Slashdot

How to dress for an interview.

Even though I'm not really an IT professional anymore, I still found this one pretty damn funny.

The last several days have been trying for my webserver at home. Not because of traffic, which is always minimal. Rather, it appears that a bot-net has been employed to try to compromise my webserver root password.

On July 9th alone, there were attempts to log into my system via ssh as root from over 240 different IP addresses. Most addresses appeared to make only one or two attempts and then give up, never to be seen again. Of course none of them succeeded.

I find this interesting, because it is the opposite of what I usually see. I often see individual computers make several hundred attempts to get in as root. Even more often I'll see individual computers go through a very long list of common names to try to get in as a non-root user. But these systems were only trying root.

I'm not even sure how to address this issue. I have approximately no fear of them getting in as root - that is disabled on this system anyways. Even if they cracked the password, they still wouldn't be allowed in as root. I supposed I could just ignore it, since this uses a trivial amount of bandwidth, with an attempt only around every 20 minutes. I have the logs of which system tried when and how.

When the "usual" attack happens - one system, many attempts - I contact the ISP immediately with the logs. But if I wanted to contact the ISP for this, I could be trying for dozens (or even hundreds) of ISPs, likely in many foreign countries.

Slashdot users have been seeing links for the meta-moderation system for some time now. Suckers like myself have even clicked on it and completed the 10 meta-moderation questions a few times. I've probably done it a dozen times or more now.

When you complete it, it says it "provides moderator feedback to help our system work". This seems to imply that feedback should go back to the moderators whose moderations you just provided input on.

But where does the meta-moderation feedback actually go?

I have had moderator access many times now. I've probably had 5 moderator points at least a dozen times, and 10 moderator points at least 5 or 6 times. I would say I've easily used over 100 moderator points myself.

But never have I seen feedback on my moderations. I would think that someone has had one or more of them in meta-moderation by now. So where does the meta-moderation data go?

On more than a few occasions, I have commented on how I feel ICANN has dropped the ball on the role they ought to play in reducing spam and internet crime.

One recent example was my comment where I said that ICANN is missing the point in choosing to go after domain tasting instead.
Yet, no fewer than three different replies came in from people who misread my posting to somehow be looking for ICANN to provide police work. Go figure.
So here, I will point out where ICANN drops the ball, and where they can reasonably take action, as the regulator of registrars for some of the most prominent TLDs on the internet.

First, I will very plainly spell out the role of ICANN. They serve primarily to select which registrars can or can not sell domains from within a list of TLDs such as .com, .org, .net, and .info, to name a few. ICANN has posted the Accreditation process and requirements in a straightforward manner. That page lists what documents have to be filled out and submitted, and what fees must be paid in order to become an accredited registrar. It also lists what terms a registrar must abide by to keep their accredited status.

It is important to note on this matter that of course, as the ICANN has the ability to grant accredited status, they also have the right to revoke it from those who do not abide by the rules. And this right of theirs is what I am asking them to exercise.

The connection between this and spam is straightforward. Spammers know which registrars are most spammer-friendly. In general, the registrars that are most cooperative towards spammers are the ones that are willing to submit bogus registration (WHOIS) data for domains that they have sold. And the maintenance of accurate WHOIS data is one of the key points of the accreditation agreement for registrars.

In short, I just want the ICANN to actually take positive steps to ensure that accredited registrars actually maintain the records that they are obligated to keep. The registrars who blatantly violate this know who they are, and they use a variety of mechanisms to hide their offenses. I just want ICANN to use the one power they have - that to revoke accreditation status - on the registrars that willingly provide bogus WHOIS data.

This is in no way a law enforcement function that I am asking from ICANN. I just want ICANN to ensure that the proper data is made available so that the appropriate authorities can be contacted in regards to internet crime.

PC users who have been around long enough remember various reasons why we had to partition our hard drives in the past. In DOS, we often had to partition our drives just to get around the size limitations of FAT12 or FAT16 partitions. In various UNIX flavors, partitioning was the standard M.O. for various reasons. I've even seen good arguments for partitioning in windows to keep the OS from hopelessly fragmenting its hard drive while reading and writing the swap file.

Yet, most popular OSes on the market currently prefer to operate with a single partition. Mac OS X - which of course is a UNIX variant - wants its hard drive as a single partition. Windows generally fights attempts to not keep the drive as a single partition, even during an initial install. And I've even seen Ubuntu Linux setup with just a single partition.

So is the hard drive partitioning scheme a thing of the past? Will I find it another skill like DOS commands that ends up relegated to only cynical old-school geeks like myself?