The issue is purely that the smarthost shares the same IP address as the web proxy and the CBL honeypot looks for *HTTP* traffic (which was leaving the network) rather than *SMTP* traffic.
It wasn't clear to me from the article that this was the problem. However, It's still not clear to me that this is the case. You assert that fetching some "spammy" URLs causes the listing, but the folks at CBL don't say what their listing criteria is, so I assume you have some hard evidence and not just suspicions that the fetching of honeypot URLs causes a listing?
When you get listed, you can look up the reason why and it tells you.
From my reading about Zbot, the only URLs it fetches are from C&C servers, so the CBL operators would have to have taken over a Zbot C&C server (or have access to the logs from a someone who has gained control of a C&C server).
I believe (and I'm not altogether clear whether this is accurate) that Zbot uses C&C domains that are generated programmatically based on the time of day, so CBL have managed to register some of those domains before the real bot owners and therefore set up a honeypot of C&C servers.
We've been having significant problems with the CBL's ill-thought-out policies
I am not sure what is ill-thought-out about their policies. In both scenarios, IP address is sending SPAM. IP address gets blocked.
The ill-thought-out bit is that the CBL is an *spam email* blocklist, but their heuristics cause networks that aren't sending spam email to get listed and therefore blocked. Whilst there is no arguement that the networks were infected with malware, listing them on the CBL serves no useful purpose since they were of no threat to the systems that would be using the CBL (mail servers).
Previously, sharing an IP address between multiple services was a reasonable idea - there was never a reason not to do this and it conserves IP addresses. However, with the advent of the CBL using an HTTP honeypot to populate an SMTP blocklist, there simply isn't any sensible way to run a network in this configuration - it just takes one person to connect an infected laptop to the network for a short period of time, and all the email starts getting blocked.
Because of this, we are now having to standardise on running mail servers on a separate IP address - this does nothing to decrease the incidence of malware, it simply stops an infected network being listed on the CBL.
The author (you?) ask for a list of honeypot addresses, but you could be a spammer, who could use that list to delay blocking of the SPAM.
I could be a spammer, but I'm not.
The idea was that as the malware was always connecting through the transparent proxy servers, having a list of honeypot addresses or some other way of fingerprinting the request we could (1) automatically isolate the affected system, and (2) automatically inform the sysadmin so (s)he could clean up the mess. This would be a Good Thing for everyone.
As it turns out, the CBL maintainers were not cooperative (for whatever reason), so we're stuck with the aforementioned interrim measure of separating services onto different IPs rather than actually resolving the root problem.
People in the business of securing networks really do need to trust each other to some extent - if they refuse to cooperate out of paranoia then the spammers have basically won already since there's no way anyone can effectively defend against spam and malware in isolation.
Also, I have not seen a SPAM bot that uses the smarthost. This doesn't mean that they don't exist, but I think that they are rare.
Indeed. That was the point I was making: the only way to send email out of the affected networks was via authenticated smarthosts. Yes its posible that some malware could extract the authentication credentials out of a user's mail client (if they have one configured) and use those to send spam, but that's a lot of effort to go to and I've never seen any malware do that (and if malware does do that then *everyone*'s screwed because it'll start sending spam through corporate email servers, gmail, etc.). So the networks in question were essentially immune to sending spam email, yet were still being blocked by the CBL from sending email because they had a client making spammy web requests - this makes no sense.
Hence blocking direct access to port 25 through the firewall stops most spambots from actually sending spam.
And this is exactly how the networks in question are set up, yet this does nothing to prevent the network from being listed on the CBL since the CBL's honeypot is checking for suspicious HTTP connections rather than SMTP traffic.
If the spams are relayed through your own smarthosts, then how about some kind of rate-limiting mechanism with alerts to the administrator? Quick action by the admin would prevent listing.
To reiterate, in case it wasn't clear from the blog article, there was no spam email leaving the network - port 25 is blocked, the only way
I have nothing against minivans, I used to own a Honda Odyssey, very nice vehicle.
They are now behind the times when it comes to technology. Seriously, no touch screen display in the Odyssey, what are they thinking?/quote?
I'm guessing they were thinking "the driver needs to operate this while keeping his eyes on the road. Seriously, WTF would you want touch controls in a car?!
Very well put. Getting a large ISP whose staff "follow the flowchart" to provide such things is not as easy as some make out. I have a number of non-catalogue products including bonded FTTC which has saved me a fortune on what I used to pay for dedicated hosting (I don't need 5 9's uptime). Instead of a call centre grunt giving a standard "We don't provide that service" response, I get a technically literate person on the end of the phone who understands what I'm asking for and says "Let me have a word, see what we can do". You pay for that kind of service, but for me it's worth it.
The ISPs I've dealt with are servicing expensive leased lines... you'd expect them to pull out a few stops to make things happen, but no...
Andrews & Arnold would be my guess. Though I'd prefer to describe things like rDNS delegation as something that any non-crap ISP will do, rather than geeky extras...
In my experience of dealing with a lot of different ISPs for customers is that almost none of them know that rDNS can be delegated, and when you eventually manage to get through to a third line engineer and explain to them how it works and point them at the RFCs, you eventually get told that their internal systems aren't set up to allow it, so no.
As to our complaint, our issue was that the system as designed didn't seem to have the ability for YOU to lock your own system in the even that you needed to do that.
That is a *good thing* - you can't expect people to rely on systems that are designed to be shut down on a whim. Designing systems to be robust and reliable promotes adoption (a good example of this is the Internet - it has proved to be extremely robust and has benefitted society massively because people know they can rely on it. I'm extremely unconvinced that the same would be true if it was designed to be shut down on a whim, especially with the corporate interests that are frequently involved in politics. Just imagine if the content industry had been able to convince a government to turn off the internet to stop piracy.).
We're your allies. We're not aholes.
Extremely debatable I'm afraid. Much of what the US government does certainly comes across as very "aholed", and much of the european population is unimpressed in the way european governments frequently bend over to accommodate that aholeness.
You're likely using an Intel or AMD processor... both of which are American.
How is that relevant? Intel can't decide they no longer like me and shut my computer down, as the US can do with NavStar. The worst they can do is stop selling processors to certain countries, which gives those countries a good few years to find an alternative.
And then you're likely using an operating system designed in the US.
I'm using Linux, which is developed as a global collaberation.
Even most of the linux distros are US in origin. Etc.
Really, no, they aren't. Most linux distributions are global in nature - they are sometimes sponsored by big companies, and those companies are sometimes, but not always, US companies (although usually with subsiduaries across the world), but the development happens world-wide. If Red Hat, for example, decided to no longer ship Fedora to Europe then that really wouldn't be a big deal because everone would just switch to an alternative distro. And again, Red Hat can't just go and switch off everyone's computer on a whim, the most they can do is just not provide any updates.
We are your friends. Built whatever you like. Its your money. It just becomes hard to coordinate with you if you're using other systems that don't mesh with ours easily.
*That* is exactly what people have been telling the US for decades, but the US frequently tends to ignore existing global standards and invent their own. The reason for this is that if you have standards that are incompatible with the rest of the world, it helps keep business local - people can't import equipment from the cheapest vendor, they have to buy from a US vendor because no one else is manufacturing stuff compatible with the US standards.
Take a good look at telco standards, for example: the ITU publish protocol standards which are then customised by national standards bodies. ETSI, for the most part just republishes the ITU specs unchanged. Conversely, ANSI changes things left right and centre - ok so a few of the changes are for good reason, but in my experience the vast vast majority of the changes are just doing pointless stuff like swapping the order of various bitfields in the packets, which serve no purpose beyond ensuring the US isn't compatible with anyone else.
Why would the Europeans need anything else? They get everything the americans get out of it. Including military targeting.
When the system was originally being discussed, the US government were fairly strongly pushing the EU not to implement it, and gave the reasoning that the US would never shut NavStar down so the EU didn't need to implement their own system. When it became clear that the EU were going ahead with the experimental phase of galileo, the US government changed their tack, complaining that they wouldn't be able to shut it down in the event of a conflict and that therefore the EU shouldn't build it. (In the end there was a bit of a compromise and Galileo was redesigned to allow localised jamming).
Notice the problem here? The US has pressured the EU on two conflicting lines of reasoning, which is a pretty good indication that we *can't* trust NavStar not to be shut down. To be honest, the fact that they have been pressuring the EU over this at all indicates that they have vested interests and are therefore not especially trustworthy.
Look, build whatever you want. It just seems like in this case the euros are just saying "me too" and building something because someone else built it never mind that its redundant.
What I don't get is the number of Americans, who have come out and said more or less what you have - complaining that the EU shouldn't be implementing stuff. Seriously: why do you care so much as to complain about it?
FWIW, I understand that Galileo will offer better-than-NavStar accuracy for all users, and that people who require greater accuracy will be able to buy a subscription to the service - this is something you can't do with NavStar, since the high accuracy service is limited to the US military only and not available for the public (or indeed, other militaries without the US's say-so).
Who the fuck expects a EULA for a fucking appliance?
In this regard it isn't much different to the Windows EULA on a PC. In both cases it seems nuts that you have to agree to an ongoing contract in order to use a device you purchased (especially since that ongoing contract isn't presented until *after* exchanging money).
Frankly, I'd like to see shrinkwrap contracts banned altogether.
Yes. Thank you. I don't understand why there is so little in the way of outbound port and IP control on home routers. You have to install one of the open source WRT packages and know how to maintain iptables to even run a wifi access point safely, these days.
If you can't figure out iptables, the chances are you don't understand networking enough to sensibly set up egress filtering for yourself, so putting a UI on cunsumer grade routers seems pretty pointless...
I've heard up to 15x brighter than the moon. But it's all speculation. They do not know how much, if any of the comet will survive its encounter with the sun. It's possible it could be anywhere from barely visible or extremely spectacular. We're just going to have to wait and see. I really hope it's a dazzler though. My sons 5yrs old and I can't even put into words how fantastic an event that would be for him. It's the kind of thing that would spawn a whole generation of scientists.
The "brighter than the moon" thing was banded around by the press, but AFAIK no reputable scientists ever expected it to get to lunar brightness.
Comparing against zero is fast. Yes, even in high level languages like JavaScript if you write your loop in reverse it goes faster because your compare will be against zero instead of some in-memory or register value. Do some assembly level programming. At that level it's blatantly, smacked in the face, obvious.
Conversely, in some conditions, iterating through data in reverse order is much slower due to the way data is frequently prefetched into caches. For example, if you request a byte from a storage medium, the OS may choose to fetch and cache several bytes following it, on the assumption that you will probably iterate through those next. If you go backwards then this prefetch logic doesn't work and you're forever fetching data from the media instead of being able to pull much of it from the cache.
The other side of the coin would be an interesting one - perhaps a Freedom Of Information request to GCHQ, to ask how many man-hours as a percentage of their total work is spent tracking and investigating paedophiles. I would wager a lot of money that, if they were to give an honest answer to that, it would be 0. GCHQ are not, and never will be, interested in tracking paedophiles.
And nor should they be, anymore than GCHQ should be going after shop lifters or any other petty criminal.
Their excuse is that they can ignore due-process to accomplish the all important job of maintaining national security. They can do this because the government has passed various "anti-terror" laws which more or less eliminate the need for due process. Unless you're going to start labelling paedophiles, shoplifters, drug sellers, etc. as terrorists (and therefore apply the anti-terror laws) then you're going to have to follow due process, which means warrantless spying seems like its out of the picture...
And yes, I'm aware that all sorts of non-terrorist activities are now being labelled as terrorism just so they can use those broad laws... *sigh*
OSx has all the same debugging spew your expecting, did you bother looking at the logs as you would on another host?
Console.app is hary, mmmmkay
*sigh* yes, I'm actually not a complete idiot. Some problems are logged by default, the vast majority are not and whilst some (but not all) of the ones that aren't logged can have their logging turned on by prodding around at the commandline as root, I'm not about to start talking my customers through doing that!
Seriously, this stuff used to be easy - you told an application to do something, something failed, the application popped up an error telling you what failed. You could then either fix it yourself, ask a professional to fix it, or realise that it's not something fixable because it's an outage somewhere on the Internet. Conversely, these days you tell an application to do something and the application just sits there looking like it's doing *something* forever, but it never actually does - whoever thought that was good for usability was a moron.
giving the user an easy way to see that error message would be really good!
Although not quite as accessible as having the error/exception thrown right into your face, you do realize that a lot of these types of errors do get logged to the system logger? (example: Event Viewer for Windows, syslog for Linux, etc). I'd imagine looking through this would be a tad easier than watching tcpdump output in real-time while you try to reproduce the problem in question (to use your example).
Some of them get logged by default, the vast majority aren't (or at the very least, require the user to twiddle settings at the commandline to turn logging on - and now we're in the realms of figuring out whether its easier to just tcpdump the damned thing than try to talk a user through poking at things on the commandline over the phone).
I seem to remember a suggestion someone made several years ago about using pictures of animals (or whatever easy to remember scheme you want, but that was the example) for error messages. Let's say you got a kitten; you could go to the documentation or the product website and look up what error code is associated with "kitten" and it would give you all the information you need (or that they could give you) on the "kitten" page. If that wasn't enough, you could go to some forums or whatever. The idea was that a kitten is a lot more memorable than 0xb00bface or whatever (well actually, that one's pretty memorable).
I dunno, I find "Authentication error: you probably typed your password wrong" a lot more memorable *and* useful... (And yes, I've had to trawl a tcpdump log in the past to find out that the IMAP server was returning an authentication error because Apple thought "An error occurred while contacting the mail server" was a useful enough error!)
Of course, I think the real takeaway is to have the documentation for your error codes posted in an organized and useful manner, but who doesn't like kittens?
I had a great one a few years ago from the HMRC website while I was filling in my tax return. It came up with a numeric error code, no description of what the error was and no online documentation of errors. So I phoned up the helpline, sat on hold for 30-45 minutes, and when I eventually got through to someone they asked for my email address and the error code, they typed both of them into their computer and their computer automatically emailed me some static text explaining what the error code was. So given that they had a database to translate error codes into error text, WTF wasn't that database actuallylinked to the tax return website rather than them having to employ someone to answer the phone and me having to waste 45 minutes of my working day (when I *should* have been making money, which would've increased their tax revenue!)?
I appreciate having a helpline there to resolve problems that I can't fix myself, but it shouldn't be there *instead* of the information I need to sort out the problem myself.
It's a disgrace. I also can't believe that Microsoft still haven't given us a way to at copy and paste error messages from dialog boxes when they do bother to produce an error message.
My favorite is something along the lines of "An error occurred, please contact your system administrator" and I'm left thinking "ok, I am my system administrator and I have *no clue* what the error is".
iPhone's are for hipsters. OSX is certified UNIX running on rock solid, high performance hardware. Don't confuse the two.
I used Linux exclusively for fifteen years. I've contributed to many open source projects, including the Linux kernel, and I'm the maintainer of Linux::LVM and other projects. In other words, I'm a fan of Linux. From one fan of Linux to another, don't dismiss OSX just because the same company makes overpriced toys as well. It's a solid UNIX which will run all of your favorite FOSS software, and do it well.
TBH the biggest problem I'm seeing in the wild with the latest software from Apple, Microsoft and Google is the lack of sensible exception handling.
In the old days, if something broke you got an error message telling you that something broke and giving you enough information to figure out what (hell, even if it was just "Error 2312 happened" you could at least look it up). Then they (primarilly Apple it seems, but the others are not blameless) decided that telling people what broke isn't user friendly so you got totally unhelpful "something broke" error messages with no indication as to what - many times I've have to trawl through a tcpdump capture to figure out what went wrong, and often it's that the remote server returned an error message - giving the user an easy way to see that error message would be really good!
Now, increasingly I'm seeing new software simply not producing any error messages at all - it just sits there looking like its waiting on a remote server or something when in fact it's doing nothing because the remote server threw an error back. Added to that the fact that a lot of software is now becoming an asynchronous background service means you don't even know *when* its trying and failing, all you know is it just isn't working (stuff like iCloud - all you know is that your calendars / files / whatever aren't syncing, no indication as to why or when it failed).
I get that the majority of people aren't going to *personally* find debugging information useful, but when they take it to a professional to figure out why it isn't working it would be damned helpful for the professional to be able to get at some information about what's going on - if you want to keep the error dialogue boxes tidy, just hide the debugging information in an "advanced" button.
Bitcoin economy has grown faster than the amount of coins in circulation for most of its existence, as shown by the price going up, yet the bad things don't seem to be manifesting. So I guess the very few people are right on this one.
Bitcoin is not really being used as a currency - it's largely being used as a security (much the same as shares). The Bitcoin advocates seem to want it to be an actual currency - when you have an entire country using it for every day transactions, using bitcoin wallets instead of a chequing account, etc. rather than continually converting back and forth between bitcoins and a real currency, deflation will become a big problem, just as it has with other real currencies that have suffered deflation.
The bitcoin system doesn't protect against seizure and use of bitcoins; it protects against ledger fraud.
So these "grave" robbers can't reclaim old blocks... they can only decrypt the wallets the coins are stored in. Assuming they were ever encrypted to begin with.
Lets assume for a minute that someone dies and their wallet is destroyed. Cracking the encryption on their *wallet* isn't possible because the wallet has been destroyed. But, their bitcoins still "exist" by virtue of the global ledger showing that they were transferred to that wallet and were never transferred from that wallet to anywhere else. It's just that without that wallet, no one can create new entries on the ledger regarding those coins.
[Many years pass.]
So now, with enough computational grunt, you could forge a transaction on the ledger that shows a transfer happening *now*, of the coins from the destroyed wallet to your wallet. You now own these coins - you never needed to have access to the old wallet or crack it's password; you just needed to spoof a transaction on the ledger. That transaction isn't protected by the whole "the older it is, the more secure it is" thing, because you're not trying to make it look like a transaction happened many years ago, you're trying to make it look like a transaction happened *now*. As far as anyone else can see, the coins were transferred to you from a wallet that hasn't been used in many years, but no one was to know that the wallet had actually been destroyed.
Now, whether or not we will ever have enough compute power to make that feasible is another question.
Isn't it inevitable that the total pool of BitCoins would be reduced to nothing as owners die off without passing on their wallets? That was the intent of my original question.
No more inevitable than people having stashed away money that gets destroyed in fires (or other) will result in all money being reduced to nothing.
The difference is that with a fiat currency, the controlling government just prints more money to replace that which is lost. In fact, in general the controlling governments print *more* than was lost, which leads to inflation (whether or not this is a good thing is debatable - certainly too much inflation is bad, but it can be argued that a small amount of inflation increases liquidity and is therefore good).
Bitcoin, on the other hand, has a hard limit whereupon no more bitcoins will ever be produced. This has 2 problems: firstly, in your example where some coins are lost the number of coins in circulation will inevitably decrease over the long term, leading to deflation and reduced liquidity. Secondly, economies are not a fixed size and (in general) tend to grow - in the case of bitcoins, at some point the economy will likely be growing faster than the total number of bitcoins in circulation, and when that happens we get deflation. Very few people would argue that deflation wasn't a very bad thing.
"python code" oh, I thought we were talking about real code. I kid. I kid.
As I said, most people don't need vastly in depth coding abilities, but some basic stuff is often helpful. The example I gave was a trivial bit of code (and yes, I used python - did I mention it was *trivial*?) which saved a lot of time, yet the person doing the job didn't know how to write that code because they had zero experience of writing code. Teach people at school how to code and the majority aren't going to be able to write a new operating system or a new word processor, nor do they need to - what they are going to be able to do is write trivial bits of code to make their every day jobs easier, and that is why we should be teaching this stuff.
Thing is, everybody does not need to be taught coding, but they really should be at least shown how to use a computer. In the same manner that everybody does not need a mandatory engine building class, though driver's education would be nice along with the basics on how to maintain an automobile. Even that is not mandatory in these parts.
Everybody does not need to be taught maths (beyond basic arithmetic), everybody does not need to be taught physics, everybody does not need to be taught metal work, everybody does not need to be taught art, everybody does not need to be taught a second language. And yet, it is mandatory for state schools in the UK to teach all of these things, and more, because having a broad knowledge is generally a good thing even if it isn't directly applicable to your chosen career... and that's even if you've chosen a career - we're talking about teaching some basic coding to 7 year olds, who frankly won't have chosen a career yet so giving them a broad education is even more important.
Even after you've chosen your career, you'll find a broad knowledge to be beneficial. For example, I was helping my fiancée do some statistical analysis a few months back. She's a doctor, so you might say "absolutely no programming experience necessary", and yet as part of her work she had to audit several years' worth of historical data and draw statistical conclusions from it. With no coding knowledge, left to her own devices she would've been spending days manually summing up numbers from stacks of ancient data; on the other hand I spent a few minutes writing some simple python code to do a lot of the analysis for her. All the coding was trivial, but to someone who has never written any code it was impossible - that's the kind of thing that people in all sorts of professions need to be able to do.
This, ladies and gentlemen, is why we don't get any kind of respect in management. Because that's what they see in us: The computerized equivalent of plumbers and bricklayers.
I would imagine that the plumbers and bricklayers also get pissed off with this kind of attitude.
Have you ever tried building a wall? Tried doing it as quickly and neatly as a professional bricky? These are all skilled professions that require a lot of training and experience. What makes you think that programmers and engineers should be seen differently to other skilled professionals? Frankly, I find it depressing that *any* skilled professional should be seen the way the "journalist" sees software developers and the way you obviously see other professions.
Slashdot Mirror
It wasn't clear to me from the article that this was the problem. However, It's still not clear to me that this is the case. You assert that fetching some "spammy" URLs causes the listing, but the folks at CBL don't say what their listing criteria is, so I assume you have some hard evidence and not just suspicions that the fetching of honeypot URLs causes a listing?
When you get listed, you can look up the reason why and it tells you.
From my reading about Zbot, the only URLs it fetches are from C&C servers, so the CBL operators would have to have taken over a Zbot C&C server (or have access to the logs from a someone who has gained control of a C&C server).
I believe (and I'm not altogether clear whether this is accurate) that Zbot uses C&C domains that are generated programmatically based on the time of day, so CBL have managed to register some of those domains before the real bot owners and therefore set up a honeypot of C&C servers.
I am not sure what is ill-thought-out about their policies. In both scenarios, IP address is sending SPAM. IP address gets blocked.
The ill-thought-out bit is that the CBL is an *spam email* blocklist, but their heuristics cause networks that aren't sending spam email to get listed and therefore blocked. Whilst there is no arguement that the networks were infected with malware, listing them on the CBL serves no useful purpose since they were of no threat to the systems that would be using the CBL (mail servers).
Previously, sharing an IP address between multiple services was a reasonable idea - there was never a reason not to do this and it conserves IP addresses. However, with the advent of the CBL using an HTTP honeypot to populate an SMTP blocklist, there simply isn't any sensible way to run a network in this configuration - it just takes one person to connect an infected laptop to the network for a short period of time, and all the email starts getting blocked.
Because of this, we are now having to standardise on running mail servers on a separate IP address - this does nothing to decrease the incidence of malware, it simply stops an infected network being listed on the CBL.
The author (you?) ask for a list of honeypot addresses, but you could be a spammer, who could use that list to delay blocking of the SPAM.
I could be a spammer, but I'm not.
The idea was that as the malware was always connecting through the transparent proxy servers, having a list of honeypot addresses or some other way of fingerprinting the request we could (1) automatically isolate the affected system, and (2) automatically inform the sysadmin so (s)he could clean up the mess. This would be a Good Thing for everyone.
As it turns out, the CBL maintainers were not cooperative (for whatever reason), so we're stuck with the aforementioned interrim measure of separating services onto different IPs rather than actually resolving the root problem.
People in the business of securing networks really do need to trust each other to some extent - if they refuse to cooperate out of paranoia then the spammers have basically won already since there's no way anyone can effectively defend against spam and malware in isolation.
Also, I have not seen a SPAM bot that uses the smarthost. This doesn't mean that they don't exist, but I think that they are rare.
Indeed. That was the point I was making: the only way to send email out of the affected networks was via authenticated smarthosts. Yes its posible that some malware could extract the authentication credentials out of a user's mail client (if they have one configured) and use those to send spam, but that's a lot of effort to go to and I've never seen any malware do that (and if malware does do that then *everyone*'s screwed because it'll start sending spam through corporate email servers, gmail, etc.). So the networks in question were essentially immune to sending spam email, yet were still being blocked by the CBL from sending email because they had a client making spammy web requests - this makes no sense.
Hence blocking direct access to port 25 through the firewall stops most spambots from actually sending spam.
And this is exactly how the networks in question are set up, yet this does nothing to prevent the network from being listed on the CBL since the CBL's honeypot is checking for suspicious HTTP connections rather than SMTP traffic.
If the spams are relayed through your own smarthosts, then how about some kind of rate-limiting mechanism with alerts to the administrator? Quick action by the admin would prevent listing.
To reiterate, in case it wasn't clear from the blog article, there was no spam email leaving the network - port 25 is blocked, the only way
That depends on how much you're letting spamhaus validate actual positives. It has to go both ways.
We've been having significant problems with the CBL's ill-thought-out policies (and Spamhaus imports data from the CBL)...
http://blog.nexusuk.org/2013/09/problems-with-cbl.html
I have nothing against minivans, I used to own a Honda Odyssey, very nice vehicle.
They are now behind the times when it comes to technology. Seriously, no touch screen display in the Odyssey, what are they thinking?/quote?
I'm guessing they were thinking "the driver needs to operate this while keeping his eyes on the road. Seriously, WTF would you want touch controls in a car?!
Very well put. Getting a large ISP whose staff "follow the flowchart" to provide such things is not as easy as some make out. I have a number of non-catalogue products including bonded FTTC which has saved me a fortune on what I used to pay for dedicated hosting (I don't need 5 9's uptime). Instead of a call centre grunt giving a standard "We don't provide that service" response, I get a technically literate person on the end of the phone who understands what I'm asking for and says "Let me have a word, see what we can do". You pay for that kind of service, but for me it's worth it.
The ISPs I've dealt with are servicing expensive leased lines... you'd expect them to pull out a few stops to make things happen, but no...
Andrews & Arnold would be my guess. Though I'd prefer to describe things like rDNS delegation as something that any non-crap ISP will do, rather than geeky extras...
In my experience of dealing with a lot of different ISPs for customers is that almost none of them know that rDNS can be delegated, and when you eventually manage to get through to a third line engineer and explain to them how it works and point them at the RFCs, you eventually get told that their internal systems aren't set up to allow it, so no.
Its a pretty sad state of affairs.
As to our complaint, our issue was that the system as designed didn't seem to have the ability for YOU to lock your own system in the even that you needed to do that.
That is a *good thing* - you can't expect people to rely on systems that are designed to be shut down on a whim. Designing systems to be robust and reliable promotes adoption (a good example of this is the Internet - it has proved to be extremely robust and has benefitted society massively because people know they can rely on it. I'm extremely unconvinced that the same would be true if it was designed to be shut down on a whim, especially with the corporate interests that are frequently involved in politics. Just imagine if the content industry had been able to convince a government to turn off the internet to stop piracy.).
We're your allies. We're not aholes.
Extremely debatable I'm afraid. Much of what the US government does certainly comes across as very "aholed", and much of the european population is unimpressed in the way european governments frequently bend over to accommodate that aholeness.
You're likely using an Intel or AMD processor... both of which are American.
How is that relevant? Intel can't decide they no longer like me and shut my computer down, as the US can do with NavStar. The worst they can do is stop selling processors to certain countries, which gives those countries a good few years to find an alternative.
And then you're likely using an operating system designed in the US.
I'm using Linux, which is developed as a global collaberation.
Even most of the linux distros are US in origin. Etc.
Really, no, they aren't. Most linux distributions are global in nature - they are sometimes sponsored by big companies, and those companies are sometimes, but not always, US companies (although usually with subsiduaries across the world), but the development happens world-wide. If Red Hat, for example, decided to no longer ship Fedora to Europe then that really wouldn't be a big deal because everone would just switch to an alternative distro. And again, Red Hat can't just go and switch off everyone's computer on a whim, the most they can do is just not provide any updates.
We are your friends. Built whatever you like. Its your money. It just becomes hard to coordinate with you if you're using other systems that don't mesh with ours easily.
*That* is exactly what people have been telling the US for decades, but the US frequently tends to ignore existing global standards and invent their own. The reason for this is that if you have standards that are incompatible with the rest of the world, it helps keep business local - people can't import equipment from the cheapest vendor, they have to buy from a US vendor because no one else is manufacturing stuff compatible with the US standards.
Take a good look at telco standards, for example: the ITU publish protocol standards which are then customised by national standards bodies. ETSI, for the most part just republishes the ITU specs unchanged. Conversely, ANSI changes things left right and centre - ok so a few of the changes are for good reason, but in my experience the vast vast majority of the changes are just doing pointless stuff like swapping the order of various bitfields in the packets, which serve no purpose beyond ensuring the US isn't compatible with anyone else.
Why would the Europeans need anything else? They get everything the americans get out of it. Including military targeting.
When the system was originally being discussed, the US government were fairly strongly pushing the EU not to implement it, and gave the reasoning that the US would never shut NavStar down so the EU didn't need to implement their own system. When it became clear that the EU were going ahead with the experimental phase of galileo, the US government changed their tack, complaining that they wouldn't be able to shut it down in the event of a conflict and that therefore the EU shouldn't build it. (In the end there was a bit of a compromise and Galileo was redesigned to allow localised jamming).
Notice the problem here? The US has pressured the EU on two conflicting lines of reasoning, which is a pretty good indication that we *can't* trust NavStar not to be shut down. To be honest, the fact that they have been pressuring the EU over this at all indicates that they have vested interests and are therefore not especially trustworthy.
Look, build whatever you want. It just seems like in this case the euros are just saying "me too" and building something because someone else built it never mind that its redundant.
What I don't get is the number of Americans, who have come out and said more or less what you have - complaining that the EU shouldn't be implementing stuff. Seriously: why do you care so much as to complain about it?
FWIW, I understand that Galileo will offer better-than-NavStar accuracy for all users, and that people who require greater accuracy will be able to buy a subscription to the service - this is something you can't do with NavStar, since the high accuracy service is limited to the US military only and not available for the public (or indeed, other militaries without the US's say-so).
Who the fuck expects a EULA for a fucking appliance?
In this regard it isn't much different to the Windows EULA on a PC. In both cases it seems nuts that you have to agree to an ongoing contract in order to use a device you purchased (especially since that ongoing contract isn't presented until *after* exchanging money).
Frankly, I'd like to see shrinkwrap contracts banned altogether.
Yes. Thank you. I don't understand why there is so little in the way of outbound port and IP control on home routers. You have to install one of the open source WRT packages and know how to maintain iptables to even run a wifi access point safely, these days.
If you can't figure out iptables, the chances are you don't understand networking enough to sensibly set up egress filtering for yourself, so putting a UI on cunsumer grade routers seems pretty pointless...
I've heard up to 15x brighter than the moon. But it's all speculation. They do not know how much, if any of the comet will survive its encounter with the sun. It's possible it could be anywhere from barely visible or extremely spectacular. We're just going to have to wait and see. I really hope it's a dazzler though. My sons 5yrs old and I can't even put into words how fantastic an event that would be for him. It's the kind of thing that would spawn a whole generation of scientists.
The "brighter than the moon" thing was banded around by the press, but AFAIK no reputable scientists ever expected it to get to lunar brightness.
Comparing against zero is fast. Yes, even in high level languages like JavaScript if you write your loop in reverse it goes faster because your compare will be against zero instead of some in-memory or register value. Do some assembly level programming. At that level it's blatantly, smacked in the face, obvious.
Conversely, in some conditions, iterating through data in reverse order is much slower due to the way data is frequently prefetched into caches. For example, if you request a byte from a storage medium, the OS may choose to fetch and cache several bytes following it, on the assumption that you will probably iterate through those next. If you go backwards then this prefetch logic doesn't work and you're forever fetching data from the media instead of being able to pull much of it from the cache.
The other side of the coin would be an interesting one - perhaps a Freedom Of Information request to GCHQ, to ask how many man-hours as a percentage of their total work is spent tracking and investigating paedophiles. I would wager a lot of money that, if they were to give an honest answer to that, it would be 0. GCHQ are not, and never will be, interested in tracking paedophiles.
And nor should they be, anymore than GCHQ should be going after shop lifters or any other petty criminal.
Their excuse is that they can ignore due-process to accomplish the all important job of maintaining national security. They can do this because the government has passed various "anti-terror" laws which more or less eliminate the need for due process. Unless you're going to start labelling paedophiles, shoplifters, drug sellers, etc. as terrorists (and therefore apply the anti-terror laws) then you're going to have to follow due process, which means warrantless spying seems like its out of the picture...
And yes, I'm aware that all sorts of non-terrorist activities are now being labelled as terrorism just so they can use those broad laws... *sigh*
OSx has all the same debugging spew your expecting, did you bother looking at the logs as you would on another host?
Console.app is hary, mmmmkay
*sigh* yes, I'm actually not a complete idiot. Some problems are logged by default, the vast majority are not and whilst some (but not all) of the ones that aren't logged can have their logging turned on by prodding around at the commandline as root, I'm not about to start talking my customers through doing that!
Seriously, this stuff used to be easy - you told an application to do something, something failed, the application popped up an error telling you what failed. You could then either fix it yourself, ask a professional to fix it, or realise that it's not something fixable because it's an outage somewhere on the Internet. Conversely, these days you tell an application to do something and the application just sits there looking like it's doing *something* forever, but it never actually does - whoever thought that was good for usability was a moron.
giving the user an easy way to see that error message would be really good!
Although not quite as accessible as having the error/exception thrown right into your face, you do realize that a lot of these types of errors do get logged to the system logger? (example: Event Viewer for Windows, syslog for Linux, etc). I'd imagine looking through this would be a tad easier than watching tcpdump output in real-time while you try to reproduce the problem in question (to use your example).
Some of them get logged by default, the vast majority aren't (or at the very least, require the user to twiddle settings at the commandline to turn logging on - and now we're in the realms of figuring out whether its easier to just tcpdump the damned thing than try to talk a user through poking at things on the commandline over the phone).
I seem to remember a suggestion someone made several years ago about using pictures of animals (or whatever easy to remember scheme you want, but that was the example) for error messages. Let's say you got a kitten; you could go to the documentation or the product website and look up what error code is associated with "kitten" and it would give you all the information you need (or that they could give you) on the "kitten" page. If that wasn't enough, you could go to some forums or whatever. The idea was that a kitten is a lot more memorable than 0xb00bface or whatever (well actually, that one's pretty memorable).
I dunno, I find "Authentication error: you probably typed your password wrong" a lot more memorable *and* useful... (And yes, I've had to trawl a tcpdump log in the past to find out that the IMAP server was returning an authentication error because Apple thought "An error occurred while contacting the mail server" was a useful enough error!)
Of course, I think the real takeaway is to have the documentation for your error codes posted in an organized and useful manner, but who doesn't like kittens?
I had a great one a few years ago from the HMRC website while I was filling in my tax return. It came up with a numeric error code, no description of what the error was and no online documentation of errors. So I phoned up the helpline, sat on hold for 30-45 minutes, and when I eventually got through to someone they asked for my email address and the error code, they typed both of them into their computer and their computer automatically emailed me some static text explaining what the error code was. So given that they had a database to translate error codes into error text, WTF wasn't that database actuallylinked to the tax return website rather than them having to employ someone to answer the phone and me having to waste 45 minutes of my working day (when I *should* have been making money, which would've increased their tax revenue!)?
I appreciate having a helpline there to resolve problems that I can't fix myself, but it shouldn't be there *instead* of the information I need to sort out the problem myself.
It's a disgrace. I also can't believe that Microsoft still haven't given us a way to at copy and paste error messages from dialog boxes when they do bother to produce an error message.
My favorite is something along the lines of "An error occurred, please contact your system administrator" and I'm left thinking "ok, I am my system administrator and I have *no clue* what the error is".
iPhone's are for hipsters. OSX is certified UNIX running on rock solid, high performance hardware. Don't confuse the two.
I used Linux exclusively for fifteen years. I've contributed to many open source projects, including the Linux kernel, and I'm the maintainer of Linux::LVM and other projects. In other words, I'm a fan of Linux. From one fan of Linux to another, don't dismiss OSX just because the same company makes overpriced toys as well. It's a solid UNIX which will run all of your favorite FOSS software, and do it well.
TBH the biggest problem I'm seeing in the wild with the latest software from Apple, Microsoft and Google is the lack of sensible exception handling.
In the old days, if something broke you got an error message telling you that something broke and giving you enough information to figure out what (hell, even if it was just "Error 2312 happened" you could at least look it up). Then they (primarilly Apple it seems, but the others are not blameless) decided that telling people what broke isn't user friendly so you got totally unhelpful "something broke" error messages with no indication as to what - many times I've have to trawl through a tcpdump capture to figure out what went wrong, and often it's that the remote server returned an error message - giving the user an easy way to see that error message would be really good!
Now, increasingly I'm seeing new software simply not producing any error messages at all - it just sits there looking like its waiting on a remote server or something when in fact it's doing nothing because the remote server threw an error back. Added to that the fact that a lot of software is now becoming an asynchronous background service means you don't even know *when* its trying and failing, all you know is it just isn't working (stuff like iCloud - all you know is that your calendars / files / whatever aren't syncing, no indication as to why or when it failed).
I get that the majority of people aren't going to *personally* find debugging information useful, but when they take it to a professional to figure out why it isn't working it would be damned helpful for the professional to be able to get at some information about what's going on - if you want to keep the error dialogue boxes tidy, just hide the debugging information in an "advanced" button.
Bitcoin economy has grown faster than the amount of coins in circulation for most of its existence, as shown by the price going up, yet the bad things don't seem to be manifesting. So I guess the very few people are right on this one.
Bitcoin is not really being used as a currency - it's largely being used as a security (much the same as shares). The Bitcoin advocates seem to want it to be an actual currency - when you have an entire country using it for every day transactions, using bitcoin wallets instead of a chequing account, etc. rather than continually converting back and forth between bitcoins and a real currency, deflation will become a big problem, just as it has with other real currencies that have suffered deflation.
The bitcoin system doesn't protect against seizure and use of bitcoins; it protects against ledger fraud.
So these "grave" robbers can't reclaim old blocks... they can only decrypt the wallets the coins are stored in. Assuming they were ever encrypted to begin with.
Lets assume for a minute that someone dies and their wallet is destroyed. Cracking the encryption on their *wallet* isn't possible because the wallet has been destroyed. But, their bitcoins still "exist" by virtue of the global ledger showing that they were transferred to that wallet and were never transferred from that wallet to anywhere else. It's just that without that wallet, no one can create new entries on the ledger regarding those coins.
[Many years pass.]
So now, with enough computational grunt, you could forge a transaction on the ledger that shows a transfer happening *now*, of the coins from the destroyed wallet to your wallet. You now own these coins - you never needed to have access to the old wallet or crack it's password; you just needed to spoof a transaction on the ledger. That transaction isn't protected by the whole "the older it is, the more secure it is" thing, because you're not trying to make it look like a transaction happened many years ago, you're trying to make it look like a transaction happened *now*. As far as anyone else can see, the coins were transferred to you from a wallet that hasn't been used in many years, but no one was to know that the wallet had actually been destroyed.
Now, whether or not we will ever have enough compute power to make that feasible is another question.
Isn't it inevitable that the total pool of BitCoins would be reduced to nothing as owners die off without passing on their wallets? That was the intent of my original question.
No more inevitable than people having stashed away money that gets destroyed in fires (or other) will result in all money being reduced to nothing.
The difference is that with a fiat currency, the controlling government just prints more money to replace that which is lost. In fact, in general the controlling governments print *more* than was lost, which leads to inflation (whether or not this is a good thing is debatable - certainly too much inflation is bad, but it can be argued that a small amount of inflation increases liquidity and is therefore good).
Bitcoin, on the other hand, has a hard limit whereupon no more bitcoins will ever be produced. This has 2 problems: firstly, in your example where some coins are lost the number of coins in circulation will inevitably decrease over the long term, leading to deflation and reduced liquidity. Secondly, economies are not a fixed size and (in general) tend to grow - in the case of bitcoins, at some point the economy will likely be growing faster than the total number of bitcoins in circulation, and when that happens we get deflation. Very few people would argue that deflation wasn't a very bad thing.
"python code"
oh, I thought we were talking about real code. I kid. I kid.
As I said, most people don't need vastly in depth coding abilities, but some basic stuff is often helpful. The example I gave was a trivial bit of code (and yes, I used python - did I mention it was *trivial*?) which saved a lot of time, yet the person doing the job didn't know how to write that code because they had zero experience of writing code. Teach people at school how to code and the majority aren't going to be able to write a new operating system or a new word processor, nor do they need to - what they are going to be able to do is write trivial bits of code to make their every day jobs easier, and that is why we should be teaching this stuff.
Thing is, everybody does not need to be taught coding, but they really should be at least shown how to use a computer. In the same manner that everybody does not need a mandatory engine building class, though driver's education would be nice along with the basics on how to maintain an automobile. Even that is not mandatory in these parts.
Everybody does not need to be taught maths (beyond basic arithmetic), everybody does not need to be taught physics, everybody does not need to be taught metal work, everybody does not need to be taught art, everybody does not need to be taught a second language. And yet, it is mandatory for state schools in the UK to teach all of these things, and more, because having a broad knowledge is generally a good thing even if it isn't directly applicable to your chosen career... and that's even if you've chosen a career - we're talking about teaching some basic coding to 7 year olds, who frankly won't have chosen a career yet so giving them a broad education is even more important.
Even after you've chosen your career, you'll find a broad knowledge to be beneficial. For example, I was helping my fiancée do some statistical analysis a few months back. She's a doctor, so you might say "absolutely no programming experience necessary", and yet as part of her work she had to audit several years' worth of historical data and draw statistical conclusions from it. With no coding knowledge, left to her own devices she would've been spending days manually summing up numbers from stacks of ancient data; on the other hand I spent a few minutes writing some simple python code to do a lot of the analysis for her. All the coding was trivial, but to someone who has never written any code it was impossible - that's the kind of thing that people in all sorts of professions need to be able to do.
Not really angry. More disappointed.
This, ladies and gentlemen, is why we don't get any kind of respect in management. Because that's what they see in us: The computerized equivalent of plumbers and bricklayers.
I would imagine that the plumbers and bricklayers also get pissed off with this kind of attitude.
Have you ever tried building a wall? Tried doing it as quickly and neatly as a professional bricky? These are all skilled professions that require a lot of training and experience. What makes you think that programmers and engineers should be seen differently to other skilled professionals? Frankly, I find it depressing that *any* skilled professional should be seen the way the "journalist" sees software developers and the way you obviously see other professions.
Why don't they "just" write a secure Java virtual machine?
I'm pretty sure Oracle would sue them into the ground...