Forgot your password?
typodupeerror

Submission Summary: 0 pending, 32 declined, 6 accepted (38 total, 15.79% accepted)

+ - The case against gmail

Submitted by stry_cat
stry_cat (558859) writes "Ed Bot makes the case against Gmail

Gmail was a breath of fresh air when it debuted. But this onetime alternative is showing signs that it's past its prime, especially if you want to use the service with a third-party client. That's the way Google wants it, which is why I've given up on Gmail after almost a decade.

Personally, I've always thought it odd that no other email provider ever adopted Gmails "search not sort" mentality. I've been a Gmail user since you needed an invitation to get an account. However Gmail has been steadily moving towards a more traditional email experience. Plus there's the iGoogle disaster that got me looking into alternatives to everything Google. Will this be the wake up call Google needs to get its act together and stop being evil?"

+ - Ex-Marine detained under Operationn Vigilant Eagle for his political views sues->

Submitted by stry_cat
stry_cat (558859) writes "You may remember the story of Brandon Raub, who was detained withtout due process over some facebook posts he made. Now with the help of the Rutherford Institute, he is suing his captors.

According to his complaint [PDF], his detention was part of a federal government program code-named “Operation Vigilant Eagle,” which monitors military veterans with certain political views."

Link to Original Source

+ - where are the open source jobs? 2

Submitted by stry_cat
stry_cat (558859) writes "My company has bought into the FUD and is going 100% Microsoft. Rather than work in this environment and be continuously at odds with upper management, I have decided to seek employment elsewhere.

Where do I look for an open source job? I've started with the local paper's Sunday classifieds. I've looked on dice.com and monster.com. However almost all are Microsoft related. The few that aren't are some sort of dinky contract or temp job. So is there a place to find a job in an open source environment?"
The Internet

+ - Confessions of a Twitter Reject ->

Submitted by stry_cat
stry_cat (558859) writes "http://www2.richmond.com/content/2009/sep/03/confessions-twitter-reject/

Karri Peifer who says "I'm pretty sure I held the record for getting broken up with the most times in one year. It was the year I was 26 and I got dumped, on average, once every five weeks." continues her steak of being dumped. This time by Twitter.

"By 5 p.m. I had over 50 followers (and I followed them all right back). I'd tweeted 21 times. And when I logged off the day, I was smiling and contented by my new Twitter relationship. I couldn't wait for day two.

But a second chance with Twitter, it seemed, was not in the cards for me. At 9:58 p.m., less than seven hours after my first Twitter encounter, I was shut out. Suspended, in Twitterverse language. My account was taken offline, my followers removed, and a harsh warning label alerting me to the suspension was stamped over the account that only I could see."

As is often the case with faceless corportations, "Twitter responded with a canned, auto-reply, telling me it was all my fault; that, yes, I did something wrong. They even provided a list of things I likely did wrong. It was up to me to review the list and choose for myself. Then Twitter closed out my request and told me to be on my way. But I persisted. I didn't think I did anything wrong and, if I did, I was sorry. Could I have another chance? Twitter is thinking about it."

So she turned to her friends. They wanted to know if she cussed or used hostile language. Of course she didn't. The final consensus was " is that I talked too much. Or, rather, I talked back too much. For anyone who knows me, it's as likely as my cussing. Maybe even more so. But still, it was an innocent mistake.

When people tweeted me, I tweeted back. I thought I was supposed to. I thought it would be rude to ignore a tweet, especially when it was written expressly to me. But apparently that's wrong. I'm not supposed to @reply (write back) to people. At least not 20 times in two hours. That's what IM is for or DM (direct message). Or is DM like email? But then I thought Twitter was supposed to be a conversation, unlike Facebook, where you just post status updates. So if 20 @replies are too many, how many is just right? I still don't know and now I might never know. Twitter didn't even give me a chance. It just took one look at me, endured two hours of my nervous chatter, and kicked me to the curb."

So can anyone figure out why Karri was banned? Also she's in the market for a new social networking site, anyone have recommendations for her?"

Link to Original Source
The Internet

+ - Registrars still ignoring ICANN rules->

Submitted by stry_cat
stry_cat (558859) writes "Over a year ago ICANN moved to clean up mis-behaving registrars like GoDaddy They released this scary sounding advisory. However over a year later problems remain. One company is now publicly complaining. Some of the biggest registrars are slammed for their actions.

"Register.com is one frustrating company. The ICANN policy clearly prohibits blocking a transfer of a domain name that has expired but not yet been deleted. Despite that, a customer trying to transfer a three-day-expired Register.com domain name told us last week that they refused to give him the necessary code to allow him to transfer — unless he pays them to renew it first.

"GoDaddy (and their reseller arm, Wild West Domains) have a different problem. They still block transfers for 60 days after a registrant contact update, even after the ICANN update specifically prohibited doing so. They freely admit it, too. "

"We see a similar problem with many transfers from Network Solutions."

When will ICANN clean up these registrars?"
Link to Original Source

Spam

+ - Criteria for picking a good RBL

Submitted by stry_cat
stry_cat (558859) writes "Here are a few points about picking a good RBL for your spam filter:
http://isc.sans.org/diary.html?storyid=3194

From the article:

        * Speed of reaction: The faster (the more real-time) a list is updated, the more easier it is to deal with false positives and with false negatives.
        * Selection criteria: How are the sources added to the blacklist, based on what criteria? How sure are the blacklist admins that the one they are listing is bad? How sure are you they will not add your partners, customers, suppliers and other business critical peers. Similarly how sure are you they will not list yourself (from experience: this is extremely painful)
        * Goal of the blacklist: Does the list have an agenda (hidden or not) that you might not share with them? Do they aim to have 0 false negatives without care for false positives?
        * Ease of getting unlisted: How easy is it to contact the list administration for those listed ? Is there 24x7 (remember the Internet is worldwide so thy need to cover all timezones) support on getting back out for those unjustly listed ?
        * Working Email contact to get unlisted: This is very tricky for e.g. spam blocking list that are using their own blacklist.
        * Try contacting them to get unlisted: if you cannot reach them, remember what your communicating partner that got listed by accident will feel like. And while it might reflect mostly on the blacklist provider, it will also reflect on you and your organization due to your choice and implicit support of their (failing) processes.
        * Is there somebody who feels responsible enough behind it to put up out of band contact details such as phone numbers, working snail-mail addresses etc. Of course this means they'll feel exposed to the scam artists they are blocking, but it also means those being blocking without reason have a way to complain.
        * Blocking for the right reasons: E.g. some anti-spam lists are blocking with as reason the IP addresses sent unwanted TCP/IP traffic (not just unwanted email). Some might have political reasons or other things you don't want to be associated with.
        * Duration of a block: many IP addresses that get infected by bots etc. are home users on a (somewhat) dynamic IP address. Blocking such an IP address for a long time won't help as the IP isn't fixed and the next one to come after it will get blocked unwarranted. Similarly, infected machines do eventually get cleaned up by the rightful owners. So short durations are better.
        * Automatic delisting: How automated is the unblocking? Based on what tests is it done? Some listed entities might not know what blacklist they are being listed on. Hence asking them to jump through hoops on their own might not be hard, they might not even know what hoops they need to seek out.
        * Granularity of the block: Unless there are clear signs of malice, most regular users will clean up intrusions and malware instead of hopping about the IP address in an address space to avoid blacklists. Hence only very bad neighborhoods should get blocked indiscriminately. Similarly "punishing" an ISP for having a single misbehaving customer will not work as the ISP is hardly punished at all, it's the other (innocent) customers of the ISP that get hit.
            While there are people who are going to say they only deal with a specific country/continent and don't need anything outside, think a bit longer: none of the employees of your partners, customers, ... will ever go out of the country/continent on business or holiday and get a phone call to do something or try to make a decision on the road?
        * Security of the blacklist provider: Who can submit data to the blacklist, and how is the data authenticated? The bad guys could poison lists by creating fake data and submitting it in order to block even more addresses. Don't forget Availability is part of security: what happens to your processes if the blacklist were to become unavailable or just slow?
        * One practice I found to be impossible to deal with from an business point of view: was a blacklist demanding money to get unlisted. Any self-respecting business will feel this is extortion and will not give in. No matter that they send it to their charity of choice, no matter the small amount it actually is, this remains a show stopper. For you this means you'll find contacts who get listed and have no way of getting out again.
        * Do the blacklist administrators actually warn those getting listed? Since many of the evil actions a machine does is more often than not done without the knowledge of the rightful owner, a word to the ISP connecting the machine or the business hosting the machine, can in fact be a big step towards detecting the rootkitted botnet and starting the clean-up."
Communications

+ - America doesn't have a broadband problem

Submitted by stry_cat
stry_cat (558859) writes "According to this story, the new FCC Commissioner believes that "the country doesn't really have a broadband problem."

This statement contrasts sharply with what others are saying. For example a 2006 ars technica article stated "Looking at the statistics contained in the report, we discover that the US is 16th in the world in terms of broadband penetration and 15th in rate of growth. As of December 2005, the US had approximately 16 broadband subscribers for every 100 inhabitants. In contrast, Iceland had almost 27, while South Korea, the Netherlands, and Denmark were right around 25 per 100."

Has our broadband crisis been solved in just under a year, or is the new FCC Commissioner mistaken?"
Spam

+ - More Evidence that Blacklists are bad-> 1

Submitted by stry_cat
stry_cat (558859) writes "Here's a brief summary with good links detailing how the Austrian domain registry ended up on the Spamhaus Block List.

From the article:

"Altogether this seems to be a big mess, being driven by different goals, points of view, and also ego. Using blacklists is a two edged sword (which has also been stated on isc.sans.org numerous times), but this story only makes me wonder for the sanity of the whole system."

I'm sure /.ers will agree that it is a big mess. Take heed if you use a blacklist as spamhaus.org isn't the only one that suffers from delusions of grandeur."

Link to Original Source
Worms

+ - Thought RTFs were malware free? Think again!

Submitted by stry_cat
stry_cat (558859) writes "Over at http://isc.sans.org/diary.html?storyid=2528&rss it says:

"...no doubt that you are aware of the huge number of exploits directed toward various Office applications, mainly Microsoft Word and PowerPoint. For quite some time a lot of administrators (us included) told people to convert documents to other (safer) formats, one of them being RTF (Rich Text Format). Although this format is proprietary, the specification is publicly available so a lot of word processors support this format."

However as the article continues, we find that one can still embed stuff. Embedding the right (or is it wrong) stuff can have the unsuspecting user downloading some seriously bad malware. Even worse it is likely your AV software will miss this malware!

The article concludes:

"This was another example of why complex file formats should be avoided. Even if you do scan all files on your e-mail gateway (or web filtering server), as you can see most AV programs would miss this as they would scan only the RTF document. One more time we see how important defense in depth is — in this case you would depend on user's awareness and ultimately on his desktop AV product. ""
Censorship

+ - Congress still wants to force bloggers to register

Submitted by stry_cat
stry_cat (558859) writes "It has already been reported (here and here) that some in Congress want to force bloggers to be licensed before they can start blogging. Now there is yet another attempt.

Once again it is under the guise of stopping astroturfing. However as is explained by grassrootsfreedom.com , "The grassroots legislation, simply stated, is unconstitutional. It is nothing more than some with vested financial and political interests trying to violate the First Amendment rights of others."

Another group, DownsizeDC.org, is also working against this dangerous legislation. They have set up an e-mail your Congressman tool."
Windows

+ - MS DST Patch problems

Submitted by stry_cat
stry_cat (558859) writes "http://isc.sans.org/diary.html?storyid=2435 From the article:

It appears that there is problem with MS DST patch... MS DST patch (931836) problem. Regarding this patch problem more information can find from here. There is another fix patch available for Windows-based applications that use the TZ environment variable may not work as expected because of changes to DST. More information available following link (http://support.microsoft.com/kb/932590/en-us)
Makes you think this story asks a good question — Is DST really worth it?"

"Right now I feel that I've got my feet on the ground as far as my head is concerned." -- Baseball pitcher Bo Belinsky

Working...