Slashdot Mirror

Thanks for the explanation.

You propose to replace the existing world wide phone network with new protocol.

https://craphound.com/spamsolu...

1, 10, 2 & 9 & 10, none, 1

It is both tech and culture. there will always be people willing to put the lives of others at risk for "fun". This is just india's version of SWATTING. as gravewax pointed out you don't need to break encryption to provide tracability, you can do that without ever breaching the encryption or security of the message itself and without the company ever needing to see or store a single piece of information from the message.

gravewax's solution for this problem is about as useful as Ray Ozzie's to a different one, unfortunately.

They both "solve" technical problems while leaving the much harder societal/human ones unsolved.

And if that would work, then spam would not exist today. See URL https://craphound.com/spamsolu... ; A lot of us still remember...

Came for the usual spam solutions. Not really disappointed

It's old, but it still applies pretty universally:

https://craphound.com/spamsolu...

That is about as likely to happen as people stop eating. I do not think you have worked in any companies where all work is processed through that medium. "just send them a text message" you realize that is the exact same problem. Just a different medium. E-Mail is just long form text messages. Most people treat it as such.

If there is information that can not be disseminated people should be directed to go to a well vetted website
Ah the block everything until our crack team of web surfers has vetted it. How exactly would that work with a company that has say 2000 developers and are scouring the web all the time for information?

I would propose that perhaps you have not thought this problem through thoroughly. You have just advocated that the working world throws out one of its main communication mediums with no real replacement or policies that say why and how. Here is a lesson from an 'old fart' (I have learned it many times the hard way), do not just throw out ultimatums and expect any traction. You look the fool for doing so. Then if you double down you good ideas will get no traction as you will be seen as someone 'just making things up again'.

In this case the proper action is teaching. Which sucks as always. You show people what bad emails look like and how to spot them. You then periodically test them. If they fail you train again. Sorry there is no 'good solution'.

Here, fill this out in your spare time. https://craphound.com/spamsolu...

This hits home --- I just finished reading Cory Doctorow's new novel "Walkaway".

Makers is available to read online, in its entirety, free, from the author.
http://craphound.com/makers/Co...

There is an old form used to evaluate anti-spam solutions, at https://craphound.com/spamsolu.... It's a useful tool to evaluate spam solutions and can even be applied to various security software practices.

In this case, I see a number of issues.

( ) Users of email will not put up with it
( ) Many email users cannot afford to lose business or alienate potential employers

( ) Open relays in foreign countries
( ) Huge existing software investment in SMTP
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Joe jobs and/or identity theft
( ) Outlook

( ) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Incompatiblity with open source or open source licenses

In this case, the existence of rootkitted Windows boxes which have DKIM keys is the major problem. Blocking one particular form of spam may reduce the overall spam traffic, but it seems clear from various conferences on spammers that spam evolves. As one type of spam is more effectively blocked, others grow to fill the economic niche occupied by older forms of spam.

I would reckon your odds of surviving being run over by a truck are much lower than surviving being shot.

After 2016, I would've thought it would've been obvious to everyone that guns weren't the problem. If you take away guns, the crazies will just resort to other methods to kill people (like trucks - the fantasy that they'd use knives is only true for crimes of passion, but not for deliberate killings like this one). Heck, the driver of the truck in Nice had a gun, and opted to use the truck instead. Likewise, in the Brussels attack, the terrorists realized they'd probably be shot and killed quickly by armed security had they charged in guns blazing, so they resorted to using bombs which would inflict casualties before security could respond.

This is like those checklists criticizing anti-spam solutions. Outlawing the tools doesn't work. You have to recognize and admit that violence is a social problem and concentrate on solutions which address why people might resort to violence.

Obligatory Critique*:

Their plan proposes a

(X) technical (X) legislative ( ) market-based ( ) vigilante

approach to fighting [telephone] spam. Their idea will not work. Here is why it won't work. (One or more of the following may apply to their particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
(X) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of telephones will not put up with it
(X) Telcos will not put up with doing this work for free
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(X) Many telephone users cannot afford to lose business or miss critical calls
( ) Spammers don't care about invalid phone numbers in their lists
(X) Anyone could anonymously destroy anyone else's career or business
(X) If a spoofer gets their number banned, you would be unable to call for help
(X) Authorities could abuse it to suppress viewpoints they dislike
( ) Spammers can easily use it to harvest telephone numbers
(X) Organization's phone trees and other legitimate telephone uses would be affected

Specifically, their plan fails to account for

(X) Monetary incentives for telcos to conduct as many calls as possible, billing both parties
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for callerID
(X) It would break telephone connectivity even for correctly dialed numbers
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all telephone numbers
(X) Asshats
(X) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
(X) Huge portions of existing telco equipment base cannot be retrofitted
(X) UnWillingness of users to activate optional teleco services
(X) Eternal arms race involved in all filtering approaches
(X) Extreme profitability of spam
( ) Joe jobs and/or identity theft
(X) Technically illiterate politicians
(X) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
(X) Huge categories of political, charitable, etc. calls that many users want prohibited
(X) Huge categories of political, charitable, etc. calls that many users don't want prohibited
(X) Huge categories of political, charitable, etc. calls that politicians don't want prohibited

and the following philosophical objections may also apply:

(X) Ideas similar to theirs are easy to come up with, yet none have ever
been shown practical
(X) Any scheme based on opt-in is unacceptable
(X) phone connectivity should not be the subject of legislation
(X) Blacklists suck
(X) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(X) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending telephone calls should be allowed for the good guys (opinions vary)
(X) Why should we have to trust you and their servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(X) Temporary/one-time telephone numbers are cheap
(X) I don't want the government approving/disapproving my telephone calls
(X) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

(X) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn their
house down!

*I shamelessly borrowed this form from the first place I found a copy. If you know the original author, please reply to credit him.

We need an updated version of this poster to include "checking for Internet connection...", "downloading, please wait", etc.

This story indicates the surveillance state, and much of its collection efforts, are even less necessary as long as the detectives are willing to put in the work.

No, this story indicates that Google is the surveillance state.

http://craphound.com/spamsolut...

http://craphound.com/littlebro... comes as close as recommending how to hack them.

I don't think this would necessarily fit your needs, however you might find it as interesting as I do, it's more geared toward authors, but it's a custom baked thing that a pal Cory Doctorow's whipped up for him to use Git for his writing http://craphound.com/?p=2171 Like I said, it doesn't seem like it would fit your needs, but it's interesting and I thought I'd share. I do think there's a lot to be said for user education. It doesn't have to be ongoing, but just sitting down once with several groups of people can work wonders on an offices workflow.

Here is a story about this very concept. The characters use encryption, get a local ISP with indie music sharing bundle to switch to encrypted traffic only in order to conceal their own encryption in the noise, thus inspiring google to make the switch to HTTPs. http://www.craphound.com/littlebrother/download/

[1] Do you have a better technical solution?
[2] Does your solution work without requiring the carriers to spend billions radically altering/upgrading their infrastructure
[3] Can your proposal somehow conceal which endpoints calls are between?
[4] Can your proposal somehow conceal the duration of the call, beyond padding it out for some additional period?
[5] Can your solution easily inter-operate on with existing endpoints?

1. Yes.
2. Yes.
3. Limited, but your solution is a no.
4. No.
5. Yes.

The solution you proposed requires the underlying transit layer. In this case, it appears that you are suggesting to use the established voice call to do the further exchange over that. I think that's a little silly since there are better transports available on virtual all phones that your solution is targetting (IE: IP).

If you want your proposed solution, then use an app that does encrypted voip. The IP part can be used to further protect you - you could run it over Tor if you wanted, or to a private vpn, etc etc etc, which is why I didn't put a direct "No" in #3.

It should be possible to do something similar using the voice layer, but then the #1 is worse, and the call route can easily be move around anywhere, and it'd be packetized voice, encrypted, then turned analog, then going over voice, which goes over a digital network for parts of the transit, and unwraps again on the other side, with nearly all the same drawbacks to the existing system.

However, your system really fall flat for the same reason that most of the completely-illiminate-spam solutions fail. See https://craphound.com/spamsolu...

IMO, if we want to eventually have very secure communication channels, we should start with things that are very easy to solve and are in very common use. For example, instant messaging or SMS. Both already require source and destination to be well defined, and both are simple plain text. End to end encryption is really really simple to add on to these, and there are numerous products that can do so. Getting a standard in place, and getting interoperability, and getting widespread adoption have all failed. If we can't get these very simple systems into widespread use, it doesn't bode well for more complicated solutions.

Besides, phone calls have never been secure. If ever one wanted to make a secure call, it was always a given that extra work/parts would need to be involved. I do hope the SS7 issue is somehow fixed, but I don't think it's really going to change much in the grand scheme of things.

See his blog post on the War on General Computing. (warning: video lasts more than five minutes, but it is worth seeing.)

Just another "build me a device that can do anything, except for (<insert feature here>)" action.

Cory Doctorow wrote a story where reputation acts as money: http://craphound.com/down/Cory...

Thank you! Just yesterday, in fact, I submitted this one for an initial 25 prints as proofs, and if they come out right I'll be printing 2,000 to hand out at Burning Man. What do you think of Snowden Doctorow versus Snowden Binney? The upside to Doctorow is name recognition and the approachability of his writing, particularly Little Brother and Homeland. The upside of using Binney, of course, is that more people should know what he has done for his country.

Your thoughts? (and if you ping me off list at bob at thrhahxhehl.com remove all the h's, I'll mail you a few)

Could I just suggest that there be a website where I could post a photo of an object I hoped to sell, and if no-one commented within a reasonable time then I could point at that post as a valid defense if some git wanted to do this to my tiny little business. I would suggest 2.7 minutes, but I don't like this sort of stuff. But it would be fun to argue in court that the other guy's attorneys had a "duty of care" to be monitoring this site 24x7 (at the other guys expense, I might add). Of course, the current standard duty of care is imposed in the other direction even though the supporting search process is way stoopid. Let's start to use real-time for what it's really worth.

Of course, this plan would never work because the rent-seekers among us have more money, and thereby more access to the legal system, than the rest of us. That is, the rest of us put together.

Cory Doctorow ( Pirate Cinema ), you are my new god of IP stupidity. Must read for all of us, never mind the nit-pickers among us.

Think about what you are asking here: you are trying to protect equipment from a bunch of jerks who don't follow the rules on how to properly take care of it, and are offering a solution that requires them to voluntarily log their actions.

I don't think he's offering a solution, he's speaking about his experience doing this kind of thing and rather politely saying in long words what this list summarizes when someone proposes a solution to spam.

Your post advocates a

(X) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting abuse of shared resources. Your idea will not work. Here is why it won't work.

(X) Requires too much cooperation from abusers
(X) Requires immediate total cooperation from everybody at once

Specifically, your plan fails to account for

(X) Lack of centrally controlling authority for equipment
(X) Asshats

etc...

time to implement the Mic Check! method as introduced by Cory Doctorow (owner of Craphound.com so that you don't freak out from the link)...

Hey all you rebels, Cory Doctorow's latest novel Homeland has a lot of info about beating lie detector's built in as part of the plot. It's DRM-free... and actually offered for free also (pay if you like it, or donate a hard copy to a library). Cory packs loads of other info about hacking, cryptography, etc into his fiction...

such as?

Seriously?
Go read it yourself: http://craphound.com/images/di...

This chart has some interesting tidbits on laws that were just put in place in the Ukraine.

Lots of those outlawed things are also crimes in the US, as well as many EU countries.

This chart has some interesting tidbits on laws that were just put in place in the Ukraine.

Educate yourself:
http://www.craphound.com/content/download/

At what point is Ubuntu going to transition into a community driven OS?

I'd say it already is transitioning to a community-driven setup, called "Mint". One of the key things that makes the open-source world different from the commercial world is that when an organization starts getting stupid and greedy, someone forks the project, and if they do a better job the user-base just switches to the new project and loses nothing of any great value.

Interestingly, this is a plot element of Corey Doctorow's post-singularity / post-scarcity sci-fi story "Down and out in the Magic Kingdom". Except, when applied to real world's finite assets -- instead of infinitely reproducible information -- the user-base can lose things; The above story explores who should be responsible for selecting what the people choose to gain or lose. In the case of Ubuntu users, they risk their unfractured community at minimum. In Doctorow's story the people would avoid this type of breakage by "hostile" takeover of Canonical by more community focused developers instead of forking the mindshare of Ubuntu.

Yup. from the unless-double-secret-probation-prohibits-canaries dept., pretty much.

Your post advocates a

(*) technical ( ) legislative ( ) market-based ( ) vigilante

approach to fighting NSLs. Your idea will not work. Here is why it won't work. ...

and of course, a mandatory reading for everybody who wants to participate in discussions about this is printcrime - http://craphound.com/overclocked/Cory_Doctorow_-_Overclocked_-_Printcrime.html

I'd mod this "funny" but I already commented on this topic. Cory isn't the sort to be anonymous, ever. And Little Brother is a wonderful book that can be downloaded for free: http://craphound.com/littlebrother/download/

Homeland , pg. 133-137.

The canonical spam solution checklist.

I'm going with Specificaly, your plan fails to account for: (x) Users of email will not put up with it.

I'm not sure if I would classify that as "his site". He's one of many bloggers. His site, only seems to block 2 cookies (using ghostery), and they are twitter and wordpress stats. I would classify those as at least not completely terrible. That being said, My browser reported blocking 9 things from Boing Boing. That's just a little bit crazy. It's probably one of the highest number of blocks that I've seen a "legitimate" site.

I feel for you, bro. I really do, but I don't have much to add to the discussion, though. I've seen this stuff coming for a long time (as have a number of other people on Slashdot). The real people who need to be convinced are outside of Slashdot. That's where your words need to be taken. While you're out there telling your story as to what happened, please remind them that both political parties are responsible for this issue. I have tried to deal with family who think $POLITICAL_PARTY1 is somehow better than $POLITICAL_PARTY2. So far, nothing I say works. I might use your example to see how that works on them.

Be prepared for people to deny what is happening. Check out this comment earlier up in this thread. I responded to it, but will it help? Probably not. Words like this fall on deaf ears.

When you're liquored up, I suggest reading the following (because it's really depressing to read when you're sober):

Dictator's Handbook and Little Brother. Little Brother specifically addresses why your words may fall on deaf ears.

Also, the sequel, Homeland, and other books by Cory Doctorw, including Pirate Cinema, For The Win, and Makers (maybe not highschool appropriate).

Also, the sequel, Homeland, and other books by Cory Doctorw, including Pirate Cinema, For The Win, and Makers (maybe not highschool appropriate).

Also, the sequel, Homeland, and other books by Cory Doctorw, including Pirate Cinema, For The Win, and Makers (maybe not highschool appropriate).

http://craphound.com/littlebrother/download/

FREE BOOK. 136 Pages PDF. Other formats also available.

3-D printers have enormous possibility and it's very important that they are left unregulated and unfettered. So what's the first thing these idiots do? Proof of concept home made guns during the government's gun-control-spree. For interesting fiction regarding 3-D printers read the following stories by Cory Doctorow:
Makers A lengthy and excellent novel which you can download for free in any format.
Printcrime a short story about copywrite on printed goods which is very to the point. It is contained entirely on this short page along with its license.

3-D printers have enormous possibility and it's very important that they are left unregulated and unfettered. So what's the first thing these idiots do? Proof of concept home made guns during the government's gun-control-spree. For interesting fiction regarding 3-D printers read the following stories by Cory Doctorow:
Makers A lengthy and excellent novel which you can download for free in any format.
Printcrime a short story about copywrite on printed goods which is very to the point. It is contained entirely on this short page along with its license.

Thank you Cory Doctorow.

The old spam solution form at http://craphound.com/spamsolutions.txt covers most of the solutions being proposed here.

        http://craphound.com/spamsolutions.txt

Common spam problems such as "Ease of searching tiny alphanumeric address space" and "Jurisdictional problems" translate easily to the common password problems of "sending passwords via email is inherently insecure" and "requiring unique passwords for each trivial new website creates enormous keychains that are not safely portable to new computers or software clients"..

The old spam solution form at http://craphound.com/spamsolutions.txt covers most of the solutions being proposed here.

        http://craphound.com/spamsolutions.txt

Common spam problems such as "Ease of searching tiny alphanumeric address space" and "Jurisdictional problems" translate easily to the common password problems of "sending passwords via email is inherently insecure" and "requiring unique passwords for each trivial new website creates enormous keychains that are not safely portable to new computers or software clients"..

Maybe... but Cory is dead against it and has not used publishers that insist on adding it to his books. He is vocal about it on BoingBoing. He also goes so far as releasing every book free on his website in epub, pdf, html, etc. on in drm-free.

Somewhere at my last job, there was a Solaris 8 machine with over 4000 days uptime, that everybody hated to do anything with, but one person loved it and refused to migrate the last service that was still on it to something more modern.

Uptime is irrelevant for an individual server, anyway. If there's fail over (and there should be if uptime is important), take it down and update the kernel for security reasons, who cares?

It's like Cory Doctorow said in When Sysadmins Ruled the Earth:

“Greedo will rise again,” Felix said. “I’ve got a 486 downstairs with over five years of uptime. It’s going to break my heart to reboot it.”

“What the everlasting shit do you use a 486 for?”

“Nothing. But who shuts down a machine with five years uptime? That’s like euthanizing your grandmother.”

See also Scroogled by Cory Doctorow (translations)

Wow, Microsoft appropriating the name of someone else's pre-existing work in a particular domain, particularly when that domain is the criticism and commentary on a near-monopolist, and the original author is one of the most vocal and prominent proponents of copyright and other IP-related reform. I think my irony meter just exploded.

See also Scroogled by Cory Doctorow (translations)

Wow, Microsoft appropriating the name of someone else's pre-existing work in a particular domain, particularly when that domain is the criticism and commentary on a near-monopolist, and the original author is one of the most vocal and prominent proponents of copyright and other IP-related reform. I think my irony meter just exploded.

Apologies to the author of the original(can be found at http://craphound.com/spamsolutions.txt):

Your law advocates a

(x) technical (x) legislative ( ) market-based ( ) vigilante

approach to fighting piracy. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

(x) Legitimate bittorrent uses would be affected
(x) It is defenseless against VPNs
(x) It will stop piracy for two weeks and then we'll be stuck with it
(x) Users of netflix will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from pirates
( ) Requires immediate total cooperation from everybody at once
(x) Many internet users cannot afford to lose business or alienate potential employers
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(x) TOR endpoints in foreign countries
(x) Asshats
(x) Jurisdictional problems
(x) Unpopularity of net restrictions
(x) Pop-up blockers
(x) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of piracy
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
(x) Dishonesty on the part of pirates themselves

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) IP headers should not be the subject of legislation
(x) Blacklists suck
(x) Whitelists suck
(x) We should be able to watch youtube without being permanently disconnected from the net
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Why should we have to trust you and your servers?
(x) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
(x) I don't want private corporations suing me for downloading my own files

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

If you are interested in meeting someone who knew Aaron personally and ask questions, I suggest you attend a great and free talk by Cory Doctorow. There will be a discussion about Aaron Swartz. Specific details are here: http://craphound.com/

Saturday Feb 9th in Salt Lake City, UT http://www.cityweekly.net/utah/event-141058-cory-doctorow-signing-and-reading-homeland.html

Sunday Feb 10th in Tempe, AZ http://events.azfamily.com/Cory_Doctorow_Homeland/269560116.html