Sort of. Data management should be done in shared libraries, in user space, not in the kernel.
I disagree with that. In fact I think that the lack of decent data management in the Unix (and later Linux) kernel has always severely hampered the development of a consistent and good method of storage of configuration data.
Just because something should be in the OS doesn't mean it should be in the kernel.
That argument has been used against many developments. Often without reason. We don't have a microkernel, so there will always be things in there that purists don't like to have in the kernel. But "we should not put a good filesystem in the kernel because we already have a worse one there, put your good filesystem in a shared library instead" is just a conservatist statement against any change, not constructive. Along those lines you may just as well argue that the kernel should only provide access to block devices, and that a filesystem does not belong in the kernel because it can be done in a shared library.
Apparently your belief is that every program should be on its own to do all its data management.
Others, including me, believe that the operating system should be there to help perform these tasks by providing suitable services. Like well-performing services to store and remove arbitrarily sized pieces of data in an entity that can be referred to by a name, and without unnecessary restrictions on the number of such entities.
When you put the burden of everything on the user program, and blame everything on bad design of that program, you may just as well use MS-DOS.
I once used ReiserFS since then never trusted it anymore. ReiserFS looses data, corrupts the filesystem, causes no good things.
I have run it on production machines ever since it was fixed (2.4.8 kernel? somewhere around that) and I have never lost a byte of data.
It performs well, except for the wellknown issue that after a lot of filewriting at some moment it starts to write back a lot of cached data and the system gets starved because reads are not getting through.
No. I wouldn't. Having 10,000 files in a single directory is not useful to me.
Maybe not you yourself, but some programs will certainly do that. E.g. a cache directory of a browser or proxy server. Programs have to be handling the deficiencies in filesystem directories by adding extra directory levels, which complicates them more than necessary.
Why would I want my mail box to do that?
Because it is more efficient when deleting mail messages or moving them between folders.
It makes no sense for someone to write a mail program which only works on a single filesystem.
It works on all filesystems, but performs better on some than on others. And it already has been written.
Recently, I was told by a manager at a major monitor maker that CRTs are phasing out. I have a very weak eye and I read text at 1024x768 on a 21" monitor, sitting 2 feet away. Each alphabet is about 1/4" tall. What makes me panic is the fact that LCDs have fixed resolution and they are simply too small for me to read icons and widget text, like Microsoft's.
Recently we received a new laptop at work that has 1600x1200 on a 15" LCD. I only use Linux myself and I immediately assumed that it would be easy to configure Windows XP so that all text is bigger, all pictograms are larger, etc. while improving their quality (else one can simply set the resolution to 800x600 which would blow away the advantage of the nice LCD)
However, this turns out to be not the case, at least as far as I have seen. Even with the large fonts option selected, some text remains really tiny.
Should this not read FYMI? It seems like Mis-Information!
A Windows 2000 Professional system with SP4 will still need the patch according to Microsoft Windows Update. And the DirectX version hasn't changed with SP4.
Actually it doesn't. Even with IPv4 there is clearly a deficiency in the naming system, or at least in the way it has been implemented and managed. It was supposed to be multi-level, and it has been abused until it had only one-and-a-half level. The result is that all the usable names are taken, and there are by far not enough names to assign a name to every IPv6 address.
Having a 'box' available in the stores does a lot for PR, even at a loss in pure dollars..
The 'box' IS important for marekting and the general publics 'warm and fuzzies'
The SuSE people will probably have no problem with taking the vacated shelf space. So the people will still be warm and fuzzy, and they see some products from a differen country as well. Good.
I will guarantee that if Linux were the market leader, you'd see large amounts of virii for Linux as well.
But they will not be as successfull as on the Windows platform. This because on Windows, most people use the same software, the systems are configured similarly, and there is the problem that "opening documents" can be equivalent to "executing code in those documents".
Linux does not have those problems now, and maybe it will move a little bit more towards them when it is getting to be market leader, but the same dumb mistakes will certainly not be made.
Their problem is, they sell different software to different customers for different prices, all running on the same hardware. IOS is a single image that can have lots of different features. Different protocols (IP, IPX, SNA, whatever) and also different levels within the same protocols (IP, IP with encryption, IP with firewalls). If you bought a router with a bare IP IOS and now you would need a patch, you could download the IP with firewall version and thus upgrade your functionality without paying.
Of course this is not what the salesmen like. But it is also very oldfashioned. Other software manufacturers have solved this long ago by issuing licensing codes that enable a certain featureset. So, after installation you will have to type some cryptic set of letters and digits that proves that you have bought a license for this specific software. In an environment like that, they can put their software up for download without running the risk that customers silently upgrade to larger featuresets. (except that these schemes are often hacked, but that is a completely different issue)
A colleague keeps wondering why we use these expensive Ciscos and Junipers when Linux would technically fulfil a lot of what we want to do. He's right, but for one thing - typical server uptimes and reliability aren't good enough for the stuff that routers do. Even Linux, which is pretty damn good for uptime. A 5 minute reboot of a web server is annoying, but a 5 minute reboot of a router will get customers on the phone.
Of course a Linux system that does only routing will have better uptime than one that runs lots of server processes, has a disk, needs hardware additions now and then, etc.
Also, such a Linux system will not need 5 minutes for a reboot. In fact, it will reboot faster than a typical Cisco.
It is also much more modular and can do some updates without reboot. When you have a modular kernel and need to install some bugfix in a driver or other component, it will in some cases be possible to replace the module without a reboot. In a Cisco this is never true; it will need a replacement of its entire monolytic IOS and a reload.
Of course, this does not mean that Linux can always replace a Cisco and is always a better choice. However, it more often is than many people want to believe, especially with todays PCs (low power, high performance, solid state background storage). It is largely a culture thing. When PCs started to replace mainframe terminals, there were also lots of people proclaiming that they were not good enough. However, that has changed over the years.
When you are running NAT with static portmappings to allow outside connections (e.g. to SMTP or HTTP servers), you will have traffic directed at the router IP, but the router will actually forward it and not process it (you can hope).
Will this traffic, once let in by the input ACL, expose you to this bug? Or is only traffic really handled by the TCP stack in the router (telnet, ssh etc) involved?
Well, you might not have to pay a subscription fee to the 'free' ISP's in the Netherlands (and elsewhere in Europe), but you DO pay by the minute through the phone bill. In the US, local calls (like those to your ISP, with a bit of luck) are free, so the price in the US will end up lower for anyone using more than, say half an hour, of net-time a day.
Of course the price our US friends paid for this is that they never got ISDN (which works so much bettern than modems). Also, local areas are normally much smaller than the lowest tariff area in other countries.
Services that are entirely flat-fee are open to abuse. Like keeping your modem connection open 24h/day because it is free anyway. This forces up the monthly fee, as the ISP is forced to have less overbooking (subscribers per modem) than would be possible when local calls were not completely free. (even a very small charge will quickly make a difference)
In the "summary document" I read a lot of references to support of hardware and competing systems that most of us have trashed long ago. Fine with me, but how about de floppy disk driver? That hasn't worked reliably for me since 1.2 or so, but was perfect in early Linux versions. It is not so much of a problem these days as floppies are rarely used anymore, but I've always wondered why it has been in such a sad state for so long...
This is not a hardware-related problem, I have seen floppy trouble on many different systems. Read errors or unable to format on floppies that read or formatted perfectly in DOS or Windows on the same system. When I need to write a couple of bootfloppies I usually format them on Windows, saves a lot of grief...
But isn't that because the optical disc is a Dutch/Japanese invention and those who have decided on the name did not know about those US-English conventions?
You forget to mention that much of today's spam is sent in violation of the assumptions you list above. I.E.
They send mail via one or more systems that are used as proxies, without their prior consent
They use sender addresses that do not belong to them, but to other people
They advertise websites that they do not host themselves, but have put on hacked machines or they use hacked machines as proxies
This means they are not inventive users of the system as it is designed, but abusers that use false identities. When you get your cable service you have nothing to say about the ads, but when some person cuts away the programme and starts transmitting his porn or other abusive material, under the station logo of a known station or listing your name on the screen, you have some base for complaining.
When there is an evening news item about a spammer who died in a shootout, I certainly understand why it happened.
These people operate without any consideration. They abuse large groups of defenseless persons and organisations for their own selfish purpose of spreading spam.
Mhm, one of my domains is suffering from mail15.com abuse too, with two aspects of abuse:
I get exactly the same pattern. It is not a dictionary attack, or at least it is not a plain English dictionary. It looks like the addresses are formed of words and names that appeared in usenet or mailing list postings of several years ago.
At that time I was quite active in Linux kernel development groups, and the spam goes to names that are wellknown Linux developers, and to function- and variable names in modules that I discussed.
So, they apparently think that these addresses have a higher chance of working. (they don't, because there really are only a couple of valid mail addresses in that domain)
> You probably already have tried this, but if they are spamming mostly russian addresses, block the entire russian/eastern european ip blocks, unless you need them. If so, you can be more selective on what to block.
I have blocked the Russian SMTP servers that sent most of the bounces, yes. And one very clueless Israelian server that sent a bounce every minute.
But the only thing I could do to really get rid of this, is to forget about using this domain for mail. Fortunately I did not use these addresses directly, I used an alias somewhere else.
So, what I did is: set the MX record for the attacked domain to their own mailserver. Now, all the crap goes back to them. I will keep this for a few weeks and then try resetting it back to see if the stream has dried up.
Spammers don't send out millions of emails as a fun and educational hobby. People and companies pay money to advertise this way. They should be the targets of action against spam.
Unfortunately the companies they work for are often just as filthy as they are themselves. Not worth much to go against them.
E.g. I have become a victim of a Russian spammer who works for "companies" like mail15.com. They send spam about there "new mail service" to mostly Russian mail addresses, but instead of using a valid reply address they forge random sender addresses within a domain that I own. This has resulted in thousands of bounce messages sent to me, and an exposure to a herd of clueless system administrators who cannot setup a mailserver (those mailservers sometimes re-try every minute for several days to send a bounce to a nonexistent address)
The Spammer himself cannot be located, because they use open proxies on cable- and DSL networks. The owners of those networks don't give a damn.
The mailservice itself is run by ruthless people in Russia who do not mind if someone complains. They have also defended their application form against measures like you describe.
So what can I do?? The only real persons to attack here are the clueless families that have installed Internet sharing software on their Windows PC. They are the medium that facilitates this anonymous spam. I don't understand why the author of AnalogX Proxy has not been locked away as a terrorist.
Slashdot Mirror
Sort of. Data management should be done in shared libraries, in user space, not in the kernel.
I disagree with that. In fact I think that the lack of decent data management in the Unix (and later Linux) kernel has always severely hampered the development of a consistent and good method of storage of configuration data.
Just because something should be in the OS doesn't mean it should be in the kernel.
That argument has been used against many developments. Often without reason.
We don't have a microkernel, so there will always be things in there that purists don't like to have in the kernel. But "we should not put a good filesystem in the kernel because we already have a worse one there, put your good filesystem in a shared library instead" is just a conservatist statement against any change, not constructive.
Along those lines you may just as well argue that the kernel should only provide access to block devices, and that a filesystem does not belong in the kernel because it can be done in a shared library.
Apparently your belief is that every program should be on its own to do all its data management.
Others, including me, believe that the operating system should be there to help perform these tasks by providing suitable services. Like well-performing services to store and remove arbitrarily sized pieces of data in an entity that can be referred to by a name, and without unnecessary restrictions on the number of such entities.
When you put the burden of everything on the user program, and blame everything on bad design of that program, you may just as well use MS-DOS.
I once used ReiserFS since then never trusted it anymore. ReiserFS looses data, corrupts the filesystem, causes no good things.
I have run it on production machines ever since it was fixed (2.4.8 kernel? somewhere around that) and I have never lost a byte of data.
It performs well, except for the wellknown issue that after a lot of filewriting at some moment it starts to write back a lot of cached data and the system gets starved because reads are not getting through.
No. I wouldn't. Having 10,000 files in a single directory is not useful to me.
Maybe not you yourself, but some programs will certainly do that. E.g. a cache directory of a browser or proxy server.
Programs have to be handling the deficiencies in filesystem directories by adding extra directory levels, which complicates them more than necessary.
Why would I want my mail box to do that?
Because it is more efficient when deleting mail messages or moving them between folders.
It makes no sense for someone to write a mail program which only works on a single filesystem.
It works on all filesystems, but performs better on some than on others.
And it already has been written.
Recently, I was told by a manager at a major monitor maker that CRTs are phasing out. I have a very weak eye and I read text at 1024x768 on a 21" monitor, sitting 2 feet away. Each alphabet is about 1/4" tall. What makes me panic is the fact that LCDs have fixed resolution and they are simply too small for me to read icons and widget text, like Microsoft's.
Recently we received a new laptop at work that has 1600x1200 on a 15" LCD. I only use Linux myself and I immediately assumed that it would be easy to configure Windows XP so that all text is bigger, all pictograms are larger, etc. while improving their quality (else one can simply set the resolution to 800x600 which would blow away the advantage of the nice LCD)
However, this turns out to be not the case, at least as far as I have seen. Even with the large fonts option selected, some text remains really tiny.
Strange that products are shipped like that...
> FYI...
Should this not read FYMI?
It seems like Mis-Information!
A Windows 2000 Professional system with SP4 will still need the patch according to Microsoft Windows Update. And the DirectX version hasn't changed with SP4.
The IPv6 address space is 65536 times larger than the IPX address space.
Actually it doesn't.
Even with IPv4 there is clearly a deficiency in the naming system, or at least in the way it has been implemented and managed.
It was supposed to be multi-level, and it has been abused until it had only one-and-a-half level.
The result is that all the usable names are taken, and there are by far not enough names to assign a name to every IPv6 address.
Having a 'box' available in the stores does a lot for PR, even at a loss in pure dollars..
The 'box' IS important for marekting and the general publics 'warm and fuzzies'
The SuSE people will probably have no problem with taking the vacated shelf space.
So the people will still be warm and fuzzy, and they see some products from a differen country as well. Good.
This will probably NOT work!
I have not tried it with XP Home but it already failed to work on Windows 2000.
The special CDs delivered with A-brand computers are not general Windows CDs and they can only be installed on the type of computer they came with.
A VMware "virtual machine" is not the computer it came with, so it refuses to install.
What you *can* do is install Windows, then VMware for Windows, and then run Linux under VMware.
I will guarantee that if Linux were the market leader, you'd see large amounts of virii for Linux as well.
But they will not be as successfull as on the Windows platform.
This because on Windows, most people use the same software, the systems are configured similarly, and there is the problem that "opening documents" can be equivalent to "executing code in those documents".
Linux does not have those problems now, and maybe it will move a little bit more towards them when it is getting to be market leader, but the same dumb mistakes will certainly not be made.
Their problem is, they sell different software to different customers for different prices, all running on the same hardware.
IOS is a single image that can have lots of different features. Different protocols (IP, IPX, SNA, whatever) and also different levels within the same protocols (IP, IP with encryption, IP with firewalls).
If you bought a router with a bare IP IOS and now you would need a patch, you could download the IP with firewall version and thus upgrade your functionality without paying.
Of course this is not what the salesmen like. But it is also very oldfashioned. Other software manufacturers have solved this long ago by issuing licensing codes that enable a certain featureset. So, after installation you will have to type some cryptic set of letters and digits that proves that you have bought a license for this specific software.
In an environment like that, they can put their software up for download without running the risk that customers silently upgrade to larger featuresets.
(except that these schemes are often hacked, but that is a completely different issue)
A colleague keeps wondering why we use these expensive Ciscos and Junipers when Linux would technically fulfil a lot of what we want to do. He's right, but for one thing - typical server uptimes and reliability aren't good enough for the stuff that routers do. Even Linux, which is pretty damn good for uptime. A 5 minute reboot of a web server is annoying, but a 5 minute reboot of a router will get customers on the phone.
Of course a Linux system that does only routing will have better uptime than one that runs lots of server processes, has a disk, needs hardware additions now and then, etc.
Also, such a Linux system will not need 5 minutes for a reboot. In fact, it will reboot faster than a typical Cisco.
It is also much more modular and can do some updates without reboot. When you have a modular kernel and need to install some bugfix in a driver or other component, it will in some cases be possible to replace the module without a reboot.
In a Cisco this is never true; it will need a replacement of its entire monolytic IOS and a reload.
Of course, this does not mean that Linux can always replace a Cisco and is always a better choice. However, it more often is than many people want to believe, especially with todays PCs (low power, high performance, solid state background storage).
It is largely a culture thing. When PCs started to replace mainframe terminals, there were also lots of people proclaiming that they were not good enough. However, that has changed over the years.
When you are running NAT with static portmappings to allow outside connections (e.g. to SMTP or HTTP servers), you will have traffic directed at the router IP, but the router will actually forward it and not process it (you can hope).
Will this traffic, once let in by the input ACL, expose you to this bug?
Or is only traffic really handled by the TCP stack in the router (telnet, ssh etc) involved?
Well, you might not have to pay a subscription fee to the 'free' ISP's in the Netherlands (and elsewhere in Europe), but you DO pay by the minute through the phone bill. In the US, local calls (like those to your ISP, with a bit of luck) are free, so the price in the US will end up lower for anyone using more than, say half an hour, of net-time a day.
Of course the price our US friends paid for this is that they never got ISDN (which works so much bettern than modems).
Also, local areas are normally much smaller than the lowest tariff area in other countries.
Services that are entirely flat-fee are open to abuse. Like keeping your modem connection open 24h/day because it is free anyway. This forces up the monthly fee, as the ISP is forced to have less overbooking (subscribers per modem) than would be possible when local calls were not completely free.
(even a very small charge will quickly make a difference)
Then why is this not a denial of service?
In the "summary document" I read a lot of references to support of hardware and competing systems that most of us have trashed long ago. Fine with me, but how about de floppy disk driver? That hasn't worked reliably for me since 1.2 or so, but was perfect in early Linux versions.
It is not so much of a problem these days as floppies are rarely used anymore, but I've always wondered why it has been in such a sad state for so long...
This is not a hardware-related problem, I have seen floppy trouble on many different systems. Read errors or unable to format on floppies that read or formatted perfectly in DOS or Windows on the same system. When I need to write a couple of bootfloppies I usually format them on Windows, saves a lot of grief...
But isn't that because the optical disc is a Dutch/Japanese invention and those who have decided on the name did not know about those US-English conventions?
I.E.
This means they are not inventive users of the system as it is designed, but abusers that use false identities.
When you get your cable service you have nothing to say about the ads, but when some person cuts away the programme and starts transmitting his porn or other abusive material, under the station logo of a known station or listing your name on the screen, you have some base for complaining.
it makes it all the easier to block.
No. they will not send you mail from this IP, but they will connect through one or more open proxies.
Or worse: alert SCO that those spammers use their Intellectual Property!
When there is an evening news item about a spammer who died in a shootout, I certainly understand why it happened.
These people operate without any consideration.
They abuse large groups of defenseless persons and organisations for their own selfish purpose of spreading spam.
Mhm, one of my domains is suffering from mail15.com abuse too, with two aspects of abuse:
I get exactly the same pattern.
It is not a dictionary attack, or at least it is not a plain English dictionary. It looks like the addresses are formed of words and names that appeared in usenet or mailing list postings of several years ago.
At that time I was quite active in Linux kernel development groups, and the spam goes to names that are wellknown Linux developers, and to function- and variable names in modules that I discussed.
So, they apparently think that these addresses have a higher chance of working.
(they don't, because there really are only a couple of valid mail addresses in that domain)
> You probably already have tried this, but if they are spamming mostly russian addresses, block the entire russian/eastern european ip blocks, unless you need them. If so, you can be more selective on what to block.
I have blocked the Russian SMTP servers that sent most of the bounces, yes. And one very clueless Israelian server that sent a bounce every minute.
But the only thing I could do to really get rid of this, is to forget about using this domain for mail. Fortunately I did not use these addresses directly, I used an alias somewhere else.
So, what I did is: set the MX record for the attacked domain to their own mailserver.
Now, all the crap goes back to them. I will keep this for a few weeks and then try resetting it back to see if the stream has dried up.
Spammers don't send out millions of emails as a fun and educational hobby. People and companies pay money to advertise this way. They should be the targets of action against spam.
Unfortunately the companies they work for are often just as filthy as they are themselves. Not worth much to go against them.
E.g. I have become a victim of a Russian spammer who works for "companies" like mail15.com. They send spam about there "new mail service" to mostly Russian mail addresses, but instead of using a valid reply address they forge random sender addresses within a domain that I own. This has resulted in thousands of bounce messages sent to me, and an exposure to a herd of clueless system administrators who cannot setup a mailserver (those mailservers sometimes re-try every minute for several days to send a bounce to a nonexistent address)
The Spammer himself cannot be located, because they use open proxies on cable- and DSL networks. The owners of those networks don't give a damn.
The mailservice itself is run by ruthless people in Russia who do not mind if someone complains.
They have also defended their application form against measures like you describe.
So what can I do??
The only real persons to attack here are the clueless families that have installed Internet sharing software on their Windows PC. They are the medium that facilitates this anonymous spam.
I don't understand why the author of AnalogX Proxy has not been locked away as a terrorist.