If the benchmark truly reflects,real world instructions, any optimizations done to make the benchmark run better should reflect in better performance in other things.
On the other hand, if such optimizations do not help other applications, the benchmark was bogus to begin with!
They want the domain for the same reason that so many registrars admonish domain owners to also buy "anti" versions of their new domains, to control the avenues of criticism.
It the challenge response + some basic sanity checking...
The "problem" lies in the way challenge/response advocates seem to think it is the "best and only true solution", because other methods (RBLs, local block lists) have too many false positives. As you and I seem to agree, it is not a solution in and of itself.
Your example sanity check is a matter of having to set threshholds; On the first day of a C/R system being implemented at a large ISP, a lot of popular list servers are going to exceed that threshhold, especially if they encode the receipient address into the return address, to handle automatic removal on bounces. It's quite likely that a lot of subscribers would suddenly find themselves UNsubscribed, because the bounce would be processed as a request to leave the list...
The load increase is manageable. Challenge response would only need to happen a small percentage of the time for valid email. For spam, yes up to 1 email would be sent per spam recieved. I think the internet can handle that. It's not like there are going to be large attachments or anything.
Try a near-doubling of mail load. No, check that, more than doubling, in our case.
Today alone, ONE SPAMMER has added over 200 new fake return addresses and over 180 new proxies to our internal lists. With a challenge/response system, our server would have had to accept all those spam attempts (whatever their size), then generate a challenge to the invalid address, then process the bounce messages from YAHOO, AOL, and HOTMAIL for all the invalid addresses.
Assuming a spam of 10K length, over the time period the "attack" ran, that's the major portion of our T1 bandwidth... As it was, the load was only a few percentage points, because we blocked them via other means.
Challenge/response sounds great, but the spammers have already made it a pending nightmare.
In that respect, even though RBL's do make mistakes, and apply collateral damage tactics, it's easier to clean up your act and prove it to two dozen RBL's, than to convince a few thousand sysadmins that you're no longer bad.
This is why I monitor our filters so tightly; I know I might have some sites improperly labeled. If I get a bounce report that looks like legitimate mail, I query the RBLs to see if the IP is still listed, and ask the client, "Is this someone you know?".
I removed one company (digitalriver.com) just today, because they SEEM to have cleaned up their act since January, when they hit one of our clients with 150 messages in just a few hours.
RBLs must by responsive to remain effective. Unfortunately, a lot of them have gone to never removing people, because spammers threaten to sue if they aren't removed... "Sorry, your honor, it's our published policy to never remove; we weren't being selectively unresponsive to the plaintiff!"
Yes, RBLs are becoming less effective. But not because of false positives... it's the false negatives!
Our small ISP hosts email and web sites for about 40 domains. Our mail servers send me a message every time they bounce a message, for ANY reason, with transcripts of the exchange and the error that caused the bounce. We use SpamCop, Blitzed, Monkeys and ORDB to suppliment our internal lists.
A typical day has 500-1000 messages reach the SMTP ports of our various servers. Lately, 80% or more of them (over 3000 in the last 4 days) are attempts by spammers to hit addresses that don't exist, usually arriving from open relays, proxies, and dial-up lines. And only 50% of those test positive against the RBLs... the rest are blocked by those internal lists.
Why is this? I suspect it's because the spammers are finding those open relays and proxies faster than the RBLs can catch up. And some open relays specifically block the test software from ORDB and others, trying to stay off the lists without actually fixing their problems.
Lately, though, it's the open proxies that have taken the lead. We added over 1800 NEW open proxies to our internal lists in the last week. Sometimes, one spammer will try dozens of proxies within hours to get through... Kind of makes it easy to spot them... B-)
Their relay won't let me send mail with any return address other than @verizon.net.
On the other hand, they will relay any mail for anyone who spoofs their address as something@verizon.net or something@gte.net, which is why Klez varients use Verizon servers as a fall-back method of propagation if the infected person's mail server won't work...
...which is why many of Verizon's mail servers can't send things to OUR servers!
You are aware, of course, that uninstalling Norton Antivirus will break DHCP, and do so with difficult-to-track symptoms? For some reason, NAV makes a LOT of services dependent upon itself, and the uninstall can't be bothered with repairing all of them. DHCP is one of these neglected bits...
Installing XPPro or Win2K would certainly fix the problem - the install would repair the registry. A Microsoft service pack probably WOULDN'T fix it, because it isn't a Microsoft issue!
The conclusion that email addresses removed from web pages aren't as likely to get spammed is only accurate for short periods of time. Like, as long as it takes the harvester to publish the latest "32 million fresh email addresses" CDROM!
We have email addresses that have not been valid since before web pages were popular... last used in May 1995, to be exact, when we shut down our internet-connected BBS system. Addresses like "ftpmail" (remember having to do that?) were discontinued in 1993. And yet, they would be getting spam every day, if our filters weren't keyed to block it.
Within the next month or so, I believe CDT will find the spread between active web addresses and ones they've removed will flatten out. Those old BBS addresses get more mail each day than I do!
Get a better email program... The Bat! can be configured to open HTML messages as straight text, which will avoid loading all the garbage. Great even for those "friends" who forward the latest HTML joke page they found...
Having read the article, I find it amazing that CDT never received any spam to an encoded-on-webpage address; we routinely encode addresses, even have a PHP function embedded in our base code to handle it. And we also receive several spams per month to our "encoded test address".
At least some harversters decode the page before searching it for addresses, and several advertise the ability to get through the "bob at domain dot com" subterfuge.
But, we also have several domains that have no mail address set up, except those required by RFC. They routinely get spammed, even when no email address was used in creating the domain.
So long as institutions tie their financial well-being to the government, they must abide by government restrictions. Where is the controversy in this?
perhaps we should looking at why people our are sleeping in cardboard boxes on street corners
They sleep in cardboard boxes by choice. They used to sleep in beds in warm places, until that option was removed.
A significant percentage of the "homeless population" is there because of a decision made years ago by those who "know better". It was decided that keeping people locked away in "mental institutions" was unkind, and unjustified in non-violent cases. So thousands of people with diminished mental capacity were sent packing to half-way houses, community outreach centers, or on to the street with no help.
Many were in those institutions because they could not or would not care for themselves. Their disease impaired their ability to hold jobs to support themselves, or even live with relatives who would take them in, so they live where they can.
And it is getting worse, not better. Recently, a family friend suffered a major mental collapse, aided by drugs (including alcohol). His mother tried to get him declared incompetent, so that he could be institutionalized, to get help.
The judge's ruling amounted to a declaration that, so long as he doesn't hurt anyone, no one can force him to get help, and he's free to wander the streets. He gets no counseling, no medication for his dillusional and paranoid state, nothing... even though his mother is willing to pay for it.
Instead, because we don't have a single full-time shelter in our county, the county provides him with bus and train passes each day to move between operating shelters. And he spends his nights on the street when there aren't any open, because he won't stay with friends or relatives.
Certainly, there are homeless people out there who are not there by choice - the so-called "one paycheck away" homeless. They aren't the majority, or even a large percentage, because just about anyone who is in those circumstances can find something in the way of shelter and other assistance. Heck, we've got thousands of bureaucrats in this country just chomping at the bit to find people like that, because they can only justify THEIR jobs by how many people they've got in their active case files!
I've already got Flash disabled in my browsers, even going to the point of associating Flash's file extensions and MIME type to a text editor... Why would it also a bad thing that Microsoft controls Flash?!?
The main "feature" of Flash is that people have decided they don't need content if they've got Flash on their site!
However, YAHOO and MSN do get notifications when email addresses become invalid. MSN, so far, has been good about removing them.
YAHOO, on the other hand, has consistantly bounced attempts to notify them that they are using invalid addresses for spam when sent to their "errors to" address, and so they continue to send spam to addresses that no longer exist. In fact, they continue to send spam to addresses that never existed in the first place!
I suspect the only way to stop it is going to involve the legal system and court-ordered cash settlements... Or, an article in the Wall Street Journal about them, just before some important SEC filing!
$3,200,000 isn't even enough money to set up a proper bureaucracy to manage the grant process in Washington.
$1M will disappear in the acquisition of a grant administrator and office space for him/her.
$1M will be absorbed by the staff to fill that office and their office equipment.
$200K will be used to publish and distribute the requirements documents.
$800K will be used to properly vet the applications, applicants, sponsors of the applicants, families and friends of the owners and companies involved, to clear them of terrorist and Enron ties.
$250K will be needed to pay for auditing of the process.
$100K will be needed to explain why the process was $50K over-budget before the first grant was issued.
$500K will be needed to defend the suits brought for improper handling of the application process.
$250K will be needed to pay for the staff time needed to investigate and cover up problems before the congressional hearings start.
As you can see, we as citizens have nothing to worry about on this from the privacy angle...
You can run a multi-user system on a PDP-8 with 32KW of core.
I can speak with experience that the PDP-8 could run multiuser on EIGHT kilowords RAM, under DEC BASIC.
I remember squeezing a 3-D space game into the smaller (1.5kw) user space, by using the random number function as a data statement, and replacing all the calls to it as READ statements...
A sysadmin with some experience can successfully configure Tomcat without even really going through the documentation for the very first time in like an hour.
I sure wish this were the case, but successfully getting Tomcat to work is non-trivial for those of us who haven't figured out the "Java way of doing things"! We've spent 40 man-hours this past weekend trying to get samples from any of several books (not the one in this review; it wasn't available on short notice) to run... and we have to do that before we start implementing the project we're being paid to do!
We've run in to numerous bits of "assumed knowledge" on this project. It is assumed that, if you're working in Java, you already know where this or that piece belongs, and why it is to be there. It is assumed that the install will cover all the background information, like setting up CLASSPATH, CATALINA_HOME (or is it TOMCAT_HOME? The books and documentation disagree!), JAVA_HOME, etc.
Guess what? The Sun Linux SDK install didn't set JAVA_HOME, so the Tomcat install didn't know where to look, so it got it wrong. We installed J2SE 1.4.1, and that may be why none of the book samples won't work... but, we haven't been able to tell, because the error messages are either non-existant, or so verbose as to be nearly meaningless and difficult to track, unless you KNOW what they mean before you start... part of that ASSUMED KNOWLEDGE.
Is the WROX book a good thing or an evil thing? Heck, I don't know, haven't seen it yet. But, I think it is silly to dismiss the need books, just because some people already have the ASSUMED KNOWLEDGE to figure out the Tomcat documentation!
But, you know, after having to spend considerable creativity finding workarounds for problems that shouldn't exist, most people will just say "Fsck it. Let's eliminate this insanity, and just use Postfix."
And it isn't as if I'm adverse to compiling things... or patching them... after all, I'm one of the first sites to run dbmail on a production server (SQL-based back-end for mail, everything but the MTA), although I froze my installations 8 months ago... I'll wait until the final release ("Real Soon Now") before updating again, because it WORKS.
One of the things that attracted me to postfix in the first place was that, by default, it works. The first machine I had it on, surprised the hell out of me by forwarding web-generated emails before I'd even looked at the configuration, while still rejecting all attempts by spammers to use it as an open relay. I still have several boxes that have default postfix configurations, that are used merely to forward auto-generated mail for their daemons.
One of the things that continues to attract me to djbdns is being able to update a domain without restarting the server... but, that's also why I'm interested in a SQL-based solution, since I can administer those pretty easily... B-)
Part of my problem with DJB's apparently wonderful products is that they don't come "ready to run". We wanted to run qmail. Spent several weeks trying to figure out how to get it to run, though, because the documentation (at the time) sucked. The (very nice) qmail book came out about 6 months after we'd switched to postfix, though!
When DJB's qmail and djbdns products are distributed in compiled and working form with major Linux distributions, I might look at them again. However, I haven't seen that.
qmail in particular, in my opinion, suffers from the need to apply over a dozen "unofficial" patches to make it do the wonderful things people associate with it.
DJB's refusal to allow distribution of anything but unpatched source tarballs keeps his tools out of the hands of a lot of people, pushing them to use BIND, Sendmail, postfix, and all these other "less secure" or "less perfect" options. I can see where djbdns would be the perfect default DNS for Linux distributions... if the license allowed it.
Maybe the solution would be for someone to develop RPMs that include the official DJB source tarballs, all the best patches, and a script to apply the patches, then compile and install the result? B-)
However, if the compiler were not there, this is the 4th worm in the past few months that you wouldn't have been vulnerable to.
Unfortunately, to keep a system properly up-to-date, it is often necessary to compile packages from source... ON the target machine, in order to get all the pieces in place, because the Makefiles provided ass-u-me a local development environment.
Our main web server got hit this month. The compiler environment was installed because one of the packages we use needed updating. There was no current RPM for it, and several of the features we needed weren't compiled into the RPM versions that are available.
The Makefile provided refused to work when I copied the source/executable tree from our development machine to the production box, because it required tools in the gcc package. To install those particular tools meant installing enough of gcc to let the worm do its damage...
Who do we hand the "Stupid" sign to in this case? Once you install things with RPM, it is sometimes a PITA to get them uninstalled, because of suddenly-discovered dependencies...
It does not make sense to build massive centralized PV farms.
Very true, but more than a century of electricity has moved us away from decentralized power, and it will take decades to move back very far.
We build 1 800MW plants every 100 miles, rather than 800 1MW plants in each neighborhood, because it costs less to maintain. As a result, 50% of all generated electricity does nothing but heat the atmosphere around high-voltage transmission lines.
Slashdot Mirror
On the other hand, if such optimizations do not help other applications, the benchmark was bogus to begin with!
They want the domain for the same reason that so many registrars admonish domain owners to also buy "anti" versions of their new domains, to control the avenues of criticism.
The "problem" lies in the way challenge/response advocates seem to think it is the "best and only true solution", because other methods (RBLs, local block lists) have too many false positives. As you and I seem to agree, it is not a solution in and of itself.
Your example sanity check is a matter of having to set threshholds; On the first day of a C/R system being implemented at a large ISP, a lot of popular list servers are going to exceed that threshhold, especially if they encode the receipient address into the return address, to handle automatic removal on bounces. It's quite likely that a lot of subscribers would suddenly find themselves UNsubscribed, because the bounce would be processed as a request to leave the list...
The load increase is manageable. Challenge response would only need to happen a small percentage of the time for valid email. For spam, yes up to 1 email would be sent per spam recieved. I think the internet can handle that. It's not like there are going to be large attachments or anything.
Try a near-doubling of mail load. No, check that, more than doubling, in our case.
Today alone, ONE SPAMMER has added over 200 new fake return addresses and over 180 new proxies to our internal lists. With a challenge/response system, our server would have had to accept all those spam attempts (whatever their size), then generate a challenge to the invalid address, then process the bounce messages from YAHOO, AOL, and HOTMAIL for all the invalid addresses.
Assuming a spam of 10K length, over the time period the "attack" ran, that's the major portion of our T1 bandwidth... As it was, the load was only a few percentage points, because we blocked them via other means.
Challenge/response sounds great, but the spammers have already made it a pending nightmare.
This is why I monitor our filters so tightly; I know I might have some sites improperly labeled. If I get a bounce report that looks like legitimate mail, I query the RBLs to see if the IP is still listed, and ask the client, "Is this someone you know?".
I removed one company (digitalriver.com) just today, because they SEEM to have cleaned up their act since January, when they hit one of our clients with 150 messages in just a few hours.
RBLs must by responsive to remain effective. Unfortunately, a lot of them have gone to never removing people, because spammers threaten to sue if they aren't removed... "Sorry, your honor, it's our published policy to never remove; we weren't being selectively unresponsive to the plaintiff!"
Our small ISP hosts email and web sites for about 40 domains. Our mail servers send me a message every time they bounce a message, for ANY reason, with transcripts of the exchange and the error that caused the bounce. We use SpamCop, Blitzed, Monkeys and ORDB to suppliment our internal lists.
A typical day has 500-1000 messages reach the SMTP ports of our various servers. Lately, 80% or more of them (over 3000 in the last 4 days) are attempts by spammers to hit addresses that don't exist, usually arriving from open relays, proxies, and dial-up lines. And only 50% of those test positive against the RBLs... the rest are blocked by those internal lists.
Why is this? I suspect it's because the spammers are finding those open relays and proxies faster than the RBLs can catch up. And some open relays specifically block the test software from ORDB and others, trying to stay off the lists without actually fixing their problems.
Lately, though, it's the open proxies that have taken the lead. We added over 1800 NEW open proxies to our internal lists in the last week. Sometimes, one spammer will try dozens of proxies within hours to get through... Kind of makes it easy to spot them... B-)
If free speech included the right to be heard, then everyone who doesn't own a computer that can receive your messages is also censoring you...
On the other hand, they will relay any mail for anyone who spoofs their address as something@verizon.net or something@gte.net, which is why Klez varients use Verizon servers as a fall-back method of propagation if the infected person's mail server won't work...
...which is why many of Verizon's mail servers can't send things to OUR servers!
You are aware, of course, that uninstalling Norton Antivirus will break DHCP, and do so with difficult-to-track symptoms? For some reason, NAV makes a LOT of services dependent upon itself, and the uninstall can't be bothered with repairing all of them. DHCP is one of these neglected bits... Installing XPPro or Win2K would certainly fix the problem - the install would repair the registry. A Microsoft service pack probably WOULDN'T fix it, because it isn't a Microsoft issue!
We have email addresses that have not been valid since before web pages were popular... last used in May 1995, to be exact, when we shut down our internet-connected BBS system. Addresses like "ftpmail" (remember having to do that?) were discontinued in 1993. And yet, they would be getting spam every day, if our filters weren't keyed to block it.
Within the next month or so, I believe CDT will find the spread between active web addresses and ones they've removed will flatten out. Those old BBS addresses get more mail each day than I do!
Get a better email program... The Bat! can be configured to open HTML messages as straight text, which will avoid loading all the garbage. Great even for those "friends" who forward the latest HTML joke page they found...
At least some harversters decode the page before searching it for addresses, and several advertise the ability to get through the "bob at domain dot com" subterfuge.
But, we also have several domains that have no mail address set up, except those required by RFC. They routinely get spammed, even when no email address was used in creating the domain.
Lots of good advice, though!
The article didn't say non-citizens would be excluded from the project, only that they'd have to pass background checks.
DRM prevents piracy; who you going to sue, if no one can use software in violation of its license?
So long as institutions tie their financial well-being to the government, they must abide by government restrictions. Where is the controversy in this?
They sleep in cardboard boxes by choice. They used to sleep in beds in warm places, until that option was removed.
A significant percentage of the "homeless population" is there because of a decision made years ago by those who "know better". It was decided that keeping people locked away in "mental institutions" was unkind, and unjustified in non-violent cases. So thousands of people with diminished mental capacity were sent packing to half-way houses, community outreach centers, or on to the street with no help.
Many were in those institutions because they could not or would not care for themselves. Their disease impaired their ability to hold jobs to support themselves, or even live with relatives who would take them in, so they live where they can.
And it is getting worse, not better. Recently, a family friend suffered a major mental collapse, aided by drugs (including alcohol). His mother tried to get him declared incompetent, so that he could be institutionalized, to get help.
The judge's ruling amounted to a declaration that, so long as he doesn't hurt anyone, no one can force him to get help, and he's free to wander the streets. He gets no counseling, no medication for his dillusional and paranoid state, nothing... even though his mother is willing to pay for it.
Instead, because we don't have a single full-time shelter in our county, the county provides him with bus and train passes each day to move between operating shelters. And he spends his nights on the street when there aren't any open, because he won't stay with friends or relatives.
Certainly, there are homeless people out there who are not there by choice - the so-called "one paycheck away" homeless. They aren't the majority, or even a large percentage, because just about anyone who is in those circumstances can find something in the way of shelter and other assistance. Heck, we've got thousands of bureaucrats in this country just chomping at the bit to find people like that, because they can only justify THEIR jobs by how many people they've got in their active case files!
The main "feature" of Flash is that people have decided they don't need content if they've got Flash on their site!
YAHOO, on the other hand, has consistantly bounced attempts to notify them that they are using invalid addresses for spam when sent to their "errors to" address, and so they continue to send spam to addresses that no longer exist. In fact, they continue to send spam to addresses that never existed in the first place!
I suspect the only way to stop it is going to involve the legal system and court-ordered cash settlements... Or, an article in the Wall Street Journal about them, just before some important SEC filing!
$1M will disappear in the acquisition of a grant administrator and office space for him/her.
$1M will be absorbed by the staff to fill that office and their office equipment.
$200K will be used to publish and distribute the requirements documents.
$800K will be used to properly vet the applications, applicants, sponsors of the applicants, families and friends of the owners and companies involved, to clear them of terrorist and Enron ties.
$250K will be needed to pay for auditing of the process.
$100K will be needed to explain why the process was $50K over-budget before the first grant was issued.
$500K will be needed to defend the suits brought for improper handling of the application process.
$250K will be needed to pay for the staff time needed to investigate and cover up problems before the congressional hearings start.
As you can see, we as citizens have nothing to worry about on this from the privacy angle...
I can speak with experience that the PDP-8 could run multiuser on EIGHT kilowords RAM, under DEC BASIC.
I remember squeezing a 3-D space game into the smaller (1.5kw) user space, by using the random number function as a data statement, and replacing all the calls to it as READ statements...
I sure wish this were the case, but successfully getting Tomcat to work is non-trivial for those of us who haven't figured out the "Java way of doing things"! We've spent 40 man-hours this past weekend trying to get samples from any of several books (not the one in this review; it wasn't available on short notice) to run... and we have to do that before we start implementing the project we're being paid to do!
We've run in to numerous bits of "assumed knowledge" on this project. It is assumed that, if you're working in Java, you already know where this or that piece belongs, and why it is to be there. It is assumed that the install will cover all the background information, like setting up CLASSPATH, CATALINA_HOME (or is it TOMCAT_HOME? The books and documentation disagree!), JAVA_HOME, etc.
Guess what? The Sun Linux SDK install didn't set JAVA_HOME, so the Tomcat install didn't know where to look, so it got it wrong. We installed J2SE 1.4.1, and that may be why none of the book samples won't work... but, we haven't been able to tell, because the error messages are either non-existant, or so verbose as to be nearly meaningless and difficult to track, unless you KNOW what they mean before you start... part of that ASSUMED KNOWLEDGE.
Is the WROX book a good thing or an evil thing? Heck, I don't know, haven't seen it yet. But, I think it is silly to dismiss the need books, just because some people already have the ASSUMED KNOWLEDGE to figure out the Tomcat documentation!
And it isn't as if I'm adverse to compiling things... or patching them... after all, I'm one of the first sites to run dbmail on a production server (SQL-based back-end for mail, everything but the MTA), although I froze my installations 8 months ago... I'll wait until the final release ("Real Soon Now") before updating again, because it WORKS.
One of the things that attracted me to postfix in the first place was that, by default, it works. The first machine I had it on, surprised the hell out of me by forwarding web-generated emails before I'd even looked at the configuration, while still rejecting all attempts by spammers to use it as an open relay. I still have several boxes that have default postfix configurations, that are used merely to forward auto-generated mail for their daemons.
One of the things that continues to attract me to djbdns is being able to update a domain without restarting the server... but, that's also why I'm interested in a SQL-based solution, since I can administer those pretty easily... B-)
When DJB's qmail and djbdns products are distributed in compiled and working form with major Linux distributions, I might look at them again. However, I haven't seen that.
qmail in particular, in my opinion, suffers from the need to apply over a dozen "unofficial" patches to make it do the wonderful things people associate with it.
DJB's refusal to allow distribution of anything but unpatched source tarballs keeps his tools out of the hands of a lot of people, pushing them to use BIND, Sendmail, postfix, and all these other "less secure" or "less perfect" options. I can see where djbdns would be the perfect default DNS for Linux distributions... if the license allowed it.
Maybe the solution would be for someone to develop RPMs that include the official DJB source tarballs, all the best patches, and a script to apply the patches, then compile and install the result? B-)
Unfortunately, to keep a system properly up-to-date, it is often necessary to compile packages from source... ON the target machine, in order to get all the pieces in place, because the Makefiles provided ass-u-me a local development environment.
Our main web server got hit this month. The compiler environment was installed because one of the packages we use needed updating. There was no current RPM for it, and several of the features we needed weren't compiled into the RPM versions that are available.
The Makefile provided refused to work when I copied the source/executable tree from our development machine to the production box, because it required tools in the gcc package. To install those particular tools meant installing enough of gcc to let the worm do its damage...
Who do we hand the "Stupid" sign to in this case? Once you install things with RPM, it is sometimes a PITA to get them uninstalled, because of suddenly-discovered dependencies...
Very true, but more than a century of electricity has moved us away from decentralized power, and it will take decades to move back very far.
We build 1 800MW plants every 100 miles, rather than 800 1MW plants in each neighborhood, because it costs less to maintain. As a result, 50% of all generated electricity does nothing but heat the atmosphere around high-voltage transmission lines.