Having read the article, it would have been nice if the bar graphs had been consistent... but, that's not the problem. As mentioned by others, a very large criteria for non-home users is damage tolerance, and, to an equal extent, the lack of any tendency for the driver to damage the file system (aka "stability"). And, in this day of databases, the ability to handle large files is increasingly important.
I'm rapidly approaching the point where I need support for file sizes greater than 2GB. Quite frankly, most of what I've found about file sizes and file systems is 2 to 4 years old... Everyone's too concerned with speed!
The evidence supports locking down user machines to doing tasks for work only
Sometimes, that's impossible. Try to syncronize a Palm Pilot or compatible with Outlook when you're not running as a system adminstrator under XP. It won't work.
The unfortunate thing is that those people who have PP's are often the ones paying your salary, and they would not be happy with the idea that they might be blocked from updating them.
Trying to argue security with them is (usually) pointless - they've already made several bad security decisions (Windows servers, Exchange running on those servers, Outlook running on the local machine), so your piddly little concerns with security are unimportant!
Opt-in can only be claimed when you have proof that someone visited a site or sent an email or did SOMETHING. However, if these are the people I think they are, they have sent hundreds of "opted-in" emails to a number of addresses that have not been valid on our system for longer than this clown has known what "email" meant... and before commercial websites existed.
Build a bot FOR the Hubble, maybe even with its own solar charging station. After that, you just launch the repair parts needed at any particular time in a supply rocket...
The latest problem I've been having with local lists is that there have been a small, but significant migration of certain ISPs, particularly HOTMAIL/MSN, YAHOO, COMCAST, RoadRunner and SBC, who are putting up legitimate mail servers in what has previously been dial-up space. I'm having to reclassify one or two subnets a week over the last six months... Of course, that doesn't mean these haven't been spam messages coming through these new servers - a lot of it has been.
I am, however, getting to the point of blocking all of AOL's "rly-ipnn.mx.aol.com" relay servers... I see less than 50% of the traffic through these servers having AOL.COM addresses attached, because they seem to be generic relays, which can be used by anyone attached to AOL's network.
The use of ANY blacklist is OPTIONAL on the part of an ISP. And, in the case of the article in question, the lists mentioned are (and have been) more agressive than most people would like.
We only block based on a few external lists (ORDB, SpamCop, Blitzed Proxy), and then, not unconditionally. 90% of our blocks are done by internally generated lists, because we do have to receive mail from compromised sources at times... our business customers have clients in countries that are notorious for spamming, and even on ISPs that are bad.
That said, we do not accept any mail on the first pass from a large number of subnets, varying in size from/24 up to/8's, and a growing number of European subnets are on that list - not just Spanish ones. Mail from these subnets is "soft-bounced" (given a 451 error code) until it can be reviewed for legitimacy. And anything that doesn't have at least 1 retry is judged to be a proxy-based spam attempt.
Now, I will check bounces against some of the more agressive lists in deciding whether to make exceptions for these "soft bounces", but the final authority is a check with the customer on anything questionable. A million-customer ISP can't do that; that's one of our advantages...
Kyoto is a useless collection of retoric. Have you ever looked at the maps of global green-house gas sources? Overall, because of our ever-increasing forests, the U.S. is a CO2 sink, whereas places like China and the South American continent are sources. And Kyoto excludes those countries from compliance, because they can't afford it...
The U.S. might be the largest per-capita consumer of energy in the world, but we are also the ones who can afford to do it cleanly, and do so.
This is why you run as a restricted user rather than administrator or power user.
This advice works well. And, I wish I could follow it universally on client machines. Unfortunately, any user that needs to syncronize their Palm Pilot with Outlook can't, unless they're an administrator. So every "executive" must have adminstrator privilages for their machine, even though they're also the least likely to understand the security implications of this.
Also, some virus scanners can't update their signature files without adminstrator privileges, meaning you either make the user an adminstrator (power user doesn't cut it), or you don't keep them up-to-date on virus scanning without an adminstrator hitting each and every machine.
Default setting for PCCillin is to check EVERY TEN MINUTES for signature updates, and the longest interval it will allow you to set for auto-updates is ONE HOUR.
Unfortunately, the version we have (2003) requires administrator level access to the system to install an update, and we do not allow users to have that, simply because it stop most worms/trojans/viruses from being able to install themselves. So, automatic updates don't work.
How long has Macro security been set to high by default now?
The fact that it needs to be set high is a problem. And, the way to make legitimate things work under these circumstances is a PITA.
I have a customer for whom I wrote a global-to-their-network WordPerfect macro. It "draws" their letterhead on a new document, and must be uniform across all machines, but be changeable from a central point. No problem in WP; each machine has a macro button with a path to the letterhead macro on the network.
Enter Word. The client wants to move to Word, since "everything" everyone else sends them is a Word document, and the conversion to WP isn't exact. I re-wrote the macro for Word; it was simple enough to do, and is actually more capable.
Unfortunately, macro security won't let me share that macro across machines, because it is "untrusted". To do it, I have to get a certificate from a trusted authority, tell each Word installation to trust that source, then sign the macro with the certificate, each time it is changed... Not something the client wants to go through.
(Even then, it still has to live within a template, which won't work because each user within the office has their own, customized, templates, meaning it still can't be global.)
Law offices have been canvasing arrest reports to generate solicitation letters for decades. Used to be, they sent a secretary into the courthouse to transcribe the names/addresses and charges from the public record. When court records were computerized and modems became wide-spread, they used dial-up access to those records. Now, they have direct internet access through subscription services.
I guess the "new" thing here is emailing the solicitation?
The solution is to block at the DNS level, not the IP level. If a DNS request comes in for any host in, say, "er4dde.com" or "decpharms4.com", you don't don't ask the spammer's DNS server where they are, you return the previously-suggested redirection to a spam warning page...
This also kills the spammers that use the proxy drones created by SoBig et al, 'cuz they'll never reach the drone farm...
And if referendums are such an evil, why do many US states hold them?
Gee, I don't remember mentioning referendums, or implying that they are evil. That's done mostly politicians who hate the idea of living under restrictions that referendums often impose upon their spending habits. Referendums are usually hard to get on ballots, in part because it will take a lot of activism (and anger to drive it) to bring it to a vote.
As for referendums to kill some minority group, they would be struck down by enforcing our Constitution - no matter how "democratic" the referendum was.
It's about time Americans stopped calling themselves a democracy.
Quite right! If we were truly a democracy, we could vote all sorts of evil upon any group too small to gather 50.1% of the electorate!
Don't like [insert ethnic group here]? In a true democracy, you could vote to have them ousted from the country, or make it legal to kill them. The mob truly rules.
I'm glad I live in a representative republic...
The only Real software I have use for...
on
Real's Reality
·
· Score: 4, Insightful
... is the uninstall program. My Dell laptop came with it installed, but it was gone shortly after I saw the icon come up on the first boot. I can't stand nag-ware, and even the paid-for versions of RealPlayer nag you incessantly about upgrading to the version-of-the-week.
What has this to do with Real Network's market share? Hopefully, a LOT!
In my opinion, the ATX power supply should go out the window. There's no reason to be cramming 500 watt power supplies in such a cramped box.
When you're designing a proprietary computer, you can do whatever you damn well please with the power supply. In the early days, Dell and Gateway did exactly that for their desktops... and EVERYONE does for their laptops.
The problem comes when they fail - and they will! - and you're up against a deadline. On more than one occasion I've had to pull hard drives out of such machines and plug them into something else to retrieve data that was needed NOW, and the proprietary replacement wouldn't arrive for a few days...
We are "stuck" with the AT power supply form factor because you can always run out and buy a replacement when it burns up, without waiting for the manufacturer (assuming they're still in business) to get back from a surfing break to take your order.
Yep, they're going to have some trouble in court with these... The very first IP listed, 200.63.21.82, is listed as an open mail relay server in Argentina, that may also be an open proxy... And I also recognize dozens of other non-US IPs.
I wonder if the Korean sites listed are shaking in their boots? B-)
Then explain to me why we rolled out a PHP solution to a major corporation's web problems in 6 weeks that was faster, more flexible, and closer to their design specifications than the as-yet-unfinished "enterprise-capable".NET solution they've had dozens of "professional" programmers working on for 24 months? And we didn't use the OOP portions of PHP to do it... except for some readily-available classes we used for email and XML integration.
As another post stated, you do not need OOP for anything. It does help encapsulate ideas, and I'm all for OOP in a large variety of settings, including machine control. However, it also gets in the way of soooo many things, and is often a cause of slow execution in the interpreted environments usually found in web design. If you're not dealing with an optimized, compiled language, I wouldn't bother.
The problem is that, if you don't have the patches, you are likely to get blasted before your "virgin PC" could download the patches...
I was looking for a way to do it from a safe computer, i.e., Linux-based. But, thanks - I didn't know about the customization, since I rarely do much on windowsupdate.microsoft.com other than click "Scan for updates".
Yes, I did find a way to do it, once I took the time to use Mozilla to access Microsoft.com... It complained a few times that I was using the wrong software, before letting me into the Microsoft Download Center, but you then have to go through a bunch of menus to get to EACH of the download files.
Probably the most important patch is the Blaster patch, but there's dozens of others that should be included on a disk...
a nice live-CD distro like Knoppix or Mepis means you can download patches without racing the worms, and install your patches while offline.
Just where do you download the patch files to do this? I'd love to have a way to maintain an up-to-date patch disk for XP, since I support several dozen XP boxes. Not having to run Windows Update on them individually would be SOOOOO nice!
Being in the midwest, I'd appreciate it if LinuxWorld moved around a bit. If, for example, it were in Chicago, I'd definitely attend. With it in New York, I won't (not can't - won't). Boston is a "probably not". It's more a prejudice on my part against those towns than anything else.
Other towns mentioned by posters, like Atlanta, or places like St. Louis, Detroit, Minneapolis/St. Paul, etc., are much more "pleasant" to my mind, if further from stuff like Broadway shows and such.
Let's see... Osama has most of his people converging on IRAQ to kill themselves in the name of mayhem, rather than trying it here... Certainly no additional safety involved there!
Slashdot Mirror
I'm rapidly approaching the point where I need support for file sizes greater than 2GB. Quite frankly, most of what I've found about file sizes and file systems is 2 to 4 years old... Everyone's too concerned with speed!
Sometimes, that's impossible. Try to syncronize a Palm Pilot or compatible with Outlook when you're not running as a system adminstrator under XP. It won't work.
The unfortunate thing is that those people who have PP's are often the ones paying your salary, and they would not be happy with the idea that they might be blocked from updating them.
Trying to argue security with them is (usually) pointless - they've already made several bad security decisions (Windows servers, Exchange running on those servers, Outlook running on the local machine), so your piddly little concerns with security are unimportant!
Opt-in can only be claimed when you have proof that someone visited a site or sent an email or did SOMETHING. However, if these are the people I think they are, they have sent hundreds of "opted-in" emails to a number of addresses that have not been valid on our system for longer than this clown has known what "email" meant... and before commercial websites existed.
Build a bot FOR the Hubble, maybe even with its own solar charging station. After that, you just launch the repair parts needed at any particular time in a supply rocket...
I am, however, getting to the point of blocking all of AOL's "rly-ipnn.mx.aol.com" relay servers... I see less than 50% of the traffic through these servers having AOL.COM addresses attached, because they seem to be generic relays, which can be used by anyone attached to AOL's network.
We only block based on a few external lists (ORDB, SpamCop, Blitzed Proxy), and then, not unconditionally. 90% of our blocks are done by internally generated lists, because we do have to receive mail from compromised sources at times... our business customers have clients in countries that are notorious for spamming, and even on ISPs that are bad.
That said, we do not accept any mail on the first pass from a large number of subnets, varying in size from /24 up to /8's, and a growing number of European subnets are on that list - not just Spanish ones. Mail from these subnets is "soft-bounced" (given a 451 error code) until it can be reviewed for legitimacy. And anything that doesn't have at least 1 retry is judged to be a proxy-based spam attempt.
Now, I will check bounces against some of the more agressive lists in deciding whether to make exceptions for these "soft bounces", but the final authority is a check with the customer on anything questionable. A million-customer ISP can't do that; that's one of our advantages...
The U.S. might be the largest per-capita consumer of energy in the world, but we are also the ones who can afford to do it cleanly, and do so.
This advice works well. And, I wish I could follow it universally on client machines. Unfortunately, any user that needs to syncronize their Palm Pilot with Outlook can't, unless they're an administrator. So every "executive" must have adminstrator privilages for their machine, even though they're also the least likely to understand the security implications of this.
Also, some virus scanners can't update their signature files without adminstrator privileges, meaning you either make the user an adminstrator (power user doesn't cut it), or you don't keep them up-to-date on virus scanning without an adminstrator hitting each and every machine.
Unfortunately, the version we have (2003) requires administrator level access to the system to install an update, and we do not allow users to have that, simply because it stop most worms/trojans/viruses from being able to install themselves. So, automatic updates don't work.
The fact that it needs to be set high is a problem. And, the way to make legitimate things work under these circumstances is a PITA.
I have a customer for whom I wrote a global-to-their-network WordPerfect macro. It "draws" their letterhead on a new document, and must be uniform across all machines, but be changeable from a central point. No problem in WP; each machine has a macro button with a path to the letterhead macro on the network.
Enter Word. The client wants to move to Word, since "everything" everyone else sends them is a Word document, and the conversion to WP isn't exact. I re-wrote the macro for Word; it was simple enough to do, and is actually more capable.
Unfortunately, macro security won't let me share that macro across machines, because it is "untrusted". To do it, I have to get a certificate from a trusted authority, tell each Word installation to trust that source, then sign the macro with the certificate, each time it is changed... Not something the client wants to go through.
(Even then, it still has to live within a template, which won't work because each user within the office has their own, customized, templates, meaning it still can't be global.)
I guess the "new" thing here is emailing the solicitation?
Considering anything on internet to be "authoritative" is dangerous, not just Google!
This also kills the spammers that use the proxy drones created by SoBig et al, 'cuz they'll never reach the drone farm...
Gee, I don't remember mentioning referendums, or implying that they are evil. That's done mostly politicians who hate the idea of living under restrictions that referendums often impose upon their spending habits. Referendums are usually hard to get on ballots, in part because it will take a lot of activism (and anger to drive it) to bring it to a vote.
As for referendums to kill some minority group, they would be struck down by enforcing our Constitution - no matter how "democratic" the referendum was.
Quite right! If we were truly a democracy, we could vote all sorts of evil upon any group too small to gather 50.1% of the electorate!
Don't like [insert ethnic group here]? In a true democracy, you could vote to have them ousted from the country, or make it legal to kill them. The mob truly rules.
I'm glad I live in a representative republic...
... is the uninstall program. My Dell laptop came with it installed, but it was gone shortly after I saw the icon come up on the first boot. I can't stand nag-ware, and even the paid-for versions of RealPlayer nag you incessantly about upgrading to the version-of-the-week. What has this to do with Real Network's market share? Hopefully, a LOT!
When you're designing a proprietary computer, you can do whatever you damn well please with the power supply. In the early days, Dell and Gateway did exactly that for their desktops... and EVERYONE does for their laptops.
The problem comes when they fail - and they will! - and you're up against a deadline. On more than one occasion I've had to pull hard drives out of such machines and plug them into something else to retrieve data that was needed NOW, and the proprietary replacement wouldn't arrive for a few days...
We are "stuck" with the AT power supply form factor because you can always run out and buy a replacement when it burns up, without waiting for the manufacturer (assuming they're still in business) to get back from a surfing break to take your order.
I wonder if the Korean sites listed are shaking in their boots? B-)
Then explain to me why we rolled out a PHP solution to a major corporation's web problems in 6 weeks that was faster, more flexible, and closer to their design specifications than the as-yet-unfinished "enterprise-capable" .NET solution they've had dozens of "professional" programmers working on for 24 months? And we didn't use the OOP portions of PHP to do it... except for some readily-available classes we used for email and XML integration.
As another post stated, you do not need OOP for anything. It does help encapsulate ideas, and I'm all for OOP in a large variety of settings, including machine control. However, it also gets in the way of soooo many things, and is often a cause of slow execution in the interpreted environments usually found in web design. If you're not dealing with an optimized, compiled language, I wouldn't bother.
I was looking for a way to do it from a safe computer, i.e., Linux-based. But, thanks - I didn't know about the customization, since I rarely do much on windowsupdate.microsoft.com other than click "Scan for updates".
Yes, I did find a way to do it, once I took the time to use Mozilla to access Microsoft.com... It complained a few times that I was using the wrong software, before letting me into the Microsoft Download Center, but you then have to go through a bunch of menus to get to EACH of the download files.
Probably the most important patch is the Blaster patch, but there's dozens of others that should be included on a disk...
Just where do you download the patch files to do this? I'd love to have a way to maintain an up-to-date patch disk for XP, since I support several dozen XP boxes. Not having to run Windows Update on them individually would be SOOOOO nice!
Other towns mentioned by posters, like Atlanta, or places like St. Louis, Detroit, Minneapolis/St. Paul, etc., are much more "pleasant" to my mind, if further from stuff like Broadway shows and such.
Let's see... Osama has most of his people converging on IRAQ to kill themselves in the name of mayhem, rather than trying it here... Certainly no additional safety involved there!
"The Kernel-HOWTO has been removed for review."