Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment: Hotmail (Score 1) 405

by xrayspx (#48385873) Attached to: Ask Slashdot: How To Unblock Email From My Comcast-Hosted Server?
Hotmail did this to me too, sending from my VPS at 1 and 1. The explanation in their bounce was that it was due to other hosts from the same provider being spammers, etc, but that after my host's reputation was established it would be naturally un-blocked.

That does seem to be what's happened. As I consistently generate non-spam mail toward hotmail/outlook.com accounts, it has been un-blocked and now works without issues.

I'm particularly interested in your case however, since I plan to migrate to Comcast business myself. I'd prefer not to relay through their servers if possible, what with the shenanigans large ISPs seem to want to pull recently re: STARTTLS downgrade attacks, etc.

Comment: Re:Dual interface ? (Score 1) 92

by xrayspx (#46628433) Attached to: Intel Upgrades MinnowBoard: Baytrail CPU, Nearly Halves Price To $99
Here's an RSN product, Bunnie Huang has been building his own completely open hardware laptop, and demand has been such that they're looking to sell them sans-screen in a router case with two NICs: Novena

I have no idea about availability, but they're around, Jake Appelbaum was playing with one the other day in a recent talk.

Comment: Personally and Professionally (Score 1) 445

by xrayspx (#46309809) Attached to: Ask Slashdot: How Do You Manage Your Passwords?
Personally, I use a password protected secure not in an OSX keychain. Fine, rail me for that, but if someone gets into my keychain, I already lose anyway.

For work, I've been trying WebPasswordSafe for the last several months. This is to get away from the melange of different un-sync'd password lists in various password managers people in the IT department had. So far it works well, it offers group policies, so theoretically it could be rolled out company wide and each user and group could have their separate password lists.

I'd been guided to look at SecretServer, but the features I need are in WPS, and it's easier to sell Free in my company than Several Hundred or Thousand dollars, for many things at least.

Comment: I've just been dealing with this (Score 1) 388

by xrayspx (#45927967) Attached to: Ask Slashdot: What To Do With Misdirected Email?
I use a personal domain for my actual mail, but have accounts at all the major free mail sites too, just for spam or whatever.

I started getting mail to my Yahoo account which wasn't spam, but clearly not for me, as part of a group of people participating in a medical imaging conference. For a while I just blew it off, but eventually the organizer mailed my actual non-yahoo address by mistake as well. So I decided to be swell about it and let her know that I'm not the person she's trying to reach. She said "Oh, I'm sorry, I meant to do (yourname)@yahoo.com, thanks!", and so I told her "well no, that's also me, sorry". I proceeded to tell her an address which would work for her intended recipient (work email for the person she was trying to mail, who isn't me).

Basically she refused to believe she has been sending to the wrong address, and said "I had no idea two people could have the same email address, I guess Yahoo must allow it or something". At that point, I gave up and just let it go again. It's not high-volume enough to matter.

Comment: Re:spamassassin (Score 1) 190

by xrayspx (#44722339) Attached to: Ask Slashdot: Speeding Up Personal Anti-Spam Filters?
There's a lot to do to SA to make it "good". I shared your opinion a year ago. I run a relatively low volume personal mail server for a few domains and a few users. I had SA, but it didn't do much, and I had bigger fish to fry dealing with much larger mail sites than my stupid personal nonsense. I typically get about 300-500 spams a day, and very few legit mails. I was getting false positives, so I'd just never see the mail, and tons of false negatives. About 20% of the daily spam was hitting my inbox, making it unlikely that I'd ever even check my personal mail. If you mailed me, and I didn't have an existing filter from you, there was maybe a 60% chance I would notice your mail in time for it to matter.

I decided one day to fix all this, regardless of what that entailed. I lowered the threshold for SA to a score of 4 (which they bark at you not to do, but fuck 'em, I've seen maybe 6 legit mails with a score higher than 4.5, in my world anyway). The key components were: enabling remote checks, RAZOR and DCC, and having SA train its filters off of my false negatives. I use the Train SA script, so I drop any false negatives in a Train Spam folder, and this picks them up and runs them through SA's filters to train it.

My false negative rate dropped pretty much immediately from 20% to ~3% to 5% on weekdays, and zero to 1% on weekends, which I can live with. In the year or so since I actually put my back into fixing this, I've gotten maybe 2 false positives.

I don't see long processing times, mail comes through pretty much as I send it in my tests on my VPS, but again, I only get a few hundred mails/day. If I had volume over a few dozen thousand/day, I'd probably just bite the bullet and pay Google (Postini) to make it go away.

Comment: Didn't have the issue as a pre-order customer (Score 1) 639

by xrayspx (#40701349) Attached to: Apple Gets the Importance of Packaging; Why Doesn't Google?
Since Pre-Orders arrived a couple of days after you could buy these in the stores, I had seen the videos of reviewers trying to unbox their tablets. Since I abhor the fetishization of consumer electronics garbage, I intended to make two videos:
  • My wife unboxing hers in the semi-sexual consumer garbage nerd way and having a hard time due to over-tight packaging.
  • Me unboxing mine in a 5 second flash of steel from a boxcutter. I mean, the name kind of gives it away there. Cut. The box.

I sadly canceled movie time when the outer sleeves of both devices slid cleanly off as soon as we tipped them upright, and the inner box opened just as smoothly. I'm guessing that sometime between shipping devices to Gamestop and Staples, and the time they shipped to pre-order customers, the packaging problem was resolved.

Comment: MSN Also Censors (Score 2) 483

by xrayspx (#40638401) Attached to: Facebook Scans Chats and Posts For Criminal Activity
MSN Messenger also censors their chat traffic, though I wouldn't pretend to know if it's to this startling degree. They do do active scanning and will silently drop and reformat messages containing keywords (and technology) they don't like. Here is an example of a URL which will be dropped if you send it through MSN Messenger:


Yet another reason for ubiquitous crypto usage in IM. Use a libpurple-based client with OTR (Pidgin, Adium) and you can avoid much of this mess.

Comment: Is GRC some kind of trusted resource now? (Score 3, Insightful) 454

by xrayspx (#40257167) Attached to: How Many Seconds Would It Take To Crack Your Password?
I have to wonder why anyone listens to Steve Gibson about anything, ever. He goes back a long way, making sweeping claims about things he kind of understands based on research done by actual security professionals. Has he gotten better at things in the last decade or so? He always had a tendency to hear something, run off on a tangent creating press releases and small tools, and then get shouted down by the security community at large. Examples including who did the heavy lifting: Raw Sockets (l0pht/@stake IIRC [and whoever the initial researcher was, they did NOT spin it as the apocalypse, as Gibson did), WMF (Ilfak Guilfanov), SYN Cookies (djb), DNS (Dan Kaminsky), and this article right here.

Slashdot always seems to be his willing dupe and publicizes whatever he is concerned with at the moment.

Comment: Re:Would a dynamic gradient fill help? (Score 1) 106

by xrayspx (#40142115) Attached to: HP's Core WebOS Enyo Team Going To Google
Absolutely right, that's why I hesitated to even say the words. Clearly though, someone "designed" the "user experience" to such a degree of polish on Palm, and it's a shame to lose it down the memory hole of ex-smartphones:

Video showing card based task switching. It's important to note that these aren't launching, things in cards are apps that are actively running. Also, by throwing away the card, it quits the app, that simple. In Android, some apps have a quit menu item, some don't. By using the "Recent Apps" feature (holding down the home button on my Evo, for instance), it will show you recent apps, but not their state, and it's not known if they're still running or have been shut down or what, it's not a task switcher as much as a history button.

Give a man a fish, and you feed him for a day. Teach a man to fish, and he'll invite himself over for dinner. - Calvin Keegan