The reason the hospital grade is so expensive is often things like testing, purity, and sterilization. Something clean enough to hold in your hand is not necessarily clean enough to embed in the glued together bone or skin tissue of someone with a suppressed immune system due to illness.
And the hospital grade costs about $20/tube, with a fancy applicator designed to put it on thinly, last I looked on a hospital bill.
Oh, no. It looks like some high school freshmen accidentally plugged in his nifty-keen-gonna-make-millions-from-spammers generator of vaguely random text to confuse email filters.
There are already dozens of challenge response systems like this. Take a look at this site for another typical example.
http://harvee.billerica.ma.us/~esj/camram.html
They seem to be mandatory to write for new mail administrators who have just discovered the power of Perl and feel a need to test it out.
There is no reason to have port 25 open outbound on anything but the ISP's authorized SMTP servers. None whatsoever iin this day and age, except the convenience of people who like to run their own mail servers. Unfortunately, with the massive number of zombied and badly run home SMTP servers, most outbound SMTP from ISP users that does not go directly to their ISP's SMTP server for delivery as mail from that ISP is in fact spam or email worms.
So yes, it needs to be blocked outbound. You simply need to use SMTPAUTH on the road to get your email to your own ISP's SMTP server over port 587. Problem solved.
Yup. Fortunately, this actually helps make your old company *trackable*, which has been a big problem for identifying spam. Most people can't read the headers to track the email back to the original sender correctly. Tools like requiring valid reverse or forward DNS and SPF are useful for that, and help get the bounces (which are a huge part of the burden of spam) sent back to the righ place instead of the forged victims and forged domains.
The missing step, as always, has been enforcement of sane policies. The upstream ISP's of this company is the one that needs to enforce sane policy.
Also, because a company relies on junk email does not make them spam. Let's be very clear here. The law, and sane policies, provide a standard where a company doing business with you already can send you junk mail or faxes legally. Simply applying the same standard to email would be a huge help in controlling spam, but getting the laws in place and the policies in place at the ISP level has been very hard due to their legal concerns and their fiscal problems where a paying customer is a paying customer.
Nope. Not in your wildest dreams. The growth of the use of zombied machines, and the continuing existence of "pink contracts" with ISP's that allow spam from their domains, and the continuing existence of new ISP's that allow spammers to easily buty throwaway accounts that result in effectively pink contracts will easily grow to fill the temporary void of using forward/reverse DNS blocking.
Mandating forward/reverse DNS does nothing to block the existing and easily expanding spam from valid hostnames.
"If we could just rewrite everybody mailer's with my new widget in illegible Perl or badly written C that breaks several RFC's I've never bothered to read, we will surely stop spam!" I've heard this sort of thing before, every few months for the past 10 years.
There have been dozens of these wildly espoused challenge/response systems over the years. They don't work because users hate them, because vital automated systems such as bill payment and delivery verifications can't get past them. Coupled with "sender pays" systems, they're almost always subverted within short periods and never can or will gain the acceptance of the user community enough to become effective.
Re:Done in by the people who would buy this stuff
on
Buy a Piece of Acclaim
·
· Score: 1
Nah, they were done in because they failed to make anything worth playing. They spent time on BIG! GLORIOUS! FANTASTIC! DEMOWARE! that had no storyline, no plot, poor control configuration, no sense of humor, no sense of drama, etc. But it made lovely trailers, so they kept hyping really bad games with pretty trailers to show investors.
Maybe they ran out of people who bother to use "stable", since so many tools there are deprecated and a monster to maintain?
The Debian "stable" vs. unstable seems to match the new RedHat "Enteprise" releases vs. the new "FEdora". Maybe Debian can shorten their transfer time and testing enough to use "stable" for production servers? I know a bunch of people who'd like that.
You've clearly never dealt with an estate attorney following up on old lawsuits. Get 10 heirs involved, and the lawsuits will never end.
Moreover, good hitman are quite expensive, and hitmen are notoriously bad at keeping their client's affairs secret when they are facing the death penalty. They may be generally successful, but the legal risk of facing a murder charge is huge: the cost/benefit analysis doesn't often support it.
But don't think Bill Gates and his minions haven't thought about it a few times.
freshrpms.net and their "dag" and "dries" repositories have turned out to be wonderful, at least for RedHat users, to get the latest versions of all those cool tools such as video grabbers and security packages, just for your reference. The maintainers have been extremely good about repackaging those tools as fast as possible in a really good format.
cpan2rpm is also your friend. Now if only the Perl developers would use a standard naming and numbering convention for their packages. If I see one more Perl package named "packag-irrelevant-subname.0.0.0.237.8.12-feedmese ymour.tar.gz", I'm going to slap the author silly.
He means "Maxwell's Daemon", a process that automatically identifies each package as being required or not required for the dependencies of the desired software.
Can I get a Mod +2 for making a pun that good?
It's worse. What happens when each of them has the same configuration file, such as "/usr/info/dir.info", but it belongs to two different packages and you want to install both?
No, an installation manager should *not* allow J. Random User to install whatever the heck they want. Too many important utilities have serious security repercussions, such as the default compiler, OpenSSL libraries, network services, PAM authentication, and kernel modules.
Installing and modifying these should require some level of thought and authority, such as local root access.
Now, for the idea of installing mozilla in ~/bin. That's just fine, until you leave your ~/bin group-writable to let your buddy install something, and suddenly your buddy or his broken-into account can now install a mozilla that displaces yours and records your passwords.
I've seen exactly this sort of behavior when some idiot told his friends "here, use my ~/bin for all these useful tools" and cracker put in different version of "ls" that put the cracker's machine into the user's.rhosts file. Voila, the cracker had access all over a poorly secured academic network.
I have, but those were for tightly kernel related utilities like modutils to load kernel modules appropriately, when I went from 2.4 to a 2.6 kernel, or for USB and serial utilities to by default look in the new locations for default devices.
Additionally, there are some utilities that can and do use certain hardware functionality, such as OpenSSL, if you have the hardware to support hardware SSL encryption.
Notice the key phrase there: "Debian unstable". It's simply impossible to properly regression test or compatibility test Debian unstable, because it's nearly impossible to identify the versions of all all the core components in it on any given day.
Unfortunately, the only way to get software into Debian stable is to be a version so old that it's actually deprecated.
Re:Still can't see how Sun will survive
on
Sun-isms Debunked
·
· Score: 1
You use something like Yast or Kickstart from the Linux world to install it and set up your MBR.
The permissions on NTFS actually destabilize the operating system and badly interfere with application use, in my experience. Individual file security be damned in such a badly handled security environment, again in my harsh, harsh experience.
Most RedHat support these days doesn't come from RedHat. It comes from Google, newsgroups, the software author's webpages, and that guy down in IT who really likes to play with neat stuff and sticks his nose into everything.
I know, I'm that guy down in IT. The pay's not bad, and I know I'm saving the company at least 3 times my salary on licensing expensive tools they don't need by pulling them out of the open source community. They don't realize it, but my time spent publishing the patches and support I provide in turn are what pay for that software.
If they had to pay licensing fees to get multi-platform compilers such as Fortran, Java, and C++ such as Sun sells for amazing amounts of money but I pull from the open source world for their Windows and UNIX and Linux development, they'd have to change the company's business entirely and lay off 30 people.
That would mean less crowding in the cubicles and no one stealing lunches from the fridge, but it would still be bad.
Re:Still can't see how Sun will survive
on
Sun-isms Debunked
·
· Score: 1
Goodness, don't use ghost to image things! If you're in that world, throw NTFS out the window, use FAT32, and build a compressed tarball to re-install from scratch. It'll be much, much faster to build and much easier to re-install.
You've still got to deal with the master boot record, but that's fairly straightforward depending on your OS.
Re:Could somebody please explain to me..
on
Sun-isms Debunked
·
· Score: 1
RedHat is much lower margin. RedHat's presence in Sun's old core market is huge, even if RedHat is only getting paid for a small fraction of the installations. Take a look at all the Beowulf clusters out there running RedHat and other Linux systems, or take a look at how many Matlab licenses now include Linux support vs. Solaris support ofr an example of the problem they face.
And nobody buys Sun's for desktop X servers or thin clients: it's just pointless, even with Sun's attempts to turn Java into an operating system environment, when you can plug in a $300 market PC and run a full-blown Linux on it.
They sell Linux because they have to in their market space. They work very, very hard to talk you out of using it, even while selling it. You can see their salespeople's spleens trying to rebel as they make a salestalk including the Linux variants. It's especially fun if you bring along some fresh popcorn to watch, or bring along a bottle of cheap booze and take shots every time they wince at the word "Linux".
Re:Still can't see how Sun will survive
on
Sun-isms Debunked
·
· Score: 2, Interesting
I worry about losing hard drives and ethernet cards. I worry more in the Wintel PC world because my management refuses to spend the premium for known chipsets and supportable components on the, rather than burned-in high quality components. (Take a look at the weird piece of crap 3Com network chipsets being foisted onto mid-range motherboards these days. Yeesh.)
Sun does do component testing and disk burn-in before they ship their hardware out the door. You can get that in the PC box world, but it's unusual and you have to find a reliable vendor for it. This helps preserve Sun's market for core system hardware.
The trade-offs are similar to those for SCSI vs. SATA right now. You pay for high quality and reliability, vs. having 10 times as much disk for the same price and rack space.
Re:I don't care what they call the OS...
on
Sun-isms Debunked
·
· Score: 1
Thank you. That was actually funny, unlike so much slashdot traffic.
The reason the hospital grade is so expensive is often things like testing, purity, and sterilization. Something clean enough to hold in your hand is not necessarily clean enough to embed in the glued together bone or skin tissue of someone with a suppressed immune system due to illness.
And the hospital grade costs about $20/tube, with a fancy applicator designed to put it on thinly, last I looked on a hospital bill.
Oh, no. It looks like some high school freshmen accidentally plugged in his nifty-keen-gonna-make-millions-from-spammers generator of vaguely random text to confuse email filters.
There are already dozens of challenge response systems like this. Take a look at this site for another typical example. http://harvee.billerica.ma.us/~esj/camram.html They seem to be mandatory to write for new mail administrators who have just discovered the power of Perl and feel a need to test it out.
I'm sorry, you're wrong on a detail.
There is no reason to have port 25 open outbound on anything but the ISP's authorized SMTP servers. None whatsoever iin this day and age, except the convenience of people who like to run their own mail servers. Unfortunately, with the massive number of zombied and badly run home SMTP servers, most outbound SMTP from ISP users that does not go directly to their ISP's SMTP server for delivery as mail from that ISP is in fact spam or email worms.
So yes, it needs to be blocked outbound. You simply need to use SMTPAUTH on the road to get your email to your own ISP's SMTP server over port 587. Problem solved.
Yup. Fortunately, this actually helps make your old company *trackable*, which has been a big problem for identifying spam. Most people can't read the headers to track the email back to the original sender correctly. Tools like requiring valid reverse or forward DNS and SPF are useful for that, and help get the bounces (which are a huge part of the burden of spam) sent back to the righ place instead of the forged victims and forged domains. The missing step, as always, has been enforcement of sane policies. The upstream ISP's of this company is the one that needs to enforce sane policy. Also, because a company relies on junk email does not make them spam. Let's be very clear here. The law, and sane policies, provide a standard where a company doing business with you already can send you junk mail or faxes legally. Simply applying the same standard to email would be a huge help in controlling spam, but getting the laws in place and the policies in place at the ISP level has been very hard due to their legal concerns and their fiscal problems where a paying customer is a paying customer.
Nope. Not in your wildest dreams. The growth of the use of zombied machines, and the continuing existence of "pink contracts" with ISP's that allow spam from their domains, and the continuing existence of new ISP's that allow spammers to easily buty throwaway accounts that result in effectively pink contracts will easily grow to fill the temporary void of using forward/reverse DNS blocking. Mandating forward/reverse DNS does nothing to block the existing and easily expanding spam from valid hostnames.
"If we could just rewrite everybody mailer's with my new widget in illegible Perl or badly written C that breaks several RFC's I've never bothered to read, we will surely stop spam!" I've heard this sort of thing before, every few months for the past 10 years.
There have been dozens of these wildly espoused challenge/response systems over the years. They don't work because users hate them, because vital automated systems such as bill payment and delivery verifications can't get past them. Coupled with "sender pays" systems, they're almost always subverted within short periods and never can or will gain the acceptance of the user community enough to become effective.
Nah, they were done in because they failed to make anything worth playing. They spent time on BIG! GLORIOUS! FANTASTIC! DEMOWARE! that had no storyline, no plot, poor control configuration, no sense of humor, no sense of drama, etc. But it made lovely trailers, so they kept hyping really bad games with pretty trailers to show investors.
Maybe they ran out of people who bother to use "stable", since so many tools there are deprecated and a monster to maintain?
The Debian "stable" vs. unstable seems to match the new RedHat "Enteprise" releases vs. the new "FEdora". Maybe Debian can shorten their transfer time and testing enough to use "stable" for production servers? I know a bunch of people who'd like that.
You've clearly never dealt with an estate attorney following up on old lawsuits. Get 10 heirs involved, and the lawsuits will never end.
Moreover, good hitman are quite expensive, and hitmen are notoriously bad at keeping their client's affairs secret when they are facing the death penalty. They may be generally successful, but the legal risk of facing a murder charge is huge: the cost/benefit analysis doesn't often support it.
But don't think Bill Gates and his minions haven't thought about it a few times.
freshrpms.net and their "dag" and "dries" repositories have turned out to be wonderful, at least for RedHat users, to get the latest versions of all those cool tools such as video grabbers and security packages, just for your reference. The maintainers have been extremely good about repackaging those tools as fast as possible in a really good format. cpan2rpm is also your friend. Now if only the Perl developers would use a standard naming and numbering convention for their packages. If I see one more Perl package named "packag-irrelevant-subname.0.0.0.237.8.12-feedmese ymour.tar.gz", I'm going to slap the author silly.
He means "Maxwell's Daemon", a process that automatically identifies each package as being required or not required for the dependencies of the desired software. Can I get a Mod +2 for making a pun that good?
It's worse. What happens when each of them has the same configuration file, such as "/usr/info/dir.info", but it belongs to two different packages and you want to install both?
I had it far worse than your cans and string. I had to install a TCP/IP stack on Windows 3.10 to get networking.
No, an installation manager should *not* allow J. Random User to install whatever the heck they want. Too many important utilities have serious security repercussions, such as the default compiler, OpenSSL libraries, network services, PAM authentication, and kernel modules.
.rhosts file. Voila, the cracker had access all over a poorly secured academic network.
Installing and modifying these should require some level of thought and authority, such as local root access.
Now, for the idea of installing mozilla in ~/bin. That's just fine, until you leave your ~/bin group-writable to let your buddy install something, and suddenly your buddy or his broken-into account can now install a mozilla that displaces yours and records your passwords.
I've seen exactly this sort of behavior when some idiot told his friends "here, use my ~/bin for all these useful tools" and cracker put in different version of "ls" that put the cracker's machine into the user's
I have, but those were for tightly kernel related utilities like modutils to load kernel modules appropriately, when I went from 2.4 to a 2.6 kernel, or for USB and serial utilities to by default look in the new locations for default devices.
Additionally, there are some utilities that can and do use certain hardware functionality, such as OpenSSL, if you have the hardware to support hardware SSL encryption.
Ahem. The fix to that problem is to log in as a local administrator, *then* run Acrobat Reader.
Notice the key phrase there: "Debian unstable". It's simply impossible to properly regression test or compatibility test Debian unstable, because it's nearly impossible to identify the versions of all all the core components in it on any given day.
Unfortunately, the only way to get software into Debian stable is to be a version so old that it's actually deprecated.
You use something like Yast or Kickstart from the Linux world to install it and set up your MBR. The permissions on NTFS actually destabilize the operating system and badly interfere with application use, in my experience. Individual file security be damned in such a badly handled security environment, again in my harsh, harsh experience.
Most RedHat support these days doesn't come from RedHat. It comes from Google, newsgroups, the software author's webpages, and that guy down in IT who really likes to play with neat stuff and sticks his nose into everything. I know, I'm that guy down in IT. The pay's not bad, and I know I'm saving the company at least 3 times my salary on licensing expensive tools they don't need by pulling them out of the open source community. They don't realize it, but my time spent publishing the patches and support I provide in turn are what pay for that software. If they had to pay licensing fees to get multi-platform compilers such as Fortran, Java, and C++ such as Sun sells for amazing amounts of money but I pull from the open source world for their Windows and UNIX and Linux development, they'd have to change the company's business entirely and lay off 30 people. That would mean less crowding in the cubicles and no one stealing lunches from the fridge, but it would still be bad.
Goodness, don't use ghost to image things! If you're in that world, throw NTFS out the window, use FAT32, and build a compressed tarball to re-install from scratch. It'll be much, much faster to build and much easier to re-install. You've still got to deal with the master boot record, but that's fairly straightforward depending on your OS.
RedHat is much lower margin. RedHat's presence in Sun's old core market is huge, even if RedHat is only getting paid for a small fraction of the installations. Take a look at all the Beowulf clusters out there running RedHat and other Linux systems, or take a look at how many Matlab licenses now include Linux support vs. Solaris support ofr an example of the problem they face. And nobody buys Sun's for desktop X servers or thin clients: it's just pointless, even with Sun's attempts to turn Java into an operating system environment, when you can plug in a $300 market PC and run a full-blown Linux on it.
They sell Linux because they have to in their market space. They work very, very hard to talk you out of using it, even while selling it. You can see their salespeople's spleens trying to rebel as they make a salestalk including the Linux variants. It's especially fun if you bring along some fresh popcorn to watch, or bring along a bottle of cheap booze and take shots every time they wince at the word "Linux".
I worry about losing hard drives and ethernet cards. I worry more in the Wintel PC world because my management refuses to spend the premium for known chipsets and supportable components on the, rather than burned-in high quality components. (Take a look at the weird piece of crap 3Com network chipsets being foisted onto mid-range motherboards these days. Yeesh.) Sun does do component testing and disk burn-in before they ship their hardware out the door. You can get that in the PC box world, but it's unusual and you have to find a reliable vendor for it. This helps preserve Sun's market for core system hardware. The trade-offs are similar to those for SCSI vs. SATA right now. You pay for high quality and reliability, vs. having 10 times as much disk for the same price and rack space.
Thank you. That was actually funny, unlike so much slashdot traffic.