Re: OT - Linux attempt update
The Wig-meister
>>mean something else, you balls up then try and dig yourself out of a
>>hole, what other posters need to be aware of is that I've had dealings
>>with this person for a number of years and this is typical of what he
>>does.
>
> What a load of crap. You misunderstanf something that I write and then
> accuse me of changing what I meant. If you were to read my earlier
> posts in context you would see that they are all entirely consistent
> once you are aware of the initial miosunderstanding.
I misunderstood nothing, you were very clear, you said "you do not
firewall a public server", I stated you should, you called me clueless
for doing such a thing.
A direct quote from you "You suggest firewalling a *public* server.
Pretty clueless, aren't you?".
>
>>Hence my lack of patience with the man, apologies if it offends some,
>>but you really ought to do a bit of research then you may understand why
>>i sometimes react like I do, I have a long memory.
>
> So do I, and I wonder again why you feel the need to keep changing your
> posting nym.
Because I choose to.
>The usual reason people do that is because they want to
> distance themselves from their embarrassing earlier posts to prevent
> people looking at their posting history.
That's one reason, but not the reason in my case.
>If that's not the reason in
> your case and you are quite happy with your posting history, list all
> the nyms you have used in this ng in the past so that others can take a
> look at *your* posting history if they are minded to do so.
One reason I change my persona is to be able to use different techniques
to deal with you and people like you and their beliefs.
I don't like paedophiles, people who have sympathy for them, nor for that
matter people who have convictions for possessing child porn.
For all the folks in the Linux networking groups who have just joined us,
this man meets some of the above criteria.
>
>>> If to you it
>>> means that incoming connections can be made only to a few selected
>>> port numbers, then *every* machine is firewalled by that definition
>>> unless they are listening on all 65536 ports.
>
>>Again you're bullshitting, but rather than discussing it with you, I
>>will simply quote wikipedia.
>
>>"A firewall is a part of a computer system or network that is designed
>>to block unauthorized access while permitting authorized
>>communications."
>
>>The same as what I said.
>
> A firewall blocks communications to and/or from specific ports. It can
> also block communications to/from specific IP address ranges.
> Wikipedia's definition is therefore inaccurate, because a firewall
> cannot differentiate between authorised and unauthorised connections to
> ports/IP addresses that are not blocked.
Read it again, it says "part of", Wikipedia's definition is accurate,
once again you are wrong.
>
> Right, now let's go back to the original context, shall we?
Must we, we were having such fun ...
>
> I originally stated that my *server* was hacked via a vulnerability in
> its DNS service. A server must, very obviously, have an open port
> coresponding to the service it is providing (in this case DNS).
>Your
> proposed solution was to set up a firewall to prevent such access. Which
> I correctly stated showed a complete lack of understanding on your part
> because a firewall cannot possibly protect against unauthorised access
> *to the public service being provided*.
What I actually said was you "Should have kept the system up to date and
firewalled". Clear cut case.
Then there is the question as to why you were running a *public* DNS
server at all.
Your ISP would have perfectly adequate DNS servers of their own, why did
you feel the need to operate your own ?
>
>>Typically Cynic now totally ignore this part of my post, he's been
>>proven incorrect, so just ignores it. We shall see..........
>
> You just have.
>
>>> Yes, they certainly did. Which is why I left the hacked machines
>>> running for a couple of days and logged the connections on a
>>> *different machine*.
>
>>Oh, really, how did you do that then ?
>
> You really don't know half as much as you think you do if you don't know
> how to do something as basic as logging IP traffic from a different
> machine.
I know how to do it, what I am asking is how *YOU* did it.
>
>>>> Why your ISP anyway?
>
>>> Because I figured that they might be able to liase with the ISPs used
>>> by the suspected culprits more easily than myself. Maybe get names of
>>> their users to pass on to the police. The FBI were beginning to take
>>> hacking seriously in those days, but the UK police did not, so I
>>> figured I'd have to play detective myself. That was in the 1990's.
>
>>>>, you were running your companies
>>>>servers on a ISP account?
>
>>> Eh - yes. How else do you suggest I connect to the Internet - carrier
>>> pigeon?
>
>>That's not what I asked asshole, I asked why did you host your *servers*
>>(eg more than one) behind your ISP account (which probably would have
>>been against their terms and conditions) ?. I did not ask how you
>>connected to the internet.
>
> I really have no idea what you are talking about,
That much is apparent.
>and it looks as if you don't either. Perhaps you have no experience
>with high speed leased line Internet accounts and are thinking in terms
>of a SOHO ADSL account?
Little, not no experience, but I find it curious that you now only decide
to mention (apparently) that you had a leased line.
I'm not suggesting you are telling porkies, but it is a critical piece of
information, one which most people would have thought worthy of mention.
>
>>>>, why not hosted or virtual server?.
>
>>> Which would still require an ISP.
>
>>For connection to the net, for you, yes, but that's not what I asked.
>
>>For the site to be hosted with say, http://www.rackspace.co.uk/ YOU
>>would not *need* an ISP.
>
> In that case Rackspace would *be* one of my ISPs.
NO, An Internet Service Provider (ISP, sometimes IAP) is a company that
offers its customers *access* *to* the Internet.
>
> But why should I pay a company money to do what I can do myself
> in-house?
Most companies do it because it's cost effective, I do.
>I already need almost all of the infrastructure required,
For ?
>so the additional cost is that of a few additional PC's
Hundreds or even over a thousand pound then....
>and a small amount of maintainace above that required for an externally
>hosted server.
Extra work then.
>
>>The two things are entirely different
>
>>>I prefer to have my servers
>>> physically in-house for a variety of reasons.
You make it sound like you own the company, from what I remember you were
a director at the time.
>
>>Such as ?
>
> For all the same reasons as in-house production is chosen over
> outsourcing. Our support desk is similarly also hosted within the
> company even though I could have decided to have it hosted in a generic
> call center in India (which in that case would be cheaper). It all boils
> down to a single word - control. If my customers are disppointed with
> my service I want it to be *my* fault so I can do something about it
> rather than the fault of a company I have no control over.
>
> Obviously there are also advantages in outsourcing as well, and the pros
> and cons all have to be weighed up.
>
>>>>> 8 months for my soundcard to be supported - and then only on a 64
>>>>> bit system initially and with half the functionality missing.
>
>>>>Sounds PDQ to me, someone's doing it in their spare time.
>
>>> Would you continue to use Freeview TV if they had no sound for the
>>> next 8 months, or might you decide to use Sky instead, at least till
>>> Freeview gets its act together?
>
>>Not even similar situation, you do this all the time.
>
> ISTM they are *very* similar situations. The bottom line is that I am
> looking for something that *works*, not excuses as to why it does not
> work.
>
>>>>>>Factor in this while considering your purchase, or stick with
>>>>>>windows.
>
>>>>> Exactly what I have just said.
>
>>>>But you didn't do this.
>
>>> Yes I did.
>
>>No you didn't, you bought a card that doesn't work with Linux, so you
>>didn't factor in "it must work with Linux as well as windows".
>
> You stated that I must *either* factor in the compatibility *or* stick
> with Windows (it is quoted above). I stuck with Windows.
> You then
> incorrectly accused me of "not doing this" when I did in fact follow
> your second option. Had I chosen a compatible card and gone with Linux
> you would no doubt have accused me of "not doing this" because I did not
> stick with Windows.
No, a simple misunderstanding as your reply was unclear. Sorted now.
>
> Yes, I see how you phrase questions so that whatever answer you get you
> can claim to be untrue. Very clever, but I am not a gullible jury.
TYVM, <takes a bow>, remember I've years of practice.
And I cannot resist, neither was the jury at your trial (gullible).
>
>>>>I do, the fact that you did not during your trial is not my problem.
>
>>> I did. My barrister did not.
>
>>The you're an even bigger idiot for not stopping him, he is YOUR
>>barrister, acting for YOU.
>
> Much easier said than done in the middle of a trial. Until the witness
> is dismissed you don't know that the question is not going to be asked,
> and even then you don't know if it may later be asked of a different
> witness in order to discredit the first. There is trust that the
> barrister knows better than you how to conduct the case.
>
>>I also seem to recall you once saying that you did not know certain
>>stuff about hard drives until after the trial, again this was years ago,
>>I'll do a search and see what I can turn up. If I find nothing I'll say
>>so.
>
> You are probably thinking of the fact that I did not realise that the
> police had only imaged half of one of the disks, which I discovered
> *during* the trial (the first time my expert witness got his hands on
> the disks). Had we known that beforehand it is quite possible that it
> could have been excluded from evidence in a pre-trial hearing. I also
> learned many things about PCs as a result of being accused that I did
> not know prior to being arrested. Or maybe you are thinking of
> something else entirely. If it was something I said and you find it,
> let me know and I can guarantee that I will not have contradicted
> anything since because everything I have said is the truth (perhaps
> apart from insignificant details that I might have got mixed up or
> misremembered over the past 10 years).
OK, I'll do that.....at some time.
>
>>>>>>Then new evidence came to light and you should have been able to
>>>>>>overturn the original conviction, did you ?
>
>>>>> It was known at the time of the trial and so is not new evidence
>
>>>>Your fault for not using it effectively then.
>
>>> Yes, it was.
>
>>AH.
>
>>>Such is life. Most people have missed opportunities that
>>> they regret not taking. The defendent has little real-time control
>>> over the progress of a trial. IMO the defendent should be asked if
>>> s/he wants to ask any additional questions, or confer with their
>>> barrister before each witness is dismissed.
>
>>They can be recalled.
>
> Yes, hidsight is a wonderous thing. It is not easy to think logically
> and clearly during the stress of a trial, and interrupting the very
> formal atmosphere by speaking out of turn to request such a thing is
> akin to letting out a loud fart in church.
Hmmmm.... Loud fart or prison sentence........Loud fart wins every time
for me.
> As I said, the point would
> probably not have affected the outcome anyway - nobody will ever know.
Indeed.
>
>>> Yes, if and when I learn how Linux fits together, I probably will.
>>> I've certainly written plenty of hardware drivers for other platforms
>>> and have access to USB and PCI bus monitors to reverse-engineer such
>>> hardware when the manufacturer is not forthcoming as to its technical
>>> details.
>
>>Fantastic.....can you share with us such achievements ?
>
> Of course I can, yes.
Go on then, recent ones will be best as others have suggested you no
longer work in the industry.
I'll acknowledge, wow yeah, if you prove beyond doubt (credit where
credits due).
WM (Wig-Meister)
Ta Ta for now.
Cynic
<wigme...@syrupoffigs.com> wrote:
>> So do I, and I wonder again why you feel the need to keep changing your
>> posting nym.
>Because I choose to.
IOW you are not willing to say because you know people would not agree
with your reason.
>I don't like paedophiles, people who have sympathy for them, nor for that
>matter people who have convictions for possessing child porn.
>For all the folks in the Linux networking groups who have just joined us,
>this man meets some of the above criteria.
Please note the clever use of the word "some" in order to deliberately
mislead.
>> Right, now let's go back to the original context, shall we?
>Must we, we were having such fun ...
>> I originally stated that my *server* was hacked via a vulnerability in
>> its DNS service. A server must, very obviously, have an open port
>> coresponding to the service it is providing (in this case DNS).
>>Your
>> proposed solution was to set up a firewall to prevent such access. Which
>> I correctly stated showed a complete lack of understanding on your part
>> because a firewall cannot possibly protect against unauthorised access
>> *to the public service being provided*.
>What I actually said was you "Should have kept the system up to date and
>firewalled". Clear cut case.
How would a firewall have prevented a DNS exploit being used on a DNS
server. Hmmm? And if it wouldn't have helped (as you must now surely
realise), why bother mentioning it?
>Then there is the question as to why you were running a *public* DNS
>server at all.
Why shouldn't I? I was, after all, assured that the OS I was running
was completely secure.
>Your ISP would have perfectly adequate DNS servers of their own, why did
>you feel the need to operate your own ?
They were not adequate for my purpose. Updates could only be made via
an email request that could take up to 2 days to be implemented, for
example - and sometimes incorrectly. Adding new domains would be
charged a fee. Having an in-house server provided control and
flexibility.
>>>Oh, really, how did you do that then ?
>> You really don't know half as much as you think you do if you don't know
>> how to do something as basic as logging IP traffic from a different
>> machine.
>I know how to do it, what I am asking is how *YOU* did it.
The tone of your question and your previous chatter about hackers
deleting logs (as if that was at all relevant) would suggest
otherwise.
What difference does it make to you how I did it? A cheap dumb hub
and Etherpeek, if you must know. Perhaps you can now in turn explain
why a dumb hub might have been required, and what filters it would
have been appropriate to apply in order to show that you do indeed
know how to do it.
>>>>>, you were running your companies
>>>>>servers on a ISP account?
>
>>>> Eh - yes. How else do you suggest I connect to the Internet - carrier
>>>> pigeon?
>>>That's not what I asked asshole, I asked why did you host your *servers*
>>>(eg more than one) behind your ISP account (which probably would have
>>>been against their terms and conditions) ?. I did not ask how you
>>>connected to the internet.
>> I really have no idea what you are talking about,
>That much is apparent.
I have never claimed to be conversant in speaking bollocks.
>>and it looks as if you don't either. Perhaps you have no experience
>>with high speed leased line Internet accounts and are thinking in terms
>>of a SOHO ADSL account?
>Little, not no experience, but I find it curious that you now only decide
>to mention (apparently) that you had a leased line.
You are very proficient in jumping to erroneous conclusions based on
insufficient knowlege. There was no reason why I should volunteer
information that was irrelevant to the points being made, it was up to
you to ask if you were interested. Perhaps if you start from the
normal default position that I am telling the truth and simply ask me
to explain things that you don't understand rather than making
erroneous assertions and accusations from ignorance, it would make the
discussion a little easier and more pleasant.
>I'm not suggesting you are telling porkies, but it is a critical piece of
>information, one which most people would have thought worthy of mention.
You knew darn well that is was a company network I was talking about,
and furthermore one that used its own dedicated mailserver and DNS
server. I would therefore have though it obvious that I was talking
about a pretty significant network.
>>>For the site to be hosted with say, http://www.rackspace.co.uk/ YOU
>>>would not *need* an ISP.
>> In that case Rackspace would *be* one of my ISPs.
>NO, An Internet Service Provider (ISP, sometimes IAP) is a company that
>offers its customers *access* *to* the Internet.
It is commonly (but erroneously) used in that sense, but there is in
fact a difference between the terms ISP and IAP. An ISP, as the name
suggests, is a company that provides Internet *services* which may or
may not include *access* to the Internet.
From
http://www.mondofacto.com/facts/dictionary?Internet+Service+Provider
"
<networking> (ISP) A company which provides other companies or
individuals with access to, or presence on, the Internet. Most ISPs
are also Internet Access Providers; extra services include help with
design, creation and administration of World-Wide Web sites, training
and administration of intranets and domain name registration.
"
So to sumarise - an IAP is always an ISP, just as a pornographic image
is always indecent.
However an ISP might *not* be an IAP, just as an indecent image might
*not* be pornographic (or in any other way sexual).
>> But why should I pay a company money to do what I can do myself
>> in-house?
>Most companies do it because it's cost effective, I do.
>>I already need almost all of the infrastructure required,
>For ?
For providing the products my company deals in.
>>so the additional cost is that of a few additional PC's
>Hundreds or even over a thousand pound then....
A few hundred for the horsepower needed for such simple servers. No
VDU, keyboard or soundcard needed, and just a very basic graphics
card. I used machines that would have been thrown out following a
workstation upgrade so it cost effectively zero (just some additional
RAM). Pays for itself in less than a year. Now the e-commerce
servers are a different matter ...
>>and a small amount of maintainace above that required for an externally
>>hosted server.
>Extra work then.
A little. From existing employees. Lost in the noise.
>> Yes, I see how you phrase questions so that whatever answer you get you
>> can claim to be untrue. Very clever, but I am not a gullible jury.
>TYVM, <takes a bow>, remember I've years of practice.
>And I cannot resist, neither was the jury at your trial (gullible).
If it helps you sleep at night you may continue to believe that.
>>>>Such is life. Most people have missed opportunities that
>>>> they regret not taking. The defendent has little real-time control
>>>> over the progress of a trial. IMO the defendent should be asked if
>>>> s/he wants to ask any additional questions, or confer with their
>>>> barrister before each witness is dismissed.
>>>They can be recalled.
>> Yes, hidsight is a wonderous thing. It is not easy to think logically
>> and clearly during the stress of a trial, and interrupting the very
>> formal atmosphere by speaking out of turn to request such a thing is
>> akin to letting out a loud fart in church.
>Hmmmm.... Loud fart or prison sentence........Loud fart wins every time
>for me.
It is not at all obvious to a person unfamiliar with the court process
that interruptions would be permitted. The last thing a defendent
wants to do is to piss off the judge.
And I did not remotely expect that I would be given a prison sentence
and nor did my counsel. The CoA found it to be grossly excessive, so
it is clear that the judge was out of order on that account. The
nature of the offence does make many people's emotion cloud their
judgement.
>>>Fantastic.....can you share with us such achievements ?
>> Of course I can, yes.
>Go on then, recent ones will be best as others have suggested you no
>longer work in the industry.
>I'll acknowledge, wow yeah, if you prove beyond doubt (credit where
>credits due).
Let me get this straight. You are basically calling me a liar when I
say that I do assembler code development (amongst other things) for a
living. You have no basis on which to dispute my claim, so I must
conclude that it is nothing else except sheer predjudice on your part.
My experience is that people who suspect others of bullshitting when
there is no good reason for such a suspicion are probably prolific
bullshitters themselves.
Tell me what proof you would accept.
And after I do so, an unconditional apology for accusing me of lying
would be good.
--
Cynic
The Wig-meister
>>> So do I, and I wonder again why you feel the need to keep changing
>>> your posting nym.
>
>>Because I choose to.
>
> IOW you are not willing to say because you know people would not agree
> with your reason.
I would think the majority of the population would think it is fine to
post as and how I feel when arguing with a person convicted of child porn
offences, one who argues for the right to download and view such images
and one who admits he has visited and downloaded what he hoped would be
images of children in a state of undress from binary newsgroups.
The ones that think otherwise don't count as far as I am concerned.
>
>>I don't like paedophiles, people who have sympathy for them, nor for
>>that matter people who have convictions for possessing child porn.
>
>>For all the folks in the Linux networking groups who have just joined
>>us, this man meets some of the above criteria.
>
> Please note the clever use of the word "some" in order to deliberately
> mislead.
OK, lets clear that up then, you've a conviction for having an image on
your computer of a naked child, the name of the file was
"wallpaper" (with a .bmp extension I think), you freely admit you don't
see anything wrong with downloading or viewing such images and think it
should not be against the law and you have in the past actively tried to
download such images (from a binary group).
>
>>> Right, now let's go back to the original context, shall we?
>
>>Must we, we were having such fun ...
>
>>> I originally stated that my *server* was hacked via a vulnerability in
>>> its DNS service. A server must, very obviously, have an open port
>>> coresponding to the service it is providing (in this case DNS).
>
>>>Your
>>> proposed solution was to set up a firewall to prevent such access.
>>> Which I correctly stated showed a complete lack of understanding on
>>> your part because a firewall cannot possibly protect against
>>> unauthorised access *to the public service being provided*.
>
>>What I actually said was you "Should have kept the system up to date and
>>firewalled". Clear cut case.
>
> How would a firewall have prevented a DNS exploit being used on a DNS
> server. Hmmm? And if it wouldn't have helped (as you must now surely
> realise), why bother mentioning it?
Because it is a good piece of advice, keep your system up to date, have a
firewall.
As you do so many times, you try and twist things, anyone who reads what
I posted will probably come to the same conclusion.
>
>>Then there is the question as to why you were running a *public* DNS
>>server at all.
>
> Why shouldn't I?
Because it is a unnecessary risk, as you found out to your cost.
Rule one, only run the services you *need*.
Rule two, only allow incoming access to the ports you *need*
There's a lot more rules but these two are a good start. Do you
disagree ?
>I was, after all, assured that the OS I was running
> was completely secure.
Then you were lied to, no OS is completely secure, OpenBSD is probably
the closest to being completely secure.
>
>>Your ISP would have perfectly adequate DNS servers of their own, why did
>>you feel the need to operate your own ?
>
> They were not adequate for my purpose. Updates could only be made via
> an email request that could take up to 2 days to be implemented,
You couldn't plan in advance?, and in any case it takes up to 48 hours
for DNS changes to propagate.
Your ISP also doesn't handle your domain names, your registrar does.
> for
> example - and sometimes incorrectly.
They couldn't copy and paste from an email ?
> Adding new domains would be charged a fee.
Yes, it does cost to register a domain name.
My registrar does not charge me anything if I want to change any details,
maybe you should have just looked for a different registrar ?.
>Having an in-house server provided control and flexibility.
And was a security risk and cost you downtime, so ultimately wasn't
flexible.
>
>>>>Oh, really, how did you do that then ?
>
>>> You really don't know half as much as you think you do if you don't
>>> know how to do something as basic as logging IP traffic from a
>>> different machine.
>
>>I know how to do it, what I am asking is how *YOU* did it.
>
> The tone of your question and your previous chatter about hackers
> deleting logs (as if that was at all relevant) would suggest otherwise.
Just goes to show how it's easy to misunderstand the written word, I
thought it shone through as sarcasm.....so I'll ask again, "how did you
do that then".
>
> What difference does it make to you how I did it?
I just wanted to see if you knew how.
>A cheap dumb hub and Etherpeek, if you must know. Perhaps you can now
>in turn explain why a dumb hub might have been required, and what
>filters it would have been appropriate to apply in order to show that
>you do indeed know how to do.
I do not use etherpeek therefore that is not the way I would have done it.
Eventually I may have monitored activity on port 53 (DNS if memory serves
me correctly) and 22 (SSH), I would also have made sure no extra services
had been started (a backdoor).
Initially, well, depends on what I thought was wrong, checking the log
files (were all removed), a script to email log files upon ssh access,
tail log files on a remote machine, etc etc etc, all depends on what was
my main concern, securing the system probably would be number one, not
discovering who it was as I am fully aware a prosecution is virtually
impossible.
> it.
>
>>>>>>, you were running your companies
>>>>>>servers on a ISP account?
>>
>>>>> Eh - yes. How else do you suggest I connect to the Internet -
>>>>> carrier pigeon?
>
>>>>That's not what I asked asshole, I asked why did you host your
>>>>*servers* (eg more than one) behind your ISP account (which probably
>>>>would have been against their terms and conditions) ?. I did not ask
>>>>how you connected to the internet.
>
>>> I really have no idea what you are talking about,
>
>>That much is apparent.
>
> I have never claimed to be conversant in speaking bollocks.
You are, you just don't know it.
>
>>>and it looks as if you don't either. Perhaps you have no experience
>>>with high speed leased line Internet accounts and are thinking in terms
>>>of a SOHO ADSL account?
>
>>Little, not no experience, but I find it curious that you now only
>>decide to mention (apparently) that you had a leased line.
>
> You are very proficient in jumping to erroneous conclusions based on
> insufficient knowlege.
Don't forget I've known you for a number of years, so know your style
well by now,
>There was no reason why I should volunteer
> information that was irrelevant to the points being made, it was up to
> you to ask if you were interested. Perhaps if you start from the normal
> default position that I am telling the truth
That means I would have to show you a grain of respect, I do not have
that for you.
> and simply ask me to
> explain things that you don't understand rather than making erroneous
> assertions and accusations from ignorance, it would make the discussion
> a little easier and more pleasant.
Nooooo... I'm trying to catch you out, you admitted earlier I'm very
clever and have done it more than once on other occasions, it's fun to
see you try and wriggle out of things.
>
>>I'm not suggesting you are telling porkies, but it is a critical piece
>>of information, one which most people would have thought worthy of
>>mention.
>
> You knew darn well that is was a company network I was talking about,
It could be a one man band running his business from home.
> and furthermore one that used its own dedicated mailserver and DNS
> server. I would therefore have though it obvious that I was talking
> about a pretty significant network.
No, I thought you were bullshitting and running a test machine behind an
ADSL line.
>
>>>>For the site to be hosted with say, http://www.rackspace.co.uk/ YOU
>>>>would not *need* an ISP.
>
>>> In that case Rackspace would *be* one of my ISPs.
>
>>NO, An Internet Service Provider (ISP, sometimes IAP) is a company that
>>offers its customers *access* *to* the Internet.
>
> It is commonly (but erroneously) used in that sense, but there is in
> fact a difference between the terms ISP and IAP. An ISP, as the name
> suggests, is a company that provides Internet *services* which may or
> may not include *access* to the Internet.
>
> From
> http://www.mondofacto.com/facts/dictionary?Internet+Service+Provider
>
> "
> <networking> (ISP) A company which provides other companies or
> individuals with access to, or presence on, the Internet. Most ISPs are
> also Internet Access Providers; extra services include help with design,
> creation and administration of World-Wide Web sites, training and
> administration of intranets and domain name registration. "
http://en.wikipedia.org/wiki/Internet_service_provider
In any case, are we really going to continue arguing over a three letter
acronym ?, surely we can do better than that.
>
> So to sumarise - an IAP is always an ISP, just as a pornographic image
> is always indecent.
Cannot keep it off your mind can you, pornography.
>
> However an ISP might *not* be an IAP, just as an indecent image might
> *not* be pornographic (or in any other way sexual).
Ditto
>
>>> But why should I pay a company money to do what I can do myself
>>> in-house?
>
>>Most companies do it because it's cost effective, I do.
>
>>>I already need almost all of the infrastructure required,
>
>>For ?
>
> For providing the products my company deals in.
But is it really *your* company?, it's a limited company, you may be a
director although someone once claimed you had resigned that position. An
unreliable source granted, and I don't honestly recall if you disputed
the claim or not (it was years ago).
>
>>>so the additional cost is that of a few additional PC's
>
>>Hundreds or even over a thousand pound then....
>
> A few hundred for the horsepower needed for such simple servers. No
> VDU, keyboard or soundcard needed, and just a very basic graphics card.
> I used machines that would have been thrown out following a workstation
> upgrade so it cost effectively zero (just some additional RAM). Pays
> for itself in less than a year. Now the e-commerce servers are a
> different matter ...
You have e-commerce servers ?
>
>>>and a small amount of maintainace above that required for an externally
>>>hosted server.
>
>>Extra work then.
>
> A little. From existing employees. Lost in the noise.
Ah, don't tell them that, they will feel unappreciated.......
But if you have existing technicians, why did you get involved with
installing a RH server in the first place ?
>
>>> Yes, I see how you phrase questions so that whatever answer you get
>>> you can claim to be untrue. Very clever, but I am not a gullible
>>> jury.
>
>>TYVM, <takes a bow>, remember I've years of practice. And I cannot
>>resist, neither was the jury at your trial (gullible).
>
> If it helps you sleep at night you may continue to believe that.
I don't need your permission, but thanks for it anyway.
>
>>>>>Such is life. Most people have missed opportunities that
>>>>> they regret not taking. The defendent has little real-time control
>>>>> over the progress of a trial. IMO the defendent should be asked if
>>>>> s/he wants to ask any additional questions, or confer with their
>>>>> barrister before each witness is dismissed.
>
>>>>They can be recalled.
>
>>> Yes, hidsight is a wonderous thing. It is not easy to think logically
>>> and clearly during the stress of a trial, and interrupting the very
>>> formal atmosphere by speaking out of turn to request such a thing is
>>> akin to letting out a loud fart in church.
>
>>Hmmmm.... Loud fart or prison sentence........Loud fart wins every time
>>for me.
>
> It is not at all obvious to a person unfamiliar with the court process
> that interruptions would be permitted. The last thing a defendent wants
> to do is to piss off the judge.
Better to be jailed for contempt than a sex offence, standing up and
saying out loud, "Excuse me, I'm not sure if this is allowed but my
barrister has not asked what I think is a relevant question, may I speak
with him in private please" seems to be the thing to do. What is the
judge going to do?, refuse you permission and risk a miscarriage of
justice ?
>
> And I did not remotely expect that I would be given a prison sentence
> and nor did my counsel.
Yes, from what you have told me so far, he was not very good was he.
>The CoA found it to be grossly excessive, so it
> is clear that the judge was out of order on that account. The nature of
> the offence does make many people's emotion cloud their judgement.
My judgement is not clouded, the judge listened to the whole of the
evidence and must I presume have thought you were a danger or were lying.
Either that or maybe he was in a shitty mood.
>
>>>>Fantastic.....can you share with us such achievements ?
>
>>> Of course I can, yes.
>
>>Go on then, recent ones will be best as others have suggested you no
>>longer work in the industry.
>
>>I'll acknowledge, wow yeah, if you prove beyond doubt (credit where
>>credits due).
>
> Let me get this straight. You are basically calling me a liar when I
> say that I do assembler code development (amongst other things) for a
> living.
No, never said such a thing, don't put words in my mouth.
> You have no basis on which to dispute my claim, so I must
> conclude that it is nothing else except sheer predjudice on your part.
How can you know if I have a basis or not, perhaps I had read posts from
years ago, perhaps someone told me, perhaps I listen to Tony Holland,
perhaps...... you get the idea.
> My experience is that people who suspect others of bullshitting when
> there is no good reason for such a suspicion are probably prolific
> bullshitters themselves.
See, he does it again, trying to twist my words, he's damn good at this.
He claims I called him a liar, when in fact I said "Fantastic.....can you
share with us such achievements ?".
>
> Tell me what proof you would accept.
What proof, what proof ?, Oh I don't know, what would you suggest, you
are after all the programmer, is your name in the copyright message ?.
>
> And after I do so, an unconditional apology for accusing me of lying
> would be good.
Absolutely, if I had called you one, I am after all a very honourable
person, who is man (or woman) enough to admit their mistakes.
Cynic
<wigme...@syrupoffigs.com> wrote:
>>>For all the folks in the Linux networking groups who have just joined
>>>us, this man meets some of the above criteria.
>> Please note the clever use of the word "some" in order to deliberately
>> mislead.
>OK, lets clear that up then, you've a conviction for having an image on
>your computer of a naked child,
Yes that's correct. A single image of a naked child with no sexual
connotations. An image that I still do not consider to be indecent -
though the jury in the trial that took place just after Sarah Payne's
body was found obviously disagreed.
> the name of the file was
>"wallpaper" (with a .bmp extension I think),
Not quite. That would be impossible as it was a FAT filesystem that
allowed only 8.3 file formats. It may also be pertinent to mention
that the computer had no wallpaper active (quite obviously), had never
had any wallpaper active (as the automatically generated old config
files evidenced), and wallpaper would not have been visible in the way
the desktop was set up even if it had been active. And when the image
was installed (by the prosecution) as wallpaper and made visible, it
showed as a thumbnail in the center of the screen (the OS did not
support re-sizing of wallpaper). In short, the filename was a
complete red herring and I gave an explanation as to how it was most
probably created in the temporary folder it was found.
>you freely admit you don't
>see anything wrong with downloading or viewing such images
No, I have never said that. I have stated that IMO it should not be
*illegal* to do so, which is far from the same thing. I have the same
view on many other crimes where the act does not of itself cause harm
to another person.
> and think it
>should not be against the law
That much is true
> and you have in the past actively tried to
>download such images (from a binary group).
A few binary groups in fact. On two brief occasions a day apart a few
years before my arrest, yes, as the evidence showed. If there was a
media article that gave a URL and claimed it contained terrorist
material, and you decided to take a look to see for yourself, would
that make you a terrorist? After the media reported the banning by
the IWF of the "virgin killers" album cover, there was a huge upsurge
in the number of people viewing it. Are they all paedophiles? Would
a person with a big interest in collecting such material only spend
such a short time accessing it?
Of course you know all the above very well, as well as the fact that
the reason for downloading such material is irrelevant in law, but
have such a fascination with me that you have to go through it all
again and again.
>>>>Your
>>>> proposed solution was to set up a firewall to prevent such access.
>>>> Which I correctly stated showed a complete lack of understanding on
>>>> your part because a firewall cannot possibly protect against
>>>> unauthorised access *to the public service being provided*.
>>
>>>What I actually said was you "Should have kept the system up to date and
>>>firewalled". Clear cut case.
>>
>> How would a firewall have prevented a DNS exploit being used on a DNS
>> server. Hmmm? And if it wouldn't have helped (as you must now surely
>> realise), why bother mentioning it?
>
>Because it is a good piece of advice, keep your system up to date, have a
>firewall.
It is also good advice to avoid running with scissors, strange you
didn't mention that also. Of course in context the advice was quite
obviously meant as a means by which you thought I could have avoided
being hacked, and it is disingenious of you to suggest otherwise.
>As you do so many times, you try and twist things, anyone who reads what
>I posted will probably come to the same conclusion.
I am absolutely certain that anyone reading the thread will come to
the conclusion that you believed that my problem was caused by a lack
of up-to-date software or a firewall. Otherwise it would have been a
complete non-sequitur, and it is in fact *you* who is now attempting
to make out that you meant something entirely different. I believe
the technique is known as "equivocating". Phrasing something in a way
that makes it possible to later pretend that you meant something
different to what it obviously implied.
>>>Then there is the question as to why you were running a *public* DNS
>>>server at all.
>> Why shouldn't I?
>Because it is a unnecessary risk, as you found out to your cost.
Why should a server in my building be any more of a risk than a server
in anyone else's building? Google's mailservers have been hacked more
often than mine.
>Rule one, only run the services you *need*.
>Rule two, only allow incoming access to the ports you *need*
And? Which of those rules have I broken? Obviously "need" is in the
eyes of the beholder. Telling me that I should use a different method
to achieve my aim is the same as me telling you that you should be
using facebook or twitter rather than usenet.
>There's a lot more rules but these two are a good start. Do you
>disagree ?
Not at all. If you think I have broken either of those rules then it
means that that you believe that you understand and know my needs
better than I do myself.
Another rule that you did not mention but which saved me from more
damage is to ensure that any public-facing servers cannot be used to
gain access to the internal LAN no matter how badly they are
compromised. I'm surprised you didn't ask me about that.
>>I was, after all, assured that the OS I was running
>> was completely secure.
>Then you were lied to, no OS is completely secure, OpenBSD is probably
>the closest to being completely secure.
Yes, apparently I was given a greater assurance than was warranted. I
have since learned that some sections of the Linux community are prone
to over-selling the product and very reluctant to admit any
shortcomings. Not that such a failing is unique to the Linux
community of course.
>>>Your ISP would have perfectly adequate DNS servers of their own, why did
>>>you feel the need to operate your own ?
>> They were not adequate for my purpose. Updates could only be made via
>> an email request that could take up to 2 days to be implemented,
>You couldn't plan in advance?, and in any case it takes up to 48 hours
>for DNS changes to propagate.
A change to an entry yes. A new entry propagates immediately in most
cases because the authoratative server will be queried when it is not
found in the cache of the local DNS server. And the latency can be
mitigated to a large extent by the refresh settings in the DNS
database. In any case, a latency of 2 days is better than 4.
Customers are impatient and their requests cannot be predicted in
advance, so the faster I can carry out a request the more satisfied my
customer.
>Your ISP also doesn't handle your domain names, your registrar does.
Um - we were talking about the DNS server not the process of
registering a domain. There is no point in registering a domain if it
is not put onto a DNS server. So whoever is supplying your DNS
service must also handle a new domain name, and it was yourself who
suggested that I should use my ISP to do my DNS.
The whole process appears to be very confusing to you. It's been
bread-and-butter stuff to me for a couple of decades, so I apologise
if I am not explaining things in enough detail.
>> for
>> example - and sometimes incorrectly.
>They couldn't copy and paste from an email ?
Apparently not always, no. You see why its better to control the
process yourself?
>> Adding new domains would be charged a fee.
>Yes, it does cost to register a domain name.
I'm talking about adding a DNS entry for a new domain, not registering
the domain and adding it to the root server.
>My registrar does not charge me anything if I want to change any details,
>maybe you should have just looked for a different registrar ?.
As said, I think you misunderstand. Outsourced DNS servers are more
user-friendly these days, and in many cases can be remotely edited by
the client whenever and as often as you like in real time, but this
was quite a number of years ago.
>>Having an in-house server provided control and flexibility.
>And was a security risk and cost you downtime, so ultimately wasn't
>flexible.
As said, there is an equal security risk and associated downtime
wherever the server is located as quite a few people have found to
their cost. Except in that case I am not in control of the security
and so there is no assurance that lessons will be learned from a
security breach, and I cannot shorten the downtime by insisting that
the problem is addressed immediately and worked on round the clock.
>>>>>Oh, really, how did you do that then ?
>>>> You really don't know half as much as you think you do if you don't
>>>> know how to do something as basic as logging IP traffic from a
>>>> different machine.
>>>I know how to do it, what I am asking is how *YOU* did it.
>> The tone of your question and your previous chatter about hackers
>> deleting logs (as if that was at all relevant) would suggest otherwise.
>Just goes to show how it's easy to misunderstand the written word, I
>thought it shone through as sarcasm.....so I'll ask again, "how did you
>do that then".
>> What difference does it make to you how I did it?
>I just wanted to see if you knew how.
>>A cheap dumb hub and Etherpeek, if you must know. Perhaps you can now
>>in turn explain why a dumb hub might have been required, and what
>>filters it would have been appropriate to apply in order to show that
>>you do indeed know how to do.
>I do not use etherpeek therefore that is not the way I would have done it.
Etherpeek (or a tool that does the same thing) is absolutely essential
for anyone involved with the technical side of networking, I would
have thought. Bit like an electrical engineer saying that he doesn't
use a multimeter, or a mechanic saying he doesn't use a screwdriver.
How about my question regarding the hub? Any thoughts, or don't you
know?
>Eventually I may have monitored activity on port 53 (DNS if memory serves
>me correctly) and 22 (SSH), I would also have made sure no extra services
>had been started (a backdoor).
When I stated that I monitored the activity you asked me how I did so.
So I'll ask the same question of you. How would you monitor port and
service activity? Because it would be very unreliable if you are
expecting a compromised machine to tell you what ports it may have
open or the activity taking place thereon. The hacker may have
cloaked the service, or it might be set up to run only at certain
times of the day, or piggy-backed on a legitimate service.
>Initially, well, depends on what I thought was wrong, checking the log
>files (were all removed), a script to email log files upon ssh access,
My server did not run ssh. What were you saying earlier about only
opening the ports you *need*? Don't you follow your own advice?
>tail log files on a remote machine, etc etc etc, all depends on what was
>my main concern, securing the system probably would be number one, not
>discovering who it was as I am fully aware a prosecution is virtually
>impossible.
>> You are very proficient in jumping to erroneous conclusions based on
>> insufficient knowlege.
>Don't forget I've known you for a number of years, so know your style
>well by now,
You don't know me at all. You have invented a parody to obsess over.
>>There was no reason why I should volunteer
>> information that was irrelevant to the points being made, it was up to
>> you to ask if you were interested. Perhaps if you start from the normal
>> default position that I am telling the truth
>That means I would have to show you a grain of respect, I do not have
>that for you.
In which case you are doomed to misunderstand and flounder.
>> and simply ask me to
>> explain things that you don't understand rather than making erroneous
>> assertions and accusations from ignorance, it would make the discussion
>> a little easier and more pleasant.
>Nooooo... I'm trying to catch you out, you admitted earlier I'm very
>clever and have done it more than once on other occasions, it's fun to
>see you try and wriggle out of things.
The only wriggling is on your part, and you have not "caught me out"
on a single thing. I have been working in professional networking for
nearly a quarter of a century, and I doubt there is anything you know
about the subject that is not very boring old-hat to me. But continue
trying to teach your grandmother to suck eggs - it's amusing which is
why I am bothering to reply at all because I rather think that it is
*I* who is catching *you* out.
You probably know much more about Linux than I do - but that's not
difficult and I have made no claims to the contrary.
>>>I'm not suggesting you are telling porkies, but it is a critical piece
>>>of information, one which most people would have thought worthy of
>>>mention.
>> You knew darn well that is was a company network I was talking about,
>It could be a one man band running his business from home.
>> and furthermore one that used its own dedicated mailserver and DNS
>> server. I would therefore have though it obvious that I was talking
>> about a pretty significant network.
>No, I thought you were bullshitting and running a test machine behind an
>ADSL line.
I suggest you stop jumping to delusions about that aspect of my life
as well as few other things. I do not bullshit and never have (well
not to any significant extent, anyway). Anything I might say that is
not true are mistaken but honest beliefs - which has happened on
occasion and I will always admit such mistakes.
>>>>>For the site to be hosted with say, http://www.rackspace.co.uk/ YOU
>>>>>would not *need* an ISP.
>>>> In that case Rackspace would *be* one of my ISPs.
>>>NO, An Internet Service Provider (ISP, sometimes IAP) is a company that
>>>offers its customers *access* *to* the Internet.
>> It is commonly (but erroneously) used in that sense, but there is in
>> fact a difference between the terms ISP and IAP. An ISP, as the name
>> suggests, is a company that provides Internet *services* which may or
>> may not include *access* to the Internet.
>> From
>> http://www.mondofacto.com/facts/dictionary?Internet+Service+Provider
>> "
>> <networking> (ISP) A company which provides other companies or
>> individuals with access to, or presence on, the Internet. Most ISPs are
>> also Internet Access Providers; extra services include help with design,
>> creation and administration of World-Wide Web sites, training and
>> administration of intranets and domain name registration. "
>http://en.wikipedia.org/wiki/Internet_service_provider
>In any case, are we really going to continue arguing over a three letter
>acronym ?, surely we can do better than that.
*You* were the one who started nitpicking. Now I have shown you to be
mistaken, suddenly it's unimportant.
>> So to sumarise - an IAP is always an ISP, just as a pornographic image
>> is always indecent.
>Cannot keep it off your mind can you, pornography.
A very poor jibe. Remind me who raised the subject in this completely
unrelated thread and has been bashing on about it ever since?
>>>> But why should I pay a company money to do what I can do myself
>>>> in-house?
>>>Most companies do it because it's cost effective, I do.
>>>>I already need almost all of the infrastructure required,
>>>For ?
>> For providing the products my company deals in.
>But is it really *your* company?, it's a limited company, you may be a
>director although someone once claimed you had resigned that position. An
>unreliable source granted, and I don't honestly recall if you disputed
>the claim or not (it was years ago).
I have never claimed to be the sole owner of my company. In fact I do
not recall claiming any sort of ownership or directorship BICBW. I do
not believe that any company of any size is owned by a single person.
Neither do I recall saying that it is a limited company.
>>>>so the additional cost is that of a few additional PC's
>>>Hundreds or even over a thousand pound then....
>> A few hundred for the horsepower needed for such simple servers. No
>> VDU, keyboard or soundcard needed, and just a very basic graphics card.
>> I used machines that would have been thrown out following a workstation
>> upgrade so it cost effectively zero (just some additional RAM). Pays
>> for itself in less than a year. Now the e-commerce servers are a
>> different matter ...
>You have e-commerce servers ?
Yes. A rack full. Surprised?
>>>>and a small amount of maintainace above that required for an externally
>>>>hosted server.
>>>Extra work then.
>> A little. From existing employees. Lost in the noise.
>Ah, don't tell them that, they will feel unappreciated.......
I'm one of them.
>But if you have existing technicians, why did you get involved with
>installing a RH server in the first place ?
Because it's my job to get involved with any major technical project.
I sometimes even make the tea and set the time on the microwave.
>> It is not at all obvious to a person unfamiliar with the court process
>> that interruptions would be permitted. The last thing a defendent wants
>> to do is to piss off the judge.
>Better to be jailed for contempt than a sex offence, standing up and
>saying out loud, "Excuse me, I'm not sure if this is allowed but my
>barrister has not asked what I think is a relevant question, may I speak
>with him in private please" seems to be the thing to do. What is the
>judge going to do?, refuse you permission and risk a miscarriage of
>justice ?
Yes, as I said, hindsight is a wonderful thing. You should have heard
the brilliant defence I delivered to myself on the way to the cells
..
>> And I did not remotely expect that I would be given a prison sentence
>> and nor did my counsel.
>Yes, from what you have told me so far, he was not very good was he.
I think the main problem was that we all expected it to be dropped at
the door of the court, and so the preparation was perhaps less than it
should have been - on my part as well.
>>The CoA found it to be grossly excessive, so it
>> is clear that the judge was out of order on that account. The nature of
>> the offence does make many people's emotion cloud their judgement.
>My judgement is not clouded, the judge listened to the whole of the
>evidence and must I presume have thought you were a danger or were lying.
He is supposed to deal with facts and follow sentencing guidelines
rather than indulging in unevidenced speculation.
>Either that or maybe he was in a shitty mood.
<shrug> It's all water under the bridge to me now. You have *far*
more interest in the matter than I do.
>>>Go on then, recent ones will be best as others have suggested you no
>>>longer work in the industry.
>>>I'll acknowledge, wow yeah, if you prove beyond doubt (credit where
>>>credits due).
>> Let me get this straight. You are basically calling me a liar when I
>> say that I do assembler code development (amongst other things) for a
>> living.
>No, never said such a thing, don't put words in my mouth.
OK, what is it that you don't believe?
>> You have no basis on which to dispute my claim, so I must
>> conclude that it is nothing else except sheer predjudice on your part.
>How can you know if I have a basis or not, perhaps I had read posts from
>years ago, perhaps someone told me, perhaps I listen to Tony Holland,
>perhaps...... you get the idea.
I can jump to as many erroneous conclusions as you can, if I put my
mind to it.
>> My experience is that people who suspect others of bullshitting when
>> there is no good reason for such a suspicion are probably prolific
>> bullshitters themselves.
>See, he does it again, trying to twist my words, he's damn good at this.
I doubt anyone bored enough to be following this exchange to this
point has any doubt whatsoever that you have accused me of
bullshitting. In fact you have explicitly said so (quoted in this
post earlier), so I don't see what I'm meant tyo be "twisting".
>He claims I called him a liar, when in fact I said "Fantastic.....can you
>share with us such achievements ?".
A sarcastic comment that carries a very transparent implication that I
am not telling the truth, especially when you went on to demand proof.
>> Tell me what proof you would accept.
>What proof, what proof ?, Oh I don't know, what would you suggest, you
>are after all the programmer, is your name in the copyright message ?.
Hardly proof when I could edit any bit of code found on the Internet
to include anything I like in the copyright message. How about
thinking up a very simple DOS proggie that a competant programmer
could code in 30 minutes or so, and I'll take the time to write it and
send to you (including source code). Something that wipes your HDD or
erases your BIOS flash would be quick and easy, for example, though
accessing your motherboard chipset and overclocking your RAM to
destruction or switching the core voltage of your CPU would be more
spectacular, but probably take longer than 30 minutes to code unless
you oblige by sending me the model of your MoBo.
>> And after I do so, an unconditional apology for accusing me of lying
>> would be good.
>Absolutely, if I had called you one, I am after all a very honourable
>person, who is man (or woman) enough to admit their mistakes.
Good. Why would you want to see proof if you do not think I am lying?
--
Cynic