All they nned to do is to restrict SMTP outbound connections to their own mailservers.
Ummm.... no, that alone won't do it. They also have to have vigorous spam and virus controls on their mail server. Otherwise the ISP's mail servers will just relay the spam and viruses. SWEN for instance sends itself via the ISP's "proper" relay.
For example, ISPs that send me plenty of spam and viruses relayed through their main mail servers are: arnet.com.ar, bigpond.com, btinternet.com, libero.it, singnet.com.sg, videotron.ca, wanadoo.fr
Case in point. Blocking port 25 doesn't stop spam. Booting your spamming customers does.
We in the anti-spam community have been yelling this for a while. Since early 2004, most spam is sent through unwitting zombies (compromised Windows hosts) that are remotely controlled spam bots. This is not just an open relay issue. These hosts are hacked in an automated fashion and loaded with spamming software.
Now obviously, there's a lot an ISP can do about this and it doesn't have to be as drastic as blocking port 25 outright. Users which generate suspicious amounts of TCP port 25 traffic could be reassigned IP addresses from a probation-class pool. That is, hosts within that netblock might not be allowed to make port 25 connections, or might be advertised to the world as block-on-sight.
I signed up for a free account. It does work, it's fast and convenient enough. But there's a major problem...
INSTANT OPEN RELAY.
All a spammer has to do is forge their From address (the only means of relay authentication!) and append.didtheyreadit.com to any victim address, and dtri1.rampellsoft.com will relay the message to the victim. I'd say this service has a 10% chance of survival.
You might mod me as troll for this, but I swear to god this is true. Sometimes fact is weirder than fiction; and if you can't accept this, then your loss, I guarantee you.
Back when I was in high school, there was this devilishly attractive girl, real cute, that never seemed to end up dating anyone. I always wondered about that... now she's gone to Hollywood, by the way.
A few years later, a close mutual friend revealed to me Jessica's big secret: she had an intense nerd fetish. In fact, all those high school years apparently she had been swooning over Tyler, the nerdiest dweeb in school. Tyler once tripped and fell down a freakin' hill while chasing after the school bus. And his voice was really, really funny.
OK, so here's my point: some (really hot) girls love nerds. Even the seriously nerdiest guys could pick up hot chicks. Weird huh? An action figure like this could actually turn on some ladies.
Better safe than sorry? Or better private than safe?
You would absolutely think, that in a country that values freedom and individuality so much that the government would give people a large margin of benefit of the doubt. Or is the whole "freedom" thing just a fiction? My textbooks still stay that Americans value freedom and free speech more than Canadians, for example... but you wonder.
I think it's kind of stupid for Richter to sue Spamcop. Scott Richter's "WholesaleBandwidth, Inc." is responsible for a ton of spamming, and he's being appropriately blocked for it. For example, look up 69.6.21.150 at OpenRBL to see just how fscked Richter is. You don't appear on 14 blocklists unless you are a spammer.
Although spamvertised web sites themselves may be hosted in China, most of the hosts actually relaying spam are on American broadband connections (100% of these spamming zombies are running Microsoft Windows). And we still know that Americans are behind almost all the world's spam.
What advantages over slackware?
on
Fedora Core 2 Review
·
· Score: 2, Insightful
Slackware has been the most straightforward distribution I have used - no frills; lean, easy to upgrade packages, and no tricks. For those already familiar with the technical aspects of *NIX administration, is there any advantage of Fedora over Slackware?
Maybe the increased cost is worth it? If industry loses billions of dollars a day due to spam (which is carried through insecured Windows hosts) and associated viruses, worms, and intrusions, then aren't you paying for the cheap software in another way?
Crappy software is all around us (obviously). It may not seem like a huge tragedy that, say, Microsoft Windows has so many security problems but the unfortunate reality is that the entire Western Economy heavily relies upon software that is so fragile that fresh installations become compromised within minutes.
Since so much of what we depend on these days is powered by software, I can't help but feel that industrial software development should be taken under the wing of Engineering. Why, you say? Well, professional fields like medicine, law, and engineering associate a duty to public safety with the job, and the regulatory bodies for the professions ensure that individuals who practice irresponsibly will lose their profesional status.
There is no such accountability for software development. Look at Microsoft Windows, that our banks and governments rely upon! I think such a product would be much higher quality if the coders working on it were professionals and had to adhere to Codes; violating their professional duties would mean severe personal consequences. And the firm itself (Microsoft) would be legally liable if it produced a shoddy, dangerous product!
Oh, I see -- you're referring me to the site run by Steve Milloy, of the Cato Institute. Hmmm the Cato Institute what was that again; oh yeah! A surprisingly pro-corporate think-tank in Washington that has been a key resource for Republican leaders. And who runs the place? Well by the looks of it, both media moguls John C. Malone and Rupert Murdoch have served on the board of directors. No wonder the institute is doing so well; it's financed by Chevron Companies, Exxon Company, Shell Oil Company and Tenneco Gas, as well as the American Petroleum Institute, Amoco Foundation and Atlantic Richfield Foundation. Cato's pharmaceutical donors include Eli Lilly & Company, Merck & Company and Pfizer, Inc. (reference)
Follow the money. If you seriously think that the web site you referenced has legitimate, unbiased opinions then you are waay off.
Re:pfft Re:Cost to society
on
Out of Gas
·
· Score: 1
I don't see why your lot thinks that gas should just magically cost more than it does, just because you (theoretically) don't like it.
No, I don't think it should cost more just because I don't like it.
What I'm saying, politics aside, is that the price of oil (and gasoline) does not accurately reflect the cost that these substances and their associated industries have on the globe. Costs and consequences that are external to the market simply aren't taken into consideration; yet we all pay the costs and consequences in one way or another.
Cost to society
on
Out of Gas
·
· Score: 3, Interesting
Americans have long been enjoying underpriced gas. Why the big surprise that the levels are rising to something that more accurately reflects the cost to society? It's not unfair, it's not a conspiracy, it's just about time.
More generally (and more importantly) oil is underpriced, period. Look at the costs to society:
Increased CO2 emissions, with decreasing carbon sinks (we're losing all our forests). How is the planet going to assimilate all the extra CO2? It won't happen magically!
Petrol-based products, namely plastics, litter landfills and sewege. Every day there is an increasing mass of garbage on earth. You know calculus... what happens to a system when your entry rate is high and your exit rate is low (slow assimilation by nature)
I'm sure there are others, but I'm a busy man
PHP security all relies on the coder
on
Hardened PHP
·
· Score: 4, Interesting
It's all about how the coder writes his/her software, same with C, or Java, or anything else. I am directly aware of several breakins using PHP, and none of them used buffer overflows or anything so low level.
The most interesting one I saw used a programming flaw (note: not PHP's fault) to execute arbitrary commands to get the web server to download, compile, and execute a telnetd-like program for remote logins. Once the attacker had gained access via user nobody, they ran one of several trivial Linux local root exploits to get root. Don't kid yourself, Linux ain't all that secure.
You mean like finding out the construction flaws in skyscrapers
I was under the impression that (in the US and EU) it's different when you're breaking encryption to expose flaws, because the process of breaking encryption violates the widened span of copyright law made possible by WIPO (manifested as the DMCA).
Doesn't this violate the DMCA or something? I don't want to get this guy in trouble, I'm just trying to figure out if this is the kind of research I'm allowed to pursue in an american university.
Currently in Canada, the Supreme Court of Canada and Federal Court of Canada have both ruled (in response to the music industry lobby) that downloading and copying music for yourself is allowed under fair use; sharing your music with friends is fair use; and ISPs do not have to reveal the identity of their customers to an angry recording industry.
Now it looks like things are going to change, and soon we will have the same situation as there is in the United States. The recording industry lobby, spearheaded by Canadian Recording Industry Association, CRIA is pushing our legislators to overhaul Canadian copyright law. The model for the changes is WIPO, which is implemented in the United States as DMCA.
Dammit, doesn't this look familiar? Are you scared yet?? The corporate lobby is rewriting laws that our courts have already decided are fair. Please speak up! Sign our petition for user's rights, if you're Canadian. Sign it, mail it to us, and we'll take them all to Parliament. We need to show parliament that we have demands as users of media, and that we will exercise our votes.
When I first learned about this (on slashdot actually) I tried building a couple hard drive speakers for our university lounge. They actually worked pretty well, the only hard part being soldering to the thin, insulated wires (need to sandpaper down to reveal wire).
We hooked it up to extra speaker outputs on the back of an ancient radio amp in our lounge so you can switch from regular speakers to hard drive speakers. The hard drives are actually wedged into corners of a wooden cabinet, and the real nice effect is because they cause the wood to resonate. Overall, the output is pretty loud!
I'll just keep my figners crossed that we dont "import" this or a similar law to Canada.
Please, I beg you, do more than that! After that Federal Court of Canada ruling (that file/music sharing is legal within Canadian copyright law) the Heritage Minister changed her tune all of a sudden... gee I wonder why? A stroke of pity for the CRIA, no doubt. What happened in the US and EU is slowly happening here in Canada too. Let's fight it, because really these government measures are meant to give the industry what it wants without concern for citizens' rights, or desires.
Please, Canadians, take note: our copyright laws are about to get fscked up by the powerful industry lobbies. You can voice your opposition; start by getting involved here, join our forum. We're working on a Petition For Users's Rights to impress upon the government that Canadian Copyright law is fine as it is. We're starting to contact media outlets and get our press release out. We need more volunteers.
Danger, danger! Don't get complacent. Our friggin' Heritage Minister is now in bed with the recording industry and wants to amend Canadian copyright law to give record labels more power. Get involved now to stop this from happening - join the forum and get organized.
Re:Great software, bad hardware
on
Postfix 2.1 Released
·
· Score: 2, Informative
When that old CPU fan craps out, a fast Postfix will do no good.
You're absolutely right. We're in the process of moving to some proper FreeBSD colocated servers (but then, what will I do with all the spare computing power)?
Slashdot Mirror
For example, ISPs that send me plenty of spam and viruses relayed through their main mail servers are: arnet.com.ar, bigpond.com, btinternet.com, libero.it, singnet.com.sg, videotron.ca, wanadoo.fr
Case in point. Blocking port 25 doesn't stop spam. Booting your spamming customers does.
We in the anti-spam community have been yelling this for a while. Since early 2004, most spam is sent through unwitting zombies (compromised Windows hosts) that are remotely controlled spam bots. This is not just an open relay issue. These hosts are hacked in an automated fashion and loaded with spamming software.
Now obviously, there's a lot an ISP can do about this and it doesn't have to be as drastic as blocking port 25 outright. Users which generate suspicious amounts of TCP port 25 traffic could be reassigned IP addresses from a probation-class pool. That is, hosts within that netblock might not be allowed to make port 25 connections, or might be advertised to the world as block-on-sight.
I signed up for a free account. It does work, it's fast and convenient enough. But there's a major problem...
.didtheyreadit.com to any victim address, and dtri1.rampellsoft.com will relay the message to the victim. I'd say this service has a 10% chance of survival.
INSTANT OPEN RELAY.
All a spammer has to do is forge their From address (the only means of relay authentication!) and append
You might mod me as troll for this, but I swear to god this is true. Sometimes fact is weirder than fiction; and if you can't accept this, then your loss, I guarantee you.
Back when I was in high school, there was this devilishly attractive girl, real cute, that never seemed to end up dating anyone. I always wondered about that... now she's gone to Hollywood, by the way.
A few years later, a close mutual friend revealed to me Jessica's big secret: she had an intense nerd fetish. In fact, all those high school years apparently she had been swooning over Tyler, the nerdiest dweeb in school. Tyler once tripped and fell down a freakin' hill while chasing after the school bus. And his voice was really, really funny.
OK, so here's my point: some (really hot) girls love nerds. Even the seriously nerdiest guys could pick up hot chicks. Weird huh? An action figure like this could actually turn on some ladies.
I think it's kind of stupid for Richter to sue Spamcop. Scott Richter's "WholesaleBandwidth, Inc." is responsible for a ton of spamming, and he's being appropriately blocked for it. For example, look up 69.6.21.150 at OpenRBL to see just how fscked Richter is. You don't appear on 14 blocklists unless you are a spammer.
Although spamvertised web sites themselves may be hosted in China, most of the hosts actually relaying spam are on American broadband connections (100% of these spamming zombies are running Microsoft Windows). And we still know that Americans are behind almost all the world's spam.
Slackware has been the most straightforward distribution I have used - no frills; lean, easy to upgrade packages, and no tricks. For those already familiar with the technical aspects of *NIX administration, is there any advantage of Fedora over Slackware?
Maybe the increased cost is worth it? If industry loses billions of dollars a day due to spam (which is carried through insecured Windows hosts) and associated viruses, worms, and intrusions, then aren't you paying for the cheap software in another way?
Crappy software is all around us (obviously). It may not seem like a huge tragedy that, say, Microsoft Windows has so many security problems but the unfortunate reality is that the entire Western Economy heavily relies upon software that is so fragile that fresh installations become compromised within minutes.
Since so much of what we depend on these days is powered by software, I can't help but feel that industrial software development should be taken under the wing of Engineering. Why, you say? Well, professional fields like medicine, law, and engineering associate a duty to public safety with the job, and the regulatory bodies for the professions ensure that individuals who practice irresponsibly will lose their profesional status.
There is no such accountability for software development. Look at Microsoft Windows, that our banks and governments rely upon! I think such a product would be much higher quality if the coders working on it were professionals and had to adhere to Codes; violating their professional duties would mean severe personal consequences. And the firm itself (Microsoft) would be legally liable if it produced a shoddy, dangerous product!
Follow the money. If you seriously think that the web site you referenced has legitimate, unbiased opinions then you are waay off.
What I'm saying, politics aside, is that the price of oil (and gasoline) does not accurately reflect the cost that these substances and their associated industries have on the globe. Costs and consequences that are external to the market simply aren't taken into consideration; yet we all pay the costs and consequences in one way or another.
More generally (and more importantly) oil is underpriced, period. Look at the costs to society:
It's all about how the coder writes his/her software, same with C, or Java, or anything else. I am directly aware of several breakins using PHP, and none of them used buffer overflows or anything so low level.
The most interesting one I saw used a programming flaw (note: not PHP's fault) to execute arbitrary commands to get the web server to download, compile, and execute a telnetd-like program for remote logins. Once the attacker had gained access via user nobody, they ran one of several trivial Linux local root exploits to get root. Don't kid yourself, Linux ain't all that secure.
Doesn't this violate the DMCA or something? I don't want to get this guy in trouble, I'm just trying to figure out if this is the kind of research I'm allowed to pursue in an american university.
Currently in Canada, the Supreme Court of Canada and Federal Court of Canada have both ruled (in response to the music industry lobby) that downloading and copying music for yourself is allowed under fair use; sharing your music with friends is fair use; and ISPs do not have to reveal the identity of their customers to an angry recording industry.
Now it looks like things are going to change, and soon we will have the same situation as there is in the United States. The recording industry lobby, spearheaded by Canadian Recording Industry Association, CRIA is pushing our legislators to overhaul Canadian copyright law. The model for the changes is WIPO, which is implemented in the United States as DMCA.
Dammit, doesn't this look familiar? Are you scared yet?? The corporate lobby is rewriting laws that our courts have already decided are fair. Please speak up! Sign our petition for user's rights, if you're Canadian. Sign it, mail it to us, and we'll take them all to Parliament. We need to show parliament that we have demands as users of media, and that we will exercise our votes.
Exactly
When I first learned about this (on slashdot actually) I tried building a couple hard drive speakers for our university lounge. They actually worked pretty well, the only hard part being soldering to the thin, insulated wires (need to sandpaper down to reveal wire).
We hooked it up to extra speaker outputs on the back of an ancient radio amp in our lounge so you can switch from regular speakers to hard drive speakers. The hard drives are actually wedged into corners of a wooden cabinet, and the real nice effect is because they cause the wood to resonate. Overall, the output is pretty loud!
I think Microsoft's BASIC was GW-BASIC, which I was told stands for Gates, William (Bill)
Please, Canadians, take note: our copyright laws are about to get fscked up by the powerful industry lobbies. You can voice your opposition; start by getting involved here, join our forum. We're working on a Petition For Users's Rights to impress upon the government that Canadian Copyright law is fine as it is. We're starting to contact media outlets and get our press release out. We need more volunteers.