judging by the fact that I'm getting bounces back to a domain where there are no Windows machines, somebody who knows me clicked on the freakin' thing.
I wouldn't be so sure. If the e-mail address receiving those bounces is listed anywhere on the web, then it could easily be a random joe job. Let's say that infected-luser@a.b.c sends a virus-carrying message to poor-victim@x.y.z, but gives a phony From: address (joe@blow.com). x.y.z, noting that poor-victim's mailbox is full (due to umpteen thousand other copies of the same damn virus-carrying message), bounces the message back to... you guessed it, joe@blow.com
SPF (Sender Permitted From) hopes to eliminate most of this, as follows: x.y.z contacts bar.com and asks "is foo@bar.com allowed to send from (IP numbers of a.b.c)?" bar.com answers "no", and x.y.z trashes the message without even trying to deliver it to poor-victim, much less bouncing it back to joe@blow.com
It tends to cost a company three times your salary to employ you (including office space, equipment, salary and benefits, etc). That's closer to $120 per hour for your hypothetical worker.
He already doubled it from $20 to $40 per hour, due to benefits on top of salary. Your suggestion of tripling it instead (adding office space, equipment, etc) kicks it up to $60 per hour, not $120. Let's compensate by imagining one of the executives, who gets $40 per hour in salary, so it does cost about $120 per hour to employ him.
Losing 1/2 hour productivity means paying out $120 without getting in the minimum of $150 the company should be trying to make out of your time. This means an actual cost of $120, but an economic cost of $270, per employee.
Elsewhere in this thread, some people argue that the $120 is being double-counted (you were going to pay that much anyway), and others argue that it isn't (you paid that much for the wasted hour, and you have to pay again for him to do whatever he was going to do during the wasted hour). I think the latter case has limited validity, because benefits and office expenses are really a weekly/monthly/yearly (or something in between) cost. Do they cost more if the employee works 41 hours instead of 40 hours? Probably not much. Even the salary might or might not cost more, depending on whether the employee is paid on an hourly or salaried basis.
Annual subscription to a commercial desktop antivirus: $25 per employee.
As noted elsewhere, it's unfair to re-count this for every attack. It should be divided by the number of (major) attacks per year.
You didn't click it. You've just wasted 30 minutes initially looking at what it was, deleting
more copies that came in, and deleting bounces, and you ever even called the help desk. Most people are probably at one hour, maybe more. Lots more, if they got infected.
I was all set to rag on "how the hell does it take you 30 minutes to delete something that's pretty obviously virus crap?", and then it occurred to me: I bet that a lot of otherwise moderately-computer-literate people don't have mail filters. Okay, if you get hundreds or thousands of the damn things, and they're all mixed up with your legit mail, then I can see that taking a good long while.
But you really need to learn mail filters. Even if you're not confident enough to delete them unseen, you can at least send them to a separate folder, which should make the eyeballing process ("yup, these are all spam, delete delete delete") easier.
"Working on free software" is NOT the same as "working for free". You can certainly get paid for training and support. Sometimes you can even get paid for the actual programming: a company needs Program X developed, so they pay you to develop it, but you reserve the right to give it away to everyone afterward. (Richard Stallman used to take programming contracts this way, and maybe still does.)
It's a stupid buzzword. It won't.
He mentions a DDOS attack taking down 9 out of 13 root servers, and suggests that 13 out of 13 would kill the Internet (if sustained long enough for secondary servers' caches to time out; maybe this is BS already, I dunno). Okay, so making the root servers more secure would be good. Adding more root servers would be good too, I imagine. But "commercializing" them to make them more "mature"? That's just hand-waving the BS concept of "corporations can always do things better than anyone else".
I have to admit that Darl *sounds* like a nice guy in this tape. Note the emphasis, though.
A couple of big logical flaws that I haven't seen anyone else point out yet:
"A few years ago, our annual revenues were hundreds of millions of dollars. Now they're down to around fifty million." This *assumes* that SCO's revenues *would* have held steady, if it weren't for those darn kids and their mangy dog.
"We're not going after end-users, we're going after the big huge businesses - especially enterprise-class stuff". This *assumes* that SCO *would* have made meaningful enterprise-class revenue, if it weren't for etc.
Never mind the people sending the spam (allegedly including unaware victims of spam-relaying viruses). Let's institute heavy federal penalties against people *advertised in* spam. Of course, there's still umpteen million ways to screw up such a law, but it seems to me that it's easier to track down the owner of an 800 number or a web site or a PO Box than to track down the sender of a spam. This law would whack some spammers (spamvertising their own crap) and dry up the customer base of the rest.
Until someone does this (and does it *correctly*), here are the rules that I currently use to keep things manageable:
1) Messages containing my ISP's boilerplate text for "I stripped out a virus attachment, but here's the rest of the message in case you wanted to see it"... I *never* want to see it. Off to/dev/null it goes.
2) Messages larger than about 250K (except for two specific ones that I expect to get on a regular basis) are filtered to a "large messages" folder, so that I don't waste CPU time scanning through all those lines and lines of stuff.
3) SpamAssassin takes a look. Anything with a score of 5 or higher goes to a "probably spam" folder (in case of false positives), not that I've had any yet.
4) Messages sent to my mailing lists get sorted into folders for those lists.
5) Filter out messages that were bcc:ed to me (i.e. my name is nowhere in the To: or Cc: headers). If they contain "Cumulative Patch" or "Undeliver(ed|able) (to|mail to|message to)", then they're Swen crap (probably disinfected by the infected person's ISP, since they didn't get trashed in step 1); trash them now. Anything else goes into a "maybe spam" folder. (I think I've had one false positive over the past few weeks.)
6) Anything that makes it this far can go ahead and sit in my inbox. The volume of mail reaching my inbox (both ham and spam) is fairly small, like one or two dozen per day. The mailing lists (combined) get a few to several dozen per day.
"The Linux(R) Kernel Personality (LKP) for UnixWare 7.1.3 provides Linux environment hosted on the UnixWare kernel. This environment does not contain a Linux kernel, but does contain the PRMs needed to run most Linux applications. By invoking the UnixWare kernel to run the Linux application, the application gets all of the performance and scalability advantages that UnixWare delivers. Linux applications that are disk or database intensive, or require support for a large number of users, typically perform with greater stability, reliability, and scalability when deployed on the UnixWare LKP environment."
"Since UnixWare is much more powerful, scalable and secure than Linux, customers may replace multiple Linux servers with a single, more powerful UnixWare server."
Goddamn, you can't make up stuff this funny!
(I also liked the "Flame Editor" link at the bottom of The Inquirer's page. Apparently all their articles use that wording.)
I've gotten dozens over the past several hours as well. Not that they'll infect me (I run Linux - and I refuse to install Wine for exactly this reason - and Samba is sandboxed), but they risk exceeding my e-mail quota if I don't clear the damn things every few hours. That is pissing me off.
I'm still using my ISP's mailbox (I'm concerned about losing e-mail while doing hardware updates) but I may reconsider if this keeps up.
Here are some filter rules that catch pretty much the entire new wave of crap:
From: contains "Microsoft"
Body contains "Cumulative Patch"
Body contains "Undeliverable to"
Body contains "Undeliverable mail to"
Body contains "Undeliverable message to"
Body contains "Undelivered to"
Body contains "Undelivered mail to"
Body contains "Undelivered message to"
> Have you ever been to the donotcall website? It just asks for the phone # and then sends a 'click-to-confirm' email. How hard would it be to write a script to submit all possible phone numbers?
Don't do that! Some telemarketing scumbag would point it out, and argue for the whole list to be thrown out-- on the grounds that you could no longer tell which numbers on the list were entered by individuals, and which ones were fed in by automated scripts.
If you're on Linux, then 'chmod 600 ~/.gaimrc'
If you're on Windows, then (1) why? and (2) eh, use Trillian, then. Trillian's decent; I used it, back when I used Windows.
I have accounts on ICQ and AIM and Yahoo and MSN. I have a handful of friends using each. The one I talk to most often has MSN, but she'd probably switch if I asked her to.
> Sobig.A appeared on 2003 Jan 09 and was programmed to deactivate on ??. > Sobig.B appeared on 2003 May 19 and was programmed to deactivate on May 31. > Sobig.C appeared on 2003 June 01 and was programmed to deactivate on June 08. > Sobig.D appeared on 2003 June 18 and was programmed to deactivate on July 02. > Sobig.E appeared on 2003 June 09 and was programmed to deactivate on July 14. > Sobig.F appeared on 2003 Aug 19 and was programmed to deactivate on Sept 10.
Does this mean that Sobig.G will appear on 2003 Sept 11?
Mark: But TRUST ME when I say "game has a tendency to take down the Northeast US Power Grid, as well as parts of Canada's" qualifies as SUITABLY CATASTROPHIC.
Phil: Fine, I'll make a patch.
Slashdot Mirror
I wouldn't be so sure. If the e-mail address receiving those bounces is listed anywhere on the web, then it could easily be a random joe job. Let's say that infected-luser@a.b.c sends a virus-carrying message to poor-victim@x.y.z, but gives a phony From: address (joe@blow.com). x.y.z, noting that poor-victim's mailbox is full (due to umpteen thousand other copies of the same damn virus-carrying message), bounces the message back to... you guessed it, joe@blow.com
SPF (Sender Permitted From) hopes to eliminate most of this, as follows: x.y.z contacts bar.com and asks "is foo@bar.com allowed to send from (IP numbers of a.b.c)?" bar.com answers "no", and x.y.z trashes the message without even trying to deliver it to poor-victim, much less bouncing it back to joe@blow.com
He already doubled it from $20 to $40 per hour, due to benefits on top of salary. Your suggestion of tripling it instead (adding office space, equipment, etc) kicks it up to $60 per hour, not $120. Let's compensate by imagining one of the executives, who gets $40 per hour in salary, so it does cost about $120 per hour to employ him.
Losing 1/2 hour productivity means paying out $120 without getting in the minimum of $150 the company should be trying to make out of your time. This means an actual cost of $120, but an economic cost of $270, per employee.
Elsewhere in this thread, some people argue that the $120 is being double-counted (you were going to pay that much anyway), and others argue that it isn't (you paid that much for the wasted hour, and you have to pay again for him to do whatever he was going to do during the wasted hour). I think the latter case has limited validity, because benefits and office expenses are really a weekly/monthly/yearly (or something in between) cost. Do they cost more if the employee works 41 hours instead of 40 hours? Probably not much. Even the salary might or might not cost more, depending on whether the employee is paid on an hourly or salaried basis.
Annual subscription to a commercial desktop antivirus: $25 per employee.
As noted elsewhere, it's unfair to re-count this for every attack. It should be divided by the number of (major) attacks per year.
I was all set to rag on "how the hell does it take you 30 minutes to delete something that's pretty obviously virus crap?", and then it occurred to me: I bet that a lot of otherwise moderately-computer-literate people don't have mail filters. Okay, if you get hundreds or thousands of the damn things, and they're all mixed up with your legit mail, then I can see that taking a good long while.
But you really need to learn mail filters. Even if you're not confident enough to delete them unseen, you can at least send them to a separate folder, which should make the eyeballing process ("yup, these are all spam, delete delete delete") easier.
"Working on free software" is NOT the same as "working for free". You can certainly get paid for training and support. Sometimes you can even get paid for the actual programming: a company needs Program X developed, so they pay you to develop it, but you reserve the right to give it away to everyone afterward. (Richard Stallman used to take programming contracts this way, and maybe still does.)
It's a stupid buzzword. It won't. He mentions a DDOS attack taking down 9 out of 13 root servers, and suggests that 13 out of 13 would kill the Internet (if sustained long enough for secondary servers' caches to time out; maybe this is BS already, I dunno). Okay, so making the root servers more secure would be good. Adding more root servers would be good too, I imagine. But "commercializing" them to make them more "mature"? That's just hand-waving the BS concept of "corporations can always do things better than anyone else".
I have to admit that Darl *sounds* like a nice guy in this tape. Note the emphasis, though.
A couple of big logical flaws that I haven't seen anyone else point out yet:
"A few years ago, our annual revenues were hundreds of millions of dollars. Now they're down to around fifty million." This *assumes* that SCO's revenues *would* have held steady, if it weren't for those darn kids and their mangy dog.
"We're not going after end-users, we're going after the big huge businesses - especially enterprise-class stuff". This *assumes* that SCO *would* have made meaningful enterprise-class revenue, if it weren't for etc.
Never mind the people sending the spam (allegedly including unaware victims of spam-relaying viruses). Let's institute heavy federal penalties against people *advertised in* spam. Of course, there's still umpteen million ways to screw up such a law, but it seems to me that it's easier to track down the owner of an 800 number or a web site or a PO Box than to track down the sender of a spam. This law would whack some spammers (spamvertising their own crap) and dry up the customer base of the rest.
/dev/null it goes.
Until someone does this (and does it *correctly*), here are the rules that I currently use to keep things manageable:
1) Messages containing my ISP's boilerplate text for "I stripped out a virus attachment, but here's the rest of the message in case you wanted to see it"... I *never* want to see it. Off to
2) Messages larger than about 250K (except for two specific ones that I expect to get on a regular basis) are filtered to a "large messages" folder, so that I don't waste CPU time scanning through all those lines and lines of stuff.
3) SpamAssassin takes a look. Anything with a score of 5 or higher goes to a "probably spam" folder (in case of false positives), not that I've had any yet.
4) Messages sent to my mailing lists get sorted into folders for those lists.
5) Filter out messages that were bcc:ed to me (i.e. my name is nowhere in the To: or Cc: headers). If they contain "Cumulative Patch" or "Undeliver(ed|able) (to|mail to|message to)", then they're Swen crap (probably disinfected by the infected person's ISP, since they didn't get trashed in step 1); trash them now. Anything else goes into a "maybe spam" folder. (I think I've had one false positive over the past few weeks.)
6) Anything that makes it this far can go ahead and sit in my inbox. The volume of mail reaching my inbox (both ham and spam) is fairly small, like one or two dozen per day. The mailing lists (combined) get a few to several dozen per day.
> what LKP exactly is
http://www.sco.com/products/lkp/
"The Linux(R) Kernel Personality (LKP) for UnixWare 7.1.3 provides Linux environment hosted on the UnixWare kernel. This environment does not contain a Linux kernel, but does contain the PRMs needed to run most Linux applications. By invoking the UnixWare kernel to run the Linux application, the application gets all of the performance and scalability advantages that UnixWare delivers. Linux applications that are disk or database intensive, or require support for a large number of users, typically perform with greater stability, reliability, and scalability when deployed on the UnixWare LKP environment."
"Since UnixWare is much more powerful, scalable and secure than Linux, customers may replace multiple Linux servers with a single, more powerful UnixWare server."
Goddamn, you can't make up stuff this funny!
(I also liked the "Flame Editor" link at the bottom of The Inquirer's page. Apparently all their articles use that wording.)
I'm still using my ISP's mailbox (I'm concerned about losing e-mail while doing hardware updates) but I may reconsider if this keeps up.
Here are some filter rules that catch pretty much the entire new wave of crap:
From: contains "Microsoft"
Body contains "Cumulative Patch"
Body contains "Undeliverable to"
Body contains "Undeliverable mail to"
Body contains "Undeliverable message to"
Body contains "Undelivered to"
Body contains "Undelivered mail to"
Body contains "Undelivered message to"
> Have you ever been to the donotcall website? It just asks for the phone # and then sends a 'click-to-confirm' email. How hard would it be to write a script to submit all possible phone numbers?
Don't do that! Some telemarketing scumbag would point it out, and argue for the whole list to be thrown out-- on the grounds that you could no longer tell which numbers on the list were entered by individuals, and which ones were fed in by automated scripts.
If you're on Linux, then 'chmod 600 ~/.gaimrc' If you're on Windows, then (1) why? and (2) eh, use Trillian, then. Trillian's decent; I used it, back when I used Windows.
I have accounts on ICQ and AIM and Yahoo and MSN. I have a handful of friends using each. The one I talk to most often has MSN, but she'd probably switch if I asked her to.
> Sobig.A appeared on 2003 Jan 09 and was programmed to deactivate on ??.
> Sobig.B appeared on 2003 May 19 and was programmed to deactivate on May 31.
> Sobig.C appeared on 2003 June 01 and was programmed to deactivate on June 08.
> Sobig.D appeared on 2003 June 18 and was programmed to deactivate on July 02.
> Sobig.E appeared on 2003 June 09 and was programmed to deactivate on July 14.
> Sobig.F appeared on 2003 Aug 19 and was programmed to deactivate on Sept 10.
Does this mean that Sobig.G will appear on 2003 Sept 11?
Uh oh.
August 14: When the Lights Go Out on Broadway
August 15: When the Lights Go Out on Broadway, Continued
Mark: But TRUST ME when I say "game has a tendency to take down the Northeast US Power Grid, as well as parts of Canada's" qualifies as SUITABLY CATASTROPHIC.
Phil: Fine, I'll make a patch.