Forgot your password?
typodupeerror

Comment: https is dead (Score 5, Funny) 151

by lougarou (#46741143) Attached to: Private Keys Stolen Within Hours From Heartbleed OpenSSL Site

For all practical purposes, https is dead. There is no way browsers will carry around the hundreds of thousands of possibly-stolen-so-unsafe certificates fingerprints (to consider these tainted/revoked). The only way forward is probably to move away to an incompatible protocol. And if possible, cure some of the X509 wrong ways.

Comment: Re:Benchmarks (Score 1) 160

by lougarou (#31178094) Attached to: Open Source 3D Nvidia Driver Is Ready For Fedora 13

# wtf? with the binary blob:
here$ cat /etc/X11/xorg.conf
Section "Device"
        Identifier "nVidia Corporation GeForce 8600 GTS rev 161"
        Driver "nvidia"
        BusID "PCI:1:0:0"
                Option "RandRRotation" "on"
EndSection
here$ xrandr -o 1
(turns his head to the right)

Spam

+ - Stopping Spam with Linux

Submitted by
support department
support department writes "What is Spam?
If you have used email at all you have seen spam: unsolicited and unwanted email. The way that email works means that it is very easy to send out bulk mailings at a very low cost. The cost is low because largely it is the receiver of the email that pays. If you read email on a dialup modem line or pay for your Internet connection, then in a real sense you are paying for the spam you get.Why Can't the ISP Just Block it For Me?

Often it is difficult for ISPs to block spam to everyone. This is because the ISPs do not know which email items you want to receive and which ones you do not. The ISP cannot predict in advance what email you have an expectation of getting and from where. It would also be inappropriate for ISPs to screen the content of the messages. There would be privacy issues. However, there are certain approaches that can be taken at the email server side. If you have recently installed Linux and are thinking of running your own email server, then you should carefully consider the problem of spam.

Focus on sendmail
Sendmail is the most widely used MTA on the Internet. It's an old, large, complex and not particularly efficient program. In particular it has a bad reputation for being difficult to configure. Whatever email server program you choose to use, though, blocking spam is still an important issue. The concepts outlined below are applicable to any type of server program.

Disallow Relay
The most basic thing you should do is prevent your machine from being used as a place from which to send spam. It may be surprising, but the 'Simple Mail Transfer Protocol' that is used by all Internet email gateways does not check passwords or any other sort of access when it is accepting messages for delivery. If a spammer connects to your email server all they have to do is give it a list of addresses, which takes just a few seconds. The MTA then 'fans out' the lists of email addresses into real attempts to connect to remote sites. At the very least you need to stop other people from using your email server from doing their dirty work with your resources.
To prevent this from happening, first you need to make a list of hosts that will be allowed to relay through your server. These would include other machines at your site, perhaps PCs running F{LocalIP} /etc/mail/LocalIPg mail clients under Microsoft Windows. Make a file /etc/mail/LocalIP and then add the line:

F{LocalIP} /etc/mail/LocalIP

anywhere in the top of your /etc/sendmail.cf file and add these lines at the end of the /etc/sendmail.cf file:

Scheck_rcpt
# first: get client addr
R$+ $: $(dequote "" $$) $| $1
R0 $| $* $@ ok no client addr: directly invoked
R$={LocalIP}$* $| $* $@ ok from here
# not local, check rcpt
R$* $| $* $: $>3 $2
# remove local part, maybe repeatedly
R$+ $:$>removelocal $1
# still something left?
R$*$* $#error $@ 5.7.1 $: 550 we do not relay

Sremovelocal
# remove RelayTo part (maybe repeatedly)
# R$*$* $>3 $1 $4
R$*$* $: $>removelocal $>3 $1 $3
R$*$* $@ $1$3
# dequote local part
R$- $: $>3 $(dequote $1 $)
R$*$* $: $>removelocal $1$3

This fragment of sendmail configuration file is from the sendmail Web site. There is a lot of detail there on how to get sendmail configured to block spam. So I will just skim over the rest of the methods available and point you there for further practical assistance.

Check For Bad Addresses
The next level of sophistication is to keep a list of addresses and sites to block. For instance if you notice that a lot of junk email is coming in from 'cyberpromo.com' you will want to block that site. The way to do this is with the 'check_mail' rules set. This method will prevent delivery from the sites you list. However, it may be difficult to keep track of where the spam is coming from and time-consuming to maintain a current list of sites that allow spam. Paul Vixie maintains a MAPS Realtime Blackhole List which is accessible via the DNS Server (non-technical explanation: it works from anywhere on the Internet quickly and with minimal fuss) and to use this you only need add a couple of lines to your 'check_mail' rules set.

procmail as MDA
The above discussion has focused on the server. But if you look at the nuisance value of mail from the user's point of view, it is worth filtering out spam email as it arrives. To do this you use the next stage in the email system. This is not the email client that you the user actually run to read the email, but the 'Mail Delivery Agent' or MDA that is used to place the messages in your email spool file as they arrive. The MDA I use is called procmail.

Procmail can easily be configured to block spam at the point of delivery. To do this, first make a list of addresses which your mail is delivered 'To'. By this I mean your email address or addresses and the address of any email lists you might be on. For instance I can take email as james@maths.ex.ac.uk, j.s.andrews@ex.ac.uk and I am also on the list spamsuckers@maths.ex.ac.uk. The idea behind using procmail to filter out spam is to attempt to match on your known addresses and that anything is left after this must be spam. This is a little dangerous in case there is a list or alternate address you have forgotten, but if you lob the spam into a different folder, (procmail can do this) then it is at least hidden away and not polluting your main folder.

Here is a set of procmail 'recipes' that are placed in the .procmailrc for each user, or the /etc/procmailrc for everyone on the machine.

#main address :0:
* ^TO_james@maths.ex.ac.uk
$ORGMAIL

#alternate address :0:
* ^TO_j.s.andrews@ex.ac.uk
$ORGMAIL

#list I am on :0:
* ^TO_spamsuckers@math.ex.ac.uk
$ORGMAIL
#doesn't match so it must be SPAM :0 E:
spam

This will make a folder called 'spam' containing all incoming messages. Keep an eye on this folder for a while after you have set up the filtering. This is just to check that it is all working as planned, and to tweak the rules as required.

Fret not! If your best efforts to block spam at the receiving end fail, Linux can still help you!

whois
To complain back to the source of the mail you can look up the people that run the spam site with the whois command. Just use the left hand side of the address as input.
mordell:~% whois cyberpants.com

Registrant:
x-Cyber Promotions (Cyberpants5-DOM)
8001 Castor Avenue Suite 127
Philadelphia, PA 19152
US

Domain Name: Cyberpants.COM

traceroute
To figure out who are the 'upstream' Internet providers to the spam site you can use the traceroute command. Here is the end of a typical output run.
nslookup and dig
If traceroute and whois can't seem to find the right-hand side part of the email address, then nslookup or dig may be able to find you a good address you can use related to the mystery address. Please refer to the online documentation for more details.

All of the solutions outlined above work on the server regardless of the email client used to read mail. So you could implant a spam-blocking policy on a Linux server, and continue to read email on a different platform (like Netscape on a Macintosh for instance) while still getting the benefits of Linux!

Referance — http://www.bodhost.com/web-hosting"
Censorship

+ - Senators attempt to silence global warming dissent

Submitted by
Phillip Toland
Phillip Toland writes "As a follow up to yesterday's article about anthropogenic climate change dissent, OpinionJournal.com has an article discussing a recent letter sent to ExxonMobile's CEO by Senators Jay Rockefeller (D) and Olympia Snowe (R). The full text of the letter can be found here. The authors of the article believe that the letter is an attempt by the Senators to silence criticism in the climate change debate. Indeed the letter seems to indicate that everything is settled and Exxon should just shut-up. Is this the kind of bias the BBC is looking for?"
Security

+ - Security People Use Firefox

Submitted by Anonymous Coward
An anonymous reader writes "A look at the Hack Report's web stats confirms two things that I've suspected for a long time a) Security (conscious?) people use Firefox (64%) instead of IE (26%) and b) Firefox users are much faster when it comes to upgrade to a newer version. My guess is that a lot of this will change rather quickly once Vista installations pick up.
http://hackreport.net/2006/12/05/security-people-u se-firefox/"
Privacy

+ - Australian Backdown on draconian copyright laws

Submitted by glamb
glamb (191331) writes "Australian Attorney-General Philip Ruddock's copyright reforms are almost certain to become law by January, after significant changes were made to ensure innocent consumers are not criminalised.

The Copyright Amendment Bill 2006 passed through the Senate on Friday after a number of modifications were made. It will now go back to the House of Representatives for re-approval.

"The Free Trade Agreement with the United States means the worst aspects of the American Copyright system has been imported into Australian law but with none of the consumer safeguards such as open ended fair use rights that exist in the United States," said Greens senator Kerry Nettle. "This new Copyright bill extends this problem and threatens to criminalise a fifth of Australians who regularly share music, movies and video games amongst friends and family.""

"Only the hypocrite is really rotten to the core." -- Hannah Arendt.

Working...