I believe it is theoried that some of the secrets used to make fine violins or other instruments, involved some kinds of aging under/in/around water esp. saltwater. But I believe the secrets are lost and attempts to build instruments with the same acoustic characteristics have failed.
It's DOMAIN based, when it needs to be server based.
Except that for the big companies it is the opposite - MSN, yahoo, hotmail, etc it is much cheaper per domain since they have many servers for a single giant mail spewing domain - $2000 bucks for 20 or 200 or how many ever servers and suddenly they have trusted mail servers, that is a great deal for them...
Re:editting sendmail.cf
on
Postfix
·
· Score: 2, Interesting
I can vouch for this guy and his sendmail work - he is a miracle worker. He transformed the sendmail config's for a 2,000 + person company that I was at. If you are required to use sendmail, it might save you alot of headaches to have him sculpt your config. A real old school UNIX freak, an artist in the sendmail medium...
Not unless their console runs:
Windows Server 2003
IIS 6.0
ASP.NET
From http://uptime.netcraft.com/up/graph/?host=www.phan tom.net check out their server/hosting change history - 6 different IP blocks and hosting companies in the last year...:
Windows Server 2003 Microsoft-IIS/6.0 27-Jan-2004 69.59.176.20 ServePath, LLC Windows Server 2003 Microsoft-IIS/6.0 2-Oct-2003 69.59.138.220 American Registry for Internet Numbers Windows 2000 Microsoft-IIS/5.0 7-Sep-2003 129.41.63.115 IBM Corporation Linux Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_perl/1.26 PHP/4.2.2 FrontPage/5.0.2 mod_ssl/2.8.12 OpenSSL/0.9.6b 17-Aug-2003 12.106.77.147 ENFRASTRUCTURE Windows 2000 Microsoft-IIS/5.0 20-Jun-2003 216.23.47.122 Linc Inc. Windows 2000 Microsoft-IIS/5.0 26-Jan-2003 129.41.63.115 IBM Corporation Linux Apache/1.3.14 Ben-SSL/1.41 (Unix) mod_throttle/2.11 mod_perl/1.24_01 PHP/4.0.3pl1 FrontPage/4.0.4.3 rus/PL30.0 28-Jul-2001 209.203.195.108 Direct Marketing Entertainment, LLC Linux Apache/1.3.12 Ben-SSL/1.38 (Unix) PHP/3.0.15 FrontPage/4.0.4.3 rus/PL29.4 3-Dec-2000 209.236.9.108 PG & C Leasing, INC
I am the opposite in a way, I am not a user at all. But I run a node because I want to support the project and its ideals. Yeah, it uses java, and I am not thrilled about that but I run it and kill and restart it when it spins out of control. I may dedicate a separate machine to it soon. I would run an IIP IRC server/proxy but I haven't read the docs to figure out if that is possible (anyone have the one line answer?)
I have run Grapevine because it looks promising, but as of now doesn't do alot yet.
I will also run 6/4, these guys may not have received as much press and recognition as freenet but they have put alot of thought into their license, I would put it in the category of seminal documents that make a stand for freedom like the Magna Carta, US Bill of Rights, GPL... that may seem overreaching, but you can check it out for yourself at 6/4 License
I want to do what I can to support people doing experimentation, sometimes you need stuff running out in the wild to be able to move your project forward. I use plenty of low profile Open Source stuff that is imperfect in various ways. One of the main reasons I use and support Open Source software is to support innovation, freedom and liberty - I don't look at every package as "What can this do for me?" esp since the cost to me of helping out is relatively low compared to people who risk their lives to speak out whether it is standing in front of a tank or publishing articles.
I like your comments, lots of good ideas. BTW, I too, was at several large financial companies. But this "sue policy" thing makes me nuts - I know everyone says "We need someone to sue" but this doesn't hold up in practice since companies tend to have critical infrastructure based on FOSS technologies (MTA, DNS, scripts, web, db's, etc) Has anyone ever sued MS for all the crap that has happened to their systems from MS security holes? No This is complete bullshit. People use whatever software they want to and then justify why.
At my last job we used Empire (and later Tivoli) for snmp monitoring, are they likely to be "sued" by someone because their shit crashed (as it sometimes did) and then didn't send an alarm? Not likely. Why not use the ucsd package for snmp? The main reason for alot of companies:
because some guy who was in position X 4 years and 7 re-orgs ago decided that because his buddy worked at Empire, he wanted to throw him a bone [I was there and saw it happen] (other software decisions were based on golfing partners of the CEO).
Does IIS have fewer security problems than apache or thttpd? Has anyone sued any of those org's over security holes on those web servers?
Here is my experience with MS for support, we have multiple IIS servers with Resonate for load balancing, there is a problem we couldn't resolve and we have the super-hyper-Gold/Platinum/"Black" "you are such a huge company we need your business" Partner/Sucker bullshit support plan with MS. Our IIS monkey calls them and they say "We don't support third party load balancing products. Bye." click.
Did some manager jump up and say "Sue the bastards!!!" ? Hell, No. But the good news in Resonate is the best software and best tech support I have ever used, we called them and they immediately worked with us to resolve the problem - we needed an IIS patch and some config adjustments on the net parameters for the machines.
And as far as, "we need to have someone to sue except for perl"... My experience is that perl runs more critical processes on critical data for critical systems in most companies than any other software except the OS that the perl process runs on - so if you don't need to sue someone for perl, why bother on the other stuff? My experience across companies is that it takes a phenomenal problem before any software vendor's tech support got called, mainly because we found that they were consistently unhelpful at resolving the problems. Anyone here picking up the phone to call tech support frequently? Everyone I have worked with - MS, OSS, UNIX, web, db, C and otherwise avoids it like the plague.
BIND would stop resolving sometimes for no reason, but did we sue anyone? Here is a piece of OSS that is used alot and no one thinks about - Berkeley DB/dbm from sleepcat.com, that thing is like a bunch of ticks burrowed in all over the place. Sendmail security problems, Solaris bugs that caused crashes and needed a patch to fix, MS security holes too numerous to list - any sue-age? No, nada, none, never, ever. The only people I have heard of being sued because their software sucked (and boy did they deserve it) was Gore suing because the ERP software their IT managers conned them into never worked, as I have seen happen with that big ERP crap at several places. Even got interviewed for a job to try to help a team prop up an SAP install that was no where near working after 18 months and millions of dollars...
I don't believe that excerpt is an unedited part of an apache logfile.
Just to check if that person was "FUD"ing or not, I downloaded Opera and requested some pages I had set up one called fgt.html [fucking google test] and the others were a copy of a/. page about mydoom and an IBM page about some horrible SOAP or WSI tool. Here are the unedited thttpd log entries, yeah I am testing some stuff for 2038 rollover so the date is funny but the log entries are _unedited_ : (/. might mangle the entries a bit so check the source)
Note that for the second page, the gbot didn't ask for the robots.txt, maybe because it cached that info because for the 3rd page, it asked for it again. Also, I had requested the / page before all the others, so I don't know why it bot'd that one last unless the queue on 87.66 was just longer than the others.
How do you determine which is the most efficient root server for your area
To increase the resilience of the dns system, resolvers are supposed to randomly pick a server from the list of name servers for that domain, so you can do:
dig NS.
to get your list of root name servers - I believe that some resolvers don't follow the RFC, which I believe says randomly use the name servers in the list, not in order - this is a separate thing from the list in/etc/resolv.conf
I put local roots on all the networks I have control over (the DNS part of) and I use the root list from open-root.org's root file and I use djbdns to run the local root on a local IP, I then point all my caching dns software to that root.
I have a cronjob that pulls the root file once per week, combines that data with my local authoritative entries. As insurance against a root server Armageddon, I simply don't replace last weeks file if I can't download it this week. It is so easy, gives you local control over which tld's you have resolvable on your local net and appears to make name resolving faster since I never have to wait for any of the famous 13 root servers to respond. I highly recommend it for anyone who has control over their dns architecture. djb local root notes: here open-root.org's notes: here for djbdns, here for BIND
And, of course, with any widely use resource esp. where large amounts of money and control are involved, there are fairness, oversight and political issues. Those are covered in detail on other parts of their site open-rsc.org I must say for all the railing that people do against monopolies like MS and Verisign with their [mis]management of the legacy tld's, the root server control and new tld control issues have flown somewhat under the radar.
As such, they [the ISPs] don't "charge" for the connections to connect it to their network.
The RFC (2870) says that root server owners should allow ISPs to connect if the ISP pays:
Root servers SHOULD have mechanisms in place to accept IP connectivity to the root server from any internet provider delivering connectivity at their own cost.
I love the attitude. "Only WE have the right to wreck the DNS system completely!"
Exactly, if they are lobbying via this article to start paying people to run root servers, I want them to pay some people I trust. I want them to pay the eff, OpenNic, ORSC, and some other people who don't trust each other rather than a happy bunch of golfing buddies who all seem to reside in nondescript buildings in the spooksville area around Washington. Then I want them to take a small portion of that mountain of money they are making off of us and pay someone to work with the admins of the 220 systems that send out 50% of the (mostly bad) queries to the root servers in the first place. Everyone wants to skin people alive who run open mail relays, but the idiots who overload the dns system due to incorrect configurations deserve some wrath, too. Reduce traffic and improve response time for connections, Verisign et al could give back rather than just put up self-serving crap like sitefinder.
I love to grouse about these idiots as much as the next/.er, but I fear if we are not more demanding that they and ICANN work towards making the root and tld system work better, then jelle will be proven correct in his/her prediction.
You can't cache non-existence, since things change.
Actually, the RFC's say you can and this one explains it more fully:
RFC 2308
A large proportion of DNS traffic on the Internet could be
eliminated if all resolvers implemented negative caching. With this
in mind negative caching should no longer be seen as an optional part
of a DNS resolver.
One "vector" that I don't think anyone has mentioned and that you may or may not need to check for. Someone did mention personal certificates which might be hard to find.
But one of the things I used certificates for was a "process" certificate that would be used, for instance, by a UNIX job that encrypts a data file to send to a business partner or receives encrypted file/datafeed from somewhere then decrypts and processes it.
You might need to spin through filesystems and see if there are gpg signed/encrypted files or key files, or depending on how your machines are set up the existence of gpg or pgp.
Having worked in a large organization, I can understand how a 10K funny money budget can be quickly burned through without getting any work done - by people attributing internal resource costs to the project. If you need to have a person from the network group, they want to charge a bunch of hours to your project for their "help". More infuriating are the rule-enforced bloodsuckers and albatrosses that you are required to add to the project and they then proceed to block every attempt to get anything done and charge you for the privilege...
I actually had one of those - I won it in a drawing.
We played the TwinPeaks (that's a whole 'nother flashback) soundtrack CD on it in a continuous loop - it had one track that consisted mainly of blood curdling screaming - that tended to drown out my own screaming from the job and the psychosis induced by listening to the same thing for 18 hours per day, day after day after day...
What ISP would ever sign a contract to pay people to move if someone decides to put them on a BL?
Once you get to a certain size you can be assured that one of your IPs will appear on _some_ list and you are at the mercy of the admins of those sites to be removed some day.
What if the BL goes unmaintained, but you are still on it because the admin is on vacation/stopped working on the list?
What if you are a good, obedient ISP and then ARIN assigns you a netblock used by spammers in a past life?
What if the BLs who list you have conflicting goals, or are just fighting with each other (as has happened).
What if a new BL call spamfreedom.org pops up with the goal of listing anyone who uses an anti-spam BL? Do you have to honor the clause if you are listed there?
Hell, if people wanted go get out of their contracts they could [secretly] spam, get you on a BL and then cry "pay me to leave". No sane ISP would or could comply with such a clause. ISPs and ISP lawyers cannot write a workable clause that would pay people to move if any IP (or other type of net identifier) appears on any (or any subset of) BLs. So this theory that that is an option for people, is untrue.
SPEWS supporters ignore the "ARIN assigns you tainted IP blocks" issue and they pretend that your netblocks are cleared in a timely manner. The latter assertion cannot be proven by SPEWS supporters, because we have a secret organization that has no due process, no accountability, no transparency - these are the qualities people rail against in organizations/systems like the CIA, FBI, NSA, RIAA, secret police, passenger "coloring" systems, defense contractors, illuminati-ish groups, Bohemian Grove, backroom deals and hidden power brokers of all kinds - it is the methods and the structure that make it reprehensible, not the "stated" goal.
This is why there are "sunshine" laws, to try to curb the practice of exclusive, secret groups from deciding the fate of people because it is inherently unfair and the structure leads to corruption.
If anyone has ever signed a contract with a "pay the customer to move if ISP appears on any BLs" clause, please post it.
The popularization of the term "collateral damage" is entirely due to a minority of militaristic posters on the newsgroup news.admin.net-abuse.email...
Translation: Since we have no moral defense for this action, we will pretend it does not really happen - Oh, well look, we have two good examples of non-profits (not to mention the tons of other types of users) samba.org and the below comment that fall into the not-so-fictional collateral damage group and don't forget about dslr, because as the SPEWS apologists keep reminding everyone dslr in not on the list but they are still collateral damage fallout from a SPEWS listing (or the use thereof), hmmm. So, consistent with the "let them eat cake" SPEWS attitude, they are saying that doesn't matter. And of course its a very low percentage, because what happens when non-spammers get their mail bounced and figure out that it is because of SPEWS, they stop sending emails so of course there is not much non-spam mail being blocked.
"If you're listed in SPEWS, complain in a newsgroup."... It's hundreds of times worse to whine at dozens of BOFHen who have no obligation to you, who have every reason to flame you into a crisp and block all your netblocks with a message like 550 goatse wanker.
So, if you want your IPs unblocked, don't you dare complain because even if you are a member of the fictional collateral damage group, you and everyone at your ISP will be punished. You better beg, stroke our egos, say "yes, sir" when addressed and even then we will titter at you, you fucking peasant - "Now, down on your knees!"
Military - "No man gets left behind."
SPEWS - "Cut 'em all off - sinners."
SPEWS, likewise, is not a spam-source DNSBL. It is a predictive DNSBL, hence the words "early warning" in its name. Its goal is like a "spam hurricane watch"
Not really, it has nothing to do with "warning". It is not used in that fashion. It is, in fact, it is a boycott system that works by extorting members of the collateral damage class into pressuring ISPs to do SPEWS bidding. It's power comes the ability to cut off legitimate users. If this was not the sole mechanism that SPEWS used to effect their goals, they would not list such large netblocks. They would use other technologies, but this is easy and the colleteral damage doesn't fall on them, so...
So, in your example you conveniently pretend that SPEWS doesn't exist. It is the relationship between SPEWS, "the man behind the curtain", and the poor bastards who are the collateral damage - which is what everyone is having a problem with --- the _indirect_ but causal relationship by which SPEWS screws the poor bastards.
My example includes the minimum entity list required to map the problem:
A = SPEWS
B = mail recepients, "good" (for now) ISPs
C = "bad" ISPs
X = spammers
P = victims of collateral damage
there are no fewer parties than that.
If the ISP refuses to control its own users and play well with others, then they deserve to be blocked.
Supporters of unreasonable collateral damage repeat these same kinds of retorts over and over. They do nothing to refute the moral shortcomings of the tactics used.
That's a good analogy. If you live in an apartment building full of crackheads, and the local Domino's Pizza stops delivering to you because the delivery guy has been beaten and robbed six times, only an idiot would blame Domino's for it.
OK, mine may be a good approximation, but yours is not. You don't have the actors and the relationships as they are with spews, you need the following:
Autonomous and/or anonymous Committee/Group A who crusades against spam or pot or rock music or race mixing, etc. *co-McCarthy-ugh*
Group X, those who send spam, play jazz/rock music, sell pot, act in films, are "race traitors", are "Jews", are "Japs", are commies, are Middle Eastern terrorists, etc.
Group B, who is negatively impacted by the object of group A's venom - neighbors, parents, businesses, ISP's, mail recipients. (I didn't explicitly includes this group in my example, they were implied)
Group C, those who group A claims harbor or give comfort to those who practice the black arts of Group X, but the evil acts of, or are members of. Group X and their actions are often not C's primary concern (and that is not OK with Group A) - owning lots of buildings, making films, making records, running a public library, providing web hosting, among other things are more on their minds.
Group P (poor bastards) who are beholden to Group C and are unwilling peers of people from Group X.
OK, so A uses the leverage it has with B to penalize P to the point where P is forced to turn on C. A washes it's proverbial hands and says, no B is in control and its C's fault, not ours --- we just publish a list of actors, "race traitors", Jews, drug dealers, musicians, spammers, terrorists, etc as a public service[*smirk*, *wink* (Group A whispers to Groups P & C "Hang 'em high, damn, dirty Group X'ers!")].
Gee, I wonder why people get so damn mad?
Because many of us poor bastards have "been there, done that" and seen it done to poor bastards, time and time again, throughout history. And then later in history, the previous generation's imminent, real, grave threats look like an embarrassment (US internment camps) or a bad joke (Hollywood BlackLists), if so many people were not hurt in the process. Its the same thing with just different nouns inserted for A, X, B and C but P always stays the same...
It is like penalizing all the residents of an apartment building because the landlord doesn't do a good enough job of keeping the drug dealers out.
They should all just move because the landlord isn't conforming to the whims of one group.
As people have said, slippery slope -
I know I wouldn't want to be hosted [live] by or near one of these guys, because who knows what can happen next.
Many people can no more easily move their websites/"internet presence" than they could move to a new town or a new part of town for that matter - there are serious economic consequences to the "just move *shrug*" excuse that SPEWS supporters use.
Damn, I want to build a system where I can turn people into "collateral damage" and unwilling enforcers of my draconian policies in one easy action while I hide safely behind anonymity.
I have scanned through the comments and most are talking about using html/images to track him.
What if the FBI/TLA agency is just goofing everyone? - like mechanics telling someone that their "muffler bearings" need replacing.
With that in mind, what if their "Internet Protocol Address Verifier" is just turning on the "receipt/delivery notification requested" option when they sent him their outgoing email - I have mine turned on by default and I know that there are a number of people who's email servers and/or clients return a read notification to me without them really realizing it. It won't give you the client IP is every case, but it does give you various amounts of useful info.
That wouldn't necessarily be defeated by using pine, etc, etc.
One of my favorite fun uses for read notifications is to see when the evil catbert trolls from HR are pawing through the email inbox of someone in the company that got canned or left without marking all my msgs as read. The trolls don't realize it sends me a read notification as they paw through, so when I get one from a "being phased out" email account, I send an email saying:
Oh my God, so-and-so did you come back? I hope so.
Sorry that you were gone, everyone missed you.
Ugh, what a job to have, like looking through someone's pockets after the're dead... :)
Although it is not perfect, I think that the Hambrecht
Open IPO system is a good attempt by one of the most "inside" insiders to reduce the inequities:) of the equities IPO market.
I would be interested in the learned opinions of some of the IANASB's out there.
You missed the fact that the cost of sending spam is vanishingly small.
The cost of sending spam is vanishingly small to *someone*, not necessarily the sucker B's who don't know jack about the internet, much less spoofing SMTP headers.
So that means you as a B pay for the list of email addresses, the software for sending the spams or for the "email marketing campaign" services of some A.
I bet the cost to B's is much greater than vanishingly small.
Try a search for "email marketing campaign services", you'll find characters of various levels of shadiness.
I disagree because companies (the customers of the spammers and the vendors to the spam-ies) are not out to spend money uselessly. Why should my company shell out money to a spammer unless people are responding to e-mail advertisements?
Why would people give money to a poor Nigerian to help him get his money out of the country?
That is what you are missing, it is a con. People who are being conned don't realize it till later.
The con artists are skilled at making their victims believe that shelling out money is a great idea.
That is why the only thing the A's need to keep the spam machine running is a steady stream of sucker B's who haven't been burned yet and that is why the C's don't play into the equation.
This is exactly why "Affiliate" type programs are the biggest spam content - just there are always new naive affiliates who are going to make a killing on the internet. The A's are the blackholes where all the money is disappearing.
Here is a twist on the A, B, C thing if you wanted to make money but you are not an A:
Say you, company X, manufacture herbal viagra, rather than market it yourself yourself - you set up a pyramid^H^H^H^H^H^H^H network marketing program where each person buys a starter kit consisting of 1 case of your miracle product: herbietwohandcock and "suggestions" for marketing "their" product, like setting up a free website on geocities and doing an "email marketing campaign". Now you have A making money sending spams for B's and the B's are also paying X for product that no one will ever buy.
One of these talking points is to license software developers and make them accountable for security breaches.
It seems to really prevent all possible security breaches, you need to prove that the program is correct first - I don't know of many entities that even try to prove their programs. I have heard of a few telecom infrastructure programs, but remember the big SS7 outage caused by one tech some years ago? The SS7 code is probably better "audited" than most code but would that outage have been construed as a "security breach"? - Yes, after the lawyers were done with it.
What about how quickly the world changes after a program is released? You use the best encryption technology of the day, you prove your programs correct, not just audit the code or use "good" software engineering/management methodologies.
But you used DES (back in the day) or MD5 more recently, then MD5crack comes along or quantum computing and suddenly you are responsible for a "security breach" because of some exploit that didn't exist when you created the program.
That is nuts, who would want to sign up for that?
Besides DJB does anyone even have the balls to reward people for finding security problems? Or even advertise security as a feature? OpenBSD (yeah, I know its dead, blah, blah, blah), pureftpd, NSA Linux
I expect not many others, because people expect code to have security issues.
Since security is such a big concern now (and in the past), I would think that people who wanted to show off their programming prowess would be bragging about how secure their code is. But no one does, that I know of - why? because its just damn hard to be sure that the code is perfect - which is what is required to prevent all possible security problems. So where are all these people with the big security cahones going to come from?
Can a program be proven correct for all inputs?
If it isn't stateless then can each permutation of state and input be proven?
Are all the protocols used by the program verified?
The impossibility of preventing security breaches seem to make this kind of government action more likely. Burn the witches!! They hexed our computers, and were seen in the woods cavorting with unaudited code fragments!
Hey do any of you remember the concept of the GPL. It's free. I do a piece of software and give it away. No strings attached. Now I know it's always better to have people turn around and say hey this is great thanks. But the GPL itself say[s] they are not obliged to.
The GPL doesn't say that about free (as in beer) freedom, in fact it say the opposite. It specifically addresses price and says that the GPL does not prohibit software from having a price (my bold):
Although I think most people agree that it is absurd to force companies to contribute to OS projects or have the government involved. I think the article and the comments point out a major weakness in the PR associated with the Free/Open Source movement. In the early days (GNU before Linux), I am sure that price/cost was not the primary problem with software in many cases and clearly was not what RMS was fighting. Later, unfortunately, three main things brought low or zero price to the top of the OS PR list:
It was a way to get the attention of corporations.
There was no (good) existing model to charge for it.
It allowed for the rapid spread of code among OS supporters.
There is nothing wrong ethically, morally, or GPL-wise with charging or paying for OS software.
I don't believe that for companies, that price is the primary consideration for many pieces of OS software. For many other pieces of OS software there are no viable commercial alternatives. For Linux, cost was previously presented as one of top reasons to switch, but I thing it is past the time to de-emphasize the cost issue.
The more productive discussion that I hope will come out of this is how do we create new models to encourage compensating OS developers/projects and supporting projects in a variety of ways. Here are some of the ways that companies should be encouraged to participate in Free/Open Source Projects:
Submit detailed bug reports.
Submit patches.
Add a "powered by" button to their website.
Mention the projects in their trade journal articles.
Document and release API's.
Create, use and promote truly open standards.
Give unused hardware, computer/office supplies, equipment to projects.
Give money to projects, ones they use or ones they want to promote for other reasons:)
Review their usage of OS products and gain a better understanding of how much their organization relies on low profile OS software. Most IT managers are aware of their use of Linux, but what about perl, python, rrd, cricket, thttpd, JBoss, ant, gcc, etc.
Buy and forward new hardware to developers that they want that projects ported to. Dear SRX developers, please find the new VIA dual NIC EPIA boards. We know that you have been waiting for the release of these to port SRX project to them. Thanks.
BTW - VIA mini and nano ITX rocks!
Buy software/hardware listed as needed by projects on the project website.
Allow projects the use of build machines.
Host mirrors of projects.
Give bandwidth or colocation space to projects.
Contribute compiled binaries to the project or a binaries website. (not everyone can or wants to compile)
Contribute case studies, whitepapers, benchmarks, tuning tips to the project.
Fund a prize for innovation in OS software.
Allocate some portion of one or more employee's time to devote to an OS project that the company is using.
Slashdot Mirror
I believe it is theoried that some of the secrets used to make fine violins or other instruments, involved some kinds of aging under/in/around water esp. saltwater. But I believe the secrets are lost and attempts to build instruments with the same acoustic characteristics have failed.
It's DOMAIN based, when it needs to be server based.
Except that for the big companies it is the opposite - MSN, yahoo, hotmail, etc it is much cheaper per domain since they have many servers for a single giant mail spewing domain - $2000 bucks for 20 or 200 or how many ever servers and suddenly they have trusted mail servers, that is a great deal for them...
I can vouch for this guy and his sendmail work - he is a miracle worker. He transformed the sendmail config's for a 2,000 + person company that I was at. If you are required to use sendmail, it might save you alot of headaches to have him sculpt your config. A real old school UNIX freak, an artist in the sendmail medium...
Windows Server 2003
IIS 6.0
ASP.NET
From http://uptime.netcraft.com/up/graph/?host=www.pha
I'm not involved, but I'm a regular user.
I am the opposite in a way, I am not a user at all. But I run a node because I want to support the project and its ideals. Yeah, it uses java, and I am not thrilled about that but I run it and kill and restart it when it spins out of control. I may dedicate a separate machine to it soon. I would run an IIP IRC server/proxy but I haven't read the docs to figure out if that is possible (anyone have the one line answer?)
I have run Grapevine because it looks promising, but as of now doesn't do alot yet. I will also run 6/4, these guys may not have received as much press and recognition as freenet but they have put alot of thought into their license, I would put it in the category of seminal documents that make a stand for freedom like the Magna Carta, US Bill of Rights, GPL... that may seem overreaching, but you can check it out for yourself at 6/4 License
I want to do what I can to support people doing experimentation, sometimes you need stuff running out in the wild to be able to move your project forward. I use plenty of low profile Open Source stuff that is imperfect in various ways. One of the main reasons I use and support Open Source software is to support innovation, freedom and liberty - I don't look at every package as "What can this do for me?" esp since the cost to me of helping out is relatively low compared to people who risk their lives to speak out whether it is standing in front of a tank or publishing articles.
I like your comments, lots of good ideas. BTW, I too, was at several large financial companies. But this "sue policy" thing makes me nuts - I know everyone says "We need someone to sue" but this doesn't hold up in practice since companies tend to have critical infrastructure based on FOSS technologies (MTA, DNS, scripts, web, db's, etc) Has anyone ever sued MS for all the crap that has happened to their systems from MS security holes? No
This is complete bullshit. People use whatever software they want to and then justify why.
At my last job we used Empire (and later Tivoli) for snmp monitoring, are they likely to be "sued" by someone because their shit crashed (as it sometimes did) and then didn't send an alarm? Not likely.
Why not use the ucsd package for snmp? The main reason for alot of companies:
because some guy who was in position X 4 years and 7 re-orgs ago decided that because his buddy worked at Empire, he wanted to throw him a bone [I was there and saw it happen] (other software decisions were based on golfing partners of the CEO). Does IIS have fewer security problems than apache or thttpd? Has anyone sued any of those org's over security holes on those web servers?
Here is my experience with MS for support, we have multiple IIS servers with Resonate for load balancing, there is a problem we couldn't resolve and we have the super-hyper-Gold/Platinum/"Black" "you are such a huge company we need your business" Partner/Sucker bullshit support plan with MS. Our IIS monkey calls them and they say "We don't support third party load balancing products. Bye." click.
Did some manager jump up and say "Sue the bastards!!!" ?
Hell, No. But the good news in Resonate is the best software and best tech support I have ever used, we called them and they immediately worked with us to resolve the problem - we needed an IIS patch and some config adjustments on the net parameters for the machines.
And as far as, "we need to have someone to sue except for perl"...
My experience is that perl runs more critical processes on critical data for critical systems in most companies than any other software except the OS that the perl process runs on - so if you don't need to sue someone for perl, why bother on the other stuff?
My experience across companies is that it takes a phenomenal problem before any software vendor's tech support got called, mainly because we found that they were consistently unhelpful at resolving the problems. Anyone here picking up the phone to call tech support frequently? Everyone I have worked with - MS, OSS, UNIX, web, db, C and otherwise avoids it like the plague.
BIND would stop resolving sometimes for no reason, but did we sue anyone? Here is a piece of OSS that is used alot and no one thinks about - Berkeley DB/dbm from sleepcat.com, that thing is like a bunch of ticks burrowed in all over the place. Sendmail security problems, Solaris bugs that caused crashes and needed a patch to fix, MS security holes too numerous to list - any sue-age? No, nada, none, never, ever. The only people I have heard of being sued because their software sucked (and boy did they deserve it) was Gore suing because the ERP software their IT managers conned them into never worked, as I have seen happen with that big ERP crap at several places. Even got interviewed for a job to try to help a team prop up an SAP install that was no where near working after 18 months and millions of dollars...
Just to check if that person was "FUD"ing or not, I downloaded Opera and requested some pages I had set up one called fgt.html [fucking google test] and the others were a copy of a
Note that for the second page, the gbot didn't ask for the robots.txt, maybe because it cached that info because for the 3rd page, it asked for it again. Also, I had requested the / page before all the others, so I don't know why it bot'd that one last unless the queue on 87.66 was just longer than the others.
To increase the resilience of the dns system, resolvers are supposed to randomly pick a server from the list of name servers for that domain, so you can do: to get your list of root name servers - I believe that some resolvers don't follow the RFC, which I believe says randomly use the name servers in the list, not in order - this is a separate thing from the list in
I put local roots on all the networks I have control over (the DNS part of) and I use the root list from open-root.org's root file and I use djbdns to run the local root on a local IP, I then point all my caching dns software to that root.
I have a cronjob that pulls the root file once per week, combines that data with my local authoritative entries.
As insurance against a root server Armageddon, I simply don't replace last weeks file if I can't download it this week.
It is so easy, gives you local control over which tld's you have resolvable on your local net and appears to make name resolving faster since I never have to wait for any of the famous 13 root servers to respond.
I highly recommend it for anyone who has control over their dns architecture.
djb local root notes: here
open-root.org's notes: here for djbdns, here for BIND
If you don't have control, you can still use the open-root root server list via their publicly available servers: open-root root servers and here for using their servers on non-server machines
And, of course, with any widely use resource esp. where large amounts of money and control are involved, there are fairness, oversight and political issues. Those are covered in detail on other parts of their site open-rsc.org
I must say for all the railing that people do against monopolies like MS and Verisign with their [mis]management of the legacy tld's, the root server control and new tld control issues have flown somewhat under the radar.
The RFC (2870) says that root server owners should allow ISPs to connect if the ISP pays:
I love the attitude. "Only WE have the right to wreck the DNS system completely!"
/.er, but I fear if we are not more demanding that they and ICANN work towards making the root and tld system work better, then jelle will be proven correct in his/her prediction.
Exactly, if they are lobbying via this article to start paying people to run root servers, I want them to pay some people I trust. I want them to pay the eff, OpenNic, ORSC, and some other people who don't trust each other rather than a happy bunch of golfing buddies who all seem to reside in nondescript buildings in the spooksville area around Washington. Then I want them to take a small portion of that mountain of money they are making off of us and pay someone to work with the admins of the 220 systems that send out 50% of the (mostly bad) queries to the root servers in the first place. Everyone wants to skin people alive who run open mail relays, but the idiots who overload the dns system due to incorrect configurations deserve some wrath, too. Reduce traffic and improve response time for connections, Verisign et al could give back rather than just put up self-serving crap like sitefinder.
I love to grouse about these idiots as much as the next
Actually, the RFC's say you can and this one explains it more fully: RFC 2308
One "vector" that I don't think anyone has mentioned and that you may or may not need to check for. Someone did mention personal certificates which might be hard to find.
But one of the things I used certificates for was a "process" certificate that would be used, for instance, by a UNIX job that encrypts a data file to send to a business partner or receives encrypted file/datafeed from somewhere then decrypts and processes it.
You might need to spin through filesystems and see if there are gpg signed/encrypted files or key files, or depending on how your machines are set up the existence of gpg or pgp.
Having worked in a large organization, I can understand how a 10K funny money budget can be quickly burned through without getting any work done - by people attributing internal resource costs to the project. If you need to have a person from the network group, they want to charge a bunch of hours to your project for their "help". More infuriating are the rule-enforced bloodsuckers and albatrosses that you are required to add to the project and they then proceed to block every attempt to get anything done and charge you for the privilege...
I actually had one of those - I won it in a drawing. We played the TwinPeaks (that's a whole 'nother flashback) soundtrack CD on it in a continuous loop - it had one track that consisted mainly of blood curdling screaming - that tended to drown out my own screaming from the job and the psychosis induced by listening to the same thing for 18 hours per day, day after day after day...
What ISP would ever sign a contract to pay people to move if someone decides to put them on a BL? Once you get to a certain size you can be assured that one of your IPs will appear on _some_ list and you are at the mercy of the admins of those sites to be removed some day.
What if the BL goes unmaintained, but you are still on it because the admin is on vacation/stopped working on the list?
What if you are a good, obedient ISP and then ARIN assigns you a netblock used by spammers in a past life?
What if the BLs who list you have conflicting goals, or are just fighting with each other (as has happened).
What if a new BL call spamfreedom.org pops up with the goal of listing anyone who uses an anti-spam BL?
Do you have to honor the clause if you are listed there?
Hell, if people wanted go get out of their contracts they could [secretly] spam, get you on a BL and then cry "pay me to leave". No sane ISP would or could comply with such a clause. ISPs and ISP lawyers cannot write a workable clause that would pay people to move if any IP (or other type of net identifier) appears on any (or any subset of) BLs. So this theory that that is an option for people, is untrue.
SPEWS supporters ignore the "ARIN assigns you tainted IP blocks" issue and they pretend that your netblocks are cleared in a timely manner. The latter assertion cannot be proven by SPEWS supporters, because we have a secret organization that has no due process, no accountability, no transparency - these are the qualities people rail against in organizations/systems like the CIA, FBI, NSA, RIAA, secret police, passenger "coloring" systems, defense contractors, illuminati-ish groups, Bohemian Grove, backroom deals and hidden power brokers of all kinds - it is the methods and the structure that make it reprehensible, not the "stated" goal.
This is why there are "sunshine" laws, to try to curb the practice of exclusive, secret groups from deciding the fate of people because it is inherently unfair and the structure leads to corruption.
If anyone has ever signed a contract with a "pay the customer to move if ISP appears on any BLs" clause, please post it.
The popularization of the term "collateral damage" is entirely due to a minority of militaristic posters on the newsgroup news.admin.net-abuse.email...
Translation: Since we have no moral defense for this action, we will pretend it does not really happen - Oh, well look, we have two good examples of non-profits (not to mention the tons of other types of users) samba.org and the below comment that fall into the not-so-fictional collateral damage group and don't forget about dslr, because as the SPEWS apologists keep reminding everyone dslr in not on the list but they are still collateral damage fallout from a SPEWS listing (or the use thereof), hmmm.
So, consistent with the "let them eat cake" SPEWS attitude, they are saying that doesn't matter. And of course its a very low percentage, because what happens when non-spammers get their mail bounced and figure out that it is because of SPEWS, they stop sending emails so of course there is not much non-spam mail being blocked.
"If you're listed in SPEWS, complain in a newsgroup."...
It's hundreds of times worse to whine at dozens of BOFHen who have no obligation to you, who have every reason to flame you into a crisp and block all your netblocks with a message like 550 goatse wanker.
So, if you want your IPs unblocked, don't you dare complain because even if you are a member of the fictional collateral damage group, you and everyone at your ISP will be punished. You better beg, stroke our egos, say "yes, sir" when addressed and even then we will titter at you, you fucking peasant - "Now, down on your knees!"
Military - "No man gets left behind."
SPEWS - "Cut 'em all off - sinners."
SPEWS, likewise, is not a spam-source DNSBL. It is a predictive DNSBL, hence the words "early warning" in its name. Its goal is like a "spam hurricane watch"
Not really, it has nothing to do with "warning". It is not used in that fashion. It is, in fact, it is a boycott system that works by extorting members of the collateral damage class into pressuring ISPs to do SPEWS bidding. It's power comes the ability to cut off legitimate users. If this was not the sole mechanism that SPEWS used to effect their goals, they would not list such large netblocks. They would use other technologies, but this is easy and the colleteral damage doesn't fall on them, so...
- A = SPEWS
- B = mail recepients, "good" (for now) ISPs
- C = "bad" ISPs
- X = spammers
- P = victims of collateral damage
there are no fewer parties than that.If the ISP refuses to control its own users and play well with others, then they deserve to be blocked.
Supporters of unreasonable collateral damage repeat these same kinds of retorts over and over. They do nothing to refute the moral shortcomings of the tactics used.
OK, mine may be a good approximation, but yours is not. You don't have the actors and the relationships as they are with spews, you need the following:
Autonomous and/or anonymous Committee/Group A who crusades against spam or pot or rock music or race mixing, etc. *co-McCarthy-ugh*
Group X, those who send spam, play jazz/rock music, sell pot, act in films, are "race traitors", are "Jews", are "Japs", are commies, are Middle Eastern terrorists, etc.
Group B, who is negatively impacted by the object of group A's venom - neighbors, parents, businesses, ISP's, mail recipients. (I didn't explicitly includes this group in my example, they were implied)
Group C, those who group A claims harbor or give comfort to those who practice the black arts of Group X, but the evil acts of, or are members of. Group X and their actions are often not C's primary concern (and that is not OK with Group A) - owning lots of buildings, making films, making records, running a public library, providing web hosting, among other things are more on their minds.
Group P (poor bastards) who are beholden to Group C and are unwilling peers of people from Group X.
OK, so A uses the leverage it has with B to penalize P to the point where P is forced to turn on C. A washes it's proverbial hands and says, no B is in control and its C's fault, not ours --- we just publish a list of actors, "race traitors", Jews, drug dealers, musicians, spammers, terrorists, etc as a public service [*smirk*, *wink* (Group A whispers to Groups P & C "Hang 'em high, damn, dirty Group X'ers!")].
Gee, I wonder why people get so damn mad?
Because many of us poor bastards have "been there, done that" and seen it done to poor bastards, time and time again, throughout history. And then later in history, the previous generation's imminent, real, grave threats look like an embarrassment (US internment camps) or a bad joke (Hollywood BlackLists), if so many people were not hurt in the process. Its the same thing with just different nouns inserted for A, X, B and C but P always stays the same...
It is like penalizing all the residents of an apartment building because the landlord doesn't do a good enough job of keeping the drug dealers out.
They should all just move because the landlord isn't conforming to the whims of one group.
As people have said, slippery slope -
I know I wouldn't want to be hosted [live] by or near one of these guys, because who knows what can happen next.
Many people can no more easily move their websites/"internet presence" than they could move to a new town or a new part of town for that matter - there are serious economic consequences to the "just move *shrug*" excuse that SPEWS supporters use.
Damn, I want to build a system where I can turn people into "collateral damage" and unwilling enforcers of my draconian policies in one easy action while I hide safely behind anonymity.
I have scanned through the comments and most are talking about using html/images to track him. What if the FBI/TLA agency is just goofing everyone? - like mechanics telling someone that their "muffler bearings" need replacing.
:)
With that in mind, what if their "Internet Protocol Address Verifier" is just turning on the "receipt/delivery notification requested" option when they sent him their outgoing email - I have mine turned on by default and I know that there are a number of people who's email servers and/or clients return a read notification to me without them really realizing it. It won't give you the client IP is every case, but it does give you various amounts of useful info.
That wouldn't necessarily be defeated by using pine, etc, etc.
One of my favorite fun uses for read notifications is to see when the evil catbert trolls from HR are pawing through the email inbox of someone in the company that got canned or left without marking all my msgs as read. The trolls don't realize it sends me a read notification as they paw through, so when I get one from a "being phased out" email account, I send an email saying:
Oh my God, so-and-so did you come back? I hope so.
Sorry that you were gone, everyone missed you.
Ugh, what a job to have, like looking through someone's pockets after the're dead...
Although it is not perfect, I think that the Hambrecht Open IPO system is a good attempt by one of the most "inside" insiders to reduce the inequities :) of the equities IPO market.
I would be interested in the learned opinions of some of the IANASB's out there.
Thank you and I'll take my answer offline....
You missed the fact that the cost of sending spam is vanishingly small.
The cost of sending spam is vanishingly small to *someone*, not necessarily the sucker B's who don't know jack about the internet, much less spoofing SMTP headers.
So that means you as a B pay for the list of email addresses, the software for sending the spams or for the "email marketing campaign" services of some A.
I bet the cost to B's is much greater than vanishingly small.
Try a search for "email marketing campaign services", you'll find characters of various levels of shadiness.
Parent -1 Redundant
Note to self: Read past the comment you are responding to when the story is a day old...
I disagree because companies (the customers of the spammers and the vendors to the spam-ies) are not out to spend money uselessly. Why should my company shell out money to a spammer unless people are responding to e-mail advertisements?
Why would people give money to a poor Nigerian to help him get his money out of the country? That is what you are missing, it is a con. People who are being conned don't realize it till later. The con artists are skilled at making their victims believe that shelling out money is a great idea. That is why the only thing the A's need to keep the spam machine running is a steady stream of sucker B's who haven't been burned yet and that is why the C's don't play into the equation.
This is exactly why "Affiliate" type programs are the biggest spam content - just there are always new naive affiliates who are going to make a killing on the internet. The A's are the blackholes where all the money is disappearing.
Here is a twist on the A, B, C thing if you wanted to make money but you are not an A:
Say you, company X, manufacture herbal viagra, rather than market it yourself yourself - you set up a pyramid^H^H^H^H^H^H^H network marketing program where each person buys a starter kit consisting of 1 case of your miracle product: herbietwohandcock and "suggestions" for marketing "their" product, like setting up a free website on geocities and doing an "email marketing campaign". Now you have A making money sending spams for B's and the B's are also paying X for product that no one will ever buy.
Still, no C's enter into the equation.
Magnetic water conditioner, anyone?
One of these talking points is to license software developers and make them accountable for security breaches.
It seems to really prevent all possible security breaches, you need to prove that the program is correct first - I don't know of many entities that even try to prove their programs. I have heard of a few telecom infrastructure programs, but remember the big SS7 outage caused by one tech some years ago? The SS7 code is probably better "audited" than most code but would that outage have been construed as a "security breach"? - Yes, after the lawyers were done with it.
What about how quickly the world changes after a program is released? You use the best encryption technology of the day, you prove your programs correct, not just audit the code or use "good" software engineering/management methodologies. But you used DES (back in the day) or MD5 more recently, then MD5crack comes along or quantum computing and suddenly you are responsible for a "security breach" because of some exploit that didn't exist when you created the program.
That is nuts, who would want to sign up for that?
Besides DJB does anyone even have the balls to reward people for finding security problems? Or even advertise security as a feature? OpenBSD (yeah, I know its dead, blah, blah, blah), pureftpd, NSA Linux
I expect not many others, because people expect code to have security issues.
Since security is such a big concern now (and in the past), I would think that people who wanted to show off their programming prowess would be bragging about how secure their code is. But no one does, that I know of - why? because its just damn hard to be sure that the code is perfect - which is what is required to prevent all possible security problems. So where are all these people with the big security cahones going to come from?
Can a program be proven correct for all inputs?
If it isn't stateless then can each permutation of state and input be proven?
Are all the protocols used by the program verified?
The impossibility of preventing security breaches seem to make this kind of government action more likely. Burn the witches!! They hexed our computers, and were seen in the woods cavorting with unaudited code fragments!
The GPL doesn't say that about free (as in beer) freedom, in fact it say the opposite.
It specifically addresses price and says that the GPL does not prohibit software from having a price (my bold):
Although I think most people agree that it is absurd to force companies to contribute to OS projects or have the government involved. I think the article and the comments point out a major weakness in the PR associated with the Free/Open Source movement. In the early days (GNU before Linux), I am sure that price/cost was not the primary problem with software in many cases and clearly was not what RMS was fighting. Later, unfortunately, three main things brought low or zero price to the top of the OS PR list:
There is nothing wrong ethically, morally, or GPL-wise with charging or paying for OS software.
I don't believe that for companies, that price is the primary consideration for many pieces of OS software. For many other pieces of OS software there are no viable commercial alternatives. For Linux, cost was previously presented as one of top reasons to switch, but I thing it is past the time to de-emphasize the cost issue.
The more productive discussion that I hope will come out of this is how do we create new models to encourage compensating OS developers/projects and supporting projects in a variety of ways. Here are some of the ways that companies should be encouraged to participate in Free/Open Source Projects:
Dear SRX developers, please find the new VIA dual NIC EPIA boards. We know that you have been waiting for the release of these to port SRX project to them. Thanks.
BTW - VIA mini and nano ITX rocks!
(not everyone can or wants to compile)