Or one of the other proposals (personaly, as a mail admin, I don't care which of the proposals make it so long as I can stop having my domain name forged onto e-mails that we didn't send):
Instead, you might want to lean on the IETF and get them to fast-track one of the SMTP/DNS proposals like RMX or SMTP+SPF.
Basically, the proposals add a record to the DNS system so that destination SMTP servers can see whether the inbound e-mail was received from an authorized outbound mail server for the specified domain. If not, then the domain on the e-mail is spoofed, and the SMTP server can act on that knowledge.
C/R also suffers when it comes to mail lists... the response is usually that we can just whitelist the mailing list domains.
Except that spammers can forge their domain to match that of a domain that is on the whitelist.
SPAM is a multi-facted issue... one of the first facets that I hope gets taken care of before we all grow old is that the IETF approves one of the RMX / SMTP+SPF style proposals and eliminates "joe jobs" and forged domains.
So what happens when a small ISP has 2000 customers who send 10 e-mails per day, and the ISP only has a single server? Now, the odds that all of those e-mails are going to your mail server are small, but it demonstrates some of the issues if it were widely deployed.
Or, what about the case where an SMTP server can just open up more connections to you? (Which is perfectly normal.)
Or the spammer is using a network of hijacked hosts that each attempt to connect to your SMTP server?
Basically, the 5 second wait suffers from the same deficiencies as that of the "require sender machine to calculate some math problem" solution.
>> ISPs' incoming servers accept mail only if the "sender:" matches the domain of the server that is sending the message
Which is exactly what proposals like RMX / SPF and others are attempting to do. Since the DNS system is already used to designate which IPs will accept inbound e-mail for a particular domain - why can't DNS be queried to find out if a given IP is authorized to send e-mail for a particular domain.
As a side-effect of the RMX/SPF style systems that a given e-mail comes from an authenticated IP for the purported domain is that e-mail worms will find it more difficult to spread directly from infected systems straight to target SMTP hosts. Instead, those worms will have to spread by passing through the user's official SMTP server.
Re:dnssec, how about authenticated email reply-to?
on
DNSSEC: Good Enough?
·
· Score: 1
Search for "RMX" - which is a proposed addition to the DNS records. Basically, when you setup your domain, you specific what IP addresses are allowed to send out e-mail for folks in your domain.
The destination mail server has the option of looking up that RMX record, cross-referencing to the IP that it received the e-mail from, and deciding whether to keep / toss / reject the e-mail if the e-mail didn't come from an authorized system.
Nice system, mostly compatible with DNS, so requires very little to change technically (and the spam issue is expensive enough that you can build a business case for upgrading your DNS software). Nicer is that it's up to the destination whether or not they want to be strict about matching RMXs. It also makes whitelists much easier to program because you can be surer that e-mail from example.com actually came from a server that example.com controls.
It doesn't solve the issue where spammers abuse an open-relay or mis-configured server. Or where a spammer sets up a spamming domain with a wide-open RMX range (all addresses allowed to send e-mail for this domain), but it's at least a step in the right direction.
I used to work for a major corporation that was 100% privately owned (you had to be an employee to own stock, and the company had some rights where they could force you to sell up to 10% per year back to the company after retirement). If you sold stock one year, you were not allowed to buy stock during the next 12 months. The price was fixed by the board, paid a dividend, part of your bonus each year was more stock if you were in management. Some years the stock went up a little, sometimes a lot, but never down (well run company).
As a result of such stability in the ownership pool, this company routinely makes plans for the 5-10-20 year horizons. The CEO was always a "company" person who came up through the ranks, and is typically sits for a few years at a minimum. Typical pay for the CEO was around 8x-10x what the average employee made (ratio might have even been lower).
Private owners differ from public owners in that private owners are closely related to the business that they own stock in (employees, family of employees, friends of employees). They own stock more because they believe in the business then for purely financial reasons. Because there are non-financial reasons involved with their ownership of the stock, they are more willing to hold on to their stock during rough times as the company works to turn around. If they sell the stock, and it will negatively impact the company - their friends/family will feel the effects of that.
Public stock owners, OTOH, rarely own stock in a particular company for any more then financial reasons. Bottom line profit / return on investment is where their heart lies. If the stock does not make the investor money, then the investor will take their money elsewhere and the stock will lose value. There are extremely few investors who will hold onto stock in a company that is costing the investor money.
As a result of this disparity in the way private owners vs public owners view the act of owning a company's stock - publicly owned corporations often end up at the mercy of the (fickle) market. That's where you get into the earnings fiasco from a year or three ago and all the other fun accounting tricks which have nothing to do with running the business and everything to do with manipulating your stock's price.
As to the corporate governance issues - go read BusinessWeek, search their archives over the past few years for articles on corporate governance. They do a good job of explaining why some boards / companies are better run then others. They also discuss the "celebrity CEO" myth / aura when everyone believes that a high-profile CEO will be good for their business.
Agreed, every time my company gets blacklisted because some subscriber got up on the wrong side of the bed and decided to tag us as spammers instead of following the instructions to unsubscribe... well, it makes me want to sue the maintainers of the blackhole lists into oblivion.
Sorry, but I will not be sorry if the various blackhole listing services get sued out of business. They don't exercise due diligence in the maintenance of their list - therefore they should be liable for libel.
I've kind of settled in on the CD/MP3 players as my preference around the house/car as well.
Mostly because I have a CD/MP3 player in the car (a JVC model that's 2yrs old). For auto use, the CD/MP3 style makes sense because it's easier to pull a CD from the visor and insert it, hit the random button and off you go - compared to trying to find a sub-folder on a 40Gb hard-drive based MP3 player.
I also have a CD/MP3 portable player (actually 2). Plus, the newer DVD drives support MP3 files on CD-R (although my Sony lacks a *random* function! grrr). So now I have yet another device to use my MP3s on.
The hard-drive based MP3 players are nice in situations where you can spend time concentrating on the screen to find the music that you want. Or when you absolutely have to have that much music on demand.
I've been tempted by the smaller mini-CD/MP3 players that take the 180Mb CD-Rs, but I think I'm going to hold out for the mini DVD-R instead (those hold around 1Gb). Same size as the mini-CDs, but large enough capacity to be useful.
Except that Sony seems to not really care to enforce the provision. Basically, SOE hasn't said a peep about ebaying since mid-2002, nor have they attempted to shut down the auction sites, the plat for cash sites, or ban accounts that have been ebayed.
As a result, sites like PlayerAuctions which used to be only talked about in hushed tones a year ago are now freely discussed pretty much everywhere in EQ without fear of ban/reprisal.
SOE's lack of apparent concern for the practice and their apparent decision not to enforce that aspect of the EULA is one of the reasons that I quit the game a few months ago.
Same here, mid-30s. Tastes from 5 years ago were pop, hard rock, metal, classical. Hadn't bought CDs much in the previous few years.
Over the past few years, I've stumbled onto the various forms of dance such as techno, house, etc.. Some I like, some I don't. (Biggest reason I like dance is that a 60-120 min track allows me to get into some serious zonage while coding. Without having to fiddle for the next track, or figure out a dozen songs to queue up for the next hour.)
Most of my new music has been by sampling stuff of the net since I can't stand listening to local radio (and we have small-town lack of choice anyway).
Firms with high-value items that are easily lifted. I worked for a large US shipping firm that required fingerprints as part of the employment process.
Back when I was in college (bit over a decade ago) - a telling question to ask CS majors was "do you subscribe to any computing magazines?".
IIRC, only about 1 in 4 of the CS majors would answer yes. Some of that was due to not being able to afford a subscription.
Nowdays, the question would be whether they subscribe to the newsletters of places like eWeek, InternetDay, Wired, Slashdot, ComputerWorld or visit a tech news website on a weekly basis.
Heck, I know most co-workers in the IT field don't bother with tech news. Which I find rather silly because this field outdates your skills so fast and it's helpful to know what's coming down the pipe.
Which is why it's a good idea to read up on sales tactics (take a "spin selling" lecture for instance) even if you're not in sales.
Dealing with car dealers is a good bit of fun. It was my first time buying a new car so I was a bit nervous already. The guy was good and persistent, but all I wanted was information on the first visit. (I used the tactic of having to "appeal to a higher authority", e.g. the significant other, prior to signing anything.) The most fun was that it took him three tries to even get my name.
I did eventually buy a car from the guy, but not off-the-cuff. In fact, when I went back a week or two later to do the deal, I actually added on a few things that I would not have bought under pressure at the first visit. I got exactly the car that I wanted (ordered from the factory) and I'm still happy with it 2 years later.
Am I safe against every sales tactic out there? Nope, but I can spot the game in the majority of situations which is good enough. Once spotted I can either choose to play along or change my tactics to counter.
20-40/day is about average - if I count the e-mail that comes specifically targeted at my user e-mail.
Tack on another 20-60 per day for spam that is aimed at webmaster@, postmaster@, root@... etc. - fortunately, that's sortable and it doesn't take long to scan the subject lines before "select all - delete".
My mail client sorting rules are based on the whitelist principle, which at least gets the spam segregated out for later review. What is annoying about whitelist/blacklist is that spammers are able to forge domains (my vote is for OX records to be added to DNS so my mail server can dump e-mail from IPs not listed as outbound mail exchanges from the supposed source domain).
On the sinister side... since this tech won't be implemented solely due to customer service improvement - your boss can now keep track of how responsive the employees are to the waiting of tables.
Glass 3423432 is now empty, how long before employee #2 visits the table to check whether patron XYZ342 wants a refill.
On the slippery slope note (puts on tin-foil hat)... once RFID receivers are in the establishment (and presumably in every table / bar in the place) - now your boss can track his employees movements by placing RFID tags inside whatever the employees use to take orders (or in the uniform). All in the name of improving efficiency of course.
Whole idea strikes me as a bit silly... convenient for the order taker, but may come with unintended consequences.
One solution for the virus-infected PCs sending SPAM would be for the destination SMTP machines (receivers) to do a cross-match between the purported sender domain of the message with the IP address that is originating. The IP address of the sender would have to be one of the designated outbound mail servers for the sender's domain. (e.g. a "OX" record) Want to send e-mail for domain x@x.com? Then it needs to transmit from one of the IP addresses in x@x.com's DNS OX records.
It solves the issue of "forged" domain e-mail (which makes whitelists/blacklists more reliable), cuts down on infected PCs sending SPAM (unless they're an OX for the DNS). Plus, it's in the end-admin's hands whether or not to turn that check on.
Downside is that it requires a new DNS record, might increase load on the DNS servers, and might break some specialized cases where SMTP servers are chain-forwarding. (The last is a minor issue if the DNS records get patched.)
One scenario not handled is when a spammer finds an open relay they have to add that open relay's IP address to their DNS. Since this takes 24-72 hours to propogate, that slows them down and possibly gets the open relay closed before they get a chance to use it.
Personally, I've used the Promise FastTrak line of cards for a few years now and have never had a problem with them. The cards are pretty cheap (under US$100), have good drivers, and perform very well (12Mb/sec on an ATA/100 mirror). Much better then software RAID solutions that I've tried in the past.
Primary storage for me is 275Gb of RAID5 storage (Promise FastTrak SX6000 connected to 6 75Gb drives, one is parity, one is hot spare). Attached to that server is a 120Gb USB 2.0 drive that I backup to every day using Second Copy 2000. (We do the same with our laptop users, give them an old IDE drive in a USB shell and install Second Copy 2000 - usally setup to backup during their lunch hour.)
Between the RAID5 w/ hot-spare and backups that aren't older then 24 hours, I'm pretty well covered for everything except fire/theft. A more advanced setup would be to swap USB drives once a week and store the other drive in an off-site safe deposit box (for simplicity it's best to use 3 drives, one online at the office, one in the safe-deposit box, and the oldest offline at the office).
DVD media just isn't convenient enough for primary or even secondary storage when I have systems with 60Gb mirrored drives and a file server with 275Gb. Magnetic drive capacity is just so far ahead at the moment that it's cheaper and much more convenient to drop a pair of drives into a PC and RAID1 them.
Good uses for DVD-/+R(W) drives seem to be:
- Consolidationg CD-R archives, by packing 6-7 CD-Rs on a single DVD-R I reduce my storage by a good amount. The old CD-Rs get put in one of those old CD-R spindles that the 50packs of media come in (you can by empty spindles too). Since buying my DVD-+RW drive, I've filed away over 200 CD-Rs and have another stack of 50-75 CD-Rs that need to be sorted. 17 DVD-Rs is a lot easier to manage then 100 CD-Rs.
- Periodic snapshots of personal files or other long-term archival. Personally, I create a 4450Mb PGPDisk volume, put my files inside and then put the volume on the DVD-R.
The bigger issue is that it encourages anti-social behavior like KS'ing, ninja-looting, scamming, etc. because now there is tangible reward for engaging in this behavior.
Back in early 2002 (hazy memory), SOE/VI would publicly state again and again that if you were caught selling account/items you'd get banned. That put pressure on the sellers to stay underground and discrete. However, sometime during 2002, SOE/VI stopped harping about it and enforcement seems to have become very lax. As a result of this "look the other way" behavior (failure to shut down sites like MySuperSales), buying items / plat / characters lost a lot of the stigma because so many people were getting away with it. Basically, by inaction, SOE is saying they don't care. Great for the power players who want to win at any cost possible, bad for the casual player who wants a level playing field and a friendly community.
Another casualty in rampant selling of toons is the loss of your name having a reputation that means something. Between the name change service and the look-the-other way at account selling in EQ, scammers / griefers can change their stripes and take advantage of the community over and over again and the community is (mostly) helpless to do anything about it. (The community has to police itself, because the cops/GMs are never going to be around when you need them.)
Just make sure you generate keys for all of the software that you're going to use... made the mistake once of letting my MSDN run out, went to try and get serial numbers for a package (you now have to go online for some of the products) and was SoL.
So I'm not sure that it's still a perpetual license anymore.
Or one of the other proposals (personaly, as a mail admin, I don't care which of the proposals make it so long as I can stop having my domain name forged onto e-mails that we didn't send):
RMX proposal
DMP proposal
DRIP proposal
Unfortunately, it'll probably be 2-3 years until the standard organizations get off their duffs and pass something.
There are currently (at least) 4 different proposals that I know about to end the process of domain spoofing (which is part of the battle).
RMX proposal
SMTP+SPF proposal
DMP proposal
DRIP proposal
Trademark? might work...
Instead, you might want to lean on the IETF and get them to fast-track one of the SMTP/DNS proposals like RMX or SMTP+SPF.
Basically, the proposals add a record to the DNS system so that destination SMTP servers can see whether the inbound e-mail was received from an authorized outbound mail server for the specified domain. If not, then the domain on the e-mail is spoofed, and the SMTP server can act on that knowledge.
C/R also suffers when it comes to mail lists... the response is usually that we can just whitelist the mailing list domains.
Except that spammers can forge their domain to match that of a domain that is on the whitelist.
SPAM is a multi-facted issue... one of the first facets that I hope gets taken care of before we all grow old is that the IETF approves one of the RMX / SMTP+SPF style proposals and eliminates "joe jobs" and forged domains.
So what happens when a small ISP has 2000 customers who send 10 e-mails per day, and the ISP only has a single server? Now, the odds that all of those e-mails are going to your mail server are small, but it demonstrates some of the issues if it were widely deployed.
Or, what about the case where an SMTP server can just open up more connections to you? (Which is perfectly normal.)
Or the spammer is using a network of hijacked hosts that each attempt to connect to your SMTP server?
Basically, the 5 second wait suffers from the same deficiencies as that of the "require sender machine to calculate some math problem" solution.
>> ISPs' incoming servers accept mail only if the "sender:" matches the domain of the server that is sending the message
Which is exactly what proposals like RMX / SPF and others are attempting to do. Since the DNS system is already used to designate which IPs will accept inbound e-mail for a particular domain - why can't DNS be queried to find out if a given IP is authorized to send e-mail for a particular domain.
Explanation of RMX
SMTP+SPF proposal
As a side-effect of the RMX/SPF style systems that a given e-mail comes from an authenticated IP for the purported domain is that e-mail worms will find it more difficult to spread directly from infected systems straight to target SMTP hosts. Instead, those worms will have to spread by passing through the user's official SMTP server.
Search for "RMX" - which is a proposed addition to the DNS records. Basically, when you setup your domain, you specific what IP addresses are allowed to send out e-mail for folks in your domain.
The destination mail server has the option of looking up that RMX record, cross-referencing to the IP that it received the e-mail from, and deciding whether to keep / toss / reject the e-mail if the e-mail didn't come from an authorized system.
Nice system, mostly compatible with DNS, so requires very little to change technically (and the spam issue is expensive enough that you can build a business case for upgrading your DNS software). Nicer is that it's up to the destination whether or not they want to be strict about matching RMXs. It also makes whitelists much easier to program because you can be surer that e-mail from example.com actually came from a server that example.com controls.
It doesn't solve the issue where spammers abuse an open-relay or mis-configured server. Or where a spammer sets up a spamming domain with a wide-open RMX range (all addresses allowed to send e-mail for this domain), but it's at least a step in the right direction.
eh, it's an AC post - emphasis on the 'C'
You expect it to be readable?
I used to work for a major corporation that was 100% privately owned (you had to be an employee to own stock, and the company had some rights where they could force you to sell up to 10% per year back to the company after retirement). If you sold stock one year, you were not allowed to buy stock during the next 12 months. The price was fixed by the board, paid a dividend, part of your bonus each year was more stock if you were in management. Some years the stock went up a little, sometimes a lot, but never down (well run company).
As a result of such stability in the ownership pool, this company routinely makes plans for the 5-10-20 year horizons. The CEO was always a "company" person who came up through the ranks, and is typically sits for a few years at a minimum. Typical pay for the CEO was around 8x-10x what the average employee made (ratio might have even been lower).
Private owners differ from public owners in that private owners are closely related to the business that they own stock in (employees, family of employees, friends of employees). They own stock more because they believe in the business then for purely financial reasons. Because there are non-financial reasons involved with their ownership of the stock, they are more willing to hold on to their stock during rough times as the company works to turn around. If they sell the stock, and it will negatively impact the company - their friends/family will feel the effects of that.
Public stock owners, OTOH, rarely own stock in a particular company for any more then financial reasons. Bottom line profit / return on investment is where their heart lies. If the stock does not make the investor money, then the investor will take their money elsewhere and the stock will lose value. There are extremely few investors who will hold onto stock in a company that is costing the investor money.
As a result of this disparity in the way private owners vs public owners view the act of owning a company's stock - publicly owned corporations often end up at the mercy of the (fickle) market. That's where you get into the earnings fiasco from a year or three ago and all the other fun accounting tricks which have nothing to do with running the business and everything to do with manipulating your stock's price.
As to the corporate governance issues - go read BusinessWeek, search their archives over the past few years for articles on corporate governance. They do a good job of explaining why some boards / companies are better run then others. They also discuss the "celebrity CEO" myth / aura when everyone believes that a high-profile CEO will be good for their business.
Agreed, every time my company gets blacklisted because some subscriber got up on the wrong side of the bed and decided to tag us as spammers instead of following the instructions to unsubscribe... well, it makes me want to sue the maintainers of the blackhole lists into oblivion.
Sorry, but I will not be sorry if the various blackhole listing services get sued out of business. They don't exercise due diligence in the maintenance of their list - therefore they should be liable for libel.
According to the press conference that I'm listening to on CNN Radio - power is already starting to come back into the grid from the north/west.
Still sounds like hours+ until NYC will have power back.
I've kind of settled in on the CD/MP3 players as my preference around the house/car as well.
Mostly because I have a CD/MP3 player in the car (a JVC model that's 2yrs old). For auto use, the CD/MP3 style makes sense because it's easier to pull a CD from the visor and insert it, hit the random button and off you go - compared to trying to find a sub-folder on a 40Gb hard-drive based MP3 player.
I also have a CD/MP3 portable player (actually 2). Plus, the newer DVD drives support MP3 files on CD-R (although my Sony lacks a *random* function! grrr). So now I have yet another device to use my MP3s on.
The hard-drive based MP3 players are nice in situations where you can spend time concentrating on the screen to find the music that you want. Or when you absolutely have to have that much music on demand.
I've been tempted by the smaller mini-CD/MP3 players that take the 180Mb CD-Rs, but I think I'm going to hold out for the mini DVD-R instead (those hold around 1Gb). Same size as the mini-CDs, but large enough capacity to be useful.
Except that Sony seems to not really care to enforce the provision. Basically, SOE hasn't said a peep about ebaying since mid-2002, nor have they attempted to shut down the auction sites, the plat for cash sites, or ban accounts that have been ebayed.
As a result, sites like PlayerAuctions which used to be only talked about in hushed tones a year ago are now freely discussed pretty much everywhere in EQ without fear of ban/reprisal.
SOE's lack of apparent concern for the practice and their apparent decision not to enforce that aspect of the EULA is one of the reasons that I quit the game a few months ago.
Same here, mid-30s. Tastes from 5 years ago were pop, hard rock, metal, classical. Hadn't bought CDs much in the previous few years.
Over the past few years, I've stumbled onto the various forms of dance such as techno, house, etc.. Some I like, some I don't. (Biggest reason I like dance is that a 60-120 min track allows me to get into some serious zonage while coding. Without having to fiddle for the next track, or figure out a dozen songs to queue up for the next hour.)
Most of my new music has been by sampling stuff of the net since I can't stand listening to local radio (and we have small-town lack of choice anyway).
Firms with high-value items that are easily lifted. I worked for a large US shipping firm that required fingerprints as part of the employment process.
Back when I was in college (bit over a decade ago) - a telling question to ask CS majors was "do you subscribe to any computing magazines?".
IIRC, only about 1 in 4 of the CS majors would answer yes. Some of that was due to not being able to afford a subscription.
Nowdays, the question would be whether they subscribe to the newsletters of places like eWeek, InternetDay, Wired, Slashdot, ComputerWorld or visit a tech news website on a weekly basis.
Heck, I know most co-workers in the IT field don't bother with tech news. Which I find rather silly because this field outdates your skills so fast and it's helpful to know what's coming down the pipe.
Which is why it's a good idea to read up on sales tactics (take a "spin selling" lecture for instance) even if you're not in sales.
Dealing with car dealers is a good bit of fun. It was my first time buying a new car so I was a bit nervous already. The guy was good and persistent, but all I wanted was information on the first visit. (I used the tactic of having to "appeal to a higher authority", e.g. the significant other, prior to signing anything.) The most fun was that it took him three tries to even get my name.
I did eventually buy a car from the guy, but not off-the-cuff. In fact, when I went back a week or two later to do the deal, I actually added on a few things that I would not have bought under pressure at the first visit. I got exactly the car that I wanted (ordered from the factory) and I'm still happy with it 2 years later.
Am I safe against every sales tactic out there? Nope, but I can spot the game in the majority of situations which is good enough. Once spotted I can either choose to play along or change my tactics to counter.
20-40/day is about average - if I count the e-mail that comes specifically targeted at my user e-mail.
Tack on another 20-60 per day for spam that is aimed at webmaster@, postmaster@, root@... etc. - fortunately, that's sortable and it doesn't take long to scan the subject lines before "select all - delete".
My mail client sorting rules are based on the whitelist principle, which at least gets the spam segregated out for later review. What is annoying about whitelist/blacklist is that spammers are able to forge domains (my vote is for OX records to be added to DNS so my mail server can dump e-mail from IPs not listed as outbound mail exchanges from the supposed source domain).
On the sinister side... since this tech won't be implemented solely due to customer service improvement - your boss can now keep track of how responsive the employees are to the waiting of tables.
Glass 3423432 is now empty, how long before employee #2 visits the table to check whether patron XYZ342 wants a refill.
On the slippery slope note (puts on tin-foil hat)... once RFID receivers are in the establishment (and presumably in every table / bar in the place) - now your boss can track his employees movements by placing RFID tags inside whatever the employees use to take orders (or in the uniform). All in the name of improving efficiency of course.
Whole idea strikes me as a bit silly... convenient for the order taker, but may come with unintended consequences.
One solution for the virus-infected PCs sending SPAM would be for the destination SMTP machines (receivers) to do a cross-match between the purported sender domain of the message with the IP address that is originating. The IP address of the sender would have to be one of the designated outbound mail servers for the sender's domain. (e.g. a "OX" record) Want to send e-mail for domain x@x.com? Then it needs to transmit from one of the IP addresses in x@x.com's DNS OX records.
It solves the issue of "forged" domain e-mail (which makes whitelists/blacklists more reliable), cuts down on infected PCs sending SPAM (unless they're an OX for the DNS). Plus, it's in the end-admin's hands whether or not to turn that check on.
Downside is that it requires a new DNS record, might increase load on the DNS servers, and might break some specialized cases where SMTP servers are chain-forwarding. (The last is a minor issue if the DNS records get patched.)
One scenario not handled is when a spammer finds an open relay they have to add that open relay's IP address to their DNS. Since this takes 24-72 hours to propogate, that slows them down and possibly gets the open relay closed before they get a chance to use it.
Personally, I've used the Promise FastTrak line of cards for a few years now and have never had a problem with them. The cards are pretty cheap (under US$100), have good drivers, and perform very well (12Mb/sec on an ATA/100 mirror). Much better then software RAID solutions that I've tried in the past.
DVD FAQ 1.15 - What happens if I scratch the disc? Aren't discs too fragile to be rented?
States that DVDs have more error correction features built in then regular *data* CDs, which would make them less sensitive to damage.
Audio CDs, OTOH, are a bit more resistant because the CD player can just interpolate over the problem bits until things get too bad to cover up.
Primary storage for me is 275Gb of RAID5 storage (Promise FastTrak SX6000 connected to 6 75Gb drives, one is parity, one is hot spare). Attached to that server is a 120Gb USB 2.0 drive that I backup to every day using Second Copy 2000. (We do the same with our laptop users, give them an old IDE drive in a USB shell and install Second Copy 2000 - usally setup to backup during their lunch hour.)
Between the RAID5 w/ hot-spare and backups that aren't older then 24 hours, I'm pretty well covered for everything except fire/theft. A more advanced setup would be to swap USB drives once a week and store the other drive in an off-site safe deposit box (for simplicity it's best to use 3 drives, one online at the office, one in the safe-deposit box, and the oldest offline at the office).
DVD media just isn't convenient enough for primary or even secondary storage when I have systems with 60Gb mirrored drives and a file server with 275Gb. Magnetic drive capacity is just so far ahead at the moment that it's cheaper and much more convenient to drop a pair of drives into a PC and RAID1 them.
Good uses for DVD-/+R(W) drives seem to be:
- Consolidationg CD-R archives, by packing 6-7 CD-Rs on a single DVD-R I reduce my storage by a good amount. The old CD-Rs get put in one of those old CD-R spindles that the 50packs of media come in (you can by empty spindles too). Since buying my DVD-+RW drive, I've filed away over 200 CD-Rs and have another stack of 50-75 CD-Rs that need to be sorted. 17 DVD-Rs is a lot easier to manage then 100 CD-Rs.
- Periodic snapshots of personal files or other long-term archival. Personally, I create a 4450Mb PGPDisk volume, put my files inside and then put the volume on the DVD-R.
The bigger issue is that it encourages anti-social behavior like KS'ing, ninja-looting, scamming, etc. because now there is tangible reward for engaging in this behavior.
Back in early 2002 (hazy memory), SOE/VI would publicly state again and again that if you were caught selling account/items you'd get banned. That put pressure on the sellers to stay underground and discrete. However, sometime during 2002, SOE/VI stopped harping about it and enforcement seems to have become very lax. As a result of this "look the other way" behavior (failure to shut down sites like MySuperSales), buying items / plat / characters lost a lot of the stigma because so many people were getting away with it. Basically, by inaction, SOE is saying they don't care. Great for the power players who want to win at any cost possible, bad for the casual player who wants a level playing field and a friendly community.
Another casualty in rampant selling of toons is the loss of your name having a reputation that means something. Between the name change service and the look-the-other way at account selling in EQ, scammers / griefers can change their stripes and take advantage of the community over and over again and the community is (mostly) helpless to do anything about it. (The community has to police itself, because the cops/GMs are never going to be around when you need them.)
Just make sure you generate keys for all of the software that you're going to use... made the mistake once of letting my MSDN run out, went to try and get serial numbers for a package (you now have to go online for some of the products) and was SoL.
So I'm not sure that it's still a perpetual license anymore.