. I also subscribe to RRSS, the Radparker Relay Spam Stopper. A similar system, but blocks relaying servers which are broken. The RRSS is similar in design to MAPS RBL in the case that it manually checks each report before throwing it in the listing.
What right to they have to decide that AGIS should get blocked, just because they choose to provide services which someone else misuses. The right given to them by the owners of all the servers which got spammed by the downstream. AGIS turned a blind eye to the downstream repeatedly after many complaints. Heck, it had to disable ICMP pings because too many individuals were flooding their routers trying to see if CyberPromotions was still up.
Because of repeated ignoring of complaints, it was thrown in for a while. And it repented.
MAPS is a last resort tool. And NSI isn't letting up. Throw 'em in.
--- Spammed? Click here for free slack on how to fight it!
This is just part of Sun's newest rollout of the Java platform. They're also tossing out Edition versions, with a "Micro" edition for Palm Pilots. I say nice...
--- Spammed? Click here for free slack on how to fight it!
Re:MAPS RBL, NSI, and other blockers.
on
NSI to be RBL'ed?
·
· Score: 1
I would like to add that they'll be only blocking one server, which is the source of the spams themselves, and not any other server. Your unsolicitated notices of renewal et al over e-mail should be comming in fine if they don't use the same server that the spams are comming from.
--- Spammed? Click here for free slack on how to fight it!
MAPS RBL, NSI, and other blockers.
on
NSI to be RBL'ed?
·
· Score: 4
The MAPS RBL is the last resort in blocking spam from spewers such as NSI and Real Networks (which got thrown in earlier this month). The process starts off that: Someone on news.admin.net-abuse.email gets repeatedly spammed by a domain, gets repeatedly refused by a domain to stop spamming or the spammer, or sees on a spam a site that is never taken down. (RBL is used for spammers and the servers that others provide for such spammers) Next, after repeated phone calls and evidence gathering, an RBL request containing all the information is sent to MAPS. Nick (in the e-mail) calls the company to work things out. If nothing happens (and they're very flexible to work with), the servers in quesiton get thrown in the RBL until the company who owns those servers repents.
The MAPS RBL has blocked whole backbones before (AGIS, for the Cyberpromotions fiasco they had). Real Networks got thrown in, even after they sent a legal threat to MAPS. MAPS has not received any orders against the listing.
--- Spammed? Click here for free slack on how to fight it!
Well, it's starting. Distributed.net got block-spammed by a broken client, and they did the right thing. They're going to lock down their client now. The previous incident had alot of reason added on to ensure security, but now...
You can't be too paranoid about security now.
--- Spammed? Click here for free slack on how to fight it!
Slashdot Mirror
Wouldn't Quake be a better choice? Low on resources, runs w/o use of Mesa, and skinnable so you can ID by a floating number or by the armor skin. Say, anything that's a penquin is a kernel program you don't want to mess with...
Yeah, it can be done.
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
I heard of your work, though BO, and regard your group and others, including l0pht heavy ind, as a security group. However, I am left to wonder what tools you test your work with, and if you test your items on clean-installed copies of Windows (insert arbitrary version number here). It would go a long way towards deciding on running Win98 under the Bochs emulator just to secure it.
---
Spammed? Click here for free slack on how to fight it!
Lets hope it'll also come with devfs utils installed. I think it's time it got out into the open.
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
More people to be suckered into, less oversight, and more pain as patches are rolled in. It's best to get it locked down the first time around now, instead of running into the problems head-first like a car running into a Amtrak train at full speed.
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
Free account, commit alot of abuse, start getting AOL banned from many servers. The banning's already started.
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
Unfortunately, yes, AOL is to blame. Most of their software is custom built, and they're at a point at which it is insanely easy to find exploits because of the extreem mass amount of AOL'ers. Even then, AOL won't (or quite possibly *can't*) cancel anyone's account for a TOS violation, and people can switch screen names too easily.
Unfortunately, most AOL users are too clueless to be paranoid over security.
I'm tempted to start filtering out AOL mail...
---
Another non-functioning site was "uncertainty.microsoft.com." The purpose of that site was not known. -- MSNBC 10-26-1999 on MS crack
Thank god there's some people with brains in the state legistlature!!! Everyone spread the word, and lets get the rest of the country on the bandwagon -- Evolution must be taught. When the states explicitly teaching Evolution hits the tens or twenties, we can ask Kansas and Colorado to think again.
---
Spammed? Click here for free slack on how to fight it!
This is similar to Bernard Dove's Chakat species.
---
Spammed? Click here for free slack on how to fight it!
They should be selling the video soon. I snagged an old copy perviously, and have asked Marc (the MC) about posting a d/l-able version of the video.
---
Spammed? Click here for free slack on how to fight it!
---
Spammed? Click here for free slack on how to fight it!
NSI is screwed up big time with this deal, and the Internet community, especially those who deal with net-abuse of this type and magnitude, does not like such a bad neighbor. Forward with full headers and apropriate password removed to MAPS RBL (http://www.mail-abuse.org) and post it to news:news.admin.net-abuse.email with the subject of NSI SPAM. Also document every phone call you've made to remove the free e-mail account and pass that along too. It's time we nip NSI in the bud about this.
---
Spammed? Click here for free slack on how to fight it!
---
Spammed? Click here for free slack on how to fight it!
However, the posting from a slow connection wouldn't be affected (which is my main concern). Even if you're doing a quick one-liner it'll take a while to get it up to the server. Then pull another comment (takes a while)... yep, everything takes time! WHOOPS! The posting window just went by. You can post again. :)
Remember, the higher the karma, the lower the wait!
(I know, some like to imitate Katz, some just want to say "me too", and I rather have a four-liner or so that takes a minute or two...)
---
Spammed? Click here for free slack on how to fight it!
I think you can get away with it if you have sufficently high karma. Besides, which what I'm seeing with my own, and with others, is that it'll be insanely eazy to hit 10 or 20 point karma. The length of the comment adjusting the window a bit... If, say, you posted a concise two-liner and later at another story did a ten-line post (or the other way around, 10 lines followed by a two liner)? Now that's an idea.
---
Spammed? Click here for free slack on how to fight it!
Do we care? If you get more karma, you'll be able to get a smaller window, and be able to post more!
Further, I just happen to carefully regard what I'm planning to say long before I hit the reply link. I'm not always sure my arguments are valid before loading the posting page, so I wait and think it over before clicking that link. Many many times more often than not, I'll pass on the opportunity to post because upon further consideration, I find that I don't have anything really worthy of putting up. But when I do click the link, I'm nearly certain about what I plan to say, and can usually type it up in a minute or two, maximum, unless I'm feeling leisurely.
By that time, your four minutes (or less if your karma is high) would be up and you'll be able to post again. The time would be checked at posting. If you're in the window, you're be notified. And if I read you correctly, you'll take a minute or to actually read the article and think things through, and then write a two-minute post. Or move on.
Lastly, time-based bonuses for longer delays between clicking the post link and actually posting will just ensure that those who can't type get bonus points. Why should anyone get penalized just because they can type over 80 wpm?
It's not measured that way, it's measured between submissions of the posts (aka when you hit that Submit button). Yeah, you (or anyone else) can type 80 wpm. I can do around 30 or so. It doesn't matter since it's measured from when you hit Submit. In common useage (replying once or twice per article) it works well. If you're replying to several people in a few threads of an article, you may have a problem initally until your Karma gets high enough to decrease the wait window.
It's very similar in concept to login and how it delays.
---
Spammed? Click here for free slack on how to fight it!
So? Have 'em register! It would be 1 post per user or IP address (if not logged in) per 4 minutes (with smaller time window for good karma and larger for bad karma). Takes care of firewalled users.
---
Spammed? Click here for free slack on how to fight it!
Moderation notification: The current system is good, since putting up buttons by default for moderation when the user isn't being a moderator is going to put more load on the server, possibly crashing it again (AIEEE!!!!). Not a good idea.
Logged in but Anonymous This is worth it, but can be abused. But then, it's psudo-anomymous, so it has to be handled by users with care. Flamers? Kick 'em off.
Posting restrictions: A good writer would take about five minutes to write up a good post, with nessisary proof backing up the claim. A "Me Too!" post is under one minute. So does a cheapshot flame. I propose a one message per IP/user per 4 minutes time, with adjustments baised on Karma on the time limit (less time to wait for more Karma, more time for less). Do you really care about a subject enough to write a virtual essay, which would be moderated high, or some short statement which really doesn't add more to the topic and stays scored at one or zero? I'd say the most well written ones are ones in which some time is gotten into it, and it shows with the proof used to back it up -- and it takes time to gather that proof. The system is very tuned to how people write!!!
I wonder what my Karma is looking at now... Is there a Slashbox for Karma?
---
Spammed? Click here for free slack on how to fight it!
I'm glad you're programming it in, Rob. Even though I'm looking at things at level 1, I still see some improvement.
How about this: Allow a -2 and a -3. A -2 means that it's recorded, but only shown to moderators and Slashdot editors. If it gets moderated down to a -3, it's given 2 hours to live before it's nuked from the servers and the modpoints returned. The user or IP will only have a -1 attached. That way, it'll take three moderators to nuke a post, and all three take the blame, but we won't have any sideeffects.
---
Spammed? Click here for free slack on how to fight it!
Will the e2fs compression patches (at http://opensource.captech.com/e2compr/) be put in the mainstream kernel? What is the maximum state of intoxication allowable to be working on a computer? Should /dev/penguin be manitory on all Linux distro's, or just a bundled "plush Tux"? And by the way, what's the count of penguin at your house anyway?
---
Spammed? Click here for free slack on how to fight it!
There are many books with the printed source code to GIF's LZW compression scheme. Some dating back to the 1980's. What can Unisis do, force a recall?
And then the source code to LZW itself is spread far and wide. It's in libraries written in C, in plain C code, plain PASCAL code, heck, even QBASIC code! It's too far wide-spread.
The courts are going to have a field day when this hits the fan.
In addition, I hear that IBM also has a patent on LZW too. This may be a rumor, but wouldn't that invalidate Unisis' claims?
---
Spammed? Click here for free slack on how to fight it!
First of all, MAPS' RBL lists mail servres which get blocked, and it does it in a surgical manner. It is very slow and careful about which servers it blocks. Take Real Networks. It only has ten servers on the list -- the spam spewing servers. Normal communications not using those servers is unaffected.
Second, the RBL only blocks mail servers and the SMTP service to those who subscribe to it. Since these are hard-core spammers, isn't it worth while?
I volunteer to subscribe to MAPS. I also subscribe to RRSS, the Radparker Relay Spam Stopper. A similar system, but blocks relaying servers which are broken. The RRSS is similar in design to MAPS RBL in the case that it manually checks each report before throwing it in the listing.
What right to they have to decide that AGIS should get blocked, just because they choose to provide services which someone else misuses. The right given to them by the owners of all the servers which got spammed by the downstream. AGIS turned a blind eye to the downstream repeatedly after many complaints. Heck, it had to disable ICMP pings because too many individuals were flooding their routers trying to see if CyberPromotions was still up.
Because of repeated ignoring of complaints, it was thrown in for a while. And it repented.
MAPS is a last resort tool. And NSI isn't letting up. Throw 'em in.
---
Spammed? Click here for free slack on how to fight it!
This is just part of Sun's newest rollout of the Java platform. They're also tossing out Edition versions, with a "Micro" edition for Palm Pilots. I say nice...
---
Spammed? Click here for free slack on how to fight it!
I would like to add that they'll be only blocking one server, which is the source of the spams themselves, and not any other server. Your unsolicitated notices of renewal et al over e-mail should be comming in fine if they don't use the same server that the spams are comming from.
---
Spammed? Click here for free slack on how to fight it!
The MAPS RBL has blocked whole backbones before (AGIS, for the Cyberpromotions fiasco they had). Real Networks got thrown in, even after they sent a legal threat to MAPS. MAPS has not received any orders against the listing.
---
Spammed? Click here for free slack on how to fight it!
Well, it's starting. Distributed.net got block-spammed by a broken client, and they did the right thing. They're going to lock down their client now. The previous incident had alot of reason added on to ensure security, but now...
You can't be too paranoid about security now.
---
Spammed? Click here for free slack on how to fight it!