I just tested a bunch of anti-spam tools. Brightmail was the best of the bunch in terms of detection, and had zero false positives. Not the most flexible though, and far from being userfriendly to admin and monitor.
YMMV - spam is not only subjective, it varies enormously from one organisation to another, and even between groups within organisations.
Technically, it's not stolen IP. Apart from the fact that it's not _stolen_ anything (since you can only violate copyright, not steal it), semantics aside it's only _allegedly_ copied code.
Pending confirmation from Cisco, it's at best a pointer to where you can find something which is purported to be part of something which someone says might be covered by somebody else's IP.
There's enough uncertainty in there to be perfectly safe. Even were it confirmed, I don't think Cisco's in the mood for a DeCSS-go-round over 200 lines of code out of 800mb. They're too busy getting subpoenas for franz's ISP, I imagine.
It's coming. SP2 for XP contains an IE update with the long-awaited pop-up blocker. But really, is it so hard to download AdAware yourself? Teach people how to secure themselves, don't spoonfeed it to them. Teach a man to fish, right?
You aren't masquerading as anything - just terminating the connection and reestablishing it. Usually easy to identify (because of the key, as you said), but that's OK - it's not meant to be covert. A lot of SSL VPN applications rely on this, since otherwise they'd be unable to do any kind of enforcement between client and server.
You might also want to look at how Ettercap handles https man-in-the-middle attacks.
Network security devices do this with SSL by proxying the connection so you think you're connecting to the remote site by SSL, but in fact it's only as far as your perimeter, where it's managed (scanned, audited, etc) and sent over a new SSL connection.
There are lots of ways a P2P app could prevent that from happening of course. But then it might be easier to detect and block outright. Cat and mouse, as always.
Oh, and a question about IRC to anyone: The '/me' command, aka special CTCP action thingy... why does it use CTCP!?!?!?
Because it's not a plain message being sent to a nick/channel, is the simple answer.
CTCP is nice and flexible, allowing new communications to be added to the spec at any time because it's up to the client to figure out what to do with it. ACTION is just one example - I remember a time when only Unix clients handled CTCP ACTIONs - DOS clients (or at least the one I saw used) didn't.
There are other anomalies in this story, too. I imagine they'd say "oh, well, it takes a while to image terabytes of stuff, we'll get back you RSN."
And maybe that'd even be the truth. I do think there's more going on here than meets the eye, so speculation is going to be futile.
I also wonder about the privacy issues. As others have pointed out, they'll be imaging and analysing data well beyond the scope of the warrant. I don't see how that can be avoided. In which case there are implications for anyone else with illicit material on those servers - not admissable, obviously, but they'll know who to watch in future. Hmm.
What they'll do is standard forensic procedure - they'll image the disks, return the servers, and then be able to do whatever data mining and analysis they like without worrying about the live environment. There's only so much forensic work you can do 'live', because of the danger of data becoming 'tainted', and thus inadmissable.
It's/is/ unusual for law enforcement to image terabytes at a time, though I suppose it's just a question of scale.
Why would someone who has a perfectly good copy of MS Office want to switch?
Depends on what you mean by "perfectly good". I have a perfectly good copy of Office, in that it does exactly what I expect it to do. And until now, I've used it almost exclusively at work, despite being a Linux and OpenOffice user at home.
But recently I switched to OO for word processing, because of a single feature - just one - that OO has which Word does not. It can export PDFs. I suddenly needed to produce PDFs, and I don't like having to wait for my overworked creative department to run Word documents through Acrobat.
It's not all roses. OO's wordcount is crap, and you have to go and find a separate macro to get a useful wordcount (ie: one like Word's). Fortunately, I already had a macro handy (might be the same one as http://www.darwinwars.com/lunatic/bugs/oo_macros.h tml), but I've known other writers give up on OO after about 30 seconds because it had no wordcount built in.
But it only took one feature to compel me to switch. For someone else it may be a different feature which does it, but I can't avoid the sense that Microsoft is falling behind. IE is a vastly inferior browser - like many others I use Firebird (now -fox) not because I dislike MS but because it's simply a better product. If Office starts lagging OO in any meaningful way, a lot more pressure will build from users like me. What do you think I recommend to my colleagues who envy my ability to spit out PDFs on demand?
MS is your local economy if and only if you're an American. I think Phipps is English - http://www.sun.com/aboutsun/media/bios/bios-phipps.html
But you do have a point. Obviously Sun's in the same boat as far as the "local" question goes. And so is Dell, and Red Hat. And IBM. And Apple. Where are you getting your non-MS server from?
SuSE? That's only local if you're German.
Working with a local Linux integrator means you keep the money local, sure. But working with a local Microsoft integrator does the same thing, and if they're tied to a particular distribution, there's still a license fee.
The only difference is that Linux comes with a different (and better, if you like open and free) EULA. The license fee is not the differentiator, as Red Hat (for example) customers are coming to learn.
SC Magazine recently criticised AV vendors for exactly this. From the Jan 2004 group test of how Exchange AV products handled an outbreak:
"...None of the products did what we would have liked, which is to detect an outbreak, and then take steps to adjust its reporting accordingly. Email, log-file and SNMP alerts are great, but not 10,000 of them at a time..."
Actually, Microsoft deserves both your kudos - they set the precedent (I think) for private companies offering virus-writer bounties: http://money.cnn.com/2003/11/05/technol ogy/microso ftbounty/
Same amount - $250k for Sobig and Blaster each, and $4.5m for, uh, other stuff.
Something thing I'd add: think twice, speak once./. is a public forum.
You might think cracking a "hooray for MyDoom! SCO sucks!" comment in/. is funny, but (lazy) journalists and SCO will pick it up and use it against the OSS community.
As indicated in the original post, http://www.eweek.com/article2/0,4149,1463923,00.as p quotes an AC: "Quick, disable your AV software, and get some Windows boxes on the internet!"
Pretty sloppy journalism, quoting an anonymous source with no support, but it was rated "Funny" for God's sake. Why? Mod them "Troll" or "Flamebait", because that's what they are.
As long as there's that sort of bull flying around, people will readily believe it was a Linux fanatic with an axe to grind.
Keep rational, stay polite, and make your points the civilised way. No need to descend to the level of either SCO or a worm hacker to do so.
No they won't. It's coded to run the DoS between Feb 1-12.
Of course there's nothing to stop the author (or someone) using the backdoor component to run another DoS (or anything else) some other time, but that's no different to any other Trojan-carrying worm.
I bought it specifically so that I could control DVD playback on my laptop while sitting on the couch. And this one in particular because it's suitable for left-handers, which is nice.
If I were to need another one now, I'd definitely opt for one with a less bulky base station - my housemate's mouse has a neat USB thumbdrive-sized receiver. Much less range than the Logitech monster, but sufficient for the sort of TV-to-couch range in question.
Why was the parent modded as funny? Apart from the unlikely optimism in "bury the old stalwart", it's not an uncommon view that Firebird is a vastly superior browser to IE.
http://www.joelonsoftware.com/news/20030601.html http://weblog.infoworld.com/udell/2003/06/02.htm l (both linked off Firebird's homepage)
That's not much of an accident - the Mozilla Firebird 1.0 Development Charter (http://www.mozilla.org/projects/firebird/charter. html) starts: "Mozilla Firebird grew out of the desire to make the best browser for Microsoft Windows."
If you don't use Windows Update to handle your security patching, it's quite a bit of work to patch a system.
Uh-huh. And you use what to update your Linux systems? Do you manually visit every relevant website and download updates, compile and reinstall everything, resolving dependencies by hand?
Or do you use apt, up2date, emerge...? I'm not clear on how this differs from Windows Update, with the obvious exception of altered EULAs and similar nastiness. There's no excusing that.
My point is that updating any OS without some sort of frontend to do the legwork is horrible. Bash MS, sure, but bash fairly. They've got a decent-and-improving frontend to their patching, a variety of tools to check your network for patch levels, and so on. Good enough? Depends on your environment, but it's a LOT better than nothing.
Business addresses tend to be public. Mine's all over the place - at our company websites, on brochures, on business cards handed out at tradeshows, attached to articles online - you name it. Every harvester in the world can get it.
Consequently, I get a lot of spam. Most of it filtered, but still a lot more than I'd like. Counting the ones filtered, it's well over 100 a day. Maybe a dozen get through the filters light touch - I really don't want to miss ham), but more every week.
There's no easy solution - I/want/ people to be able to get hold of me easily.
Although...getting separate cards with throwaway mail addresses just for dishing out at conventions and shows is a very appealing idea. Might just do that some day.
At home, I use spamgourmet for all lists and registrations, and filter very aggressively. Can't recall the last time I saw any spam in my inbox, but I do have to check the quarantine for false positives regularly. *shrug* I guess the problem isn't going to just go away - there'll always be some assembly required.
I use CrossOver Office to run Outlook. I'd rather run Evolution or KMail, but: - I need to work with.pst files, and the importers I've used are crap. Well - actually not that bad, but just not good/consistent/easy enough. - I need to talk to Exchange servers, and CrossOver is cheaper than Ximian Connector. Only a little, but if I had 1000 seats to consider, it'd be a factor.
For all I'd rather be using free/OSS tools for the job, CrossOver is doing a great job helping me bridge the gap. Go CodeWeavers!
Not that you can trust browser identification strings. Half the time I browse with Firebird identifying itself as IE on Windows, because several of the sites I visit redirect me to a "this page can only be viewed with IE" message. 99% work perfectly with Mozilla, of course. Morons.
And no, I don't email the webmasters about it, at least not very often, because I'd spend half of each day doing so:(
Slashdot Mirror
I just tested a bunch of anti-spam tools. Brightmail was the best of the bunch in terms of detection, and had zero false positives. Not the most flexible though, and far from being userfriendly to admin and monitor.
YMMV - spam is not only subjective, it varies enormously from one organisation to another, and even between groups within organisations.
Technically, it's not stolen IP. Apart from the fact that it's not _stolen_ anything (since you can only violate copyright, not steal it), semantics aside it's only _allegedly_ copied code.
Pending confirmation from Cisco, it's at best a pointer to where you can find something which is purported to be part of something which someone says might be covered by somebody else's IP.
There's enough uncertainty in there to be perfectly safe. Even were it confirmed, I don't think Cisco's in the mood for a DeCSS-go-round over 200 lines of code out of 800mb. They're too busy getting subpoenas for franz's ISP, I imagine.
It's coming. SP2 for XP contains an IE update with the long-awaited pop-up blocker. But really, is it so hard to download AdAware yourself? Teach people how to secure themselves, don't spoonfeed it to them. Teach a man to fish, right?
You aren't masquerading as anything - just terminating the connection and reestablishing it. Usually easy to identify (because of the key, as you said), but that's OK - it's not meant to be covert. A lot of SSL VPN applications rely on this, since otherwise they'd be unable to do any kind of enforcement between client and server.
You might also want to look at how Ettercap handles https man-in-the-middle attacks.
Network security devices do this with SSL by proxying the connection so you think you're connecting to the remote site by SSL, but in fact it's only as far as your perimeter, where it's managed (scanned, audited, etc) and sent over a new SSL connection.
There are lots of ways a P2P app could prevent that from happening of course. But then it might be easier to detect and block outright. Cat and mouse, as always.
Because it's not a plain message being sent to a nick/channel, is the simple answer.
CTCP is nice and flexible, allowing new communications to be added to the spec at any time because it's up to the client to figure out what to do with it. ACTION is just one example - I remember a time when only Unix clients handled CTCP ACTIONs - DOS clients (or at least the one I saw used) didn't.
There are other anomalies in this story, too. I imagine they'd say "oh, well, it takes a while to image terabytes of stuff, we'll get back you RSN."
And maybe that'd even be the truth. I do think there's more going on here than meets the eye, so speculation is going to be futile.
I also wonder about the privacy issues. As others have pointed out, they'll be imaging and analysing data well beyond the scope of the warrant. I don't see how that can be avoided. In which case there are implications for anyone else with illicit material on those servers - not admissable, obviously, but they'll know who to watch in future. Hmm.
The latter.
/is/ unusual for law enforcement to image terabytes at a time, though I suppose it's just a question of scale.
What they'll do is standard forensic procedure - they'll image the disks, return the servers, and then be able to do whatever data mining and analysis they like without worrying about the live environment. There's only so much forensic work you can do 'live', because of the danger of data becoming 'tainted', and thus inadmissable.
It's
This is the macro I was talking about:c hment.cg i?attach_id=1907&file=wordcount.txt
http://www.openoffice.org/issues/showatta
Depends on what you mean by "perfectly good". I have a perfectly good copy of Office, in that it does exactly what I expect it to do. And until now, I've used it almost exclusively at work, despite being a Linux and OpenOffice user at home.
But recently I switched to OO for word processing, because of a single feature - just one - that OO has which Word does not. It can export PDFs. I suddenly needed to produce PDFs, and I don't like having to wait for my overworked creative department to run Word documents through Acrobat.
It's not all roses. OO's wordcount is crap, and you have to go and find a separate macro to get a useful wordcount (ie: one like Word's). Fortunately, I already had a macro handy (might be the same one as http://www.darwinwars.com/lunatic/bugs/oo_macros.h tml), but I've known other writers give up on OO after about 30 seconds because it had no wordcount built in.
But it only took one feature to compel me to switch. For someone else it may be a different feature which does it, but I can't avoid the sense that Microsoft is falling behind. IE is a vastly inferior browser - like many others I use Firebird (now -fox) not because I dislike MS but because it's simply a better product. If Office starts lagging OO in any meaningful way, a lot more pressure will build from users like me. What do you think I recommend to my colleagues who envy my ability to spit out PDFs on demand?
MS is your local economy if and only if you're an American. I think Phipps is English - http://www.sun.com/aboutsun/media/bios/bios-phipps .html
But you do have a point. Obviously Sun's in the same boat as far as the "local" question goes. And so is Dell, and Red Hat. And IBM. And Apple. Where are you getting your non-MS server from?
SuSE? That's only local if you're German.
Working with a local Linux integrator means you keep the money local, sure. But working with a local Microsoft integrator does the same thing, and if they're tied to a particular distribution, there's still a license fee.
The only difference is that Linux comes with a different (and better, if you like open and free) EULA. The license fee is not the differentiator, as Red Hat (for example) customers are coming to learn.
SC Magazine recently criticised AV vendors for exactly this. From the Jan 2004 group test of how Exchange AV products handled an outbreak:
"...None of the products did what we would have liked, which is to detect an outbreak, and then take steps to adjust its reporting accordingly. Email, log-file and SNMP alerts are great, but not 10,000 of them at a time..."
Actually, Microsoft deserves both your kudos - they set the precedent (I think) for private companies offering virus-writer bounties:l ogy/microso ftbounty/
http://money.cnn.com/2003/11/05/techno
Same amount - $250k for Sobig and Blaster each, and $4.5m for, uh, other stuff.
Very well said.
/. is a public forum.
/. is funny, but (lazy) journalists and SCO will pick it up and use it against the OSS community.
s p quotes an AC: "Quick, disable your AV software, and get some Windows boxes on the internet!"
Something thing I'd add: think twice, speak once.
You might think cracking a "hooray for MyDoom! SCO sucks!" comment in
As indicated in the original post, http://www.eweek.com/article2/0,4149,1463923,00.a
Pretty sloppy journalism, quoting an anonymous source with no support, but it was rated "Funny" for God's sake. Why? Mod them "Troll" or "Flamebait", because that's what they are.
As long as there's that sort of bull flying around, people will readily believe it was a Linux fanatic with an axe to grind.
Keep rational, stay polite, and make your points the civilised way. No need to descend to the level of either SCO or a worm hacker to do so.
No they won't. It's coded to run the DoS between Feb 1-12.
Of course there's nothing to stop the author (or someone) using the backdoor component to run another DoS (or anything else) some other time, but that's no different to any other Trojan-carrying worm.
I bought it specifically so that I could control DVD playback on my laptop while sitting on the couch. And this one in particular because it's suitable for left-handers, which is nice.
If I were to need another one now, I'd definitely opt for one with a less bulky base station - my housemate's mouse has a neat USB thumbdrive-sized receiver. Much less range than the Logitech monster, but sufficient for the sort of TV-to-couch range in question.
Why was the parent modded as funny? Apart from the unlikely optimism in "bury the old stalwart", it's not an uncommon view that Firebird is a vastly superior browser to IE.
l m l
. html) starts: "Mozilla Firebird grew out of the desire to make the best browser for Microsoft Windows."
http://www.joelonsoftware.com/news/20030601.htm
http://weblog.infoworld.com/udell/2003/06/02.ht
(both linked off Firebird's homepage)
That's not much of an accident - the Mozilla Firebird 1.0 Development Charter (http://www.mozilla.org/projects/firebird/charter
So far, so good.
Uh-huh. And you use what to update your Linux systems? Do you manually visit every relevant website and download updates, compile and reinstall everything, resolving dependencies by hand?
Or do you use apt, up2date, emerge...? I'm not clear on how this differs from Windows Update, with the obvious exception of altered EULAs and similar nastiness. There's no excusing that.
My point is that updating any OS without some sort of frontend to do the legwork is horrible. Bash MS, sure, but bash fairly. They've got a decent-and-improving frontend to their patching, a variety of tools to check your network for patch levels, and so on. Good enough? Depends on your environment, but it's a LOT better than nothing.
Business addresses tend to be public. Mine's all over the place - at our company websites, on brochures, on business cards handed out at tradeshows, attached to articles online - you name it. Every harvester in the world can get it.
/want/ people to be able to get hold of me easily.
Consequently, I get a lot of spam. Most of it filtered, but still a lot more than I'd like. Counting the ones filtered, it's well over 100 a day. Maybe a dozen get through the filters light touch - I really don't want to miss ham), but more every week.
There's no easy solution - I
Although...getting separate cards with throwaway mail addresses just for dishing out at conventions and shows is a very appealing idea. Might just do that some day.
At home, I use spamgourmet for all lists and registrations, and filter very aggressively. Can't recall the last time I saw any spam in my inbox, but I do have to check the quarantine for false positives regularly. *shrug* I guess the problem isn't going to just go away - there'll always be some assembly required.
That's one interpretation. Another is that it's a Microsoft sponsored scheme to undermine Linux.
In which case it's still about money, just not for SCO.
</tinfoil hat>
Stop and think about that quote for a moment.
Voting in Iraq could have changed things. But it was illegal.
So in fact the quote is entirely correct in that context. It may be cynical, but there's more depth there than some people may realise.
I use CrossOver Office to run Outlook. I'd rather run Evolution or KMail, but: .pst files, and the importers I've used are crap. Well - actually not that bad, but just not good/consistent/easy enough.
- I need to work with
- I need to talk to Exchange servers, and CrossOver is cheaper than Ximian Connector. Only a little, but if I had 1000 seats to consider, it'd be a factor.
For all I'd rather be using free/OSS tools for the job, CrossOver is doing a great job helping me bridge the gap. Go CodeWeavers!
Not that you can trust browser identification strings. Half the time I browse with Firebird identifying itself as IE on Windows, because several of the sites I visit redirect me to a "this page can only be viewed with IE" message. 99% work perfectly with Mozilla, of course. Morons.
:(
And no, I don't email the webmasters about it, at least not very often, because I'd spend half of each day doing so