Ideally, you'd return a 5xx failure for things which violate your policies rather than accepting the message and then having responsibility for bouncing it during subsequent processing. However, the ability to scan for stuff and reject it during the SMTP transaction can be limited and varies from MTA to MTA.
Greylisting helps a lot, as does plain-old header-based content-type filtering [1] or attachment filename extension filtering [2], since these can generally be done within the tranaction before giving a 250 accept, 4xx temp failure, or 5xx permanent rejection. Bayesian filtering and virus-scanning software can take a while to finish processing a big message, depending on the sizes you permit through, archive compression ratio, and the workload of the mailserver, so these tend to be done afterwards or asyncronously with the SMTP transaction.
Note that the ESMTP protocol actually has some support for some of the keywords you've suggested: `awk "s/ONLY-UTF-8/8BITMIME" $PARENT`.
It might not be a bad thought to have some sort of shorthand for indicating that virus-scanning is being done (although one already can use Received or X-Virus-Scanned headers inline with the message itself for that purpose) or to communicate policy decisions similar to the W3C P3P stuff (http://www.w3.org/P3P/).
[1]: For example, reject email containing a "Content-type: text/html" header.:-) [2]: Ie, reject attachments like ".exe" or ".scr"...
Providing a warning that this is a restricted system with an acceptable usage policy and that unauthorized accesss is forbidden [1], and that access is being monitored and/or logged makes prosecution much easier, because the burden of proof lies with the defendant to prove their conduct was not willful rather than vice versa. In fact, there are some places-- apparently the UK and some other EU countries-- where it is illegal to monitor even unauthorized user access without providing notification.
Basicly, it has the same affect as the login banners that some OSes and Cisco routers in particular provide for telnet and SSH access, which is discussed in more detail on the Cisco site and whitepapers at SANS and other organizations:
Warning Banners
In some jurisdictions, civil and/or criminal prosecution of crackers who break into your systems is made much easier if you provide a banner informing unauthorized users that their use is in fact unauthorized. In other jurisdictions, you may be forbidden to monitor the activities of even unauthorized users unless you have taken steps to notify them of your intent to do so. One way of providing this notification is to put it into a banner message configured with the Cisco IOS banner login command.
Legal notification requirements are complex, and vary in each jurisdiction and situation. Even within jurisdictions, legal opinions vary, and this issue should be discussed with your own legal counsel. In cooperation with counsel, you should consider which of the following information should be put into your banner:
* A notice that the system is to be logged in to or used only by specifically authorized personnel, and perhaps information about who may authorize use. * A notice that any unauthorized use of the system is unlawful, and may be subject to civil and/or criminal penalties. * A notice that any use of the system may be logged or monitored without further notice, and that the resulting logs may be used as evidence in court. * Specific notices required by specific local laws.
[1]: For the case of email, the short form is the phrase "no UCE", the long form is a posted AUP that your users or customers have signed and that is posted on your website, fileserver, etc. In the case of problems, having a documented policy that predates the particular incident gives you a lot more leverage.
Having an MX record published in the DNS and having a machine listening on port 25 for SMTP does not mean that the owner of that system doesn't have the right to control the usage of that machine. I put a "no UCE" comment in my SMTP banners and make reference to an acceptable-use policy.
The problem isn't that this isn't legally enforcable-- it is-- but that the amount of time and effort required to gain a judgement against an individual spammer is generally prohibitive, so I've gotten a lot more mileage from greylisting and from amavisd+ClamAV+SpamAssassin, but the "no UCE" banner has proved useful from time to time.
By this I mean, I tend to report the spam which gets through to the netblock owner or ISP, the registrar, AND the WHOIS points-of-contact, I've actually had several spammers try to argue that their mail was legitimate in order to avoid having their accounts shut down, but when I pointed out the SMTP banner, I've actually had the registrar or ISP dump the spammer as a client.
[ And no, this doesn't happen that often, perhaps 1 out of 10 or 20 spam reports, but it's still enough to be worthwhile. Network Solutions and GoDaddy seem to be the most responsive, whereas the Joker D/B/A? registrar and most of the Asian registrars seem to not care. ]
There are other tricks, such as listing a few spamtrap email addresses on your website, or perhaps using wpoison.pl or similar tools to try to poison the spam-databases that spammers create by scraping websites for email addrs...
I'm pretty sure the most common reason people kill each other (or themselves, or a combination) is somebody drunk being behind the wheel of a car.
If you want to talk about murder instead of "accidental" causes, something like 40% of murders are due to arguments, often between family members or relatives or friends, murders commissioned in relation with another felony crime (theft, rape, etc) are about 25% of the total, and murders related to narcotics being around 8%. Lots of data here:
If you give me attitude (and this is a bad one here.. Give me attitude even if you have done nothing wrong, and I'll keep you at the side of the road for 45 minutes trying to figure out how many citations I can give you. My record was 10 and I only stopped because I got bored. The judge laughed at the guy when he showed up in court), or your record comes back that you are an unsafe driver, you might well get a ticket. However, you are just as likely to be able to drive away with 'a warning'.
Don't get me wrong, I support the police because the job they do is too important to get wrong, and I've donated off and on to my local state police benevolent fund, but the job of a cop is to enforce the law, not harass people because you don't like their "attitude". What you've just described probably qualifies as "misprision of office", and you should resign rather than abuse the authority granted to police.
Having no police at all is better than having corrupt police running a police state.
At least with "HAMDAN v. RUMSFELD", the US is moving further from that, rather than closer.
Basicly, yeah. People use "FOSS" to refer to the combination of software which is "Free" per the FSF/GNU crowd, and "Open Source" per the OSI definition. Pretty much, "free" software is a proper subset of Open Source Software...
You mean, something like ClamAV, http://www.clamav.net/...? Works just fine on both Solaris and Linux, although the vast majority of malware it detects is for the Windows platform (of course).
There are the facts and there are opinions. What most people call "the truth" is actually a combination of both.
Anything that depends upon your perspective, or varies from person to person, is almost certainly a matter of opinion rather than a matter of fact. Which is appropriate, or ironic, depending on whether you find it funny how often people say, "As a matter of fact,..." and then try to perseude you to agree with their opinions.
A surge suppressor won't help in this case, because it's only designed to block surges in the AC power.
A really cheap surge suppressor basicly only has a filter capacitor to smooth surges, but almost any decent surge suppressor uses "metal oxide varistors" as well, which are designed to absorb small surges OK (they emit the energy as heat), or else melt down under a high-energy surge in order to break the circuit before more expensive components die.
Basicly, MOVs are pretty similar to fuses in many ways, only they are more expensive, tolerate minor overvoltages/surges better, and blow under a high-power event faster than a fuse does. Well-designed equipment often has MOVs integrated into the power supply...
No. Section 4.5.1 of RFC-2821 mandates that email addressed TO or must be delivered to a local mailbox. You are expected to accept such mail FROM any other system on the Internet, but:
" In extreme cases-- such as to contain a denial of service attack or
other breach of security-- an SMTP server may block mail directed to
Postmaster. However, such arrangements SHOULD be narrowly tailored
so as to avoid blocking messages which are not part of such attacks."
A machine which is not part of your domain which attempts to impersonate itself as being in your domain usually is trying to breach your security. They do this in an attempt to be treated as an internal machine which is always permitted to relay mail.
Normally you would configure the MTA to permit SMTP relaying if the user authenticates via AUTH LOGIN, in which case the legitimate users from your compnay can use the domain name from outside just fine, without needing to use a VPN tunnel.
These last three remarks are why Anonymous Coward is sometimes still worth reading, thank you all, and good job spotting the connection to Yahoo! corporate address.
I just bounced mail off to abuse@yahoo.com, showing the WHOIS info and asking whether the domain registration is legitimate or fraudulent-- who knows, perhaps it is legit (?!!!), but I CC:ed fraud@ftc.gov just to make sure that they pay attention.:-)
quick facts from Wikipedia on the search page, and, (what counts most) fewer ads than any of the rivals
This is obviously untrue-- there are zero ads on Wikipedia, which seems to be where ask.com has lifted much of the content only to wrap it in paid-for-placement ad banners. Do a search on ask.com and you'll get the top-3 sponsored paid ad links first, then the top-ten actual search results, and then another 5 sponsored paid ad links. By my count, about forty percent of the links ask.com shows you when you search are ad links.
Next, we could consider the author, who isn't identified by name or email address, but by a link to a freshly registered domain that's just over two weeks old:
Registrant: Digital Media Ventures LLC 701 First Ave Sunnyvale, CA 94089 US
Domain name: PLASMA-HDTV-PRICES.COM
Administrative Contact: Alexander Moskalyuk, - alex@moskalyuk.com 701 First Ave Sunnyvale, CA 94089 US 4083492977 Fax: 4083492977
Technical Contact: Alexander Moskalyuk, - alex@moskalyuk.com 701 First Ave Sunnyvale, CA 94089 US 4083492977 Fax: 4083492977
Record last updated on 19-May-2006. Record expires on 13-May-2007. Record created on 13-May-2006.
Domain servers in listed order: NS1.DREAMHOST.COM 66.33.206.206 NS2.DREAMHOST.COM 66.201.54.66
View the "page info" and take a look at the links, this seems to be nothing more than an article by a shill who is getting paid to promote products and/or do market research on people who read Slashdot.
Maybe we should make this even worse. Programs could easily be designed to randomly visit hundreds of websites, and put hundreds of random search terms in every search engine imaginable.
This is actually a pretty good description of how WWW spiders for Google and Yahoo work now, especially when they start crawling sites containing snippets of original content surrounded by ads and keywords, or when other robots performing click-fraud start going. If you don't have a/robots.txt, you can easily get tens of thousands of hits from aggresive robot scans.
And if you leave an open proxy running on port 8080 or 3128, you'll be amazed at just how rapidly automated tools start abusing it. Heck, you don't even have to give back real content, plenty of robots will get stuck by a honeynet daemon which only understands enough of HTTP to say "200" back.:-)
[ If you honeynet SMTP, be sure to answer 450, or else you may regret it... ]
Every human being wants to assault and rape children at some point in their life.
Um, no. It's unfortunate that you think this is so, and it's worse than unfortunate that what you've said is true of some people, but it's not true of everyone.
Even mandating this sort of data retention by law isn't going to result in it happening, even if the FBI & DHS won't accept the ISPs saying "no" to this "request".
The requirements for complete data retention for a standard broadband service like a T1, DSL, or cable link are on the order of several hundred GB per month, or more than a terabyte per year. Even just forcing the use of a reverse web proxy and keeping the logs from that and your SMTP/POP/IMAP logs are going to run several GB per year, per person. A site doing ~1 million hits a day fills up a 40GB log partition in about a week, or 15TB per year.
It doesn't matter how much space you've got, or even how rediculuously cheap hard drives are today, people can and will fill it up. Every service that generates significant amounts of logging uses logfile rotation to avoid filling up your finite online storage. However, if you take regular enough backups, and keep all of the backup tapes rather than reusing them in next weeks or months rotation, you can archive all of your log data in a near-offline fashion.
Still, do you have any idea of the actual percentage of companies or datacenters that manage to take full, complete, tested-restorable backups for a multiyear period? Let's put it this way: even the White House can't manage to backup all of their access records and emails reliably.
That's easily done: RAID-5 is best suited for read-only or read-mostly volumes, whereas RAID-10 is better for situations where writing happens more often than rarely. In particular, RAID-5 does very poorly in the face of lots of small writes.
With a mail storage volume, you're going to see a lot of writes as well as a lot of reads, so RAID-10 is going to handle that a lot better.
Having a split between server, develop, media center and personal operating systems is stupid. [... ] Making splits for usage simply encourages arbitary boundaries.
"stupid" isn't quite the right word, and the boundaries of, say Windows Vista weren't chosen arbitrarily by any means, but I strongly agree with your sentiment.:-)
It's called "product differentiation", and is being used to create a larger market for what should be a single general-purpose OS in order to sell more copies, just as DVD region encoding does. As a general rule, that approach is never taken for reasons which actually benefit the purchaser and owner of the product being sold.
Pay attention to the price differential between the low-end "home" or "personal" edition and "Vista Ultimate", for a simple example. (Anyone whose has to deal with/purchase Windows Datacenter flavors in order to do clustered SQLServer knows that the OS-limitations and pricing games can get much more byzantine.)
The REALLY nifty thing about UNIX is the userland.
OK, most people are interested in running programs, which is what the userland is. I'm with you this far.
However, note that the userland depends on a having something like a POSIX-compliant libc interface available, but does not depend on having a UNIX kernel underneath-- think about Cygwin on Windows, for example. Well, Cygwin is a fine thing, but I wouldn't confuse the underlying Windows platform with a real UNIX kernel.
And that's the thing that makes Linux distinctive from other UNIX or UNIX-like systems-- its kernel. Although the Linux kernel obviously was designed to be compatible with prior AT&T/Bell Labs/BSD kernels and considered from a broad outline is not unique or creative, a lot of the finer-grained details of what is in Linux today are the result of creative work and decisions.
UNIX vendors also basically stopped workstation development (X11, Motif, CDE etc) in the early 90s when NT showed up, giving up the desktop without much of a fight.
Except for Apple, of course. Remember that Apple actually had A/UX before they bought NeXT, although the version of the operating system used today obviously owes more to NEXTSTEP.
Interestingly enough, the flavor Unix which Apple went with owes nothing to X11 or CDE/KDE.
You're right, but knowing what someone's public key is isn't enough to get you their private key. (Part of the defense against MitM is from having RSA or DSA keypairs with a public and private key; it's very hard to decrypt the key exchange if you don't have the private key as well.)
Now, if neither legitimate party to the communication knows what the other's public key is, then the attacker can offer their own keypair without one side knowing, but even that can be detected if a public key registry or CA-like mechanism is in place...this is what the PGP keyservers and CA's who verify keypairs are for.
"Man in the middle" attacks are generally mitigated against by using a large initial key (such as the host key used by SSH, or the x.509 cert used by SSL) to guard an exchange of a smaller temporary session key as a shared secret, which is time-sensitive and is regenerated periodicly. You'd have to break the 1024-bit key or whatnot very rapidly, in the matter of a few hours, or else you'd be too late to do a replay or MitM attack.
This has a reasonable set of diagrams which describe the process:
Slashdot Mirror
Ideally, you'd return a 5xx failure for things which violate your policies rather than accepting the message and then having responsibility for bouncing it during subsequent processing. However, the ability to scan for stuff and reject it during the SMTP transaction can be limited and varies from MTA to MTA.
:-)
Greylisting helps a lot, as does plain-old header-based content-type filtering [1] or attachment filename extension filtering [2], since these can generally be done within the tranaction before giving a 250 accept, 4xx temp failure, or 5xx permanent rejection. Bayesian filtering and virus-scanning software can take a while to finish processing a big message, depending on the sizes you permit through, archive compression ratio, and the workload of the mailserver, so these tend to be done afterwards or asyncronously with the SMTP transaction.
Note that the ESMTP protocol actually has some support for some of the keywords you've suggested:
`awk "s/ONLY-UTF-8/8BITMIME" $PARENT`.
It might not be a bad thought to have some sort of shorthand for indicating that virus-scanning is being done (although one already can use Received or X-Virus-Scanned headers inline with the message itself for that purpose) or to communicate policy decisions similar to the W3C P3P stuff (http://www.w3.org/P3P/).
[1]: For example, reject email containing a "Content-type: text/html" header.
[2]: Ie, reject attachments like ".exe" or ".scr"...
Providing a warning that this is a restricted system with an acceptable usage policy and that unauthorized accesss is forbidden [1], and that access is being monitored and/or logged makes prosecution much easier, because the burden of proof lies with the defendant to prove their conduct was not willful rather than vice versa. In fact, there are some places-- apparently the UK and some other EU countries-- where it is illegal to monitor even unauthorized user access without providing notification.
Basicly, it has the same affect as the login banners that some OSes and Cisco routers in particular provide for telnet and SSH access, which is discussed in more detail on the Cisco site and whitepapers at SANS and other organizations:
[1]: For the case of email, the short form is the phrase "no UCE", the long form is a posted AUP that your users or customers have signed and that is posted on your website, fileserver, etc. In the case of problems, having a documented policy that predates the particular incident gives you a lot more leverage.
Having an MX record published in the DNS and having a machine listening on port 25 for SMTP does not mean that the owner of that system doesn't have the right to control the usage of that machine. I put a "no UCE" comment in my SMTP banners and make reference to an acceptable-use policy.
The problem isn't that this isn't legally enforcable-- it is-- but that the amount of time and effort required to gain a judgement against an individual spammer is generally prohibitive, so I've gotten a lot more mileage from greylisting and from amavisd+ClamAV+SpamAssassin, but the "no UCE" banner has proved useful from time to time.
By this I mean, I tend to report the spam which gets through to the netblock owner or ISP, the registrar, AND the WHOIS points-of-contact, I've actually had several spammers try to argue that their mail was legitimate in order to avoid having their accounts shut down, but when I pointed out the SMTP banner, I've actually had the registrar or ISP dump the spammer as a client.
[ And no, this doesn't happen that often, perhaps 1 out of 10 or 20 spam reports, but it's still enough to be worthwhile. Network Solutions and GoDaddy seem to be the most responsive, whereas the Joker D/B/A? registrar and most of the Asian registrars seem to not care. ]
There are other tricks, such as listing a few spamtrap email addresses on your website, or perhaps using wpoison.pl or similar tools to try to poison the spam-databases that spammers create by scraping websites for email addrs...
I'm pretty sure the most common reason people kill each other (or themselves, or a combination) is somebody drunk being behind the wheel of a car.
...but I'm interpolating from other sources as well. Cheerful subject...
If you want to talk about murder instead of "accidental" causes, something like 40% of murders are due to arguments, often between family members or relatives or friends, murders commissioned in relation with another felony crime (theft, rape, etc) are about 25% of the total, and murders related to narcotics being around 8%. Lots of data here:
http://www.benbest.com/lifeext/murder.html
Don't get me wrong, I support the police because the job they do is too important to get wrong, and I've donated off and on to my local state police benevolent fund, but the job of a cop is to enforce the law, not harass people because you don't like their "attitude". What you've just described probably qualifies as "misprision of office", and you should resign rather than abuse the authority granted to police.
Having no police at all is better than having corrupt police running a police state.
At least with "HAMDAN v. RUMSFELD", the US is moving further from that, rather than closer.
Basicly, yeah. People use "FOSS" to refer to the combination of software which is "Free" per the FSF/GNU crowd, and "Open Source" per the OSI definition. Pretty much, "free" software is a proper subset of Open Source Software...
You mean, something like ClamAV, http://www.clamav.net/...? Works just fine on both Solaris and Linux, although the vast majority of malware it detects is for the Windows platform (of course).
Toss a bag of silica dessicant that most computer equipment (especially hard drives) already is packed with...
There are the facts and there are opinions.
..." and then try to perseude you to agree with their opinions.
What most people call "the truth" is actually a combination of both.
Anything that depends upon your perspective, or varies from person to person, is almost certainly a matter of opinion rather than a matter of fact. Which is appropriate, or ironic, depending on whether you find it funny how often people say, "As a matter of fact,
A really cheap surge suppressor basicly only has a filter capacitor to smooth surges, but almost any decent surge suppressor uses "metal oxide varistors" as well, which are designed to absorb small surges OK (they emit the energy as heat), or else melt down under a high-energy surge in order to break the circuit before more expensive components die.
Basicly, MOVs are pretty similar to fuses in many ways, only they are more expensive, tolerate minor overvoltages/surges better, and blow under a high-power event faster than a fuse does. Well-designed equipment often has MOVs integrated into the power supply...
No. Section 4.5.1 of RFC-2821 mandates that email addressed TO or must be delivered to a local mailbox. You are expected to accept such mail FROM any other system on the Internet, but:
" In extreme cases-- such as to contain a denial of service attack or
other breach of security-- an SMTP server may block mail directed to
Postmaster. However, such arrangements SHOULD be narrowly tailored
so as to avoid blocking messages which are not part of such attacks."
A machine which is not part of your domain which attempts to impersonate itself as being in your domain usually is trying to breach your security. They do this in an attempt to be treated as an internal machine which is always permitted to relay mail.
Normally you would configure the MTA to permit SMTP relaying if the user authenticates via AUTH LOGIN, in which case the legitimate users from your compnay can use the domain name from outside just fine, without needing to use a VPN tunnel.
Dear AC--
/var/log/httpd-access.log | tail -5 /~chuck/ HTTP/1.1" 200 47472 34&threshold=-1" "Mozilla/5.0 ...other hits snipped... ]
You posted this maliciously false comment at 5:30PM, which corresponds very well with:
33# grep slashdot.org
216.145.49.15 - - [03/Jun/2006:17:24:13 -0400] "GET
"http://slashdot.org/article.pl?sid=06/06/03/0419
(Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
[
34-ns1# whois 216.145.49.15
OrgName: Yahoo! Inc.
OrgID: YAHOOI-2
Address: 701 First Avenue
City: Sunnyvale
StateProv: CA
PostalCode: 94089
Country: US
NetRange: 216.145.48.0 - 216.145.63.255
CIDR: 216.145.48.0/20
NetName: YAHOO-NET-1
NetHandle: NET-216-145-48-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.YAHOO.COM
NameServer: NS2.YAHOO.COM
NameServer: NS3.YAHOO.COM
NameServer: NS4.YAHOO.COM
NameServer: NS5.YAHOO.COM
Comment:
RegDate: 2000-08-09
Updated: 2005-08-23
RAbuseHandle: NETWO857-ARIN
RAbuseName: Network Abuse
RAbusePhone: +1-408-349-3300
RAbuseEmail: network-abuse@cc.yahoo-inc.com
RTechHandle: NA258-ARIN
RTechName: Netblock Admin
RTechPhone: +1-408-349-3300
RTechEmail: netblockadmin@yahoo-inc.com
OrgTechHandle: NA258-ARIN
OrgTechName: Netblock Admin
OrgTechPhone: +1-408-349-3300
OrgTechEmail: netblockadmin@yahoo-inc.com
# ARIN WHOIS database, last updated 2006-06-03 19:10
Now, isn't that special? Is it Yahoo!'s policy that you were following when you claimed I was on the
These last three remarks are why Anonymous Coward is sometimes still worth reading, thank you all, and good job spotting the connection to Yahoo! corporate address.
:-)
I just bounced mail off to abuse@yahoo.com, showing the WHOIS info and asking whether the domain registration is legitimate or fraudulent-- who knows, perhaps it is legit (?!!!), but I CC:ed fraud@ftc.gov just to make sure that they pay attention.
This is obviously untrue-- there are zero ads on Wikipedia, which seems to be where ask.com has lifted much of the content only to wrap it in paid-for-placement ad banners. Do a search on ask.com and you'll get the top-3 sponsored paid ad links first, then the top-ten actual search results, and then another 5 sponsored paid ad links. By my count, about forty percent of the links ask.com shows you when you search are ad links.
Next, we could consider the author, who isn't identified by name or email address, but by a link to a freshly registered domain that's just over two weeks old:
View the "page info" and take a look at the links, this seems to be nothing more than an article by a shill who is getting paid to promote products and/or do market research on people who read Slashdot.
This is actually a pretty good description of how WWW spiders for Google and Yahoo work now, especially when they start crawling sites containing snippets of original content surrounded by ads and keywords, or when other robots performing click-fraud start going. If you don't have a /robots.txt, you can easily get tens of thousands of hits from aggresive robot scans.
And if you leave an open proxy running on port 8080 or 3128, you'll be amazed at just how rapidly automated tools start abusing it. Heck, you don't even have to give back real content, plenty of robots will get stuck by a honeynet daemon which only understands enough of HTTP to say "200" back. :-)
[ If you honeynet SMTP, be sure to answer 450, or else you may regret it... ]
Sarcasm is best used as a seasoning for humor, rather than as the primary ingredient.
And some topics aren't humorous no matter how they are presented: child abuse should be something that we don't need to joke about, hmm...?
Um, no. It's unfortunate that you think this is so, and it's worse than unfortunate that what you've said is true of some people, but it's not true of everyone.
Even mandating this sort of data retention by law isn't going to result in it happening, even if the FBI & DHS won't accept the ISPs saying "no" to this "request".
The requirements for complete data retention for a standard broadband service like a T1, DSL, or cable link are on the order of several hundred GB per month, or more than a terabyte per year. Even just forcing the use of a reverse web proxy and keeping the logs from that and your SMTP/POP/IMAP logs are going to run several GB per year, per person. A site doing ~1 million hits a day fills up a 40GB log partition in about a week, or 15TB per year.
It doesn't matter how much space you've got, or even how rediculuously cheap hard drives are today, people can and will fill it up. Every service that generates significant amounts of logging uses logfile rotation to avoid filling up your finite online storage. However, if you take regular enough backups, and keep all of the backup tapes rather than reusing them in next weeks or months rotation, you can archive all of your log data in a near-offline fashion.
Still, do you have any idea of the actual percentage of companies or datacenters that manage to take full, complete, tested-restorable backups for a multiyear period? Let's put it this way: even the White House can't manage to backup all of their access records and emails reliably.
That's easily done: RAID-5 is best suited for read-only or read-mostly volumes, whereas RAID-10 is better for situations where writing happens more often than rarely. In particular, RAID-5 does very poorly in the face of lots of small writes.
With a mail storage volume, you're going to see a lot of writes as well as a lot of reads, so RAID-10 is going to handle that a lot better.
Making splits for usage simply encourages arbitary boundaries.
"stupid" isn't quite the right word, and the boundaries of, say Windows Vista weren't chosen arbitrarily by any means, but I strongly agree with your sentiment. :-)
It's called "product differentiation", and is being used to create a larger market for what should be a single general-purpose OS in order to sell more copies, just as DVD region encoding does. As a general rule, that approach is never taken for reasons which actually benefit the purchaser and owner of the product being sold.
Pay attention to the price differential between the low-end "home" or "personal" edition and "Vista Ultimate", for a simple example. (Anyone whose has to deal with/purchase Windows Datacenter flavors in order to do clustered SQLServer knows that the OS-limitations and pricing games can get much more byzantine.)
OK, most people are interested in running programs, which is what the userland is. I'm with you this far.
However, note that the userland depends on a having something like a POSIX-compliant libc interface available, but does not depend on having a UNIX kernel underneath-- think about Cygwin on Windows, for example. Well, Cygwin is a fine thing, but I wouldn't confuse the underlying Windows platform with a real UNIX kernel.
And that's the thing that makes Linux distinctive from other UNIX or UNIX-like systems-- its kernel. Although the Linux kernel obviously was designed to be compatible with prior AT&T/Bell Labs/BSD kernels and considered from a broad outline is not unique or creative, a lot of the finer-grained details of what is in Linux today are the result of creative work and decisions.
Except for Apple, of course. Remember that Apple actually had A/UX before they bought NeXT, although the version of the operating system used today obviously owes more to NEXTSTEP.
Interestingly enough, the flavor Unix which Apple went with owes nothing to X11 or CDE/KDE.
You're right, but knowing what someone's public key is isn't enough to get you their private key. (Part of the defense against MitM is from having RSA or DSA keypairs with a public and private key; it's very hard to decrypt the key exchange if you don't have the private key as well.)
Now, if neither legitimate party to the communication knows what the other's public key is, then the attacker can offer their own keypair without one side knowing, but even that can be detected if a public key registry or CA-like mechanism is in place...this is what the PGP keyservers and CA's who verify keypairs are for.
"Man in the middle" attacks are generally mitigated against by using a large initial key (such as the host key used by SSH, or the x.509 cert used by SSL) to guard an exchange of a smaller temporary session key as a shared secret, which is time-sensitive and is regenerated periodicly. You'd have to break the 1024-bit key or whatnot very rapidly, in the matter of a few hours, or else you'd be too late to do a replay or MitM attack.
. htm
This has a reasonable set of diagrams which describe the process:
http://www.netip.com/articles/keith/diffie-helman
It helps to have a registry or Certifying Authority available which has a list of published public keys...