I don't see any problem with it. Only advantages. In case of accidents you know where people are. In case of criminal investigations you can proove where you were. Just make it voluntary.
In order to prevent collegue-ISP's relays to be blacklisted, we also have a whitelist containing a number of these relays. This list is available as nlwhitelist.dnsbl.bit.nl and can be fetched via AXFR. If you have questions, mail me in private.
We, as a community, should put more efforts in the education of our politicians. They are the only people who can create and accept legislation which in the end will force judges to stop listening to a spammers whining.
Until we succeed in that, our technical battle is quite hopeless. That hurts yes, but I'm sure most people will agree with me. A few years ago, a blacklist was very useful. Today you end up being sued by the same people who force you to buy bigger mailservers. Sad.
Now it's a matter of time before someone implements a software version of the Cryptophone for these wifi-phones.. I really wonder how LEA's will deal with this. Afterall, wiretapping a phone will be fairly impossible:-)
This is a challenge for the HABEAS idea (HABEAS uses a copyrighted poem to sue spammers who send spam). The pornspammers are quite obviously circumventing a security-measure. Based on the sending-IP address, aol/hotmail etc should be able to do some sueing.
I agree with you that the CCNA exam is quite easy to pass. I did CCNA 4 years ago.
In my experience, customers do appreciate the fact that you are certified. For some reason, that makes you God. "He is certified, so he knows". Funny, but true.
People who are in the networking business know that CCNA is worth nothing. They also know that someones knowledge does not depend on certifications, but ones ability to use google and understand the answers.
I don't want to sound like "told you so", but this is exactly the reason why I did not used them in the first place. An authoritive answer from a nameserver is authoritive, even if you do not agree with it. IMHO, Verisign should hang for their completely stupid actions which messed up the entire DNS system but on the other hand, I think that DNS operators should think twice before applying code that tampers with authoritive answers from root nameservers.
The path to follow was via ICANN, or if you still wanted to disable the sitefinder, just insert a route for the/32 in your favourite IGP and reroute the traffic to/dev/null or your ISP's site.
I do appreciate the efforts from the ISC in this matter. A lot. It certainly helped convincing ICANN of the seriousness of this problem.
For some reason, this seems world news. I don't agree. MSN chat has always been a GUI for IRC and IRC is not dead. At least, not yet. Undernet, Efnet, IRCnet, DALnet and a lot of smaller networks still exist and will do so for a long time.
If lusers are smart enough to browse, they are likely to be smart enough to surf to the mIRC website and download mIRC. Connect to your favorite network and the Chat Goes On!.
However, MS has a point. (never thought I'd ever say that). IRC and chatting in general has become more and more dangerous for our children. Pedophiles know exactly how to present themselves to innocent children and it is partly the responsability of their parents to educate them. Partly, because in my opinion the ISP's could be more response on abuse complaints and so can law enforcement agencies.
In The Netherlands, a pedophile was captured by a tv-journalist on national TV while he tried to force a young boy to come to his house and do "some things". The pedophile works on a school. The school did not fire him, and the court gave him 240 hours of force community-work as a punishment. Unacceptable.
In these ages of continious improvement in communication possibilities, the judicial system (yes, for once that includes ISP's) should be aware of their important tasks in order to protect our children from pedophiles. Shutting down chat-rooms will simply not help as there are numerous of other possibilities to contact youn children.
Indeed. This is not new. But there are differences:
The.museum gTLD was a new gTLD. If you implement a wildcard from the start of a gTLD, that is something the community can take into account when developing systems around it. (this does not mean I agree with doing so).
Some people also mention some ccTLD's like.tk and.nu doing the same. There is however a fundamental difference between a gTLD and a ccTLD. A gTLD is operated (or at least should be) under control of the community and should be more strict in following the RFC's. A ccTLD is operated by a country or representatives of a country. If Tokelau and Nieu wish to break the RFC's, it's their problem. It is the responsability of their government to correctly operate the ccTLD and if they fail to do so, to bad for them as the world will eventually turn it's back on them.
Please read again. I said you will have to bend them. I did not say you have to make a U turn with them.
If you see how some people mess up their racks with just cat-5, just wait how their racks will look like once everybody uses fiber instead of cat-5. Or what about those who buy their racks just one size too small and their gbics are just a few cm away from the door. *close-door* *crack* oops.
Being a network engineer I deal with fibers in a 19" rack. You simply have to bend the fibers in order to keep a clean tidy rack which does not look like a spaghetti. But as long as it's just a simple patchcable which is broken and not a fiber burried somewhere deep, It's just a simple case of shit happens. Just make sure you have your cabletester nearby:)
I really wonder how they think this is going to be implemented technically. First, you need to know who is sending which email to which recipient. Then you need to know who to bill for it.
So far the easy part. Next you need to know for sure that it's not relayed through an open relay, open proxy or otherwise compromised system.
Next, I will promise you e-mail-tourism. If the US implements this and Europe doesn't, I can tell you where most of the mail is coming from in ten years (Asia?;-).
Is the IETF already working on SMTP-NEXTGEN? Nah, I think this is just a waste of time.
I just read half of it (thanks to the earlier posting;)
The book is quite amusing imho. While the authors clearly have a lot of experience in the computing world, it's obvious to see that most of their stories are based on users not knowing that they are doing. Especially the part where the bash bash (huhu) and other shells was fun reading. The book could just as well have been written by Simon Travaglia as a manual for his users.
This pdf is 3.5MB. I really wonder how big it's Windows counterpart will be. I'd say approx 35MB then.
...is that professional system administrators and network designers still make de desicion to use Microsoft's products. We see it over and over again; huge security flaws in their closed source software while the admins have to wait and wait until someone with cvs access has the time to write a fix and release it.
As long as it would be only their security, I could not care less. However, the recent 1434/udp worm showed us that there are enough clueless admins out there that it is possible for 376 bytes to have networks go down completely because of Microsofts complete irresponsable behaviour.
What would happen if Boeing would stop patching security issues in their airplanes? It's just too sick for words. Everyone using Microsoft products should be asking themselves one question: what if...
Note: this is not a flamebait, it just my observation.
Must be good news for the insurance companies
on
Military Grade Laptops
·
· Score: 3, Interesting
With the amount of money office workers spend on their cars alone, a couple thousand dollars more for a droppable, dishwasher-safe laptop is a no- brainer bargain in total cost of ownership. The GoBook MAX gives new meaning to the phrase "homeland security."
I don't think the TCO is an issue here; I'm sure that most insurance companies (who nowadays pay for broken laptops) will be seeing these robust laptops as a positive development.
Additionally, I really wonder if these laptops are protected against those EMP bombs..
Disadvantage of the current internet
on
IETF to Look at Spam
·
· Score: 2, Insightful
When the protocols we all use now were developed, everybody trusted each other. There wasn't a real need for advanced security options. Nowadays, with the current commercialization of the net (which also provides me with my income) it looks as if the commercials are winning. By commercials I mean those who have absolutely no respect for other peoples right or bandwith. Let's not forget that spam isn't the only problem: dos attacks are a real threat too.
Due to the original designs being not real secure, I'm quite sure that the spam problem can not be solved without fundamental changes in the way we use email nowadays. Perhaps the policy regarding blacklisting can be changed: at this moment most people accept mail from everybody, but not from a few blacklisted sites. It's likely that this will be changed: we don't accept your mail unless we know who you are. Unfortunately, even then there will always be people who will abuse it. Hopping from one account to another, or sue-ing every single ISP that has the guts to disconnect their connection after spamming. In short: it's not simply a technical matter, their will be a need of *globally equal* legislation too. Legislation alone won't do the trick either. No, it's time for Mr Geek to marry Miss LawAndOrder.
Don't forget that the IETF is not the first to attempt to find a solution. RIPE has its anti-spam workgroup for example.
I operate a network with multipe routers in DFZ (default free zone). The story of 'comprimised routers are a threat' returns every now and then. There are a couple of thing you should keep in mind. First of all, rule #1 of Operating A Router:
Filter, filter and filter
Do not accept announcements your peer should not announce. Second, using MD5 security is useless, as your router knows the password so if your router is being compromised, the password is known. MD5 security is only useful when it comes to macadress spoofing.
Sending out 0.0.0.0/0? Sure, go ahead, but see that prefix filtered. Sending out 1000 prefixes instead of the 10 you usually send? Sure, hit my maxprefix counters and see your sessions terminated.
In short: if you manage your router properly, you will have no problem if your neighbour is compromised.
I am network contact for one of the dutch largest toy companies, Bart Smit who sell online games. I have received at least 5 seperate "DEMAND FOR IMMEDIATE TAKEDOWN" emails from the BSA and Microsoft Anti Piracy. When replying and explaining the matter, I never got a reply so not even an excuse. I now have their envelope from addresses in my spamfilters. Sorry, bad luck for them.
It's simple. All ISP's should have the common carrier status. Afterall, an ISP only forwards packets and should imho not be held responsable for what their customers do. If I customer of mine downloads child pornography, I'm am not the one committing the crime. To me this looks like a clear case of "we can't get the end-users so we harass the ISP's". This is a higly undesirable situation and is imho no way legally enforcable.
As far as I know, European legislators are working on the same for years now. In The Netherlands the government is working on legislation which also enforces a policy on ISP's to keep their traffic-data for years (currently the to-be-kept counters remains on 3 years). Fortunately, they are listening (or at least pretending to listen) to the ISP's as well; we have been asked what kind of impact that would have on the ISP and what kind of technical measures would be necessary.
An odd thing is that in some countries it currently is illegal to keep traffic-data for such a long time; the data is only to be kept for billing purposes and when that is done, the data must be deleted for privacy reasons.
Slashdot Mirror
This is definately good news. Thanks OPTA, finally a useful thing out of you. Now let's hope they get Patrick de Bruin as well.
:)
Internetayatollah's forever
I don't see any problem with it. Only advantages. In case of accidents you know where people are. In case of criminal investigations you can proove where you were. Just make it voluntary.
Thanks for WAN, thanks for NE2000, thanks for your company on all LAN parties we shared, and your company in the Beiaard. And not to forget, IRC.
Rest in peace.
I work for BIT, the ISP who operates the virbl.
In order to prevent collegue-ISP's relays to be blacklisted, we also have a whitelist containing a number of these relays. This list is available as nlwhitelist.dnsbl.bit.nl and can be fetched via AXFR. If you have questions, mail me in private.
We, as a community, should put more efforts in the education of our politicians. They are the only people who can create and accept legislation which in the end will force judges to stop listening to a spammers whining.
Until we succeed in that, our technical battle is quite hopeless. That hurts yes, but I'm sure most people will agree with me. A few years ago, a blacklist was very useful. Today you end up being sued by the same people who force you to buy bigger mailservers. Sad.
Now it's a matter of time before someone implements a software version of the Cryptophone for these wifi-phones.. I really wonder how LEA's will deal with this. Afterall, wiretapping a phone will be fairly impossible :-)
This is a challenge for the HABEAS idea (HABEAS uses a copyrighted poem to sue spammers who send spam). The pornspammers are quite obviously circumventing a security-measure. Based on the sending-IP address, aol/hotmail etc should be able to do some sueing.
I agree with you that the CCNA exam is quite easy to pass. I did CCNA 4 years ago.
In my experience, customers do appreciate the fact that you are certified. For some reason, that makes you God. "He is certified, so he knows". Funny, but true.
People who are in the networking business know that CCNA is worth nothing. They also know that someones knowledge does not depend on certifications, but ones ability to use google and understand the answers.
I don't want to sound like "told you so", but this is exactly the reason why I did not used them in the first place. An authoritive answer from a nameserver is authoritive, even if you do not agree with it. IMHO, Verisign should hang for their completely stupid actions which messed up the entire DNS system but on the other hand, I think that DNS operators should think twice before applying code that tampers with authoritive answers from root nameservers.
/32 in your favourite IGP and reroute the traffic to /dev/null or your ISP's site.
The path to follow was via ICANN, or if you still wanted to disable the sitefinder, just insert a route for the
I do appreciate the efforts from the ISC in this matter. A lot. It certainly helped convincing ICANN of the seriousness of this problem.
For some reason, this seems world news. I don't agree. MSN chat has always been a GUI for IRC and IRC is not dead. At least, not yet. Undernet, Efnet, IRCnet, DALnet and a lot of smaller networks still exist and will do so for a long time.
If lusers are smart enough to browse, they are likely to be smart enough to surf to the mIRC website and download mIRC. Connect to your favorite network and the Chat Goes On!. However, MS has a point. (never thought I'd ever say that). IRC and chatting in general has become more and more dangerous for our children. Pedophiles know exactly how to present themselves to innocent children and it is partly the responsability of their parents to educate them. Partly, because in my opinion the ISP's could be more response on abuse complaints and so can law enforcement agencies.
In The Netherlands, a pedophile was captured by a tv-journalist on national TV while he tried to force a young boy to come to his house and do "some things". The pedophile works on a school. The school did not fire him, and the court gave him 240 hours of force community-work as a punishment. Unacceptable.
In these ages of continious improvement in communication possibilities, the judicial system (yes, for once that includes ISP's) should be aware of their important tasks in order to protect our children from pedophiles. Shutting down chat-rooms will simply not help as there are numerous of other possibilities to contact youn children.
Indeed. This is not new. But there are differences:
.museum gTLD was a new gTLD. If you implement a wildcard from the start of a gTLD, that is something the community can take into account when developing systems around it. (this does not mean I agree with doing so).
.tk and .nu doing the same. There is however a fundamental difference between a gTLD and a ccTLD. A gTLD is operated (or at least should be) under control of the community and should be more strict in following the RFC's. A ccTLD is operated by a country or representatives of a country. If Tokelau and Nieu wish to break the RFC's, it's their problem. It is the responsability of their government to correctly operate the ccTLD and if they fail to do so, to bad for them as the world will eventually turn it's back on them.
The
Some people also mention some ccTLD's like
Server: Apache/1.3.14 (Unix) mod_ssl/2.7.1 OpenSSL/0.9.6 PHP/4.3.2-RC on www.sco.com. Really wonder how they can actually take themselves serious.
Bull!
Please read again. I said you will have to bend them. I did not say you have to make a U turn with them.
If you see how some people mess up their racks with just cat-5, just wait how their racks will look like once everybody uses fiber instead of cat-5. Or what about those who buy their racks just one size too small and their gbics are just a few cm away from the door. *close-door* *crack* oops.
Being a network engineer I deal with fibers in a 19" rack. You simply have to bend the fibers in order to keep a clean tidy rack which does not look like a spaghetti. But as long as it's just a simple patchcable which is broken and not a fiber burried somewhere deep, It's just a simple case of shit happens. Just make sure you have your cabletester nearby :)
Try this. It's a symlink on the same box
I really wonder how they think this is going to be implemented technically. First, you need to know who is sending which email to which recipient. Then you need to know who to bill for it.
;-).
So far the easy part. Next you need to know for sure that it's not relayed through an open relay, open proxy or otherwise compromised system.
Next, I will promise you e-mail-tourism. If the US implements this and Europe doesn't, I can tell you where most of the mail is coming from in ten years (Asia?
Is the IETF already working on SMTP-NEXTGEN? Nah, I think this is just a waste of time.
I just read half of it (thanks to the earlier posting ;)
The book is quite amusing imho. While the authors clearly have a lot of experience in the computing world, it's obvious to see that most of their stories are based on users not knowing that they are doing. Especially the part where the bash bash (huhu) and other shells was fun reading. The book could just as well have been written by Simon Travaglia as a manual for his users.
This pdf is 3.5MB. I really wonder how big it's Windows counterpart will be. I'd say approx 35MB then.
I really wonder how they will sniff ipsec't packets..
...is that professional system administrators and network designers still make de desicion to use Microsoft's products. We see it over and over again; huge security flaws in their closed source software while the admins have to wait and wait until someone with cvs access has the time to write a fix and release it.
As long as it would be only their security, I could not care less. However, the recent 1434/udp worm showed us that there are enough clueless admins out there that it is possible for 376 bytes to have networks go down completely because of Microsofts complete irresponsable behaviour.
What would happen if Boeing would stop patching security issues in their airplanes? It's just too sick for words. Everyone using Microsoft products should be asking themselves one question: what if...
Note: this is not a flamebait, it just my observation.
With the amount of money office workers spend on their cars alone, a couple thousand dollars more for a droppable, dishwasher-safe laptop is a no- brainer bargain in total cost of ownership. The GoBook MAX gives new meaning to the phrase "homeland security."
I don't think the TCO is an issue here; I'm sure that most insurance companies (who nowadays pay for broken laptops) will be seeing these robust laptops as a positive development.
Additionally, I really wonder if these laptops are protected against those EMP bombs..
When the protocols we all use now were developed, everybody trusted each other. There wasn't a real need for advanced security options. Nowadays, with the current commercialization of the net (which also provides me with my income) it looks as if the commercials are winning. By commercials I mean those who have absolutely no respect for other peoples right or bandwith. Let's not forget that spam isn't the only problem: dos attacks are a real threat too.
Due to the original designs being not real secure, I'm quite sure that the spam problem can not be solved without fundamental changes in the way we use email nowadays. Perhaps the policy regarding blacklisting can be changed: at this moment most people accept mail from everybody, but not from a few blacklisted sites. It's likely that this will be changed: we don't accept your mail unless we know who you are. Unfortunately, even then there will always be people who will abuse it. Hopping from one account to another, or sue-ing every single ISP that has the guts to disconnect their connection after spamming. In short: it's not simply a technical matter, their will be a need of *globally equal* legislation too. Legislation alone won't do the trick either. No, it's time for Mr Geek to marry Miss LawAndOrder.
Don't forget that the IETF is not the first to attempt to find a solution. RIPE has its anti-spam workgroup for example.
I operate a network with multipe routers in DFZ (default free zone). The story of 'comprimised routers are a threat' returns every now and then. There are a couple of thing you should keep in mind. First of all, rule #1 of Operating A Router:
Filter, filter and filter
Do not accept announcements your peer should not announce. Second, using MD5 security is useless, as your router knows the password so if your router is being compromised, the password is known. MD5 security is only useful when it comes to macadress spoofing.
Sending out 0.0.0.0/0? Sure, go ahead, but see that prefix filtered. Sending out 1000 prefixes instead of the 10 you usually send? Sure, hit my maxprefix counters and see your sessions terminated.
In short: if you manage your router properly, you will have no problem if your neighbour is compromised.
I am network contact for one of the dutch largest toy companies, Bart Smit who sell online games. I have received at least 5 seperate "DEMAND FOR IMMEDIATE TAKEDOWN" emails from the BSA and Microsoft Anti Piracy. When replying and explaining the matter, I never got a reply so not even an excuse. I now have their envelope from addresses in my spamfilters. Sorry, bad luck for them.
It's simple. All ISP's should have the common carrier status. Afterall, an ISP only forwards packets and should imho not be held responsable for what their customers do. If I customer of mine downloads child pornography, I'm am not the one committing the crime. To me this looks like a clear case of "we can't get the end-users so we harass the ISP's". This is a higly undesirable situation and is imho no way legally enforcable.
As far as I know, European legislators are working on the same for years now. In The Netherlands the government is working on legislation which also enforces a policy on ISP's to keep their traffic-data for years (currently the to-be-kept counters remains on 3 years). Fortunately, they are listening (or at least pretending to listen) to the ISP's as well; we have been asked what kind of impact that would have on the ISP and what kind of technical measures would be necessary.
An odd thing is that in some countries it currently is illegal to keep traffic-data for such a long time; the data is only to be kept for billing purposes and when that is done, the data must be deleted for privacy reasons.