One of the servers I operate has about 2,000 mailboxes where nearly everyone uses IMAP, the maximum message size size (with all attachments) is 30MB. We regularly have people e-mailing large files (CAD drawings, PDFs, other images, etc.) around as part of their regular business. We get no complaints on speed or downtime. This all runs on a Dell PowerEdge 2950 with plenty of speed, storage, and bandwidth. Snapshot of the settings and mailbox store taken every three hours in case the server fails. I'll leave out our operating system and e-mail server software to avoid a flame war, but it works really well. We're not counting years between reboots on that system though (months and it's usually due to an OS update or e-mail server software upgrade).
I'll throw DtDNS into the mix, which is the service I have operated for the last ten years. There is no public API aside from the IP update for dyamic hosts/domains, but we have built specific APIs for clients in the past. A "search and replace" function for zones will be available on the web site in the near future as well for mass IP changes.
I'm going to add my view as well anyway just for the hell of it. I had a job doing web programming back in 1999-2001, and then went out and started my own "company" in another area. I joined the Chamber of Commerce and got to know people in the area. Eventually I decided to get a "real" job and was hired into the company I wanted when they weren't even really looking for someone based on my reputation in the area. Having been in business myself opened up a lot of experience that you don't usually get sitting behind the computer all the time. Another thing to consider is what kind of company you want to work for. If you're looking for a smaller company where you can have more variety in day-to-day tasks and not so much of the corporate politics and such, a degree isn't required. It may help in some cases, but usually they will look more at experience (can he get the job done) than how much formal education you have. On the other hand, if you're planning to seat yourself in a larger corporation with lots of minions all over the place, the degree will almost certainly push you to the upper third of the list when they are collecting resumes. Personally, I went to community college for about six weeks before I decided to leave school and take a job offer, but my situation was not typical. Results may vary, void where prohibited.
I wouldn't implement this between machines specifically for this reason. If you have multiple SMTP receivers you would have two MX records for each server. Each of those servers would track connections to their own two IP addresses. If machine 1 were down then the remote MTA should advance to MX record 3 (machine 2) and then MX record 4 (also machine 2) where the message would be accepted because that particular SMTP server only tracks connections on its IP addresses. It shouldn't matter if it's primary, secondary, or whatever, as long as the remote MTA advances through the MX records properly then it wouldn't be a problem.
I'd love to hear suggestions for overcoming these hurdles.
Your article seems to indicate that this is something that would be implemented at a firewall level. If it were implemented within the SMTP receiver you could allow the connection to get up to the RCPT TO stage and then use the from/to addresses specified as an ID token instead of the remote IP address. Additionally, if implemented in software you could apply the restrictions to specific domains or mailboxes that you serve which would make the configuration requirements more flexible. Just some thoughts.
It's no wonder, since the article ends with a link to Unlisting - Port Knocking for SMTP
The nolisting article was interesting, but I didn't get that far and didn't see that link, but I'll certainly check it out. Thank you for pointing that out.
Having two MX records for your actual primary has no bearing on whether you have another physical secondary or not. I'm suggesting this as a way for your primary server to block connections from servers that aren't RFC compliant. If you want to have a secondary (which would be the third MX record) this does not stop you from doing so. In fact, if your MX records were configured properly, you could have four MX records (two for primary, two for secondary) and each tracks the order of connections to block broken mail servers. In other words, your SMTP server would have a rule that says a host must connect on IP address 1 first, then connect to IP address 2 within a certain time period (say, an hour). A compliant mail server should not have any problems delivering in this situation, but as noted somewhere above, only a small percentage of connections actually connected to both MX records in their little test. I would be interested to see the results of a test using this setup on a larger scale.
I was reading the article, and suddenly port knocking came to mind. It wouldn't be a far stretch to modify an SMTP server to only reject connections on the lower priority IP address if the source had not tried to first connect to the higher priority IP address.
Instead of blocking the connection to the primary at a firewall or using an "unused" IP address, the primary SMTP server could give a greeting banner and then immediately return a "temporarily unavailable" status code (and cache who was connecting there).
In other words, an RFC compliant MTA should be connecting to the higher priority host as defined by DNS first, then fail over to the lower priorty host, in order. If an MTA tried to connect directly to the secondary MX first it could be rejected with a temporary failure status code which a spammer is likely to ignore. It would require the SMTP receiver to keep a cache of who had connected to what IP addresses within a certain time period which would eat up some memory depending on traffic load. We already cache reverse DNS lookups and RBL lookups, so it could probably be done.
With this setup you would have two MX records for your primary mail server that your SMTP server would be active and listen on. It would just track the order of connections to ensure that the remote MTA was following the rules before it allowed the source to get past the greeting banner.
Not that anyone will care, but when my car ('89 GMC Jimmy) was once owned by a friend of mine, he and another friend went to visit the Cap'n and took him out to lunch. The point: he rode in my back seat once. Too bad I wasn't there with them. Ah well. Move along, nothing interesting here...
And I thought losing SSH access to my BSD server 3000 miles away was a tough break. I can't even imagine what kind of inventive hacks would be needed to restore a lost probe orbiting another planet.
If I don't go to each machine to ensure that Windows Update is disabled...
I believe you can use group policy within your domain to disable Windows Update, or at least direct clients to your own update server (where you can disable specific updates). There really shouldn't be any reason to "go to each machine" to ensure it doesn't get installed over your FireFox setup.
I agree that there are a lot of mail servers that reverse the IP address, but comparing the domain in the reverse entry to the domain in the SMTP FROM command or the From header doesn't make much sense. Any e-mail coming from a legitimate hosting company (like the one I work for) would be blocked. The reverse DNS entry for our IP address is valid and that host resolves back to the IP address (which is how it's supposed to be), but our e-mail server houses mail for upwards of 400 domain names. We certainly do not have a dedicated IP address and reverse entry for each domain. All outgoing e-mail leaves through the same IP address and I cannot recall a time when mail has ever been rejected because the FROM domin didn't match our reverse DNS entry. Sure, the reverse should resolve back to itself, and it's a good idea to have an MX record for the domain pointing to that host (but not required), but I think you're stretching a bit on that last part of your response. I'm sure there is some dumbass out there doing that, but likely few and far between. I'll bet they don't get a lot of mail, legitimate or otherwise based on that thinking.
English as a written language hasn't changed too aweful much over the last 400 years, but it sounds entirely different today than it did back then. Go back much further and you pass through the "great vowel shift" where things really start to get different. I would guess that since Navajo as a language is relatively contained compared to English, it has not had as much opportunity to evolve, so it likely sounds closer to Navajo 600+ years ago (assuming it's that old) than English did over the same time period.
ModusMail by Vircom. Assuming you have a Windows server and a bunch of cash to throw at the problem, spam is pretty much toast with their software. Yeah, I know it's not FOSS, but it is the best tool for the job in my situation and worth a look.
Ten years down the line, having some of my electronics retroactively made illegal to possess?
The RIAA and MPAA are pretty much already working on that with analog audio/video devices, and anything digital that doesn't conform to their DRM standards.
I was running the largest BBS resource online and had been for over a year. When I was 18 I built DtDNS (a dynamic DNS service that is now celebrating seven years in service). I'm sure we all have something special we were working on when we were that age, so, why is this news again?
Perhaps I'm disgruntled because when I was 17 I was getting yelled at by my parents to quit wasting my time with "that computer crap" and to get outside and cut the grass. Now I make more money than they do, hehe.
I'm surprised that they didn't use the fix that every other retailer in the industry uses. Every so often you take a complete inventory using handheld barcode scanning guns. This updates your on hand values to be correct.
They do inventory store-wide on an annual basis that does update the system. The store I was at was open 24/7, so it's nearly impossible to get a 100% accurate inventory count with people shopping while the inventory is being done. Additionally, they have an outside company that performs the inventory as to not disrupt the normal work done by the hourly associates. Even if it's accurate for a while after inventory, it doesn't take long before it gets screwy again.
IIRC, the dept managers are supposed to go through their department on occasion and scan a section and verify the on-hand counts, but they're usually too busy to do any of this data management. Layaway has the same setup where someone is supposed to scan all of the layaway boxes and the rack they are in so that the system can update the location of that box in case it got moved for whatever reason. There's nothing more exciting than a customer coming to get their layaway purchase, which has been in the back room for several weeks so they're all excited to finally own whatever it is, and it's not in the rack the computer says it is. Then you have to search the racks around it, behind it, etc. in the hopes that is just got moved a little bit. During Christmas this can become a nightmare when you have 100 people in line waiting to pick stuff up. Of course, the layaway update scans rarely ever happened either because people are busy, so things would get lost. Looks pretty good on paper though.
Re:New Egg not one of my faves
on
A Look Inside Newegg
·
· Score: 5, Informative
I used to work for Wal-Mart a number of years ago. Their system is called SMART (IIRC, that is Systematic Merchandising and Applied Retail Technology). Their process is known as "perpetual inventory" and for good reason. The computers know how much inventory is in the store at any given time (like any good POS), as well as how many will fit on the shelf, how many come in a case, etc. When it sees that the "on hand" count is getting to the point where the shelf cannot be kept full from overstock, it orders more. It also knows the inventory levels at the warehouse, and how long the delivery will take, so it can make some predictions that result in stock arriving just as the shelf is no longer full. The system also takes into account sales that are coming up and adjusts the order amounts accordingly. Department manager and some floor associates have the ability to manually adjust the on-hand inventory counts, so you can trick it into sending you more of an item if you want to do a department special. It does a lot more than that, and on paper it should result in an almost fully stocked store and and pretty empty back stock room every morning after the previous night's trucks have been worked out to the floor.
In practice, however (at least at the store I worked at), the on-hand counts were always off due to managers screwing up, shrinkage, warehouse mishaps, etc. The result was that some items were almost always out of stock, and others were piled to the ceiling in the back room because the system kept ordering more when we obviously didn't need any more. To complicate matters, you have holidays and seasonal items to account for, and some departments are somewhat independant of the rest of the store (shoes and jewelry come to mind).
And that's just at the store level. I can't imagine what kind of magic lurks at the distribution centers.
I love the space I work in. From what I've heard, you could compare it to a Google type setup. I work in a room with five other people. We all have our own desks, we have windows to the outside along two walls, and we keep the overhead lights turned off during the day. Everyone has their headphones on most of the time while we're working. If someone needs help with anything, it's very quick to just ask the question to the room and someone will respond quickly without needing to get up and track someone down.
We also keep it fun if everyone if burned out after a few hours of coding (or designing... it's a web development production room, so we have many things going on). There is an electronic dart board, darth vader stand-up, and capt. Kirk on the door reminding people to keep it closed. We even keep a unicycle in the space for entertainment.
It can get distracting if you're the only one not burned out when everyone else wants to play, but usually the break is welcomed anyway.
Overall, I wouldn't give it up easily. You'd have to add 30% to my salary to make me take a private office away from the team.
"Plava Lagoona" translates to "Blue Lagoon" in Milla Jovovich's native language. This was meant as an inside joke because that is also the name of another movie she was in before the 5th element. Also, the woman who played the Diva was only in the movie because she was Luc Besson's girlfriend at the time. She was later dumped for Milla, and got sour because she felt that too much of her opera solo got sliced out in favor of the cuts to Milla's fight sequence. Most of this is covered in the special edition features.
Even my fastest XP boxes take several minutes to IPL before you can really start working on them.
You must have some old computers then, or at least some newer crappy ones. I'm on an almost two-year-old Dell workstation with XP Pro SP2 that goes from pushing the power button to usable desktop in 45 seconds. Spec is P4 2.6Ghz w/1GB ram. The SATA hard drive may help also, but still, several minutes?
Several usually implies "more than three" since you could say "a couple" or "a few" to imply two or three. The slowest boot time I've personally experienced is an HP workstation owned by a friend with a P3 1.2 GHz Celeron and 128MB of ram. That took about three minutes to fully boot, and was slow to do ANYTHING because of all the swapping it had to do. Anything slower than that would be unusable, IMHO. We just added another 256MB of ram to her system and it comes up a lot faster, maybe 90 seconds or so now.
Slashdot Mirror
One of the servers I operate has about 2,000 mailboxes where nearly everyone uses IMAP, the maximum message size size (with all attachments) is 30MB. We regularly have people e-mailing large files (CAD drawings, PDFs, other images, etc.) around as part of their regular business. We get no complaints on speed or downtime. This all runs on a Dell PowerEdge 2950 with plenty of speed, storage, and bandwidth. Snapshot of the settings and mailbox store taken every three hours in case the server fails. I'll leave out our operating system and e-mail server software to avoid a flame war, but it works really well. We're not counting years between reboots on that system though (months and it's usually due to an OS update or e-mail server software upgrade).
I'd like to thank Slashdot for once again bringing us timely information from.... wait for it... 2006.
...you get your CPR, you can sing "Still Alive" from Portal.
I'll throw DtDNS into the mix, which is the service I have operated for the last ten years. There is no public API aside from the IP update for dyamic hosts/domains, but we have built specific APIs for clients in the past. A "search and replace" function for zones will be available on the web site in the near future as well for mass IP changes.
But unlike with SUV's, no one uses the size of the airplane they flew in on to compensate for their small dick
You haven't met very many pilots, obviously.
I'm going to add my view as well anyway just for the hell of it. I had a job doing web programming back in 1999-2001, and then went out and started my own "company" in another area. I joined the Chamber of Commerce and got to know people in the area. Eventually I decided to get a "real" job and was hired into the company I wanted when they weren't even really looking for someone based on my reputation in the area. Having been in business myself opened up a lot of experience that you don't usually get sitting behind the computer all the time. Another thing to consider is what kind of company you want to work for. If you're looking for a smaller company where you can have more variety in day-to-day tasks and not so much of the corporate politics and such, a degree isn't required. It may help in some cases, but usually they will look more at experience (can he get the job done) than how much formal education you have. On the other hand, if you're planning to seat yourself in a larger corporation with lots of minions all over the place, the degree will almost certainly push you to the upper third of the list when they are collecting resumes. Personally, I went to community college for about six weeks before I decided to leave school and take a job offer, but my situation was not typical. Results may vary, void where prohibited.
Isn't that what these comments are for?
I wouldn't implement this between machines specifically for this reason. If you have multiple SMTP receivers you would have two MX records for each server. Each of those servers would track connections to their own two IP addresses. If machine 1 were down then the remote MTA should advance to MX record 3 (machine 2) and then MX record 4 (also machine 2) where the message would be accepted because that particular SMTP server only tracks connections on its IP addresses. It shouldn't matter if it's primary, secondary, or whatever, as long as the remote MTA advances through the MX records properly then it wouldn't be a problem.
I'd love to hear suggestions for overcoming these hurdles.
Your article seems to indicate that this is something that would be implemented at a firewall level. If it were implemented within the SMTP receiver you could allow the connection to get up to the RCPT TO stage and then use the from/to addresses specified as an ID token instead of the remote IP address. Additionally, if implemented in software you could apply the restrictions to specific domains or mailboxes that you serve which would make the configuration requirements more flexible. Just some thoughts.
It's no wonder, since the article ends with a link to Unlisting - Port Knocking for SMTP
The nolisting article was interesting, but I didn't get that far and didn't see that link, but I'll certainly check it out. Thank you for pointing that out.
Having two MX records for your actual primary has no bearing on whether you have another physical secondary or not. I'm suggesting this as a way for your primary server to block connections from servers that aren't RFC compliant. If you want to have a secondary (which would be the third MX record) this does not stop you from doing so. In fact, if your MX records were configured properly, you could have four MX records (two for primary, two for secondary) and each tracks the order of connections to block broken mail servers. In other words, your SMTP server would have a rule that says a host must connect on IP address 1 first, then connect to IP address 2 within a certain time period (say, an hour). A compliant mail server should not have any problems delivering in this situation, but as noted somewhere above, only a small percentage of connections actually connected to both MX records in their little test. I would be interested to see the results of a test using this setup on a larger scale.
I was reading the article, and suddenly port knocking came to mind. It wouldn't be a far stretch to modify an SMTP server to only reject connections on the lower priority IP address if the source had not tried to first connect to the higher priority IP address.
Instead of blocking the connection to the primary at a firewall or using an "unused" IP address, the primary SMTP server could give a greeting banner and then immediately return a "temporarily unavailable" status code (and cache who was connecting there).
In other words, an RFC compliant MTA should be connecting to the higher priority host as defined by DNS first, then fail over to the lower priorty host, in order. If an MTA tried to connect directly to the secondary MX first it could be rejected with a temporary failure status code which a spammer is likely to ignore. It would require the SMTP receiver to keep a cache of who had connected to what IP addresses within a certain time period which would eat up some memory depending on traffic load. We already cache reverse DNS lookups and RBL lookups, so it could probably be done.
With this setup you would have two MX records for your primary mail server that your SMTP server would be active and listen on. It would just track the order of connections to ensure that the remote MTA was following the rules before it allowed the source to get past the greeting banner.
Not that anyone will care, but when my car ('89 GMC Jimmy) was once owned by a friend of mine, he and another friend went to visit the Cap'n and took him out to lunch. The point: he rode in my back seat once. Too bad I wasn't there with them. Ah well. Move along, nothing interesting here...
And I thought losing SSH access to my BSD server 3000 miles away was a tough break. I can't even imagine what kind of inventive hacks would be needed to restore a lost probe orbiting another planet.
If I don't go to each machine to ensure that Windows Update is disabled...
I believe you can use group policy within your domain to disable Windows Update, or at least direct clients to your own update server (where you can disable specific updates). There really shouldn't be any reason to "go to each machine" to ensure it doesn't get installed over your FireFox setup.
I agree that there are a lot of mail servers that reverse the IP address, but comparing the domain in the reverse entry to the domain in the SMTP FROM command or the From header doesn't make much sense. Any e-mail coming from a legitimate hosting company (like the one I work for) would be blocked. The reverse DNS entry for our IP address is valid and that host resolves back to the IP address (which is how it's supposed to be), but our e-mail server houses mail for upwards of 400 domain names. We certainly do not have a dedicated IP address and reverse entry for each domain. All outgoing e-mail leaves through the same IP address and I cannot recall a time when mail has ever been rejected because the FROM domin didn't match our reverse DNS entry. Sure, the reverse should resolve back to itself, and it's a good idea to have an MX record for the domain pointing to that host (but not required), but I think you're stretching a bit on that last part of your response. I'm sure there is some dumbass out there doing that, but likely few and far between. I'll bet they don't get a lot of mail, legitimate or otherwise based on that thinking.
English as a written language hasn't changed too aweful much over the last 400 years, but it sounds entirely different today than it did back then. Go back much further and you pass through the "great vowel shift" where things really start to get different. I would guess that since Navajo as a language is relatively contained compared to English, it has not had as much opportunity to evolve, so it likely sounds closer to Navajo 600+ years ago (assuming it's that old) than English did over the same time period.
ModusMail by Vircom. Assuming you have a Windows server and a bunch of cash to throw at the problem, spam is pretty much toast with their software. Yeah, I know it's not FOSS, but it is the best tool for the job in my situation and worth a look.
Ten years down the line, having some of my electronics retroactively made illegal to possess?
The RIAA and MPAA are pretty much already working on that with analog audio/video devices, and anything digital that doesn't conform to their DRM standards.
I was running the largest BBS resource online and had been for over a year. When I was 18 I built DtDNS (a dynamic DNS service that is now celebrating seven years in service). I'm sure we all have something special we were working on when we were that age, so, why is this news again? Perhaps I'm disgruntled because when I was 17 I was getting yelled at by my parents to quit wasting my time with "that computer crap" and to get outside and cut the grass. Now I make more money than they do, hehe.
They do inventory store-wide on an annual basis that does update the system. The store I was at was open 24/7, so it's nearly impossible to get a 100% accurate inventory count with people shopping while the inventory is being done. Additionally, they have an outside company that performs the inventory as to not disrupt the normal work done by the hourly associates. Even if it's accurate for a while after inventory, it doesn't take long before it gets screwy again.
IIRC, the dept managers are supposed to go through their department on occasion and scan a section and verify the on-hand counts, but they're usually too busy to do any of this data management. Layaway has the same setup where someone is supposed to scan all of the layaway boxes and the rack they are in so that the system can update the location of that box in case it got moved for whatever reason. There's nothing more exciting than a customer coming to get their layaway purchase, which has been in the back room for several weeks so they're all excited to finally own whatever it is, and it's not in the rack the computer says it is. Then you have to search the racks around it, behind it, etc. in the hopes that is just got moved a little bit. During Christmas this can become a nightmare when you have 100 people in line waiting to pick stuff up. Of course, the layaway update scans rarely ever happened either because people are busy, so things would get lost. Looks pretty good on paper though.
I used to work for Wal-Mart a number of years ago. Their system is called SMART (IIRC, that is Systematic Merchandising and Applied Retail Technology). Their process is known as "perpetual inventory" and for good reason. The computers know how much inventory is in the store at any given time (like any good POS), as well as how many will fit on the shelf, how many come in a case, etc. When it sees that the "on hand" count is getting to the point where the shelf cannot be kept full from overstock, it orders more. It also knows the inventory levels at the warehouse, and how long the delivery will take, so it can make some predictions that result in stock arriving just as the shelf is no longer full. The system also takes into account sales that are coming up and adjusts the order amounts accordingly. Department manager and some floor associates have the ability to manually adjust the on-hand inventory counts, so you can trick it into sending you more of an item if you want to do a department special. It does a lot more than that, and on paper it should result in an almost fully stocked store and and pretty empty back stock room every morning after the previous night's trucks have been worked out to the floor.
In practice, however (at least at the store I worked at), the on-hand counts were always off due to managers screwing up, shrinkage, warehouse mishaps, etc. The result was that some items were almost always out of stock, and others were piled to the ceiling in the back room because the system kept ordering more when we obviously didn't need any more. To complicate matters, you have holidays and seasonal items to account for, and some departments are somewhat independant of the rest of the store (shoes and jewelry come to mind).
And that's just at the store level. I can't imagine what kind of magic lurks at the distribution centers.
I love the space I work in. From what I've heard, you could compare it to a Google type setup. I work in a room with five other people. We all have our own desks, we have windows to the outside along two walls, and we keep the overhead lights turned off during the day. Everyone has their headphones on most of the time while we're working. If someone needs help with anything, it's very quick to just ask the question to the room and someone will respond quickly without needing to get up and track someone down.
We also keep it fun if everyone if burned out after a few hours of coding (or designing... it's a web development production room, so we have many things going on). There is an electronic dart board, darth vader stand-up, and capt. Kirk on the door reminding people to keep it closed. We even keep a unicycle in the space for entertainment.
It can get distracting if you're the only one not burned out when everyone else wants to play, but usually the break is welcomed anyway.
Overall, I wouldn't give it up easily. You'd have to add 30% to my salary to make me take a private office away from the team.
"Plava Lagoona" translates to "Blue Lagoon" in Milla Jovovich's native language. This was meant as an inside joke because that is also the name of another movie she was in before the 5th element. Also, the woman who played the Diva was only in the movie because she was Luc Besson's girlfriend at the time. She was later dumped for Milla, and got sour because she felt that too much of her opera solo got sliced out in favor of the cuts to Milla's fight sequence. Most of this is covered in the special edition features.
Even my fastest XP boxes take several minutes to IPL before you can really start working on them.
You must have some old computers then, or at least some newer crappy ones. I'm on an almost two-year-old Dell workstation with XP Pro SP2 that goes from pushing the power button to usable desktop in 45 seconds. Spec is P4 2.6Ghz w/1GB ram. The SATA hard drive may help also, but still, several minutes?
Several usually implies "more than three" since you could say "a couple" or "a few" to imply two or three. The slowest boot time I've personally experienced is an HP workstation owned by a friend with a P3 1.2 GHz Celeron and 128MB of ram. That took about three minutes to fully boot, and was slow to do ANYTHING because of all the swapping it had to do. Anything slower than that would be unusable, IMHO. We just added another 256MB of ram to her system and it comes up a lot faster, maybe 90 seconds or so now.