No, you filter on the existence of a SenderID headers. Its usera are almost entirely spammers. This problem happened before with various bulk email programs that swore up and down they weren't spam, and it has already happened with various header-haiku and other message-ID systems.
The technology of SenderID is, in fact, quite stupid. It relies on a Microsoft patented XML header, meaning that you have to waste your cycles accepting the fraudulent email, then processing it, rather than bouncing it on the basis of a published SPF record, DNS information, or blacklist which allows you to block the message before even receiving it, especially since with SenderID you then have to bounce the message.
Guess who gets the bounces? Not the spammer.
We're often blocked as a matter of policy from fixing open port 25. Too many VP's and paperwork pushers have a laptop installed by a relative with some strange mailer setup to accomplish some insane purpose that no right-thinking admin would configure, but they sign departmental checks. so you have to leave the firewall rules to permit their silliness.
It doesn't block the email worms and backdoors. Holes in IIS can't be firewall blocked because it's port 80. Holes in SMTP servers can't be blocked, unless you want to get into the religious wars of stopping your users from running mail servers at home.
The biggest assist in blocking the *invasion* of netcrawling attacks is using NAT, which keeps your internal machines on a 192.168 or other similarly unrouted subnet, and fakes a single external IP address. This allows *NO* incoming traffic unless you specifically allow it, and that goes to only a single machine. I very highly recommend this approach: AOL's practice of using a NAT'ed 10.* network is one of the main reasons their subscribers don't become awash in various remote exploits and worms.
How soon they forget. The Morris Worm, in 1988, didn't deliberately format your hard drive, but it spread slowly and insidiously and pervasively enough that you had to go back to complete backups from at least 4 days previously to make sure you had it completely clear on your re-installed system, and the patches to block it had to be downloaded slowly and carefully because of the overwhelmed patch servers.
By the standards of the day, the thing was an insatiable monster and was slapping down core DNS, SMTP, and other network servers so hard that entire buildings and companies were offline for days while their sys-admins labored round the clock to re-install them. And he didn't even write it to do damage, he wrote it to demonstrate security vulnerabilities and mail the successful entries back to him.
And of course, Mr. Morris never spent a day in jail. (It must be awfully nice to have a father who's head of the NSA to help you avoid jailtime.) He's never even publicly apologized that I can find anywhere: instead, he's a professor at MIT (http://pdos.csail.mit.edu/~rtm/). We've got him teaching a whole new generation of MIT students just how to break other people's toys with their brilliant ideas, then run away from responsibility for it.
They're busily encumbering the core software with patents, creating tons of demoware, tightly weaving MS Office and Internet Explorer even more tightly into the operating system, and trying to address a few core performance issues that have finally started to get people not to buy Windows, such as the complete joke of a DLL management system and the instability of that Windows Registry.
They're also re-discovering that fixing one broken piece in one lower layer tool, such as the file system security flaws, breaks a lot of bad code further up the chain, such as the MS Office "undo" capability.
It's affect on Apple and Linux users is secondary, but real. When your ISP helpdesk is hammered because the Windows machines are running slow and they're used as zombie spam units, for rent to spammers anywhere, your email will be clogged by it on your ISP's servers. Your prices go up because they have to support 4 times as many helpdesk people, and your password becomes more likely to be stolen from an FTP session through an unsecured router because the security people who should have secured the router have all been tied up cleaning up after the latest Windows worm.
Couple in the basic lack of security of core services such as DNS and routers and many ISP firewalls, and you have a serious disaster just waiting to take your ISP down for days at a time.
The call to the legal team got pretty weird when they got direct approval from the US Supreme Court, when Clarence Thomas got wind of it and kept trying to submit his own Coke can for the study.
Novell is correctly pushing Evolution, the client, as a hook into using their webcal and mail servers. The resources that went to Hula are now going into making those features of Evolution work well with their existing commercial calendar servers.
There is almost no circumstance in which wearing a seat belt is more hazardous than not wearing one: it's a poor example. Despite movie scenes of people getting caught in seat belts and needing to be rescued by heroes as the car is about to explode, it just doesn't happen in real life.
Getting "thrown free of the car" means getting hurled through the window at 50 miles an hour, breaking bones cutting you with the glass shards, then tumbling to a stop on the pavement. It's bad for you.
Please don't use that example: it encourages unsafe behavior that wastes lives and money trying to repair people who need not have been hurt, or hurt to anywhere near that extent.
It looks like Hula has been dumped in favor of pursuinig Evolution. Take a look a thte announcements and developments over there.
Re:If you're going to slag off Fedora, get it righ
on
An Early Taste of OpenSUSE
·
· Score: 2, Interesting
SuSE has contracted for a 7 year support cycle. What sane shop uses OS's 7 years old in this security day and age?
Even then, for Fedora and RedHat legacy support, there's www.fedoralegacy.org, which seems to go on providing legacy and kernel updates long after RedHat has given on OS's as a bad job, such as RedHat 8.0 and Fedora Core 2.
YaST is the absolutely worst part of SuSE, but Novell is lauding it as one of their key features? YaST gets just about everything wrong: handling chroot cages with symlinks *OUT* of the chroot cage instead of *INTO* the chroot cage, an insistence on wrapping vendor software packages in badly written install scripts that are wildly inconsistent with the underlying RPM package management, the world's most complex and least organized auto-install system, and overfriendly GUI's that refuse to let you manage more than two kernels on one machine and overwrite your hand-edits? And that YaST package management and update system that doesn't have the concept of handling both an update and base OS package site, or allow unattended operation for cron scripts or kickstart installs? Novell should take the money they overpay the YaST team and give it to the author of fou4s, which actually works, and the http://packman.links2linux.de/ website which actually keeps packages like Mplayer up-to-date and compiled with all the options, instead of forcing you to recompile packages to actually contain all the available features built into the SRPM. And especially they should take the money away from their kernel team, who couldn't publish a working SRPM if their lives depended on it because they have this custom "build system" that actually prevents the SRPM's from being compilable without hand-editing.
They also pretend that their freely downladable versions of things are the same as their commercially published ones. Roughly half the packages are different: if you use the commercial installations, you cannot use the free mirror sites for package installations due to the YaST stupidities I mentioned and their inconsistent release numbers. This is why even if you buy SuSE licenses, you should always install from the free download sites, to keep good access to updates and consistent OS numbering with them.
Because the boss's secretary needs to read his email from the field. Or because some idiot VP who just got their laptop can't be bothered to install security updates, and brings it to a tradeshow and gets their machine turned into a spam zombie.
It may have improved, I'd be pleased. But they're still vulnerable to the graphics admin privilege problem. Lots of applications absolutely need excessively high levels of privilege to talk to the display, and there's no fix in that yet, and own't be until MS is prepared to throw out every Office application they're written and all Windows computer games.
We wouldn't know if it had, if Slashdot were intelligent enough to do it without bringing down the whole server. In fact, it probably has happened considering some of the possibly libelous things stated here.
Don't you send your posts from an anonymizing location via someone else's rootkitted system?
Doing a dd of a live filesystem requires local root access, and is likely to be quite corrupt due to changes in the file system during the duplication. This is especially true for Linux, where recent journaling file systems don't necessarily write everything to disk the moment it happens.
To safely and reliably duplicate a hard drive, either the system needs to be brought down and imaged, or the active file system should be duplicated with tools like 'cp -a' or 'tar -p'. Unless the site hardware is using some strange file systems or controllers, it should be feasible to boot the system with a Linux recover cd and get just the logs in question for duplication elsewhere, which would be a much faster process than imaging the disks.
I remember it too. There's a good chance it could happen again: it would have to spread via HTTP, SMTP, and SSH vulnerabilities to use ports that aren't blocked on gateway systems, rather than telnet and rsh, and woould perhaps also require probing VPN setups to gain access from infected machines to corporate networks. But a better built package more aimed at damage could easily replicate its password guessing and replation capability and cause quite a lot more damage today. People should be concerned about this stuff.
It's amazing how Morris never spent a day in jail, but instead is now a professor at MIT ( http://pdos.csail.mit.edu/~rtm/ ). Gee, writing destructive worms that ruined systems worldwide, and help ruin your father's career as head of the NSA must really be work which MIT wants to foster as part of their "ubiquitous computing" developments. That's just what I'd look for as part of the computing in my home!
Few shell scripts run by users allow you to modify all the rest of the shell scripts on a system. Apparently, in Monad's excuse for a security model, they do. Remember,.NET had Peter LaMacchia, the author of Microsoft's.NET book, *resign* as project lead because of the security stupidities they were inserting into it.
Also remember, Microsoft's security models are not based on allowing the minimum privileges necessary to complete an operation. Due to the way they handle hardware, especially video, they can't be or they'd break huge amounts of their own most basic software, and they weill never get free of these issues. All the Anti-virus layering on top of MS is basically a band-aid for those vulnerable, easily punctured arteries of system access left exposed so that software can easily tap them. They are firm believers that they can patch any hole or set of holes after the fact, rather than building in the security in the first place.
Agreed. But Apple got hurt by their attempt with IBM to design a new CPU, especially when that CPU never took off except in Apple-built computers. I don't know why: too many business-driven and committee-driven decisions destroying the chip's unique features? I can't tell from here.
But Apple needs a new CPU, badly. And if you look at the other recent Slashdot thread about the Pentium M and how at lower power consumption it outperforms the Pentium 4, you see a very attractive CPU for the next generation of Apple hardware. I don't think Apple is interested in using Intel CPU's, I think Apple is interested in buying Pentium M's. It's a shame they didn't decide to use AMD 64-bit chips, which are good competitors.
Apple would be insane to sacrifice the very modular, well-designed computer market that helps reduce support costs and make their software just plain work on their platforms, but the inability to run Windows developed software such as games and CAD and having to expensively port Microsoft Office over to their platform really hurts their market.
I do seem to be having a typing problem. The VMS technology was stolen by Intenl from DEC, by hiring away David Cutler and his peers in a very famous case of grievous intellectual property theft. The settlement is apparently why NT was contractually promised by Microsoft to operate on Alphas: its kernel was basically written for Alphas, although the support soon became so poor and so few applications were ported to it that the market dried up rather quickly for DEC.
I'm not sure Intel can steal from AMD as easily as Microsoft and Intel stole from DEC: AMD is more willing to fight in court than DEC was, and less likely to accept a settlement that buys them a year of viability at the expense of their core technologies.
Even Intel employees get the P-4, Pentium 4, P-IV, etc. names mixed up now and then, but yes, I misnamed that one, although the chanfe of format was silly on their part.
The technology thefts from DEC by Intel for the P-4 were fairly well recorded in the press when the Pentium 4 first appeard. Yes, they stole technologies and violated patents, yes, they got caught, and yes, they settled out of court. It was sad but hilarious how the money Intel made with lesser quality chips made with stolen technologyy, but better marketed, less expensive, and more Microsoft partnered, were able to help bury DEC and put them out of business, leaving their remaining few assets for sale. DEC had their VMS technolgoy stolen by Alpha, and their Alpha technolgoy stolen by Intel. Between the both of them, they ate DEC's lunch.
AMD is doing interesting work, but Intel is lagging now that they lack companies like DEC to steal from.
It's also vastly better for Beowulfs and cluster computing, since such a reduction in power consumption will seriously cut cooling costs and reduce the need for extra power cabling and uninterruptible power supplies to handle power outages.
Extending the power outage lifetime of a data canter by 50% by using a different CPU at no significant performance cost is a big, big deal. Keeping computing cluster cooling costs and requirements of chilled air down is also a big, big deal.
No, you filter on the existence of a SenderID headers. Its usera are almost entirely spammers. This problem happened before with various bulk email programs that swore up and down they weren't spam, and it has already happened with various header-haiku and other message-ID systems. The technology of SenderID is, in fact, quite stupid. It relies on a Microsoft patented XML header, meaning that you have to waste your cycles accepting the fraudulent email, then processing it, rather than bouncing it on the basis of a published SPF record, DNS information, or blacklist which allows you to block the message before even receiving it, especially since with SenderID you then have to bounce the message. Guess who gets the bounces? Not the spammer.
No, Rule 1 is "spammers lie". Rule two is "see rule one". Rule three is "spammers are s-t-o-o-p-i-d".
We're often blocked as a matter of policy from fixing open port 25. Too many VP's and paperwork pushers have a laptop installed by a relative with some strange mailer setup to accomplish some insane purpose that no right-thinking admin would configure, but they sign departmental checks. so you have to leave the firewall rules to permit their silliness.
It doesn't block the email worms and backdoors. Holes in IIS can't be firewall blocked because it's port 80. Holes in SMTP servers can't be blocked, unless you want to get into the religious wars of stopping your users from running mail servers at home. The biggest assist in blocking the *invasion* of netcrawling attacks is using NAT, which keeps your internal machines on a 192.168 or other similarly unrouted subnet, and fakes a single external IP address. This allows *NO* incoming traffic unless you specifically allow it, and that goes to only a single machine. I very highly recommend this approach: AOL's practice of using a NAT'ed 10.* network is one of the main reasons their subscribers don't become awash in various remote exploits and worms.
How soon they forget. The Morris Worm, in 1988, didn't deliberately format your hard drive, but it spread slowly and insidiously and pervasively enough that you had to go back to complete backups from at least 4 days previously to make sure you had it completely clear on your re-installed system, and the patches to block it had to be downloaded slowly and carefully because of the overwhelmed patch servers. By the standards of the day, the thing was an insatiable monster and was slapping down core DNS, SMTP, and other network servers so hard that entire buildings and companies were offline for days while their sys-admins labored round the clock to re-install them. And he didn't even write it to do damage, he wrote it to demonstrate security vulnerabilities and mail the successful entries back to him. And of course, Mr. Morris never spent a day in jail. (It must be awfully nice to have a father who's head of the NSA to help you avoid jailtime.) He's never even publicly apologized that I can find anywhere: instead, he's a professor at MIT (http://pdos.csail.mit.edu/~rtm/). We've got him teaching a whole new generation of MIT students just how to break other people's toys with their brilliant ideas, then run away from responsibility for it.
They're busily encumbering the core software with patents, creating tons of demoware, tightly weaving MS Office and Internet Explorer even more tightly into the operating system, and trying to address a few core performance issues that have finally started to get people not to buy Windows, such as the complete joke of a DLL management system and the instability of that Windows Registry. They're also re-discovering that fixing one broken piece in one lower layer tool, such as the file system security flaws, breaks a lot of bad code further up the chain, such as the MS Office "undo" capability.
It's affect on Apple and Linux users is secondary, but real. When your ISP helpdesk is hammered because the Windows machines are running slow and they're used as zombie spam units, for rent to spammers anywhere, your email will be clogged by it on your ISP's servers. Your prices go up because they have to support 4 times as many helpdesk people, and your password becomes more likely to be stolen from an FTP session through an unsecured router because the security people who should have secured the router have all been tied up cleaning up after the latest Windows worm.
Couple in the basic lack of security of core services such as DNS and routers and many ISP firewalls, and you have a serious disaster just waiting to take your ISP down for days at a time.
No, that study was at Harvard and involved Coke bottles. Check out http://www.snopes.com/cokelore/sperm.asp for more details on the actual study.
The call to the legal team got pretty weird when they got direct approval from the US Supreme Court, when Clarence Thomas got wind of it and kept trying to submit his own Coke can for the study.
Novell is correctly pushing Evolution, the client, as a hook into using their webcal and mail servers. The resources that went to Hula are now going into making those features of Evolution work well with their existing commercial calendar servers.
There is almost no circumstance in which wearing a seat belt is more hazardous than not wearing one: it's a poor example. Despite movie scenes of people getting caught in seat belts and needing to be rescued by heroes as the car is about to explode, it just doesn't happen in real life.
Getting "thrown free of the car" means getting hurled through the window at 50 miles an hour, breaking bones cutting you with the glass shards, then tumbling to a stop on the pavement. It's bad for you.
Please don't use that example: it encourages unsafe behavior that wastes lives and money trying to repair people who need not have been hurt, or hurt to anywhere near that extent.
It looks like Hula has been dumped in favor of pursuinig Evolution. Take a look a thte announcements and developments over there.
SuSE has contracted for a 7 year support cycle. What sane shop uses OS's 7 years old in this security day and age? Even then, for Fedora and RedHat legacy support, there's www.fedoralegacy.org, which seems to go on providing legacy and kernel updates long after RedHat has given on OS's as a bad job, such as RedHat 8.0 and Fedora Core 2.
YaST is the absolutely worst part of SuSE, but Novell is lauding it as one of their key features? YaST gets just about everything wrong: handling chroot cages with symlinks *OUT* of the chroot cage instead of *INTO* the chroot cage, an insistence on wrapping vendor software packages in badly written install scripts that are wildly inconsistent with the underlying RPM package management, the world's most complex and least organized auto-install system, and overfriendly GUI's that refuse to let you manage more than two kernels on one machine and overwrite your hand-edits? And that YaST package management and update system that doesn't have the concept of handling both an update and base OS package site, or allow unattended operation for cron scripts or kickstart installs? Novell should take the money they overpay the YaST team and give it to the author of fou4s, which actually works, and the http://packman.links2linux.de/ website which actually keeps packages like Mplayer up-to-date and compiled with all the options, instead of forcing you to recompile packages to actually contain all the available features built into the SRPM. And especially they should take the money away from their kernel team, who couldn't publish a working SRPM if their lives depended on it because they have this custom "build system" that actually prevents the SRPM's from being compilable without hand-editing.
They also pretend that their freely downladable versions of things are the same as their commercially published ones. Roughly half the packages are different: if you use the commercial installations, you cannot use the free mirror sites for package installations due to the YaST stupidities I mentioned and their inconsistent release numbers. This is why even if you buy SuSE licenses, you should always install from the free download sites, to keep good access to updates and consistent OS numbering with them.
Because the boss's secretary needs to read his email from the field. Or because some idiot VP who just got their laptop can't be bothered to install security updates, and brings it to a tradeshow and gets their machine turned into a spam zombie.
It may have improved, I'd be pleased. But they're still vulnerable to the graphics admin privilege problem. Lots of applications absolutely need excessively high levels of privilege to talk to the display, and there's no fix in that yet, and own't be until MS is prepared to throw out every Office application they're written and all Windows computer games.
What, this old thing? It doesn't even have a hard drive, just a live CD.
We wouldn't know if it had, if Slashdot were intelligent enough to do it without bringing down the whole server. In fact, it probably has happened considering some of the possibly libelous things stated here. Don't you send your posts from an anonymizing location via someone else's rootkitted system?
Doing a dd of a live filesystem requires local root access, and is likely to be quite corrupt due to changes in the file system during the duplication. This is especially true for Linux, where recent journaling file systems don't necessarily write everything to disk the moment it happens.
To safely and reliably duplicate a hard drive, either the system needs to be brought down and imaged, or the active file system should be duplicated with tools like 'cp -a' or 'tar -p'. Unless the site hardware is using some strange file systems or controllers, it should be feasible to boot the system with a Linux recover cd and get just the logs in question for duplication elsewhere, which would be a much faster process than imaging the disks.
I remember it too. There's a good chance it could happen again: it would have to spread via HTTP, SMTP, and SSH vulnerabilities to use ports that aren't blocked on gateway systems, rather than telnet and rsh, and woould perhaps also require probing VPN setups to gain access from infected machines to corporate networks. But a better built package more aimed at damage could easily replicate its password guessing and replation capability and cause quite a lot more damage today. People should be concerned about this stuff. It's amazing how Morris never spent a day in jail, but instead is now a professor at MIT ( http://pdos.csail.mit.edu/~rtm/ ). Gee, writing destructive worms that ruined systems worldwide, and help ruin your father's career as head of the NSA must really be work which MIT wants to foster as part of their "ubiquitous computing" developments. That's just what I'd look for as part of the computing in my home!
Few shell scripts run by users allow you to modify all the rest of the shell scripts on a system. Apparently, in Monad's excuse for a security model, they do. Remember, .NET had Peter LaMacchia, the author of Microsoft's .NET book, *resign* as project lead because of the security stupidities they were inserting into it.
Also remember, Microsoft's security models are not based on allowing the minimum privileges necessary to complete an operation. Due to the way they handle hardware, especially video, they can't be or they'd break huge amounts of their own most basic software, and they weill never get free of these issues. All the Anti-virus layering on top of MS is basically a band-aid for those vulnerable, easily punctured arteries of system access left exposed so that software can easily tap them. They are firm believers that they can patch any hole or set of holes after the fact, rather than building in the security in the first place.
Not compared to running an Xbox that way, which you can also detach and run cool games on.
Agreed. But Apple got hurt by their attempt with IBM to design a new CPU, especially when that CPU never took off except in Apple-built computers. I don't know why: too many business-driven and committee-driven decisions destroying the chip's unique features? I can't tell from here.
But Apple needs a new CPU, badly. And if you look at the other recent Slashdot thread about the Pentium M and how at lower power consumption it outperforms the Pentium 4, you see a very attractive CPU for the next generation of Apple hardware. I don't think Apple is interested in using Intel CPU's, I think Apple is interested in buying Pentium M's. It's a shame they didn't decide to use AMD 64-bit chips, which are good competitors.
Apple would be insane to sacrifice the very modular, well-designed computer market that helps reduce support costs and make their software just plain work on their platforms, but the inability to run Windows developed software such as games and CAD and having to expensively port Microsoft Office over to their platform really hurts their market.
I do seem to be having a typing problem. The VMS technology was stolen by Intenl from DEC, by hiring away David Cutler and his peers in a very famous case of grievous intellectual property theft. The settlement is apparently why NT was contractually promised by Microsoft to operate on Alphas: its kernel was basically written for Alphas, although the support soon became so poor and so few applications were ported to it that the market dried up rather quickly for DEC.
I'm not sure Intel can steal from AMD as easily as Microsoft and Intel stole from DEC: AMD is more willing to fight in court than DEC was, and less likely to accept a settlement that buys them a year of viability at the expense of their core technologies.
Even Intel employees get the P-4, Pentium 4, P-IV, etc. names mixed up now and then, but yes, I misnamed that one, although the chanfe of format was silly on their part.
The technology thefts from DEC by Intel for the P-4 were fairly well recorded in the press when the Pentium 4 first appeard. Yes, they stole technologies and violated patents, yes, they got caught, and yes, they settled out of court. It was sad but hilarious how the money Intel made with lesser quality chips made with stolen technologyy, but better marketed, less expensive, and more Microsoft partnered, were able to help bury DEC and put them out of business, leaving their remaining few assets for sale. DEC had their VMS technolgoy stolen by Alpha, and their Alpha technolgoy stolen by Intel. Between the both of them, they ate DEC's lunch.
AMD is doing interesting work, but Intel is lagging now that they lack companies like DEC to steal from.
It's also vastly better for Beowulfs and cluster computing, since such a reduction in power consumption will seriously cut cooling costs and reduce the need for extra power cabling and uninterruptible power supplies to handle power outages. Extending the power outage lifetime of a data canter by 50% by using a different CPU at no significant performance cost is a big, big deal. Keeping computing cluster cooling costs and requirements of chilled air down is also a big, big deal.