In my opinion it's no mistake that the product this spammer was selling was of very low quality. Spammers' best resources are their lists. If you could shell out 50 or 300 Euros (or whatever he said the price was) and get a quality list of 100% valid, working, non-role email accounts then suddenly the value of all those lists just went down. In other words, if you're going to sell these CDs it's in your best interest to include the lowest-quality data that you have available. I'm sure there are some idiots out there that will try to buy these things and send directly to the lists without removing duplicates and role accounts, etc. But these people will obviously not have great results, and they may even be caught and booted from their ISP quickly if they spam a lot of role accounts. I have to believe that the *good* spammers out there have realized that it's in their best interest to remove invalids, dupes, abuse desks, role accounts, etc. In other words if you can sell these CDs with such low quality data then why not? Why sell your "trade secrets" when you can sell the unrefined sludge that is the raw output of your poorly written harvester robots?
It wasn't just modem users... Large corporations or businesses with lots of PCs found that their networks were being dragged to a complete halt when a large number of employees tried out this great new technology. Unfortunately it was too dumb to fetch the content with any sort of swarming or co-operation, so if you had say 200 machines with their desktops set to one of those sites, that meant that your internet connection had to support 200 times the bandwidth of a single page reload, and it happened constantly (every 5 minutes or whatever.)
I remember at the time these services were very quickly banned and blocked at the firewall of most large corporate sites.
While I can understand wanting to help out businesses on-the-cheap, basing support on a RadioShack freebie that needs to be modified seems questionable. Especially when you can get a barcode scanner for much less than "$200-$500":
While admittedly none of these are cheaper than a cue::cat (or however it was supposed to be spelled), they do afford you the luxury of not supporting a business decision on a third-party's freebie handout product, and not requiring any hacking.
Come on slashdot, this is just a fucking ad. Why was this garbage accepted? If you think that the difference between 800dpi and 1000dpi (everything else being the same) in your mouse is going to make a perceptible difference on your gaming, you're on crack.
I hope those of you paying for Slashdot subscriptions complain loudly about crap articles like this.
Thank you! I'm really tired of these quick 'copy+paste of the first two paragraphs' submissions passing for "writing" around here for every story. If you're too lazy to actually read and summarize the link, and supply a little insight and background, then don't submit.
So you expect to "own software you pay for"? So that means that if you pay for a boxed SuSe distro, you're now the copyright holder of all that software? Uh, no. Paying for software makes the MEDIA that it comes on yours, but you don't 'own' any of the software. The copyright holder decides on a license (GPL, shrink-wrap, etc.) but make no mistakes about it they still 'own' that software, not you.
Either Qt is GPL or it isn't. If it is, then companies are free to make proprietary in-house modifications and not release them to anyone, as the GPL faq points out. TrollTrech states that "it's our policy that..." or "We do not intend that...", but if Qt is really GPL then that can really be nothing more than an emphatic plea, not a legal proclamation.
There seem to be a lot of responses along the lines of "(sigh) Why oh why are resources being wasted on this? Can't they work on the mainstream platform instead? Imagine what that money could do..." This completely misses the point. The donor behind this obviously sees some need or desire to see Moz on the Amiga, and is willing to put his money where his mouth is. If you don't agree, fine. If you want to see mainline Mozilla development continue, then donate to the Mozilla Foundation. Otherwise don't complain about a perceived injustice to something provided to you for free.
It's like complaining about how muscular dystrophy is such a worthless cause and all those losers who donated to MD research could have made a bigger impact if they'd contributed to AIDS research instead.
They make all sorts of various acoustical soundproof enclosures... Just find one big enough for you and your computer. That way you can type, click, pound, laugh, scream, moan, sigh, cough, burp, and fart as loud as you want without worrying about waking anyone.
What your spammer probably did was supply a value for one or more of the form elements containing a "\n". For example, if one of them is supposed to be the user's email address so that you can reply to them and your script naively uses this to set the "reply-to" header, then the spammer can supply his own headers and force the body part to start. For example, if he provided an email address of "foo@example.com\nBCC:spamvictim@aol.com\n\nthis is the body" then the spamvictim recipient will get sent a copy of the spam.
I had someone try this multiple times with an email form script that I had written. Fortunately, I used Perl's Mail::Mailer module, such as the following:
my $mailer = new Mail::Mailer; $mailer->open( { To => $to_addr,
'From' => "feedback.pl <nobody\@example.com>",
'Reply-To' => $q->param("email"),
'X-Web-Feedback' => 'YES',
'Subject' => "feedback submission form" } );
By doing it this way rather than just opening a pipe to sendmail and spewing fields, his attack had no effect. The lesson learned is to use the abstractions that others have carefully written. For example, don't parse URL parameters yourself or read from CGI input from stdin, just use CGI.pm where all these things have been worked out already.
...And with that statement you demonstrate a total lack of understanding of how email works. As the other posters have said, all you'd be doing is bothering some innocent person whose email address the spammer decided to place in the headers.
I wonder if you could do this effectively with DHCP leases? Configure your DHCP server to set a timeout on all DHCP assignments to, say, 12 hours. Then have a dedicated machine running ettercap or snort or something that looks for virus/worm traffic. If a signature is found for a certain IP address, pass that along to the DHCP server so that it will not allow that MAC address to renew its lease.
You could even make this easy for the end user: Have the DHCP server assign an IP address on a special "blackhole" subnet, when notified that the person is spewing a worm. Configure this such that all outbound traffic on 80/tcp is redirected to a web server, and the rest dropped. The web server would send a basic page saying, "Sorry, your computer is infected and has been quarantined, please call the IT dept."
With this method you maintain the "routers route, servers serve" mentality since you can do all of the checking and decision making in the snort and DHCP boxes. Leave the routers out of it...
... and with your last two sentences you just gave some Cisco sales rep a stiffie. He's probably looking up Rutgers' IT department's phone number now, eager to peddle faster and more expensive boxes.:-) There's always a faster and unbelievably more expensive model in the Cisco line, it seems.
I agree completely. I stopped reading when the said that they were budgeting $70 and 70 WATTS of power for the video card, and they weren't joking. Come the fuck on, who spends $70 for a video card for a SERVER? I'm surprised they didn't come right out and say that they also bought RAM with pretty little indicator LEDs to let you know that it's workings, case fans with LEDs, cold cathode tubes for their case window, and other distractions. I bet they all drive Civics with 10" tachometers and coffee can fart pipes for their stock 1.6L engines and slushbox trannies.
Anyone that builds a "file server" with IDE drives, zero redundancy, and no provision for hot swapping failed drives is an idiot. Sure, you can build a high performance system with lots of disk space, but that doesn't make it a file server. Their entire insurance against defects and lost data is "These IDE drives have a higher MTBF rating than these other IDE drives." That should cause anyone with any actual file server experience to fall out of their chair laughing.
They spent $300 on the overkill 3GHz CPU, $70 on the useless video card, $350 on superfast RAM that's not even ECC, $160 for a keyboard and mouse, and $100 for a LCD display of how fast the case fans are spinning... But they balk at the notion of SCSI or RAID, for price reasons. Come the fuck on, give me a break. A real server does not need a keyboard, a mouse, or a video card, that's why god invented SSH. Nor does a FILE SERVER need superfast RAM or a superfast CPU -- even the fastest disks on Earth are going to be orders of magnitude slower than the slowest RAM you could possibly find. What such a server DOES NEED is reliable and redundant STORAGE, which they completely neglected.
Moderators, in what way exactly is this "Informative"???
I'm sorry, but cheap alkalines are a good solution if you have a flashlight that you hardly ever use but that's about all they're good for. It does nothing for the case of the laptop or PDA, and they're envinronmentally unfriendly for anything that is used a lot or has a high draw.
Do you need to know the intracacies of spark advance timing and its effect on the onset of detonation in order to drive your car? No, you certainly don't and I don't see anyone clamouring to encourage people to do so.
Does one need to understand how the resonant cavity of a magnetron works in order to use a microwave? Of course not. Will microwaves enslave the unwashed masses that don't understand their internal workings? Of course not.
Are you HONESTLY saying that a person today that can use a computer to do all sorts of simple and straightforward tasks (such as editing photos, sending email, surfing the web, etc.) is WORSE off then 10 years ago when he or she would have had to familarize themselves with a handful of command line tools and arcane knowledge? Of course not, that's just ridiculous.
The premise of this article is that because computers are getting easier to use, that someone how that's a bad thing. I don't understand this logic at all. Sure, if you don't know the details of what's going on inside your computer you are more or less at the mercy of the person that wrote the program. But to that I say, SO FUCKING WHAT? To someone with no interest or aptitude in programming, the choice is either get nothing done because there are no easy to use tools, or get the majority of basic tasks done because someone has written an easy to use interface. How can you possibly say that that is imprisoning anyone? If anything, it's liberating.
And finally, I ask you, where does this inane line of reasoning stop? So, you know a scripting language. Okay, but you don't really know what's going on unless you know a compiled language like C. But then, you really don't know what's going on unless you understand the low level calling conventions and internals of the underlying API. Fine. But when you think about it, you still don't understand what's going on until you have delved into the microcode and architecture of the CPU, and you understand how all the chipset registers function. Egads, you're still missing out on so much. How could you possibly leave yourself imprisoned by such a system without understanding the 14 layer masks of the CPU that powers your computer. Come to think of it, you really are in the dark unless you understand the solid state physics of each processing step involved in making that chip, as well as circuit design principles involved in every component. But wait, what about all the processing necessary to get the raw materials into a usable state? You're still imprisoning yourself by not knowing every possible underlying principle, all the way back to the chemistry of the Silicon atom and how it's refined from sand.
Do you see how utterly ridiculous this is? There was a point at some time in the very distant past where a single human could understand every single aspect of every piece of technology that that person ever encountered. THAT TIME HAS LONG SINCE PASSED. The reason we are able to have all this technology is precisely because we can divide it up into managable domains, so that no one person has to know every single facet of some device in order to be able to use it to do useful work.
The notion that this article presents is about the most ridiculous thing I have ever read on slashdot. Gee, we should all learn assembler otherwise we'll be enslaved by robot death machines. Yeah, okay, whatever. Please. Get. A. Fucking. Clue.
No, 6999 is correct. But, it hardly matters. Each BitTorrent client that you have open needs one port. The first one you run will try to bind to 6881, the next one you open will try to bind to 6881 but fail, and will try 6882, and so on. So if you only ever plan to have 10 or fewer clients running simultaneously you can open 6881 through 6889, but the program itself will keep trying up to 6999.
Slashdot Mirror
In my opinion it's no mistake that the product this spammer was selling was of very low quality. Spammers' best resources are their lists. If you could shell out 50 or 300 Euros (or whatever he said the price was) and get a quality list of 100% valid, working, non-role email accounts then suddenly the value of all those lists just went down. In other words, if you're going to sell these CDs it's in your best interest to include the lowest-quality data that you have available. I'm sure there are some idiots out there that will try to buy these things and send directly to the lists without removing duplicates and role accounts, etc. But these people will obviously not have great results, and they may even be caught and booted from their ISP quickly if they spam a lot of role accounts. I have to believe that the *good* spammers out there have realized that it's in their best interest to remove invalids, dupes, abuse desks, role accounts, etc. In other words if you can sell these CDs with such low quality data then why not? Why sell your "trade secrets" when you can sell the unrefined sludge that is the raw output of your poorly written harvester robots?
It wasn't just modem users... Large corporations or businesses with lots of PCs found that their networks were being dragged to a complete halt when a large number of employees tried out this great new technology. Unfortunately it was too dumb to fetch the content with any sort of swarming or co-operation, so if you had say 200 machines with their desktops set to one of those sites, that meant that your internet connection had to support 200 times the bandwidth of a single page reload, and it happened constantly (every 5 minutes or whatever.)
I remember at the time these services were very quickly banned and blocked at the firewall of most large corporate sites.
While I can understand wanting to help out businesses on-the-cheap, basing support on a RadioShack freebie that needs to be modified seems questionable. Especially when you can get a barcode scanner for much less than "$200-$500":
$79
$67
$58.98
$69.75
$82
$89.63
$89.99
While admittedly none of these are cheaper than a cue::cat (or however it was supposed to be spelled), they do afford you the luxury of not supporting a business decision on a third-party's freebie handout product, and not requiring any hacking.
Come on slashdot, this is just a fucking ad. Why was this garbage accepted? If you think that the difference between 800dpi and 1000dpi (everything else being the same) in your mouse is going to make a perceptible difference on your gaming, you're on crack.
I hope those of you paying for Slashdot subscriptions complain loudly about crap articles like this.
It's really neat to drive by this area. Here are some more photo links to give you an idea what it's like, if you've never been.
From here: pic1 pic2 pic3 pic4
another pic
some pics from the car driving by
pic with sun low in sky with long shadows
And finally here's a link describing all the wind power resources in California.
3. Mars is damn hard to land on.
Thank you! I'm really tired of these quick 'copy+paste of the first two paragraphs' submissions passing for "writing" around here for every story. If you're too lazy to actually read and summarize the link, and supply a little insight and background, then don't submit.
So you expect to "own software you pay for"? So that means that if you pay for a boxed SuSe distro, you're now the copyright holder of all that software? Uh, no. Paying for software makes the MEDIA that it comes on yours, but you don't 'own' any of the software. The copyright holder decides on a license (GPL, shrink-wrap, etc.) but make no mistakes about it they still 'own' that software, not you.
Either Qt is GPL or it isn't. If it is, then companies are free to make proprietary in-house modifications and not release them to anyone, as the GPL faq points out. TrollTrech states that "it's our policy that..." or "We do not intend that...", but if Qt is really GPL then that can really be nothing more than an emphatic plea, not a legal proclamation.
His name is Richter, not Richert, which is clearly indicated in the links provided.
Michael, by definition you cannot call yourself an editor unless you actually edit the stories.
There seem to be a lot of responses along the lines of "(sigh) Why oh why are resources being wasted on this? Can't they work on the mainstream platform instead? Imagine what that money could do..." This completely misses the point. The donor behind this obviously sees some need or desire to see Moz on the Amiga, and is willing to put his money where his mouth is. If you don't agree, fine. If you want to see mainline Mozilla development continue, then donate to the Mozilla Foundation. Otherwise don't complain about a perceived injustice to something provided to you for free.
It's like complaining about how muscular dystrophy is such a worthless cause and all those losers who donated to MD research could have made a bigger impact if they'd contributed to AIDS research instead.
They make all sorts of various acoustical soundproof enclosures... Just find one big enough for you and your computer. That way you can type, click, pound, laugh, scream, moan, sigh, cough, burp, and fart as loud as you want without worrying about waking anyone.
RealPlayer v8 Basic for windows download link No jukebox, no Plus crap.
What your spammer probably did was supply a value for one or more of the form elements containing a "\n". For example, if one of them is supposed to be the user's email address so that you can reply to them and your script naively uses this to set the "reply-to" header, then the spammer can supply his own headers and force the body part to start. For example, if he provided an email address of "foo@example.com\nBCC:spamvictim@aol.com\n\nthis is the body" then the spamvictim recipient will get sent a copy of the spam.
I had someone try this multiple times with an email form script that I had written. Fortunately, I used Perl's Mail::Mailer module, such as the following:
my $mailer = new Mail::Mailer;
$mailer->open( { To => $to_addr,
'From' => "feedback.pl <nobody\@example.com>",
'Reply-To' => $q->param("email"),
'X-Web-Feedback' => 'YES',
'Subject' => "feedback submission form"
} );
By doing it this way rather than just opening a pipe to sendmail and spewing fields, his attack had no effect. The lesson learned is to use the abstractions that others have carefully written. For example, don't parse URL parameters yourself or read from CGI input from stdin, just use CGI.pm where all these things have been worked out already.
...And with that statement you demonstrate a total lack of understanding of how email works. As the other posters have said, all you'd be doing is bothering some innocent person whose email address the spammer decided to place in the headers.
Who modded this garbage up?
I wonder if you could do this effectively with DHCP leases? Configure your DHCP server to set a timeout on all DHCP assignments to, say, 12 hours. Then have a dedicated machine running ettercap or snort or something that looks for virus/worm traffic. If a signature is found for a certain IP address, pass that along to the DHCP server so that it will not allow that MAC address to renew its lease.
You could even make this easy for the end user: Have the DHCP server assign an IP address on a special "blackhole" subnet, when notified that the person is spewing a worm. Configure this such that all outbound traffic on 80/tcp is redirected to a web server, and the rest dropped. The web server would send a basic page saying, "Sorry, your computer is infected and has been quarantined, please call the IT dept."
With this method you maintain the "routers route, servers serve" mentality since you can do all of the checking and decision making in the snort and DHCP boxes. Leave the routers out of it...
... and with your last two sentences you just gave some Cisco sales rep a stiffie. He's probably looking up Rutgers' IT department's phone number now, eager to peddle faster and more expensive boxes. :-) There's always a faster and unbelievably more expensive model in the Cisco line, it seems.
I agree completely. I stopped reading when the said that they were budgeting $70 and 70 WATTS of power for the video card, and they weren't joking. Come the fuck on, who spends $70 for a video card for a SERVER? I'm surprised they didn't come right out and say that they also bought RAM with pretty little indicator LEDs to let you know that it's workings, case fans with LEDs, cold cathode tubes for their case window, and other distractions. I bet they all drive Civics with 10" tachometers and coffee can fart pipes for their stock 1.6L engines and slushbox trannies.
Anyone that builds a "file server" with IDE drives, zero redundancy, and no provision for hot swapping failed drives is an idiot. Sure, you can build a high performance system with lots of disk space, but that doesn't make it a file server. Their entire insurance against defects and lost data is "These IDE drives have a higher MTBF rating than these other IDE drives." That should cause anyone with any actual file server experience to fall out of their chair laughing.
They spent $300 on the overkill 3GHz CPU, $70 on the useless video card, $350 on superfast RAM that's not even ECC, $160 for a keyboard and mouse, and $100 for a LCD display of how fast the case fans are spinning... But they balk at the notion of SCSI or RAID, for price reasons. Come the fuck on, give me a break. A real server does not need a keyboard, a mouse, or a video card, that's why god invented SSH. Nor does a FILE SERVER need superfast RAM or a superfast CPU -- even the fastest disks on Earth are going to be orders of magnitude slower than the slowest RAM you could possibly find. What such a server DOES NEED is reliable and redundant STORAGE, which they completely neglected.
Moderators, in what way exactly is this "Informative"???
I'm sorry, but cheap alkalines are a good solution if you have a flashlight that you hardly ever use but that's about all they're good for. It does nothing for the case of the laptop or PDA, and they're envinronmentally unfriendly for anything that is used a lot or has a high draw.
Except that it makes no sense whatsoever.
Do you need to know the intracacies of spark advance timing and its effect on the onset of detonation in order to drive your car? No, you certainly don't and I don't see anyone clamouring to encourage people to do so.
Does one need to understand how the resonant cavity of a magnetron works in order to use a microwave? Of course not. Will microwaves enslave the unwashed masses that don't understand their internal workings? Of course not.
Are you HONESTLY saying that a person today that can use a computer to do all sorts of simple and straightforward tasks (such as editing photos, sending email, surfing the web, etc.) is WORSE off then 10 years ago when he or she would have had to familarize themselves with a handful of command line tools and arcane knowledge? Of course not, that's just ridiculous.
The premise of this article is that because computers are getting easier to use, that someone how that's a bad thing. I don't understand this logic at all. Sure, if you don't know the details of what's going on inside your computer you are more or less at the mercy of the person that wrote the program. But to that I say, SO FUCKING WHAT? To someone with no interest or aptitude in programming, the choice is either get nothing done because there are no easy to use tools, or get the majority of basic tasks done because someone has written an easy to use interface. How can you possibly say that that is imprisoning anyone? If anything, it's liberating.
And finally, I ask you, where does this inane line of reasoning stop? So, you know a scripting language. Okay, but you don't really know what's going on unless you know a compiled language like C. But then, you really don't know what's going on unless you understand the low level calling conventions and internals of the underlying API. Fine. But when you think about it, you still don't understand what's going on until you have delved into the microcode and architecture of the CPU, and you understand how all the chipset registers function. Egads, you're still missing out on so much. How could you possibly leave yourself imprisoned by such a system without understanding the 14 layer masks of the CPU that powers your computer. Come to think of it, you really are in the dark unless you understand the solid state physics of each processing step involved in making that chip, as well as circuit design principles involved in every component. But wait, what about all the processing necessary to get the raw materials into a usable state? You're still imprisoning yourself by not knowing every possible underlying principle, all the way back to the chemistry of the Silicon atom and how it's refined from sand.
Do you see how utterly ridiculous this is? There was a point at some time in the very distant past where a single human could understand every single aspect of every piece of technology that that person ever encountered. THAT TIME HAS LONG SINCE PASSED. The reason we are able to have all this technology is precisely because we can divide it up into managable domains, so that no one person has to know every single facet of some device in order to be able to use it to do useful work.
The notion that this article presents is about the most ridiculous thing I have ever read on slashdot. Gee, we should all learn assembler otherwise we'll be enslaved by robot death machines. Yeah, okay, whatever. Please. Get. A. Fucking. Clue.
Reading this thread is pure punishment.
You use the transistor to build a ring oscillator and measure the resulting frequency, then divide by the number of stages.
If you mean Bram's FAQ, then yes. But nobody ever accused him of being great with documentation. A much better FAQ is here.
The stock python client has had 6999 as the default for --maxport for almost 9 months now.
No, 6999 is correct. But, it hardly matters. Each BitTorrent client that you have open needs one port. The first one you run will try to bind to 6881, the next one you open will try to bind to 6881 but fail, and will try 6882, and so on. So if you only ever plan to have 10 or fewer clients running simultaneously you can open 6881 through 6889, but the program itself will keep trying up to 6999.