Looks like Dan Bernstein was on to something when he said BIND's design was fundamentally flawed and would result in vulnerability after vulnerability. Just goes to show you that sometimes the most paranoid among us can still be on to something.
This journalist should break the stupid law that elected officials signed in, and the general public has done very little about?
A law must be challenged in court to get it thrown out. Journalists working for large media corporations have the backing necessary to get this law overturned. The average citizen does not.
Does that mean that if I compile a piece of GPL software with, say, bcc and it staticly links against Borland's C library, I can't distribute the binaries?
No, because the software plus the compiler will create the binary that you are distributing.
After January 1, California's new spam law turns on, with criminal penalties and a private right of action. And you get to sue the advertiser, not just the sender.
What happens when someone doesn't like your company, and sends spam that advertises your website, using open proxies? How do you prove that you didn't send it?
Umm... wouldn't internet headers play into this some? You get a bunch of spam from SCO but the internet header says comcast.net.
Spam almost always come from somewhere other than the network hosting the web server selling the product. Usually, it comes from open proxies, often located in countries like China.
What is even worse is when someone puts your website URL in the spam. SpamCop and the like automatically mail thousands of abuse complaints to your ISP, even though you have no control over the spam. If you aren't paying thousands of dollars a month for bandwidth and have a good lawyer, expect to be terminated.
You need to buy the drives anyways, and to set up the RAID, you'll end up reformatting the drives anyways. Other then some time, what do you have to lose?
Hardware RAID is much more reliable. You can't boot off software RAID. If software RAID was that good, then no one would buy 3ware cards. If I'm setting up a 1 TB+ array, I'm going to spend a few hundred on a good RAID controller.
SQLite is tiny, fast and ACID compliant. SQLite is a public domain embedded SQL database library. It is similar to BDB, but provides a complete SQL database.
Pricewatch lists 160 gig drives as costing about $100. Assuming they cost $125 (including shipping, and not from the lowest priced place), 7 drives, giving you 1120 gigs of storage space, would cost you $875.
You will also need a good RAID controller. 3ware makes the best IDE RAID controllers. An Escalade 7506-8 would be good here.
Fiber to the curb should be here, and it should be cheap.
If you can get cable modem service, then you probably already have fiber to the curb. The last 30 feet to your house are coax. And at $40 a month, it is cheap.
Why the fuck would anyone run a "mail rejector daemon"? Seems like not answering to port 25 would fulfill all your mail rejection needs.
VeriSign is doing the correct thing with regards to SMTP. Not answering will cause the sending mail server to hold the mail in the queue for the queue lifetime (usually a week). Rejecting mail with a 550 causes it to bounce immediately. This is the desired behavior.
Even better, you can send mails with 10MB attachements to people you don't know at random internet addresses ending with.com, they'll love it...
Wrong. Their SMTP server rejects all DATA commands with a 550:
$ nc 64.94.110.11 25 220 snubby1-wceast Snubby Mail Rejector Daemon v1.3 ready MAIL FROM: <> 250 OK RCPT TO: <anyone@example.com> 250 OK DATA 550 User domain does not exist.
Re:We really need a different language
on
Secure Programming
·
· Score: 5, Interesting
They happen because A) most code is written in C or C++, and B) everyone makes mistakes (even the finest open source developers overlook simple buffer overflows).
That's not true. qmail and djbdns do not have security holes. They were written using secure coding techniques that make them immune to things like buffer overflows. You can't "overlook" a buffer overflow with stralloc.
And so if your server is compromised and becomes a spam-spewer, DDOS zombie, cracker relay, or other public menace, its going to be hard contacting you because of the bogus information and a potentially dormant yahoo account.
That's why you do a whois lookup on the IP address, not some random domain hosted on the IP.
.museum have had a wildcard all along, and it hasn't broken a darn thing.
If you accidentally send email to a non-existant.museum domain, it will sit in the mail queue for the queue lifetime, instead of bouncing immediately like it should.
On another note, this would have to be some form of nameserver hack, not a root file hack(correct me if I'm wrong). But not all of the root servers are controlled by Verisign.
This wouldn't be done on the root name servers. This would be done on the.com and.net name servers, i.e. gtld-servers.net, all of which VeriSign controls.
It is no big deal to put a little line in my sendmail.cf (through m4) that tells sendmail to always forward mail though a different server. All it means is my ISP can put a recieved line in the headers, and get complaints if I SPAM.
It also lets their mail server silently lose your mail messages, with no indication to you. I like running my own mail server because then I always know what is happening with my mail.
Large ISPs such as Cox Communications are notorious for having unreliable mail servers (and DNS servers).
Slashdot Mirror
Looks like Dan Bernstein was on to something when he said BIND's design was fundamentally flawed and would result in vulnerability after vulnerability. Just goes to show you that sometimes the most paranoid among us can still be on to something.
You are referring to these pages:
http://cr.yp.to/djbdns/blurb/unbind.html
http://cr.yp.to/djbdns/blurb/security.html
so tell me WHY THE FUCK the server has to send the client information about what's behind the friggin walls ?
Latency.
This journalist should break the stupid law that elected officials signed in, and the general public has done very little about?
A law must be challenged in court to get it thrown out. Journalists working for large media corporations have the backing necessary to get this law overturned. The average citizen does not.
Does that mean that if I compile a piece of GPL software with, say, bcc and it staticly links against Borland's C library, I can't distribute the binaries?
No, because the software plus the compiler will create the binary that you are distributing.
After January 1, California's new spam law turns on, with criminal penalties and a private right of action. And you get to sue the advertiser, not just the sender.
What happens when someone doesn't like your company, and sends spam that advertises your website, using open proxies? How do you prove that you didn't send it?
Umm... wouldn't internet headers play into this some? You get a bunch of spam from SCO but the internet header says comcast.net.
Spam almost always come from somewhere other than the network hosting the web server selling the product. Usually, it comes from open proxies, often located in countries like China.
What is even worse is when someone puts your website URL in the spam. SpamCop and the like automatically mail thousands of abuse complaints to your ISP, even though you have no control over the spam. If you aren't paying thousands of dollars a month for bandwidth and have a good lawyer, expect to be terminated.
You need to buy the drives anyways, and to set up the RAID, you'll end up reformatting the drives anyways. Other then some time, what do you have to lose?
Hardware RAID is much more reliable. You can't boot off software RAID. If software RAID was that good, then no one would buy 3ware cards. If I'm setting up a 1 TB+ array, I'm going to spend a few hundred on a good RAID controller.
SQLite is tiny, fast and ACID compliant. SQLite is a public domain embedded SQL database library. It is similar to BDB, but provides a complete SQL database.
Pricewatch lists 160 gig drives as costing about $100. Assuming they cost $125 (including shipping, and not from the lowest priced place), 7 drives, giving you 1120 gigs of storage space, would cost you $875.
You will also need a good RAID controller. 3ware makes the best IDE RAID controllers. An Escalade 7506-8 would be good here.
Fiber to the curb should be here, and it should be cheap.
If you can get cable modem service, then you probably already have fiber to the curb. The last 30 feet to your house are coax. And at $40 a month, it is cheap.
Submit your email address to some adult websites. You will get plenty of mail.
Nothing is 100% secure
Oh really?
Why the fuck would anyone run a "mail rejector daemon"? Seems like not answering to port 25 would fulfill all your mail rejection needs.
VeriSign is doing the correct thing with regards to SMTP. Not answering will cause the sending mail server to hold the mail in the queue for the queue lifetime (usually a week). Rejecting mail with a 550 causes it to bounce immediately. This is the desired behavior.
This is horrible for web spiders and search engines.
No, it isn't. Learn about robots.txt.
Even better, you can send mails with 10MB attachements to people you don't know at random internet addresses ending with .com, they'll love it...
Wrong. Their SMTP server rejects all DATA commands with a 550:
$ nc 64.94.110.11 25
220 snubby1-wceast Snubby Mail Rejector Daemon v1.3 ready
MAIL FROM: <>
250 OK
RCPT TO: <anyone@example.com>
250 OK
DATA
550 User domain does not exist.
They happen because A) most code is written in C or C++, and B) everyone makes mistakes (even the finest open source developers overlook simple buffer overflows).
That's not true. qmail and djbdns do not have security holes. They were written using secure coding techniques that make them immune to things like buffer overflows. You can't "overlook" a buffer overflow with stralloc.
And so if your server is compromised and becomes a spam-spewer, DDOS zombie, cracker relay, or other public menace, its going to be hard contacting you because of the bogus information and a potentially dormant yahoo account.
That's why you do a whois lookup on the IP address, not some random domain hosted on the IP.
.museum have had a wildcard all along, and it hasn't broken a darn thing.
.museum domain, it will sit in the mail queue for the queue lifetime, instead of bouncing immediately like it should.
If you accidentally send email to a non-existant
On another note, this would have to be some form of nameserver hack, not a root file hack(correct me if I'm wrong). But not all of the root servers are controlled by Verisign.
.com and .net name servers, i.e. gtld-servers.net, all of which VeriSign controls.
This wouldn't be done on the root name servers. This would be done on the
Oops, the last link is outdated. Try this one: http://www.inter7.com/qwho.html
How many users do you serve with qmail?
qmail can handle millions of users. Many large sites run qmail. Hotmail used to run on qmail. Yahoo! uses it for their outgoing mail.
It is no big deal to put a little line in my sendmail.cf (through m4) that tells sendmail to always forward mail though a different server. All it means is my ISP can put a recieved line in the headers, and get complaints if I SPAM.
It also lets their mail server silently lose your mail messages, with no indication to you. I like running my own mail server because then I always know what is happening with my mail.
Large ISPs such as Cox Communications are notorious for having unreliable mail servers (and DNS servers).
You block it by default and you make it easy for the ones who know what theure doing to have access to it. How freaking hard is that?
Very hard. Earthlink blocks outbound port 25. Get a dialup account from them, convince them to unblock it for you, and I'll give you $25.
we have to work around an MSIE rendering bug (present in every version of MSIE we've tested)
I am interested in hearing about this bug.