approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected (x) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks (x) It will stop spam for two weeks and then we'll be stuck with it ( ) Users of email will not put up with it ( ) Microsoft will not put up with it (x) The police will not put up with it ( ) Requires too much cooperation from spammers ( ) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists (x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email (x) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses (x) Asshats (x) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email (x) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches (x) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves (x) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud (x) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses (x) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
How is that a good solution?
What about setups (such as mine) that depend on timely email delivery to a lot of people.
This will not work for me.
Although with SA, ClamAV and a bunch of blacklists, I get very little spam as it is.
The quality of spelling/grammar on/. is so far down in the toilet that it needs to be flushed.
"Netherlands Organiztion for Scientific Research provies a human-readable description of research into the stability of Qbits conducted at Leiden University. The bad news: " Much to their surprise they discovered that the coherence tends to spontaneously disappear, even without external influences." The whole story in physicist-readable form is in the June 17 Physical Review Letters by van Wezel, van den Brink, Zaanen [click abstract or huge PDF]. I am not buying any quantum computing startups 'til they nail this matter down...you can't build a computer if state information is going to evaportate in a second or less."
"CmdrTaco, lead editor for Slashdot.org, has posted a duplicate article from Next Generation called Doomed: How id Lost Its Crown. In doing so he shows how Slashdot is no longer the king of the hill in the tech news genre, losing the online geek wars to other sites such as Fark and K5 and the comment posting wars to trolls like Anonymous Coward, and focusing too much on posting repeated stories at the expense of original content features. From the article: 'It's hard to stomach having to read a story on the site the same number of times you see it on all other sites combined (six times is the record I believe, thanks for asking) when you can visit any other tech site and watch how comparatively good the relevant news reporting is.'"
Or better yet put it into one show and make it really good.
Farscape and SG1 both cost about that for one season. Not sure about Atlantis, but I'm sure it's similar.
Because the existance of firewalls everywhere breaks lots of useful tools (ping)
I agree with this and it's why I allow most icmp traffic through my firewalls.
like using port 80 for all new services, since that's the only one you can count on to get through all the firewalls
I don't really get why people do this. If you start up a new service on a server, then hopefully you would be a competent enough server admin to know how to open another port to use the service. If you start up a service on a home system or another kind of client machine, then you're probably not running a web server on that machine anyway, so port 80 is really not that different from the others. I don't really see what always programming to port 80 gets you.
The only way I really see it being useful is if someone wants to run unauthorized stuff. Like if the server admin refuses to open a port for x service so the person just decides to run it on 80 since that's already open. In that case I don't really see it as a problem since that person shouldn't be running the service anyway.
That is a rather bold statement. Have any evidence to back it up?
I can think of a few instances where you would still be vulnerable without a firewall, like if there was an exploit discovered in the network stack of the OS.
He DOES have a point on the fact that numerous applications require intelligent firewalls, the most basic case of course being active FTP.
I would say Passive FTP is more difficult to firewall on the server than active. Passive puts the responsibility of accepting an incoming connection on an arbitrary high port on the server. Active puts it on the client.
Now some FTP servers let you specify a range of passive ports to announce to the client, but that can break compatibility with some clients.
I agree that firewalls should not be implemented as a crutch in lieu of a good security model for your servers, but why not have that and a firewall. TFA makes a good point but most sysadmins who have any experience with good security already know it. Only run the services needed on the servers dedicated to those services.
But it seems to me that rejecting all other traffic with a firewall is a good added measure of security that can only improve the overall security of your setup. It also makes you less visible to attackers and wastes there time.
I'm talking about taking responsibility for writing an OS that teenage hackers finds 5 new exploits in every week (without even having access to the source).
I'm talking about taking responsibility for writing an OS that lasts 12 minutes when plugged into the public internet before being owned.
Obviously writing bug free software is not possible. But at least attempting to do so, or better yet at least attempting to care about security at all definitely is.
Shouldn't they face some consequence for writing such shitty code as the security nightmare that is Windows?
It's kind of funny really. In almost any company if a single coder could be found responsible for coding mistakes that cost the company millions of dollars, he would be fired and quite possibly sued. But when thousands of coders in a company collectively do the same thing, they get off without any responsibility for the effects of unleashing their horribly buggy code on the entire world.
I don't think it will feasible for them to support products with both the processors.
It will be totally feasible, easy in fact. OS X already runs fine on both processors. Apple will ship a universal binary OS X along with universal binary versions of all their software for several years.
The majority of effort needed to support both processors at once has already been done. Apple wouldn't have announced the switch if it hadn't been. They needed to reassure their customers and investors that this was not going to be too difficult to pull off.
Almost every time I see a police car (even with their lights off) they are almost always going faster than the majority of the traffic who themselves are going more than the speed limit.
Slashdot Mirror
News Corp announced on Monday that it , owner of the popular MySpace.com social networking site, for $580 million.
CmdrTaco announced on Tuesday that he, founder of the popular Slashdot.org technology site, for the readability level.
Yeah well I figured that was covered under "Anyone could anonymously destroy anyone else's career or business."
How is that a good solution? What about setups (such as mine) that depend on timely email delivery to a lot of people. This will not work for me. Although with SA, ClamAV and a bunch of blacklists, I get very little spam as it is.
Hopefully they will get the issue fixed soon.
They have until July 31st in the current launch window if I recall correctly.
Have we reached Teh Snappy(TM) yet?
The quality of spelling/grammar on /. is so far down in the toilet that it needs to be flushed.
"Netherlands Organiztion for Scientific Research provies a human-readable description of research into the stability of Qbits conducted at Leiden University. The bad news: " Much to their surprise they discovered that the coherence tends to spontaneously disappear, even without external influences." The whole story in physicist-readable form is in the June 17 Physical Review Letters by van Wezel, van den Brink, Zaanen [click abstract or huge PDF]. I am not buying any quantum computing startups 'til they nail this matter down...you can't build a computer if state information is going to evaportate in a second or less."
"CmdrTaco, lead editor for Slashdot.org, has posted a duplicate article from Next Generation called Doomed: How id Lost Its Crown. In doing so he shows how Slashdot is no longer the king of the hill in the tech news genre, losing the online geek wars to other sites such as Fark and K5 and the comment posting wars to trolls like Anonymous Coward, and focusing too much on posting repeated stories at the expense of original content features. From the article: 'It's hard to stomach having to read a story on the site the same number of times you see it on all other sites combined (six times is the record I believe, thanks for asking) when you can visit any other tech site and watch how comparatively good the relevant news reporting is.'"
Or they will just limit the launch window again.
After Challenger... No more winter launches.
After Columbia... No more night launches.
After the next one they will only launch at 1:37 PM on the second Saturday of the month after the first full moon.
Or better yet put it into one show and make it really good. Farscape and SG1 both cost about that for one season. Not sure about Atlantis, but I'm sure it's similar.
Some companies just never learn how to die properly.
Refusing to die properly can sometimes be a good thing. Just look at Apple.
Because the existance of firewalls everywhere breaks lots of useful tools (ping)
I agree with this and it's why I allow most icmp traffic through my firewalls.
like using port 80 for all new services, since that's the only one you can count on to get through all the firewalls
I don't really get why people do this. If you start up a new service on a server, then hopefully you would be a competent enough server admin to know how to open another port to use the service. If you start up a service on a home system or another kind of client machine, then you're probably not running a web server on that machine anyway, so port 80 is really not that different from the others. I don't really see what always programming to port 80 gets you.
The only way I really see it being useful is if someone wants to run unauthorized stuff. Like if the server admin refuses to open a port for x service so the person just decides to run it on 80 since that's already open. In that case I don't really see it as a problem since that person shouldn't be running the service anyway.
That is a rather bold statement. Have any evidence to back it up?
I can think of a few instances where you would still be vulnerable without a firewall, like if there was an exploit discovered in the network stack of the OS.
He DOES have a point on the fact that numerous applications require intelligent firewalls, the most basic case of course being active FTP.
I would say Passive FTP is more difficult to firewall on the server than active. Passive puts the responsibility of accepting an incoming connection on an arbitrary high port on the server. Active puts it on the client.
Now some FTP servers let you specify a range of passive ports to announce to the client, but that can break compatibility with some clients.
What a waste of time that post was. ;)
The -p switch to netstat that I included in that command shows the program and pid. lsof would work too but that's more common for BSD.
I agree that firewalls should not be implemented as a crutch in lieu of a good security model for your servers, but why not have that and a firewall. TFA makes a good point but most sysadmins who have any experience with good security already know it. Only run the services needed on the servers dedicated to those services.
But it seems to me that rejecting all other traffic with a firewall is a good added measure of security that can only improve the overall security of your setup. It also makes you less visible to attackers and wastes there time.
That was the time quoted in a recent /. story, I didn't make it up.
So they released a patch.
I'm talking about taking responsibility for writing an OS that teenage hackers finds 5 new exploits in every week (without even having access to the source).
I'm talking about taking responsibility for writing an OS that lasts 12 minutes when plugged into the public internet before being owned.
Obviously writing bug free software is not possible. But at least attempting to do so, or better yet at least attempting to care about security at all definitely is.
What about Microsoft?
Shouldn't they face some consequence for writing such shitty code as the security nightmare that is Windows?
It's kind of funny really. In almost any company if a single coder could be found responsible for coding mistakes that cost the company millions of dollars, he would be fired and quite possibly sued. But when thousands of coders in a company collectively do the same thing, they get off without any responsibility for the effects of unleashing their horribly buggy code on the entire world.
I don't think it will feasible for them to support products with both the processors.
It will be totally feasible, easy in fact. OS X already runs fine on both processors. Apple will ship a universal binary OS X along with universal binary versions of all their software for several years.
The majority of effort needed to support both processors at once has already been done. Apple wouldn't have announced the switch if it hadn't been. They needed to reassure their customers and investors that this was not going to be too difficult to pull off.
Profit $300 for 60 days work
Well, if you work in IT, at least you'd be getting a raise.
Ah yes. As an Atlanta resident I can confirm that driving the speed limit here can be hazardous to your health.
I agree.
Almost every time I see a police car (even with their lights off) they are almost always going faster than the majority of the traffic who themselves are going more than the speed limit.