Free Web Hosting a Fount of Malware

daria42 writes "It looks as if free Web space services are increasingly being used to host spyware, with Internet security firm Websense claiming more of such dodgy material was found on free hosting services during the first two weeks of July than in May and June combined. "These fraudulent, free personal Web sites have an average lifespan of two to four days, making them difficult to trace," said an executive from the company."

What are you gonna do?

[gbulmash]

Free sites are used as gateways to all sorts of dodgy propositions... malware, porn spam, etc. It's because they're so easy to get with fake identity info. Maybe they record your IP address, but you can start building your site at some free hosts without even having your e-mail address confirmed, and it's possible to disguise your IP address.

I'd say that the gov't should make these companies provide more authentication, but all it would do is prove a barrier against legitimate users while the criminals would just find a way around.

Outlawing free/homesteading sites would be likely be found unconstitutional in the U.S. and it would be a big fight to remove the safe harbor provisions for such sites to make them responsible for their users' malicious activities. I really don't know what we could do at a legislative level. At a personal level, I just refuse to visit any sites at angelfire, geocities, et al.

- Greg

Re:What are you gonna do?

"I really don't know what we could do at a legislative level."

Nothing of course. Use your brain, there are more countries than yours, with different laws and everything...

Re:What are you gonna do?

[fastgood]

I'd say that the gov't should make these companies provide more authentication

Or the way privacy is going these days, charge a $0.01 setup fee payable only by credit card.

Re:What are you gonna do?

[QaBOjk]

I'd say that the gov't should make these companies provide more authentication, but all it would do is prove a barrier against legitimate users while the criminals would just find a way around.

Authentication.. how about a 'contract' stating you must actively use your free hosting account for 30days or get a penalty fee. Gives the hosting company a chance to catch up on whos doing what

Re:What are you gonna do?

[Jason1729]

So you refuse to visit any site at a big name free host.

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them. What a dangerous attitude.

Besides that, there are thousands of free web hosts just because you know the names of 10 or so of the largest doesn't mean you aren't visiting others.

Even if the majority of dodgy sites are hosted on free sites, the majority of content on free sites can be quite valuable.

As part of political free speech it should be constitutionally protected that free sites can operate without collecting personal information if they want. If the government forces personal authentication, they can track you if they don't agree with what you say. That will inhibit what legetimate messages you're comfortable posting, and it would be a serious blow to free speech.

Re:What are you gonna do?

[fireboy1919]

I think it's pretty clear that the problem is the same as spam: the opportunity cost is too low.

There are many, many things that one could do to make it reasonable. You could have them send a $1 bill, or pay a similar trifling amount through an online broker, or even require a waiting period during which content is machine-inspected for scamming.

I personally use a "free" server that pretty much keeps spam at bay by requiring a $1 bill sent through the mail in order to gain memebership.

Re:What are you gonna do?

[Osrin]

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them.

Alternately, you're saying that you have no interest in what poor people have to say.

Re:What are you gonna do?

Jesus Christ, dude.

Re:What are you gonna do?

[timmarhy]

what a crock of shit. show me an isp that doesn't provide web space with their internet account. my bet, is that "poor" people don't even use the internet due to that fact that well, sunshine, it costs money. if freehosts vanished over night i won't be sheding any tears.

Re:What are you gonna do?

[grazzy]

An couple of hours at many internet cafes cost more than a year worths of hosting simple html-files on some places..

Re:What are you gonna do?

[the+Man+in+Black]

My favorite part is the fact that he has Snow Crash on his bookshelf.

Yeah, I clicked it.

And so did you. You KNOW it.

Re:What are you gonna do?

[gbulmash]

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them.

Alternately, you're saying that you have no interest in what poor people have to say.

Actually, before these sites became such a wasteland of porn spam and malware, I stopped visiting them because they were some of the worst abusers of pop-ups, pop-unders, and other annoying advertising methods. The growing abuse of these services by spammers and other scum merely cemented my resolve to avoid them.

Sure, you lose out on some gems, but there is MORE than enough out there in the areas I will visit to compensate for what I'm missing. The amount of interesting information on the Internet increases faster than any one human can keep up with (except for my friend who, after a badly broken leg and 3 months on bedrest, came back to work and said he used all that time to "finish reading the Internet"). If my filters leave out some valuable voices in the free-web-o-sphere, I've still got LOTS of interesting and valuable choices remaining.

- Greg

Re:What are you gonna do?

[uncoveror]

"Free" web hosting has never been free. I have tried several of them to cut costs for uncoveror.com, and they all fed pop-ups, many of which pushed spyware like gator and bonzi if they were not closed carefully. I would rather pull the plug than do that to readers, so I went to paid hosting. Last time I checked, none of my banner or text ads fed spyware.

Re:What are you gonna do?

[kz45]

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them. What a dangerous attitude.

Besides that, there are thousands of free web hosts just because you know the names of 10 or so of the largest doesn't mean you aren't visiting others.

honestly, it's not even worth it. The providers of most of these "free web hosting" accounts load each "free" site with popups and advertisements. That alone will make me stay away from those sites.

Re:What are you gonna do?

I, uh, can't find that on the self. You know, because there's a penis in the way!

My CAPTCHA is "pensive." Snicker, guffaw, snort.

Re:What are you gonna do?

[khedron+the+jester]

You made me click on the link just to find out you were lying. Thanks.

Re:What are you gonna do?

[Schemat1c]

So you refuse to visit any site at a big name free host.

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them. What a dangerous attitude.

No, he's saying that these tend to be the sites that try to install spyware and such. I stay away from them myself for the very same reasons.

And if you are too poor to have a web site posted why not post your views on forums or blog comments. It will be seen by more people anyway.

Re:What are you gonna do?

Have you visited a geocities webpage in the last 10 years? I challenge you to find a useful site hosted on geocities with valuable information (no tin-foil hats) and that doesn't use one of the following:

#$!@#$ blink tags
black or high contrast backgrounds of thier favorite cat/dog/snake/gerbil/actor/whatever
an under construction sign
background music
multiple dead links

Re:What are you gonna do?

[rudydog]

The thing is it would hurt a lot more legit sites. Everybody does not have a credit card.

Re:What are you gonna do?

[DavidTC]

Oddly enough, I also refuse to accept pamplets on the street from people who cannot afford to have pamplets printed.

Of course, that's rather self-policing.

However, there are plenty of free ways for people to get their opinions out there. Community sites galore, with blogs and journals and all sorts of crap. This isn't 1998, where everyone was blogging pictures on their cats on Geocities, before we knew what 'blogging' was.

But if someone wants to put up 'a website', they can spend the absurdly small fee for five megs of space at a real webhost. Someone I can learn the identity of needs to be standing behind what a site is doing to my computer, or be otherwise trusted (Well-known pseudonym.), or I will not knowingly go there.

That isn't the same thing as knowing the identity of the person providing the content. The content can be anonymous as it wants.

But if the site tries to harm my computer, there better be someone I can point at, or at least someone who has to walk away from their hosting account.

And, frankly, geocities and other free hosters should be more responsible. For example, they shouldn't allow executables without some confirmation of identity, and, no, email does not count.

Re:What are you gonna do?

SOMETHING AWFUL DOT COM

Re:What are you gonna do?

[Jason1729]

The public library provides free web access, but not webspace.

You have blinders on.

Re:What are you gonna do?

[dotgain]

Everybody cannot speak English.

You're typing with all ten of your fingers! Slow down, cowboy! You're typing with all ten of your fingers! Slow down, cowboy! You're typing with all ten of your fingers! Slow down, cowboy! You're typing with all ten of your fingers! Slow down, cowboy! You're typing with all ten of your fingers! Slow down, cowboy!

Re:What are you gonna do?

[dotgain]

You're AC anyway, so I don't know why I'm bothering, but yes. they exist. I haven't got any directly bookmarked, and can't be stuffed digging through them to find the urls, but lately while researching Electronic Fuel Injection specifics, I've read a couple of great geocities pages.

There was nothing to download, no b/g music, okay the html was pretty boring, but very easy to read. And that's exactly what I was there for.

And there's dead links everywhere, man.

Re:What are you gonna do?

[dotgain]

I personally use a "free" server that pretty much keeps spam at bay by requiring a $1 bill sent through the mail in order to gain memebership. Yeah, I can't see where a spammer would get a dollar from.

Re:What are you gonna do?

[Vlad_Drak]

Other commercial hosts are in no way less susceptible to identity issues than most free sites. Also, consider that commercial web hosts offer more of an attack footprint as they'll allow any random script to be uploaded (or host phpBB, etc). I worked for years and years in a senior technical role at one of the top three web hosts, and it's a very difficult job to ensure security across thousands of Linux and Windows boxes with all the mess that's out there. People that run their own dedicated servers are ever worse, as they're probably not monitoring their abuse@ mailbox at all. That mail will go upstream to the hoster's abuse box, which is already overloaded and understaffed. Someone's got to call the customer and get authorization to look at (usually for a fee). At least the free hosters probably have to just update a DB record to shut it off.

You cannot hold the hoster (free or not) responsible for the users, for many reasons. Hosters already have tight margins, and you'd be asking them to remove features and add expensive head count. I'd love to see Capitol Hill trying to draft a bill that doesn't obliterate the hosters without subsidies of some kind. That is, if they could understand the problem. I can see it now:
 
"Script interpreters must be compiled so as to not allow outbound socket connections without a valided National ID record"
 

Re:What are you gonna do?

[ErikZ]

Alternately, you're saying that you have no interest in what poor people have to say.

Well yeah. I'd hate to think that somewhere, a guy is working on his "free hosting" webpage instead of getting a job to cover the 7$ a month hosting bill. If they can't figure out how to make just a paltry sum, or have a friend host them, I seriously doubt they have the brainpower to say anything interesting.

Re:What are you gonna do?

[fireboy1919]

A dollar, a stamp, an envolope, and the need to fill them all out by hand are all part of the cost.

Doing that with the latency of snailmail certainly sets the opportunity cost too high for a site that's going to make less than a dollar.

At the very least, it separates the wheat from the chaffe: spammers won't use it because it costs anything, and they can get a site from the totally free content providers, whereas honest people will use it because the quality of service is so much higher than a spam-allowing service.

Re:What are you gonna do?

[dotgain]

I heard spammers routinely paid up front for dial-up access, knowing full well they'd get cut off eventually, and sooner than the time they'd paid up front for, just to get another account to pound the spam out from.

No, you don't do well trying to make it sound like putting a dollar, stamp, envelope, pen and paper together is a difficult exersize by any means. Latency of snail-mail, oh save me! I'm sorry, but I find you thinking the $1 fee fends off the spammers to be rediculous. Who ever said spammers won't use something if it costs something.

Re:What are you gonna do?

[MysteriousPreacher]

The host must bear some responsibility. When my guestbook was being screwed by malware hosted by Everyone's Internet, I didn't want to contact the spammer. The spammer knew exactly what they were doing so why should they do anything. I wanted the host (a seemingly legitimate business) to stop their facilities from being abused.

Little did I know that I would spend a good few months engaged in a one-way conversation with the host before the spam finally stopped. I strongly believe that in this case, it wasn't just being overworked, it was a piss-poor attititude to support.

Re:What are you gonna do?

[Kijori]

The point isn't that it costs something so much as that it can't be done using only a computer. Spammers are most likely to use free hosts where they can get 1000 accounts in a few seconds with a script; after that come the sites for which they have to type in the letters from a picture. Only once all those are exhausted will the extra effort to post a dollar be justified, and by preventing them from operating thousands of accounts easily, for free and most of all quickly, we would stop a lot of the spam completely.

Re:What are you gonna do?

Oh, right, the government of the web. Silly me, I thought it was - get this - international! What a prat I am!

Re:What are you gonna do?

go drink some tampon juice.

Re:What are you gonna do?

[SComps]

And there's dead links everywhere, man.

Why yes.. yes there are. Just like there are criminals all over the place too, but largely higher concentrations of them in the seedier areas of cities and such. I avoid those seedier areas as well. Hell I wouldn't care if Einstein himself lived in the middle of a crime ridden city. I would't visit. That boy would be on his own... although he seemed a pretty smart guy and probably would have left on his own. On the other hand, having a high IQ often leads to insanity as is proven here on slashdot day after day.

I for one will be quite happy to live out here in the country and take my chances with the 2 or 3 neighbors I can identify while I wander the web in search of signs of alien life. Jesus I hope geocities doesn't mean "hot teen sex" in martian.

Re:What are you gonna do?

[Robmonster]

That means you're saying people only have a valuable opinion or can provide useful information if they're willing to pay you to listen to them.

No.

You're saying that you value your PC safety too much to visit sites in a bad neighbourhood.

Re:What are you gonna do?

why should i bother listening to what they have to say

Because I love Ayanami Rei.

Re:What are you gonna do?

[Sax+Maniac]

Alternately, you're saying that you have no interest in what poor people have to say.

Only here in the US do we consider people who have enough money for a phone, computer, a place to put them all, electricity, and an ISP connection "poor".

Poor people don't play with computers. They are trying to eat and find a place to live.

Re:What are you gonna do?

"Everybody does not have a credit card."

Not everyone with a credit card wants to trust it to the first web host they come across.

Similarly the crooks have no compunction in using stolen credit cards.

Only last so long

Next thing you know, the malware authors will just host stuff from infected PCs. I'm sure you can run a basic web server pretty easily.

Re:Only last so long

[KiloByte]

Exactly.
Banning free hosting or requiring registration won't accomplish anything. Of course, this fact won't stop the politicians from throwing another rock against free speech.

Re:Only last so long

[Anakron]

Its equally easy to check if your machine has port 80 open.

Re:Only last so long

[Virak]

Yes, because I'm sure they would never be so dishonest as to use a different port!

Re:Only last so long

[Anakron]

That wasn't my point at all..
I was thinking about port scanning in general

Re:Only last so long

[madscientist003]

I would imagine it would take more time and energy than most malware authors and the like would hope to expend. Most infected PCs are using a DHCP lease for their IP address, whereas the free hosting sites allow you to have a static URL for your storage and distribution needs. It's the motivation shared by spammers; expend very little energy, send out tons and tons of spam/malware, and some of it will stick. It's simply not worth the extra effort.

Re:Only last so long

They already do, here is an article from nearly two years ago:

http://www.wired.com/news/business/0,1367,60747,00 .html

Re:Only last so long

[dotgain]

I was thinking about port scanning in general

read: missed the point completely, and piped up with a completely offtopic aside note.

If "that wasn't my point at all", then why reply to someone with something that wasn't his point at all?

You surely don't believe that the sort of person running an infected pc running some sort of httpd is the same person that regularly port-scans his own machine and knows what should and shouldn't be open, do you?

Re:Only last so long

[shadowmas]

its easy for you to check if your machine has port 80 open. but then i doubt any geek on slashdot would not notice his pc becoming a zombie machine. but most computer users arent slashdot geeks. they wouldnt try browing http://localhost./ hell they wouldnt even know what localhost or what a port is. most people dont even know about spyware. just take a look at how many people open exe or other executable attachements that they get from email.

closing free webhosts would achieve nothing. it would just be like microsofts activation scheme which does nothing but hinder the legitimate users pirates have cracks which allow them to do anything they want with the OS. free webhosts are usefull they are (mostly) easy to use. most not web savy but otherwise skilled people put very usefull information in those site.

Free?!

I've been paying GoDaddy to host my Malware all this time?!

Re:Free?!

[seanvaandering]

I've been paying GoDaddy to host my Malware all this time?!

God dammit! Is that why my damn server always runs so slow lately?

Ban Geocities.

Free web hosting doesn't provide anything useful to the web community. In fact, according to all 800 blogs that TrackBacked this story this morning, the whole notion of "free web hosting" is ridiculous. Everything can be instead posted on a variety of topical and coagular fora. If you have something meaningful to say, you buy cheap web hosting.

Suprise, suprise.

[rmccann]

Spammers and crackers abusing free internet facilities?! Perish the though.

Re:Suprise, suprise.

[robogun]

It used to be the freehosts themselves distributing spyware... some still do... visit any free page on 0catch.com for free VX2 betterinternet, epilepsy inducing banners and popups that defeat ANY blocking.

Re:Suprise, suprise.

[SCVirus]

This article only talks about malware... because malware spreaders are the bottom-feeders of internet crime. Real spammers use carded web hosting, roots (which are sold) and occaisionally a botnet.

How to trust ANY new web service?

[Ohmster]

It's not just fake hosting services with malware and other phishing scams. It's getting so that one gets suspicious of any kind of new service that crops up on the web. The other day, I got excited seeing this service that promised to turn my blog contents into a printed book. I tried it, but then got worried that it was a phishing scam. And cancelled my attempts to use the service. What does mean for the promise of "web services" in general? More on the "blog into book" experience here: ahref=http://mp.blogs.com/mp/2005/07/s_11.htmlrel= url2html-21790http://mp.blogs.com/mp/2005/07/s_11. html>

Re:How to trust ANY new web service?

Fixed link:
http://mp.blogs.com/mp/2005/07/s_11.html

Re:How to trust ANY new web service?

[Ohmster]

thanks AC! My bad.

Re:How to trust ANY new web service?

[pentalive]

This is pretty bad, I was applying for a job - I was contacted by someone who said they were with a large employer here in CA, after some short question and answer they emailed me some forms that I was to print out and fill in, and fax back. Part of the process before any real interviews was a "background check" form. That form had everything an identity theif needs, ssn, old addresses, Jobs, Date of Birth all kinds of thinks. That added to the fact that these people's email address differed from the employer the said they were from.. It turns out that the applications and the Job was on the up and up, but I wonder...

Re:How to trust ANY new web service?

[madscientist003]

I think this is a very good point, in that the Internet robs one of many of the faculties one would use to reach a decision in "the real world". I would imagine one has to rely more on known brands, and what those known brands would recommend. Seeing Yahoo! or Google become involved in a particular service usually lends that service some credibility. Usenet is also useful for viewing shared feedback about these sorts of ideas. Scammers and phishers are always looking for the easy way out; it's the honest people who have to put in the effort.

Re:How to trust ANY new web service?

[patio11]

That would be a NASTY phishing scam.

"Hello, we are Human Resources Solutions International. One of our clients has contracted with us to process your recent job application. You have the option of either waiting for our letter to arrive via registered mail or entering your data in our secure web server located at https://www.scamyourbuttoff.com./ Please note that your application cannot proceed until we have completed our investigation, so it is in your best interest to respond promptly. Thank you and if you have any questions about your employment process please mail Mary Jo at nevergetareply@scamyourbuttoff.com."

Fire that off to 100,000 people and I'll bet probably half of the ones actively doing job searching will go to your website without a second thought.

Re:How to trust ANY new web service?

[dotgain]

Out of 100,000 people, how many do you think would be job-searching? Fuck-all I'd say.

How many responses would you get at your phishing site?

Half of fuck-all.

Re:How to trust ANY new web service?

[patio11]

Figure on an absurdly low 3% unemployment rate with 50% of those actively searching (which is absurdly low given that the government only defines people as unemployed if they are actively searching, but we'll say for the sake of argument that some people are telling the government they're looking diligently while eating cheetos in their underwear and bemoaning the unfairness of life), that means the scam would snare 750 people. Thats a pretty nice click through rate, wouldn't you say, when every click is worth a couple thousand dollars.

Re:How to trust ANY new web service?

[dotgain]

I've got no problems with your 750 click through figure, that's fine.

But $2,000? What information is Joe Sixpack going to give a recruitment agency on a job application that's worth $2000 to them? Okay, you do go into a little personal detail on an application, but nothing like bank details, because you're not on the payroll yet.

Unless, OTOH I've missed your point, and you were perhaps indending the click-thruers to download some spyware to infect them with. While I can see a rate of return on this, two grand per infection?! Please elaborate, my friend.

Re:How to trust ANY new web service?

[WhatAmIDoingHere]

I'm pretty sure that with your SSN (people love throwing these things around online) and enough information to apply for a credit card in your name is worth a few thousand.

Re:How to trust ANY new web service?

[patio11]

Social security and address allow you to open up a bank account/credit card in someone's name. For that matter, it is enough to social engineer your way through any bank call center in existence ("Hiya, Bank of America, this is Joe Smith. I'm trying to log onto your web site to pay some of my bills but they're telling me my account number is wrong. The number I've got written down is 2342-12342-4532. *waits for number to bounce* Really? Well, I guess I must have the wrong number. So many numbers to remember nowadays, honestly, can't keep them all straight. Could you look mine up for me? *waits* Social security number? Sure thing. 123-456-7890. *waits* Thanks very much Betsy, you've been very helpful. Have a nice day.")

If Bank of America says you don't have an account with them: "What? Thats funny. I thought you guys aquired my bank, you know, First National of . Wasn't you? Well, I'll ask my wife, she'll know. She's always been the smart one with the finances. Sorry to waste your time, Besty. *hangup* Hiya, Citibank, this is Joe Smith. I'm trying to log onto your web site...".

Re:How to trust ANY new web service?

[dotgain]

Right, I wondered if it was anything to do with the infamous Social Insecurity Number. I'm from New Zealand, and we have no such thing as a number that we're not only required to give our employer, educational institute and the guy at the lights washing windows, but allows someone else to impersonate us simply by posessing it.

To open a bank account here we need real identification.

Re:How to trust ANY new web service?

[baadger]

"Real" identification doesn't really exist, from the offset it's based on the trust of someone you (as a service provider) don't know or trust yourself.

For example:

Here in the UK to obtain a passport all you need is an address, to fill out a form, a british birth certificate and someone reputable (like a doctor, teacher, or your boss) to sign a photo to verify it's you and they trust in your identity.

You can order birth certificates online from the GRO for £11.50 with minimal information (name and place of birth). In todays world there is still no enforced requirement to have bank accounts or deal in anything but cash, have a telephone line, etc and I can't see what there is to verify some applications against.

Good 'social engineering', cunning, and a well chosen target from the right demographic and you can steal someones identity fairly easily.

Re:How to trust ANY new web service?

[bluGill]

Most is my guess. I have a good job, but if someone offered me more money I'd leave. I've taken time for pre-interviews. I haven't had an offer yet, but if I get one I'd consider it. I won't say that I'll change jobs, that depends on many factors (money, where they are located, how interesting the work is, how ethical the company is, and some other factors I can't think of right now)

So if I got this message I'd consider filling it out.

Re:How to trust ANY new web service?

"Here in the UK to obtain a passport..."

Have you actually signed a UK passport application/photo for someone recently?

One of my friends asked me to, and being an ex-government scientist, I read the blurb, thought yes I qualify as "reputable", and signed to say "looks like my friend, and her daughter & son".

Suddenly the powers that be were taking a very keen interest, and sent me further paperwork to further prove my own identity, and certify that I did indeed sign a passport application.

I'm sure it is normally a "trivial" process, and I suspect it may be because there were young children involved, but I do believe that there is some sort of background check performed on the person who signs such photographs.

As such I bet they prefer doctors, because they can just cross reference data against the list of authorized medical practitioners. But the doctors tend to charge for a signature on anything like that these days.

But yes ultimately we all come into the world pretty much all looking like Winston Churchill, and there really isn't that much difference, except through what we do to distinguish ourselves. Thus ones identity is entirely what ones makes of it.

Who would have guessed???

[chia_monkey]

Who would have guessed that the shady people who build sites to send their crap around wouldn't want to pay for a legit hosting setup? Profound!

Re:Who would have guessed???

[Anakron]

Considering that it is in their best interest to make their scams believable, I'm actually surprised that they would refuse to pay for legit hosting. I'm guessing hosting costs are a tiny portion of the profit they expect to make.
Of course, these idiots who use free web space are probably bottom-of-barrel scum.

Re:Who would have guessed???

[superpulpsicle]

The dilemma is... if they got rid of free hosting. Then only those who can afford $$ monthly hosting bills can host. It's tough to shoot for democracy when only people with money can have a voice online. Let's not tear down the tree and the whole neighborhood due to a couple bad apples.

Re:Who would have guessed???

[generic-man]

Only people with money can get on-line. The vast majority of blogs and forums out there (Slashdot included) are populated entirely by people wealthy enough to afford an Internet connection of some sort. You don't see working-class people at the library updating their politiblogs because OMG did you see what Koz said this morning about the deficit what a total wonk I am totally trackbacking him right now!!!

Re:Who would have guessed???

[droptone]

Only people with money can get on-line.

I hope you're not serious. They have these nifty little places called libraries. They used to house only books, but now they usually have public internet access as well. I guess your statement has some intuitive force, but you ought to think before you make such broad generalizations.

Re:Who would have guessed???

[NineNine]

You're talking about a barrier to entry that's no more than $10/month. The thing is that that tiny payment, like email, would put the vast majority of jackasses out of business. I personally don't ever visit any sites hosted on free services just for this reason. If what somebody has to say isn't worth the cost of a $10-$15 monthly bill, then I'm not interested.

Re:Who would have guessed???

[British]

Don't numerous ISPs throw some free web page space, quite often WITHOUT pop-up ads or such ad-related garbage?

I mean with Comcast and its millions of customers, you get some web page space to hotlink images, etc. Sure, you can't do certain questionable web pages(hacking, porn, etc), but still it is included with the cost of your monthly bill.

Heck, even AOL has web page space.

Again, if there's malware being sent out on free web page sites, perhaps its time for them to go.

Re:Who would have guessed???

[Proney]

Even if they get rid of free hosting, you can find something pretty close -- http://www.nearlyfreespeech.net/. As long as what you're saying doesn't use too much bandwidth, you can run a site for ridiculously little.

Re:Who would have guessed???

[Have+Blue]

This is why the first amendment is more properly phrased like this: You have the right to speak, but you do not have the right to be heard. There is, likewise, no obligation to facilitate the speech of others.

If it's not feasible to give away web space for free, for whatever reason, it will disappear, the same way free dialup accounts and AllAdvantage disappeared. There is no "they" here, only the collective actions of every ISP and web host in the world. They don't let you on the radio or on TV or in newspapers for free, why aren't you complaining about that?

Re:Who would have guessed???

[generic-man]

I mentioned libraries in my post, which you clearly didn't read before you

needlessly blockquoted

it in part. My point is that people at libraries do not immerse themselves in forums and weblogs to anywhere near the level that you or I can. The web as a medium of discourse remains devoid of working-class people who don't have the liberty to dick around on the web at the library like you or I do during working hours.

Hey, but tell me some more about these little places called libraries. Do they have paperback books? I don't like hardback books. Be sure to use lots of sarcasm. Everybody loves sarcasm. It makes you seem so witty and smart.

Re:Who would have guessed???

[gravteck]

This is extremely short sighted. When I graduated high school I had a decision to make. Proceed onto college at a very good and prestigious school, or continue my life of amateur and professional ski competitions (err... the stuff you see in the X-games if you watch that kind of thing). I chose college because I didn't know where I'd be at 30 after a skiing career. Most of my friends went the other route. For three years many of them have been in various ski bum situations where they are homeless living out of a van, or going couch to couch. Internet forums, postings, and bloggings via the public library were the only way for my friends to stay in contact with the outside world and keep up to date on competition updates or aiding the search for sponsorship opportunities. Conversely if you were someone who was out of work and money was tight. You might use the library to search for work, or keep a resume or blog on free hosting in order to better chances (however small) at future employment.

Re:Who would have guessed???

[1u3hr]

. If what somebody has to say isn't worth the cost of a $10-$15 monthly bill, then I'm not interested.

I have many, many bookmarks to free sites where some enthusiast has his free software that does exactly what I need, technical guide to some obscure hardware, old TV show, author, etc, etc. If they had to pay to keep it online, most couldn't justify it, or would have to load it up with even more banners, popup etc (though the return on these for a low traffic site won't cover the costs these days).

Re:Who would have guessed???

Here's a quick test to see if you're poor:

Do you own skis?

If you do, THEN YOU ARE NOT POOR. You are slacker living off other people, probably your parents. Being poor and being too lazy to hold down a real job are not the same thing. I'd wager your "ski bum" buddies spend more money on transportation, competition fees, and entertainment than your average farm worker makes working 14 hours a day.

Your friends could easily return to the land of free housing and broadband internet with a single collect call. As long as you have that CHOICE available, you can never be poor. And as long as you have that choice, then you can CHOOSE to come back home, get a real job, and PAY for a real website. You'll get no sympathy from me.

Re:Who would have guessed???

[DavidTC]

There are plenty of free blogs and whatnot, so even if it's not worth 10 dollars a month they can get heard.

They just don't get to make a website.

Re:Who would have guessed???

[gravteck]

The assumptions you make in this reply are ridiculous. If you own skis you are not poor? This assumes the skis are recently bought. Of course you totally ignore the possibility that they were owned before someone was a ski bum. Slacker living off other people? Tell this to the hundreds of ski bums who spend their nights working restuarant jobs to make rent in the small apartment they usually share with 4-5 other people. Come back home? You assume their parents support them being ski bums... I can tell you that this is definitely not the case. This makes it sound like any struggling artist or writer who is out living in a similar manner doesn't have it rough because they could easily just return home. Besides, who says these ski bums, or artists, or writers are complaining. They're attempting to live their dream! The fact that free hosting services help legitimate people who are currently financially strapped is a postive thing! The fact that people always have a choice to lead a different life that may be more financially secure is a piss poor argument for requiring payment for web services. The world would be pretty stale if everyone only took paths that were financially conservative from a well-being standpoint.

Re:Who would have guessed???

If they can't afford $5 a month for a basic hosting service, then I think they should spend more time earning money and less time "having a voice online".

Most poor people are poor due to waste and apathy: they waste their time doing non-productive activities; they waste their brains when they're young (and so grow up under-educated); they spend their money on cigarettes and booze. They won't get a job because that would involve time and effort.

Truly there are people who are poor yet work hard, sometimes doing 2 or 3 jobs. They may think it impossible to get out of their situation. But the situation most likely came about because (a) they didn't educate themselves when they were young and (b) they won't educate themselves now. It's bad planning for their life.

Gandhi was poor. But he never wanted for anything. He was well-educated and he had something of importance to give. He chose to live his life for a cause rather than to earn money. If he was alive today people would be running the websites for him, because his message is important. You think Linus Torvalds pays for hosting? No, because he has an important kernel to give to the world. Poor people, if they have nothing important to say, should consider improving their lot in life rather than giving the world another useless webpage.

Re:Who would have guessed???

[antispam_ben]

Don't numerous ISPs throw some free web page space, quite often WITHOUT pop-up ads or such ad-related garbage?

I mean with Comcast and its millions of customers, you get some web page space to hotlink images, etc. Sure, you can't do certain questionable web pages(hacking, porn, etc), but still it is included with the cost of your monthly bill.

Yes, but this doesn't help those whose Net access is a free library terminal and who use yahoo/hotmail or other free webmail for email.

Heck, even AOL has web page space.

Again, if there's malware being sent out on free web page sites, perhaps its time for them to go.

That's up to the people who run those sites to decide whether not to shut them down.

OTOH, if ISP's have a lot of malware problems among their customers and believe it's coming from these sites, they can just block these sites so their customers can't get to them.

Re:Who would have guessed???

[SComps]

you still have to pay the 12 yr old to let you use the computer at the library. If you don't he'll sit there updating his website all day long. It's really crazy, but it seems that Southtrust Bank really likes to hire outside people to run their websites.

If you didn't note the sarcasm in this post, move along now. Nothing to see here. Do *NOT* click reply.

Re:Who would have guessed???

[TheSync]

I know plenty of people who are below the poverty line in the US who are Internet users...

Re:Who would have guessed???

I know plenty of people who are below the poverty line in the US who are Internet users...

How many of them have free web hosting accounts and actually put something of value on those webpages?

Re:Who would have guessed???

Be sure to use lots of sarcasm. Everybody loves sarcasm. It makes you seem so witty and smart.

Really? It doesn't seem to be working for you.

Re:Who would have guessed???

[chobu]

Well, it's clear to me how much you've thought about what you've said.

I don't know how you would define poor, but it's sounds like you have never even contemplated what it's like to be truly poor, or how many people in the world are actually poor.

I don't know, google for 'poverty' or something, find some statistics. The World Bank reckons that more than half of the world's population live in poverty (that's 3 000 000+ people).

Most poor people don't have anything, forget about a local library with free internet access.

Re:Who would have guessed???

This assumes the skis are recently bought. Of course you totally ignore the possibility that they were owned before someone was a ski bum.

No, it assumes that the skis can be resold. It also assumes that the skis are being used, probably on slopes that require payment. (Oh no, why aren't all ski resorts free?!) Actual poor people need food, clothing, and shelter, not skis.

Come back home? You assume their parents support them being ski bums... I can tell you that this is definitely not the case.

Aside from the most fucked up of families -- granted, there's a good chance you come from one of those if you want to be a ski bum -- all you'd have to do is stop being a ski bum. Get a job and live a "normal" life, complete with your own professionally hosted website.

They're attempting to live their dream! The fact that free hosting services help legitimate people who are currently financially strapped is a postive thing!

There are many people in this world who are merely attempting to live. Yes, it's great that they can have free blogs, but I'm not going to cry for them if that goes away.

Convoluted to sign up?

[Anakron]

From TFA:

They make you type in a word that has been obscured as an image to stop them from being set up automatically

Does anyone know how effective these schemes really are? Is there a study that measures how effective this is?

Re:Convoluted to sign up?

[redheaded_stepchild]

Well, according to this, they might even be TOO effective...
That may not be the exact answer you were looking for, though.

Re:Convoluted to sign up?

My bot, unreleased, has a 60% success rate on most images (though some sites I get near 0).

Basically, a lot use system fonts (times, arial, courier) and adjust that and put random stuff over it. I find that if I can get an angle of where the characters are (I try to find a bounding box arround the darkest spots) then I can simply try to match the fonts inside.

Obviously, if the text isn't all in a line, it uses fonts that don't match well to the ones I have (or characters which can be confused, m and n, l I 1, etc) then it has trouble. But in most cases it works.

So I can mass sign up for accounts. I of course wouldn't do that, I just made it to try it out. I can give more specific details to the workings if you desire.

But in generally, I find that on the sites I run, they do signficantly cut down on obvious bot signups (100s of accounts in minutes).

Re:Convoluted to sign up?

Does anyone know how effective these schemes really are? Is there a study that measures how effective this is?

They've been quite effective for me. When I tried to sign up for an email account on Yahoo, the letters/numbers were so convoluated I couldn't guess them right (e.g. is it a "z" or a "2"?), so I gave up.

wondering...

[eobanb]

I was wondering, how do these people typically register accounts with free web services? Our site was having a problem with comment spam, so a CAPTCHA test tends to do the trick basically all the time. On the other hand, I've also heard about defeating the test by starting a porn site and then taking the image and showing it to visitors and basically just having them type the right answer and they get to see 10 pictures or something. What we ended up doing was a word riddle, like "The quick brown fox jumped over the lazy ___s" or "3 + 5 = _" So if automated registering of these accounts is a problem, that's what I would suggest. Or you could surely just prohibit any files with a .bat or .exe or .whatever extension, and only allow .html, .gif, .jpg, .png, .wav, .txt, and a few more. I mean, if it's a free service, you get what you pay for. If you really need to host programs it shouldn't be too much trouble for you to buy something for $5/month. All in all this doesn't really seem like that outrageous of a problem.

Re:wondering...

[HermanAB]

Well even with riddles, you can still get real human beings to do your riddle solving for you in exchange for a few porn pictures. Reminds me of Pavlov's dog.

Re:wondering...

[gbulmash]

On the other hand, I've also heard about defeating the test by starting a porn site and then taking the image and showing it to visitors and basically just having them type the right answer and they get to see 10 pictures or something. What we ended up doing was a word riddle, like "The quick brown fox jumped over the lazy ___s" or "3 + 5 = _"

Even then, porn spammers can just show the question to users and get them to answer it. If someone is dedicated enough, they can remote any captcha to a human. The trick is to make the remoting difficult enough that they'll go elsewhere.

My answer to the CAPTCHA problem is a multi-picture deal where you have to click on photos that correspond to words in the same sequence that the words appear. Demo here.

But even that could be remoted if a spammer wanted to do the work. Heck, I developed it so I can host it in one place and then use it on multiple sites. I racked my brains for some time, trying to come up with something a spammer couldn't remote, but every idea either fell down when I put my black hat on, or wouldn't stand up in a usability test (i.e. it would be so difficult and complex to just do at my site, many people would give up).

- Greg

Re:wondering...

[poopdeville]

This doesn't sound too hard. How about a java app that checks a simple hash to make sure it was loaded from an authorized (i.e., your) site. Make it generate a hash of itself (or some essential variable that uniquely identifies your site), and establish an encrypted channel to 1) authenticate itself with the server. 2) recieve text to turn into a CAPTCHA. 3) send the user interpretation of the CAPTCHA for authentication. It might be a bit of a pain to implement, but that only has to be done once. This might even be a great open source project.

Re:wondering...

[gbulmash]

It can be defeated. It's not simple to do it, but you can.

All someone has to do is proxy the image bar and word sequence to the user (they could screen capture it if nothing else), get the click sequence (i.e. 12434), and then have a device that repeats that click sequence on your site.

See my journal for an e-mail address if you want to discuss this privately.

- Greg

Re:wondering...

[Lehk228]

a hacked java app could trivially send back the hash from the regular version of the java app.

Re:wondering...

[poopdeville]

Yes... but I'm not so sure the app would be so easy to hack. My suggestion was to use what amounts to a public key crypto system to verify the applet's consistency. This can be made as strong as you'd like. I suspect the weakness in the scheme resides not with this issue, but with the screen capture issue presented.

Re:wondering...

[hazah]

"Or you could surely just prohibit any files with a .bat or .exe or .whatever extension, and only allow .html, .gif, .jpg, .png, .wav, .txt, and a few more."

I don't know about you, but if the extension of the file causes the service to do anything, than something is just not right with the server. I mean honestly... extensions??

Re:wondering...

[Lehk228]

the hacked app could still read whatever info it needed from a legit copy of the app, regardless of cryptography, cryptography is good at making sure Alice really wrote the note that Carl told Bob Alice wrote and making sure Carl can't sneek a peek at the note before delivering it. It is near worthless trying to make sure Alice didn't cheat while writing that note, or making sure Alice can't show Carl the note.

Re:wondering...

[poopdeville]

Yes... understood. Continuing your analogy, I was trying to stop Carl from eavesdropping. But Carl can take Alice's private key by force (by reverse engineering the executable). I wasn't taking that into consideration. That makes the problem much harder, and I suspect makes variations of my "solution" impossible.

Re:wondering...

[fireboy1919]

Ah, but the key important thing that you're fixing is that the screencap thing can't be done on a free host.

But even there, you're probably getting a little more sophisticated than you need to be because of one fundamental thing: robots can't read javascript.

All you'd have to do is encase the image URL in some fancy javascript that is dependent upon destination IP address, and it'll be too difficult for spammers to use -especailly if the generation algorithm changes slightly.

It would be relatively easy to make a javascript generator such that the only way to use it would be to actually have a javascript parser. That's a bit too much work for most spammers.

Why not?

[daviq]

Why not put spy/malware everyware...your not paying a cent to get rid of it or for the company to care about their server.

Surprised?

[devphaeton]

HTF can you expect anything different?

Mod article +5 Duh.

Shit

All future flights of the shuttle are grounded until the foam problem can actually be solved.

It makes sense. The cameras on Discovery saw all kinds of junk flying off. Any of that junk, if it hit the orbiter in the wrong spot, could lead to failure of the mission on reentry.

But it is pretty disappointing...

Kill two birds with one stone.

[meezeh]

Maybe this would also get rid of the million's of those MySpace or Piczo type websites that plague the internet with the writings of illiterate 13 year old girls.


I have to agree, free webhosting causes a lot of the problems on the internet. People that don't know even the basics of HTML, or how to create a website shouldn't be allowed, because, afterall on an on-topic note, it is also easy hosting for malware/other dodgy 'things'.

Re:Kill two birds with one stone.

[keytoe]

it is also easy hosting for malware/other dodgy 'things'.

Like <blink> tags and MIDI loops.

/shudder/

Re:Kill two birds with one stone.

[wibs]

I hope you're not serious.

People that don't know even the basics of HTML, or how to create a website shouldn't be allowed

You're right, only people who already know everything should be allowed to attempt anything. Let's keep math books out of schools and close the freeways, because only mathematicians and NASCAR drivers have any right to numbers and cars. I don't know about you, but my first site was almost 10 years ago on Angelfire, and it was crap as all of them are. Then I bought books, viewed source, and have done a number of sites professionally with all that fancy high-tech wizardry I never would have even known existed if I hadn't started somewhere.

Maybe this would also get rid of the million's of those MySpace or Piczo type websites that plague the internet with the writings of illiterate 13 year old girls.

Sure, their sites might be pointless and juvenile, but I can't remember the last time I spent an hour reading a site before slapping my forehead and saying "Oh, now I understand why this sucks, it was written by a 13 year old!" That just doesn't happen, because the only people who ever end up at those sites are the 13 year olds who write them and their other 13 year old friends. This "plague" does not affect most people in the slightest, and if it affects you then perhaps you shouldn't be allowed to use the internet because of a lack of basic navigation skills.

People can be so quick to discourage and dismiss beginners, it makes me wonder how anybody ever learns anything.

Re:Kill two birds with one stone.

[meezeh]

I should've rephrased what I said.


People un-willing to learn how to create a website...


I didn't intend to say that only those who know how should be able to, because that, as you said, would go nowhere. Personally, if there was no free hosting, I would read up and learn. Sometimes I just think it's too easy for people, thus they never learn anything.

Of course, this is just my limited teenage knowledge of the subject.

Re:Kill two birds with one stone.

[wibs]

no hard feelings :)

Re:Kill two birds with one stone.

[dubbreak]

Let's keep math books out of schools and close the freeways, because only mathematicians and NASCAR drivers have any right to numbers and cars.

So do freeways only have left turns in the US?

Re:Kill two birds with one stone.

[BetterThanCaesar]

For the love of God! </blink> Aaah... much better...

Re:Kill two birds with one stone.

[Fishsticks]

Well, just remember that three lefts make a right, so you can make any turn you want to into a left turn.

Re:Kill two birds with one stone.

[Farmer+Tim]

Its a question of aptitude and time. You may have plenty of time to learn the finer points of HTML; others may have busy jobs, families, or other commitments that preclude in-depth learning of one rather technical subject which, for them, is really just a means to an end. Just like it shouldn't be necessary to learn how to design a microprocessor to use a computer, it shouldn't be necessary to know the ins and outs of HTML to produce what could be done physically with a press of a photocopier start button.

Its not that I think that people shouldn't learn if they can (and to be honest I find those who refuse to learn infuriating), just that they shouldn't have to if it isn't a priority for them. And if someone wants to stand up in public and announce their idiocy to the world, who are we to stop them?

Re:Kill two birds with one stone.

Troll eh? Americans get a little touchy about their NASCAR. It's racing in a circle people! Try watching something like F1 or even sca club car racing where they have "real" courses not circles.

Not to mention infringing files...

They're also often used to host infringing files.

I've seen some schemes where they encode the files several different ways, give it an incomprehensible name, and host each one on various free web hosts, then make you go through their voting and advertising scripts to get to the download file prompt.

Rather clever, actually. Illegal in any signitory to the Berne copyright convention, surely, but rather clever.

Another matter is that some of these hosts seem remiss to enforce their ToS. I've informed Google of many violations of their ToS on Blogger, and they've (in effect) told me to sod off because they don't actually intend to enforce it unless they feel like it. Apparently it takes a full DMCA notice or some other legal documents/subpoenas/etc. to actually get them to do a damn thing, and I just can't be arsed to register the copyrights and go through all the rigamarole to file one of those.

Then again, want to store something illegal? Blogger apparently doesn't give a damn about copyright infringement until you file a DMCA notice, so feel free to UUEncode whatever you damn well please and put it on your blog :) But don't blame me if they do, it was the Google representative who all but suggested that to me :P

You're Kiddiing?: ( +1, Patriotic )

>>Outlawing free/homesteading sites would be likely be found unconstitutional in the U.S.

Not with the current Criminals-in-command.

Thanks and have a Bush_Cheney_Rove_Rice_free-day,
Kilgore Trout, CEO

CAPTCHAs (was Re:Convoluted to sign up?)

[gbulmash]

They make you type in a word that has been obscured as an image to stop them from being set up automatically

Does anyone know how effective these schemes really are? Is there a study that measures how effective this is?

The type-in is called a CAPTCHA (an acronym for "completely automated public Turing test to tell computers and humans apart"). They can be fairly effective, but all they do is block robots from setting up an account. If I need 10 accounts, I don't necessarily need to automate it. CAPTCHAs are more often used effectively to block bulk botting stuff like blog spam, signups for free mail accounts, or other services (like whois at Netsol.com or Godaddy.com) prone to abuse and they can work well if well designed. But, again, they're to prevent robots from doing something, not humans.

Now, as CAPTCHA's get more obscured to try to defeat more sophisticated OCR elements, they become more difficult for humans to read. I recently developed one that I may use on some of my sites that uses identifying the contents of pictures. Demo here. Some of the people I've had test it said it was fun and they actually played it like a game.

- Greg

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[aliens]

Very nice and interesting idea. Any chance you'll open it up? I don't see it being hard to replicate but I am always a fan of DRY (Don't Repeat Yourself)

Best of luck.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[morcheeba]

I thought CAPTCHAs would be pretty effective, until I heard of this cool scheme to get around them:

1. Spammer X wants to sign up for 100 free email accounts at free-accounts-Y.
2. Spammer X has a small cache of porn.
3. Spammer X puts up a website to allow access to his porn & promotes it
4. To see Spammer X's porn, Joe Average must sign up at Spammer X's website.
5. Signing up involves, you-guessed-it, a CAPTCHA!
5a. Joe requests to sign up
5b. Spammer X requests an account at free-accounts-Y and gets a CAPTCHA request.
5c. Spammer X presents this same request on their website to Joe
5d. Joe solves the CAPTCHA and returns the info to Spammer X
5e. Spammer X passes that info to free-accounts-Y
6. Repeat steps 5a-5e for lots of Joes. Result: lots of email accounts for Spammer X.

As long as the CAPTCHA is not impossible, people will process them for you for almost free.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[gbulmash]

Any chance you'll open it up?

I've considered opening up the code (it's in PHP), but the photos came out of a clip-art collection, so I wouldn't be able to redistribute them. I'd have to get contributors to provide their photos under GPL.

The alternative is to provide it as a remotely hosted service, in which case I'm within the bounds of the license on the images, and since I already set it up that way for myself, expanding it wouldn't be tough.

- Greg

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[Night+Goat]

That was a pretty fun CAPTCHA! I am a human, what a relief. May I suggest that if you end up rolling this out that you make a way for blind people to do it also, like maybe they can e-mail you for access. Although since you were so informative about CAPTCHAs, you probably already had something in mind for blind people.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[steelfood]

This is a form of deterrent, not prevention. If it takes you a fair amount of time to set up 10 accounts, those 10 accounts will be worth much more to you than if it took you 10 ms to set them up, which means that you'll be less likely to use any one of those 10 accounts for activity that might result in the account being cancelled within the hour.

While the effectiveness of current implementations might be subject to debate, these things certainly can contribute to the prevention of widespread malicious activity. The other factor is how quickly the malicious accounts can be detected and removed. For freemail accounts that are used to send spam, that is very easy.

Now, whether malicious activity can be eliminated is a different question entirely, and one that can be easily answered: No.

As for your version of CAPTCHA, I think it'll be far more effective than any type of text-based system. But the two drawbacks are the need for an enormous database of unambigious images of a variety of common or at least well-known subjects.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

Now, as CAPTCHA's get more obscured to try to defeat more sophisticated OCR elements, they become more difficult for humans to read. I recently developed one that I may use on some of my sites that uses identifying the contents of pictures. Demo here. Some of the people I've had test it said it was fun and they actually played it like a game.

Sorry to burst your bubble there, but when I have no javascript enabled, all I get is a "Tell me if I'm human" button. I clicked on it and your script tells me I'm human. Even when I just typed in the validate.php URL in the browser, it still tells me I'm human. So, um. There is a serious flaw in your programming.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[gbulmash]

It's an older beta version I put up publicly for some friends to try. The current version isn't so easy, but it's not currently up anywhere I'd want to post publicly.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[robogun]

I've always been amazed at how hard a spammer will work in order to not work.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[shadow_slicer]

The problem with your captcha is that you are passing an easily cracked hash of the answer along with the script as a hidden form element.

Recommendations:
A. Your hash appears to not be very random (for solutions beginning with 32xxx the first two bytes of the hash are identical). What you need is a hash function that hashes the entire thing to produce all the bits of the hash.
B. Don't send out the answer in a computer readable form -- hashed or not. It just makes it too darn easy.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[nsillik]

There is a significant amount of GPL'd artwork out there. Any icons, etc, used in programs would work well. Check out /usr/share/pixmaps from any all-free distribution of Linux.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[patio11]

There is an even easier answer nowadays:

1. Spammer X wants to sign up for 100 free email accounts at free-accounts-Y.
2. Spammer X outsources the signup to a confederate who specializes in this service.
3. The confederate outsources the signup to five independent contractors, who in turn work at Chinese internet cafes for 75 cents an hour (three or more times the prevailing wage).

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[antispam_ben]

I've always been amazed at how hard a spammer will work in order to not work.

It used to be that spammers were both stupid and lazy. Actually, they are still stupid and lazy, but in recent years they've teamed up with not-quite-as-stupid "1334 hax0r'5" to help them with their k1dd1e scr1ptz and other such crap.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[scatters]

>like whois at Netsol.com or Godaddy.com

The stupid thing about this is that Network Solutions has implemented CAPTCHAs on their web whois interface and not the whois service on TCP 43 - it would probably break the RFC if they did. But do they honestly think that the kind who people who'd abuse their web whois don't know how to use the command line utility on just about every *NIX flavour every released.

Go figure...

Re:CAPTCHAs (was Re:Convoluted to sign up?)

That's a pretty neat approach. I see one problem with it, though. If a bad guy tries it enough times, he will get to see (and save a copy of) all of the pictures. He can then associate them with the words, and the process can be completely automated. You would need an infinite supply of images to prevent that kind of attack.

Here's a similar approach that I just came up with, which I call the gaptcha. You do a google image search for a random word, and show the top five or so results. You then ask the person to identify the pictures. Now you have a virtually unlimited supply of images.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[TheSync]

I continue to be amazed at the power of distributed computation on the Internet - especially when people are the processors, and porn is the fuel!

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[Dave2+Wickham]

You may want to take a look at Open Clip Art - public domain clip art.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[Dave2+Wickham]

Knew I forgot to mention something; Wikimedia Commons also has freely licenced art; unlike Open Clip Art, it's not all public domain, but it also has quite a few photos.

Re:Fount?

[Recovering+Hater]

I read that and at first glance thought it was a typo. But it's true that you don't see that word much. "It is a fount and or plethora of ..."

Not only that...

[SiGiN]

... but amazing numbers of doorways, low quality and tasteless personal pages, that owners like to spam everywhere, like there is no tomorrow.
(As a reference - doorways are pages optimized for specific keywords, solely for search engine, redirecting user to another site - thus name "doorway")

It is all fine and dandy, but... It doesnt necessarily means that free hosts are only evil. Free hosts serve also as great starting point for future webmasters.

Stories I submit are never accepted so...

BBC NEWS
Japanese develop 'female' android
By David Whitehouse
Science editor, BBC News website

http://news.bbc.co.uk/1/hi/sci/tech/4714135.stm

Pretty cool, eh? Sorry, it's off topic but I came across a movie and it's movement is fairly good. Maybe do one called lin-yette and let us poor chaps play around with it for a while (heh).

Re:Stories I submit are never accepted so...

[xcomm]

> BBC NEWS
> Japanese develop 'female' android
> By David Whitehouse
> Science editor, BBC News website

> http://news.bbc.co.uk/1/hi/sci/tech/4714135.stm

This is really a /. story - you are absolutely right!

Websense is a Censorship Firm

Calling them a "Security" firm is whitewashing who they really are.

read the article on Censorware.

Re:Websense is a Censorship Firm

[Winckle]

I agree, according to them my website, http://winckle.cliche-host.net/ is pornographic, despite merely being a place where I store my photoshops.

Re:Websense is a Censorship Firm

Usually that happens if your ip was once part of a porn site or more commonly an ip block that happened to be mostly porn. They have a site change request page and are usually pretty responsive (but they aren't unstupid enough to unblock privoxy)

Re:Websense is a Censorship Firm

[cianduffy]

I'd read that article, but

Access to this web page is restricted at this time.

Reason:

The Websense category "Advocacy Groups" is filtered.

URL:
http://censorware.net/reports/liza.html

Great.

Re:Websense is a Censorship Firm

I had websense at my school and I installed Tor and privoxy (it wasn't blocking it for me for some reason), and then I could completely ignore their filtering for everything. It didn't matter though since none of the sites I would go to were blocked (like slashdot) since the techs were probably spending half their time there (not counting the time playing CS)

And all this time...

[B11]

I thought these free hosting sites only existed to annoy me with endless pop-up ads.

Re:Fount?

[tidewaterblues]

Actually, fount is the British and the old poetic spelling of font. When this spelling is used, it generally means a fountain, spring, or source. Using the modern spelling, a font refers to a basin for baptizing people or holding holy water, (sometimes also called a laver), although it can refer to the old useage as well. However, I don't think the word can be used to mean "plethora".

BRAND-space in the URL.

[torpor]

this is why its so important to recognize the unique sociological challenge of the URL.

it is a namespace. thus, portions of it will be a BRAND space.

either people recognize when they are culting, or they don't. times that they do, are often predicated on the formulation of identity.

the URL is a human blank page. if you don't know the URL, don't go there...

Re:Fount?

[Compholio]

However, I don't think the word can be used to mean "plethora".

I've actually heard it a whole lot, but my parents were always big on vocabulary. At least in US English there's no "u" in font though:
http://dictionary.reference.com/search?q=font

Specifically:
An abundant source; a fount: She was a font of wisdom and good sense.

(you have to look at fount to see that the "u" is deprecated)

More info on websense

[FLAGGR]

The "security" frim websense is actually a censorship firm. For examples of their work, you can read maddox's little article on them.

Duh

[NitsujTPU]

Duh, if nobody wants your product, you probably can't afford to host it anywhere reputable.

If you could, people would just not go there anyway.

Nobody says, "Hey, lets all go to BonziBuddy.com!"

Re:Duh

[Poromenos1]

Nobody says, "Hey, lets all go to BonziBuddy.com!"

What's BonziBuddy? Let me go there. Oh, look at that cute bear! I'm installing it now, thanks!

How to trust humanity?

"What does mean for the promise of "web services" in general?"

The concept you're looking for is "cause and effect". It applies to human behaviour every bit as it does physics.

Cause___________________Effect.
Spam____________________E-Mail filters.
Copyright violations______DRM
Pshing Scams____________Lost of trust

Until humanity acknowledges this fact, and stops trying to circumvent it. We'll keep revisiting this topic with ever more tears.

news

Why is this news? That's been going on for like 6 years now.

MOD PARENT UP

[JNighthawk]

Websense was used in censorship/blocking at my high school. It was ridiculous trying to find articles on my future career (Game Programming) because most of the places I found were blocked by Websense.

Really, cuz lately...

I thought that was what drudgereport was for...

sanity check on upload

[fred+fleenblat]

I would think it possible for a free hosting site to run some sort of scan over pages as they are uploaded just to see that they are plain old HTML. Maybe even disallow links to financial institutions (to prevent some obvious phishing). Disallow CGI and form elements until the pages have been reviewed by a human.

CAPTCHA has been completely compromised

[merreborn]

Spammers simply proxy the CAPTCHA images, and re-present them on their own sites. Users of their sites then process the CAPTCHA for them, and they turn around and use the user's input to register on the original site.

For example, say compuporn.com wants free geocities accounts. compuporn.com offers free memberships on their site; when Joe Sixpack loads the signup page, compuporn.com runs a script that starts a new registration at geocities.com, and copies the geocities CAPTCA image, presenting it to Joe Sixpack at compuporn.com. Joe Sixpack puts the correct string in for the CAPTCHA, compuporn.com takes Joe's string, and uses it at geocities.com.

Viola. Compuporn.com has a new geocities account, without any OCR, and without any employees of Compuporn.com interpereting the CAPTCHA by hand.

Your CAPTCHA is not immune to this attack either.

Re:CAPTCHA has been completely compromised

[gbulmash]

Your CAPTCHA is not immune to this attack either.

Never said it was, but as opposed to a "show an image and type its contents" CAPTCHA, it requires a more complex workaround. It would defeat their standard bot and require them to code a new workaround for my specific CAPTCHA. If they did as many do, and followed the path of least resistance, they'd never go to the trouble of defeating my CAPTCHA via remoting.

My best concept for an unremotable CAPTCHA was one that used motion (like "punch the monkey"), timestamps, and other devices to force it to be solved from the page it was on by the original requester. But that could become onerous to the user.

IMO, the trick in CAPTCHA design is to create something complex enough to baffle the spammers, but not so complex as to discourage legitimate users from completing the task (registering, posting, etc.). If anyone wants to discuss CAPTCHAs with me privately, I've posted an e-mail address in my Slashdot journal.

Dead Dead Dead...

[Saeed+al-Sahaf]

Free hosts serve also as great starting point for future webmasters.

Not very often these days. Not only do free pages put serious restrictions on who the site owner can use for advert service (no link exchanges except "approved" ones, and so on), but often (geocities, yahoo, etc...) the free host spams your visitors with their own pop-ups/unders/banners/all three. And when you can get your own space for well under $10 a month ($4 to 7 seems to be the lowest I've seen), who really needs "free" hosts anymore? It's a dead dead dead business model.

In Other News...

[__aaclcg7560]

Researchers have discovered that the Microsoft Windows operating system (all flavors) has been hosting spyware, virus and other malicious crap that comes off the Internet and spreads it to other computers attached to the same LAN at a faster rate than any other time in the last 10 years. Microsoft released a statement saying that Windows does it better than Linux and encouraged all users to immediately upgrade to Windows Vista. :P

The Register has a slightly different take

John Leyden at The Register has a slightly different take on this story. Essentially Websense is a company trying desperately to sell its "security products" through a campaign of FUD and blatantly obvious "alerts". I think most people here see this as the latter, while most of Websense's target audience probably fall into the former target audience.

Re:The Register has a slightly different take

[Xjavier]

I took the Register off my ticker a long time ago; I enjoy as much reading what you guys comment as the news/article itself.

You mean "free" as in "free hosting" doesn't ...

[atrocious+cowpat]

... come free of worry?

Dang! Several of my paradigms just imploded!

I dont get it....

[joshjoneswas]

I've never understood how people can actually ESTIMATE AVERAGES. When they say "average of 2 to 4 days" i mean... well, what is it? 2, 3, 4 days? 3.2. what? ya know? Just my two cents on the whole deal. Websense is very sketchy to say the least anyway 8)

Re:I dont get it....

[djeaux]

Estimating averages is easy if you remember a simple rule: 87.23% of all statistics are made up on the spot. (And wouldn't the "average of 2 to 4 days" be 3 days?)

D'oh

[Daedala]

"These fraudulent, free personal Web sites have an average lifespan of two to four days, making them difficult to trace," said an executive from the company."

Well, of course all the fraudulent ones are going to have a quick turnover! It's not like Websense doesn't have anything to sell here. Nooooooo.

According to the article, Slashdot is suspected

Quote the last sentance in the article,

"A lot of these companies that give you free Web space make it a little convoluted to sign up. They make you type in a word that has been obscured as an image to stop them from being set up automatically -- so a person has to make these manually," said Turner.

That sounds like Slashdot and their anonymous posting code. The problem originates with Freedom. Everyone wants it, but want to force upon you what is "good" or "bad," and that is completely irrelevent to whatever action is derived from the scope of participation. Notice that all the Legislature-created "courts" are ignoring acts of tresspassing and choosing all the non-sense to rule over any particular actions? It's no longer about property theft, but thought crimes being forced upon everyone by precision of surveilance and legislated morality. I have two "Neighborhood Watch" neighbors that have forced Police Officers on me and my fellow neighbors, without regard to absolute property ownership, on what plants may be planted and wear cars may be situated when not in use. All of them are not educated on common law and when they face similar violations it is written-off and forgiven because they are such active "community members" of whatever nameless communities they claim I and others are a part of. I just want to live, inexpensively, with property I own and not lease. The moment anyone pulls a gun in support of their freedom from someone else pointing a gun at them, I'll join them whole-heartily. But whenever I immediatly think of such things, or offer my counter-militaristic support, I'm always thought slandered by words that have no context to the situation: nut, redneck, hillbilly, etc. There all a bunch of Herodian and armchair "Christians" that make me sick when Jesus himself said that prissies don't inherit whatever is the kingdom of Heaven.

When lawyers attack!

[Lord_of_the_nerf]

Maybe if we put some illegal music or video on a free service, then maybe someone will take notice.
I figure even though they're evil, even ambulance-chasing luddites have a use.

Why not go after the big fish?

[julie-h]

Malware and spyware are only the small fish in the pond.

Why not go after Google, Yahoo and Microsoft? What do you think happens when your have their toolbars installed?

Do you think they keep log files on their servers of what sites you visit or what you search for?

make it three kinds

[mbius]

There's free as in speech, free as in beer, and now free as in sex.

Funny...

[hackwrench]

I thought that ISP's that didn't provide web space with a connection account were more common than ones that did. I'm using Verizon, and as far as I know they aren't giving me any web space.

Re:Funny...

[AdamWeeden]

Login and set uup your web space

Re:Funny...

[hairyfeet]

What is this free web space you speak of?I'm stuck on direcway(which i thought was bad until i tried the local Wifi,My 12 year old nephew crashed their system with a faulty chat app)and we get no free web space,Until i switched to gmail i only had 25 megs for mail!

The difference is ...

[djeaux]

... of course that Windows isn't free.

WRONG

[robogun]

Your analogy is awful. You don't learn to drive on the freeway. Math students don't earn as they learn at places like NASA. You go on the freeway after you get your license. You go to work as a mathematician after you get your degree.

HTML students do not have to post their crap while they're learning for the world to see. They can learn all they want, just don't pollute the web with misinformation and valueless, emotional ramblings.

Re:WRONG

[wibs]

My analogy isn't perfect. Whatever, it gets the point across. In answer to they should keep their crap private, I'll just say that it's hard to advance as a designer (or really much of anything) without peer review.

Also, calling their emotional ramblings valueless is a pretty closed-minded view of things. I'm not saying I go and read those sites, but for some people they're important. Whatever makes them happy, I guess.

And finally, even if you somehow find a way to disprove both of these points, you still haven't said how some kid's blog hurts you in any conceivable way.

Re:WRONG

[antispam_ben]

Your analogy is awful. You don't learn to drive on the freeway. Math students don't earn as they learn at places like NASA. You go on the freeway after you get your license. You go to work as a mathematician after you get your degree.

HTML students do not have to post their crap while they're learning for the world to see.

I think it's YOUR analogy that can use some work.. Putting up bad websites doesn't hurt anyone (well, it may embarrass the author, but that's about it). The Web might be the best or only way for "colleagues" (classmates) or a teacher to view a student's website (or do you want to encourage the idea of HTML emails? Oh well, it's too late to do anything about that). Think of these millions of bad websites as Community Access TV: You don't have to go there.

If the proliferation of bad/sucky websites were the main online problem, Cyberspace would be a MUCH BETTER place.

The true damage to the Net by millions of incompetents isn't due to them uploading websites. If you want to save the onlilne world, force people to read netiquette, and to recognize and not forward chain letters/urban legends/etc., and perhaps even take and pass a test indicating competeny in these areas, before being allowed to send email, Usenet posts, or post to webforum/bbs sites such as slashdot.

And "Emily Postnews said I should do it" is not an excuse: one should be reasonably able to recognize saecasm when one reads it.

Re:WRONG

[Farmer+Tim]

If slashdot required netiquette and sarcasm awarenes tests, it would be a very lonely place.

<IMG SRC="//images.slashdot.org/rolling-tumbleweed.gif" >

Don't I know it!

[Pole_Position]

"These fraudulent, free personal Web sites have an average lifespan of two to four days, ..."

It's almost enough to make people go back to USENET for all their porn.

click on post anonymously and ...

Eh?

> There all a bunch of Herodian and armchair "Christians" that make me sick when Jesus himself said that prissies don't inherit whatever is the kingdom of Heaven.

I confess, I've never heard the Beatitude where Jesus says that the meek shall inherit the Earth described in *quite* that way ...

Probably by

[coyotecult]

Taking the mean and adding/subtracting the standard deviation. Seems like one good way to do it.

Spyware infecting the brain?

[snafumedia]

When we started our Dreamweaver unit in high school, and a student asked if he could just use Tripod instead of learning how to use Dreamweaver.

CAPTCHAs-Prior art.

"I recently developed one that I may use on some of my sites that uses identifying the contents of pictures. Demo here [cardsender.net]. Some of the people I've had test it said it was fun and they actually played it like a game."

So basically you came up with "Were's Waldo"?

---
The "are you a script" word for today is imagery.

Business Plan

[calyptos]

Step 1: Start a free webhosting company, that requires credit card info to verify identify

Step 2: In the terms of service, say that if you are caught spamming you agree to be charged $500

Step 3: Profit!

Yawn

[Jesus+IS+the+Devil]

In other news, the "internet" has been found to be a fount of malware...

Bleh, nonsense

Most captchas out there can be easily defeated with a variety of methods. The implementation you describe would be horridly complex. Rather pointless when you can write a robot capable of solving them as much as you want versus hooking up a system dependent on humans.

You've obviously got a lack of knowledge on how spammers operate, nowhere would you ever see a setup like this in the wild.

Huh?

[burbilog]

I cant believe that banks in US are stupid enough to let anything done without authentication. Here is Russia banks either ask you for a special password that you provide for phone communications or ask you to dial TPIN (telephone pin, which is different from PIN) before you get connected to human operator.

Re:Huh?

Here is Russia banks either ask you for a special password that you provide for phone communications or ask you to dial TPIN (telephone pin, which is different from PIN) before you get connected to human operator.

So press zero to speak directly to human operator without putting in account number or anything. There's always a way around the system, and once you're talking to a human being, convincing them is not all that hard.

Re:Huh?

[bluGill]

I forgot my password.

Seriously, identification is hard. Passwords are forgotten all the time. Everything else is nearly public knowledge. The most common way to get your password back is getting your mother's maiden name. The phising site originally mentioned would have got that as a matter of course. Even if they didn't, many women do not change their last name when they get married. As a last restort, with a little searching you can find it - marriage records are public information (as is the form mom used to change her last name when she got married). All that is required is a little leg work to collect this information.

It isn't worth it if your target doesn't have much money. I'm surprised that rich guys don't have this happen more often. It shouldn't be hard to get info Bill Gate's personal accounts, pulling 1% of his net worth would give you a nice retirement on some remote island.

Re:Huh?

[burbilog]

I forgot my password.

If you forgot your passport you have to show up in person in bank and provide passport for identification. Of couse it's uncomfortable somewhat, but it's a good guarantee against social engineering. This policy is easy to implement. I don't understand why american banks did not implement this yet...

Re:Huh?

[bluGill]

Where did I get that passport? Another poster said it better than I can, but the gist is I got a copy of my birth certificate, and then send in a couple photos. I then have a passport in your name.

Re:Huh?

[burbilog]

Where did I get that passport? Another poster said it better than I can, but the gist is I got a copy of my birth certificate, and then send in a couple photos. I then have a passport in your name.

Ugh. It's not that easy in Russia. You get your passport when you turn 16 years old (and you can't live here without passport at all without serious problems) and since then your card with your photo and other information is stored in the nearest to your home passport department (usually it's a part of the local police station). You can't do this many times because they will issue passport only in the passport department responsible for your house/flat. When you turn 30 or 45 you have to change the passport (during Soviet days they only glued new photos onto extra photo pages, but today they replace the passport issuing a new one). And no, you can't provide a COPY of your birth certificate, you have to provide the certificate itself. So it's one-time procedure and only if you are young. Later you always have a paper trail to restore your passport if you lost it, it's a messy procedure but it works. And if you came here from another country and got russian citizenship then your passport was issued by immigration authority.

This system is a heritage of the old Soviet Union, -- it's very difficult to pose as someone else when authorities check passport, because your photo is stored on your card in the passport department. Of couse forgery happens, but it's neither easy nor cheap, the almost only way to get false passport is to bribe people in the passport department. It looks like the only real identification solution in U.S. is to tell the customer to walk into the bank and compare his face with his photo stored in the database.

firstly....

[jesusfingchrist]

1) If any "free" host requires 1 cent or 1 dollar to make sure I'm for real I'm not going to use them for the following reasons.

a) no longer free, im im going to pay might as well go for a real host
b) no immediate return, could take 24, 48, 72 hrs. I want to start work NOW.
c) I got no credit card - this means I have to do all sorts of other shit to get these people that 1 penny.

2) if you remove 'free host' my money says prices for 'paid hosting' will go up at the same time quality of service goes down

Just a thought

Mod Parent Flamebait

[Robmonster]

No Text

From the Hoster's view

[Kamiza+Ikioi]

There's hosting that's free as in beer, and hosting that's free as in speech. While I know you can easily find that I've argued that free as in beer is often the more important factor, many times people over look free as in speech.

Free hosting, in promoting both free's, does a great job. Unfortunately, it just takes a couple bastards to ruin it for everyone else.

Free as in speech hosting is different. The key here is to not charge too much, and to put in place your hosting policies to afford as much privacy as you possibly can. Here is an example of what I have learned, YIAAH (yes, I am a hoster):

• Honor your customer's privacy. This means that you tell them what you will and won't provide to 3rd parties, explicitly. DO NOT BE VAGUE! If you are based in the US, explain: "If a US court orders us to reveal your identity, then by law, we must."
• Tell your customers what speech you won't allow. If you don't allow spam (I sure as hell won't), tell them. Let them know which forms of speech you support. Everyone has their limits, and for someone to find the free as in speech host right for them, this is vital information for them to know, and will save all parties a lot of headaches.
• Charge a fair price. If you can offer hosting for free, go for it. If, however, you are like 99% of the rest of hosting, charge only what you must. Don't be afraid of a little profit. Profit allows you to expand, and gets you through the slow months. Have fair refund policies. This is important, and will give you a good reputation. Bad reputations in hosting last, forever. Good refund policies are more important than what you charge. Fly by night operations tend to run by the unwritten evil-rule: NEVER REFUND! Thus, if you haggle over a refund, you will be labeled as a scammer.
• For the love of all that is holy, KNOW THE TECHNOLOGY! This is listed last, but it surely the most important. If you have never hosted before, then you probably have no clue what you are up against. You better damn well know: firewalls, trusted sources, DNS, scripting/programming, IDS, load/bandwidth balancing, and a slew of other things that I could sit here for hours listing. Above all (I'm an old school thinker), you better damn well know hacking. I mean this in the sense of black hat hard core hacking. If you don't know how they can get in, then you are at a great disadvantage to the black hats. To this point, I would add: Work with other hosters! Hosters are a usually very helpful community that works together. Fellow comprimised hosts only hurt you. From their ultra-high bandwidth comprimised machines, they can reign down terror on you. Get involved in a large community of hosters, be it by OS (linux, windows, bsd), or by variant (CPanel, Ensim, Webmin... or generic RedHat, Suse, etc.). Few are truly experts. I'm the first to say, I am certainly not an expert, and I've done this for several years now. But, I know where to go for help and advice, and I have enough technical knowledge under my belt to survive long enough to get that help.

Basically, be honest and up front, know your limits, ensure your operation is financially viable, and know your shit. Getting into the hosting business sounds a LOT easier than it really is. If you get into it for moral purposes like me (as part of a not-for-profit incorporation), it is even harder. Free as in speech hosting is NOT a cash cow. There are also few rewards and thanks. Your days will be spent not only providing services equal to other top hosters, but without the benefit of a fat paycheck (or any paycheck at all).

The rest of your time will be spent always looking over your shoulder for complaint e-mail. If you host bands, maybe one of them slips in a copyrighted song on their hosting, and one wrong move with the RIAA can shut you down. Maybe someone makes a threat via e-mail, and then you have someone demanding user identity, or trying to enforce the Patriot Act on you. Maybe a site ju

Jesus taughth no New Testament.

I hear Paul is secondary to the Jesus scripture, but ...

Paul is recorded to say,
  1 Corinthians;

6:9 Know ye not that the unrighteous shall not inherit the kingdom of God? Be not deceived: neither fornicators, nor idolaters, nor adulterers, nor effeminate, nor abusers of themselves with mankind,
6:10: Nor thieves, nor covetous, nor drunkards, nor revilers, nor extortioners, shall inherit the kingdom of God.

Jesus taught none in the alleged "Net Testament" and is shortly recorded by his compounding the existing script with precision to give glory to God. Consider His thoughts on the relevance of what people claim to be the mis-placed or antiquated "Old Testament",
  Matthew

5:18 For assuredly, I say to you, till heaven and earth pass away, one jot or one tittle will by no means pass from the law till all is fulfilled.