I've checked on http://www.new.net/, and guess what? People have already registered popular domain names under.xxx!
It's surprising that new.net still exists. $35/year for registration, for a domain that doesn't even really exist. I'm not sure what new.net's penetration is (I'm sure they must have SOME chunk by bundling it as spyware -- I doubt any ISPs use them), but here's what it says on their site when you try to register a.xxx:
IMPORTANT NOTICE REGARDING.XXX DOMAIN NAMES
Recently, ICANN approved.xxx as a top-level domain. Please note that the.xxx domain available through New.net ("New.net.xxx Domain") is not the same as the.xxx top-level domain that was recently approved by ICANN. Any New.net.xxx Domain will, however, continue to be accessible and operational through the New.net Domain Resolution Network.
Basically, if you're using new.net, then any fake new.net domains will override the real domain. How long will it take before people dump new.net?
here's what i can remember having plugged in in my living room: tv, vcr, dvd player, sterio, subwoofer, 2 lamps, 3 laptops, 1 hub, 1 vga -> ntsc converter, 2 cell phone chargers. that's 14 plugs that i can remember right now.
So lets say your tv, vcr, dvd player, stereo, sub, hub, vga converter, a laptop and a cell phone charger all together on a tv stand of some sort, while the rest of the stuff is around the rest of the room. That means you take up 5 sockets (2 plugs each), which is 80" of wall. Instead of having them plugged into a decent sized power bar and all contained behind the tv, you have them all string out across the wall.
We won't get into how you have no surge protection close to the device, either.
As is pointed out elsewhere, why will.com domains be given up by porn sites for.xxx? How about hustler.com, or playboy.com?
I'm surprised no one has touched on it, but what about the.com (or anything else) sites that have nothing to do with pornography? How long do you think it will take for people to register microsoft.xxx, sco.xxx, yourcompany.xxx...
This raises issues for the owners of non-.xxx non-pornographic sites. Do you register a.xxx, just so someone else can't? (money grab for the registrars...) What do you do when someone cybersquats on your name, in.xxx, with nasty goatse-like material? "But your honour, we used.xxx to make sure we distingushed ourselves as a pornography site." (now we're talking about company reputation, money wasted in court, time wasted by people tracking this down...)
As far as blocking, what is more likely to happen is the people who do have.xxx blocked will complain to the site owner that it's blocked, and eventually the sites will move back over to.com and other non-blocked domains. The only way this couldn't happen would be if the government mandated that pornographic material was in.xxx, and at that point, you have the problems of trying to define pornography vs art, as you brought up.
It's a win for the registrars, basically a tie for the porn site operators, and a lose for everyone else.
I did this same thing, but be warned, I would not trust this scenario if your company does not have it's own data center or you don't plan on hosting it in a data center (ie, don't setup the email server under your desk). One 24 hour span without power or internet and you won't get the chance for "anymore of your bright ideas".
I currently host my mail in a datacenter (along with our webserver, etc). I was actually looking at moving it in-house. I do have a "server room" here that is locked, has everything on UPS (~1 hour capacity for the main server). I have a pretty decent internet connection (10mbps/1mbps cable) and although I've only had one outage in the 8 months I've been using it (knock on wood..), I don't trust it to host anything on it.
My datacenter is very nice, but the reason I want to move it is because everyone here uses IMAP, and we have a huge chunk of space on the server taken up by mail (4gb or so). The benefits to moving it in-house would be that it would be easier to backup (just part of the existing server backup scheme), faster to access, work even if the connection is down, and actually use our LDAP server for authentication.
What I was looking at doing was using Mailhop Relay, which act as your MX servers, and run spam/virus filtering (if you want), then deliver mail to your MX server (static or dynamic IP) on whatever port you want (in case your ISP blocks port 25). It seems like it would be a decent solution, but I don't know of anyone actually using it. I've been meaning to setup a fake domain on it first, just to test it for a while, but never got around to it.
Is anyone out there using (or has anyone used) mailhop relay? How's the service/uptime/etc?
There are lots of reputable companies that do email hosting for small businesses that don't charge much, and handle all the backup, power, liability etc for you
Backup, power, sure. Liability? I don't think so.. you may get an SLA that gives you money back if services are down, but if you miss that $30,000 contract because your email server was down, you can be damn sure that the ISP is not going to reimburse you.
Lets not forget that PHP has the worst security history of any language, there are constant exploits and there's nothing you as a PHP user can do about it.
Constant exploits? For PHP, or for crapply-written content management systems (ahem, phpnuke) that happen to be written in PHP?
CERT has issued two advisories for PHP itself: CA-2002-05 and CA-2002-20. Looking through the changelog I see only a handful of security fixes.
Like most languages, it's possible to write unsecure code. I've seen code that executes stuff on the command line, right from a GET string. It's just as possible to write secure code.
One problem with PHP is it's a simple language, and a lot of beginners with no experience pick it up and can use it to write applications. Knowing nothing about software development, or security issues, they tend to write bad, insecure code. This has nothing to do with the language, it simply has to do with the developers. If python or ruby came into incredibly widespread use (ie, available on pretty much any hosting account you can buy, like PHP is), then you'd probably see the same thing happening. It doesn't say anything about the languages, it's simply a matter of inexperienced developers writting bad code.
While the avoidance of them is super for computers and international business, it sucks horribly for locals all over the world.
Not really. we've already adjusted and programmed computers to deal with timezones. What's the point of making lives complicated for billions of people, just to solve a problem that doesn't even exist anymore?
Too bad MSN doesn't work in Canada at all, while Google works great. I do find it kind of funny that "Virtual Earth" is USA-only..;)
That said, MSN has hi-res images of my cottage (which is right on the border, and only JUST made it in) while Google only has low-res images of that area.
Don't overreact. Their are a lot of ssh worms out there. I have one machine where I watch for these kinds of things. I see at least 3 or 4 worms hitting my box a day.
Likewise. I think I see on average about 400 failed login attempts across 3 machines, every day.
Most look something like this:
Jul 26 08:10:27 oxygen sshd[30231]: Illegal user gabriel from::ffff:140.254.26.248 Jul 26 08:10:32 oxygen sshd[30233]: Illegal user gabriela from::ffff:140.254.26.248 Jul 26 08:10:39 oxygen sshd[30235]: Illegal user gaby from::ffff:140.254.26.248 Jul 26 08:10:45 oxygen sshd[30237]: Illegal user gail from::ffff:140.254.26.248 Jul 26 08:10:49 oxygen sshd[30239]: Illegal user gala from::ffff:140.254.26.248 Jul 26 08:10:54 oxygen sshd[30241]: Illegal user gale from::ffff:140.254.26.248 Jul 26 08:10:56 oxygen sshd[30243]: Illegal user gamma from::ffff:140.254.26.248 Jul 26 08:11:01 oxygen sshd[30245]: Illegal user gary from::ffff:140.254.26.248 Jul 26 08:11:04 oxygen sshd[30247]: Illegal user gari from::ffff:140.254.26.248 Jul 26 08:11:06 oxygen sshd[30249]: Illegal user garret from::ffff:140.254.26.248 Jul 26 08:11:16 oxygen sshd[30251]: Illegal user garry from::ffff:140.254.26.248
I pretty much just ignore them and go on with my day. I do have pam_abl installed, though for some reason it doesn't seem to catch these failed logins (i think because it connects and only tries to login once before closing the connection, as opposed to multiple password attempts during the same connection).
When I think of people with cellphones, I think of self-important pretentious gits who (other than for actual emergencies involving family or work) think that the world will stop if someone can't contact them before they get back home or to the office.
I've had a cell phone for a few years now, and it's my primary phone device. I really only get business-related calls at work. I give my cell phone number to friends, coworkers, and ocasionally clients or suppliers that need to get ahold of me (my work pays for the majority of my cell phone bill.. I pay for unlimited evenings and weekends). I wouldn't even have a landline at home, if not for my housemate who refuses not to have one (he won't really give me a clear reason, and he does have a cell phone).
A cell is much more convenient to me because I have it with me. At work, I'm sometimes in the office, sometimes in the field. I sometimes work weird hours, so I won't be home until 8 or 9pm. Is it an emergency to get ahold of me? No, usually not. But I do get to work like this and have a social life.. people call my cell to see if I want to go to a bar/restaurant/whatever, and if I happen to be at work I'll join them when I'm done without going home. If I didn't have the cell, I probably wouldn't bother.. once I got home, it would take me additional time and I probably wouldn't feel like getting up again.
I spend many weekends traveling, as I have friends scattered across the province. In those situations, I don't have to tell people who may have a need to contact me in an emergency (family, work, and a web hosting server I admin with a friend) where I am, and I'm still available for non-emergency stuff too. It basically gives me the freedom to do what I want without being tied down to a physical location or sacrificing my responsibilities. Sometimes I can't get to a computer to deal with work, but that's ok; I can often help someone else via phone. If it's a family emergency, I can at least get back earlier.
Now, you might think "that's awful, you have no personal life, always at the beck and call of work or anyone else". I look at it as tying me down less. Don't get me wrong, if I take a real vacation and take a week off or go camping or whatever, I'm on vacation. I likely won't answer my phone, or more likely will leave it off, or in the car, or at home. Having a cell means I can leave on and random weekend without thinking twice.
Also, I would NEVER have a cell phone without callerid (and probably voicemail). I very often don't answer my phone, and just let people leave voicemail. Some people consider this rude, I could care less. If it's important, they'll leave a message. Depending on who it is, I might call them back even if they don't. I don't interrupt a face-to-face conversation to answer my phone, and frankly I find it annoying when other people do it to me. If you feel compelled to answer a phone whenever it rings, then yeah, I can see how you'd consider the cell phone a hassle.
Perhaps the biggest problem with this is that the MAC of the access point will very rarely be the address that the network traffic will be sourced from. Likewise the source MAC address in packets through the AP may be in the approved address list as well.
Well, that's why I said to only allow approved MAC addresses -- not find and ban MACs of the AP's (one of the big problems was locating them in the first place).
If you're so concerned about systems connecting, then perhaps you should get the MAC address of all your authorized machines, and only allow those at the router or firewall level?
You should also keep your servers secured against your internal network, only allowing services that are actually needed. There's a tendancy to trust everything internal on your network -- but really, with wifi and so many people having laptops, as well as systems infected with viruses and spyware, the internal network is just as volitaile as the internet itself.
Last month I received a software package distributed on DVD. A forward thinking company, right? Then what's this floppy disk for? That's right, they have a floppy that's needed to install the software. It uses strategically placed bad sectors to verify that the floppy disk is genuine and lets you install the software. Good thing this brand new Dell PC still has a floppy drive, or I couldn't install it.
So what if you didn't have one? I'd definately call the company and complain about it to them.. even if you end up putting in a floppy to use it anyways, let them know that it's a bad pratice and in the future when you consider purchasing something from them that it will weigh in as a negative. Espessially if it's a smaller or niche market, the developers often don't hear that sort of feedback.
So, they want to make their webpage freely available to the entire world, but they don't want people to download the pages? Make up your fucking mind, if you're going to put something on the internet, people are going to download it.
Exactly. At any given time, there are copies of web pages stored all over the place - personal browser caches, proxy servers, backups of those. Wayback just archives public content, as does Google cache, and probably some others that I don't know about. Every search engine keeps at least a copy of the text.
I realize it doesn't really agree with the way current copyright law works (indicating that the law is outdated and needs to be adapted, IMHO), but if you post content publically, it can be replicated publically. This should be legal, since it's a useful feature. That's not to say that by posting publically, people should be allowed to take it and post it on their page, claiming they wrote it, etc. Just that you should be allowed to copy the entire work, keeping copyright notes in place, without having to get permission of the author. The internet would be a lot less useful without search engines, and having to specifically get permission to be listed in search engines would be fairly useless.
The corollary to this is of course if you don't want content reproduced, don't publish it publically. There are many many ways to protect content: require registration and use a login, use sessions and ask the user to type in a number contained in a graphic, or even just use a form that you have to POST in order to view anything. If you do that though, be aware that you can't have your cake and eat it too: that content won't show up in search engines.
* Use zip ties or velcro ties to "bundle" cables that can be bundled (power cables, for instance.)
Zip ties are great, but they can also be a pain in the..
If you zip tie, remember two things: be prepared to cut and retie when you change things, and leave enough space so you WILL re-tie.
I did have our entertainment center all ziptied at one point, and it was great. Then as we moved things around (oh, new satellite receiver... hey, lets hook up the computer.. oh, plug in this ipod to play mp3s) we ended up making quick changes. Coupled with the fact that it was hard to get behind there to get at cables, we ended up with a big mess of cables, except sometimes when you tried to pull one out it was ziptied to another one.
That said, at work a lot of my server room is ziptied but accessable, and it stays very neat.
And I've noticed the one thing I differently from a lot of typists is that I hold my wrists straight, at about a 30 degree angle to the keyboard.
I do the same thing, and I actually find those natural keyboards to be harder to use. Since I "cross-over" a lot, to the other side, the split screws up my positioning. I also find the natural keyboards, because they put my fingers in the 'home' position, actually make it more difficult for me to type since I'm not used to it.
I fail to see how this is relevant though. Using VoIP can mean many different things. For example, a business can use VoIP to link their phone system between branch offices, and use it to make free calls between them. This is as opposed to getting point-to-point links (like T1s) between the buildings, where you pay the telco loop fees, usage fees, etc.
A business can use VoIP to make long distance calls, usually at a fraction the price of even the CLEC long distance rates.
A business can get local numbers in other markets where they would otherwise not be able to, or not be able to for any pratical amount of money.
We use VoIP at our company (small business), along with copper. We have 3 copper lines (plus fax) coming in. Outgoing local calls are placed on two of those lines (local calls are free, and only two lines are used to try and be sure there's an available incoming line). Long distance calls are routed through a VoIP provider, along with any calls beyond our copper capacity. The 3 lines are on a hunt group, and I'm actually awaiting a change to put our DID (incoming VoIP line) in the hunt group as well. When that's done, it will mean that if the 3 copper lines are in use, incoming calls will come in over VoIP, giving us a basically unlimited capacity to take or place calls, and at a fraction of the cost it would take to do it by buying additional copper lines.
That said, I wouldn't go entirely VoIP, at least at this point. Our internet connection has been pretty good, but it's not perfect, and we don't have an SLA with it. When it comes down to it, copper is just more reliable than an internet connection. For us, if our internet goes down, having only 3 lines won't kill us (though it can be annoying).
Anyway, the point I was eventually trying to get to was that despite having VoIP, we don't have any way of calling into our system without going over the PSTN (public switched telephone network -- aka the regular global phone network you use everyday), which effecively means to the outside world that we don't have VoIP. Though spammers could potentially use VoIP providers to do telemarketing or whatever they want to do at cheaper rates than using I/CLECs, the cost is still not 0. Their calls is still getting placed on the PSTN which means they get billed.
In the future, who knows what will happen. I have no doubt if the costs drop to 0 (or low enough that it's basically 0) like email, then "SPIT" will become a problem. Hopefully we've learned enough with the flawed email system that we won't let that happen, though I'm not sure what efforts are being put in to that problem right now.
Where is that study that shows people who are taught to use CLI have as much if not more productivity than users that require GUI?
Well, I guess it depends on what you're doing. I spend a good mix of time between both, and it really just depends what I'm doing. Some CLI stuff is quite a bit simpler. Moving or copying a file, for example. Once you learn tab completion, it takes probably 1/10th the time to do in CLI vs GUI.
Remembering command-line switches for every program is not for me, so the apps that have hundreds of switches just get irritating. I don't like to run --help and see 3 or 4 screens scroll by. As soon as I need to spend time carefully studying options and reading man pages, the CLI becomes much less productive than a well organized and well designed GUI interface.
This is one thing that really makes me annoyed about working in windows too: it effectively doesn't have a CLI (personally I run ping, ifconfig, and ocasionally nslookup or ftp, and that's about all it's good for).
I also like running the CLI from the GUI.. at any given point, I probably have somewhere between 3 and 12 terminal windows open (love tabbed Konsole windows), with ssh connections all over the place. It's nice, because it's easy to cut and paste between systems (the CLI-only way would be to scp files.. much more time consuming), you can see a listing or config file from another window while editing a foreground one (yes I know about screen). I also find it's easier to look at - the fonts are rendered nicely, and it's smaller text (my terminals are usually about 3/4 of the screen, which still gives me a bigger than 80x25 display).
With rapid development environments like Visual Basic around for the Windows OS, it's not surprising that there is a lot more crap out there for Windows, verses other OS that don't have these easy to pick up IDEs. It simply takes a more developed skill set to write apps for MAC and *nix.
While this contributes to the problem, there are a ton of of ugly apps for *nix (can't speak for Mac since I don't own one). There are a lot of apps that don't even have GUIs, and are also very hard to use on the command line (cdrecord, for example). These apps are still very useful and work very well, they're just ugly in the sense that you can't "just use" them. You need to specify tons of switches, spending time reading the man page, or they require a front-end application that builds the switches for you.
You imply that a skilled developer == someone who is good at developing interfaces, while really, it's a totally different skill set. You can tell when programmers design web pages, and think that because they know HTML, CSS, javascript and photoshop very well, that they're incredibly talented graphic designers.
I think that when (not if) a high quality and easy to learn development platform for Linux comes along, we'll start to see mountains of shit for it, too.
I think you're right here too. Making it easier to develop apps will mean that more developers will come in, and they probably will also lack basic design skills, which means you get more ugly AND poorly-written code. Just don't confuse the issue and think that it's only unskilled developers that write ugly interfaces.
On this subject, why do people resort to phrases like "u", "ur", "l8r", "plz", etc? You have a full keyboard, use it. Shortening a 5 letter word down to 3 saves very little time, and makes you look like a big idiot. I don't even like it in SMS messages: on my phone, and most I've seen, I have a "t9" input. To say "hello", for example, you type 43556. It automatically figures out what word you're trying to spell, and there's a "next" button if it gets it wrong. Very rarely I have to switch to alpha input to type a word it doesn't know.
Now, what really pisses me off is I bought a USB analog video capture device today. I didn't notice until I got back, but it actually says on the front: "DVD Direct Burn. No need to save in ur HDD". Seriously. I'm not sure I would have bought it if I noticed that earlier..
If anyone can point me to a good *free* PHP editor for Linux, I'd be very glad.
Kate
Has syntax highlighting (including recoginizing builtin functions), bracket matching, code folding, regex search and replace, blah blah.
If you want one that does fancier stuff like show you class structures etc, then I dunno. Eclipse has a PHP plugin I heard - dunno how it works. One of my friends is huge into zend studio (non-free), but he works at a university (where they think nothing of spending a students tuititions worth on a computer - what do you mean our programmers don't need 23" apple cinema displays?)
What made up the $1,800/month price tag? Was all of that put towards a dedicated line? Maybe they should have scaled down the bandwidth (and the price), increasing it as needed.
That's what I was wondering too. I would guess either a dedicated line, or seperate connections to each AP. Either way, not a good way to do things. What they should be doing is using a shared DSL/cable 3 or 4mbit account. Throw up a linux box as a firewall (and to monitor bandwidth), and it's easy to scale up and load balance connections as required. This service shouldn't be costing more than a few hundred a month for internet access.
They may be factoring in costs for maintenance, but even then, if properly setup it should require a minimal amount of maintenance. Of course, perhaps it's done by an over-priced consultancy charging (because it's the city) $300/hr....
Blocking the single IP gives the ISP an incentive only to move the spammer to a different IP. That doesn't deal with the recipient's problem.
So, you block the new IP. And you do a check - have we blocked this domain before? Was it on an IP in a subnet owned by the same company? If yes to both, THEN you block the subnet. You're still probably blocking other legitimate traffic, but at least you give an honest ISP a chance without blocking their other customers.
It used to be quite common for a spammer to run under his pink contract from an IP address until people got fed up and blocked that specific IP. Certain ISPs would then assign the spammer a new IP address knowingly full well what they were doing with the explicit intent of allowing that spammer to bypass the blocklists from people who were obviously and explicitly taking steps to avoid the spam..... The spam-friendly ISPs forced the blacklisting of IP blocks: there was simply no other way to filter out the spam coming from those netblocks.
Maybe instead of being lazy, the list administrators should do it in a way that at least minimizes damages. If an ISP moves a blacklisted custmoer to another IP, flag them as possible spam-friendly, and investigate further: ask the ISP whats happening, check if it's REALLY spam*. If it happens again, or the ISP give an unsatisfactory response, then flag them as spam-friendly. At that point, you can blacklist the ISPs netblock. Even skipping the second step, and only listing the netblock if the site has moved IPs within the same netblock owner would be better than it is now.
* I run a small shared server, and we've been blacklisted before for a legitimate opt-in newsletter. instead of unsubscribing, someone sends to abuse@whatever and suddenly, entire netblock is listed.
Anyway, they shouldn't be blocking entire blocks of IPs. That doesn't even make sense.
Can you suggest another effective way for an outsider to apply pressure to an ISP that hosts a spammer?
What difference does it make? You block the IP, he can't send spam anymore (to people subscribing to the RBL). Blocking the whole subnet means blocking legitimate, unrelated mail. You wouldn't burn down your house because a fly got in, would you?
Slashdot Mirror
It's surprising that new.net still exists. $35/year for registration, for a domain that doesn't even really exist. I'm not sure what new.net's penetration is (I'm sure they must have SOME chunk by bundling it as spyware -- I doubt any ISPs use them), but here's what it says on their site when you try to register a
Basically, if you're using new.net, then any fake new.net domains will override the real domain. How long will it take before people dump new.net?
here's what i can remember having plugged in in my living room: tv, vcr, dvd player, sterio, subwoofer, 2 lamps, 3 laptops, 1 hub, 1 vga -> ntsc converter, 2 cell phone chargers. that's 14 plugs that i can remember right now.
So lets say your tv, vcr, dvd player, stereo, sub, hub, vga converter, a laptop and a cell phone charger all together on a tv stand of some sort, while the rest of the stuff is around the rest of the room. That means you take up 5 sockets (2 plugs each), which is 80" of wall. Instead of having them plugged into a decent sized power bar and all contained behind the tv, you have them all string out across the wall.
We won't get into how you have no surge protection close to the device, either.
As is pointed out elsewhere, why will .com domains be given up by porn sites for .xxx? How about hustler.com, or playboy.com?
.com (or anything else) sites that have nothing to do with pornography? How long do you think it will take for people to register microsoft.xxx, sco.xxx, yourcompany.xxx...
.xxx, just so someone else can't? (money grab for the registrars...) What do you do when someone cybersquats on your name, in .xxx, with nasty goatse-like material? "But your honour, we used .xxx to make sure we distingushed ourselves as a pornography site." (now we're talking about company reputation, money wasted in court, time wasted by people tracking this down...)
.xxx blocked will complain to the site owner that it's blocked, and eventually the sites will move back over to .com and other non-blocked domains. The only way this couldn't happen would be if the government mandated that pornographic material was in .xxx, and at that point, you have the problems of trying to define pornography vs art, as you brought up.
I'm surprised no one has touched on it, but what about the
This raises issues for the owners of non-.xxx non-pornographic sites. Do you register a
As far as blocking, what is more likely to happen is the people who do have
It's a win for the registrars, basically a tie for the porn site operators, and a lose for everyone else.
I did this same thing, but be warned, I would not trust this scenario if your company does not have it's own data center or you don't plan on hosting it in a data center (ie, don't setup the email server under your desk). One 24 hour span without power or internet and you won't get the chance for "anymore of your bright ideas".
I currently host my mail in a datacenter (along with our webserver, etc). I was actually looking at moving it in-house. I do have a "server room" here that is locked, has everything on UPS (~1 hour capacity for the main server). I have a pretty decent internet connection (10mbps/1mbps cable) and although I've only had one outage in the 8 months I've been using it (knock on wood..), I don't trust it to host anything on it.
My datacenter is very nice, but the reason I want to move it is because everyone here uses IMAP, and we have a huge chunk of space on the server taken up by mail (4gb or so). The benefits to moving it in-house would be that it would be easier to backup (just part of the existing server backup scheme), faster to access, work even if the connection is down, and actually use our LDAP server for authentication.
What I was looking at doing was using Mailhop Relay, which act as your MX servers, and run spam/virus filtering (if you want), then deliver mail to your MX server (static or dynamic IP) on whatever port you want (in case your ISP blocks port 25). It seems like it would be a decent solution, but I don't know of anyone actually using it. I've been meaning to setup a fake domain on it first, just to test it for a while, but never got around to it.
Is anyone out there using (or has anyone used) mailhop relay? How's the service/uptime/etc?
There are lots of reputable companies that do email hosting for small businesses that don't charge much, and handle all the backup, power, liability etc for you
Backup, power, sure. Liability? I don't think so.. you may get an SLA that gives you money back if services are down, but if you miss that $30,000 contract because your email server was down, you can be damn sure that the ISP is not going to reimburse you.
Lets not forget that PHP has the worst security history of any language, there are constant exploits and there's nothing you as a PHP user can do about it.
Constant exploits? For PHP, or for crapply-written content management systems (ahem, phpnuke) that happen to be written in PHP?
CERT has issued two advisories for PHP itself: CA-2002-05 and CA-2002-20. Looking through the changelog I see only a handful of security fixes.
Like most languages, it's possible to write unsecure code. I've seen code that executes stuff on the command line, right from a GET string. It's just as possible to write secure code.
One problem with PHP is it's a simple language, and a lot of beginners with no experience pick it up and can use it to write applications. Knowing nothing about software development, or security issues, they tend to write bad, insecure code. This has nothing to do with the language, it simply has to do with the developers. If python or ruby came into incredibly widespread use (ie, available on pretty much any hosting account you can buy, like PHP is), then you'd probably see the same thing happening. It doesn't say anything about the languages, it's simply a matter of inexperienced developers writting bad code.
While the avoidance of them is super for computers and international business, it sucks horribly for locals all over the world.
Not really. we've already adjusted and programmed computers to deal with timezones. What's the point of making lives complicated for billions of people, just to solve a problem that doesn't even exist anymore?
Too bad MSN doesn't work in Canada at all, while Google works great. I do find it kind of funny that "Virtual Earth" is USA-only.. ;)
That said, MSN has hi-res images of my cottage (which is right on the border, and only JUST made it in) while Google only has low-res images of that area.
Don't overreact. Their are a lot of ssh worms out there. I have one machine where I watch for these kinds of things. I see at least 3 or 4 worms hitting my box a day.
::ffff:140.254.26.248 ::ffff:140.254.26.248 ::ffff:140.254.26.248 ::ffff:140.254.26.248 ::ffff:140.254.26.248 ::ffff:140.254.26.248 ::ffff:140.254.26.248 ::ffff:140.254.26.248 ::ffff:140.254.26.248 ::ffff:140.254.26.248 ::ffff:140.254.26.248
Likewise. I think I see on average about 400 failed login attempts across 3 machines, every day.
Most look something like this:
Jul 26 08:10:27 oxygen sshd[30231]: Illegal user gabriel from
Jul 26 08:10:32 oxygen sshd[30233]: Illegal user gabriela from
Jul 26 08:10:39 oxygen sshd[30235]: Illegal user gaby from
Jul 26 08:10:45 oxygen sshd[30237]: Illegal user gail from
Jul 26 08:10:49 oxygen sshd[30239]: Illegal user gala from
Jul 26 08:10:54 oxygen sshd[30241]: Illegal user gale from
Jul 26 08:10:56 oxygen sshd[30243]: Illegal user gamma from
Jul 26 08:11:01 oxygen sshd[30245]: Illegal user gary from
Jul 26 08:11:04 oxygen sshd[30247]: Illegal user gari from
Jul 26 08:11:06 oxygen sshd[30249]: Illegal user garret from
Jul 26 08:11:16 oxygen sshd[30251]: Illegal user garry from
I pretty much just ignore them and go on with my day. I do have pam_abl installed, though for some reason it doesn't seem to catch these failed logins (i think because it connects and only tries to login once before closing the connection, as opposed to multiple password attempts during the same connection).
When I think of people with cellphones, I think of self-important pretentious gits who (other than for actual emergencies involving family or work) think that the world will stop if someone can't contact them before they get back home or to the office.
I've had a cell phone for a few years now, and it's my primary phone device. I really only get business-related calls at work. I give my cell phone number to friends, coworkers, and ocasionally clients or suppliers that need to get ahold of me (my work pays for the majority of my cell phone bill.. I pay for unlimited evenings and weekends). I wouldn't even have a landline at home, if not for my housemate who refuses not to have one (he won't really give me a clear reason, and he does have a cell phone).
A cell is much more convenient to me because I have it with me. At work, I'm sometimes in the office, sometimes in the field. I sometimes work weird hours, so I won't be home until 8 or 9pm. Is it an emergency to get ahold of me? No, usually not. But I do get to work like this and have a social life.. people call my cell to see if I want to go to a bar/restaurant/whatever, and if I happen to be at work I'll join them when I'm done without going home. If I didn't have the cell, I probably wouldn't bother.. once I got home, it would take me additional time and I probably wouldn't feel like getting up again.
I spend many weekends traveling, as I have friends scattered across the province. In those situations, I don't have to tell people who may have a need to contact me in an emergency (family, work, and a web hosting server I admin with a friend) where I am, and I'm still available for non-emergency stuff too. It basically gives me the freedom to do what I want without being tied down to a physical location or sacrificing my responsibilities. Sometimes I can't get to a computer to deal with work, but that's ok; I can often help someone else via phone. If it's a family emergency, I can at least get back earlier.
Now, you might think "that's awful, you have no personal life, always at the beck and call of work or anyone else". I look at it as tying me down less. Don't get me wrong, if I take a real vacation and take a week off or go camping or whatever, I'm on vacation. I likely won't answer my phone, or more likely will leave it off, or in the car, or at home. Having a cell means I can leave on and random weekend without thinking twice.
Also, I would NEVER have a cell phone without callerid (and probably voicemail). I very often don't answer my phone, and just let people leave voicemail. Some people consider this rude, I could care less. If it's important, they'll leave a message. Depending on who it is, I might call them back even if they don't. I don't interrupt a face-to-face conversation to answer my phone, and frankly I find it annoying when other people do it to me. If you feel compelled to answer a phone whenever it rings, then yeah, I can see how you'd consider the cell phone a hassle.
Perhaps the biggest problem with this is that the MAC of the access point will very rarely be the address that the network traffic will be sourced from. Likewise the source MAC address in packets through the AP may be in the approved address list as well.
Well, that's why I said to only allow approved MAC addresses -- not find and ban MACs of the AP's (one of the big problems was locating them in the first place).
If you're so concerned about systems connecting, then perhaps you should get the MAC address of all your authorized machines, and only allow those at the router or firewall level?
You should also keep your servers secured against your internal network, only allowing services that are actually needed. There's a tendancy to trust everything internal on your network -- but really, with wifi and so many people having laptops, as well as systems infected with viruses and spyware, the internal network is just as volitaile as the internet itself.
Last month I received a software package distributed on DVD. A forward thinking company, right? Then what's this floppy disk for? That's right, they have a floppy that's needed to install the software. It uses strategically placed bad sectors to verify that the floppy disk is genuine and lets you install the software. Good thing this brand new Dell PC still has a floppy drive, or I couldn't install it.
So what if you didn't have one? I'd definately call the company and complain about it to them.. even if you end up putting in a floppy to use it anyways, let them know that it's a bad pratice and in the future when you consider purchasing something from them that it will weigh in as a negative. Espessially if it's a smaller or niche market, the developers often don't hear that sort of feedback.
So, they want to make their webpage freely available to the entire world, but they don't want people to download the pages? Make up your fucking mind, if you're going to put something on the internet, people are going to download it.
Exactly. At any given time, there are copies of web pages stored all over the place - personal browser caches, proxy servers, backups of those. Wayback just archives public content, as does Google cache, and probably some others that I don't know about. Every search engine keeps at least a copy of the text.
I realize it doesn't really agree with the way current copyright law works (indicating that the law is outdated and needs to be adapted, IMHO), but if you post content publically, it can be replicated publically. This should be legal, since it's a useful feature. That's not to say that by posting publically, people should be allowed to take it and post it on their page, claiming they wrote it, etc. Just that you should be allowed to copy the entire work, keeping copyright notes in place, without having to get permission of the author. The internet would be a lot less useful without search engines, and having to specifically get permission to be listed in search engines would be fairly useless.
The corollary to this is of course if you don't want content reproduced, don't publish it publically. There are many many ways to protect content: require registration and use a login, use sessions and ask the user to type in a number contained in a graphic, or even just use a form that you have to POST in order to view anything. If you do that though, be aware that you can't have your cake and eat it too: that content won't show up in search engines.
* Use zip ties or velcro ties to "bundle" cables that can be bundled (power cables, for instance.)
..
Zip ties are great, but they can also be a pain in the
If you zip tie, remember two things: be prepared to cut and retie when you change things, and leave enough space so you WILL re-tie.
I did have our entertainment center all ziptied at one point, and it was great. Then as we moved things around (oh, new satellite receiver... hey, lets hook up the computer.. oh, plug in this ipod to play mp3s) we ended up making quick changes. Coupled with the fact that it was hard to get behind there to get at cables, we ended up with a big mess of cables, except sometimes when you tried to pull one out it was ziptied to another one.
That said, at work a lot of my server room is ziptied but accessable, and it stays very neat.
And I've noticed the one thing I differently from a lot of typists is that I hold my wrists straight, at about a 30 degree angle to the keyboard.
I do the same thing, and I actually find those natural keyboards to be harder to use. Since I "cross-over" a lot, to the other side, the split screws up my positioning. I also find the natural keyboards, because they put my fingers in the 'home' position, actually make it more difficult for me to type since I'm not used to it.
Download CygWin for Windows and laugh.
:)
Yeah, been there, done that. I'd rather just work in linux
SPam over Internet Telephony ... storm ..
I fail to see how this is relevant though. Using VoIP can mean many different things. For example, a business can use VoIP to link their phone system between branch offices, and use it to make free calls between them. This is as opposed to getting point-to-point links (like T1s) between the buildings, where you pay the telco loop fees, usage fees, etc.
A business can use VoIP to make long distance calls, usually at a fraction the price of even the CLEC long distance rates.
A business can get local numbers in other markets where they would otherwise not be able to, or not be able to for any pratical amount of money.
We use VoIP at our company (small business), along with copper. We have 3 copper lines (plus fax) coming in. Outgoing local calls are placed on two of those lines (local calls are free, and only two lines are used to try and be sure there's an available incoming line). Long distance calls are routed through a VoIP provider, along with any calls beyond our copper capacity. The 3 lines are on a hunt group, and I'm actually awaiting a change to put our DID (incoming VoIP line) in the hunt group as well. When that's done, it will mean that if the 3 copper lines are in use, incoming calls will come in over VoIP, giving us a basically unlimited capacity to take or place calls, and at a fraction of the cost it would take to do it by buying additional copper lines.
That said, I wouldn't go entirely VoIP, at least at this point. Our internet connection has been pretty good, but it's not perfect, and we don't have an SLA with it. When it comes down to it, copper is just more reliable than an internet connection. For us, if our internet goes down, having only 3 lines won't kill us (though it can be annoying).
Anyway, the point I was eventually trying to get to was that despite having VoIP, we don't have any way of calling into our system without going over the PSTN (public switched telephone network -- aka the regular global phone network you use everyday), which effecively means to the outside world that we don't have VoIP. Though spammers could potentially use VoIP providers to do telemarketing or whatever they want to do at cheaper rates than using I/CLECs, the cost is still not 0. Their calls is still getting placed on the PSTN which means they get billed.
In the future, who knows what will happen. I have no doubt if the costs drop to 0 (or low enough that it's basically 0) like email, then "SPIT" will become a problem. Hopefully we've learned enough with the flawed email system that we won't let that happen, though I'm not sure what efforts are being put in to that problem right now.
Where is that study that shows people who are taught to use CLI have as much if not more productivity than users that require GUI?
Well, I guess it depends on what you're doing. I spend a good mix of time between both, and it really just depends what I'm doing. Some CLI stuff is quite a bit simpler. Moving or copying a file, for example. Once you learn tab completion, it takes probably 1/10th the time to do in CLI vs GUI.
Remembering command-line switches for every program is not for me, so the apps that have hundreds of switches just get irritating. I don't like to run --help and see 3 or 4 screens scroll by. As soon as I need to spend time carefully studying options and reading man pages, the CLI becomes much less productive than a well organized and well designed GUI interface.
This is one thing that really makes me annoyed about working in windows too: it effectively doesn't have a CLI (personally I run ping, ifconfig, and ocasionally nslookup or ftp, and that's about all it's good for).
I also like running the CLI from the GUI.. at any given point, I probably have somewhere between 3 and 12 terminal windows open (love tabbed Konsole windows), with ssh connections all over the place. It's nice, because it's easy to cut and paste between systems (the CLI-only way would be to scp files.. much more time consuming), you can see a listing or config file from another window while editing a foreground one (yes I know about screen). I also find it's easier to look at - the fonts are rendered nicely, and it's smaller text (my terminals are usually about 3/4 of the screen, which still gives me a bigger than 80x25 display).
With rapid development environments like Visual Basic around for the Windows OS, it's not surprising that there is a lot more crap out there for Windows, verses other OS that don't have these easy to pick up IDEs. It simply takes a more developed skill set to write apps for MAC and *nix.
While this contributes to the problem, there are a ton of of ugly apps for *nix (can't speak for Mac since I don't own one). There are a lot of apps that don't even have GUIs, and are also very hard to use on the command line (cdrecord, for example). These apps are still very useful and work very well, they're just ugly in the sense that you can't "just use" them. You need to specify tons of switches, spending time reading the man page, or they require a front-end application that builds the switches for you.
You imply that a skilled developer == someone who is good at developing interfaces, while really, it's a totally different skill set. You can tell when programmers design web pages, and think that because they know HTML, CSS, javascript and photoshop very well, that they're incredibly talented graphic designers.
I think that when (not if) a high quality and easy to learn development platform for Linux comes along, we'll start to see mountains of shit for it, too.
I think you're right here too. Making it easier to develop apps will mean that more developers will come in, and they probably will also lack basic design skills, which means you get more ugly AND poorly-written code. Just don't confuse the issue and think that it's only unskilled developers that write ugly interfaces.
On this subject, why do people resort to phrases like "u", "ur", "l8r", "plz", etc? You have a full keyboard, use it. Shortening a 5 letter word down to 3 saves very little time, and makes you look like a big idiot. I don't even like it in SMS messages: on my phone, and most I've seen, I have a "t9" input. To say "hello", for example, you type 43556. It automatically figures out what word you're trying to spell, and there's a "next" button if it gets it wrong. Very rarely I have to switch to alpha input to type a word it doesn't know.
Now, what really pisses me off is I bought a USB analog video capture device today. I didn't notice until I got back, but it actually says on the front: "DVD Direct Burn. No need to save in ur HDD". Seriously. I'm not sure I would have bought it if I noticed that earlier..
If anyone can point me to a good *free* PHP editor for Linux, I'd be very glad.
Kate
Has syntax highlighting (including recoginizing builtin functions), bracket matching, code folding, regex search and replace, blah blah.
If you want one that does fancier stuff like show you class structures etc, then I dunno. Eclipse has a PHP plugin I heard - dunno how it works. One of my friends is huge into zend studio (non-free), but he works at a university (where they think nothing of spending a students tuititions worth on a computer - what do you mean our programmers don't need 23" apple cinema displays?)
That's what I was wondering too. I would guess either a dedicated line, or seperate connections to each AP. Either way, not a good way to do things. What they should be doing is using a shared DSL/cable 3 or 4mbit account. Throw up a linux box as a firewall (and to monitor bandwidth), and it's easy to scale up and load balance connections as required. This service shouldn't be costing more than a few hundred a month for internet access.
They may be factoring in costs for maintenance, but even then, if properly setup it should require a minimal amount of maintenance. Of course, perhaps it's done by an over-priced consultancy charging (because it's the city) $300/hr....
Blocking the single IP gives the ISP an incentive only to move the spammer to a different IP. That doesn't deal with the recipient's problem.
So, you block the new IP. And you do a check - have we blocked this domain before? Was it on an IP in a subnet owned by the same company? If yes to both, THEN you block the subnet. You're still probably blocking other legitimate traffic, but at least you give an honest ISP a chance without blocking their other customers.
It used to be quite common for a spammer to run under his pink contract from an IP address until people got fed up and blocked that specific IP. Certain ISPs would then assign the spammer a new IP address knowingly full well what they were doing with the explicit intent of allowing that spammer to bypass the blocklists from people who were obviously and explicitly taking steps to avoid the spam. ....
The spam-friendly ISPs forced the blacklisting of IP blocks: there was simply no other way to filter out the spam coming from those netblocks.
Maybe instead of being lazy, the list administrators should do it in a way that at least minimizes damages. If an ISP moves a blacklisted custmoer to another IP, flag them as possible spam-friendly, and investigate further: ask the ISP whats happening, check if it's REALLY spam*. If it happens again, or the ISP give an unsatisfactory response, then flag them as spam-friendly. At that point, you can blacklist the ISPs netblock. Even skipping the second step, and only listing the netblock if the site has moved IPs within the same netblock owner would be better than it is now.
* I run a small shared server, and we've been blacklisted before for a legitimate opt-in newsletter. instead of unsubscribing, someone sends to abuse@whatever and suddenly, entire netblock is listed.
Can you suggest another effective way for an outsider to apply pressure to an ISP that hosts a spammer?
What difference does it make? You block the IP, he can't send spam anymore (to people subscribing to the RBL). Blocking the whole subnet means blocking legitimate, unrelated mail. You wouldn't burn down your house because a fly got in, would you?