Aliant (Telephone/Internet/Satelite provider in the east coast of Canada) offers about 15 channels of television (lots of news, comedy network, tech-TV, music, et al) over IP to your computer. It's not much, but it's a start- There's so much excess downstream bandwidth that could be used for television... and since it comes from your cable/DSL company, it's not on the Internet as a whole, so latency is really low.
Toronto was pulling in 27-30K last year, and about 22-25K per game the year before. A part of this could be contributed to winning and doing well, of course, but a large part of it is due to promotion. They have a day for everything, bringing in bands, Tony Hawk in his prime, etc.
The Rogers center can _HOLD_ more people for both baseball and football, but they refuse to use it. They put banners over all but a few '500-level' sections because they just end up being horrible seats, plus it makes it look like there are more people when they're close together. Nonetheless, what the stadium can hold and what they are willing to sell are two different stories. They don't sell the end zones (except a grocery store has field-level seats in one end zone, but that's about it). A lot of that space they quote is 500-level, the maximum capacity of all corporate boxes, and the maximum capacity of the restaurant 'Windows'. The Argos were touting moving to a new stadium recently which would have been built with 30K even, however decided to stick with the Rogers center after a. recieving a good deal, and b. the UofT and York deals becoming many times more expensive and taking longer than they should have.
You'll find CFL a bit more intimate- as they refuse to sell the 'bad' seats in many cases.
FYI: There is a lovely strike of the primary broadcaster, so if anyone is watching it, such as this coming Wednesday's game, keep in mind that these are just scabs filming the game and they're _horrible_.
CFL games in Toronto pull out 31K people a game or so... and that's more stadium limitations than anything else. Other cities tend to get really good turnouts as well. They're doing trials out east in consideration of bringing in some more teams. It's growing even more as they promote it a bit better- which has always been a part of the problem with the CFL.
CFL football is a _MUCH_ better GAME than NFL football, for the following reasons:
1. is there anything more commercialized 'look-at-me-I'm-a-consumer-whore' than NFL football? How many people watch the Superbowl for the ads? How many people have water with a Budweiser label in their hands (note: the bottle is probably sealed in this case)
2. The game is all about scoring and not about enjoying the game. It's about pushing bets, getting points, and setting off fireworks so the girls can do their little dance. CFL football has the 3-downs it should, where as NFL football gives the extra down- just to increase the chance of scoring. There are other rules- the extra 10 yards on the field (55 yard line center- more space, more players, more action), extra slot back, etc.
If you enjoy football, CFL football is quite awesome. If you're there to get drunk and have a high-scoring game where you leave needing to buy all the stuff you saw (clown college comes to mind), enjoy your NFL football.
What do you think processor ID was supposed to do? Lock your content to your processor... althoguh they 'claimed' it was to authenticate you to your bank and whatnot, but really- nothing secure is going to depend on a physical machine (laptop, desktops in an office, etc) so you'd need a password anyway...
It's all just a matter of identifying you uniquely for DRM to work.
The idea of the desktop adapters is to save wiring a small office, home, or places where wires can't go (the toolshed or 'pool house' for example).
Blanketing the city with Wifi- yes I'd agree with you 100%. But setting up city hotpots in public places isn't exactly ideal for a desktop. I can see the giant extension cords now (not to mention the FedEX furniture (article a few days ago)).
That's the worst excuse I've _EVER_ heard. So this is an effort to provide Internet to lower income households? In the age of a $250US workstation and a $1200-$2000US laptop computer, why are hotspots the answer?
If the people can't affort $5-$10USD/mo dialup Internet access for their desktop, how on earth are they going to affort to buy a modern laptop?
(answer may be used hardware, but lets be serious here)
Agreed- for me it depends on the group/genre- There are of course catchy tracks and then there's your Rattle And Humm CD. That's just the way music works.
Nonetheless, Whether they use them or not, they are still counting 16x (just a guess) or some average number of tracks for every CD copied rather than songs on a P2P network which are often downloaded one-at-a-time (keyword: often). People hear a song on the radio and put it on a MP3 player or in their car. The measure is not the same.
If they counted a number of copies (ie: CDs counting as one), I'd agree, but 2x as many songs means 1/8th of as many albums copied than songs downloaded... whcih makes it seem like much less of an issue.
All I'm saying is that they're trying to tout big numbers so everyone gets all in an uproar and takes action.
"acquire almost twice as many songs from illegally duplicated CDs as from unauthorized download"
Wait? Really? So when people copy 16 tracks on an album compared to downloading 1, the numbers of the former exceed the latter? They say this so they can go after yet another target- writable media. Though how many of those tracks get listened to? When people download their favourite song, they often don't download the whole album (though some do).
So now the RIAA has a new target now that they've lost economies of scale attacking P2P... then they'll go after P2P again. Joy!
A lot of corporate deployments of Firefox and more acurately Netscape 7 exist.
In particular look at any university- I've been on four campuses in the past few years and every one of them has Netscape7 or Firefox as their default browser instead of IE.
Netscape is really a corporate supported version of the Mozilla Suite with extras.
I'm glad that ad had a good affect on you. I know you'll be going out to buy some coke... errr Pepsi... no Coke... errr... Just pick up a case of each.
But that makes no sense? Large companies running FireFox but behind proxies will count as one firefox user (same with IE though). Users who are 'less active' or do not go to the sites they are testing. Maybe Mac users don't like Yahoo, CNet, etc. Maybe that person has 4 IP addresses and browses through all of them.
Who knows- it's all a guess- take it all with a grain of salt, but it's the best guess we can come up with.
And they should. Why release something half-@$$ed that works in some browsers and not others? It means they'll make their page in Frontpage and then change things until it works in other browsers- it's a hack job.
Please- Planned means nothing. It means it might be months out when it makes no sense. I can understand Google Toolbar coming out late for Firefix (it's a whole new program), but this is HTML that should display in all browsers.
And a large part of patents is (supposed to be) fairness to all parties. I shouldn't have to go find a Windows machine with IE to hog for a few hours and transfer all my documents over to paste into their Web form. It's something I should be able to do right away. If I can't do it, nobody should be able to (in this case). Otherwise it gives some people *cough* M$ *cough* an advantage on Patents.
Though I'm not a fan of that guy's letter. He touts lists of acronyms like CSS, XHTML, IE, OSX, etc that the developers would know but the _managers_ won't. A simple:
"Internet Explorer, while being used by the majority of Web users, is not used by all Web users. This is in favour of countless browsers (some of which are listed below) which offer considerable advantages to non-Windows users (Mac, Linux) as well as Windows users who are looking for superior alternates to Microsoft's Web browser. Statistics on the number of users utilizing each browser are available at http://..../ Please do not underestimate the 10% of hundreds of millions of US and foreign Web users who choose to utilize alternate technologies. It is unfair to provide an advantage to Windows/Internet Explorer users over others, when it is entirely unnecessary. All Web browsers support standards, such as those set by w3c (http://www.w3c.org/ which your developers should build their Web site to conform to rather than utilize proprietary methods exclusive to IE.
Simple, to the point, doesn't tout acronyms and explains most of them when it does. References a statistic, and really emphasizes the number of people affected and how common they are.
But why one million... Why not two or more? I'd guess it didn't last as long as you might imagine (especially if you have the speed test at 18 seconds, why not do a second run for longer?
The article seems more aimed at the software packages and inter-office communication. The web server software is often outsourced to those with more reliable internet connections. Running 'front-line' servers isn't for everyone.
the eye candy we've had for years under Linux/KDE, that Windows users are finally getting
Windows users had it with LiteStep back in the days of Win95/98. Good times. I eventually took it off because I had so many questions with people asking how they too can make their computer that pretty.
Not true, just by the sheer number of people who loathe MS, you're guaranteed a greater number of attacks will be geared towards the MS platform than Linux.
That really all depends. For viruses, Windows can get more because there are more Windows-destined virii. Fine. For botnets where you need thousands of machines attacking and doing whatever the owner pleases, yes Windows drones are better due to their sheer number on broadband connections and corporate networks.
But for attacks? I'd disagree. Think of the power when you take over root at an ISP, network provider, or corporate Web server. Often many-procesor servers on reliable servers with dedicated IPs that almost never get rebooted? Personally I'd do a lot more with a Linux box than with semi-access to someone's desktop.
So _AUTOMATIC_ attacks- yes go to windows. But _MANUALLY_ attacking computers- better go for the target that will give you the most benefit.
For reference, I don't do any of these things, but think of the power of a compiler.
When I worked at IBM, the old IBM PC Keyboards were on the employee purchase plan dirt cheap, along with IBM PCI 10/100 Ethernet adaptors with WOL (the Intel chipset). You'd bet I picked up a case of each- about 12 of either fully boxed. As I scrape the letters off each one and it starts to give me trouble, I move to the next.
Couldn't be happier. The current 'new' keyboards all suck... but you see, it's all about predicting that it's going to happen.
IBM, Dell, etc take heat for silly decisions, while small computer shops nobody notices. People complain about poor case and motherboard design when Dell makes 1U cases that sag, but there were few complaints when motherboard makers started implementing early SiS chipsets (that could not be more buggy). Why? They're a big target and an easy hit.
IE takes lots of heat for security and features while Mozilla gets away with it a lot more. Now Firefox goes mainstream and a security issue makes the newspaper despite being so impossible to exploit. Why? Because it's moving up in the %'s of the browser market.
The government is also a pretty obvious target.
Microsoft doesn't necessarily produce anything that much worse than many of the MILLIONS of software developers out there, but of course because it's got billions of dollars and a product used on 99% of workstations out there, people target it. Rebel against the force!
Is it wrong to like Microsoft? Not at all... But Microsoft doesn't like you- you're small and insignificant to them, in comparison to a small developer.
Mistakes are just magnified, but ultimately aren't any worse.
Many slashdotters rebel against the force of Microsoft and move to their Linux-ey goodness, but I'd say a very good percentage of users of Slashdot are surfing/. on XP or 2000 machines as opposed to Linux.
M$ does something very complicated. For the exposure/number of users they have, they SHOULD take more care in their coding practices for security and stability, but compare to every other software developer, they're probably one of the better.
Fine. But unfortunately, it has resulted in large numbers of people running his mail server unmodified without fully understanding the implications of doing so.
Then don't even start to count the number of systems running sendmail, courier, or exim right out of the box with their Linux installs. Don't even get me started on the number of incorrect howtos and docs all over the net about those. Don't even get me started about the security holes in sendmail. Odds are, if somebody is using qmail- if somebody took time out of their day to learn how it works, follow instructions, patch it, get it installed, then they have an at least moderate understanding of how to configure it and keep a system somewhat secure. It eliminates the novice who would run away as soon as they see the need to compile, patch, and install anything without a GUI.
While I don't blame him for not accepting patches to qmail, my understanding is that it has been repeatedly pointed out to him that qmail's habit of sending bounce messages itself when it receives an undeliverable e-mail rather than sending a 550 response to instruct the sending MTA to do so causes problems for just about every e-mail user on the internet, and so far he has not fixed the issue.
There are _MANY_ patches that reject invalid recipients rather than bounce them after the fact available to many administrators. The system is not broken, just done in a different way. qmail was created before this tactic was nearly as common, and patches address this functionality.
DJB (I guess) does not want to add it as it removes a portion of the secutity structure. This happens because qmail-smtpd (the SMTP daemon) is to have no privs and run as a non-important user. In order to check a quota, you'd need access into users' home directories. In order to check existance of virtual users, you'd need access to configuration and e-mail folders, password files, etc. By the time qmail looks up those things, it's been sanitized and taken in by qmail-inject with the user being disconnected. This is the whole point of it, and it shows that you are not understanding the strucutre and reasoning of qmail.
I hold DJB responsible for this.
Other mail systems do it too. Talk instead to the admin who didn't install the checkuser patch. Though there is also a reason against your '550' activity- as soon as an e-mail is accepted, it's known to be valid and will receive more Spam! Might as well bring back VRFY to SMTP for some real Spamming-fun!
As far as I'm concerned, all unpatched qmail installations are misconfigured.
Not quite. I'd agree in many cases the checkuser patch is a good one. Others such as SSL, tarpit, regex, etc are all just optionals. Why is this a misconfiguration? It doesn't accept mail for domains it doesn't own, but bounces for domains it does. As a community effort to reduce the volume of mail, checkuser helps do so, but ideally, you wouldn't have people sending mail to fake addresses. Fix the Spam problem, not some intermediate step that was made before that method was popular. A good admin can look at the patches, decide what is needed, and install it... the whole point is getting a competent person behind the helm.
...security hole discovery
Again, nobody owes anybody anything here. It's courtesy yes, but for a security expert, I'd imagine holes frustrate him quite a bit. I'd imagine there's more to this story, such as a lack of response in 3 days, etc. He did as he wishes, just as anyone who discovers qmail holes can claim their $500 and go public. It's probably not the best thing, but I'm sure your story is slightly abridged.
I love people who think DJB owes them something because he wrote some code. If you read some of his papers, he sure does have a big ego, but if you take a look at the papers and software he produces, it's pretty darn flawless. If you could produce unbelievably fast and secure code as quick as him, you too could get cocky.
That's what admins/geeks are. Think of the classic 'Hackers' movie, and the big admin with the password of 'God'. Admins love thier l33t Perl, C, TCL, Shell scripts because they do everything they need. We have contests as to who can make code that does something in the fewest number of lines (many references on Slashdot) and who can make the code decievingly complex (again many references).
DJB made something that fits with his views. He made it available to the public and people liked it so much they started to use it. The best part about DJBs stuff is that it does it's job and does it well.
I hear the big anti-qmail and anti-djbdns debate all the time about people who want tons of features in there. All of the features you can want are in patches, and patch collections that you can safely add. DJB has a mail system that does what he wants, and does it securely. He's not willing to accept patches into the mail distro because it taints its quality. That's his choice.
He wrote the code, he puts it up there. If you like it, use it. If you don't, avoid it. If you want features, make a patch for yourself or for others.
He's a smart guy who produced some damn good software that has a following for good reason. He doesn't want patched binary distributions floating around, as security issues in those reflect negatively on his word. As well, it keeps those who don't take the time to learn the basics of administration from operating misconfigured qmail installations. All good reason- I'd agree with most of it.
Slashdot Mirror
Aliant (Telephone/Internet/Satelite provider in the east coast of Canada) offers about 15 channels of television (lots of news, comedy network, tech-TV, music, et al) over IP to your computer. It's not much, but it's a start- There's so much excess downstream bandwidth that could be used for television... and since it comes from your cable/DSL company, it's not on the Internet as a whole, so latency is really low.
-M
Toronto was pulling in 27-30K last year, and about 22-25K per game the year before. A part of this could be contributed to winning and doing well, of course, but a large part of it is due to promotion. They have a day for everything, bringing in bands, Tony Hawk in his prime, etc.
The Rogers center can _HOLD_ more people for both baseball and football, but they refuse to use it. They put banners over all but a few '500-level' sections because they just end up being horrible seats, plus it makes it look like there are more people when they're close together. Nonetheless, what the stadium can hold and what they are willing to sell are two different stories. They don't sell the end zones (except a grocery store has field-level seats in one end zone, but that's about it). A lot of that space they quote is 500-level, the maximum capacity of all corporate boxes, and the maximum capacity of the restaurant 'Windows'. The Argos were touting moving to a new stadium recently which would have been built with 30K even, however decided to stick with the Rogers center after a. recieving a good deal, and b. the UofT and York deals becoming many times more expensive and taking longer than they should have.
You'll find CFL a bit more intimate- as they refuse to sell the 'bad' seats in many cases.
FYI: There is a lovely strike of the primary broadcaster, so if anyone is watching it, such as this coming Wednesday's game, keep in mind that these are just scabs filming the game and they're _horrible_.
-M
CFL games in Toronto pull out 31K people a game or so... and that's more stadium limitations than anything else. Other cities tend to get really good turnouts as well. They're doing trials out east in consideration of bringing in some more teams. It's growing even more as they promote it a bit better- which has always been a part of the problem with the CFL.
CFL football is a _MUCH_ better GAME than NFL football, for the following reasons:
1. is there anything more commercialized 'look-at-me-I'm-a-consumer-whore' than NFL football? How many people watch the Superbowl for the ads? How many people have water with a Budweiser label in their hands (note: the bottle is probably sealed in this case)
2. The game is all about scoring and not about enjoying the game. It's about pushing bets, getting points, and setting off fireworks so the girls can do their little dance. CFL football has the 3-downs it should, where as NFL football gives the extra down- just to increase the chance of scoring. There are other rules- the extra 10 yards on the field (55 yard line center- more space, more players, more action), extra slot back, etc.
If you enjoy football, CFL football is quite awesome. If you're there to get drunk and have a high-scoring game where you leave needing to buy all the stuff you saw (clown college comes to mind), enjoy your NFL football.
-M
Remember the classic line
:)
Guns don't kill people
People kill people
Don't hide behind a video game because you can't seem to teach your child right from wrong, reality from fantasy, and good people skills.
PS: ironically, the simpsons episode where Maggie hits Homer with a mallet was on a couple nights ago
-M
I can see it now.
http://www.site.com/rmdir
http://www.site.com/mke2fs?/dev/sda
http://www.site.com/kill `pidof httpd`
What do you think processor ID was supposed to do? Lock your content to your processor... althoguh they 'claimed' it was to authenticate you to your bank and whatnot, but really- nothing secure is going to depend on a physical machine (laptop, desktops in an office, etc) so you'd need a password anyway...
It's all just a matter of identifying you uniquely for DRM to work.
-M
The idea of the desktop adapters is to save wiring a small office, home, or places where wires can't go (the toolshed or 'pool house' for example).
Blanketing the city with Wifi- yes I'd agree with you 100%. But setting up city hotpots in public places isn't exactly ideal for a desktop. I can see the giant extension cords now (not to mention the FedEX furniture (article a few days ago)).
-M
That's the worst excuse I've _EVER_ heard. So this is an effort to provide Internet to lower income households? In the age of a $250US workstation and a $1200-$2000US laptop computer, why are hotspots the answer?
If the people can't affort $5-$10USD/mo dialup Internet access for their desktop, how on earth are they going to affort to buy a modern laptop?
(answer may be used hardware, but lets be serious here)
-M
"Hey Jerry, could I put you on hold for a second, I have to take a wizz on my cell phone if you're going to be more than a few minutes."
Agreed- for me it depends on the group/genre- There are of course catchy tracks and then there's your Rattle And Humm CD. That's just the way music works.
Nonetheless, Whether they use them or not, they are still counting 16x (just a guess) or some average number of tracks for every CD copied rather than songs on a P2P network which are often downloaded one-at-a-time (keyword: often). People hear a song on the radio and put it on a MP3 player or in their car. The measure is not the same.
If they counted a number of copies (ie: CDs counting as one), I'd agree, but 2x as many songs means 1/8th of as many albums copied than songs downloaded... whcih makes it seem like much less of an issue.
All I'm saying is that they're trying to tout big numbers so everyone gets all in an uproar and takes action.
C'mon- is this a joke?
"acquire almost twice as many songs from illegally duplicated CDs as from unauthorized download"
Wait? Really? So when people copy 16 tracks on an album compared to downloading 1, the numbers of the former exceed the latter? They say this so they can go after yet another target- writable media. Though how many of those tracks get listened to? When people download their favourite song, they often don't download the whole album (though some do).
So now the RIAA has a new target now that they've lost economies of scale attacking P2P... then they'll go after P2P again. Joy!
This is useless.
-M
A lot of corporate deployments of Firefox and more acurately Netscape 7 exist.
In particular look at any university- I've been on four campuses in the past few years and every one of them has Netscape7 or Firefox as their default browser instead of IE.
Netscape is really a corporate supported version of the Mozilla Suite with extras.
-M
I'm glad that ad had a good affect on you. I know you'll be going out to buy some coke... errr Pepsi... no Coke... errr... Just pick up a case of each.
-M
Ususally browsing logs of big sites.
But that makes no sense? Large companies running FireFox but behind proxies will count as one firefox user (same with IE though). Users who are 'less active' or do not go to the sites they are testing. Maybe Mac users don't like Yahoo, CNet, etc. Maybe that person has 4 IP addresses and browses through all of them.
Who knows- it's all a guess- take it all with a grain of salt, but it's the best guess we can come up with.
-M
And they should. Why release something half-@$$ed that works in some browsers and not others? It means they'll make their page in Frontpage and then change things until it works in other browsers- it's a hack job.
Please- Planned means nothing. It means it might be months out when it makes no sense. I can understand Google Toolbar coming out late for Firefix (it's a whole new program), but this is HTML that should display in all browsers.
And a large part of patents is (supposed to be) fairness to all parties. I shouldn't have to go find a Windows machine with IE to hog for a few hours and transfer all my documents over to paste into their Web form. It's something I should be able to do right away. If I can't do it, nobody should be able to (in this case). Otherwise it gives some people *cough* M$ *cough* an advantage on Patents.
Though I'm not a fan of that guy's letter. He touts lists of acronyms like CSS, XHTML, IE, OSX, etc that the developers would know but the _managers_ won't. A simple:
"Internet Explorer, while being used by the majority of Web users, is not used by all Web users. This is in favour of countless browsers (some of which are listed below) which offer considerable advantages to non-Windows users (Mac, Linux) as well as Windows users who are looking for superior alternates to Microsoft's Web browser. Statistics on the number of users utilizing each browser are available at http://..../ Please do not underestimate the 10% of hundreds of millions of US and foreign Web users who choose to utilize alternate technologies. It is unfair to provide an advantage to Windows/Internet Explorer users over others, when it is entirely unnecessary. All Web browsers support standards, such as those set by w3c (http://www.w3c.org/ which your developers should build their Web site to conform to rather than utilize proprietary methods exclusive to IE.
Simple, to the point, doesn't tout acronyms and explains most of them when it does. References a statistic, and really emphasizes the number of people affected and how common they are.
-M
Ya know,
I saw an ad in the paper, and a part of it had Gravis Gamepads for $1.29CDN each (In Toronto).
-M
But why one million... Why not two or more? I'd guess it didn't last as long as you might imagine (especially if you have the speed test at 18 seconds, why not do a second run for longer?
-M
The article seems more aimed at the software packages and inter-office communication. The web server software is often outsourced to those with more reliable internet connections.
Running 'front-line' servers isn't for everyone.
-M
Windows users had it with LiteStep back in the days of Win95/98. Good times. I eventually took it off because I had so many questions with people asking how they too can make their computer that pretty.
-M
That really all depends. For viruses, Windows can get more because there are more Windows-destined virii. Fine. For botnets where you need thousands of machines attacking and doing whatever the owner pleases, yes Windows drones are better due to their sheer number on broadband connections and corporate networks.
But for attacks? I'd disagree. Think of the power when you take over root at an ISP, network provider, or corporate Web server. Often many-procesor servers on reliable servers with dedicated IPs that almost never get rebooted? Personally I'd do a lot more with a Linux box than with semi-access to someone's desktop.
So _AUTOMATIC_ attacks- yes go to windows.
But _MANUALLY_ attacking computers- better go for the target that will give you the most benefit.
For reference, I don't do any of these things, but think of the power of a compiler.
-M
When I worked at IBM, the old IBM PC Keyboards were on the employee purchase plan dirt cheap, along with IBM PCI 10/100 Ethernet adaptors with WOL (the Intel chipset). You'd bet I picked up a case of each- about 12 of either fully boxed. As I scrape the letters off each one and it starts to give me trouble, I move to the next.
Couldn't be happier. The current 'new' keyboards all suck... but you see, it's all about predicting that it's going to happen.
-M
Being big makes you a target plain and simple.
/. on XP or 2000 machines as opposed to Linux.
IBM, Dell, etc take heat for silly decisions, while small computer shops nobody notices. People complain about poor case and motherboard design when Dell makes 1U cases that sag, but there were few complaints when motherboard makers started implementing early SiS chipsets (that could not be more buggy). Why? They're a big target and an easy hit.
IE takes lots of heat for security and features while Mozilla gets away with it a lot more. Now Firefox goes mainstream and a security issue makes the newspaper despite being so impossible to exploit. Why? Because it's moving up in the %'s of the browser market.
The government is also a pretty obvious target.
Microsoft doesn't necessarily produce anything that much worse than many of the MILLIONS of software developers out there, but of course because it's got billions of dollars and a product used on 99% of workstations out there, people target it. Rebel against the force!
Is it wrong to like Microsoft? Not at all... But Microsoft doesn't like you- you're small and insignificant to them, in comparison to a small developer.
Mistakes are just magnified, but ultimately aren't any worse.
Many slashdotters rebel against the force of Microsoft and move to their Linux-ey goodness, but I'd say a very good percentage of users of Slashdot are surfing
M$ does something very complicated. For the exposure/number of users they have, they SHOULD take more care in their coding practices for security and stability, but compare to every other software developer, they're probably one of the better.
-M
Then don't even start to count the number of systems running sendmail, courier, or exim right out of the box with their Linux installs. Don't even get me started on the number of incorrect howtos and docs all over the net about those. Don't even get me started about the security holes in sendmail. Odds are, if somebody is using qmail- if somebody took time out of their day to learn how it works, follow instructions, patch it, get it installed, then they have an at least moderate understanding of how to configure it and keep a system somewhat secure. It eliminates the novice who would run away as soon as they see the need to compile, patch, and install anything without a GUI.
There are _MANY_ patches that reject invalid recipients rather than bounce them after the fact available to many administrators. The system is not broken, just done in a different way. qmail was created before this tactic was nearly as common, and patches address this functionality.
DJB (I guess) does not want to add it as it removes a portion of the secutity structure. This happens because qmail-smtpd (the SMTP daemon) is to have no privs and run as a non-important user. In order to check a quota, you'd need access into users' home directories. In order to check existance of virtual users, you'd need access to configuration and e-mail folders, password files, etc. By the time qmail looks up those things, it's been sanitized and taken in by qmail-inject with the user being disconnected. This is the whole point of it, and it shows that you are not understanding the strucutre and reasoning of qmail.
Other mail systems do it too. Talk instead to the admin who didn't install the checkuser patch. Though there is also a reason against your '550' activity- as soon as an e-mail is accepted, it's known to be valid and will receive more Spam! Might as well bring back VRFY to SMTP for some real Spamming-fun!
Not quite. I'd agree in many cases the checkuser patch is a good one. Others such as SSL, tarpit, regex, etc are all just optionals. Why is this a misconfiguration? It doesn't accept mail for domains it doesn't own, but bounces for domains it does. As a community effort to reduce the volume of mail, checkuser helps do so, but ideally, you wouldn't have people sending mail to fake addresses. Fix the Spam problem, not some intermediate step that was made before that method was popular.
A good admin can look at the patches, decide what is needed, and install it... the whole point is getting a competent person behind the helm.
Again, nobody owes anybody anything here. It's courtesy yes, but for a security expert, I'd imagine holes frustrate him quite a bit. I'd imagine there's more to this story, such as a lack of response in 3 days, etc. He did as he wishes, just as anyone who discovers qmail holes can claim their $500 and go public. It's probably not the best thing, but I'm sure your story is slightly abridged.
-M
I love people who think DJB owes them something because he wrote some code. If you read some of his papers, he sure does have a big ego, but if you take a look at the papers and software he produces, it's pretty darn flawless. If you could produce unbelievably fast and secure code as quick as him, you too could get cocky.
That's what admins/geeks are. Think of the classic 'Hackers' movie, and the big admin with the password of 'God'. Admins love thier l33t Perl, C, TCL, Shell scripts because they do everything they need. We have contests as to who can make code that does something in the fewest number of lines (many references on Slashdot) and who can make the code decievingly complex (again many references).
DJB made something that fits with his views. He made it available to the public and people liked it so much they started to use it. The best part about DJBs stuff is that it does it's job and does it well.
I hear the big anti-qmail and anti-djbdns debate all the time about people who want tons of features in there. All of the features you can want are in patches, and patch collections that you can safely add. DJB has a mail system that does what he wants, and does it securely. He's not willing to accept patches into the mail distro because it taints its quality. That's his choice.
He wrote the code, he puts it up there. If you like it, use it. If you don't, avoid it. If you want features, make a patch for yourself or for others.
He's a smart guy who produced some damn good software that has a following for good reason. He doesn't want patched binary distributions floating around, as security issues in those reflect negatively on his word. As well, it keeps those who don't take the time to learn the basics of administration from operating misconfigured qmail installations. All good reason- I'd agree with most of it.
-M
Why?
The data passes over their network, so they can do as they wish with routing it. they're not stealing it, they're just not completing the route.
Look at any dedicated service contract (T1's, ethernet, T3's etc) and you'll see lovely print saying they can do whatever they want.
You are connecting to their network- not the other way around... hence you are subject to the way they run their network..
-M