what i do (secure 4 GB disks, backed up to DVD)
on
Backups to CD-R?
·
· Score: 2, Informative
This isn't an answer to your question exactly, it's just my approach to most of your problem.
I use a secure disk program (Bestcrypt, for Windows and Linux) to create mountable, secured virtual drives. I make each disk just under the limit for the burnable media, I bought a DVD burner, and given the limits of the DVD format the largest single file is 3.99 GB. I have two main virtual disks I use, one I mount every time I use the system (for desktop, email, favorites, etc.), the other is for things I use far less often (photos, archived projects, etc.). And every week (at least) I burn the main disk to DVD (less often for the other disk). Before I had a DVD drive I did the same thing with containers that were only 650MB).
I use a separate backup script to backup all the non-unique data (programs, system, etc.) to another hard drive.
(I've had a laptop stolen from my house years ago by burglars who broke in, and with the personal files, banking info, etc. that one keeps on their PC these days, security can't be ignored.)
quincy
Back in 1996 I built a dual Pentium Pro computer in an SKB music case (for rackmounted music gear) as a luggable computer. After a few years the thing was pretty antiquated, so when I had to move from Europe back to the US I decided to doom the thing to the fates and have it travel back with me with my luggage, facing the perils of baggage handling. It just wasn't worth taking any extra precautions. I knew the thing wouldn't survive the trip, but I didn't want to throw it out. It had no shock protection at all, and I didn't place any fragile stickers on it or anything. After the trip I opened the case up to find the CPUs and memory sticks had unseated themselves and been knocking around inside the case, many of the CPU pins were bent this way and that. The memory seemed scratched but otherwise ok. some of the chips mounted on the motherboards seem to have suffered the impacts of the CPUs flying about (some bent wires going to the chips). Just to see what would happen I straightened the wires, pins, re-seated the memory, and turned it on. The damn thing worked fine. And went on to live an unexpected few years as a file server. I'm not sure what lesson I learned, I suppose that computers can be far more robust than I expect (but only when I don't expect it).
Being aware of what technology exists, could exist, or will exist is not akin to endorsing or even using any of that technology. I do not advocate or practice piracy. But, I know what's going on in the world, and I can guess as to what will go on. And those are appropriate responses to the article posted.
Q
Given the availability of various stream ripping software (not sure if something is currently available for Napster particularly, didn't see any in a quick search) it would seem reasonable to expect that the Napster streams could become your real mp3s. Surely something could do the DirectSound dumping (as other programs already do) and then slap on the MP3 tags based on text grabbed from Napster's Windows handles.
Q
Sadly, anyone likely to abuse your account is a little too clever for that. In my experience, in every situation where I have been SPAMmed, or my address mis-used, there was no e-mail address to forward to. The accounts in the domain record were false (any e-mails would bounce), and the websites would have NO e-mail addresses on them (in only one case did I find one that had it, and mails to that address bounced). How odd that they wouldn't want to give out their valid e-mail address? The only mechanism was to use the "contact us" style forms that they would all universally have.
Q
As I mentioned at the end of the post, I haven't implemented the PREFIX.SITENAME_YOU_ARE_REGISTERING_FOR@YOUR_DOMAI N filtering. I just don't know sendmail/procmail/etc. well enough to make it worth my while. If anyone who does can tell us how, please do!
If you were talking about the bouncing of known abused addresses, then that's super easy, just add a line to/etc/aliases (assuming UN*X), sending anything received for that account to/dev/null; ideally this would be done by some other script, a catch-all management one, as this approach doesn't bounce the mail, giving the impression that the account is valid.
But, the occasional retirement of virtual addresses has been good enough for me for years, the other thing I propose would be the "real" ultimate solution, to prevent the negative things I have experienced.
Q
P.S. -
Sorry I made the post a bitch to read, posted it HTML formatted instead of plain text (there were line breaks in there!).
As someone who has been using a catch-all account for years, and has enjoyed the benefits and suffered the consequences, I would suggest you do it (though not without some warnings and recommendations).
I do receive a fair amount of SPAM for accounts which have never existed on the system. I have also endured several periods when some SPAMmer referred to fake accounts at my domain in the return-to of the SPAM they were sending out (they were not using my mail server, they simply made up random usernames for my domain). Since they were random (both the names they used and the content of the SPAM) it was impossible to easily filter out. That sucked. I would receive hundreds of bounce messages per day. Ultimately I was able to make it stop by writing a script to post every bounce message I received through to the support form on the websites being advertised (modifying for each of the three or four sites which were involved), making the normal "cease and desist" legal threats. It seemed to work, since the SPAMs did stop soon after (presumably those sites complained to the SPAMmer they employed), and the SPAMmer no doubt moved on to some other fake accounts. Bastard.
One of the best features of the catch-all is that you can totally control to whom you give out your "real" e-mail address, as well as track who is using the e-mail addresses you are giving out. For example, if you want to register at example.com for something, you give them the address me.example@yourdomain.com (or some structure which has a prefix or postfix, the 'me.', and the site name for which you are registering). You'll be able to receive that sites mail until you either don't want to, or until you see that they have abused the privilege of e-mailing you. Often I will see six months after registering to some site, I start getting tons of SPAM from the e-mail I gave to that site, and I can then simply block that on the mail server, bouncing them or sending them to/dev/null (via aliases, for example). This is the greatest strength in using catch-all addresses.
To mitigate the danger I mentioned previously of fake usernames, one should (though I am no sendmail expert and don't know how) set up a rule that any incoming recipient address must correspond to an existing account/alias, OR the catch-all structure you want (the whole PREFIX.SITENAME@yourdomain.com).
Q
Slashdot Mirror
I use a secure disk program (Bestcrypt, for Windows and Linux) to create mountable, secured virtual drives. I make each disk just under the limit for the burnable media, I bought a DVD burner, and given the limits of the DVD format the largest single file is 3.99 GB. I have two main virtual disks I use, one I mount every time I use the system (for desktop, email, favorites, etc.), the other is for things I use far less often (photos, archived projects, etc.). And every week (at least) I burn the main disk to DVD (less often for the other disk). Before I had a DVD drive I did the same thing with containers that were only 650MB).
I use a separate backup script to backup all the non-unique data (programs, system, etc.) to another hard drive.
(I've had a laptop stolen from my house years ago by burglars who broke in, and with the personal files, banking info, etc. that one keeps on their PC these days, security can't be ignored.) quincy
Back in 1996 I built a dual Pentium Pro computer in an SKB music case (for rackmounted music gear) as a luggable computer. After a few years the thing was pretty antiquated, so when I had to move from Europe back to the US I decided to doom the thing to the fates and have it travel back with me with my luggage, facing the perils of baggage handling. It just wasn't worth taking any extra precautions. I knew the thing wouldn't survive the trip, but I didn't want to throw it out. It had no shock protection at all, and I didn't place any fragile stickers on it or anything. After the trip I opened the case up to find the CPUs and memory sticks had unseated themselves and been knocking around inside the case, many of the CPU pins were bent this way and that. The memory seemed scratched but otherwise ok. some of the chips mounted on the motherboards seem to have suffered the impacts of the CPUs flying about (some bent wires going to the chips). Just to see what would happen I straightened the wires, pins, re-seated the memory, and turned it on. The damn thing worked fine. And went on to live an unexpected few years as a file server. I'm not sure what lesson I learned, I suppose that computers can be far more robust than I expect (but only when I don't expect it).
Point well taken, 'spam' it is.
Being aware of what technology exists, could exist, or will exist is not akin to endorsing or even using any of that technology. I do not advocate or practice piracy. But, I know what's going on in the world, and I can guess as to what will go on. And those are appropriate responses to the article posted.
Q
Given the availability of various stream ripping software (not sure if something is currently available for Napster particularly, didn't see any in a quick search) it would seem reasonable to expect that the Napster streams could become your real mp3s. Surely something could do the DirectSound dumping (as other programs already do) and then slap on the MP3 tags based on text grabbed from Napster's Windows handles.
Q
Sadly, anyone likely to abuse your account is a little too clever for that. In my experience, in every situation where I have been SPAMmed, or my address mis-used, there was no e-mail address to forward to. The accounts in the domain record were false (any e-mails would bounce), and the websites would have NO e-mail addresses on them (in only one case did I find one that had it, and mails to that address bounced). How odd that they wouldn't want to give out their valid e-mail address? The only mechanism was to use the "contact us" style forms that they would all universally have.
Q
As I mentioned at the end of the post, I haven't implemented the PREFIX.SITENAME_YOU_ARE_REGISTERING_FOR@YOUR_DOMAI N filtering. I just don't know sendmail/procmail/etc. well enough to make it worth my while. If anyone who does can tell us how, please do!
If you were talking about the bouncing of known abused addresses, then that's super easy, just add a line to /etc/aliases (assuming UN*X), sending anything received for that account to /dev/null; ideally this would be done by some other script, a catch-all management one, as this approach doesn't bounce the mail, giving the impression that the account is valid.
But, the occasional retirement of virtual addresses has been good enough for me for years, the other thing I propose would be the "real" ultimate solution, to prevent the negative things I have experienced.
Q
P.S. - Sorry I made the post a bitch to read, posted it HTML formatted instead of plain text (there were line breaks in there!).
As someone who has been using a catch-all account for years, and has enjoyed the benefits and suffered the consequences, I would suggest you do it (though not without some warnings and recommendations). I do receive a fair amount of SPAM for accounts which have never existed on the system. I have also endured several periods when some SPAMmer referred to fake accounts at my domain in the return-to of the SPAM they were sending out (they were not using my mail server, they simply made up random usernames for my domain). Since they were random (both the names they used and the content of the SPAM) it was impossible to easily filter out. That sucked. I would receive hundreds of bounce messages per day. Ultimately I was able to make it stop by writing a script to post every bounce message I received through to the support form on the websites being advertised (modifying for each of the three or four sites which were involved), making the normal "cease and desist" legal threats. It seemed to work, since the SPAMs did stop soon after (presumably those sites complained to the SPAMmer they employed), and the SPAMmer no doubt moved on to some other fake accounts. Bastard. One of the best features of the catch-all is that you can totally control to whom you give out your "real" e-mail address, as well as track who is using the e-mail addresses you are giving out. For example, if you want to register at example.com for something, you give them the address me.example@yourdomain.com (or some structure which has a prefix or postfix, the 'me.', and the site name for which you are registering). You'll be able to receive that sites mail until you either don't want to, or until you see that they have abused the privilege of e-mailing you. Often I will see six months after registering to some site, I start getting tons of SPAM from the e-mail I gave to that site, and I can then simply block that on the mail server, bouncing them or sending them to /dev/null (via aliases, for example). This is the greatest strength in using catch-all addresses.
To mitigate the danger I mentioned previously of fake usernames, one should (though I am no sendmail expert and don't know how) set up a rule that any incoming recipient address must correspond to an existing account/alias, OR the catch-all structure you want (the whole PREFIX.SITENAME@yourdomain.com).
Q