Thank you. That was the first thought that went through my mind too. With all the security problems, (slightly) amusing BSODs, students getting Windows Media Player running, etc I don't like the idea either. Just the mention of PayPal brought the image of the back end being Internet links (probably live IPs too) which should terrify us all.
Personally I view it as helpful anyway. If you are an admin for a large group of people and you can stop them from loading the mail in a client that will allow web bugs to verify they got it, keep the end user from clicking on the *ahem* "opt-out" link, or clicking on the damn ad, it at least helps keep it from escalating as fast. I do agree that I would rather it not hit the server at all, but that's not the world we live in at the moment.
Agreed. In the end user's defense cars aren't advertised or described as perfectly safe and permanent devices. Computers are. Did you see the AOL commercial where the little kid presses the "Fix my computer" button and it just worked? Remember the Mac commercials where "there is no second step"? A lot of users expect what they see on TV and demand it when it doesn't work that way. If people saw a guy in a commercial get in to the back seat of an empty car, say "TO WORK" and the car just drove him there they'd expect that too after a while.
I first read that as "Thinking ruled is legal in Scientology Case" and thought "It's about time!". Oh well. I wouldn't dare think anything about the case... Hold on... Someone's at my door.
You are correct. They are using a new algorithm, but it requires a connect to the main server to get the key. Either that or the executable has been told that if the registration server is not there dont connect (which seems dumb). This was determined because one of the developers firewalled his Windows computer's access to the main server but nothing else and it could not connect to any cached hosts like it used to.
It is not unstoppable anymore. All clients just got forced to upgrade to a version that relies on central servers before the client will connect to a supernode. Check out giFT's sourceforge page. Nobody knows if the motivation was greed, fear of this suit, or just basic stupidity.
Kazaa/Morpheus/Grokster JUST broke functionality with giFT by causing the client to HAVE to contact a main server before it will participate in the network. This move makes this new network easily vulnerable to a shutdown since it relies on a few entry points. If they had left it alone the floating network would continue to float, but not now. Oh well.
port 1214 is also the port used by KaZaA and MusicCity's Morpheus for the direct semi-gnutella style communication for the file sharing network. Are you running either? Is it possible that it was a coincidence that you were on this system as well as someone from Toshiba?
I lost two locations that I support today to this. I had a second Internet connection in one, but the other I had to move to dialup and host their mail on my line. We're trying to move the locations to Covad lines. I'm just curious if the other providors are going to be able to handle this many people scrambling for access.
That's exactly what I do. I used DHCP to assign a private subnet that I dont route and then PoPToP to establish a connection that I assign a ppp IP that I do route for the laptops. Works perfectly.
Now, if you need to change your resolv.conf, maintain several and chown them to your user account. That way you can have resolv.conf.work, resolv.conf.home, resolv.conf.client3 and hell, you could symlink/etc/resolv.conf to which one you ned in the bash script. I dont have that problem as I just use my ISP's named from wherever I am. A little slower, but I dont have to change anything!
After I made all my scripts, I put a menu in my KDE bar that had links to all my scripts. I bring the laptop out of suspend, click the bar, choose where I am, and poof.
The md5 is created by the napster client stored in the shared.dat on windows machines and in ~/.gnapster/shared for gnapster. That is what is sent to the napster server for the search engine. All you have to do is alter the md5 in the file and poof, emusic's little bot is worthless. I made a dippy little bash script that scrambles the md5s in my gnapster shared file and then launches gnapster for me. No cracking involved.
What the hell? Having a live IP at ANY point means you are exposed. God forbid anyone take any personal responsibility for their own systems and make sure that they are not at risk. Why would an ISP be responsible for your personal configuration at all? Take care of yourselves... dont expect others to do so. Sorry for the rant but that's like asking the government to stop by and lock your doors at night because you'll forget.
Actually, I was thinking "12 year old Norwegian boy executed at the request of the FCC for publishing information describing how to disable copy protection with a paperclip, a rubber band, and an Apple ]["
I doubt it. You have to take the attitude that if you have something on an open webserver, people can see it. If you dont want a spider hitting your site, ban the subnet that it comes from. If the data is something you dont want the government or anyone else to see, dont place it in plain view.
Yes, Chili runs on Linux. Yes, it is a DSO for Apache. No, it certainly is not free (~$700/processor I think). Apparantly COM will work, but I started looking at the directions and thought to myself "Yeah right, like I'll be able to get these guys to do THIS". Chili works quite well actually! We haven't had any problems at all.
I had this battle recently too. The developers demanded an IIS server, MSSQL, and Frontpage Ext. and turned their noses up at PHP and Perl. They wanted ~$10,000 worth of software to do this.
Trust me, it is very very hard to get people who are used to ASP, Macromedia, etc to cooperate at all with these setups. They did get used to MySQL pretty quickly though. My conversations went something like this:
"We want NT5/IIS/MSSQL/Frontpage"
me:"Okay, go ask the boss for $10,000 and you get to be the one that is called if it goes down at 2am"
"ummm......"
me:"Or, we run Apache, and I get the 2am calls if it goes down"
"ummm...... we'll take Apache?"
me:*tap**tap*/usr/local/apache/bin/apachectl start
I dont know about through a cell phone, but Ricochet just went live here in Atlanta and claim 128k always on for around $70/mo if I remember correctly. I'm not away from a computer long enough to justify it to myself, so I have not tried it yet.
I realize this can be difficult to get someone who uses AOL to do, but it might solve the problem. Get the client to connect with AOL as usual, and then minimize the AOL client. Fire up a normal browser and you should have a straight connection bypassing the cache proxies. I assume this still works with the newer AOL clients. I simply have not had to do this in a while. Perhaps you could send the client a diskette with a shortcut file and a DOS batch file to copy it into the start menu to make it easier to launch the browser.
I guess if it becomes a really large problem you could check the version of the incoming request and look for aol's string, redirecting them to a page explaining what they need to do to access what they are looking for.
Come to think of it, I have not tested any of my client pages for AOL viewers. I never really thought about it. Grrr, I guess it's time to grab an AOL trial coaster and fire up the the good old vmware...
Since the meatspace war on drugs went so well, I bet the online one will be a snap! Maybe they out to check in on the RIAA and MPAA and see how well they are doing in their little wars.
I have a feeling that most admins wont care. I certainly dont. I get pings, odd port attempts, old exploit attempts on several different firewalls on several different subnets every day. They dont work, so I simply dont care. It's not that I dont see them, they just dont matter to me. If I am extremely bored I'll telnet into their mail server and leave one for root that says "IMAP scanning is rude" or something similar, but past that who cares?
Why not try putting a Windows NAT server on a workstation that is running the proxy client and point the non-Windows boxes at it as the gateway? I realize this is extra LAN traffic, but it could work.
I tested MS Proxy 1.something a long time ago and it had a client install for the workstations. My ideas are not the ideal solution I'm sure, but it's a thought:P
Take an NT workstation with the MS Proxy client installed and then install a socks proxy on the same machine. Then bounce your connections through it.
Second idea: Take an NT workstation and install NAT32 or another NAT program and set your workstation's default gateway to that workstation. If it works, all applications should work without changes.
At one point I had found an EXE for Windows that will translate your plain text password into the scrambled one the Netzero server is expecting. Give the login name as your email address, give the password that the exe gave you, and use whatever PPP capable OS you want.
Slashdot Mirror
Thank you. That was the first thought that went through my mind too. With all the security problems, (slightly) amusing BSODs, students getting Windows Media Player running, etc I don't like the idea either. Just the mention of PayPal brought the image of the back end being Internet links (probably live IPs too) which should terrify us all.
For the embedded Winsock ones, use lspfix.exe. Just be careful. Some of those are supposed to be there.
Personally I view it as helpful anyway. If you are an admin for a large group of people and you can stop them from loading the mail in a client that will allow web bugs to verify they got it, keep the end user from clicking on the *ahem* "opt-out" link, or clicking on the damn ad, it at least helps keep it from escalating as fast. I do agree that I would rather it not hit the server at all, but that's not the world we live in at the moment.
Agreed. In the end user's defense cars aren't advertised or described as perfectly safe and permanent devices. Computers are. Did you see the AOL commercial where the little kid presses the "Fix my computer" button and it just worked? Remember the Mac commercials where "there is no second step"? A lot of users expect what they see on TV and demand it when it doesn't work that way. If people saw a guy in a commercial get in to the back seat of an empty car, say "TO WORK" and the car just drove him there they'd expect that too after a while.
I'm actually afraid to. Lessee... We're talking about Scientology and they want my credit card. Let me think about that... oh yeah, NO.
I first read that as "Thinking ruled is legal in Scientology Case" and thought "It's about time!". Oh well. I wouldn't dare think anything about the case... Hold on... Someone's at my door.
You are correct. They are using a new algorithm, but it requires a connect to the main server to get the key. Either that or the executable has been told that if the registration server is not there dont connect (which seems dumb). This was determined because one of the developers firewalled his Windows computer's access to the main server but nothing else and it could not connect to any cached hosts like it used to.
It is not unstoppable anymore. All clients just got forced to upgrade to a version that relies on central servers before the client will connect to a supernode. Check out giFT's sourceforge page. Nobody knows if the motivation was greed, fear of this suit, or just basic stupidity.
Kazaa/Morpheus/Grokster JUST broke functionality with giFT by causing the client to HAVE to contact a main server before it will participate in the network. This move makes this new network easily vulnerable to a shutdown since it relies on a few entry points. If they had left it alone the floating network would continue to float, but not now. Oh well.
port 1214 is also the port used by KaZaA and MusicCity's Morpheus for the direct semi-gnutella style communication for the file sharing network. Are you running either? Is it possible that it was a coincidence that you were on this system as well as someone from Toshiba?
I lost two locations that I support today to this. I had a second Internet connection in one, but the other I had to move to dialup and host their mail on my line. We're trying to move the locations to Covad lines. I'm just curious if the other providors are going to be able to handle this many people scrambling for access.
That's exactly what I do. I used DHCP to assign a private subnet that I dont route and then PoPToP to establish a connection that I assign a ppp IP that I do route for the laptops. Works perfectly.
That was driving me nuts too, so I installed sudo, gave my user account sudo rights to ifconfig, route, and pump. Then my scripts looks similar to:
/etc/resolv.conf to which one you ned in the bash script. I dont have that problem as I just use my ISP's named from wherever I am. A little slower, but I dont have to change anything!
#!/bin/bash
sudo ifconfig eth0 192.168.0.50
sudo route add default gw 192.168.0.1
or...
#!/bin/bash
sudo pump -i eth0
Now, if you need to change your resolv.conf, maintain several and chown them to your user account. That way you can have resolv.conf.work, resolv.conf.home, resolv.conf.client3 and hell, you could symlink
After I made all my scripts, I put a menu in my KDE bar that had links to all my scripts. I bring the laptop out of suspend, click the bar, choose where I am, and poof.
The md5 is created by the napster client stored in the shared.dat on windows machines and in ~/.gnapster/shared for gnapster. That is what is sent to the napster server for the search engine. All you have to do is alter the md5 in the file and poof, emusic's little bot is worthless. I made a dippy little bash script that scrambles the md5s in my gnapster shared file and then launches gnapster for me. No cracking involved.
What the hell? Having a live IP at ANY point means you are exposed. God forbid anyone take any personal responsibility for their own systems and make sure that they are not at risk. Why would an ISP be responsible for your personal configuration at all? Take care of yourselves... dont expect others to do so. Sorry for the rant but that's like asking the government to stop by and lock your doors at night because you'll forget.
Actually, I was thinking "12 year old Norwegian boy executed at the request of the FCC for publishing information describing how to disable copy protection with a paperclip, a rubber band, and an Apple ]["
I doubt it. You have to take the attitude that if you have something on an open webserver, people can see it. If you dont want a spider hitting your site, ban the subnet that it comes from. If the data is something you dont want the government or anyone else to see, dont place it in plain view.
Yes, Chili runs on Linux. Yes, it is a DSO for Apache. No, it certainly is not free (~$700/processor I think). Apparantly COM will work, but I started looking at the directions and thought to myself "Yeah right, like I'll be able to get these guys to do THIS". Chili works quite well actually! We haven't had any problems at all.
/usr/local/apache/bin/apachectl start
I had this battle recently too. The developers demanded an IIS server, MSSQL, and Frontpage Ext. and turned their noses up at PHP and Perl. They wanted ~$10,000 worth of software to do this.
Trust me, it is very very hard to get people who are used to ASP, Macromedia, etc to cooperate at all with these setups. They did get used to MySQL pretty quickly though. My conversations went something like this:
"We want NT5/IIS/MSSQL/Frontpage"
me:"Okay, go ask the boss for $10,000 and you get to be the one that is called if it goes down at 2am"
"ummm......"
me:"Or, we run Apache, and I get the 2am calls if it goes down"
"ummm...... we'll take Apache?"
me:*tap**tap*
I dont know about through a cell phone, but Ricochet just went live here in Atlanta and claim 128k always on for around $70/mo if I remember correctly. I'm not away from a computer long enough to justify it to myself, so I have not tried it yet.
I realize this can be difficult to get someone who uses AOL to do, but it might solve the problem. Get the client to connect with AOL as usual, and then minimize the AOL client. Fire up a normal browser and you should have a straight connection bypassing the cache proxies. I assume this still works with the newer AOL clients. I simply have not had to do this in a while. Perhaps you could send the client a diskette with a shortcut file and a DOS batch file to copy it into the start menu to make it easier to launch the browser.
I guess if it becomes a really large problem you could check the version of the incoming request and look for aol's string, redirecting them to a page explaining what they need to do to access what they are looking for.
Come to think of it, I have not tested any of my client pages for AOL viewers. I never really thought about it. Grrr, I guess it's time to grab an AOL trial coaster and fire up the the good old vmware...
Since the meatspace war on drugs went so well, I bet the online one will be a snap! Maybe they out to check in on the RIAA and MPAA and see how well they are doing in their little wars.
I have a feeling that most admins wont care. I certainly dont. I get pings, odd port attempts, old exploit attempts on several different firewalls on several different subnets every day. They dont work, so I simply dont care. It's not that I dont see them, they just dont matter to me. If I am extremely bored I'll telnet into their mail server and leave one for root that says "IMAP scanning is rude" or something similar, but past that who cares?
Why not try putting a Windows NAT server on a workstation that is running the proxy client and point the non-Windows boxes at it as the gateway? I realize this is extra LAN traffic, but it could work.
I tested MS Proxy 1.something a long time ago and it had a client install for the workstations. My ideas are not the ideal solution I'm sure, but it's a thought :P
Take an NT workstation with the MS Proxy client installed and then install a socks proxy on the same machine. Then bounce your connections through it.
Second idea: Take an NT workstation and install NAT32 or another NAT program and set your workstation's default gateway to that workstation. If it works, all applications should work without changes.
At one point I had found an EXE for Windows that will translate your plain text password into the scrambled one the Netzero server is expecting. Give the login name as your email address, give the password that the exe gave you, and use whatever PPP capable OS you want.