We do not understand why Nvidia seems to have abandoned Raid 10. Intel Matrix Storage Technology on the 965P and Q965 chipset both support raid 10 on board with several motherboards. We again searched to web only to find the misleading, non factual information still is alive and well.

What we cannot understand is the number of people who still seem to think that raid 10 is the same as 0+1. Are these people just picking up incorrect information and pasted it in their site without any research at all? If there is any question what so ever ask and ask.

Yes 1+0 is different from 0+1. We have thought about simply pointing at the sites which are wrong but that is not wise.
What is hard to believe is there are data recovery companies claiming 0/1 is the same as raid 10. It is simple 10 is 1+0 and the mirror comes before the strip.

We could point you at our resources and we will, but since there appears to be endless misleading information.  We will simply point at the correct information and let the others run wild.

ActiveServers
Webopedia
ACNC

A Web site posted a tool that can apparently crack Windows Vista's activation process by applying brute force -- and lots of time -- to come up with valid product keys, circumventing one of Microsoft's most important antipiracy methods.

Microsoft said it is investigating the attack. "We're looking into this issue now," said Alex Kochis, senior product manager of WGA (Windows Genuine Advantage) , on the group's blog.

According to the KezNews.com write-up by someone identified as Computer User, who created the "KeyGen" tool, the process uses a modified version of the software license manager script file to search for valid keys. Crackers, however, must periodically check to see if the key they entered earlier has changed, then attempt to activate using the changed key. Those parts of the procedure can only be done manually.

While we got all you Pirates foaming at the mouth perhaps you might want to read this article first. It has been most amusing the lengths people go to crack on MS. This is a good article and recommend it before formatting that disk. 

Mozilla Foundation on Monday issued a critical fix designed to address vulnerabilities in a recent security update for the Firefox browser and SeaMonkey application suite.

The security flaws were discovered in Firefox 1.5.0.9 and 2.0.0.1, as well as in SeaMonkey 1.0.7, according to a security advisory posted by Mozilla.

Security researchers say the initial fix, issued in mid-December, was designed to address vulnerabilities in Firefox, SeaMonkey and Mozilla's Thunderbird e-mail client. But that particular fix introduced a flaw that could allow JavaScript code from Web content to be exploited, then lead to the execution of arbitrary code.

Mozilla advises Firefox users to upgrade to version 1.5.0.10 and 2.0.0.2, and SeaMonkey users to update to version 1.1.1 and 1.0.8.

Disabling JavaScript will not protect users from the vulnerabilities, Mozilla warned.

AMD today introduced its first chipset products to be released only under its own brand rather than ATI's: the integrated 690G and 690V.

The 690G incorporates two independent display controllers and ingratea signalling for DVI, HDMI, TV, CRT and LCD monitors. It also has HDCP support built in. The 690V drops the integrated DVI and HDMI signalling, and features a lower-clocked graphics core.

AMD said the integrated GPUs deliver significant 1,024 x 768 un-antialiased, un-aniso'd graphics benchmark leads over Intel's rival G965 chipset, though it won't be long before Intel has the G965's successor, the G35, out the door in Q2, which may change the scores. AMD may well have the edge on price, however.

Both products incorporate AMD's ATI-inherited SB600 South Bridge chip, which provides ten USB 2.0 ports, four SATA ports and legacy parallel ATA and PCI support. Interestingly, the North Bridges both handle audio. They also provide PCI Express connectivity, both for external graphics cards, as usual, and for other devices.

All this has taken a while coming. The RS690 - the codename under which the 690G was developed - was first roadmapped for a Q2 2006 release alongside the SB600. The SB600 shipped as expected, and while the RS690 appeared in June at least year's Computex show, only now are boards based on the part coming to market. "Read More Here"

Security researchers have found a way to use JavaScript to map a home or corporate network and attack connected servers or devices, such as printers or routers.

The malicious JavaScript can be embedded in a Web page and will run without warning when the page is viewed in any ordinary browser, the researchers said. It will bypass security measures such as a firewall because it runs through the user's browser, they said.

"We have discovered a technique to scan a network, fingerprint all the Web-enabled devices found and send attacks or commands to those devices," said Billy Hoffman, lead engineer at Web security specialist SPI Dynamics. "This technique can scan networks protected behind firewalls such as corporate networks."

A successful attack could have significant impact. For example, it could scan your home network, detect a router model and then send it commands to enable wireless networking and turn off all encryption, Hoffman said. Or it could map a corporate network and launch attacks against servers that will appear to come from the inside, he said.

"Your browser can be used to hack internal networks," said Jeremiah Grossman the chief technology officer at Web application security company WhiteHat Security. Both SPI Dynamics and WhiteHat Security came up with the JavaScript-based network scanner at about the same time, he said. The companies plan to talk about their findings at next week's Black Hat security event in Las Vegas.

Full Article

While I have been waiting to buy a new box and get off and running with Vista I have been reading. I admit I have always been a windows fan. If you started in DOS and windows 3.1 how could you resist. XP has proven to be a good OS and though right now I am reading many of switch to MAC comments, with more questions.

It is a difficult thought when one considers the things they would be missing. Provided they actually use their computer as a serious user. I admit even I am a bit torn over the single issue of how much work I am willing to give toward setting every perm on a daily basis. I have enough experience just with I.E. 7.0 to know I really do not care for labors of trusting sites and while the granularity is great, and security is improved no doubt about that fact.  

It has been my observeration that many people do not even have a firm grip of controlling security settings in their browsers. Which leads one to wonder is there a better way? It appears there is clearly no shortage of debate surrounding the OS.

Here are some articles on the topic.  <Bit-Net> <Uninspired> <Toms>

The Storm worm that wreaked havoc in January has opened up a new front in its war against users—instant messaging.

The Trojan virus that was responsible for countless spam e-mails sent around the globe has spawned a new variant that is using AOL Instant Messenger, Google Talk and Yahoo Messenger to proliferate. The worm attacks by detecting when someone is chatting and sending out a message with a link to the first stage of malware on a site. If the user clicks the link, the first stage will execute.

"The botnet handlers will periodically inject new commands into this peer-to-peer network, and one of the first things they do is tell the infected machines to download several executables," explained Jose Nazario, software and security engineer for Arbor Networks.

Click here to read about research showing that IM malware attacks are on the rise.

Coghead empowers tech-savvy business people to develop applications for common business problems. By combining the benefits of zero infrastructure, drag and drop tools, powerful development features and more, Coghead is changing the app development game, in your favor.

Now you can develop custom apps quickly, and share them with your co-workers in real time. The revolutionary Coghead application delivery service provides an intuitive drag and drop development environment so you can build, and maintain, your custom applications yourself... no coding required!

Two of the flaws could allow an attacker to execute code on an unpatched system, Apple said. Patches are now available on Apple's Web site or through the Software Update selection under the Apple menu on a Mac.

Apple noted that proof-of-concepts for the flaws were posted on the Month of Apple Bugs Web site. But it doesn't appear that attack code has surfaced using the concepts outlined by the project. Apple has fixed several flaws identified during the course of January by the project, but some remain open.

The two flaws that could lead to arbitrary code execution are found in Finder and iChat. There's a buffer overflow flaw in Finder that could allow an attacker to take control of a system by "enticing a user into mounting a malicious disk image," or tricking someone into enabling local access of a file supposedly stored on a remote server. Apple credited Kevin Finisterre, one of the participants in the Month of Apple Bugs project, for reporting the issue, something it did not do on the three other flaws patched on Thursday.

The other patch, for iChat, fixes an issue in which a user could click on a malicious URL in a chat session and trigger an overflow, possibly opening the system to an attacker.

I cannot understand this from the most arrogant group of people on the planet. The OS that claims to be the best solution known to man has flaws? What next no santa claus or the tooth fairy? Perhaps we may not have to watch the stupid commericals anymore with PC and MAC.

I have no idea about these things accept what I have been told. Certainly nothing like those of you in the newly formed EU, state of insanity! It appears they have volume control restrictions on their Ipods. What the heck is that about? I know the UK has big brother watching everywhere but really volume control restrictions.

This little software program called goPod will allow you to uncap your iPod's volume so the sound comes out louder. Apart from the iPod Shuffle, every (recent) iPod is now compatible with this software version (1.3), including the nano. Reminder, the prolonged use of an MP3 player at a high sound volume damages your hearing Get it Here!

Win32++ provides a framework for developing applications, using the Win32 API directly. It supports all MS operating systems which run the Win32 API, from Windows 95 through to Windows XP and Vista. This framework is designed to produce programs with a similar look and feel to those created using MFC. It can develop applications based on simple windows, dialogs, frames and MDI frames. The frames produced by Win32++ have the following features:

• Rebar Control (to contain the Menubar and Toolbar)
• Menubar
• Toolbar
• Status bar
• Tool tips

Win32++ also brings an object oriented approach to programming directly with the Win32 API. Each window created is a C++ class object capable of having its own window procedure for routing messages.

Hopefully, beginners will find this framework simpler and easier to use than MFC. There are no confusing macros in the message maps for example, just straightforward C++. Most importantly, for beginners perhaps, this framework runs on free compilers readily available for download from the internet. You don't need to buy a compiler to use it.

In an article posted Feb 13 2007, it appears that our brilliant law enforcement agents have finally figured out that criminals can hang out in unsecure WiFi Hot spots.

What I find so odd about this honestly is that it appears none of them must have ever used one. Honestly if you can attach to any network without some level of difficulty, you should as yourself why? Then disconnect and leave.

According to a report in this week's Washington Post, the 46,000 public access Wi-Fi points scattered across the U.S. offer a new vehicle for criminals to carry out their evil business. Law enforcement authorities, who so far have been focusing their investigations primarily on child pornography and other exploitation of children, say they are growing concerned that the anonymous use of unsecured wireless networks will grow.

Google Inc.'s free e-mail service will shed the final remnants of its invitation-only restrictions Wednesday, extending the reach of an increasingly popular product that has emerged as a vital cog in the online search leader's expansion efforts.

Invitations will no longer be required to join the nearly 3-year-old "Gmail" service in the United States, Canada, Mexico and a swath of Asian and South American countries where the Mountain View-based company previously limited the number of users.

With those restrictions now lifted, Gmail will be open to all comers worldwide for the first time since Google unveiled the service on April Fool's Day in 2004.

The decision to lift all invitation requirements on Gmail signals Google finally believes it has adequate computing capacity to accommodate the generous amount of free storage provided by the e-mail service after investing heavily in additional data centers. Gmail offers each account at least 2.8 gigabytes of storage — enough to fill about 1.4 million pages.

The RFC's do define the first three digits of error codes but the software or mail server itself can define anything after the first three digits for their own use. Perhaps the time is coming that people can be given some uniform codes they can understand. Though the problems are bigger than they may appear at first glance. We have put together some basic codes as a guideline to help everyone have some idea as to what the error might mean.

500: Syntax error, command unrecognized
This may include errors such as command line too long.
 

501: Syntax error in parameters or arguments - Indicates possible poor (noisy dialup) or an intermittent drop in network line connection that caused your mail client to send erroneous command to the mail server.
 

502: Command not implemented - Indicates that your ISP mail server did not recognized a command sent.
 

503: Server encountered bad sequence of commands - Indicates (probable) that your ISP mail server did not recognized a command sent that is erroneous. Some temporary event prevents the successful sending of the message or an intermittent drop in network line connection that caused your mail client to send erroneous command and sending in the future may be successful.
 

504: Command parameter not implemented - Indicates that your ISP mail server did not recognized a command sent.

521: The domain does not accept mail or closing transmission channel You must be pop-authenticated before you can use this SMTP server and you must use your mail address for the Sender/From field.
 

530: Access denied (???a Sendmailism)

550: Requested actions not taken, mailbox unavailable - Indicates that your recipient's email address was not recognized by your ISP mail server or (mailbox not found or cannot access it).
 

550: Relaying prohibited or Not local host… not a gateway or Unable to relay for, or user’s mailbox unavailable - Sending an email to recipients outside of your domain are not allowed or your mail server does not know that you have access to use it for relaying messages and authentication is required. Or to prevent the sending of SPAM some mail servers will not allow (relay) send mail to any e-mail using another company’s network and computer resources.

550: This address is not allowed or Requested action not taken: mailbox unavailable - Seems like the setting of the “From Address” are incorrect and/or an attempted was made to deliver but there was a non fatal error and it will be retried and/or some change to the message destination must be made for successful delivery.
 

551: User not local, please try <forward-path> or Invalid Address: Relay request denied - Indicates that the recipient's email address have changed and your ISP mail server is forwarding it back to you and/or your ISP SMTP mail server does not accept email when neither the sender nor the recipient is a local user--this feature was implemented to protect the mail server from being used by spammers to relay their messages by using another company’s network and computer resources.
 

552: Requested mail actions aborted: exceeded storage allocation - ISP mail server indicates, probable overloading from too many messages.
 

553: Denied. Requested action not taken: mailbox name not allowed or bad command format - (E.g., mailbox syntax incorrect)  Some mail servers have the option to reduce the number of concurrent connection and also the number of messages sent per connection. If you have a lot of messages queued up (being sent) for a domain, it could go over the maximum number of messages per connection and/or some change to the message and/or destination must be made for successful delivery.
 

554: Transaction failed or Permanent Failure - A permanent failure is one which is not likely to be resolved by resending the message in its current form and some change to the message and/or destination must be made for successful delivery.

554: Transaction failed or Permanent Failure - The server sending your mail server does not have a reverse DNS entry.
      1. Helo command rejected: Access denied;
      2. Recipent user is "Over Quota"
      3. You do not have permission to send to this recipient.

557: Too many duplicate messages: Resource temporarily unavailable - Indicates (probable) that there is some kind of anti-spam system on the mail server.

Even if I logon as Administrator and try to backup any of my databases to local partitions, I get this error below.

Cannot open backup device 'F:\foldername'. Operating system error 5(Access is denied.).

It doesn't matter who *you* are logged in as, it is the service account for SQL Server service that
matters. Learn More

Why do I always have problems with IIS 6.0 and upload sizes?

There is one tweak that must happen for the upload large files to work properly in IIS6. By default it won't allow a POST larger than 200KB
(Not sure of the Reasoning).

To fix it:

- Open IIS Manager
- Right-click on the server name at the top of the tree and choose "Properties"
- Check the first box for "Enable Direct Metabase Edit" and click the "OK" button
- Open C:\Windows\System32\Inetsrv\metabase.xml with Notepad (NOT Wordpad)
- Find AspMaxRequestEntityAllowed and change it to 1073741824

The dramatic headlines appear to have been sparked by confusion in a Reuters story published on Saturday morning that snowballed out of control. The story quoted the FSF's general counsel, Eben Moglen, as stating that the FSF was making changes to the GPL that would not allow similar deals.

As previously reported, Moglen initiated a review of the deal shortly after Novell and Microsoft promised not to sue each other's customers for patent infringement to see whether the agreement ran afoul of the GNU General Public License, by which Linux is distributed.

Some open source advocates had feared that the agreement might split the Linux market, and concerns were realized when Microsoft's CEO, Steve Ballmer, used the deal to suggest that there might be patent issues related to other Linux distributions.

While Moglen is yet to report his findings, FSF chairman Richard Stallman announced in November that while the agreement was not in violation of the current version 2 of the GPL, the forthcoming GPL v3 would include provisions that would block such an arrangement.

If the GPL v3 does include such provisions when it is finalized in the spring, Novell might well find itself in a difficult position. While Linux creator Linus Torvalds has decided that the Linux kernel will stick with GPL v3, many of the GNU tools that go to make up a full Linux distribution will move to GPL v3.

It seems likely that Novell will be forced to maintain support for older version of these tools or rethink its Microsoft agreement if the FSF does succeed in its aims, but Novell maintained that it is not going to respond to ifs and buts at this stage.

Novell has just launched a Vista/Linux comparison site, in anticipation of the Jan. 31 arrival of the retail version of Windows Vista. Unsurprisingly, Novell's site reminds users that SLED 10 (SUSE Linux Enterprise Desktop) is already here, and promotes it as the better upgrade for Windows business users.

While Microsoft and Novell may be partners now when it comes to Windows and Linux interoperability, don't think for a second that they've become bosom buddies. In this Web site, Novell bashes Vista both on TCO (total cost of ownership) and on usability grounds.

Novell claims that "With SUSE Linux Enterprise Desktop 10, you receive over 90 percent of the functionality of Vista and Office for less than 10 percent of the price." In the pricing section, Novell walks you through the cost differences between SLED and Vista and Vista/Office 2007.

When it comes to dollars and bytes, SLED is the clear winner. It only costs $50 and it comes bundled with a full-function office suite, OpenOffice.org 2.x. IN contrast, the Windows Vista Business upgrade price is $179. If you buy straight retail, it's a cool $299. Vista, of course, doesn't come with an office suite. Microsoft Office Professional 2007 for Windows Vista costs $499 per user at list. The upgrade price isn't cheap either, at $329.

Of course, all this pricing information presumes you can run Vista on your existing PCs. SLED 10 will run on any recent PC. Vista, for all practical purposes, requires a system with at least a 1GHz 32-bit or 64-bit processor, 1GB of system RAM, a graphics card that is DirectX 9-capable with WDDM (Windows Display Driver Model) drivers, and at least 128MB of graphics memory.

Microsoft® Expression® Web Free Trial

We recommend the trial version of Expression Web, everyone should become comfortable with the product before laying down your $269.00. The trial is a fully functioning version of the product that will expire 60 days from installation.

Expression Web is a professional design tool that helps you create and work with:

• Standards-based Web sites
• Sophisticated CSS-based layouts
• Extensive CSS formatting and management
• Rich data presentation
• Powerful ASP.NET 2.0-based technology

A few learning videos:

This is what the typical Phish looks like as being sampled from the filtering servers. However the urls below are acutally being redirected to: http://manabi-tai.net/postcard.jpg.exe" in the dumps we have sampled. The links here have been removed.

A Greeting Card is waiting for you at our virtual post office! You can pick up your postcard at the following web address:

http://www.all-yours.net/u/view.php?id=a0190313376667

If you can't click on the web address above, you can also
visit E-Greetings at http://www.all-yours.net/
and enter your pickup code, which is: a0190313376667

(Your postcard will be available for 60 days.)

Oh -- and if you'd like to reply with a postcard,
you can do so by visiting this web address:
http://www.all-yours.net/
(Or you can simply click the "reply to this postcard"
button beneath your postcard!)

We hope you enjoy your postcard, and if you do,
please take a moment to send a few yourself!

Regards,
1001 E-Greetings and Postcards
http:///www.all-yours.net/

We observed large scale spam (mass mailing) of 3 different variants of the W32/Tibs downloader.  The message arrives with the subject “Happy New Year” and an attachment “Postcard.exe”. This is a Trojan/Downloader that downloads additional malware onto an infected machine. The downloaded malware harvests e-mail addresses from a victim machine and uploads it to a remote host to further spam. Detection for this was promptly added and definition files released.

This shot was taken off of just one MX Filter server in our network.

This is the weekly shot which will indicate just how many of these are being trapped for saturday.

12.27.2006 Yahoo's article pointing at the gloom & doom of American broadband.   The U.S. needs to spur greater investment in its broadband network, said Kara Swisher, another Wall Street Journal technology columnist. I am questioning a capitalist based news paper, having a columist writing this. 

The quote that really seemed to have rubbed me is this one. "The government has got to get behind this, like it did with the public highways," Swisher said, referring to the federal government's investment in the interstate highway system beginning in the 1950's".  They have the right to publish whatever they wish though the method which has put America on the forefront of the technology which is home grown will take us into the future with out the government getting envolved.

It seems that while they might be correct with America needing some investment, I am not sure the government is the place to get any of this done. Let's really look at the facts.

I hardly think that the need here should not be compared to the Interstate Highway system. The downside to any government controlling their internet is clear. China who totally controls their users experience is nothing I personally would ralley around.  This type of Federal based logic is running wild in America. I am starting to wonder if there is something in the water. The market and capitalizm have got the internet where it is right now just exactly what is the problem? The only thing the government could do is to help or offer some incentive to installing fiber to every home in america as this is seriously expensive. They did not do well with creating the monopoly called cable. I doubt they could do much better with fiber. If they could build it as a neutral network great, but that would be seem to be mission impossible.

Surely anyone can see that the url is first going to google then gets redirected to HongKong. What I find odd is I have seen at least 20 copies of this email in one day yet the provider in HongKong or Google has not taken action.

Our mail servers are already filtering against this URL. http://www.google.com/url?q=%68%74%74%70%3A%2F%2F566441026785887484-ma.%76%68%61%75%65%6F%2E%68%6B/%48S%42C/%73ec%75%72e/l%6Fg%69n/?id=25&account=61b6USrKjUva-0288.  It would seem that google could at least assure they are not being party to phishing scams like this and break the URL as well.

Many people still believe that anti-spam and anti-virus is best handled client side. We have used our share of client tools too. There simply is no reason to question whether or not server side filtering is the right approach. There are many reasons why sever side is better including the sampling base size. The task can be daunting even for a savvy mail administrator.

Spammers have become sharper, there is money at stake. Providers have alot invested with proper firewalls that remove viruses on the fly and check for spoof and prevent the mail server from coming under any number of attacks. Certain mail servers specifically Merak Mail do a great job and have many levels of filtering mail yet still manage to perform at lightning speed. The newest in v 8.9.1 is the addition of realtime baysian indexing. The sampling of mail to index on a server in itself should be enough even for a novice to understand this method is something they simply cannot acheive client side.

While it is true many 3rd party mail servers claim to have all the features for filtering mail. A good example is smartermail. As a mail server it is a fantasic product but their filtering leaves alot to be desired. There are a couple of solutions which can fix the problems of smartermail and though the product by declude claims to fix those weaknesses. The issue I have observed is making the server misbehave. It seriously cuts the number of users the system has the resources to support. The best way for anyone to really filter mail correctly besides the Merak Mail is to use a MX or Gateway server.

Placing MX servers in front of your mail servers and filtering before it even makes it to the mail server. This has become the preferred method for enterprise mail. There is no magic pill with some client side software bit, which will kill all spam. 

The point here is that desktop software really cannot compete when it comes to filtering mail. Understand and appreciate all that your spam goes through to get to your desktop in the first place. It does not hurt to have some desktop anti-spam, anti-virus software. However it simply is never going to compare to all your emails already go through.