- 7 years experience on Windows 2000
nt4 wasn't suffering enough for you?
- 2 years experience on OpenOffice 2.0
ditto open office 1! (though 2.0 is absolutely beautiful)
- 1 year experience with Debian Sarge since it went stable
it went stable 3 years ago, debian just forgot to release it;)
One inquiry about the company, you will declare a St Orson day when the Ender's Game movie comes out right? What is the company's Policy on St Rick (Berman) days (I hope there will be none of these).
Telewest is probably no worse than any other.
for a medium size ISP 16,000 machines spewing crap is a huge issue.
my humble, unimportant opinion is that the users themselves should be responsible for making sure their computers are safe
I run the AHBL and I am a firm believer in this. You are responsible for your car on the highway, you are responsible for the actions of your children if you have them, and you should be responsible for the damage your computer does to the public network. Currently in the open-proxy and comp-sys-ddos (obviously compromised machines) we have listed over 1.3 million machines. I honestly think that we can do better than to have 1.3 million machines which have been responsible for spewing crap since the inception of the AHBL 2 years ago.
odd that the ISP never made an issue of their "Efforts" to clean up their customerbase before ending up in SPEWS. Some people say wholesale blacklisting is ineffective, some whine about false positives, I bet these guys really want to get out of the spotlight so they stop looking incompetant. Well done spews, whoever you are. By the way this article makes a serious mistake: SPEWS does not exist (TINS (there is no SPEWS)). SPEWS therefore cannot make announcements of any sort whatsoever, though they do have the Lumber Cartel (TINLC) to speak for them.
by terrorism I mean organizing the local Lugs, being civilly present in the court. Representing the community they're trying to destroy, and starting a grassroots effort to deal with abuses of the rights of free software users in Indiana. Despite what I think of the distribution we are still the state where Debian started, and the home of Progeny.
Indiana is legendary for it's hospitality, in fact Hoosier Hosipitality is known worldwide for the way we treat people who visit us.
Maureen O'Gara on behalf of the State of Indiana, myself, and everyone I know, Get out, go away, shit in someone else's yard or you'll deal with opensource terror, I guarentee it.
I have more than a passing famaliarity with the Michael Ross case. I waited up during January with the Rev Kobutsu Malone of the Engaged Zen Foundation (www.engaged-zen.org) waiting for the State of Connecticut to assist Mr Ross in suicide. Perhaps the death penalty may benifit someone, but in the case of Michael Ross the only person benifitting from his death is Michael Ross. Execution does not deterrance make, every criminal when they commit a crime believe they will get away with it, the punishment is no deterrant, that is why we have a criminal corrections system not a criminal punishment system. How do we treat this system? Very few believe in active correction, and the private companies running the prisons profit from keeping people in jail. Due to the nature of the system Michael Ross has decided it is better to die than to continue in this system. Perhaps considering this system it would be better that Mr Ross stuck around for awhile to share it.
Laura, how have you been since we talked on the phone? I'm hardly a terrorist, I gave you my name and position in the open-source community when I called you, and you know as well as I do the reason for that call, but I will re-iterate it here. If you call us ankle-biting terrorist car-bombers, we can and will make this a self-fulfilled prophecy. My intent in calling you was not to terrorize but to ask you why you would say such things about a productive and creative community? While it may have been 11pm there it was 7pm on the west coast. Stick to your analysis and don't preach, it makes you look ever so slightly less biased. SCO found this out, you found this out, do not fuck with a community of people who have put their talent, and their names on the line to write code, and support the community. We have a thin, thin tolerance of people publically abusing us for no good reason other than that you seem to feel like it. I wonder, was William Genevesse (arrested for stealing the winows 2000 software and reselling it) ever convicted of being an "open source terroist" or perhaps and "ankle-biter" (I might agree with you here). Truth be told you were dead wrong and instead of waiting for LAW ENFORCEMENT to do their job and arrest the cracker responsible for this, you launched a slur campaign.
Personally, I find it a little insulting that Comcast would even think TechTV makes sense to merge with a *gaming channel*.
Is that really all they think TechTV was --- a bunch of people PLAYING with their computers for fun and entertainment?
This is the same comcast which has hundreds of thousands of users on cablemodems but still isn't entirely sure of what the internet is, required AOL blacklisting their entire IP space to clean up their users... are one of the most prolific spam ISP's by volume? I stopped expecting clue here years ago.
ISP's unlike telephone carriers have acceptable use policies. There's already a strict difference between an ISP and a phone carrier. Most ISP's state in their AUP they'll work with law enforcement when there's an abuse situation. That gives them the right to deal criminally and civilly with the users who allow abusive traffic to egress from their network, and to deal with providers who allow filth in.
If I let my network blast users off the Internet, I'd definately be liable, even though I am an ISP.
Maybe if blacklists could warn ISPs' users 3 days in advance. Maybe... mass e-mail them:x That's spam I wouldn't mind receiving it means I could ring up the ISP and warn them that if 3 days later the ISP still finds itself listed, I'd take my business elsewhere - and find a decent alternative in the mean time, rather than being caught off-guard.
Sadly this would be the very definition of Unsolicited Bulk E-Mail, and might even be blackmail or some sort of unfair business practice. This block grew for a very long period between 4 and 6 months, with no feedback from abuse until we blocked the main mailservers at telefonica.es. They refused to cooperate, the block continued to grow, we believe we've now got between 95% and 100% of telefonica.es blocked, anything we find further will be blocked when we see it.
you should see the list of idiots (and they stupidity they spew to get into the shoot on sight list), some of it, if it wern't in the form of legal or physical/death threats would be goddamn funny. You'll probably get a kick out of the cart00neys section.
your paper also doesn't really provide any emphasis or responsibility on ISP's to police their traffic, therefore it's more or less functionally useless at stopping spam. The best way to stop spam is to deny access to our mail servers from ISP's harboring spammers.
I highly suggest dumping chinanet in your firewall filters. I doubt you'll notice anyways. So sad they wont clean up their network, I guess 40 years from now when we still cant trust them with SMTP access, they'll regret this.
hrm.. nothing is definately not enough, they terminated no customers, sent no warnings, they demanded to see our previous complaints because they'd never recieved any complaints from ahbl.org. news flash we have quite a few domains, we're not going to complain from the blacklist. Frankly we shouldn't have to wave around a blacklist to get attention, and to get abusive customers removed. A customer who has abused is already abusive before the first complaint is sent. TERMINATE THEM THEN!
in summary China has learned that it's always profitable and easy to shit in someone else's yard. We're here to stop that. The internet is a world wide shared resource. We all have a right and responsibility to protect it. We also have a right to block any e-mail we find to be undesirable. That is our right (moreso if we admin our own MTA.) Run a mailserver, exercise your right to block spamming scum. VOTE AHBL IN 2004! (remind me later and I'll have it run for something);)
I disagree with what you say. But to support your last point, we once had a blacklist which went by the name: blackholes.2mbit.com, it was shut down for two years, the sheer number of queries toasted our dns servers so until the AHBL was brought on-line mid last year, after the DDoS attacks, we redirected all blackholes.2mbit.com to 127.0.0.1 effectively blocking everything because it was killing our network. Amazingly to this day (more than a year later, we're still getting queries on blackholes.2mbit.com meaning someone isn't getting their e-mail). This isn't our fault per-se, we announced the cessation of service, we had been down over a year, and when it got to the point that it was damaging our connectivity we dumped it. MTA admins are the be-all and end-all of responsibility for what is blocked and what isn't on their service. There is a trust based metric there, they're trusting myself, and my staff to monitor their filters and adjust them as necessary via our DNSBL, but this does not, by any means allow them to sleep at the helm.
Telefonica.es is the ISP, as RIMA-TDE (another hat it wears) it has been responsible for the continuing incredible 419 spams out of Spain, though they're a BIG ISP, and they are, this does not excuse them from policing their network and ensuring that such things are kept to a minimum, and terminations occur when appropriate. The issue here was they refused to identify corrective actions, refused to terminate abusive customers, and refused to return contact after they initiated contact.
as noted, even if a blacklist were to be compromised IE get DoS'd and blocklist 0/0 like osirusoft/monkeys did, or be coerced or corrupted by a spammer, you as the MTA admin have the FINAL SAY (TM) by adding or removing said blacklist from your sendmail.cf exim.conf etc. The final vote is always in your hands. Blind trust though is as you say a bad thing, research us, hell let the spammers research us for you, occasionally one of our number is outed as being someone they are not. Eternal vigelance whether you run the blacklist, or you are trusting someone to run one for you.
not so much a bandaid as a trust metric. It's the equivalent of saying "I am incapable of doing this research, however I will trust persons x y and z to do it, until I say otherwise, I still retain control of my server because I can revoke that trust at any time". However your comment is quite valid, some of them are "self appointed dimwits"
www.ahbl.org learn the truth about foonet. Their hosting of ddos nets is so well known that it's laughed at... spews also has them blocked for child porn and carders.
Re:Oh for christ's sake
on
Singularity Sky
·
· Score: 1, Insightful
Telling Science Fiction writers they suck is potentially deeply damaging. Proper Sci Fi comes from deep within the human experience. Capturing it and putting it on paper is difficult and demanding of an author. At times looking into the future and seeing any future for a race which seems at times bent on doing nothing but harm to it's members, and seeing anything but destruction and hatred is a difficult task for all of us.
You cry about "Space Operas", could we hope for anything less than the "Star Trek World". Perfection is not an un-noble goal. Even with realism and effort the negative sides of the human existance can be overcome.
Some us have forgotten that that world is not here yet, or believe that good in this world cannot now be done before things get better. The true point of science fiction is to look at what's wrong, and prove that it can get better.
The social concepts in the original Star Trek seem almost laughable. A race which is black on the left and white on the right, battling to the death with a race which is white on the left and black on the right? And yet we still burn crosses, we still commit hate crimes. And many of those who don't condone them saying "We can't do anything to stop this".
After the attack on the Two Towers an Indian Sheik was gunned down in the street, solely because "he looked like one of them". Be them "Japs", "Gooks", "Krauts", "Rag Heads", we haven't gotten far. We continually make peace with one race, African Americans, the Japanese, the Germans, only to wage war and destruction on another, Muslims, the Chinese, the Koreans. And let us not forget the continued oppression on the Jewish people, and the Palestinians.
Perhaps the problem with Science Fiction isn't that things have gotten so much better, but that reading it is a bitter reminder that in fact nothing has changed at all, we've come no closer to the exploration of strange new worlds, the seeking of new life, and forms of civilization, because we haven't gone where no man before has gone before, a unilateral acceptance of ourselves and humanity.
Your Cease and Desist letter to is utterly inappropriate. So, as a security analyst I'm going to take the next 5 minutes of your time to educate you as to what you did wrong, because we all know you'll do better in the future right? 1. Don't threaten us, we're trying to help you, contacting you quietly is a helluva lot better than say releasing the vulnerability into the wild first, but if you'd like to skip the contact step by sending things like cease-desist notices JUST SAY SO, as opposed to threatening us (see beginning of rule 1), we can move directly to putting the vulnerability into the wild. 2. Lawyers don't fix shoddy code, people do. 3. please get your legal department a map (so that they can determine that the DMCA ISNT the law of the land in Italy (it's this whole other place, right? and our laws don't apply there). 4. please explain in very short and simple words the difference between the gamespy CLIENT, and the gamespy SERVER to your legal and executive department, clearly such simple concepts elude them. 5. geektools.com contains links to traceroute, and whois programs to determine where on the internet various information is. I would assume by this point you aren't particularly happy with me. So I'm going to let you in on a secret as to how to avoid such complaints from me again. It's very simple, treat us with respect when we protect your customers from you. Fix your bugs when we report them, they are YOUR REPSONSIBILITY. NEXT, send an APOLOGY letter to Luigi, just to show that you're good people and this was all a big mistake, because it was right? Do these things and you will find the computer security analysts will be good friends of yours, they'll look out for you and make sure your software runs right for you. Do it not, and the entire community will tear your software apart, and post anything and everything anonymously to bugtraq. Your behavior which borderlines on a legal fishing expidition to see what you can catch is grossly inappropriate, please stop. Ooh and 1 meg pdf's sent via e-mail might in some circles be considered e-mail abuse, that doesn't engender much love for your company, and would potentially be grounds for a blacklisting. Andrew D Kirch Security Administrator 2mbit.com Administrator Abusive Hosts Blocking list ahbl.org trelane@2mbit.com
Slashdot Mirror
- 7 years experience on Windows 2000 nt4 wasn't suffering enough for you? - 2 years experience on OpenOffice 2.0 ditto open office 1! (though 2.0 is absolutely beautiful) - 1 year experience with Debian Sarge since it went stable it went stable 3 years ago, debian just forgot to release it ;)
One inquiry about the company, you will declare a St Orson day when the Ender's Game movie comes out right? What is the company's Policy on St Rick (Berman) days (I hope there will be none of these).
apologies my HTML really is blowing hard tonight.
Telewest is probably no worse than any other.
for a medium size ISP 16,000 machines spewing crap is a huge issue.
my humble, unimportant opinion is that the users themselves should be responsible for making sure their computers are safe
I run the AHBL and I am a firm believer in this. You are responsible for your car on the highway, you are responsible for the actions of your children if you have them, and you should be responsible for the damage your computer does to the public network. Currently in the open-proxy and comp-sys-ddos (obviously compromised machines) we have listed over 1.3 million machines. I honestly think that we can do better than to have 1.3 million machines which have been responsible for spewing crap since the inception of the AHBL 2 years ago.
odd that the ISP never made an issue of their "Efforts" to clean up their customerbase before ending up in SPEWS. Some people say wholesale blacklisting is ineffective, some whine about false positives, I bet these guys really want to get out of the spotlight so they stop looking incompetant. Well done spews, whoever you are. By the way this article makes a serious mistake:
SPEWS does not exist (TINS (there is no SPEWS)). SPEWS therefore cannot make announcements of any sort whatsoever, though they do have the Lumber Cartel (TINLC) to speak for them.
by terrorism I mean organizing the local Lugs, being civilly present in the court. Representing the community they're trying to destroy, and starting a grassroots effort to deal with abuses of the rights of free software users in Indiana. Despite what I think of the distribution we are still the state where Debian started, and the home of Progeny.
Indiana is legendary for it's hospitality, in fact Hoosier Hosipitality is known worldwide for the way we treat people who visit us.
Maureen O'Gara on behalf of the State of Indiana, myself, and everyone I know, Get out, go away, shit in someone else's yard or you'll deal with opensource terror, I guarentee it.
I have more than a passing famaliarity with the Michael Ross case. I waited up during January with the Rev Kobutsu Malone of the Engaged Zen Foundation (www.engaged-zen.org) waiting for the State of Connecticut to assist Mr Ross in suicide. Perhaps the death penalty may benifit someone, but in the case of Michael Ross the only person benifitting from his death is Michael Ross. Execution does not deterrance make, every criminal when they commit a crime believe they will get away with it, the punishment is no deterrant, that is why we have a criminal corrections system not a criminal punishment system. How do we treat this system? Very few believe in active correction, and the private companies running the prisons profit from keeping people in jail. Due to the nature of the system Michael Ross has decided it is better to die than to continue in this system. Perhaps considering this system it would be better that Mr Ross stuck around for awhile to share it.
Laura, how have you been since we talked on the phone? I'm hardly a terrorist, I gave you my name and position in the open-source community when I called you, and you know as well as I do the reason for that call, but I will re-iterate it here. If you call us ankle-biting terrorist car-bombers, we can and will make this a self-fulfilled prophecy. My intent in calling you was not to terrorize but to ask you why you would say such things about a productive and creative community? While it may have been 11pm there it was 7pm on the west coast.
Stick to your analysis and don't preach, it makes you look ever so slightly less biased. SCO found this out, you found this out, do not fuck with a community of people who have put their talent, and their names on the line to write code, and support the community. We have a thin, thin tolerance of people publically abusing us for no good reason other than that you seem to feel like it. I wonder, was William Genevesse (arrested for stealing the winows 2000 software and reselling it) ever convicted of being an "open source terroist" or perhaps and "ankle-biter" (I might agree with you here).
Truth be told you were dead wrong and instead of waiting for LAW ENFORCEMENT to do their job and arrest the cracker responsible for this, you launched a slur campaign.
Personally, I find it a little insulting that Comcast would even think TechTV makes sense to merge with a *gaming channel*. Is that really all they think TechTV was --- a bunch of people PLAYING with their computers for fun and entertainment? This is the same comcast which has hundreds of thousands of users on cablemodems but still isn't entirely sure of what the internet is, required AOL blacklisting their entire IP space to clean up their users... are one of the most prolific spam ISP's by volume? I stopped expecting clue here years ago.
ISP's unlike telephone carriers have acceptable use policies. There's already a strict difference between an ISP and a phone carrier. Most ISP's state in their AUP they'll work with law enforcement when there's an abuse situation. That gives them the right to deal criminally and civilly with the users who allow abusive traffic to egress from their network, and to deal with providers who allow filth in. If I let my network blast users off the Internet, I'd definately be liable, even though I am an ISP.
Maybe if blacklists could warn ISPs' users 3 days in advance. Maybe... mass e-mail them :x That's spam I wouldn't mind receiving it means I could ring up the ISP and warn them that if 3 days later the ISP still finds itself listed, I'd take my business elsewhere - and find a decent alternative in the mean time, rather than being caught off-guard.
Sadly this would be the very definition of Unsolicited Bulk E-Mail, and might even be blackmail or some sort of unfair business practice. This block grew for a very long period between 4 and 6 months, with no feedback from abuse until we blocked the main mailservers at telefonica.es. They refused to cooperate, the block continued to grow, we believe we've now got between 95% and 100% of telefonica.es blocked, anything we find further will be blocked when we see it.
you should see the list of idiots (and they stupidity they spew to get into the shoot on sight list), some of it, if it wern't in the form of legal or physical/death threats would be goddamn funny. You'll probably get a kick out of the cart00neys section.
your paper also doesn't really provide any emphasis or responsibility on ISP's to police their traffic, therefore it's more or less functionally useless at stopping spam. The best way to stop spam is to deny access to our mail servers from ISP's harboring spammers.
I highly suggest dumping chinanet in your firewall filters. I doubt you'll notice anyways. So sad they wont clean up their network, I guess 40 years from now when we still cant trust them with SMTP access, they'll regret this.
hrm.. nothing is definately not enough, they terminated no customers, sent no warnings, they demanded to see our previous complaints because they'd never recieved any complaints from ahbl.org. news flash we have quite a few domains, we're not going to complain from the blacklist. Frankly we shouldn't have to wave around a blacklist to get attention, and to get abusive customers removed. A customer who has abused is already abusive before the first complaint is sent. TERMINATE THEM THEN!
in summary China has learned that it's always profitable and easy to shit in someone else's yard. We're here to stop that. The internet is a world wide shared resource. We all have a right and responsibility to protect it. We also have a right to block any e-mail we find to be undesirable. That is our right (moreso if we admin our own MTA.) Run a mailserver, exercise your right to block spamming scum. VOTE AHBL IN 2004! (remind me later and I'll have it run for something) ;)
so I did, might I take a moment to humbly apologize? ;)
I disagree with what you say. But to support your last point, we once had a blacklist which went by the name: blackholes.2mbit.com, it was shut down for two years, the sheer number of queries toasted our dns servers so until the AHBL was brought on-line mid last year, after the DDoS attacks, we redirected all blackholes.2mbit.com to 127.0.0.1 effectively blocking everything because it was killing our network. Amazingly to this day (more than a year later, we're still getting queries on blackholes.2mbit.com meaning someone isn't getting their e-mail). This isn't our fault per-se, we announced the cessation of service, we had been down over a year, and when it got to the point that it was damaging our connectivity we dumped it. MTA admins are the be-all and end-all of responsibility for what is blocked and what isn't on their service. There is a trust based metric there, they're trusting myself, and my staff to monitor their filters and adjust them as necessary via our DNSBL, but this does not, by any means allow them to sleep at the helm.
Telefonica.es is the ISP, as RIMA-TDE (another hat it wears) it has been responsible for the continuing incredible 419 spams out of Spain, though they're a BIG ISP, and they are, this does not excuse them from policing their network and ensuring that such things are kept to a minimum, and terminations occur when appropriate. The issue here was they refused to identify corrective actions, refused to terminate abusive customers, and refused to return contact after they initiated contact.
as noted, even if a blacklist were to be compromised IE get DoS'd and blocklist 0/0 like osirusoft/monkeys did, or be coerced or corrupted by a spammer, you as the MTA admin have the FINAL SAY (TM) by adding or removing said blacklist from your sendmail.cf exim.conf etc. The final vote is always in your hands. Blind trust though is as you say a bad thing, research us, hell let the spammers research us for you, occasionally one of our number is outed as being someone they are not. Eternal vigelance whether you run the blacklist, or you are trusting someone to run one for you.
not so much a bandaid as a trust metric. It's the equivalent of saying "I am incapable of doing this research, however I will trust persons x y and z to do it, until I say otherwise, I still retain control of my server because I can revoke that trust at any time". However your comment is quite valid, some of them are "self appointed dimwits"
www.ahbl.org learn the truth about foonet. Their hosting of ddos nets is so well known that it's laughed at... spews also has them blocked for child porn and carders.
Telling Science Fiction writers they suck is potentially deeply damaging. Proper Sci Fi comes from deep within the human experience. Capturing it and putting it on paper is difficult and demanding of an author. At times looking into the future and seeing any future for a race which seems at times bent on doing nothing but harm to it's members, and seeing anything but destruction and hatred is a difficult task for all of us.
You cry about "Space Operas", could we hope for anything less than the "Star Trek World". Perfection is not an un-noble goal. Even with realism and effort the negative sides of the human existance can be overcome.
Some us have forgotten that that world is not here yet, or believe that good in this world cannot now be done before things get better. The true point of science fiction is to look at what's wrong, and prove that it can get better.
The social concepts in the original Star Trek seem almost laughable. A race which is black on the left and white on the right, battling to the death with a race which is white on the left and black on the right? And yet we still burn crosses, we still commit hate crimes. And many of those who don't condone them saying "We can't do anything to stop this".
After the attack on the Two Towers an Indian Sheik was gunned down in the street, solely because "he looked like one of them". Be them "Japs", "Gooks", "Krauts", "Rag Heads", we haven't gotten far. We continually make peace with one race, African Americans, the Japanese, the Germans, only to wage war and destruction on another, Muslims, the Chinese, the Koreans. And let us not forget the continued oppression on the Jewish people, and the Palestinians.
Perhaps the problem with Science Fiction isn't that things have gotten so much better, but that reading it is a bitter reminder that in fact nothing has changed at all, we've come no closer to the exploration of strange new worlds, the seeking of new life, and forms of civilization, because we haven't gone where no man before has gone before, a unilateral acceptance of ourselves and humanity.
Your Cease and Desist letter to is utterly inappropriate. So, as a security analyst I'm going to take the next 5 minutes of your time to educate you as to what you did wrong, because we all know you'll do better in the future right?
1. Don't threaten us, we're trying to help you, contacting you quietly is a helluva lot better than say releasing the vulnerability into the wild first, but if you'd like to skip the contact step by sending things like cease-desist notices JUST SAY SO, as opposed to threatening us (see beginning of rule 1), we can move directly to putting the vulnerability into the wild.
2. Lawyers don't fix shoddy code, people do.
3. please get your legal department a map (so that they can determine that the DMCA ISNT the law of the land in Italy (it's this whole other place, right? and our laws don't apply there).
4. please explain in very short and simple words the difference between the gamespy CLIENT, and the gamespy SERVER to your legal and executive department, clearly such simple concepts elude them.
5. geektools.com contains links to traceroute, and whois programs to determine where on the internet various information is.
I would assume by this point you aren't particularly happy with me. So I'm going to let you in on a secret as to how to avoid such complaints from me again. It's very simple, treat us with respect when we protect your customers from you. Fix your bugs when we report them, they are YOUR REPSONSIBILITY. NEXT, send an APOLOGY letter to Luigi, just to show that you're good people and this was all a big mistake, because it was right? Do these things and you will find the computer security analysts will be good friends of yours, they'll look out for you and make sure your software runs right for you. Do it not, and the entire community will tear your software apart, and post anything and everything anonymously to bugtraq. Your behavior which borderlines on a legal fishing expidition to see what you can catch is grossly inappropriate, please stop.
Ooh and 1 meg pdf's sent via e-mail might in some circles be considered e-mail abuse, that doesn't engender much love for your company, and would potentially be grounds for a blacklisting.
Andrew D Kirch
Security Administrator
2mbit.com
Administrator
Abusive Hosts Blocking list
ahbl.org
trelane@2mbit.com