My experience is it, that this reply buttons are good for nothing. You read "enjoy eternal life" or the like and receive new spam from the same sender within a day.
After 10 times eternal life I had enough good karma accumulated for this life and gave up..o)
I can tell what I did - and it's not a half hour job:-( But what else to do?
I put every reliably looking blackhole list into my config (only hesitated with the one, which even keeps yahoo out - for now - they are learning IMO). The lists which are availabe (through zone-transfers or as files) even get loaded into our nameserver, so that we are not depending on their server to be up and reachable day and night. relays.osirusoft.com for example is checked on an hourly base for new files. Believe it or not, the named-process is using 130 MB memory for the blackhole lists.
Then I set up a good visible, established email-address (you know with posting to lists etc) to bypass the blocking rules.
And every spam-sender (of course only the last hop is reliable) who comes through is entered into our private block lists (if it's not yet in the other RBLs).
Results?
Per month about 50 spams are received by this single email-address and 5 new senders added. So ten percent come through - the first time.
By 2006 I assume the whole uu.net block will be in it..o)
Aah, Now I understand you (perhaps) better. Your aim is (at least to include) anonymous sftp access.
Yes, you are right, for that purpose a separate sftp-only ssh is best. That is, if you think that neccessary. Could be an alternative to anon ftp with the added security that a man-in-the-middle could not fumble with the files down- or up-loaded.
But then this is no longer ssh. Such a thing should have it's separate port and individual PAM-file etc. Otherwise you end up where ssh is now - a main ssh authentication process plus a sftp subsystem channel.
Yet overall I think such an approach is too much work compared with the current situation, where sftp is a channel - double updates of similar code etc. The two pieces of code are bound to differ sooner or later.
ssh is in such a wide-spread and security-sensitive use, that patches are bound to be done fast. While your sftp-only ssh might only get second priority.
So overall for authenticated sfpt-access I would prefer to use the standard ssh, after all. And for anonymous (urgh!) access ftp is doing it's job pretty well - especially within a chroot jail or on a separate machine.
Niels Provos' proposal meant to create abstraction layers with different privileges and with practically no common code (a horizontally split of ssh so to say), while your idea creates a vertical split with much code-copying (or #ifdefs or common libraries, which then again spoil your security-objective etc).
Finally it runs down to a matter of 'taste' or 'feeling', I think. My feeling is it, better not to do it. The existing subsystem seperation is allready doing it's job in that area.
Better trust anonymous shh-sftp than anonymous ftp or a totally new piece of software.o)
During the last weeks, a somewhat similiar argument was going on in Europe regarding the patentability of software, but it looks like, this is going to be put down by the European parliament.
And it's standard law in Germany for example, that Employees own their intellectual property, can apply for their own patents even if they are in the field of their employment work etc.
Somehow the all to prominent interest in business in the US seems to have backfired and it became too easy to sell one's individual rights in simple civilian contracts.
So it's time for you to fight again for your freedom - not just overseas with weapons, but this time at home with free speech and free contracts.
Good luck, but don't forget you as a nation have created that situation for yourself.
I agree, IE is the de-facto standard for browsers.
Hence it breaks down to standard browser against standard server.
But there is no need to give up too early from Apache's side. The function is not in wide use yet and will not in the near future IMO. If a web apllication needs authenticication, it will probably also need encryption of the data somewhere down the menu-tree (if only to change the password). Allthough SSL has a higher price-tag (in dollars or cpu-cycles), it also has the advantage of being supported by practically all browsers.
Microsoft is not doing anything which other companies don't do. They are just too big to be ignored, that's the real problem.
But that's our own fault. Why do we buy and use MS products? Why do we program for Microsoft (directly or indirectly)? Could be we all have the same motive$ as M$ has? And are just envious, because if M$ coughs, everyone else has a cold?
No need to change a single line of code in Apache. Apache is the de-facto standard, not IIS.
not all can share the same opinion. But it's good that the decision process is done in public and including explicitly a phase of public feedback.
I'm not getting angry at Sun. They put it a lot of effort into Java and their actual standpoint is - allthough taking a step backwards - somewhat understandable.
Now is the time to participate. Let's not burry our heads in the sand but cast our votes as software developers. I will use the opportunity and object the draft during the following public review. Open Source Software is a must in the 21st century, playing the same role for the computer industry as academic freedom was for science.
And if a large enough number and the majority of us developers is taking a similiar position _and_ participating actively in the public review, the members of the JCP cannot ignore it. We are their potential customers as well as partner in this.
To hide our email addresses or hinder their harvesting is like trying not to be seen by the wrong people when you go to a party. It's useless, every girl can tell you that.
Instead just learn who is right for you and say 'no' to the others.
The effort to install and test that module is wasted - and better put into quick and effective spam-blocking techniques, backed up by propper site policies.
Money is an impersonal way to exchange human services. We all get food, support, shelter from each other. It's just a matter of _how_ we manage that.
Of course in a society of addicted people one need to survive by using the accepted means of social behaviour - impersonal exchange of impersonal drugs.
But we have let the drug take over our thinking and feeling.
If there were no people, what would you do with your money? So we buy support from each other, instead of supporting each other out of friendship, love and joy.
You can have this functionality by giving the user a 'dummy-shell', which is only capable of spawning the sftp-server - perhaps chrooted or not (like ssh.com does it), right? Then the decision wether a full shell is given or just sftp-access is based on the user's shell entry in/etc/passwd. Simple, starightforward and full in tune with the system as it is designed to be.
What do you want to gain from making this decision in the ssh-daemon? You would then have two sshd's running, each on a separate port, but you would still need to define which user is allowed to use which daemon.
So the only thing you 'gain' is the absense of all this channel-overhead (with it's potential bugs), but the price would be to have to maintain two daemons which share a lot of common coding.
I think your proposal would induce more work to be done and is more error-prone because of two daemons to maintain.
To 'filter' out the sftp-server functionality with a simple dummy-shell looks much more secure and is at the same time much less work than to cut ssh into two (or three, or four...) pieces.
I agree, that ideas have their time and have to make the practical life easier. And I also agree, that the GPL is somewhat - say - stubborn. But the latter comes from the fact, that the idea of the GPL has to fight it's way through many layers of money-oriented behaviour.
What I miss from your standpoint is the educational value of Open Source. We never had so many and so well trained and enthusiastic computer programmers before the times of OSS. That's it's real value: education, training how to write good software. A multidimensional training course for hack3rz as well as sysadmins.
you try to sell freedom with the concept, that it will bring more money (or more satisfied customers) later.
So there is the idea in what you say, that money is value and freedom is not (because it needs to be justified). Hence your call for freedom is just that - a call for, but not freedom itself.
The TV set you bought from the money you got while working in the office where you wouldn't be on your own interest. To where you drove in the car you wouldn't need if you'd stay at home with your children. And so on.
What value is it to you, to do what you want?
As a software developer I want to be able to see the source code. That's my fun. Otherwise I'm wrong in the job I'm doing.
Top down or bottom up? Live life from the roots of joy or the dictatorship of money and so called "facts of life" (which are just "fears of life", fear of following one's own feelings)?
If we all had more time we would all do GPL software, if at all. But because 'everybody' wants to get paid, we also have to get paid. And then most of your life becomes something which you don't want to do, but do it for the money - as everybody else.
Slashdot Mirror
My experience is it, that this reply buttons are good for nothing. You read "enjoy eternal life" or the like and receive new spam from the same sender within a day.
.o)
After 10 times eternal life I had enough good karma accumulated for this life and gave up.
I can tell what I did - and it's not a half hour job :-( But what else to do?
.o)
I put every reliably looking blackhole list into my config (only hesitated with the one, which even keeps yahoo out - for now - they are learning IMO). The lists which are availabe (through zone-transfers or as files) even get loaded into our nameserver, so that we are not depending on their server to be up and reachable day and night. relays.osirusoft.com for example is checked on an hourly base for new files. Believe it or not, the named-process is using 130 MB memory for the blackhole lists.
Then I set up a good visible, established email-address (you know with posting to lists etc) to bypass the blocking rules.
And every spam-sender (of course only the last hop is reliable) who comes through is entered into our private block lists (if it's not yet in the other RBLs).
Results?
Per month about 50 spams are received by this single email-address and 5 new senders added. So ten percent come through - the first time.
By 2006 I assume the whole uu.net block will be in it.
Aah, Now I understand you (perhaps) better.
.o)
Your aim is (at least to include) anonymous sftp access.
Yes, you are right, for that purpose a separate sftp-only ssh is best. That is, if you think that neccessary. Could be an alternative to anon ftp with the added security that a man-in-the-middle could not fumble with the files down- or up-loaded.
But then this is no longer ssh. Such a thing should have it's separate port and individual PAM-file etc. Otherwise you end up where ssh is now - a main ssh authentication process plus a sftp subsystem channel.
Yet overall I think such an approach is too much work compared with the current situation, where sftp is a channel - double updates of similar code etc. The two pieces of code are bound to differ sooner or later.
ssh is in such a wide-spread and security-sensitive use, that patches are bound to be done fast. While your sftp-only ssh might only get second priority.
So overall for authenticated sfpt-access I would prefer to use the standard ssh, after all. And for anonymous (urgh!) access ftp is doing it's job pretty well - especially within a chroot jail or on a separate machine.
Niels Provos' proposal meant to create abstraction layers with different privileges and with practically no common code (a horizontally split of ssh so to say), while your idea creates a vertical split with much code-copying (or #ifdefs or common libraries, which then again spoil your security-objective etc).
Finally it runs down to a matter of 'taste' or 'feeling', I think. My feeling is it, better not to do it. The existing subsystem seperation is allready doing it's job in that area.
Better trust anonymous shh-sftp than anonymous ftp or a totally new piece of software
Greetings
During the last weeks, a somewhat similiar argument was going on in Europe regarding the patentability of software, but it looks like, this is going to be put down by the European parliament.
And it's standard law in Germany for example, that Employees own their intellectual property, can apply for their own patents even if they are in the field of their employment work etc.
Somehow the all to prominent interest in business in the US seems to have backfired and it became too easy to sell one's individual rights in simple civilian contracts.
So it's time for you to fight again for your freedom - not just overseas with weapons, but this time at home with free speech and free contracts.
Good luck, but don't forget you as a nation have created that situation for yourself.
I would like to know more about that. Could you post or contact me - zim@vegaa.de ?
If it were done by slashdots we would still be arguing about what name would be best to use for it - slashdotix or slashdontix.
Linus picked exactly the right man for this task - an excelent mixture of representer and maintainer.
You are just jealous.
Marcelo's attitude is exactly the right one for this job. I wouldn't hire someone who think, that this is funny.
I agree, IE is the de-facto standard for browsers.
Hence it breaks down to standard browser against standard server.
But there is no need to give up too early from Apache's side. The function is not in wide use yet and will not in the near future IMO. If a web apllication needs authenticication, it will probably also need encryption of the data somewhere down the menu-tree (if only to change the password). Allthough SSL has a higher price-tag (in dollars or cpu-cycles), it also has the advantage of being supported by practically all browsers.
Time for discussions - not for early give-ins.
It's not a bug - it's a feature ;)
Microsoft is not doing anything which other companies don't do. They are just too big to be ignored, that's the real problem.
But that's our own fault. Why do we buy and use MS products? Why do we program for Microsoft (directly or indirectly)? Could be we all have the same motive$ as M$ has? And are just envious, because if M$ coughs, everyone else has a cold?
No need to change a single line of code in Apache. Apache is the de-facto standard, not IIS.
not all can share the same opinion. But it's good that the decision process is done in public and including explicitly a phase of public feedback.
I'm not getting angry at Sun. They put it a lot of effort into Java and their actual standpoint is - allthough taking a step backwards - somewhat understandable.
Now is the time to participate. Let's not burry our heads in the sand but cast our votes as software developers. I will use the opportunity and object the draft during the following public review. Open Source Software is a must in the 21st century, playing the same role for the computer industry as academic freedom was for science.
And if a large enough number and the majority of us developers is taking a similiar position _and_ participating actively in the public review, the members of the JCP cannot ignore it. We are their potential customers as well as partner in this.
No need to give up too early.
To hide our email addresses or hinder their harvesting is like trying not to be seen by the wrong people when you go to a party. It's useless, every girl can tell you that.
Instead just learn who is right for you and say 'no' to the others.
The effort to install and test that module is wasted - and better put into quick and effective spam-blocking techniques, backed up by propper site policies.
Looks like, he hit a port with a sentry behind it. Should've used IP-spoofing .o)
Money is an impersonal way to exchange human services. We all get food, support, shelter from each other. It's just a matter of _how_ we manage that.
Of course in a society of addicted people one need to survive by using the accepted means of social behaviour - impersonal exchange of impersonal drugs.
But we have let the drug take over our thinking and feeling.
If there were no people, what would you do with your money? So we buy support from each other, instead of supporting each other out of friendship, love and joy.
Hhhm, let me see wether I've understood you.
/etc/passwd. Simple, starightforward and full in tune with the system as it is designed to be.
You can have this functionality by giving the user a 'dummy-shell', which is only capable of spawning the sftp-server - perhaps chrooted or not (like ssh.com does it), right? Then the decision wether a full shell is given or just sftp-access is based on the user's shell entry in
What do you want to gain from making this decision in the ssh-daemon? You would then have two sshd's running, each on a separate port, but you would still need to define which user is allowed to use which daemon.
So the only thing you 'gain' is the absense of all this channel-overhead (with it's potential bugs), but the price would be to have to maintain two daemons which share a lot of common coding.
I think your proposal would induce more work to be done and is more error-prone because of two daemons to maintain.
To 'filter' out the sftp-server functionality with a simple dummy-shell looks much more secure and is at the same time much less work than to cut ssh into two (or three, or four...) pieces.
I agree, that ideas have their time and have to make the practical life easier. And I also agree, that the GPL is somewhat - say - stubborn. But the latter comes from the fact, that the idea of the GPL has to fight it's way through many layers of money-oriented behaviour.
What I miss from your standpoint is the educational value of Open Source. We never had so many and so well trained and enthusiastic computer programmers before the times of OSS. That's it's real value: education, training how to write good software. A multidimensional training course for hack3rz as well as sysadmins.
Well, FreeUser,
you try to sell freedom with the concept, that it will bring more money (or more satisfied customers) later.
So there is the idea in what you say, that money is value and freedom is not (because it needs to be justified). Hence your call for freedom is just that - a call for, but not freedom itself.
You can't eat money, captain...
While the TV set is feeding you children...
The TV set you bought from the money you got while working in the office where you wouldn't be on your own interest. To where you drove in the car you wouldn't need if you'd stay at home with your children. And so on.
What value is it to you, to do what you want?
As a software developer I want to be able to see the source code. That's my fun. Otherwise I'm wrong in the job I'm doing.
Top down or bottom up? Live life from the roots of joy or the dictatorship of money and so called "facts of life" (which are just "fears of life", fear of following one's own feelings)?
If we all had more time we would all do GPL software, if at all. But because 'everybody' wants to get paid, we also have to get paid. And then most of your life becomes something which you don't want to do, but do it for the money - as everybody else.
Is it that, what your kids can learn from you?