I've seen a couple of projects on freshmeat that do this. Basically, a daemon sits around and watches files and if they change, they do something about it. This could be anything from logging to sounding an alarm to replacing the content.
Depends on how 'good' (smart, thorough, cautious) the hacker is. There are rootkits with features specifically written to work around the various 'checksum' mechanisms.
I think a recent website hack occurred at USA Today... such a scheme could have caught the hack within minutes and even have replaced the forged content with whatever was supposed to be there.
This too can be worked around. For example, I might watch the logs (or add my own logging) for an obvious pattern of recurring requests from the same source address/network for the same files. I might install my own replacement HTTPd (Or just add 'Handlers' to Apache's configuration) to serve up the 'normal' page for these requests, but serve up the 'U B 0WN3D' page at random intervals to requests from customers.
In a lot of cases, tests could be done
from the outside as well (web content specifically). That machine, though physically connected, would simply shut off its
interfaces and block everything unless it was doing its work.
Better yet, you have a tightly-secured machine one hop away on the outside of the web server, with sufficient control over the network to spoof HTTP requests from a random source IP at randomized time intervals. If a hack is detected, this guardian server has the ability to connect to the switch and shutdown the ethernet interface(s) to the affected server.
Of course, now this Guardian is itself a great target for hackers... Plus I think this technique is already patented:-)
I hope this doesn't descend into a US freedoms versus someone elses freedoms because there is no universal set of freedoms humans need (other than things like food, shelter, air, etc).
The UN list includes basic freedoms of life, liberty, freedom of movement, legal recourse and equality before the law. They also include a number of freedoms that justify cryptography and the right to not be forced to reveal your keys:
the right to presumption of innocence til proven guilty
the right to appeal a conviction
the right to be recognized as a person before the law
This doesn't specifically include crypto, but it can be argued that privacy and freedom of thought and conscience include freedom to not be compelled to expose private data.
Basically you can limit anything people can do without forever. But that goes against what freedom stands for. In the end countries have to make choices. And I doubt that any one (say France's versus the US versus Japan) are better than any other.
There's a huge difference between the concept of'unlimited freedom, without restriction' and the concept of 'governments can do whatever they like to their subjects'.
More pragmatically, allowing people near-unlimited personal freedom to try and fail clearly is a successful model. If my actions do no material harm to others, why restrict my freedom?
I picked up a couple of similar chairs from "Sam's Club" a few years back, for less than half the ($97.00!) price listed on that site. Haven't seen them there since.
It seems that "Video Rocker" is the generic name for this class of chair.
These chairs are great for video gaming, but not so great for drunk people, unless you find "I've fallen and I can't get up" gut-wrenchingly funny.
Excuse me, aren't the US crypto regulations cause for Canadian-based OpenBSD, trouble with PGP, 128-bit-SSL, and more?
I know of no restrictions inside the USA on the development, importation, sale, or use of encryption.
The issues that OpenBSD works around by being based in Canada are solely related to the restrictions (since relaxed) the USA had on the export of encryption. The PGP issue was related to US patents on certain algorithms.
Did you *actually* call the US 'one of the few bastions of unregulated encryption'...? Oh come on..
In the USA, us Americans are unrestricted in our use of crypto, except that we run afoul of munitions export laws if we share our crypto routines with foreigners, including foreign nationals in the US.
So yes, we are 'a bastion of unregulated encryption', but like any nation, we don't like our citizens providing weapons to enemies of the state. No contradiction there.
The fact is that these Construction Set games were never wildly popular. With a lot of effort, you could create a game that still didn't quite measure up to commercial versions.
Some of these products (video game construction set) tried to do too much in one program, and failed miserably.
Simpler games that included a powerful "level editor" to create and save your own levels and share them with other users were generally better than the more general purpose "construction set" apps.
In many cases, large consulting firms (KPMG, various SAP groups, etc) are brought in at vastly inflated lates to run a project, in part because they can serve as a scapegoat when the project comes in late and overbudget or fails in a spectacular fashion.
This is a basically an insurance policy for upper management. Rather than firing the entire management team, one or two token IS directors are kicked free with a golden parachute, and the rest of the blame is directed at the outside contractors.
The board and the shareholders see the huge damages in the lawsuit against the contractors, and this sleight of hand is enough to direct their ire away from the real culprits in upper management.
The Xbox presents an interesting opportunity for a game that offers a 'level construction' editor.
The controllers (USB devices) have a memory card slot that can take an 8Mb card. That should be plenty of storage to hold one or two user-created levels (depending on textures, etc).
The solution here is to develop anonymous file-sharing techniques.
There are pseudonymous chat and filesharing systems where all transfers go through a central server which masks the end-users IP addresses from one another. In this case, your anonymity is only as good as the strength of conviction of the service operator, and his lawyer's ability to avoid a conviction (for contempt of court, after he refuses to turn over any records).
Things where your IP address is masked, for instance. I believe
he mentioned a program called "Flyster" which provides downloaders with anonymosity.
The MSNBC story refers to going after the people offering to SEND you the file, not the people who have downloaded it. Masking the true source IP of the sender is not trivial, as any legitimate ISP will have implemented packet filters to prevent IP spoofing.
To quote the article "
Called "Flyster," the program will allow downloading in complete anonymity, according to developer Louis-Eric Simard. However, those who host files for download could still be traced, he said"
Also, lets get real here. This is a scare tactic which only works if you get scared. The MPAA/RIAA have neither the time nor
desire (nor even the money) to actually litigate each one of these 50,000 cases out.
No, they only need to litigate in the cases where the takedown notice isn't sufficient to cause the offender to cave and pull the content.
To quote the MSNBC story "...the music industry has been behind several high-profile arrests of individuals involved in the online music trade. And just last week, The Wall Street Journal reported the industry is planning to step up such individual prosecutions."
Another solution is to get on a broad-band connection with a dynamic IP; thus, IP numbers can't be traced back to a
specific user.
Wrong. Given an IP number and a timestamp, the ISP can check their RADIUS or DHCP logs and determine who was assigned that IP at that time. Dynamic IP does make it tougher for a random attacker to come after you, but it gives you very little insulation from lawyers who subpeona your ISP for their records.
However, this raises its own problems as dynamics IP's take away users rights. You can't log into your own computer from remote w/ a dynamic IP; can't host a web page; etc etc.
These 'rights' you speak of, where were you granted them? If your contract with your ISP says you cannot host servers, you do not have that right. Your desires are not rights, they are wants. If you want to run a server, have a static IP address, ask your ISP how much more you must pay them to be granted these priviledges.
If you use automation properly, and technologies like ssh and VPN, etc., you don't -need- a 'command center', no matter the size of your organization.
If there is a real network 'incident' in progress, you may not be able to reach the systems via SSH. Internet connectivity (and thus VPN) may be under attack, or disabled to address security concerns.
Perhaps many (most) enterprises do not need a full-bore NOC, but a good "situation room" with full system access and room for at least a half dozen people makes a lot of sense.
For example, an 8K sq. ft. datacenter might have two such rooms:
a 10x12 NOC-like room, just outside the machine room, where the technical operations folk to have their workstations, along with a couple of big network overview displays, good for impressing visitors. Also, you have to pass through the outer room to get to the datacenter, so the techops guys can keep an eye on what's going on.
A 8x16 "console room", where the real admins can get full serial (and KVM, for the windows machines) console access to all of the systems. Both console systems are independent of the primary LAN.
Server rooms, network rooms/closets/PoPs, are absolutely necessary, and should be designed properly, w/racks/raised floor/UPS/etc. 'Command centers' aren't necessary at all, except for stroking one's ego.
That's not to say they aren't -cool-, but they're really passe.
I disagree. If you intend to run a 'lights out' datacenter, it is advantageous to have a small command center to house your technical operations staff, so they don't have to sit in the dark.
All the better if there is enough room and spare terminals to get a team together to address a problem, with at least one big display so all the bigwigs can crowd around the one guy who knows what commands to type.
Have a
CORDLESS phone on the wall of the computer room. You never know when you will needed to call someone from inside the machine room (for help) and running all the way back to your cubicle/control room just doesn't cut it.
This is good advice... but I suggest one minor change:
Have a
secure cordless phone on the wall of the computer room.
There's nothing more satisfying than picking up a casette tape from your little scanner+recorder (situated just outside the target's property line) after a maintenance weekend and end up with the root and enable passwords for all of their critical systems.
There are various degrees of 'security', from true frequency hopping spread spectrum through actual voice scramblers.
As for energy, consider 0.5*m*V^2. Given about 3 to 5kJ and about 2g of mass, you figure it out. It will be lucky to get 1% efficiency, but still. If it works well, I might have to look into firearms licensing. Big deal.
If you live in the UK, yeah, you'll need a license. IIRC, Their regulations are based on the energy of the projectile.
If you live in the USA, then read up on exactly what BATF does and does not regulate. You are in the clear, unless your local community has their own restricitons.
On a related note, it's worth your while to physically separate the 'NOC' from the 'DataCenter'. Put up a solid wall, and locking doors with good access control (keycard, etc). Discourage people from going into the datacenter to perform trivial tasks that do not really require physical access.
This also helps keep the cold air in the datacenter where it belongs, rather than causing hypothermia for the poor network operations people.
Most of my servers run 'headless', with serial ports connected to a terminal server. I have a single console server that handles all of the serial connections from the individual systems' serial console.
All of the routers, switches, UPS systems and other 'infrastructure' is on an identical setup, with extra security and logging.
In this design, I have one desktop system (FreeBSD) and screen (18" LCD) for each operator station, plus two large screen displays that show the current network status (one map, one showing alerts and status messages from the monitoring software).
The remote serial consoles are accessible via SSH (and strong authentication) from anywhere in the local network, so sysadmins and network admins can perform their duties without having to physical visit the data center.
By using the free 'screen' software to handle the serial port connections, we get a disk log of console activity, a scrollback buffer, and the ability to 'kibbutz', have two users share access to a single console, even though one might be in the NOC and the other user at home connected via VPN.
This design scales up well, I can get ~100 consoles on two PII/300 machines (retired PC desktops running OpenBSD), and adding additional hosts is as simple as buying another terminal server.
A notice of the settlement was sent --
by fax -- to the 33,000 numbers turned over by the company that did the faxing for the dealership. That company, American Blast Fax of Dallas, is out of business, he said.
Any suggestions as to a breed of cat which will grow to be big (not simply fat) and are known to have a friendly temperment? No need to be good with small children or strangers.
I'd consider a Ragdoll or Maine Coon, but I would prefer a cat with short, dark hair, as most of my clothes and carpeting are various shades of black, and I'd like them to stay that way.
A Servicat is half African Serval (like a mini-leopard) and half Bengal (a standard housecat, but is at least some part Asian Leopard). They are legal in most states because they are only considered 50% exotic.
I cannot find any references to a mix of Serval and Bengal? Can you post a link?
I can provide some information on the Bengal...
The Bengal is bred from the small wild "Asian Leopard Cat", not a leopard but Felis bengalensis, a small (up to 18 pounds) wild cat found in southern/eastern Asia, the Phillipines, and Indonesia. A full-blood ALC is very shy. The Bengal is a cross-breed with domestic cats, and acts pretty much like any other cat, except they like water and will cost you around $700 for a "pet quality" Bengal kitten.
A badly-bred Bengal will be shy, like her wild great-great grandmother.
Minuses: Not very interested in people. Often fearful. All Guinea pigs urinate a lot (no real bladder control). I've never seen one successfully trained to reliably avoid pissing on his/her owner.
Without lots of fresh vegetables, particularly a good supply of vitamin C, the guinea pig has a abbreviated lifespan.
Overall, I'd say a guinea pig is basically little more than a huge hamster -- easy to care for, but not all that interesting. They make a great pet for a kid, but aren't particulary geeky.
Back when most fax machines used rolls of thermal paper, I would send spammers a 'pre shredded' fax. This sounds like something the US Military would invent, but it really does work.
Copy their original spam message into WordPerfect (I said this was many years ago), set the page length to 1/8 inch, and hold down the "Page break" (Ctrl-Enter?) to ensure that each line of the message was on a seperate tiny page.
Save and send via faxmodem...
Buzz, Click! CHOP!
Buzz, Click! CHOP!
(repeat x 200 lines of spam).
Voila, pre-shredded fax. Also handy when you need some confetti in a hurry.
A major dutch newspaper (I'm dutch) once sent several tens of thousand e-mails through a known spammer advertising
subscriptions. They received more than 10 thousand complaint e-mails, a few people canceled the subscription they already had
and all public e-mail adresses they had were subscribed to so much e-mail/spam lists by disgruntled recipients of their spam that
their internal e-mail system got overloaded several times during the following month.
That is interesting news.
Do you have a cite for this (In english?). I'd like to send details (names, dates, contact info) to certain people I know who are contemplating sending such 'opt in mailings'.
ndeed this sounds like a noble and fair approach, but it's much more of an ideal-typical fantasy; one of the big problem of the
so-called "opt-in" lists is that once you are on one, you can never get off; largely because the "companies" (read: spammers) that
gather these addresses, sell them to others. This is why they do it in the first place.
My solution
Get your own domain 'sugrshack.org', and set up an MX record for 'lists.sugrshack.org' pointing to some static-IP Unix-like machine where you can set up a virtual SMTP domain (e.g. Qmail).
When you visit ZDNet and subscribe to their mailing list, you subscribe as 'zdnet@lists.sugrshack.org'. When a mailing list starts selling your address and refusing to honor unsubscribe requests, you simply stop accepting email for the one address 'zdnet@lists.sugrshack.org', and the problem is solved.
There are a few complications to this approach. The biggest hassle I have is that I do need to post to several lists that restrict posting to 'members only', which means I need to adjust the 'From' address on outgoing messages to reflect the address with which I subscribed.
I don't have to worry about forgetting what address I used when subscribing, as Qmail will included a 'Delivered-To:' header for each message received to a virtualhost/alias.
Another drawback is that I get even more spam than before (identical spam runs addressed to each of many aliases). However, spam sent to 'expired' aliases is easily filtered out and discarded.
Software exists to send email spam through a bug in popular web form software.
There is also software out that makes it trivial to "spam" a web form, that is, to constantly call the CGI with random input, flooding the message store with bogus data.
My answer to spam?
Use GPG, and only email encrypted with your public key. If someday you start getting encrypted spam (never happened yet, encryption takes CPU resources), there is a more draconing step-
Only accept mail that is crytographically 'signed' by people in your personal keyring, or from somebody who has had their public key signed by somebody in your keyring.
This restricts incoming email to 'friends', and 'friends of friends'. It is spam-proof.
It also ensures that your Aunt Millie in Oklahoma who only uses WebTV will never be able to send you another email. This could be a good thing, depending on how annoying Millie is.
Great idea. Alert the user that he/she will be logged as having accessed site "x", and that he/she may be asked to explain or justifie visiting that site.
But don't block any sites.
I agree. It is a great idea...
SmartFilter has had exactly that feature (They call it "coached" or "coaching") since at least 1997.
That one feature is the only reason I am even considering recommending the SmartFilter product at all. I've been testing it for the past week or so, and (aside from panic'ing the Solaris server I installed the software on!) it works pretty well:-)
...(squid is a better solution than ANY commercial filter/proxy on the planet. oh and it happens to be FREE!)
You are claiming that PC+Linux+Squid is a better caching proxy than the Network Appliance "NetCache" for my multi-thousands of users corporate enterprise deployment?
As it happens, I am using Squid... with the SmartFilter plugin. This took a bit longer to install than Squid by itself, and is considerably more expensive ($4K/year for a 100 user license).
the porn filters that are freely available work just fine.. if they want to add other "naughty" sites, it takes exactly 30 seconds to add it to a flat-text file... even a MSCE coud do it.
Okay, where do I go for a list of porn sites?
Now then, where do I download equivalent lists to the couple of dozen additional categories that SmartFilter offers? Games? Drugs? Sports? Mp3? Chat? Investing? Dating? Webmail? Anonymizer? Politics/Religion? Cults/Occult? etc, etc.
paying for any type of filtering system is pure stupidity and would only be reccomended by incompetent sysadmins/netadmins.
Paying a subscription for updated filter information is not stupid if (and only if) you can trust the commercial entity that is maintaining the list to do a good job and not let any of their bias (religious, political, etc) show in how they rate sites.
I wish I could make it my job to surf for new Mp3 and porn serving web sites to add the URLs to a corporate filter list, but the reality is, paying $4K+ per year to subscribe to a list of sites/categories is cheaper and more effective than paying me to do the same job by hand (pun intended).
Slashdot Mirror
Many old school coders still feel that the only way to debug source code is with a blue bic pen on greenbar.
Of course, now this Guardian is itself a great target for hackers... Plus I think this technique is already patented :-)
The UN list includes basic freedoms of life, liberty, freedom of movement, legal recourse and equality before the law. They also include a number of freedoms that justify cryptography and the right to not be forced to reveal your keys:
This doesn't specifically include crypto, but it can be argued that privacy and freedom of thought and conscience include freedom to not be compelled to expose private data. There's a huge difference between the concept of'unlimited freedom, without restriction' and the concept of 'governments can do whatever they like to their subjects'.More pragmatically, allowing people near-unlimited personal freedom to try and fail clearly is a successful model. If my actions do no material harm to others, why restrict my freedom?
It seems that "Video Rocker" is the generic name for this class of chair.
These chairs are great for video gaming, but not so great for drunk people, unless you find "I've fallen and I can't get up" gut-wrenchingly funny.
The issues that OpenBSD works around by being based in Canada are solely related to the restrictions (since relaxed) the USA had on the export of encryption. The PGP issue was related to US patents on certain algorithms.
In the USA, us Americans are unrestricted in our use of crypto, except that we run afoul of munitions export laws if we share our crypto routines with foreigners, including foreign nationals in the US.So yes, we are 'a bastion of unregulated encryption', but like any nation, we don't like our citizens providing weapons to enemies of the state. No contradiction there.
Simpler games that included a powerful "level editor" to create and save your own levels and share them with other users were generally better than the more general purpose "construction set" apps.
Anybody else here remember the original C=64 "Racing Destruction Set. Apparently, there is work on a PC remake.
In many cases, large consulting firms (KPMG, various SAP groups, etc) are brought in at vastly inflated lates to run a project, in part because they can serve as a scapegoat when the project comes in late and overbudget or fails in a spectacular fashion.
This is a basically an insurance policy for upper management. Rather than firing the entire management team, one or two token IS directors are kicked free with a golden parachute, and the rest of the blame is directed at the outside contractors.
The board and the shareholders see the huge damages in the lawsuit against the contractors, and this sleight of hand is enough to direct their ire away from the real culprits in upper management.
The controllers (USB devices) have a memory card slot that can take an 8Mb card. That should be plenty of storage to hold one or two user-created levels (depending on textures, etc).
To quote the article " Called "Flyster," the program will allow downloading in complete anonymity, according to developer Louis-Eric Simard. However, those who host files for download could still be traced, he said"
No, they only need to litigate in the cases where the takedown notice isn't sufficient to cause the offender to cave and pull the content. To quote the MSNBC story "...the music industry has been behind several high-profile arrests of individuals involved in the online music trade. And just last week, The Wall Street Journal reported the industry is planning to step up such individual prosecutions." Wrong. Given an IP number and a timestamp, the ISP can check their RADIUS or DHCP logs and determine who was assigned that IP at that time. Dynamic IP does make it tougher for a random attacker to come after you, but it gives you very little insulation from lawyers who subpeona your ISP for their records. These 'rights' you speak of, where were you granted them? If your contract with your ISP says you cannot host servers, you do not have that right. Your desires are not rights, they are wants. If you want to run a server, have a static IP address, ask your ISP how much more you must pay them to be granted these priviledges.That should be enough for the ISP to track down who was assigned that IP at that moment in time, and correctly go after Tommy Warez kiddie.
Perhaps many (most) enterprises do not need a full-bore NOC, but a good "situation room" with full system access and room for at least a half dozen people makes a lot of sense.
For example, an 8K sq. ft. datacenter might have two such rooms:
All the better if there is enough room and spare terminals to get a team together to address a problem, with at least one big display so all the bigwigs can crowd around the one guy who knows what commands to type.
There's nothing more satisfying than picking up a casette tape from your little scanner+recorder (situated just outside the target's property line) after a maintenance weekend and end up with the root and enable passwords for all of their critical systems.
There are various degrees of 'security', from true frequency hopping spread spectrum through actual voice scramblers.
If you live in the USA, then read up on exactly what BATF does and does not regulate. You are in the clear, unless your local community has their own restricitons.
This also helps keep the cold air in the datacenter where it belongs, rather than causing hypothermia for the poor network operations people.
I'm not sure why 25 screens are required?
Most of my servers run 'headless', with serial ports connected to a terminal server. I have a single console server that handles all of the serial connections from the individual systems' serial console.
All of the routers, switches, UPS systems and other 'infrastructure' is on an identical setup, with extra security and logging.
In this design, I have one desktop system (FreeBSD) and screen (18" LCD) for each operator station, plus two large screen displays that show the current network status (one map, one showing alerts and status messages from the monitoring software).
The remote serial consoles are accessible via SSH (and strong authentication) from anywhere in the local network, so sysadmins and network admins can perform their duties without having to physical visit the data center.
By using the free 'screen' software to handle the serial port connections, we get a disk log of console activity, a scrollback buffer, and the ability to 'kibbutz', have two users share access to a single console, even though one might be in the NOC and the other user at home connected via VPN.
This design scales up well, I can get ~100 consoles on two PII/300 machines (retired PC desktops running OpenBSD), and adding additional hosts is as simple as buying another terminal server.
I'd like my next cat to be really large.
Any suggestions as to a breed of cat which will grow to be big (not simply fat) and are known to have a friendly temperment? No need to be good with small children or strangers.
I'd consider a Ragdoll or Maine Coon, but I would prefer a cat with short, dark hair, as most of my clothes and carpeting are various shades of black, and I'd like them to stay that way.
I can provide some information on the Bengal...
The Bengal is bred from the small wild "Asian Leopard Cat", not a leopard but Felis bengalensis, a small (up to 18 pounds) wild cat found in southern/eastern Asia, the Phillipines, and Indonesia. A full-blood ALC is very shy. The Bengal is a cross-breed with domestic cats, and acts pretty much like any other cat, except they like water and will cost you around $700 for a "pet quality" Bengal kitten.
A badly-bred Bengal will be shy, like her wild great-great grandmother.
Minuses: Not very interested in people. Often fearful. All Guinea pigs urinate a lot (no real bladder control). I've never seen one successfully trained to reliably avoid pissing on his/her owner.
Without lots of fresh vegetables, particularly a good supply of vitamin C, the guinea pig has a abbreviated lifespan.
Overall, I'd say a guinea pig is basically little more than a huge hamster -- easy to care for, but not all that interesting. They make a great pet for a kid, but aren't particulary geeky.
Copy their original spam message into WordPerfect (I said this was many years ago), set the page length to 1/8 inch, and hold down the "Page break" (Ctrl-Enter?) to ensure that each line of the message was on a seperate tiny page.
Save and send via faxmodem...
Buzz, Click! CHOP!
Buzz, Click! CHOP!
(repeat x 200 lines of spam).
Voila, pre-shredded fax. Also handy when you need some confetti in a hurry.
That is interesting news.
Do you have a cite for this (In english?). I'd like to send details (names, dates, contact info) to certain people I know who are contemplating sending such 'opt in mailings'.
Get your own domain 'sugrshack.org', and set up an MX record for 'lists.sugrshack.org' pointing to some static-IP Unix-like machine where you can set up a virtual SMTP domain (e.g. Qmail).
When you visit ZDNet and subscribe to their mailing list, you subscribe as 'zdnet@lists.sugrshack.org'. When a mailing list starts selling your address and refusing to honor unsubscribe requests, you simply stop accepting email for the one address 'zdnet@lists.sugrshack.org', and the problem is solved.
There are a few complications to this approach. The biggest hassle I have is that I do need to post to several lists that restrict posting to 'members only', which means I need to adjust the 'From' address on outgoing messages to reflect the address with which I subscribed.
I don't have to worry about forgetting what address I used when subscribing, as Qmail will included a 'Delivered-To:' header for each message received to a virtualhost/alias.
Another drawback is that I get even more spam than before (identical spam runs addressed to each of many aliases). However, spam sent to 'expired' aliases is easily filtered out and discarded.
There is also software out that makes it trivial to "spam" a web form, that is, to constantly call the CGI with random input, flooding the message store with bogus data.
My answer to spam?
Use GPG, and only email encrypted with your public key. If someday you start getting encrypted spam (never happened yet, encryption takes CPU resources), there is a more draconing step-
Only accept mail that is crytographically 'signed' by people in your personal keyring, or from somebody who has had their public key signed by somebody in your keyring.
This restricts incoming email to 'friends', and 'friends of friends'. It is spam-proof.
It also ensures that your Aunt Millie in Oklahoma who only uses WebTV will never be able to send you another email. This could be a good thing, depending on how annoying Millie is.
SmartFilter has had exactly that feature (They call it "coached" or "coaching") since at least 1997.
That one feature is the only reason I am even considering recommending the SmartFilter product at all. I've been testing it for the past week or so, and (aside from panic'ing the Solaris server I installed the software on!) it works pretty well :-)
As it happens, I am using Squid... with the SmartFilter plugin. This took a bit longer to install than Squid by itself, and is considerably more expensive ($4K/year for a 100 user license).
Okay, where do I go for a list of porn sites?Now then, where do I download equivalent lists to the couple of dozen additional categories that SmartFilter offers? Games? Drugs? Sports? Mp3? Chat? Investing? Dating? Webmail? Anonymizer? Politics/Religion? Cults/Occult? etc, etc.
Paying a subscription for updated filter information is not stupid if (and only if) you can trust the commercial entity that is maintaining the list to do a good job and not let any of their bias (religious, political, etc) show in how they rate sites.
I wish I could make it my job to surf for new Mp3 and porn serving web sites to add the URLs to a corporate filter list, but the reality is, paying $4K+ per year to subscribe to a list of sites/categories is cheaper and more effective than paying me to do the same job by hand (pun intended).