Well, I agree about the law part. I heard on the news this morning President Bush is going to sign some anti-spam bill today. Somehow, I don't think that will help either.
"so, the idea of also wasting human time and ingenuity in responding to spam conversationally is bad."
Perhaps it is, but technology alone doesn't seem likely to stop it. We use SpamAssassin on our server, spam tools and filters on our clients, and still some spam filters through.
I am not sure I agree with the idea that they don't won't to hear from you. Somebody, somewhere is looking for a response. True, sending a reply might get bounced back, but the reason this stuff goes on is because it is economically viable. If they lost money every time they did it, spammers might go away. I don't claim this is the solution, just one possible method to try.
It seems to me the reason people spam is because it is cheap to do. Sending out hundreds of thousands of emails for next to nothing.
What if everyone who got spam took 5 minutes a day and replied to a few? I am not saying they need to actually be interested in the pitch, but just send a nice polite letter saying you are. Could you send me some info by postal mail? Do you have an 800 number I can call? Could you contact me with greater detail to this question? Now, the spammer has to invest some time and possibly some money.
Millions of people get spam. If a small percentage would do this, would it deter spammers?
I would like to see an investigation of the idiots who projected SCOX stock should go to $45 a share. In a sane world, it would be overvalued at $1 a share. With a PE well over 100 (it actually had a profit for a quarter to calculate), you might as well advise playing the lottery. If they lose this case, they are worth nothing. If they win this case, they are still a company that it the long run produces nothing of value but litigation. I don't see a bright future here.
Do you suppose they sent an invoice to IBM yet? They qualify as Fortune 1000, and have made a big "public" display of using Linux. This is the kind of company SCO said they are going to target. If they don't have the guts to send a bill to IBM, they really don't think they have a chance.
So, if a user creates a directory on the root of his system in Windows 2000, anyone who can log on locally to that machine, which is by default anyone who belongs to that domain, can do whatever they want with those files. In any reasonable Unix configuration the default umask value does not create files with unlimited world access.
I think that is what he is saying, and I think it is true Microsoft has made things easier to use at a price. While a user could just make a few clicks as you suggest, Microsoft could just as well ship the product so the default is not world write or execute.
Instead of complaining about "Fucking GNU hippies" and posting mindless attacks against someone with a valid point, please provide some practical security advice for Windows users.
Exactly what I thought when I read this. We have over 3,000 employes, but only about 10 percent use a computer. The rest are assembly line workers who never would touch one. If they really go off the reported number of employees, it doesn't sound like much of a deal to me.
"SCO reserves the right to withdraw registrations using our discretion."
You think maybe they expect people to register who actually don't care about the great procucts they offer? I urge everybody to sign up now. The agenda says there will be a Q&A session. I can hardly wait.
I am willing to bet the vast majority of these attacks for Windows and Linux are related to known flaws that aren't patched. Yes, I know it is tough to keep up to date on all these patches, I manage hundreds of Linux and Windows boxes. But even Microsoft had patches out for SQL slammer 184 days before the first attack. For Klez-E it was 294 days, and for Nimda it was 336 days!
A lot of Linux attacks are in the same boat. I know people (not me of course;) who have sendmail hacks that were patched months ago. I don't know what the ultimate solution is, but I think mostly it involves being proactive. If you are going to be on the Internet, you are going to be attacked. Better be ready for it.
No, if the "Defense" Department demonstrates that a justifiable concern that software produced overseas is a security risk, then it is prudent to give preference to domestic software.
However, as Microsoft and many other large domestic software companies are sending thousands of programming jobs abroad, the lines get a little blurry here.
I can see somebody doing this, but the fact that nobody raised an alarm seems incredible. Most mainframes I have worked on are used my hundreds or thousands or users, often 24 hours a day. Our system can't be down 30 seconds without somebody complaining.
Buffer overflow in LinuxNode (node) 0.3.2 and earlier allows remote attackers to execute arbitrary code. Latest version 0.3.2.
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code. Affects Red Hat versions up to latest 9.0 release.
Unzip bug affects all versions 5.5 and earlier. Latest version is 5.5 with an update to 5.51 planned.
I haven't checked all these updates, but the first three apply even if you have the latest version. Did you actually check any of these, or are you just talking out your ass? If you want to verify that the Debian is more at risk than any other distro please provide some details, otherwise please shut the fuck up.
We have installed a number of Linux guest machines using VM. Here are the pros and cons I found.
Cons Yes you must have somebody who understands VM well. If you have this hardware, you probably already have somebody. Raw CPU power is not the strength of this setup. If you need that, there are better solutions. If you go with a commercial Linux distro for the Z series, you can pay big bucks. Our quote from Red Hat for Z was about ten times more than Red Hat AS.
Pros Easy to create numerous virtual servers. Great for testing. No matter what you do on those virtual servers in Linux, you are not going to screw up anything else (short of sucking up resources). Very reliable. We have our system connected to an IBM Enterprise Storage System with a ton of disk space. It has redundant everything, calls home (IBM) if there is a problem, and runs like a tank. Very good I/O performance. Computer Associates has a white paper benchmarking performance vs Wintel (Dell Xeon servers I think).
Also, you might want to take a look at the Debian port for this. That is what we have been using for the last year, and it seems to work as well as the SuSE or Red Hat version, and has a $0 initial cost. There is commercial support for Debian on this platform also.
Speaking of Canopy, we had a meeting yesterday with a company that makes some interesting looking desktop management software. The software looks decent enough. I ask the rep to tell me a little bit about his company, and he mentions that they are located in Utah. I ask, are you part of the Canopy group by any chance? Well yes we are rep says with a smile on his face, probably thinking this will impress me.
I say thank you for you time, and show them to the door while asking them not to bother calling again.
The format of your resume probably won't impress anybody nearly as much as the content. That being said, unless you are sending blindly to a lot of people, I would suggest you contact the person you are sending to and ask what they would like to see.
When my HR department contacts me because they get a resume they can't open because it is in some oddball format, most of the time it is going to get trashed. MS Word is sadly a safe bet, but we would prefer plain text better. A lot of large companies will scan these things in and a live person might never read the original copy.
Check out the reply given by the SCO employee. Is it just me, or does the fact that somebody from SCO complains about professionalism, but can't even spell the word correctly seem hilarious.
8/10ths of 1% at the level it is right now maybe. Figure the value at under a buck a share and it gets more interesting.
Also, why does such a insignificant little company like SCO need so many VPs and other PHB titles. I work for a company that does 8 times SCO revenue, (and has been making a profit for over 50 years), and we don't have half that much dead weight.
If anybody out there is stupid enough to listen to Gartner, please tell them to pull their head out of their anal orifice and try thinking for themselves.
SCO hasn't proven anything (unless you count proving they are a company devoid of morals and brains). Even in a worst-case scenario, you are faced with the possibility of paying a license fee, versus the certainty of paying by going with Microsoft. If it ever comes to a point where a judge says use of certain code in the Linux kernel requires a payment to SCO, it will be replaced quickly.
While I don't think this sounds like that bad of an idea, I do wonder about the price. Given that Red Hat Enterprise Linux AS can set you back $1500 or more to start, and Novell typically charges per user, this could be a pricey product.
I'll wait to see the final details and what value it delivers, but I think they might be a tough time.
Couldn't agree more. I had the misfortune of working with SCO products years back, and I wouldn't touch anything thing they make now if they gave it away it free and threw in a happy meal with it.
Slashdot Mirror
Sorry, but he said eVC++ 4.0. This is eMbedded Visual C++ 4.0 for Pocket PC/Windows Mobile development and it is the latest version for that platform.
Well, I agree about the law part. I heard on the news this morning President Bush is going to sign some anti-spam bill today. Somehow, I don't think that will help either.
"so, the idea of also wasting human time and ingenuity in responding to spam conversationally is bad."
Perhaps it is, but technology alone doesn't seem likely to stop it. We use SpamAssassin on our server, spam tools and filters on our clients, and still some spam filters through.
I am not sure I agree with the idea that they don't won't to hear from you. Somebody, somewhere is looking for a response. True, sending a reply might get bounced back, but the reason this stuff goes on is because it is economically viable. If they lost money every time they did it, spammers might go away. I don't claim this is the solution, just one possible method to try.
It seems to me the reason people spam is because it is cheap to do. Sending out hundreds of thousands of emails for next to nothing.
What if everyone who got spam took 5 minutes a day and replied to a few? I am not saying they need to actually be interested in the pitch, but just send a nice polite letter saying you are. Could you send me some info by postal mail? Do you have an 800 number I can call? Could you contact me with greater detail to this question? Now, the spammer has to invest some time and possibly some money.
Millions of people get spam. If a small percentage would do this, would it deter spammers?
You are not paranoid when everybody really is out to get you.
I would like to see an investigation of the idiots who projected SCOX stock should go to $45 a share. In a sane world, it would be overvalued at $1 a share. With a PE well over 100 (it actually had a profit for a quarter to calculate), you might as well advise playing the lottery. If they lose this case, they are worth nothing. If they win this case, they are still a company that it the long run produces nothing of value but litigation. I don't see a bright future here.
Do you suppose they sent an invoice to IBM yet? They qualify as Fortune 1000, and have made a big "public" display of using Linux. This is the kind of company SCO said they are going to target. If they don't have the guts to send a bill to IBM, they really don't think they have a chance.
So, if a user creates a directory on the root of his system in Windows 2000, anyone who can log on locally to that machine, which is by default anyone who belongs to that domain, can do whatever they want with those files. In any reasonable Unix configuration the default umask value does not create files with unlimited world access.
I think that is what he is saying, and I think it is true Microsoft has made things easier to use at a price. While a user could just make a few clicks as you suggest, Microsoft could just as well ship the product so the default is not world write or execute.
Instead of complaining about "Fucking GNU hippies" and posting mindless attacks against someone with a valid point, please provide some practical security advice for Windows users.
Exactly what I thought when I read this. We have over 3,000 employes, but only about 10 percent use a computer. The rest are assembly line workers who never would touch one. If they really go off the reported number of employees, it doesn't sound like much of a deal to me.
Interesting note on the signup page:
"SCO reserves the right to withdraw registrations using our discretion."
You think maybe they expect people to register who actually don't care about the great procucts they offer? I urge everybody to sign up now. The agenda says there will be a Q&A session. I can hardly wait.
I am willing to bet the vast majority of these attacks for Windows and Linux are related to known flaws that aren't patched. Yes, I know it is tough to keep up to date on all these patches, I manage hundreds of Linux and Windows boxes. But even Microsoft had patches out for SQL slammer 184 days before the first attack. For Klez-E it was 294 days, and for Nimda it was 336 days!
;) who have sendmail hacks that were patched months ago. I don't know what the ultimate solution is, but I think mostly it involves being proactive. If you are going to be on the Internet, you are going to be attacked. Better be ready for it.
A lot of Linux attacks are in the same boat. I know people (not me of course
No, if the "Defense" Department demonstrates that a justifiable concern that software produced overseas is a security risk, then it is prudent to give preference to domestic software.
However, as Microsoft and many other large domestic software companies are sending thousands of programming jobs abroad, the lines get a little blurry here.
I can see somebody doing this, but the fact that nobody raised an alarm seems incredible. Most mainframes I have worked on are used my hundreds or thousands or users, often 24 hours a day. Our system can't be down 30 seconds without somebody complaining.
Buffer overflow in LinuxNode (node) 0.3.2 and earlier allows remote attackers to execute arbitrary code. Latest version 0.3.2.
Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when authenticating to a remote service, allows remote attackers to execute arbitrary code. Affects Red Hat versions up to latest 9.0 release.
Unzip bug affects all versions 5.5 and earlier. Latest version is 5.5 with an update to 5.51 planned.
I haven't checked all these updates, but the first three apply even if you have the latest version. Did you actually check any of these, or are you just talking out your ass? If you want to verify that the Debian is more at risk than any other distro please provide some details, otherwise please shut the fuck up.
We have installed a number of Linux guest machines using VM. Here are the pros and cons I found.
Cons
Yes you must have somebody who understands VM well. If you have this hardware, you probably already have somebody.
Raw CPU power is not the strength of this setup. If you need that, there are better solutions.
If you go with a commercial Linux distro for the Z series, you can pay big bucks. Our quote from Red Hat for Z was about ten times more than Red Hat AS.
Pros
Easy to create numerous virtual servers. Great for testing. No matter what you do on those virtual servers in Linux, you are not going to screw up anything else (short of sucking up resources).
Very reliable. We have our system connected to an IBM Enterprise Storage System with a ton of disk space. It has redundant everything, calls home (IBM) if there is a problem, and runs like a tank.
Very good I/O performance. Computer Associates has a white paper benchmarking performance vs Wintel (Dell Xeon servers I think).
Also, you might want to take a look at the Debian port for this. That is what we have been using for the last year, and it seems to work as well as the SuSE or Red Hat version, and has a $0 initial cost. There is commercial support for Debian on this platform also.
Speaking of Canopy, we had a meeting yesterday with a company that makes some interesting looking desktop management software. The software looks decent enough. I ask the rep to tell me a little bit about his company, and he mentions that they are located in Utah. I ask, are you part of the Canopy group by any chance? Well yes we are rep says with a smile on his face, probably thinking this will impress me.
I say thank you for you time, and show them to the door while asking them not to bother calling again.
The format of your resume probably won't impress anybody nearly as much as the content. That being said, unless you are sending blindly to a lot of people, I would suggest you contact the person you are sending to and ask what they would like to see.
When my HR department contacts me because they get a resume they can't open because it is in some oddball format, most of the time it is going to get trashed. MS Word is sadly a safe bet, but we would prefer plain text better. A lot of large companies will scan these things in and a live person might never read the original copy.
"Microsoft has lost most of its major court cases."
I would like to take this as a sign that Microsoft was guilty, and our justice system actually works as intended (at least once in a while).
Indeed it doesn't seem like a lot of money. Now if they make 10,000 for each day of SCO's idiocy and lies, we will be talking real money.
I hope this is the first of many fines for these scumbags.
Check out the reply given by the SCO employee. Is it just me, or does the fact that somebody from SCO complains about professionalism, but can't even spell the word correctly seem hilarious.
8/10ths of 1% at the level it is right now maybe. Figure the value at under a buck a share and it gets more interesting. Also, why does such a insignificant little company like SCO need so many VPs and other PHB titles. I work for a company that does 8 times SCO revenue, (and has been making a profit for over 50 years), and we don't have half that much dead weight.
If anybody out there is stupid enough to listen to Gartner, please tell them to pull their head out of their anal orifice and try thinking for themselves. SCO hasn't proven anything (unless you count proving they are a company devoid of morals and brains). Even in a worst-case scenario, you are faced with the possibility of paying a license fee, versus the certainty of paying by going with Microsoft. If it ever comes to a point where a judge says use of certain code in the Linux kernel requires a payment to SCO, it will be replaced quickly.
While I don't think this sounds like that bad of an idea, I do wonder about the price. Given that Red Hat Enterprise Linux AS can set you back $1500 or more to start, and Novell typically charges per user, this could be a pricey product.
I'll wait to see the final details and what value it delivers, but I think they might be a tough time.
Well, they have dropped over 16 percent already today. I am hoping they get back down to that two dollar range (or much lower) real quick.
Couldn't agree more. I had the misfortune of working with SCO products years back, and I wouldn't touch anything thing they make now if they gave it away it free and threw in a happy meal with it.