Wish list - Security

This is a discussion on Wish list - Security ; On Tue, 29 Nov 2005 23:43:24 -0800, matt_left_coast wrote: > Newsbox wrote: > [...] >> I'm surely not a rich man, but would consider setting a separate firewall >> server for this purpose if it were possible or doable. >> ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 29 of 29

Thread: Wish list

  1. Re: Wish list

    On Tue, 29 Nov 2005 23:43:24 -0800, matt_left_coast wrote:

    > Newsbox wrote:
    >


    [...]

    >> I'm surely not a rich man, but would consider setting a separate firewall
    >> server for this purpose if it were possible or doable.
    >>
    >> All suggestions welcome.
    >>
    >> Best wishes.

    >
    > I would suggest you do research on firewalls, what they are, what they do
    > and what they do not do. Your question suggest a lack of understanding of
    > what security is and what it takes to get a secure system. Unless you do
    > some studying, you will probably never have a secure system no matter what
    > firewall you put in.


    Here's two questions you might want a first shot at, matt_left_coast:

    If I were to set up a machine as a firewall for my LAN, and that machine
    also processed, organized and collated the data on all rejected traffic,
    compared or parsed it against other information on file, and served up
    formatted information on that traffic,

    1. Would it be fair to call that machine a firewall server? Would the
    "server" part be redundant? Would you just call it a firewall. Should
    all firewalls do all of this? Or none? Does your firewall do those
    things?
    2. What would be the best name to call a machine like that?

    (All responses are welcome, just wanted matt_left_coast to have his
    chance. This is kind of a language question, like "what do you call
    this?" Is there a name for this already? Is this something not to be
    done for some reason? Has this been done and named before? What name
    should I look for in a Google search or dogpile search, etc?)

    I just didn't know what else to call it and this seemed descriptive. Of
    course, if you really had no idea what I had in mind, you wouldn't know
    either. That's why I think language is important, and that's why I'm
    asking the questions. We can't even talk about it if we don't understand
    what the others are saying, can we? Please help me with suggestions about
    these language questions if you are at all interested. Thank you.

    oh, ps matt_left_coast, I do feel as if I do know a few things about
    firewalls, and maybe a couple or three other things about computer
    security, as well. But these are just some simple language questions, so
    we could maybe learn how to talk with each other. Thanks for your help.



  2. Re: Wish list

    On Thu, 01 Dec 2005, in the Usenet newsgroup comp.os.linux.security, in article
    , Newsbox wrote:

    Follow up

    >You are undoubtedly 100% correct. I was looking for a fairly easy, quick
    >and accurate way to specific information. Your generalization is
    >at least fast and correct, I believe.


    [stuff tends to morph]. Normally, I don't bother about this, as the
    firewall blocks UDP, and I don't offer any services to the Internet from
    home. At work, I am not the firewall guy, and don't even have a login on
    the firewalls. None the less, the windoze anti-virus providers, and SANS
    tend to have lists that are not to far out of date. A google search will
    often pick them up within a day or so of the outbreak.

    The IANA port list (http://www.iana.org/assignments/port-numbers) which
    is where your /etc/services file originally came from, is pretty much
    useless. Malware authors do not register the ports they are using with
    IANA, and there is nothing that _requires_ this service to use only that
    port number. Likewise, a packet on port $FOO does not mean that it can only
    be for service $BAR. A co-worker had his SSH server listening on port 70
    until his ISP decided to block all servers (translates to "block all below
    1024"), when he moved it to something near 31000.

    >You did seem to manage to misunderstand what I did feel I wrote clearly,
    >so I'm assigning you a share equal to any of my own for any misunderstanding.


    I can accept that - you waved a flag in front of me - I charged. My bad.

    >The woman I "love" likes to use e-mail, go shopping on-line and surf the
    >web. She likes to use Microsoft Windows OS's, uses Windows at work, and
    >doesn't feel comfortable with my *nix systems. And I want her to be happy.


    Does she accept the idea of using something other than Internet Explorer
    and Outlook Express? I no longer have a copy, but about 2 years ago, CERT
    put out a recommendation to avoid using either. I'm told there are ways
    that these can be made a little less risky to use, but it's only a degree of
    reduction, not an absolute. Messenger spam (remember, I stopped using
    windoze in 1992) supposedly is easy to fix:

    -----------------
    What you're seeing is the built-in Messenger service in NT/Windows 2000 and
    XP for sending quick "pop up" messages across networks which spammers are
    exploiting. This is not Microsoft, nor can they can control it anymore then
    they can control the spam arriving in your e-mail. It's a "feature" that
    Microsoft assumes you wanted, just as sharing your hard drive by default
    with the world. If you don't want these messages to come up again, you can
    stop this from happening by going to the Control Panel, choose Administrative
    Tools (if you're using XP, you may have to click Classic View on the left).
    Double-click Services, and Scroll down to "Messenger", select it, right-click
    and then choose Properties. Under startup type, choose disabled and then
    choose the 'Stop' button. After the service is stopped, click OK.
    ------- also seen as -----
    Disable messenger service.
    In Settings->Control Panel->Administrative Services, select Computer
    Management->Services. In the right panel, right click on Messenger,
    select Properties, disable it in the drop down list, click OK out.
    ------- also seen as -----
    In Win9x, you just rename or delete the RPCSS.EXE file. Which is a
    good idea anyway for variety of reasons.
    -----------------

    >I think you know where this is going, which is that all of these random
    >attacks are interfering with my peace of mind and domestic tranquility,
    >and cutting heavily into my free time. In short, Sir Moe, I am motivated.


    Despite the cut-and-pastes above, I'm not into windoze, and and not the
    person to advise how to configure it (other than the classic "insert a
    Linux CD, and boot - you've already said that's not viable). There is
    only so much you can do from the blocking end of things. If you are not
    using an email filtering tool to clean stuff up before it gets handed to
    a windoze box, there will be windoze problems. Yes, you can firewall to
    block the ping of death or it's modern replacements, but this can't
    compensate for actions of the user.

    Old guy

  3. Re: Wish list

    Newsbox wrote:

    > On Tue, 29 Nov 2005 23:43:24 -0800, matt_left_coast wrote:
    >
    >> Newsbox wrote:
    >>

    >
    > [...]
    >
    >>> I'm surely not a rich man, but would consider setting a separate
    >>> firewall server for this purpose if it were possible or doable.
    >>>
    >>> All suggestions welcome.
    >>>
    >>> Best wishes.

    >>
    >> I would suggest you do research on firewalls, what they are, what they do
    >> and what they do not do. Your question suggest a lack of understanding of
    >> what security is and what it takes to get a secure system. Unless you do
    >> some studying, you will probably never have a secure system no matter
    >> what firewall you put in.

    >
    > Here's two questions you might want a first shot at, matt_left_coast:
    >
    > If I were to set up a machine as a firewall for my LAN, and that machine
    > also processed, organized and collated the data on all rejected traffic,
    > compared or parsed it against other information on file, and served up
    > formatted information on that traffic,
    >
    > 1. Would it be fair to call that machine a firewall server? Would the
    > "server" part be redundant? Would you just call it a firewall. Should
    > all firewalls do all of this? Or none? Does your firewall do those
    > things?
    > 2. What would be the best name to call a machine like that?


    So you know what it is CALLED, That does not mean you know what it really
    does. what it actually SECURES and what it does not secure...

    >
    > (All responses are welcome, just wanted matt_left_coast to have his
    > chance. This is kind of a language question, like "what do you call
    > this?" Is there a name for this already? Is this something not to be
    > done for some reason? Has this been done and named before? What name
    > should I look for in a Google search or dogpile search, etc?)


    What chance? All you have done is shown you know what the word firewall
    means, but NOT what it truly means in securing an environment.

    >
    > I just didn't know what else to call it and this seemed descriptive.



    And that is why I told you to do some RESEARCH. Here, by your own admission
    you do not know enough about firewalls to use them effectively. As others
    have said, what you are asking for A) Would require a full time
    administrator and B) only can deal with attacks known at the time the
    database was written AND the writers felt the need to include. There is
    ALWAYS a lag between an exploit being discovered and it being included in
    the application so NO application contains all possible attacks. it is
    IMPOSSIBLE. If you understood what a firewall is, the different types of
    firewalls and what they do then you would know that. That is why I
    suggested you do some research.

    As for tracking back to the responsible party, it is unlikely that you have
    the resources or the time to do this successfully. If you took the time to
    learn how hackers work, you would know that they seldom initialed the
    attack from a system that could easily be tracked back to the attacker.

    It is not up to us to teach you security. In another message, I attacked a
    URL that SHOULD have explained, even to you, why you will not be
    successful. Here it is again:


    http://software.newsforge.com/softwa...2.shtml?tid=78


  4. Re: Wish list

    Newsbox wrote:

    > On Thu, 01 Dec 2005 16:47:40 -0800, matt_left_coast wrote:
    >
    >> Newsbox wrote:
    >>
    >>> On Tue, 29 Nov 2005 23:43:24 -0800, matt_left_coast wrote:
    >>>
    >>>> Newsbox wrote:
    >>>>
    >>>>
    >>> [...]
    >>>
    >>>>> I'm surely not a rich man, but would consider setting a separate
    >>>>> firewall server for this purpose if it were possible or doable.
    >>>>>
    >>>>> All suggestions welcome.
    >>>>>
    >>>>> Best wishes.
    >>>>
    >>>> I would suggest you do research on firewalls, what they are, what they
    >>>> do and what they do not do. Your question suggest a lack of
    >>>> understanding of what security is and what it takes to get a secure
    >>>> system. Unless you do some studying, you will probably never have a
    >>>> secure system no matter what firewall you put in.

    >
    > You _do_ remember, that I did answer this. Don't you.


    Why are you responding to something said from a couple of messages back as
    if I just said it? To stupid to understand what the 4 ">" mean?

    >
    >>> Here's two questions you might want a first shot at, matt_left_coast:
    >>>
    >>> If I were to set up a machine as a firewall for my LAN, and that
    >>> machine also processed, organized and collated the data on all rejected
    >>> traffic, compared or parsed it against other information on file, and
    >>> served up formatted information on that traffic,
    >>>
    >>> 1. Would it be fair to call that machine a firewall server? Would
    >>> the "server" part be redundant? Would you just call it a firewall.
    >>> Should all firewalls do all of this? Or none? Does your firewall do
    >>> those things?
    >>> 2. What would be the best name to call a machine like that?

    >>
    >> So you know what it is CALLED, That does not mean you know what it
    >> really does. what it actually SECURES and what it does not secure...

    >
    > No, matt_left_coast, I asked you what you think it _should_ be called.


    It does not matter what you call it, the underlying issues are the same. If
    you call it a firewall it will still have the same problems as if you call
    it a newsboxass****er. Try to understand that the issues are the same no
    matter WHAT THE **** YOU USE. My suggestion is that you learn what the
    issues are regarding the list of bad stuff you detailed are in relation to
    the security of your box. Then you would understand how idiotic your
    request is.

    Your OP never requested what it "should be called" so I see you are now
    trying to revise history.

  5. Re: Wish list

    Newsbox wrote:

    >>> I just didn't know what else to call it and this seemed descriptive.

    >>


    You state that you don't even know what it should be called.

    >>
    >> And that is why I told you to do some RESEARCH. Here, by your own
    >> admission you do not know enough about firewalls to use them
    >> effectively.

    >
    > No, you lost me there, matt_left_coast. Show me please where you think I
    > "admitted" any such thing.


    If you don't know what it should be called, how can you know enough to use
    it effectively?

    This is simple stuff, if you don't even know what a device as complex as a
    firewall should be called Then you don't know enough to use it
    effectively. Then you need to do some research on what a firewall is, what
    kinds of firewalls do and what they do not do. Once you do that, you will
    begin to understand what is required to do all the stuff you requested in
    your OP. You keep asking for a "thing" that will do it all for you, well
    others and I have told you, repeatedly, it does not exist. There is no box,
    no matter what you call it that does everything you ask, it is IMPOSSIBLE.
    I have stated that before.

    As stated before, do do everything you ask in the OP you MUST do your
    research on ALL ASPECTS of security. Even if you spend the equivalent of a
    full time job, you can not expect to do everything on your list.

    You can not expect to do everything on your list with a server regardless of
    it being called a firewall or anything else. To do all on your list YOU
    MUST UNDERSTAND THE PROCESSES AND METHODOLOGIES behind what is being done
    and YOU need to track it down. There are legal agencies that have many full
    time people tracking the issues you list.


    --



  6. Re: Wish list

    On Thu, 01 Dec 2005 21:23:22 -0800, matt_left_coast wrote:

    > Newsbox wrote:
    >

    [...]

    >>>> 2. What would be the best name to call a machine like that?
    >>>
    >>> So you know what it is CALLED, That does not mean you know what it
    >>> really does. what it actually SECURES and what it does not secure...

    >>
    >> No, matt_left_coast, I asked you what you think it _should_ be called.

    >
    > It does not matter what you call it, the underlying issues are the same.


    Thanks for giving it a name as I asked. My point was that I do believe
    that it does matter what name a thing is called, if that name does not do
    a suitable job of uniquely identifying the thing so as to allow clear
    thought and discussion. Suppose you have Rick, Dick, Richie and Dickie.
    Their first names are all formally Richard. The Boss tells his secretary
    "Call Richie, please", there is no confusion. Had he asked for Richard,
    it wouldn't have been clear.

    I think that's where this is at. This isn't your fault, but it is what I
    am trying to correct if you will bear with me.

    > If
    > you call it a firewall it will still have the same problems as if you
    > call it a arjfobknffshpxre. Try to understand that the issues are the
    > same no matter WHAT THE **** YOU USE. My suggestion is that you learn
    > what the issues are regarding the list of bad stuff you detailed are in
    > relation to the security of your box. Then you would understand how
    > idiotic your request is.


    Here's a short topology:

    |
    HF-ADSL-modem
    |
    firewall-machine
    inputting-and outputting
    |
    |---------------------DP-for-all-rejected-traffic,output-unspecified
    |
    local-area-network

    That's it in a nutshell. I don't see anything impossible or idiotic about
    it. I'm talking about everything between the HF-ADSL-modem and the
    local-area-network.

    > Your OP never requested what it "should be called" so I see you are now
    > trying to revise history.


    You're right, it wasn't in the OP. But it was in the thread. I'm not
    trying to "revise history". Just trying to be clear.

    Thanks for answering twice. I'd like to try to respond to your other
    message too, but can't take time to do so right now, as I have another
    schedule to meet.

    Thanks again and best wishes.

  7. Re: Wish list

    On Fri, 02 Dec 2005 13:57:35 -0600, Moe Trin wrote:

    > On Thu, 01 Dec 2005, in the Usenet newsgroup comp.os.linux.security, in article
    > , Newsbox wrote:


    [...]

    If it is categorically illegal to send a response of any kind to
    unsolicited traffic, then the whole idea is DOA.

    Thanks for taking the time to write again. I especially appreciate the
    reference source citations.

    I actually get very little "spam" that isn't blocked or ignored. Call it
    semantics if you will, but I would maybe call the bad guys of interest
    "bot-net controllers", or some such. Those are the big bad guys. There
    are a lot more of the little bad guys, - people who continue to run 0wn3d,
    connected machines. Without those little bad guys, the big bad guys are
    powerless.

    Unfortunately, I have a schedule I cannot ignore. Pls excuse the brief
    response to a helpful message.

    Thanks again and best wishes.

  8. Re: Wish list

    On Sat, 03 Dec 2005, in the Usenet newsgroup comp.os.linux.security, in article
    , Newsbox wrote:

    >Greg Metcalfe wrote:


    >> I thought I should leave this one completely untrimmed. Have a look at
    >> my BR5kf.56$p96.2410@news.uswest.net, which suggests a very brute-force
    >> approach (i.e. won't scale well, and is arguably evil, at minimum).


    See also my response to that post

    >> Now, put on your Old Guy philosopher hat. In your opinion, will
    >> approaches like this hasten the day that Korean/Chinese/Indian industry
    >> gets enough leverage to fix the problem? Or is the heavy-handedness of
    >> the approach so evil that it simply should not be done?


    Good question. Some Indian ISPs have noticed the wholesale blocking, as
    have ISPs in other countries, and made possible first steps towards
    recognizing that they have a problem. By the same token, there are others
    who don't give a damn, and haven't seen a need for such effort. I've
    heard that China has gone so far as to officially punish (some have claimed
    executed) some individuals for "defaming the Peoples Republic". I've not
    seen any confirmation that I'd consider reliable, nor have I seen any
    reliable indication of a reduction in spam levels. By the same token,
    the Brit I mentioned upthread who is going to be a guest of the Crown for
    six years is also (apparently) declining to discuss his ill-gotten gains
    with the court because he's sure the police will steal them - he's likely
    going to have some problems with the tax authorities as well.

    >However I fear that, unless checked, that growth will continue and produce
    >increasingly serious consequences. Unfortunately, it seems that much of
    >the so-called anti-spam effort has failed to stop that growth. Also that
    >that growth needs to be checked, and is not now being sufficiently
    >checked.


    OPINION: A major portion of the blame can be set at the feet of microsoft,
    for creating this monster. The problem existed before win95, but not to
    anything like this scale. Windoze is configured such that a brain dead
    garden slug on crack can get onto the Internet with servers enabled up
    the whazoo, but no security what-so-ever. The result is that everyone and
    his dog is running systems asking to be r00ted. To fix this, do you try
    to go after the gazillion idiots who can't even spell PC, but are running
    these computers? The ISPs for failing to block this? Be careful what
    you wish for - you _could_ actually get a politicians interpretation of
    what you meant, as translated by the special interest groups. Remember the
    Can Spam act?

    OPINION: Another problem is that spammers bear virtually no cost to flood
    the Internet with garbage. Mentioned upthread is the bit about being able
    to deliver an advertisement to 15 million people for US$250. Compare that
    price to what an advertiser has to pay for a one minute spot on "national"
    television in prime time - never mind something like the Super Bowl. Many
    cite reports of various kinds that the recipients of the spam are paying
    a significant cost to receive (or rather to not receive) this stuff. A
    simple example is quotes that spam represents some astronomical percentage
    of the email. Another is the bandwidth cost of messenger spam (my own
    figures - half a Megabyte per IP address per day - for an ISP with a /16
    allocated, that's 32 GIGAbytes a day; how big is your pipe?) in addition
    to that wasted on email.

    >With respect to your question about blocking (...), Greg, I would suspect
    >that many people would be very glad to do this for the possible benefits.


    We all laugh at AOL.com - as being the $ETHNIC_BUFFOON joke of the Internet.
    Yet their received spam level is lower than most ISPs because of extensive
    but fairly simple filtering. Apparent dynamic IP sending mail? 550. rDNS
    doesn't match fDNS? 550. Those two are _fairly_ easy to implement at the
    mail server (or even the perimeter routers). If you don't have your own
    mail server, you can filter on the POP server. It's certainly not easy,
    or obvious, but it's possible. There are also relatively simple filtering
    algorithms/applications you can set up on your individual host that work
    before you see the resulting cleaned up mail.

    As far as firewall filtering, iptables has more than enough capabilities
    to handle a home to medium sized business. If you aren't offering services
    to the world, basically no ports should be open. Nothing open means nothing
    to exploit/worry about. Have a reason to be serving something to the world?
    It should be in a colo or hosting service with professional admins running
    things. I (along with many ISPs, though sometimes for a different reason) do
    not advocate running a server out of a residential hookup. If you want to
    serve web pages for friends and family ONLY, putting the server on a non-
    standard port (possibly above 1050) may be a solution.

    >Heavy handed? Not really; if you have no need for legitimate traffic from
    >there, then no need to accept the excess "spam" or sploits either.
    >Particularly if they are not even making the levels of control effort
    >there as are expended here.


    Again, if you are not providing services to the world, this is not all that
    difficult to set up on a local firewall. Blocking inbound SYN only packets
    in TCP (and ignoring all UDP not from your DNS servers) precludes even
    worrying about where a remote host is located. I've mentioned this quite a
    few times - the IP address allocations were not made with blocking by ranges
    in mind.

    [compton ~]$ grep CN IP.ADDR/stats/APNIC | cut -d' ' -f2 | cut -d'.' -f1
    | sort -un | column
    58 61 159 166 192 203 218 221
    59 125 161 167 198 210 219 222
    60 134 162 168 202 211 220
    [compton ~]$

    That's the first octet of the IP addresses used by China. But:

    [compton ~]$ grep -h ' 58\.' IP.ADDR/stats/APNIC | cut -d' ' -f1 | sort -u
    | column
    AF CN IN KR NZ PK TH VN
    AU HK JP MY PH SG TW
    [compton ~]$

    China isn't the only one in those /8s.

    >Caveats: Relying on someone else to decide what is blocked might be handy,
    >and also subject to error or abuse if not checked. Possibly. When making
    >recommendations, though the possibility of serious consequences might be
    >small, there's always a possibility some will blame you if/when something
    >goes wrong (goes wrong ... goes wrong). But probably not much risk of real
    >culpability and there's a limit to how softly one can tread and still be
    >helpful or move at all. Probably not much risk of downside, and much to be
    >gained. I'd give it a go myself, if I could get it on my to-do list.


    A fairly common complaint in news.admin.net-abuse.blocklisting is people
    saying the $BLOCKLIST is blocking their IP. The standard answers are that
    the blocklist is merely a list, and the admin of that ISP or that company
    is using the list to block (typically) mail from "you", and that unless
    an RIR has you listed as "Direct-Assignment", you are leasing/renting the
    address from someone else who is being held responsible. A common solution
    proposed is to request that administrator/ISP/what-ever to whitelist or
    otherwise unblock "your" address, because they are the ones using the
    list at their own volition. (I have no idea how many different lists
    exist - there are plenty, of all flavors from spam/zombie IPs, to dynamic
    addresses, to country and ISP lists - I dunno, there's probably lists
    out there if addresses that are modulo 15 = 0, or the entity registering
    the address has an 'r' in the name).

    Old guy

  9. Re: Wish list

    Newsbox wrote:

    > On Tue, 29 Nov 2005 23:43:24 -0800, matt_left_coast wrote:
    >
    >> Newsbox wrote:
    >>

    >
    > [...]
    >
    >>> I'm surely not a rich man, but would consider setting a separate
    >>> firewall server for this purpose if it were possible or doable.
    >>>
    >>> All suggestions welcome.
    >>>
    >>> Best wishes.

    >>
    >> I would suggest you do research on firewalls, what they are, what
    >> they do and what they do not do. Your question suggest a lack of
    >> understanding of what security is and what it takes to get a secure
    >> system. Unless you do some studying, you will probably never have a
    >> secure system no matter what firewall you put in.

    >
    > Here's two questions you might want a first shot at,
    > matt_left_coast:
    >
    > If I were to set up a machine as a firewall for my LAN, and that
    > machine also processed, organized and collated the data on all
    > rejected traffic, compared or parsed it against other information on
    > file, and served up formatted information on that traffic,
    >
    > 1. Would it be fair to call that machine a firewall server? Would
    > the
    > "server" part be redundant? Would you just call it a firewall.
    > Should
    > all firewalls do all of this? Or none? Does your firewall do those
    > things?
    > 2. What would be the best name to call a machine like that?
    >



    Just call it a firewall.

    A good one to look at would be Gibraltar. Its a live CD,
    you do not need a hard disk. That makes it secure. Try
    to hack a CD. Configuration files are saved to a floppy,
    or a flash memory device with the write protect set.
    Gibraltar can be configured over a browser so you can
    run it headless, no keyboard, no monitor, no KVM necessary.
    Nor does it need a big fast CPU or much memory. So any old
    machine laying around with the proper NICs and a 128k
    thumbdrive puts you in business.

    Gibraltar is free for personal use, and is based on Debian.

    It has a lot of stuff on the CD including ability to set up
    Shorewall, proxies, A/V for Windows boxes on your LAN,
    and other goodies.

    It is not for rank beginners unwilling to get their
    hands dirty. But good for a SOHO LAN type situation.



    > (All responses are welcome, just wanted matt_left_coast to have his
    > chance. This is kind of a language question, like "what do you call
    > this?" Is there a name for this already? Is this something not to
    > be
    > done for some reason? Has this been done and named before? What
    > name should I look for in a Google search or dogpile search, etc?)
    >
    > I just didn't know what else to call it and this seemed descriptive.
    > Of course, if you really had no idea what I had in mind, you
    > wouldn't know
    > either. That's why I think language is important, and that's why
    > I'm
    > asking the questions. We can't even talk about it if we don't
    > understand
    > what the others are saying, can we? Please help me with suggestions
    > about
    > these language questions if you are at all interested. Thank you.
    >
    > oh, ps matt_left_coast, I do feel as if I do know a few things about
    > firewalls, and maybe a couple or three other things about computer
    > security, as well. But these are just some simple language
    > questions, so
    > we could maybe learn how to talk with each other. Thanks for your
    > help.


    --
    "There is a word in Newspeak," said Syme.**"I*don't
    know whether you know it: duckspeak, to quack like
    a duck.**It is*one*of*those*interesting*words*that
    have two contradictory meanings.**Applied*to*an
    opponent, it is abuse; applied to someone you agree
    with, it is praise."
    ****-George*Orwell*"Nineteen*Eighty-Four"


    Cheerful Charlie

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2