More likely, one of the big ISPs (AOL, Yahoo) will require that you configure DNS records in order to send e-mail into their network. Initially (during the adoption period), they'll probably only use the information to score e-mails as being spammy/hammy. After the adoption period, they'll start using the information like a blackhole list and just drop the connections.
The MTAs (postfix, sendmail) will probably implement one of the (4) solutions and admins will start using it by default.
I doubt we'll see any organization (IETF, ASRG, IRTF, random-4-letter-acronym) say "go" on this. Instead, it will be like a snowflake that rolls downhill and turns into an avalanche.
Good chance that end-users (DNS admins) will have to comply with 2 of the proposals in order to meet the demands of the larger ISPs. Fortunately, DNS records are free, just a PITA to setup (grin).
e.g. they 0wn 1000 Windows boxes of Comcast users, so they look up the SPF info from Comcast's DNS records, and use those domains to generate the fake e-mail addresses when spamming using those 0wn3d boxes. When spamming via their collection of open relays in China, they use SPF-valid From: addresses for those open relays.
Uh, no... in a world with a high adoption rate of any reverse-MX solution (DRIP, DMP, SMTP+SPF, RMX), the spammer can only use a FROM: domain that is valid from the IP address of the 0wn3d box. Reverse MX solutions are merely designed to stop "joe jobs".
Reverse MX solutions answer the following 2 questions:
1. Does domain X have reverse-MX information?
2. Is IP address of server Y that is trying to send me e-mail on behalf of domain X listed?
If #1's answer is "NO", then a spammer can forge that domain's address onto their spam, send it from any machine on the planet, and the destination server can't tell anything useful about whether the FROM: domain is good or not.
If #1's answer is YES, but the server that is attempting to send the e-mail is NOT listed, the destination SMTP server can flag the message as suspect or drop the message into a quarantine or just drop the connection. Entirely up to the destination mail admin as to how they use that bit of information.
If #1's answer is YES, and the IP address matches one of the reverse MX entries, then the destination server has some assurance that the e-mail is not spoofed. Possibly, the spammer has hijacked the companies outbound SMTP server, or broken the DNS record to list their zombie machines. The SMTP server hijack is fixable at a local level (just as you would fix a hacked rootkit'd server). The DNS hijack is something that the BIND/DJB/DNS folks need to fix by improving DNS (DNSSEC?).
Right now, there is *no* way to stop "joe jobs", which means that an admin that takes due care can get tarred and feathered while being perfectly innocent. This closes *one* of the loopholes in the SMTP mail system, but is no more of a cure-all then any other anti-spam solution currently out there. I'd rather see this loophole closed sooner then to just stand around wringing my hands while someone invents the perfect solution.
A nice side-effect of reverse-MX's impact on domain spoofing is that it makes "whitelisting" work *better*, because the destination SMTP servers can have greater confidence in the FROM: domain. (Right now, spammers can just spoof domains to get around domain whitelists.)
Domain forging could be stopped if the IETF/ASRG would go ahead and approve one of the four reverse-MX proposals floating around out there (DMX, DRIP, RMX, SPF+SMTP).
That would at least make it much more difficult to forge domain names on the spam / virus e-mails (they'd have to hack my designated SMTP server to send using my domain name).
But hey, they've only been talking about it for 6-9 months so I don't expect to see them resolve anything prior to 2005. (I expect that the sendmail and postfix folks will quietly implement something instead and it will suddenly become the standard.)
What amazes me is that none of the big cross-media types (Sony and their like) has yet developed a central "hub" technology, and standard interfaces to connect the various components that form part of any home entertainment or computer system today.
Not surprising at all for a few reasons:
Supporting a single standard would require paying license fees to the standard holder (an advantage that no company wants to give to another). DVD-R and DVD+R is one example.
The entertainment industry is still afraid of VCR-like technology after 20+ years. They'll go to great lengths to hobble any standard interface proposals with Digital Restrictions Methods (ala DAT tape decks). Macrovision, CSS, etc.
When a company commits to supporting an open standard, it has to compete. No company likes to do this, it's much *easier* to lock the consumer into a proprietary format (have a Sony tape deck? they'd much prefer that you'd have to buy another Sony device to interface with it). Given the choice between tilting the playing field in favor of themselves vs competing fairly, a company will act solely in self-interest.
Seems like if your organization's admins already have GPG/PGP keys, it would be easier to use those. (And you can even encrypt the backups so that any one of the admins could recover.)
I use (2) USB drives as well (rotated weekly with the other off-site). Will upgrade to a 3rd in the rotation in a few months.
Sensitive stuff gets TAR'd and then GPG'd. Less sensitive stuff just gets mirrored.
Tape drives are too expensive ($800 for the unit, $80 per tape if I wanted a 50/130Gb system) for my needs. 160Gb drive, shock mounted in the USB enclosure is only $150. If I want long-term archival, I can burn to DVD-R (with some QuickPar recovery data for good measure).
I'll agree with you on some data limits with MSAccess (used it for close to 8 years now, maybe longer... think I started on 2.0 or 2.1).
Once your tables push past around 500,000 or 1,000,000 records, it's all downhill performance-wise. Large inserts into an indexed table were prone to be slow as molasses (usually killed the indexes prior to the insert and then rebuilt).
OTOH, it was a decent way to learn the basics of SQL, limited relational database design, and a way to start learning Visual Basic and how to program forms. (I wrote *a lot* of VBA/MSAccess stuff in my old job... even used it as a poor man's prototyping tool once.)
It's also darned convenient for passing around data sets without constantly having to import/export to CSV or setup dozens of databases on a developer SQL server. Unzip the MDB, open it up, start querying (or running saved queries)... dirt-simple for small data sets (anything less then 100Mb). Screw up the database, easy enough to unzip it from the archive again and have another go (compared to bugging the admin to restore from tape).
Much easier to swap CDs as you're driving down the road then to try and look at a tiny iPod screen. Swapping CDs can almost be done by touch (other then quick glances to verify label and aligning with the CD slot), the iPod screen requires either a lot of tiny glances or a few seconds with your eyes not watching the road.
Any leads on a mini-ITX case that supports (2) hard drives (for RAID1)? All the ones that I've seen so far only support (1) 5.25" external bay device (CD/DVD), (1) 3.5" external bay (floppy), and (1) internal 3.5" drive.
I'm interested in the mini-ITX stuff no so much for power reasons but for noise reasons.
Bottom line, if you *really* want to keep your data safe, be prepared to spend the cash to do it. As a rough guess, bottom cost would be 4x the cost per gigabyte of current drive technology. (Which is around US$0.75/gigabyte right now, times 4 is $3.00/gigabyte.)
If you're willing to be cheaper and risk the data, hook (2) USB external drives up and mirror from the primary to the secondary daily. That cost would only be $2.00 per gigabyte or so. (Archival to DVD-R is also an option instead of a second HD and would drop the cost to $1.50 or so per gigabyte.)
So how do you deal with say 50 times 12 gigabyte chunks or 100 times 1 gigabyte chunks of data which is not particularly valuable but would be expensive and time consuming if you had to recreate it.
Burn it to DVD-R, adding recovery data using QuickPar. That'll take 33 DVD-Rs.
For the truly paranoid, setup a 250Gb RAID1 box with an attached USB 250Gb backup drive in a corner and keep copies of the DVDs on it. (Or even multiple external USB drives where you rotate the drives online once per week.)
I had to rip my entire collection for the second time because the hard drive I was storing the first effort on puked and died.
Been there done dat (recently). With (3) decent speed machines I was able to rip a few CDs per hour and plowed through most of the collection in about a week (got odds-n-ends left). Once I was finished ripping, but before I sorted the files out according to genre, I dumped them to DVD-R (as well as QuickPar'ing the files on the DVD), then tossed the CDs back in the storage box in the closet.
For downsampling MP3s, look into Easy CD-DA Extractor... also rips. (I've been happily using the software for a few years. Well worth the few bucks it cost to register.)
2) No depth of field (a.k.a. depth of focus) preview
That is my #1 issue with the K-1000 (bought mine in 1986 or 1987, still have it). I used a friend's Nikon or Minolta (a long time ago) where you could partially press the shutter button to see the true depth of field.
Currently drooling over the new digital SLRs... (shooting with a Sony 3 megapixel CD-R camera until them).
Spam is moving off open relays and onto pirated home computers. Spammers and virus writers together have already designed a distributed architecture in which they can send emails from hundreds of thousands, possibly millions of 'owned' personal computers.
The majority of which is using forged domains...
This is where the Postfix/Sendmail crews need to get behind one of the reverse MX proposals and start pushing. When the e-mail software can reliably answer the following (2) questions, the destination servers will have another good data point with which to classify e-mail as junk.
1. Does the sender's domain have a reverse-MX list?
2. Is the IP address of the server trying to delivery mail on behalf of domain X listed?
Right now, a spammer with zombied home computers can forge my domain's address onto an e-mail and spam the world (who then comes and knocks on *my* door). At least with reverse-MX I can force all of my domain's e-mail through a central set of servers that I have control over.
The other side of the coin is whether ISPs should be allowing outbound connections to port 25. But if you have a 3rd party POP3/SMTP mail account somewhere then you need to be able to connect to port 25 outbound. (Workarounds would be to instead connect to a secured alternate port or setup a SSH or VPN/IPSEC tunnel.)
3D space combat games are where the situation really becomes clear. My own experience with them is that when I was first learning them I really didn't keep a good idea of the 3D action in the games at all.
Situational awareness... is, I believe, the term that you are searching for.
Combat flight sims are difficult for me to maintain SA without a head-mounted display that would track my gaze. Constatly switching views using the hat is clumsy and throws me off.
Bank records? Isn't that info on the bank's pc, unencrypted?
Nope, it's stored inside an encrypted volume that's only mounted when I need it to be. Storing your bank files inside an encrypted volume (DriveCrypt, PGPDisk) should be the minimum security you should be using. Granted, my main machine is a laptop, so theft is a risk that has to be seriously considered.
Other stuff that I have gets stored in GPG/PGP blocks and decrypted as needed.
Actually, I'd lay that honor not at the feet of Battlefield Earth, but the other horribly written and over-extended Mission Earth series.
Mission Earth is what comes to mind when I saw the article. A "hero" that you hate (I rooted for the bad guy) and the entire story is like watching a car crash in slow motion.
I think we're finally to the point (gads... gonna regret this statement in a few years) where the majority of CPUs are powerful enough for the majority of people.
Heat and *noise* are the two big issues now, and I'm not so sure that the anti-noise bandwagon is going to be just a fad. A year or two ago, power users wanted power at any cost (heat / electricity used / acoustic noise), but I've seen more and more meme lately about quiet PCs, low-power PCs, passive cooling only. Basically, the users are saying that they have enough processing power and that more processing power isn't worth the extra heat / energy / noise.
(Personally, I'm looking into the Antec Sonata cases or the mini-ITX stuff...)
My rule-of-thumb used to be that for every $1k that you spent, you'd get a year of useful life out of the computer... (e.g. a $2k computer would be outdated in 2 years, a $3k computer would last closer to 3 years before being outpaced by software demands). For the non-power user, the rule-of-thumb was more like $800/yr.
That finally went out the window a few years ago and I'd say that for desktop systems, it's around $400/yr ($300 for a non-power user). A $1200 machine will last you about 3 years in a business environment. Laptops are still up around the $900/yr mark.
Maybe if we have less abstraction layers, less dynamic invocations, less runtime discovery, and more focus on building something that works, we really would not need 4GB of RAM. Maybe, just maybe, the programs will run faster as well.
Yes, yes they would run faster... but at the cost of development time.
(insert phrase about fast, efficient, small... pick two)
Nope... while MS and IBM did develop the OS/2 1.x series together, NT 3.x was *not* OS/2. NT didn't exist as a product idea until the falling out.
NT 3.x was written from the ground up by a group (IIRC) imported from DEC or Digital. They added in the OS/2 1.x subsystem to make it possible to run OS/2 1.x programs in NT to lower migration costs.
Similar to one of the short stories at the start of the Foundation series where the foundationers are visited by a high-ranking official from the old empire.
He says a lot while he's there, but after they run it through some sort of language processor they find out that he said exactly *zip*.
Slashdot Mirror
More likely, one of the big ISPs (AOL, Yahoo) will require that you configure DNS records in order to send e-mail into their network. Initially (during the adoption period), they'll probably only use the information to score e-mails as being spammy/hammy. After the adoption period, they'll start using the information like a blackhole list and just drop the connections.
The MTAs (postfix, sendmail) will probably implement one of the (4) solutions and admins will start using it by default.
I doubt we'll see any organization (IETF, ASRG, IRTF, random-4-letter-acronym) say "go" on this. Instead, it will be like a snowflake that rolls downhill and turns into an avalanche.
Good chance that end-users (DNS admins) will have to comply with 2 of the proposals in order to meet the demands of the larger ISPs. Fortunately, DNS records are free, just a PITA to setup (grin).
e.g. they 0wn 1000 Windows boxes of Comcast users, so they look up the SPF info from Comcast's DNS records, and use those domains to generate the fake e-mail addresses when spamming using those 0wn3d boxes. When spamming via their collection of open relays in China, they use SPF-valid From: addresses for those open relays.
Uh, no... in a world with a high adoption rate of any reverse-MX solution (DRIP, DMP, SMTP+SPF, RMX), the spammer can only use a FROM: domain that is valid from the IP address of the 0wn3d box. Reverse MX solutions are merely designed to stop "joe jobs".
Reverse MX solutions answer the following 2 questions:
1. Does domain X have reverse-MX information?
2. Is IP address of server Y that is trying to send me e-mail on behalf of domain X listed?
If #1's answer is "NO", then a spammer can forge that domain's address onto their spam, send it from any machine on the planet, and the destination server can't tell anything useful about whether the FROM: domain is good or not.
If #1's answer is YES, but the server that is attempting to send the e-mail is NOT listed, the destination SMTP server can flag the message as suspect or drop the message into a quarantine or just drop the connection. Entirely up to the destination mail admin as to how they use that bit of information.
If #1's answer is YES, and the IP address matches one of the reverse MX entries, then the destination server has some assurance that the e-mail is not spoofed. Possibly, the spammer has hijacked the companies outbound SMTP server, or broken the DNS record to list their zombie machines. The SMTP server hijack is fixable at a local level (just as you would fix a hacked rootkit'd server). The DNS hijack is something that the BIND/DJB/DNS folks need to fix by improving DNS (DNSSEC?).
Right now, there is *no* way to stop "joe jobs", which means that an admin that takes due care can get tarred and feathered while being perfectly innocent. This closes *one* of the loopholes in the SMTP mail system, but is no more of a cure-all then any other anti-spam solution currently out there. I'd rather see this loophole closed sooner then to just stand around wringing my hands while someone invents the perfect solution.
A nice side-effect of reverse-MX's impact on domain spoofing is that it makes "whitelisting" work *better*, because the destination SMTP servers can have greater confidence in the FROM: domain. (Right now, spammers can just spoof domains to get around domain whitelists.)
Domain forging could be stopped if the IETF/ASRG would go ahead and approve one of the four reverse-MX proposals floating around out there (DMX, DRIP, RMX, SPF+SMTP).
That would at least make it much more difficult to forge domain names on the spam / virus e-mails (they'd have to hack my designated SMTP server to send using my domain name).
But hey, they've only been talking about it for 6-9 months so I don't expect to see them resolve anything prior to 2005. (I expect that the sendmail and postfix folks will quietly implement something instead and it will suddenly become the standard.)
What amazes me is that none of the big cross-media types (Sony and their like) has yet developed a central "hub" technology, and standard interfaces to connect the various components that form part of any home entertainment or computer system today.
Not surprising at all for a few reasons:
Supporting a single standard would require paying license fees to the standard holder (an advantage that no company wants to give to another). DVD-R and DVD+R is one example.
The entertainment industry is still afraid of VCR-like technology after 20+ years. They'll go to great lengths to hobble any standard interface proposals with Digital Restrictions Methods (ala DAT tape decks). Macrovision, CSS, etc.
When a company commits to supporting an open standard, it has to compete. No company likes to do this, it's much *easier* to lock the consumer into a proprietary format (have a Sony tape deck? they'd much prefer that you'd have to buy another Sony device to interface with it). Given the choice between tilting the playing field in favor of themselves vs competing fairly, a company will act solely in self-interest.
Why yyyrsa instead of gpg?
Seems like if your organization's admins already have GPG/PGP keys, it would be easier to use those. (And you can even encrypt the backups so that any one of the admins could recover.)
I use (2) USB drives as well (rotated weekly with the other off-site). Will upgrade to a 3rd in the rotation in a few months.
Sensitive stuff gets TAR'd and then GPG'd. Less sensitive stuff just gets mirrored.
Tape drives are too expensive ($800 for the unit, $80 per tape if I wanted a 50/130Gb system) for my needs. 160Gb drive, shock mounted in the USB enclosure is only $150. If I want long-term archival, I can burn to DVD-R (with some QuickPar recovery data for good measure).
I'll agree with you on some data limits with MSAccess (used it for close to 8 years now, maybe longer... think I started on 2.0 or 2.1).
Once your tables push past around 500,000 or 1,000,000 records, it's all downhill performance-wise. Large inserts into an indexed table were prone to be slow as molasses (usually killed the indexes prior to the insert and then rebuilt).
OTOH, it was a decent way to learn the basics of SQL, limited relational database design, and a way to start learning Visual Basic and how to program forms. (I wrote *a lot* of VBA/MSAccess stuff in my old job... even used it as a poor man's prototyping tool once.)
It's also darned convenient for passing around data sets without constantly having to import/export to CSV or setup dozens of databases on a developer SQL server. Unzip the MDB, open it up, start querying (or running saved queries)... dirt-simple for small data sets (anything less then 100Mb). Screw up the database, easy enough to unzip it from the archive again and have another go (compared to bugging the admin to restore from tape).
Aye, tis not a hard rule to follow...
If everyone is passing you, you're driving too slow.
If you're passing everyone else (or trying to by constantly bobbing and weaving lanes), you're driving too fast.
Much easier to swap CDs as you're driving down the road then to try and look at a tiny iPod screen. Swapping CDs can almost be done by touch (other then quick glances to verify label and aligning with the CD slot), the iPod screen requires either a lot of tiny glances or a few seconds with your eyes not watching the road.
That was indeed plan B!
Any leads on a mini-ITX case that supports (2) hard drives (for RAID1)? All the ones that I've seen so far only support (1) 5.25" external bay device (CD/DVD), (1) 3.5" external bay (floppy), and (1) internal 3.5" drive.
I'm interested in the mini-ITX stuff no so much for power reasons but for noise reasons.
Bottom line, if you *really* want to keep your data safe, be prepared to spend the cash to do it. As a rough guess, bottom cost would be 4x the cost per gigabyte of current drive technology. (Which is around US$0.75/gigabyte right now, times 4 is $3.00/gigabyte.)
If you're willing to be cheaper and risk the data, hook (2) USB external drives up and mirror from the primary to the secondary daily. That cost would only be $2.00 per gigabyte or so. (Archival to DVD-R is also an option instead of a second HD and would drop the cost to $1.50 or so per gigabyte.)
So how do you deal with say 50 times 12 gigabyte chunks or 100 times 1 gigabyte chunks of data which is not particularly valuable but would be expensive and time consuming if you had to recreate it.
Burn it to DVD-R, adding recovery data using QuickPar. That'll take 33 DVD-Rs.
For the truly paranoid, setup a 250Gb RAID1 box with an attached USB 250Gb backup drive in a corner and keep copies of the DVDs on it. (Or even multiple external USB drives where you rotate the drives online once per week.)
I had to rip my entire collection for the second time because the hard drive I was storing the first effort on puked and died.
Been there done dat (recently). With (3) decent speed machines I was able to rip a few CDs per hour and plowed through most of the collection in about a week (got odds-n-ends left). Once I was finished ripping, but before I sorted the files out according to genre, I dumped them to DVD-R (as well as QuickPar'ing the files on the DVD), then tossed the CDs back in the storage box in the closet.
For downsampling MP3s, look into Easy CD-DA Extractor... also rips. (I've been happily using the software for a few years. Well worth the few bucks it cost to register.)
2) No depth of field (a.k.a. depth of focus) preview
That is my #1 issue with the K-1000 (bought mine in 1986 or 1987, still have it). I used a friend's Nikon or Minolta (a long time ago) where you could partially press the shutter button to see the true depth of field.
Currently drooling over the new digital SLRs... (shooting with a Sony 3 megapixel CD-R camera until them).
Spam is moving off open relays and onto pirated home computers. Spammers and virus writers together have already designed a distributed architecture in which they can send emails from hundreds of thousands, possibly millions of 'owned' personal computers.
The majority of which is using forged domains...
This is where the Postfix/Sendmail crews need to get behind one of the reverse MX proposals and start pushing. When the e-mail software can reliably answer the following (2) questions, the destination servers will have another good data point with which to classify e-mail as junk.
1. Does the sender's domain have a reverse-MX list?
2. Is the IP address of the server trying to delivery mail on behalf of domain X listed?
Right now, a spammer with zombied home computers can forge my domain's address onto an e-mail and spam the world (who then comes and knocks on *my* door). At least with reverse-MX I can force all of my domain's e-mail through a central set of servers that I have control over.
The other side of the coin is whether ISPs should be allowing outbound connections to port 25. But if you have a 3rd party POP3/SMTP mail account somewhere then you need to be able to connect to port 25 outbound. (Workarounds would be to instead connect to a secured alternate port or setup a SSH or VPN/IPSEC tunnel.)
3D space combat games are where the situation really becomes clear. My own experience with them is that when I was first learning them I really didn't keep a good idea of the 3D action in the games at all.
Situational awareness... is, I believe, the term that you are searching for.
Combat flight sims are difficult for me to maintain SA without a head-mounted display that would track my gaze. Constatly switching views using the hat is clumsy and throws me off.
Bank records? Isn't that info on the bank's pc, unencrypted?
Nope, it's stored inside an encrypted volume that's only mounted when I need it to be. Storing your bank files inside an encrypted volume (DriveCrypt, PGPDisk) should be the minimum security you should be using. Granted, my main machine is a laptop, so theft is a risk that has to be seriously considered.
Other stuff that I have gets stored in GPG/PGP blocks and decrypted as needed.
FYI, here are the (4) proposals that I know about:
RMX proposal (Mike Rubel's page) - Last published draft (Oct 2003).
DMP - No change or update since this was posted back in August 2003.
DRIP - Published July 2003 by Raymond S Brand and Laurence Sherzer.
SMTP+SPF - Last updated Dec 1 2003. Last RFC draft is Oct 2003.
Anyone have any inside track on where these proposals stand?
Actually, I'd lay that honor not at the feet of Battlefield Earth, but the other horribly written and over-extended Mission Earth series.
Mission Earth is what comes to mind when I saw the article. A "hero" that you hate (I rooted for the bad guy) and the entire story is like watching a car crash in slow motion.
Battlefield Earth, OTOH, is a decent read.
I think we're finally to the point (gads... gonna regret this statement in a few years) where the majority of CPUs are powerful enough for the majority of people.
Heat and *noise* are the two big issues now, and I'm not so sure that the anti-noise bandwagon is going to be just a fad. A year or two ago, power users wanted power at any cost (heat / electricity used / acoustic noise), but I've seen more and more meme lately about quiet PCs, low-power PCs, passive cooling only. Basically, the users are saying that they have enough processing power and that more processing power isn't worth the extra heat / energy / noise.
(Personally, I'm looking into the Antec Sonata cases or the mini-ITX stuff...)
My rule-of-thumb used to be that for every $1k that you spent, you'd get a year of useful life out of the computer... (e.g. a $2k computer would be outdated in 2 years, a $3k computer would last closer to 3 years before being outpaced by software demands). For the non-power user, the rule-of-thumb was more like $800/yr.
That finally went out the window a few years ago and I'd say that for desktop systems, it's around $400/yr ($300 for a non-power user). A $1200 machine will last you about 3 years in a business environment. Laptops are still up around the $900/yr mark.
Maybe if we have less abstraction layers, less dynamic invocations, less runtime discovery, and more focus on building something that works, we really would not need 4GB of RAM. Maybe, just maybe, the programs will run faster as well.
Yes, yes they would run faster... but at the cost of development time.
(insert phrase about fast, efficient, small... pick two)
Nope... while MS and IBM did develop the OS/2 1.x series together, NT 3.x was *not* OS/2. NT didn't exist as a product idea until the falling out.
NT 3.x was written from the ground up by a group (IIRC) imported from DEC or Digital. They added in the OS/2 1.x subsystem to make it possible to run OS/2 1.x programs in NT to lower migration costs.
Similar to one of the short stories at the start of the Foundation series where the foundationers are visited by a high-ranking official from the old empire.
He says a lot while he's there, but after they run it through some sort of language processor they find out that he said exactly *zip*.
Aren't weasel-words fun?