People pay more, for an inferior product and give up most of their legal rights in the process, all for the "convienience" of downloading music ( which really doesn't take much less in terms of time overall than walking into a music store the next time you happen to be in the mall).
Except at the mall you can't buy single tracks off an album. As far as album sales go, I agree with you. I'd buy the CD from a regular store first. However, there are any number of single tracks I've bought from iTMS simply because I didn't want the entire album. I paid 99 cents for each of them and that works nicely for me.
It would be interesting to see the ratio of single tracks to whole albums being bought from iTMS, and this is where the labels need to worry. If people start buying only the popular songs and not the entire album, they're going to have to start putting more effort into producing music rather than just churning out production line dreck like they do now.
This is another example of why it's bad to leave register_globals on, as the whole problem could have been avoided otherwise.
Except.. it wouldn't have, in this case at least. Gallery works with register_globals turned off, I just checked.. but then I noticed the code (this is in init.php if anyone wants to check):
if (!$gallery->register_globals) { if (is_array($HTTP_GET_VARS)) { extract($HTTP_GET_VARS); }
if (is_array($HTTP_POST_VARS)) { extract($HTTP_POST_VARS); }
The extract() function basically takes everything from the _GET and _POST arrays and dumps them straight into the appropriate variables, which is exactly what register_globals does. Whether it was turned on or off, you would still be able to pollute the $GEEKLOG_DIR variable via get/post. This is a pretty braindead piece of coding right here, and makes me a little worried about using gallery. I hope they plan to fix this in the future.
If I get a spam that makes it through spamcop and spam assassin, and contains an 800 number (this doesn't happen often), I'll try and call them. It's not cheap to run an 800 number, and they tend to have a several minute long message rather than a real person answering the phone. If you have multiple lines, the fun thing to do is to call up on one line, let the message finish, get to the part where you get to record a message and then call them up again on a second line and conference the two together. Record their outgoing message as your message, rinse, repeat.
It feels good to cost the spammers some money, even if it does waste your time to do it.
If I had the slightest idea how, I'd mirror the tracker part of it as well.. I guess I should look into that some time. I just noticed that grabbing the torrent file in the first place took me a good minute or so, so it was obvious his connection was suffering.
.. Really big! - you just won't believe how vastly, hugely mind-bogglingly big it is! You may think it's a long way down the road to the chemist, but that's just peanuts to space!
Gabe Newell sent us a mail letting us know that the 'news' posted on Shacknews yesterday (story) is a fake and that Half-Life 2 has gone Gold and in production now. Here's the official word: "The release will still remain on schedule for Sep 30th. People who have pre-orded it via Steam will still get it before the Sep 30th but we are currently ironing out a couple of bugs, people may have seen Half Life 2 yesterday for a minute on it while we were in our testing stages (...) The SDK will be available for download tomorrow 2.00pm EST. Now you've heard it from the horses mouth so rest assured. More news to follow on Sep 26th so watch this space."
If you use Postfix, a patch was just released to help out with this problem:
This is to announce an unofficial patch for Postfix 2.0 to black-list domain names by their mail server (such as Verisign's mail server for non-existent.com or.net domain names) or by their DNS servers.
The patch for Postfix 2.0 is based on code that was developed for Postfix snapshot 20030917.
Below the signature is a description from the Postfix snapshot 20030917 release notes file.
Wietse
New check_{helo,sender,recipient}_{ns,mx}_access maptype:mapname restriction that applies the specified access table to the NS or MX hosts of the host/domain given in HELO, EHLO, MAIL FROM or RCPT TO commands.
This can be used to block mail from so-called spammer havens, or from sender addresses that resolve to Verisign's wild-card mail responder, currently at IP address 64.94.110.11./etc/postfix/main.cf:
smtpd_mumble_restrictions =...
reject_unknown_sender_domain
check_sender_mx_access hash:/etc/postfix/mx_access.../etc/postfix/mx_access:
spammer.haven.tld reject spammer mx host
64.94.110.11 reject verisign wild-card domain
Note: OK actions are not allowed for security reasons. Instead of OK, use DUNNO in order to exclude specific hosts from blacklists. If an OK result is found for an NS or MX host, Postfix rejects the SMTP command with "451 Server configuration error".
Ultimately, these guys tell ICANN what to do, so it can't hurt to drop them an email too. Their site is here (I think that's a good page to start with - if someone finds a better one, feel free to reply). I've personally mailed ICANN and also the address listed on this page. If enough people make noise about this (polite noise, I should add), with a bit of luck they'll do something about it.
I just downloaded and set it up, and had a quick chat with a friend down in California. The quality is very nice and it's super easy to get working. Especially nice is the fact that, although we're both behind NAT connections, we were able to get connected with no problems at all - no configuration was necessary.
Personally, I'd be prepared to pay a fairly reasonable amount for a tool like this, if they decided to go down that route. I live in the US but my family is all back in the UK. I currently spend in the order of about $50/mo on international calls (and that's with a low rate international plan) so something like this could save a lot of money if it was priced reasonably. I've emailed my folks back in the UK to have them download it as well so I can test the latency and see how well it works.
The basically zero effort setup is what really makes this rule though. No worries about forwarding ports, etc. It Just Works[TM]. This may well turn out to be the killer VoIP app. Time will tell!
I can't get to the article, so in the meantime, here's the text of an email about this with some details that was sent to an ntp.org mailing list back in June:
David L. Mills wrote on 2003-06-26 10:55:
> Guys, > > I find myself on the review team for an incident taking place at U Wisconsin/Madison. Apparently, the Netgear folks have manufactured some 700,000 routers with embedded SNTP clients configured to use the public U Wisconsin NTP server. The server address is unchangeable and the client cannot be disabled. If that isn't bad enough, if the client gets no replies, it starts sending packets at one-second intervals until forever and without backoff. > > The U Wisconsin folks determined some 285,000 different IP addresses are now sending between 300 and 700 packets per second requiring between 150 and 400 megabits per second. Apparently, the principal eason for this flux is misconfiguration of the firewall component of the router. This is costing them $266 per day. > > The Netgear folks were slow to respond until U Wisconsin folks emailed the entire senior management and others known to be U Wisconsin alum. Netgear says they have no way to recall those routers and no way to insure the products are updated from the web site. The products cost between $20 and $40 depending on rebate. > > U Wisconsin have considered several ways to deflect the tide, the most promising may be noting the source port 23457 unique to these products and tossing them at the doorstep. The products do not use DNS and are not configurable. Another way considered is to configure a subnet visible to BGP and convince the ISPs to punch holes in the routing fabric. Send money. > > I never thought it could get as bad as that. My reasoned recommendation was to fire up the lawyers and sue the bastards for costs and punitive damages and to injoin the company from selling any products until proved safe. There is apparently some standards group that allegedly reviews and certifies new products for Internet use. The Netgear products were all certified, which surely says nothing about the standards group. > > Include me in any replies; I am not on any ntp.org list. > > Dave
He comments, "Naturally the parameter and boundary of their respective position and magnitude are naturally determinable up to the limits of possible measurement as stated by the general quantum hypothesis and Heisenberg's uncertainty principle, but this indeterminacy in precise value is not a consequence of quantum uncertainty. What this illustrates is that in relation to indeterminacy in precise physical magnitude, the micro and macroscopic are inextricably linked, both being a part of the same parcel, rather than just a case of the former underlying and contributing to the latter.
This is at 2248x1676, which as other people have noted, is beneficial if you want to do large prints, etc. This also means I can save the file in raw format, which means you can then change things like the white balance on the computer, rather than relying on the camera white balance, as well as various other post editting functions which would otherwise be a lot trickier if the file was not in this format.
Besides, as this article points out, drive space is abundant and cheap, so why not?
I just stopped on the way home and did some photo shooting. I took 57 photos in about an hour. At 7.2MB per shot, that amounts to ~414MB of files from just an hour of shooting.
Post-editting results in TIFF files that are approximately 10MB in size. All told, this one shoot now occupies over 800MB on my fileserver - from just one hour of shooting.
Oddly enough, people do in fact use vast amounts of storage space for reasons other than sharing mp3s and movies. As technologies improve (cameras increase resolution, video cameras likewise, millions of other reasons), the demand for space will increase as it always has done.
The Linux uprising has been helped by Microsoft killing the competition.
If Amiga 2004 was just released, would you still be using Linux?
Much as I'm sure many Amiga users would love to blame Microsoft, it did not, in any way shape or form, kill the Amiga. If any one entity was responsible, I'd say it was Medhi Ali, who took a profitable and healthy company, and drove it into the ground in something like 2 years flat. I was trying to find a nice balanced history of his impact on the company, but Google is failing me.
Either way, this triviality aside, I certainly think you have a point.
Apparently msnbot.com has been owned by Go Daddy Software
Go Daddy is a registrar. It's not owned by them. You need to query Go Daddy's whois server to see the real owner, which you can do here or by using a recent version of the command line whois tool..
A very wise thing for you to do is to go out on a clear night BEFORE the Leonids peak and experiment with film and find a good place to set up.
Well shit. It's a bit late for that now. Oh well, I'll try and remember that in 30 years when the next one comes around.
I noticed this..
on
Add-Ons Add Up
·
· Score: 4, Interesting
With my bank, Washington Mutual.. It was kind of amusing. They have all these ads on the radio about their "No fee checking!". Yep, no fees on some things. Fees on absolutely everything else. I moved to a credit union shortly afterwards and haven't looked back since.
It definitely makes you think though. I noticed all the extra taxes and fees and such on my phone bill, but like the article says, I never paid a great deal of attention to them. Now I'm going to start shopping around and see what better deals I can get.
That's what I did.. I know enough people who work at Microsoft that if I need a copy of XP or Win2k or whatever, they can get it for me at the employee store. Last time I checked 2K pro went for $25 and XP went for $35.. Sounds far more reasonable than the $400 or whatever they charge retail:)
Re:Vulnerability Check
on
Due Diligence?
·
· Score: 5, Informative
How does one check if a server is vulnerable without actually "breaking in", i.e. make oneself liable to prosection?
I skimmed through the PDF but could not find anything about this.
Well if you'd read the PDF instead of skimming it, you would have seen this:
Thus, we can simply connect to the HTTPS server and issue a HEAD request. The server responds with an HTTP header containing the Server: field and hence the answer we desire:
They then went on to verify that SSLv2 is not disabled, but they mention later in the paper that on only 10 hosts was this done.
Theoretically you could change the response to report the more recent version which would make this check innacurate, but why would anyone bother doing that? Far easier to just upgrade OpenSSL.
Saddam's inbox also contained several solicitations from American companies hoping to do business with Iraq -- despite U.S. prohibitions and United Nations trade sanctions.
To: Saddam, Subject: MAKE MONEY FAST!!!
To: Saddam, Subject: Generic Viagra! $2.50 each!
To: Saddam, Subject: Increase your penis size!
Wouldn't it be so nice to close down spammers because they're breaching UN trade sanctions? Maybe you could even get them charged with treason.. Muahahaha
Slashdot Mirror
Except at the mall you can't buy single tracks off an album. As far as album sales go, I agree with you. I'd buy the CD from a regular store first. However, there are any number of single tracks I've bought from iTMS simply because I didn't want the entire album. I paid 99 cents for each of them and that works nicely for me.
It would be interesting to see the ratio of single tracks to whole albums being bought from iTMS, and this is where the labels need to worry. If people start buying only the popular songs and not the entire album, they're going to have to start putting more effort into producing music rather than just churning out production line dreck like they do now.
Except.. it wouldn't have, in this case at least. Gallery works with register_globals turned off, I just checked.. but then I noticed the code (this is in init.php if anyone wants to check):
The extract() function basically takes everything from the _GET and _POST arrays and dumps them straight into the appropriate variables, which is exactly what register_globals does. Whether it was turned on or off, you would still be able to pollute the $GEEKLOG_DIR variable via get/post. This is a pretty braindead piece of coding right here, and makes me a little worried about using gallery. I hope they plan to fix this in the future.
It feels good to cost the spammers some money, even if it does waste your time to do it.
If I had the slightest idea how, I'd mirror the tracker part of it as well.. I guess I should look into that some time. I just noticed that grabbing the torrent file in the first place took me a good minute or so, so it was obvious his connection was suffering.
Mirror of the .torrent file here.
.. I think they need to include the computerworld.com webserver on the list..
etc..
From http://www.gamershell.com/news_BHalf-Life2BGold.sh tml
Which site to believe? Who the hell knows?
If you use Postfix, a patch was just released to help out with this problem:
.com or .net domain names) or by their DNS servers.
f ficial/postfix-2.0-ns-mx-acl-patch.gz
/etc/postfix/main.cf: ... ... /etc/postfix/mx_access:
This is to announce an unofficial patch for Postfix 2.0 to black-list
domain names by their mail server (such as Verisign's mail server
for non-existent
The patch for Postfix 2.0 is based on code that was developed for
Postfix snapshot 20030917.
ftp://ftp.porcupine.org/mirrors/postfix-release/o
Below the signature is a description from the Postfix snapshot
20030917 release notes file.
Wietse
New check_{helo,sender,recipient}_{ns,mx}_access maptype:mapname
restriction that applies the specified access table to the NS or
MX hosts of the host/domain given in HELO, EHLO, MAIL FROM or RCPT
TO commands.
This can be used to block mail from so-called spammer havens, or
from sender addresses that resolve to Verisign's wild-card mail
responder, currently at IP address 64.94.110.11.
smtpd_mumble_restrictions =
reject_unknown_sender_domain
check_sender_mx_access hash:/etc/postfix/mx_access
spammer.haven.tld reject spammer mx host
64.94.110.11 reject verisign wild-card domain
Note: OK actions are not allowed for security reasons. Instead of
OK, use DUNNO in order to exclude specific hosts from blacklists.
If an OK result is found for an NS or MX host, Postfix rejects the
SMTP command with "451 Server configuration error".
Hm, the address on that page actually bounced. Dig around - there are several other addresses on that site.
Ultimately, these guys tell ICANN what to do, so it can't hurt to drop them an email too. Their site is here (I think that's a good page to start with - if someone finds a better one, feel free to reply). I've personally mailed ICANN and also the address listed on this page. If enough people make noise about this (polite noise, I should add), with a bit of luck they'll do something about it.
I just downloaded and set it up, and had a quick chat with a friend down in California. The quality is very nice and it's super easy to get working. Especially nice is the fact that, although we're both behind NAT connections, we were able to get connected with no problems at all - no configuration was necessary.
Personally, I'd be prepared to pay a fairly reasonable amount for a tool like this, if they decided to go down that route. I live in the US but my family is all back in the UK. I currently spend in the order of about $50/mo on international calls (and that's with a low rate international plan) so something like this could save a lot of money if it was priced reasonably. I've emailed my folks back in the UK to have them download it as well so I can test the latency and see how well it works.
The basically zero effort setup is what really makes this rule though. No worries about forwarding ports, etc. It Just Works[TM]. This may well turn out to be the killer VoIP app. Time will tell!
I can't get to the article, so in the meantime, here's the text of an email about this with some details that was sent to an ntp.org mailing list back in June:
David L. Mills wrote on 2003-06-26 10:55:
> Guys,
>
> I find myself on the review team for an incident taking place at U Wisconsin/Madison. Apparently, the Netgear folks have manufactured some 700,000 routers with embedded SNTP clients configured to use the public U Wisconsin NTP server. The server address is unchangeable and the client cannot be disabled. If that isn't bad enough, if the client gets no replies, it starts sending packets at one-second intervals until forever and without backoff.
>
> The U Wisconsin folks determined some 285,000 different IP addresses are now sending between 300 and 700 packets per second requiring between 150 and 400 megabits per second. Apparently, the principal eason for this flux is misconfiguration of the firewall component of the router. This is costing them $266 per day.
>
> The Netgear folks were slow to respond until U Wisconsin folks emailed the entire senior management and others known to be U Wisconsin alum. Netgear says they have no way to recall those routers and no way to insure the products are updated from the web site. The products cost between $20 and $40 depending on rebate.
>
> U Wisconsin have considered several ways to deflect the tide, the most promising may be noting the source port 23457 unique to these products and tossing them at the doorstep. The products do not use DNS and are not configurable. Another way considered is to configure a subnet visible to BGP and convince the ISPs to punch holes in the routing fabric. Send money.
>
> I never thought it could get as bad as that. My reasoned recommendation was to fire up the lawyers and sue the bastards for costs and punitive damages and to injoin the company from selling any products until proved safe. There is apparently some standards group that allegedly reviews and certifies new products for Internet use. The Netgear products were all certified, which surely says nothing about the standards group.
>
> Include me in any replies; I am not on any ntp.org list.
>
> Dave
That's just what I was about to say!
This is at 2248x1676, which as other people have noted, is beneficial if you want to do large prints, etc. This also means I can save the file in raw format, which means you can then change things like the white balance on the computer, rather than relying on the camera white balance, as well as various other post editting functions which would otherwise be a lot trickier if the file was not in this format.
Besides, as this article points out, drive space is abundant and cheap, so why not?
I just stopped on the way home and did some photo shooting. I took 57 photos in about an hour. At 7.2MB per shot, that amounts to ~414MB of files from just an hour of shooting.
Post-editting results in TIFF files that are approximately 10MB in size. All told, this one shoot now occupies over 800MB on my fileserver - from just one hour of shooting.
Oddly enough, people do in fact use vast amounts of storage space for reasons other than sharing mp3s and movies. As technologies improve (cameras increase resolution, video cameras likewise, millions of other reasons), the demand for space will increase as it always has done.
If Amiga 2004 was just released, would you still be using Linux?
Much as I'm sure many Amiga users would love to blame Microsoft, it did not, in any way shape or form, kill the Amiga. If any one entity was responsible, I'd say it was Medhi Ali, who took a profitable and healthy company, and drove it into the ground in something like 2 years flat. I was trying to find a nice balanced history of his impact on the company, but Google is failing me.
Either way, this triviality aside, I certainly think you have a point.
Go Daddy is a registrar. It's not owned by them. You need to query Go Daddy's whois server to see the real owner, which you can do here or by using a recent version of the command line whois tool..
Alternatively, you can download the small, medium or Large versions.
Well shit. It's a bit late for that now. Oh well, I'll try and remember that in 30 years when the next one comes around.
It definitely makes you think though. I noticed all the extra taxes and fees and such on my phone bill, but like the article says, I never paid a great deal of attention to them. Now I'm going to start shopping around and see what better deals I can get.
That's what I did.. I know enough people who work at Microsoft that if I need a copy of XP or Win2k or whatever, they can get it for me at the employee store. Last time I checked 2K pro went for $25 and XP went for $35.. Sounds far more reasonable than the $400 or whatever they charge retail :)
Well if you'd read the PDF instead of skimming it, you would have seen this:
Thus, we can simply connect to the HTTPS server and issue a HEAD request. The server responds with an HTTP header containing the Server: field and hence the answer we desire:
Server: Apache/1.3.26 (Unix) mod_ssl/2.8.10 OpenSSL/0.9.6
They then went on to verify that SSLv2 is not disabled, but they mention later in the paper that on only 10 hosts was this done.
Theoretically you could change the response to report the more recent version which would make this check innacurate, but why would anyone bother doing that? Far easier to just upgrade OpenSSL.
To: Saddam, Subject: MAKE MONEY FAST!!!
To: Saddam, Subject: Generic Viagra! $2.50 each!
To: Saddam, Subject: Increase your penis size!
Wouldn't it be so nice to close down spammers because they're breaching UN trade sanctions? Maybe you could even get them charged with treason.. Muahahaha
Longer skiing season! Woohoooo!