My list servers do no such thing. If a list alias doesn't exist, my MTA rejects it w/ a 5xx level SMTP error as it should. My list software would create this type of backscatter if my MTA were misconfigured and accepting email for any left hand side as google's apparently does.
RHEL3 isn't really linux. It's a dead end frankenstein kernel with more bugs than... well than windows, and redhat ignores them. The only way to run EL3 is on a real linux kernel. The 2.5ish backported 2.6 2.4 kernel in RHEL3 is just stupid. My IBM hardware locked up all of the time on it too. Neither RedHat nor IBM could find the problem. Going to real linux kernels fixes the problem. There is definitely something horked in the experimental IO subsystem they yanked out of 2.5.
RedHat unfortunately has a long history of boldly pushing experimental code into their kernels then forcing their customers to live with it after it is proved unstable.
EL4 is a bit better, but red hat is losing ground. Shit, their sales people can't even be bothered to send a quote for bulk pricing.
After reading through all that I feel obligated to comment. It wasn't all drivel, but there are definately points where linux ingnorance comes through. When it comes to packages vs ports, both can work equally well. I tell RH users all the time, if your going to use an RPM based system, stick with vendor supplied RPMs and it works like a charm. It's very much a static product at that point. If you want something that is not in a vendor supplied RPM at least build the RPM from the SRPM and better yet, put in/usr/local or/opt. On the other hand, when I'm on a gentoo or BSD system, you run into a different problem. Version stability. If an end user customer pays some developer to build a spiffy web app they don't want it broken by upgrades. You see companies like this all the time. They outsource dev, and administration to two seperate parties then lose the developers business card. Anyway, when you don't have a lot of control or intimate knowledge of what code make a web app go, or better yet, no idea what it is, it's very nice to be able to apply security errata and maintain version stability. That's where the vender RPM dependancy is good. You just run up2date or yum and poof, You have exactly the same system with exactly the same version of everything, the only difference being the bug is patched, backported. Now Gentoo, and FreeBSD, both of which warm my heart, tend to force rolling upgrades. You can't just port security errata unless you manually fix the code yourself. Instead you upgrade to the secure release. This mean you may be including any number of changes that break any number of things in all that unknown code on the box. This really has gotchas when updating APIs like PHP and sudenly certain global variables no longer exist. Now if your the developer and the sysadmin, no problem right. Just fix it and stop being a wuss. If your joe outsource, your fucked. It will take you two hours to find your developer and sysadmins phone numbers in your rolladex and another 2 to convince them that your emergency is their emergency. Then you have to pay through for the nose while enduring an outage of unknown length for an unknown durration for reasons that you'll never understand while the hired guns poke around and scratch there heads. With version stability much of this scenario is mitigated.
Anyway, I think your view of linux is simplistic and misses all of the strengths and diversity of linux.
Not to give the bastards ideas, but it's only a matter of time before they start doing high profile random prosecutions. Right now people feel safe because they think, I'm not sharing a ton of files, they'll go after the big dogs and leave me alone. But if the RIAA starts doing random prosecutions then people will really get spooked.
My recommendation, boycott RIAA affiliated products. Buy from indy labels. Right to your favorite bands letting them know why you are boycotting and try to persuade them to leave the label and/or speak out in favor of sane legislation.
I think the last idea might be the most effective. If we can get the stars to back a balance between public domain and IP, we can declaw the RIAA and MPAA. This will require some meeting in the middle. Artists are very protective of the work. We must not come out saying everything should be free, but rather that both IP rights and public domain are both very important and need to be preserved. The other part of the problem, the punishment far outwaying the crime. This is harder to fix. Perhaps we need find ways to prosecute companies, congressman, branches of government and judges under the DMCA.
Then drink the cool-aid. If your going to go RH you should us rpms and RHN as much as possible and make every effort to keep custom stuff seperate and out of harms way. Then you can do all your security patches w/ up2date -ui. The trouble is this luxury is gone when they stop releasing RPMs for the system. Meanwhile your stuck compiling and upgrading every time another exploite rolls around. RH has the nice feature of backporting security and bug patches to the old version, so your not locked into beta testing every new release on your currently stable box.
If your going to go the "we can support it ourselves route." Then ditch RH all together. There are much better distros out there to help you manage all the compiling. Think Gentoo or Debian.
It's not the "support" in terms of telling you how to setup your modem, but the precompiled / tested packages that makes the 5 year lifespan worthwhile.
-r.
I just put all of my public files on a big smb share. Nothing beets M$ for secure file sharing. Just don't put none of them underscores in you'r domain names. Those broken legacy unics domain controllers can't read them. Boy... That had me stumped fer a while. Thank god for the helpful M$ community, or I'd still be try'n to email all them big files.
-U6H!
1. Publicly exploiting the virtues of a few stratigicaly chosen OSS (yet still proprietary) products can help them appear to be reformed as they continue to battle the antitrust cases.
2. Exploiting programing resources for free, and helping to foster a community will allow them to offload both production and support costs.
3. By munging the meaning of OSS and blurring the line between there software and GNU software, they can reduce M$ reputation for being evil while silmultaneosly kicking the moral pedistal out from under those pesky OSS advocates.
4. If M$ is doing OSS too, then there is nothing special about it. The whole counterculture is less attractive because it common, not subversive.
5. If you choose to open source on products that have already been adiquetly reverse engineered, you lose nothing and gain all of the above. Think SMB (Samba) minus of course the new basterdised proprietary LDAP and Dynamic DNS components that makes Active Directory a MF to reverse and replace.
If I'm runing a cacheing DNS server on my loopback address, it's a waste of effort to upgrade it even if it has as many wholes as a wheel of swiss cheeze, or worse yet, a M$ OS.
Also, I disagree with the premise that "most sysadmins" tend to neglect security patchs & updates.
Besides.... It's like the counterproductive logic involved when M$ releases a patch to protect agains DOS attacks that crashes 25% of the boxes it's installed on. Here your talking about crashing a box semianually to protect the person from getting hacked. Basically, the person was allready hacked when they installed the termlimited software. Trojaned if you will.
It really must be a slow news day.
Applying this slowed light trick, we can now get an OC48 to cap at 56K.
I'll bet Ameritech is hard at work trying to accomplish this at this very moment.
Just think, it'll be like the good old ARPA net days in no time.
If you just want it to work, and you don't want to switch ISPs right away, don't mess around with circumventing the damn thing. Just badger your ISP into adding the alternate root servers to the hints file on his DNS servers. This will give you a short term fix while you shop for a new ISP. Failing that, stop paying him and sighn his abuse, hostmaster, help@, etc. lists up for some free pr0n.
Incidentaly, I would like to hope this sort of thing is rare. Does anyone have any stats on how often this is done?
I would like to see a nice decoded packet trace so we can see just what the plugin does. It's not important enough to actually install a M$ OS on one of my computers though.
If any of you use this sh-- do us a favor and sniffit so we can see the GET requests. Nothing like the horses mouth to get accurate information. Or maybe it's another part of the horse w/ M$?
BTW: Just in case there is still a M$ user that reads the page, you'll be happy to know that pcap, tcpdump, and ethereal have been ported over to the lesser OS. This means that you can sniff the wire like real men. Do a google search for winpcap, windump, and Ethereal. You won't have to steal any license keys either.
NIMDA, Perhaps the most viscious virus to date, used java in at least mode of propigation that I'm aware of. A small line of java added to all html content on infected servers. This was used to cause an automatic download of readme.eml from an infected webserver when clients viewed webpages hosted by these servers. Outlook would then run the readme.eml file because it assumed it was an innocent.eml attachment file or something. Anyway... It was virus content that initiated the infection process for this particular mode of infection. (I state "this specific mode of infection" since Nimda had at least four major modes of infection.) Nimda was a very special virus though, and it would have been insain to blame SUN for it's small contribution when it was really a plethora of MS problems to blame. In fact, without the defective email clients, the.eml file would have been harmless.
It seems some people yearn for the days when they where the only ones using linux. They are as bad as M$ trying to put themselves on a pedestal by sabotaging other peoples attempt to step out of ignorance.
Business is good. A "mixing of open source and close source ideologies" ends up making a very competitive and successfull candidate. It's not that one or the other is necessarily bad, but that extremes of either become self defeating. Sure RedHat has certain proprietary secrets which they use to make a profit. So what. They also make linux very accessable and allow more people to discover the 'joy' of linux. These heady idealist who scream down with all things proprietary are nothing more than neo-hippy-nihilist-posers who need to think before they parrot. Part of what makes linux and open source such an inspiring concept is that it makes information accessable to the people, and thusly empowers them to some extent. Successfull business' that push open source solutions manage to put the empowering project in more hands, and helps to fuel the ongoing development and exploration in the community. I think it's very symbiotic. The real bitch I think these people have is that money no longer falls out of the trees. Such is the state of the economy. Many of us are finding we have to work for a living. For some of us, this is no revelation. Some of us even find joy in our work.
Slashdot Mirror
My list servers do no such thing. If a list alias doesn't exist, my MTA rejects it w/ a 5xx level SMTP error as it should. My list software would create this type of backscatter if my MTA were misconfigured and accepting email for any left hand side as google's apparently does.
... ...
Cute postfix recipe to help w/ backscatter:
main.cf:
smtpd_restriction_classes =
has_null_sender
has_null_sender =
reject_rbl_client ips.backscatterer.org
reject_rbl_client bl.spamcop.net
smtpd_recipient_restrictions =
check_sender_access hash:/etc/postfix/null_sender
null_sender:
has_null_sender
RHEL3 isn't really linux. It's a dead end frankenstein kernel with more bugs than... well than windows, and redhat ignores them. The only way to run EL3 is on a real linux kernel. The 2.5ish backported 2.6 2.4 kernel in RHEL3 is just stupid. My IBM hardware locked up all of the time on it too. Neither RedHat nor IBM could find the problem. Going to real linux kernels fixes the problem. There is definitely something horked in the experimental IO subsystem they yanked out of 2.5. RedHat unfortunately has a long history of boldly pushing experimental code into their kernels then forcing their customers to live with it after it is proved unstable. EL4 is a bit better, but red hat is losing ground. Shit, their sales people can't even be bothered to send a quote for bulk pricing.
So by writing a virus that sends out Microsoft spam, I can get you to DOS them for me. Sounds cool.
I have a better idea, why don't we all just switch back to pmail. The amazing story is that some bozo actually funded this.
After reading through all that I feel obligated to comment. It wasn't all drivel, but there are definately points where linux ingnorance comes through. When it comes to packages vs ports, both can work equally well. I tell RH users all the time, if your going to use an RPM based system, stick with vendor supplied RPMs and it works like a charm. It's very much a static product at that point. If you want something that is not in a vendor supplied RPM at least build the RPM from the SRPM and better yet, put in /usr/local or /opt. On the other hand, when I'm on a gentoo or BSD system, you run into a different problem. Version stability. If an end user customer pays some developer to build a spiffy web app they don't want it broken by upgrades. You see companies like this all the time. They outsource dev, and administration to two seperate parties then lose the developers business card. Anyway, when you don't have a lot of control or intimate knowledge of what code make a web app go, or better yet, no idea what it is, it's very nice to be able to apply security errata and maintain version stability. That's where the vender RPM dependancy is good. You just run up2date or yum and poof, You have exactly the same system with exactly the same version of everything, the only difference being the bug is patched, backported. Now Gentoo, and FreeBSD, both of which warm my heart, tend to force rolling upgrades. You can't just port security errata unless you manually fix the code yourself. Instead you upgrade to the secure release. This mean you may be including any number of changes that break any number of things in all that unknown code on the box. This really has gotchas when updating APIs like PHP and sudenly certain global variables no longer exist. Now if your the developer and the sysadmin, no problem right. Just fix it and stop being a wuss. If your joe outsource, your fucked. It will take you two hours to find your developer and sysadmins phone numbers in your rolladex and another 2 to convince them that your emergency is their emergency. Then you have to pay through for the nose while enduring an outage of unknown length for an unknown durration for reasons that you'll never understand while the hired guns poke around and scratch there heads. With version stability much of this scenario is mitigated.
Anyway, I think your view of linux is simplistic and misses all of the strengths and diversity of linux.
After the world has accepted the site finder, they will probably rent the wildcard to MSN. I'm sure that would be worth a lot of money.
Not to give the bastards ideas, but it's only a matter of time before they start doing high profile random prosecutions. Right now people feel safe because they think, I'm not sharing a ton of files, they'll go after the big dogs and leave me alone. But if the RIAA starts doing random prosecutions then people will really get spooked. My recommendation, boycott RIAA affiliated products. Buy from indy labels. Right to your favorite bands letting them know why you are boycotting and try to persuade them to leave the label and/or speak out in favor of sane legislation. I think the last idea might be the most effective. If we can get the stars to back a balance between public domain and IP, we can declaw the RIAA and MPAA. This will require some meeting in the middle. Artists are very protective of the work. We must not come out saying everything should be free, but rather that both IP rights and public domain are both very important and need to be preserved. The other part of the problem, the punishment far outwaying the crime. This is harder to fix. Perhaps we need find ways to prosecute companies, congressman, branches of government and judges under the DMCA.
Then drink the cool-aid. If your going to go RH you should us rpms and RHN as much as possible and make every effort to keep custom stuff seperate and out of harms way. Then you can do all your security patches w/ up2date -ui. The trouble is this luxury is gone when they stop releasing RPMs for the system. Meanwhile your stuck compiling and upgrading every time another exploite rolls around. RH has the nice feature of backporting security and bug patches to the old version, so your not locked into beta testing every new release on your currently stable box. If your going to go the "we can support it ourselves route." Then ditch RH all together. There are much better distros out there to help you manage all the compiling. Think Gentoo or Debian. It's not the "support" in terms of telling you how to setup your modem, but the precompiled / tested packages that makes the 5 year lifespan worthwhile. -r.
http://www.riaa.org/contact.cfm
I just put all of my public files on a big smb share. Nothing beets M$ for secure file sharing. Just don't put none of them underscores in you'r domain names. Those broken legacy unics domain controllers can't read them. Boy... That had me stumped fer a while. Thank god for the helpful M$ community, or I'd still be try'n to email all them big files. -U6H!
1. Publicly exploiting the virtues of a few stratigicaly chosen OSS (yet still proprietary) products can help them appear to be reformed as they continue to battle the antitrust cases. 2. Exploiting programing resources for free, and helping to foster a community will allow them to offload both production and support costs. 3. By munging the meaning of OSS and blurring the line between there software and GNU software, they can reduce M$ reputation for being evil while silmultaneosly kicking the moral pedistal out from under those pesky OSS advocates. 4. If M$ is doing OSS too, then there is nothing special about it. The whole counterculture is less attractive because it common, not subversive. 5. If you choose to open source on products that have already been adiquetly reverse engineered, you lose nothing and gain all of the above. Think SMB (Samba) minus of course the new basterdised proprietary LDAP and Dynamic DNS components that makes Active Directory a MF to reverse and replace.
If I'm runing a cacheing DNS server on my loopback address, it's a waste of effort to upgrade it even if it has as many wholes as a wheel of swiss cheeze, or worse yet, a M$ OS. Also, I disagree with the premise that "most sysadmins" tend to neglect security patchs & updates. Besides.... It's like the counterproductive logic involved when M$ releases a patch to protect agains DOS attacks that crashes 25% of the boxes it's installed on. Here your talking about crashing a box semianually to protect the person from getting hacked. Basically, the person was allready hacked when they installed the termlimited software. Trojaned if you will. It really must be a slow news day.
Applying this slowed light trick, we can now get an OC48 to cap at 56K. I'll bet Ameritech is hard at work trying to accomplish this at this very moment. Just think, it'll be like the good old ARPA net days in no time.
If you just want it to work, and you don't want to switch ISPs right away, don't mess around with circumventing the damn thing. Just badger your ISP into adding the alternate root servers to the hints file on his DNS servers. This will give you a short term fix while you shop for a new ISP. Failing that, stop paying him and sighn his abuse, hostmaster, help@, etc. lists up for some free pr0n.
Incidentaly, I would like to hope this sort of thing is rare. Does anyone have any stats on how often this is done?
I would like to see a nice decoded packet trace so we can see just what the plugin does. It's not important enough to actually install a M$ OS on one of my computers though.
If any of you use this sh-- do us a favor and sniffit so we can see the GET requests. Nothing like the horses mouth to get accurate information. Or maybe it's another part of the horse w/ M$?
BTW: Just in case there is still a M$ user that reads the page, you'll be happy to know that pcap, tcpdump, and ethereal have been ported over to the lesser OS. This means that you can sniff the wire like real men. Do a google search for winpcap, windump, and Ethereal. You won't have to steal any license keys either.
NIMDA, Perhaps the most viscious virus to date, used java in at least mode of propigation that I'm aware of. A small line of java added to all html content on infected servers. This was used to cause an automatic download of readme.eml from an infected webserver when clients viewed webpages hosted by these servers. Outlook would then run the readme.eml file because it assumed it was an innocent .eml attachment file or something. Anyway... It was virus content that initiated the infection process for this particular mode of infection. (I state "this specific mode of infection" since Nimda had at least four major modes of infection.) Nimda was a very special virus though, and it would have been insain to blame SUN for it's small contribution when it was really a plethora of MS problems to blame. In fact, without the defective email clients, the .eml file would have been harmless.
It seems some people yearn for the days when they where the only ones using linux. They are as bad as M$ trying to put themselves on a pedestal by sabotaging other peoples attempt to step out of ignorance.
Business is good. A "mixing of open source and close source ideologies" ends up making a very competitive and successfull candidate. It's not that one or the other is necessarily bad, but that extremes of either become self defeating. Sure RedHat has certain proprietary secrets which they use to make a profit. So what. They also make linux very accessable and allow more people to discover the 'joy' of linux. These heady idealist who scream down with all things proprietary are nothing more than neo-hippy-nihilist-posers who need to think before they parrot. Part of what makes linux and open source such an inspiring concept is that it makes information accessable to the people, and thusly empowers them to some extent. Successfull business' that push open source solutions manage to put the empowering project in more hands, and helps to fuel the ongoing development and exploration in the community. I think it's very symbiotic. The real bitch I think these people have is that money no longer falls out of the trees. Such is the state of the economy. Many of us are finding we have to work for a living. For some of us, this is no revelation. Some of us even find joy in our work.
Maybe they just discovered written language, or started writing their tribal history on hides instead of stone tablets.