Quantum computers should, in theory, use almost no power, but in theory electrical computers shouldn't, either.
Computer use almost no power due to the computation. There's some waste heat inside the processor, due to electrical resistence, and it's possible quantum computers would remove some of this, but mostly computer waste power to convert voltages, run input/output devices including monitors, and to cool the system back down from all that wasted power. And there's no reason quamtum computers wouldn't have to do all that.
It is theoretically possible to built a computer, of any sort, that uses exactly as much power as its output requires. It's just not practical.
Chuck Norris has already roundhouse kicked everyone, he's just queued up the time they connect with us so the combined momentum doesn't shift the planet off course.
The time they are scheduled to connect is known as 'death'.
However, greylisting does, indeed, reduce spam. Large amounts of it. There are plenty of people who show up, try to hand you spam, and never come back.
Where these people are coming from, and why they don't come back, I'm not entirely sure. (Note most of the dynamic IPs ones are blocked before greylisting here.) My theory is that their software is crap and treats a temporary error like a permanent one, instead of retrying at the end, whcih would make sense.
A lot of spam fighting is distinguighing between real smtp software and spamware crap. People say 'That can't work, spammers can just change their behavior'...except various tests based the difference in behavior have been working for seven years or so. (And this test has the added bonus of no false positives, or only false positives in absurdly contrived circumstances, instead of merely mistaking a poorly-run server for spammers.)
As for the delay...you can minimize that by only doing greylisting during non-business hours, at least for businesses. A lot of spam is sent at night, in an attempt to keep anyone from complaining until the run is finished. Meanwhile, it doesn't matter if the business email shows up at two or three in the morning.
Um, no,you missed the point. I didn't say anything about 'technical consistancy'.
I was looking for a movie that was consistent with the original plot, characters, and dialog found in the book.
That is EXACTLY the point I addressed. The radio show and the book are not consistent, the TV series and the book are not consistent. The two radio series aren't that consistent with each other.
It will still stop spam, because it requires the same IP.
With responsible ISPs, people will not be allowed to continue spamming for an hour. (Of course, with responsible ISPs, people wouldn't be allowed to send email direct from their connection, at least not by default.(1))
But, regardless, removing the ability to pump out fifteen thousand messages in the five minutes before the ISPs catches on can only be a good thing. Whether or not people will put up with hour-long delays in their email, of course, is another issue.
Which is also why tarpitting is a good idea. To send email to my server, it takes at least thirty seconds, with an extra five second per person. Unlike greylisting, it doesn't even take any extra bandwidth, I just have pauses before responsing to their commands, and there is no noticable delay for the end user.
Granted, in theory, well-written spam software could be multi-threaded and just hold the connection open to me, waiting for a response, and continuing to spam, but that's one of the reasons SP2 added pre-process connection limitations.
And 'well-written spam software' is an oxymoron...a lot of them can't even be bothered to wait past my five second pause before I send a greeting, and 'respond' to me with helo before I even say I'm a mail server, thus getting themselves kicked for unauthorized pipelining.
Slow them down, people. It can't but help. Temporarily, until they adapt, it will reduce spam for you, and once they do adapt, it will be at the expense of the amout of spam they can send.
1) Before all those hobbyist running Linux on a dialup start complaining, I did say by default. Having to go to your ISP and say 'I want to send email, and I know what I'm doing, and I understand I'll be rate-limited to 1k a second on port 25.' is infinitely better than being blocked from almost everywhere because you are dialup. If ISPs only unblock people by request, mail admin don't need to block any of their dialup, and people actually sending mail will find it easier instead of having to plead everyone to whitelist them.
Here's a weird idea: email clients that don't let anyone open any links except bookmarked ones. (Yes, there are technical issues there, but ignoring that.)
First time you go to your bank, you bookmark the front page.
Street pimps often do beat their women, but, as I pointed out, that makes the profession dangerous, not violent. Being a firefighter is not a violent profession, and neither is being a prostitute.
Of course, the only reason that is true is 'slapping someone around a bit' is the only way to enforce contract law in the underworld. The pimp needs some enforcable means of collecting his cut, he can't go to the police or courts.
Women who live in a brothel, OTOH, rarely get injured by the management, because the money goes to the brothel and then they get their cut, so can't be holding out. (Sadly, they are more likely to get injured by a client, because a prostitute who works out of her our house or a motel will call the police if assaulted by a client, or scream and cause others to call the police, whereas a client in a house of prostitution quite rightly assumes they will not want to call the police.)
And call girls have the best of both worlds. They are away from other hookers, so none of them have any qualms about calling the police if assaulted, yet they have rates negotiated over the phone by their employer, so can't be holding out on money, even if they get handed the cash themselves.
But, anyway, high risk of injury in a profession != violence in a profession. A soldier is in a violent profession, a medic in the military is just in a high-risk one.
OTOH, being a pimp is an inherently violent profession, and it's not only towards the women. Pimps are expected to keep their territory free for their women, which requires driving off other women. The violence there is exactly the same as 'drug dealer', which they are in a sense: They must keep their product on the street, and remove everyone else's product, and threaten and eventually injury people who do not pay them money they are owed.
Simple workaround. You make some kinda virus that gets into some people's computer and sends tons of emails from there. The spammer don't pay a thing, the victim and his ISP pay it all (it's not clear in your proposition who between the sender and the recipient has to pay the third cent). I think that type of program already exists.
You apparently don't know much about spam and yet could trivially see the flaw in his brain-dead plan. Props to you for clear thinking, man.
Yes, that could happen.
Yes, those programs do exist, they are called 'open relays'.
Something like 95% of all spam is already sent that way, because of the one thing that has ever reduced spam: Blocking the sending IPs.
There are exactly three ways to spam these days:
Use IPs that people pitch a fit if blocked, because there are other people on those IPs. Aka, the 'human shield' approach. (Anyone remember the somethingawful wackout on here about that?) Spamming ISPs help here by moving unsuspecting clients and spammers around in a dance designed to leave the spammers unblocked and the clients blocked. (So they will complain about the blocks, and get them removed, so the spammers can be moved back there.)
Or be 'mainsleaze' and have a service people expect notifications from, but send spam for your service from the same server, using yourself as a shield. Like tigerdirect did in the past. There was a mailing list company named Topica that did that, and Yahoo! Groups has been accused of it.
The other, most popular way: Stealing bandwidth from others.
Which means, when the government talks about 'fighting spam', they are full of crap, because hijacking someone else's computer is a felony and has been so for two decades in most states. We didn't need any damn laws about spam. They just need to arrest the felony computer criminals.
No, what email clients need is a way to add communications that are 'official'. I suspect via a PGP key or even keeping track of the sending IP or something, and mark them as 'known sender'.
I.e., a whitelist. But the trick isn't that the client blocks everyone else, it's that they make sure the reader knows they are suspicious looking, and don't let people click links or view images or html without some work.
There are almost no ways for a client to determine if an email is legit in what it is claiming or not, that would require strong AI, but there are plenty of ways for it to determine that it's seen emails from that person before.
Possibly you could make it even stronger with a more specific category for 'business emails', where they have to be signed with PGP, and the key has to be downloadable from an ssl website, which properties the user sees in big letters before he adds it to 'known businesses'.
statically an inherently violent illegal profession
That almost pure gibberish.
So let's just break this down two words at a time:
statistically+violent: Prostitutions are not statistically more violent than anyone else. They are subject to more violence, because they don't contact the police, but that doesn't make their profession a 'violent' profession, it makes it a dangerous one, like football player. A violent profession is one where you injure others, like a police officer or a chiropractor.
statistically+illegal: Prostitution is possibly, statistically speaking, illegal, however, in many places it's basically treated the same as jaywalking, like India. I'd actually like to see evidence that over 50% of the world's population lives in the place that considers prostitution a crime, and then I'd like to see average punishments, before I'll consider it 'statistically illegal'. Each act might, statistically, be punished with a ten cent fine, once you include all the places it is not legal but never punished. That means, statistically, we think using up a gallon of gas is much much worse.
inherently+violent: Well, possibly. Some types of sex do, indeed, require 'violence', so those jobs are inherently violent. But a tiny minority of hookers work those kinds of jobs, and it isn't 'real' violence, it's more akin to surgeons, who injure people, with their consent, so they feel better. Obviously not a good idea for some people, but the same thing applies to a lot of professions, like people who don't like organic slime shouldn't be garbage men, and people who aren't organic slime shouldn't be lawyers.
inherently+illegal: That doesn't make sense, but even if there was some set of inherent rules humanity played by, like 'Don't take my stuff just because I'm not watching it.', prostitution is not against them. There's nothing inherently different between it and any other service performed for others, like cutting their hair or building their house.
That happens where prostitution is illegal, you dumbass.
It being illegal, it has no child labor laws. Nor does it have worker's comp, or minimum wage.
In addition, people employed in it cannot go to the legal system for crimes committed against them, like assault.
Go find somewhere that prostitution is legal. There are no children employed in the legal industry, and almost no black market at all. It goes from something like 35%(1) of all hookers being underaged to, like, 1% or lower. (Basically, it replaces all the 'looks 20, is actually 14' girls with actual adults. The 1% pedophile market is still there. Although it's much, much harder to find, because if there's a black market, people just ask around. People do not walk into the door of legal brothels and ask where they keep 'The really young ones'.)
Using the abuse of workers in an illegal market as a reason to keep said market illegal is possibly the fucking stupidest thing anyone has ever done. There are only two ways to stop children being exploited in the sex industry. One of them is the same way we keep children out of every other industry in existence, regulation, which requires legality. The other way would be to get rid of the sex industry, which would either involve a magical spell, or a specific surgerical operation on small boys before they hit puberty...
1) Yes, it really is that high in some places. Oh, they look like adults, but looking like an adult female is not that hard for any female that is physically tall enough, with the right makeup, padding, and hair. Guys have a lot of clues that are hard to fake, but women not so much between, say, 14 and 18. (Or maybe the issue is really the age of puberty. Some guys who are 16 can often fake being 21.)
People who don't like the movie are trying to find fault with it, because it differed from the book, or they think it's 'real' story like Star Wars and that saying 'Wait! In episode 4, Jabba was clearly established to blah blah, but in episode 2, Jabba was claimed to blah blah. We 0wnz George Lucas!'.
HHGTTG isn't a real story. It is a bunch of farcical sci-fi plots stung together with the same characters, full of satire and parody, set in a completely absurd universe, and full of very intelligent-sounding gibberish that's just fun to read.
The movie is funny as hell, but of course it's not identical to the book, as a lot of the humor of the book was not in the action, but in the text that the author wrote to 'explain' things.
However, a lot of the humor wasn't in the text, and that translated. The characters are as interesting as ever. (Yes, even Trillian. She's not interesting in the movie, but she wasn't interesting in the books either.) The situtations are still as funny. The settings are still as odd, and the plots are as off-kilter as ever. (That is, hands down, the absurdist rescue ever in the history of film.)
Now, if you thought all the humor of the books was solely due to the text and 'explainations' that Adams' gave that often made things more baffling, yes, the movie sucked. I fail to see what anyone could have done about that, sans having the movie consist of the scrolling text of the book, but more to the point I'm failing to see why anyone who thought that was the only funny part of the book would spend any money on a movie of it, or would express 'disappointment' about that. That's somewhat akin to complaining about the lack of pictures in a novelization of a comic book.
It followed the book only when necessary to keep it "Hitchhiker's".
You dumbass.
None of the versions of HHGTTG have followed the same story, or have even been internally consistent. For example: There are clear indications that Zaphod picks up Trillian before he's president, based on the timeline, but that makes no sense because he hadn't screwed with his own head yet.
Even when 'technically' consistent, they make no sense, like Adams just throwing Fenchurch away at the start of Mostly Harmless. (And then the Vogons pretending all humans were accounted for when, of course, she wasn't.) Or the idea that time travel could 'start' causing problems. Or how Marvin got off the ship plunging into the sun.
Hell, there's even a joke about that, with Arthur's randonly changing bags, which we never get any sort of explanation of.
And, incidentally, the screenplay was Adams', so if you have a problem with the plot, you have a problem with him. Someone didn't come along and butcher it after he died, he wrote the whole thing, or at least the other person writing the screenplay wrote it and he okayed it. A few lines might have been changed, and a scene or two deleted for time, but random people didn't wander in and add the whole rescue from the Vogons, or whatever you think they did.
Jesus. Completely ignorant Hitchhiker fanboys make me sick, and I'm a damn fan myself. Stop trying to make it damn Babylon 5 with dates and whatnot, and stop whinging about how the only two versions you've ever seen don't match up. It's not a real sci-fi story, it's a satire of them and their conventions.
Um, what the hell are you talking about? You don't need 'passwords' for certs unless you were entering them each time your server started, and you certainly don't need passwords for anything after they've expired.
Seriously. I've done SSL keys before. They don't expire and need a password for you to 'get back in'.
If you're smart, you've got your old CSR (cert signing request), and you can get that thing resigned. If you have misplaced that, it takes two minutes to type all the company name and stuff back in, and generate a new public key and CSR to get signed.
And you don't have to go and revoke the old key if you have misplaced the CSR. You supposedly have the only copy of the private key, so it's not like other people are running around using it. Just delete the damn thing when it expires.
Of course, you'd be really screwed if you didn't misplace the CSR and other people had a copy of it, if you got it resigned while the private key was out there, because the thief could just connect to your web server and get the new cert for the stolen key! Which I suspect is a good argument for just making a new CSR and just nuking the entire set of old keys and certs.
However, I'm with you on the inconsistent formats. Some of them will take binary keys, some of them will take a ASCII key in one file and ASCII signature of said key in another, and some of them will take them in the same file. Some will take encrypted keys, sometimes requiring a password on startup, sometimes storing it, and some won't take them at all.
Just pick a damn format already. I recommend them, as ASCII, all in the same file, because there aren't any circumstances where you'd want to hand out an unsigned key. And handing out a signature of a key but not said key is just nonsensical.
You can use the PHP native session support and write your own backend for it, thus giving you the advantage of PHP handling the cookies and rewriting the URLs, but the ability to put it in a database.
Um, suicide is attempted suicide, just like murder is also attempted murder. If they really wanted to charge a corpse with attempted suicide, they could. They did, indeed, attempt to commit suicide.
The reason the police don't do anything is that when they discover, to their satisfaction, who a criminal was, and said criminal is dead, they just close the case. No sense in charging the dead, and legally that couldn't get through the court system.
And now someone's going to go 'Why don't they charge murderers with attempted murder too, then?'. It's because you can't charge someone with two crimes for the exact same action, it's double jeopardy. You can charge someone with committing multiple crimes at once if the actions were technically seperate, but if one criminal action always includes another criminal action, you can't charge them for both, you have to pick one.
This was used with hilarious effect when some state implimented a marijuana license and a fine if you didn't have a license, when marijuana was illegal, solely to hit drug user's pockets, and they arrested someone for possession and that. He pleaded guilty of failure to buy the license, and paid the fine, and then argued successfully in court that he couldn't tried for possession, as he'd already plead guilty to possessing unlicensed marijuana, and thus they couldn't charge him with, duh, possession of said marijuana.
The state quickly repealed the license. Especially since the judge indicated that if the guy had attempted to get a license, and been rebuffed, he'd have accepted the guilty plead and thrown out the fine, as the state hadn't actually issued any licenses, so could hardly fine people who asked for one and didn't get it. And advised the defendant that, while it was legal to demand they return his now-licensed pot, that was probably a bad idea.
The affiliate people know damn well that people are spamming out their links.
There are two kinds of affiliate programs...those that bitchslap spammers and not only permanently disable their account, but strip away all money they've earned with any complaints.(1) And the kind that go 'Heh, oops, we'll disable this account for a few hours so he won't profit from the spam', and then undisable it, or let spammers open a new one, and give them all the cash they earned before the spam was reported.
People don't spam the first kind of affiliate links. It's too damn dangerous that someone will complain and they'll make no money at all, and even lose money they earned legitly.
Now try to figure out why a company would be the second kind, especially since if they were to change to the first kind, they wouldn't have to pay spammers, would make more money, and be filtered less. (System admins have started blocking the affiliate websites.)
It's easy...it's because they're for spammers. They are affiliate networks designed for spammers, often by spammers who went 'legit'. They pretend 'Oh, we can't control spammers', when other affiliate networks seem to have no problems, and they often direct clients to 'direct mailing' software, aka, illegally-owned machine abusing software.
This is pretending that all of them are affiliate networks. Some of them are just run by one person, with pretend affiliate links, so that when people complain they can just say 'A spammer! Damn, we've disabled his account, don't you worry.' and then change the number in their links and continue spamming.
Rule #1: Spammers lie.
Russel's Admonition: Always assume that there is a measurable chance that the entity you are dealing with is a spammer.
1) And, yes, sometimes people abusing this by faking spam from competitors...but it's harder than you think.
Why the hell would you bearing responsiblity for your negligence in securing your property make it less of a crime?
You still, however, acted negligently. Being negligent while operating a hospital is rather frowned upon, and at least one person should get fired for this.
And, incidentally, if the prosececution can demonstrate that anyone died as a result of this, it's felony murder.
And, of course, it's a well-known ethical principle that only one person can be at fault in something.
That's why it's ethical to blow people up with car bombs under their car...after all, they started their car and set of off the bomb. And why I've trained dogs to maul people...who the hell cares about the morals of a dog?
Um, no. I've said it before, and I will continue to say it: People who think only one party can be fault, and that including any blame on other parties absolves, in any way, the guilt of the first party, are immoral.
It is quite possible to blame the perpetrator, the hospital, and the 'affiliate' programs. The perpetrator did it on purpose, the hospital was just negligent, and the affiliate people know that people spend spam on for them, and know that most spam is sent illegally, so feel free to assign levels of guilt based on that, but the number of other people involved is completely unrelated to the level of guilt each one has.
I.e, if botnets were some sort of natural force, and the hospital got hit, it would be exactly as responsible for failing to secure its network. If botnets were impossible to prevent, the hospital would have no responsiblity, but the perpetrator and the affiliate company would have the same guilt.
We can add another hypothetical party, the person who knowingly let the perpetrator use his compujter to do this, and, you know what? He bears some guilt, and that doesn't make anyone else less responsible for their part in this. Or any more.
Guilt is, sadly, a noun. That means in English, it is possible to talk about someone having 'more guilt' and thus someone else having 'less guilt'. It is easy to fall into the trap of treating guilt like a set amount that exists and is doled out. But guilt is a concept, not a thing. It is like 'amount of sexual attraction towards'. I being attracted to someone does not alter your level of attraction, and me having responsiblity for an action does not alter your level of responsiblity at all. (The difference between guilt and responsiblity is merely a convention based on whether you wished the actions to happen, and that said actions were bad.)
Where an email ends up, and where it gets bounced to, are out of band communication.
A SMTP converstation looks like this, simplified somewhat and with angle brackets replaced with { and } because I am lazy. client.dom sends C messages and has just connected to server.dom, which sends S messages. (After each response code, the server can send random text, though there are conventions there.)
S: 220
C: HELO {client.dom}
S: 250
C: MAIL FROM: {user@client.dom}
S: 250
C: RCPT TO: {user@server.dom}
S: 250
C: DATA
S: 354
C: Entire email message, including the headers
C:.
S: 250
C: QUIT
S: 221
The mail server then traditionally preprends a Received header, and delivers the mail, or relays it elsewhere, depending. Although there was probably some more stuff in there consisting of SMTP AUTH commands if they're going to relay it somewhere, as open relays are frowned on. And the HELO is usually EHLO instead, which tells the mail server to say what extended commands it supports.
But you'll note that routing the message is entirely seperate from the headers. You could have the headers consist entirely of 'Haha: ha ha ha ha' and the message would be delivered with just that, and any Received headers that mail servers in between put in there. Sometimes they put in other things, like 'To: undisclosed-recipients:;' and make up a Message-ID and Date, but you can't rely on that information, because mail servers don't touch those headers if you've forged them...they just put in missing-but-required headers.
Sometimes mail servers do go ahead and put MAIL FROM as 'Return-Path:' and RCPT TO as 'X-Original-To:', or in other headers, and those almost always end up in the Received lines somewhere, but they are not required to do that, and it's non-standard. (Finding out the original MAIL FROM and RCPT TO is something that all us mail admin have had to do at some time or another, and it's sometimes easier to just look at the Received line for the queue ID, and grep the maillog for it.)
In fact, most mail servers accept messages with no headers at all, even though they are not supposed to. The headers are just marked by a blank line after them, and thus if they get a message with no blank lines, they technically got a message with no body, but they'll put whatever was received in the body, and make up a header instead, which at least will make something show up in the client. (Usually the problem is a crappy client didn't put the blank line in there, so this way other people at least see the message, although with the headers prepended.)
There are actually Usenet groups for posting unlabeled encrypted messages in. People receive messages by merely downloading each article and trying to decrypt it. While you can figure out who is communicating using that method, you can't figure out who they are comunicating with, except it has to be someone else in that group.
Thanks to spammers, you can buy lists of 'open proxies' that will let you hide your IP and access the person with the owned computer's ISP's usenet server, which you really only need to do when sending messages. Thus rendering any sort of traffic analysis of the group completely useless.
But the best method of sending data on the internet is hiding it in, say, a GIF. You don't even need to use stenography, you can just take an encrypted binary file, put a GIF header at the start of it, and put it in a 1x1 image link somewhere on a web page between two specific times, and have any receipient 'innocently' surf past your page, and then go get it out of their cache. Bonus points if you manage to write bad HTML so that only one specific browser will go and get the 'image', like IE 4 or Firefox 0.7, although you shouldn't make that obvious or people might get curious. Be sure to put a real image up there the rest of the time, and reset the date back whenever you make changes.
And you can trivially think of a way to have two people do this to each other so they can talk back and forth. They just each have pages on somewhat related things, and browse a bunch of pages on that topic, always making sure to go past each other's.
The great thing about this is that the receiving end can defeat a keylogger. Just make sure the 'check the cache for encrypted files' is a program that they won't notice when installing the keylogger, for example a solitaire game, and it pops up the decoded message when you start it between exactly 32 minutes and 37 minutes after adding the image to your cache, or something. Most software keyloggers do not include any sort of screen capturing, because that would require a lot of space, and hardware ones cannot do it at all, or at least not reasonably. (And see Cryptonomicron for how to defeat this, although note the method of communication in that can be logged also.)
Although obviously if you send messages, a keylogger will catch them. In theory, you could click on the letter via your mouse, but a lot of software keyloggers are including mouse clicks exactly because of that. Although the message can be hidden via moving buttons around and renaming them, that is incredibly annoying for any message over two sentences, and it doesn't hide the fact you were doing something very suspicious, which, if they've bugged your machine, they were already pretty sure of.
Computer use almost no power due to the computation. There's some waste heat inside the processor, due to electrical resistence, and it's possible quantum computers would remove some of this, but mostly computer waste power to convert voltages, run input/output devices including monitors, and to cool the system back down from all that wasted power. And there's no reason quamtum computers wouldn't have to do all that.
It is theoretically possible to built a computer, of any sort, that uses exactly as much power as its output requires. It's just not practical.
The time they are scheduled to connect is known as 'death'.
He's not, but now I'm worried something has happened to New Here. He used to always come in and comment that it was, in fact, he who was New Here.
However, greylisting does, indeed, reduce spam. Large amounts of it. There are plenty of people who show up, try to hand you spam, and never come back.
Where these people are coming from, and why they don't come back, I'm not entirely sure. (Note most of the dynamic IPs ones are blocked before greylisting here.) My theory is that their software is crap and treats a temporary error like a permanent one, instead of retrying at the end, whcih would make sense.
A lot of spam fighting is distinguighing between real smtp software and spamware crap. People say 'That can't work, spammers can just change their behavior'...except various tests based the difference in behavior have been working for seven years or so. (And this test has the added bonus of no false positives, or only false positives in absurdly contrived circumstances, instead of merely mistaking a poorly-run server for spammers.)
As for the delay...you can minimize that by only doing greylisting during non-business hours, at least for businesses. A lot of spam is sent at night, in an attempt to keep anyone from complaining until the run is finished. Meanwhile, it doesn't matter if the business email shows up at two or three in the morning.
I was looking for a movie that was consistent with the original plot, characters, and dialog found in the book.
That is EXACTLY the point I addressed. The radio show and the book are not consistent, the TV series and the book are not consistent. The two radio series aren't that consistent with each other.
With responsible ISPs, people will not be allowed to continue spamming for an hour. (Of course, with responsible ISPs, people wouldn't be allowed to send email direct from their connection, at least not by default.(1))
But, regardless, removing the ability to pump out fifteen thousand messages in the five minutes before the ISPs catches on can only be a good thing. Whether or not people will put up with hour-long delays in their email, of course, is another issue.
Which is also why tarpitting is a good idea. To send email to my server, it takes at least thirty seconds, with an extra five second per person. Unlike greylisting, it doesn't even take any extra bandwidth, I just have pauses before responsing to their commands, and there is no noticable delay for the end user.
Granted, in theory, well-written spam software could be multi-threaded and just hold the connection open to me, waiting for a response, and continuing to spam, but that's one of the reasons SP2 added pre-process connection limitations.
And 'well-written spam software' is an oxymoron...a lot of them can't even be bothered to wait past my five second pause before I send a greeting, and 'respond' to me with helo before I even say I'm a mail server, thus getting themselves kicked for unauthorized pipelining.
Slow them down, people. It can't but help. Temporarily, until they adapt, it will reduce spam for you, and once they do adapt, it will be at the expense of the amout of spam they can send.
1) Before all those hobbyist running Linux on a dialup start complaining, I did say by default. Having to go to your ISP and say 'I want to send email, and I know what I'm doing, and I understand I'll be rate-limited to 1k a second on port 25.' is infinitely better than being blocked from almost everywhere because you are dialup. If ISPs only unblock people by request, mail admin don't need to block any of their dialup, and people actually sending mail will find it easier instead of having to plead everyone to whitelist them.
Now shut the fuck up and let the people who have to use email get back to actually trying to stop spam.
First time you go to your bank, you bookmark the front page.
Street pimps often do beat their women, but, as I pointed out, that makes the profession dangerous, not violent. Being a firefighter is not a violent profession, and neither is being a prostitute.
Of course, the only reason that is true is 'slapping someone around a bit' is the only way to enforce contract law in the underworld. The pimp needs some enforcable means of collecting his cut, he can't go to the police or courts.
Women who live in a brothel, OTOH, rarely get injured by the management, because the money goes to the brothel and then they get their cut, so can't be holding out. (Sadly, they are more likely to get injured by a client, because a prostitute who works out of her our house or a motel will call the police if assaulted by a client, or scream and cause others to call the police, whereas a client in a house of prostitution quite rightly assumes they will not want to call the police.)
And call girls have the best of both worlds. They are away from other hookers, so none of them have any qualms about calling the police if assaulted, yet they have rates negotiated over the phone by their employer, so can't be holding out on money, even if they get handed the cash themselves.
But, anyway, high risk of injury in a profession != violence in a profession. A soldier is in a violent profession, a medic in the military is just in a high-risk one.
OTOH, being a pimp is an inherently violent profession, and it's not only towards the women. Pimps are expected to keep their territory free for their women, which requires driving off other women. The violence there is exactly the same as 'drug dealer', which they are in a sense: They must keep their product on the street, and remove everyone else's product, and threaten and eventually injury people who do not pay them money they are owed.
You apparently don't know much about spam and yet could trivially see the flaw in his brain-dead plan. Props to you for clear thinking, man.
Yes, that could happen.
Yes, those programs do exist, they are called 'open relays'.
Something like 95% of all spam is already sent that way, because of the one thing that has ever reduced spam: Blocking the sending IPs.
There are exactly three ways to spam these days:
Use IPs that people pitch a fit if blocked, because there are other people on those IPs. Aka, the 'human shield' approach. (Anyone remember the somethingawful wackout on here about that?) Spamming ISPs help here by moving unsuspecting clients and spammers around in a dance designed to leave the spammers unblocked and the clients blocked. (So they will complain about the blocks, and get them removed, so the spammers can be moved back there.)
Or be 'mainsleaze' and have a service people expect notifications from, but send spam for your service from the same server, using yourself as a shield. Like tigerdirect did in the past. There was a mailing list company named Topica that did that, and Yahoo! Groups has been accused of it.
The other, most popular way: Stealing bandwidth from others.
Which means, when the government talks about 'fighting spam', they are full of crap, because hijacking someone else's computer is a felony and has been so for two decades in most states. We didn't need any damn laws about spam. They just need to arrest the felony computer criminals.
Do you know anything about email?
I.e., a whitelist. But the trick isn't that the client blocks everyone else, it's that they make sure the reader knows they are suspicious looking, and don't let people click links or view images or html without some work.
There are almost no ways for a client to determine if an email is legit in what it is claiming or not, that would require strong AI, but there are plenty of ways for it to determine that it's seen emails from that person before.
Possibly you could make it even stronger with a more specific category for 'business emails', where they have to be signed with PGP, and the key has to be downloadable from an ssl website, which properties the user sees in big letters before he adds it to 'known businesses'.
That almost pure gibberish.
So let's just break this down two words at a time:
statistically+violent: Prostitutions are not statistically more violent than anyone else. They are subject to more violence, because they don't contact the police, but that doesn't make their profession a 'violent' profession, it makes it a dangerous one, like football player. A violent profession is one where you injure others, like a police officer or a chiropractor.
statistically+illegal: Prostitution is possibly, statistically speaking, illegal, however, in many places it's basically treated the same as jaywalking, like India. I'd actually like to see evidence that over 50% of the world's population lives in the place that considers prostitution a crime, and then I'd like to see average punishments, before I'll consider it 'statistically illegal'. Each act might, statistically, be punished with a ten cent fine, once you include all the places it is not legal but never punished. That means, statistically, we think using up a gallon of gas is much much worse.
inherently+violent: Well, possibly. Some types of sex do, indeed, require 'violence', so those jobs are inherently violent. But a tiny minority of hookers work those kinds of jobs, and it isn't 'real' violence, it's more akin to surgeons, who injure people, with their consent, so they feel better. Obviously not a good idea for some people, but the same thing applies to a lot of professions, like people who don't like organic slime shouldn't be garbage men, and people who aren't organic slime shouldn't be lawyers.
inherently+illegal: That doesn't make sense, but even if there was some set of inherent rules humanity played by, like 'Don't take my stuff just because I'm not watching it.', prostitution is not against them. There's nothing inherently different between it and any other service performed for others, like cutting their hair or building their house.
It being illegal, it has no child labor laws. Nor does it have worker's comp, or minimum wage.
In addition, people employed in it cannot go to the legal system for crimes committed against them, like assault.
Go find somewhere that prostitution is legal. There are no children employed in the legal industry, and almost no black market at all. It goes from something like 35%(1) of all hookers being underaged to, like, 1% or lower. (Basically, it replaces all the 'looks 20, is actually 14' girls with actual adults. The 1% pedophile market is still there. Although it's much, much harder to find, because if there's a black market, people just ask around. People do not walk into the door of legal brothels and ask where they keep 'The really young ones'.)
Using the abuse of workers in an illegal market as a reason to keep said market illegal is possibly the fucking stupidest thing anyone has ever done. There are only two ways to stop children being exploited in the sex industry. One of them is the same way we keep children out of every other industry in existence, regulation, which requires legality. The other way would be to get rid of the sex industry, which would either involve a magical spell, or a specific surgerical operation on small boys before they hit puberty...
1) Yes, it really is that high in some places. Oh, they look like adults, but looking like an adult female is not that hard for any female that is physically tall enough, with the right makeup, padding, and hair. Guys have a lot of clues that are hard to fake, but women not so much between, say, 14 and 18. (Or maybe the issue is really the age of puberty. Some guys who are 16 can often fake being 21.)
People who don't like the movie are trying to find fault with it, because it differed from the book, or they think it's 'real' story like Star Wars and that saying 'Wait! In episode 4, Jabba was clearly established to blah blah, but in episode 2, Jabba was claimed to blah blah. We 0wnz George Lucas!'.
HHGTTG isn't a real story. It is a bunch of farcical sci-fi plots stung together with the same characters, full of satire and parody, set in a completely absurd universe, and full of very intelligent-sounding gibberish that's just fun to read.
The movie is funny as hell, but of course it's not identical to the book, as a lot of the humor of the book was not in the action, but in the text that the author wrote to 'explain' things.
However, a lot of the humor wasn't in the text, and that translated. The characters are as interesting as ever. (Yes, even Trillian. She's not interesting in the movie, but she wasn't interesting in the books either.) The situtations are still as funny. The settings are still as odd, and the plots are as off-kilter as ever. (That is, hands down, the absurdist rescue ever in the history of film.)
Now, if you thought all the humor of the books was solely due to the text and 'explainations' that Adams' gave that often made things more baffling, yes, the movie sucked. I fail to see what anyone could have done about that, sans having the movie consist of the scrolling text of the book, but more to the point I'm failing to see why anyone who thought that was the only funny part of the book would spend any money on a movie of it, or would express 'disappointment' about that. That's somewhat akin to complaining about the lack of pictures in a novelization of a comic book.
You dumbass.
None of the versions of HHGTTG have followed the same story, or have even been internally consistent. For example: There are clear indications that Zaphod picks up Trillian before he's president, based on the timeline, but that makes no sense because he hadn't screwed with his own head yet.
Even when 'technically' consistent, they make no sense, like Adams just throwing Fenchurch away at the start of Mostly Harmless. (And then the Vogons pretending all humans were accounted for when, of course, she wasn't.) Or the idea that time travel could 'start' causing problems. Or how Marvin got off the ship plunging into the sun.
Hell, there's even a joke about that, with Arthur's randonly changing bags, which we never get any sort of explanation of.
And, incidentally, the screenplay was Adams', so if you have a problem with the plot, you have a problem with him. Someone didn't come along and butcher it after he died, he wrote the whole thing, or at least the other person writing the screenplay wrote it and he okayed it. A few lines might have been changed, and a scene or two deleted for time, but random people didn't wander in and add the whole rescue from the Vogons, or whatever you think they did.
Jesus. Completely ignorant Hitchhiker fanboys make me sick, and I'm a damn fan myself. Stop trying to make it damn Babylon 5 with dates and whatnot, and stop whinging about how the only two versions you've ever seen don't match up. It's not a real sci-fi story, it's a satire of them and their conventions.
Seriously. I've done SSL keys before. They don't expire and need a password for you to 'get back in'.
If you're smart, you've got your old CSR (cert signing request), and you can get that thing resigned. If you have misplaced that, it takes two minutes to type all the company name and stuff back in, and generate a new public key and CSR to get signed.
And you don't have to go and revoke the old key if you have misplaced the CSR. You supposedly have the only copy of the private key, so it's not like other people are running around using it. Just delete the damn thing when it expires.
Of course, you'd be really screwed if you didn't misplace the CSR and other people had a copy of it, if you got it resigned while the private key was out there, because the thief could just connect to your web server and get the new cert for the stolen key! Which I suspect is a good argument for just making a new CSR and just nuking the entire set of old keys and certs.
However, I'm with you on the inconsistent formats. Some of them will take binary keys, some of them will take a ASCII key in one file and ASCII signature of said key in another, and some of them will take them in the same file. Some will take encrypted keys, sometimes requiring a password on startup, sometimes storing it, and some won't take them at all.
Just pick a damn format already. I recommend them, as ASCII, all in the same file, because there aren't any circumstances where you'd want to hand out an unsigned key. And handing out a signature of a key but not said key is just nonsensical.
You can use the PHP native session support and write your own backend for it, thus giving you the advantage of PHP handling the cookies and rewriting the URLs, but the ability to put it in a database.
The reason the police don't do anything is that when they discover, to their satisfaction, who a criminal was, and said criminal is dead, they just close the case. No sense in charging the dead, and legally that couldn't get through the court system.
And now someone's going to go 'Why don't they charge murderers with attempted murder too, then?'. It's because you can't charge someone with two crimes for the exact same action, it's double jeopardy. You can charge someone with committing multiple crimes at once if the actions were technically seperate, but if one criminal action always includes another criminal action, you can't charge them for both, you have to pick one.
This was used with hilarious effect when some state implimented a marijuana license and a fine if you didn't have a license, when marijuana was illegal, solely to hit drug user's pockets, and they arrested someone for possession and that. He pleaded guilty of failure to buy the license, and paid the fine, and then argued successfully in court that he couldn't tried for possession, as he'd already plead guilty to possessing unlicensed marijuana, and thus they couldn't charge him with, duh, possession of said marijuana.
The state quickly repealed the license. Especially since the judge indicated that if the guy had attempted to get a license, and been rebuffed, he'd have accepted the guilty plead and thrown out the fine, as the state hadn't actually issued any licenses, so could hardly fine people who asked for one and didn't get it. And advised the defendant that, while it was legal to demand they return his now-licensed pot, that was probably a bad idea.
But all the rules kept things mostly in check. But the Repubs have suddenly decided they don't even need to follow them.
There are two kinds of affiliate programs...those that bitchslap spammers and not only permanently disable their account, but strip away all money they've earned with any complaints.(1) And the kind that go 'Heh, oops, we'll disable this account for a few hours so he won't profit from the spam', and then undisable it, or let spammers open a new one, and give them all the cash they earned before the spam was reported.
People don't spam the first kind of affiliate links. It's too damn dangerous that someone will complain and they'll make no money at all, and even lose money they earned legitly.
Now try to figure out why a company would be the second kind, especially since if they were to change to the first kind, they wouldn't have to pay spammers, would make more money, and be filtered less. (System admins have started blocking the affiliate websites.)
It's easy...it's because they're for spammers. They are affiliate networks designed for spammers, often by spammers who went 'legit'. They pretend 'Oh, we can't control spammers', when other affiliate networks seem to have no problems, and they often direct clients to 'direct mailing' software, aka, illegally-owned machine abusing software.
This is pretending that all of them are affiliate networks. Some of them are just run by one person, with pretend affiliate links, so that when people complain they can just say 'A spammer! Damn, we've disabled his account, don't you worry.' and then change the number in their links and continue spamming.
Rule #1: Spammers lie.
Russel's Admonition: Always assume that there is a measurable chance that the entity you are dealing with is a spammer.
1) And, yes, sometimes people abusing this by faking spam from competitors...but it's harder than you think.
You still, however, acted negligently. Being negligent while operating a hospital is rather frowned upon, and at least one person should get fired for this.
And, incidentally, if the prosececution can demonstrate that anyone died as a result of this, it's felony murder.
That's why it's ethical to blow people up with car bombs under their car...after all, they started their car and set of off the bomb. And why I've trained dogs to maul people...who the hell cares about the morals of a dog?
Um, no. I've said it before, and I will continue to say it: People who think only one party can be fault, and that including any blame on other parties absolves, in any way, the guilt of the first party, are immoral.
It is quite possible to blame the perpetrator, the hospital, and the 'affiliate' programs. The perpetrator did it on purpose, the hospital was just negligent, and the affiliate people know that people spend spam on for them, and know that most spam is sent illegally, so feel free to assign levels of guilt based on that, but the number of other people involved is completely unrelated to the level of guilt each one has.
I.e, if botnets were some sort of natural force, and the hospital got hit, it would be exactly as responsible for failing to secure its network. If botnets were impossible to prevent, the hospital would have no responsiblity, but the perpetrator and the affiliate company would have the same guilt.
We can add another hypothetical party, the person who knowingly let the perpetrator use his compujter to do this, and, you know what? He bears some guilt, and that doesn't make anyone else less responsible for their part in this. Or any more.
Guilt is, sadly, a noun. That means in English, it is possible to talk about someone having 'more guilt' and thus someone else having 'less guilt'. It is easy to fall into the trap of treating guilt like a set amount that exists and is doled out. But guilt is a concept, not a thing. It is like 'amount of sexual attraction towards'. I being attracted to someone does not alter your level of attraction, and me having responsiblity for an action does not alter your level of responsiblity at all. (The difference between guilt and responsiblity is merely a convention based on whether you wished the actions to happen, and that said actions were bad.)
Where an email ends up, and where it gets bounced to, are out of band communication.
A SMTP converstation looks like this, simplified somewhat and with angle brackets replaced with { and } because I am lazy. client.dom sends C messages and has just connected to server.dom, which sends S messages. (After each response code, the server can send random text, though there are conventions there.)
S: 220 .
C: HELO {client.dom}
S: 250
C: MAIL FROM: {user@client.dom}
S: 250
C: RCPT TO: {user@server.dom}
S: 250
C: DATA
S: 354
C: Entire email message, including the headers
C:
S: 250
C: QUIT
S: 221
The mail server then traditionally preprends a Received header, and delivers the mail, or relays it elsewhere, depending. Although there was probably some more stuff in there consisting of SMTP AUTH commands if they're going to relay it somewhere, as open relays are frowned on. And the HELO is usually EHLO instead, which tells the mail server to say what extended commands it supports.
But you'll note that routing the message is entirely seperate from the headers. You could have the headers consist entirely of 'Haha: ha ha ha ha' and the message would be delivered with just that, and any Received headers that mail servers in between put in there. Sometimes they put in other things, like 'To: undisclosed-recipients:;' and make up a Message-ID and Date, but you can't rely on that information, because mail servers don't touch those headers if you've forged them...they just put in missing-but-required headers.
Sometimes mail servers do go ahead and put MAIL FROM as 'Return-Path:' and RCPT TO as 'X-Original-To:', or in other headers, and those almost always end up in the Received lines somewhere, but they are not required to do that, and it's non-standard. (Finding out the original MAIL FROM and RCPT TO is something that all us mail admin have had to do at some time or another, and it's sometimes easier to just look at the Received line for the queue ID, and grep the maillog for it.)
In fact, most mail servers accept messages with no headers at all, even though they are not supposed to. The headers are just marked by a blank line after them, and thus if they get a message with no blank lines, they technically got a message with no body, but they'll put whatever was received in the body, and make up a header instead, which at least will make something show up in the client. (Usually the problem is a crappy client didn't put the blank line in there, so this way other people at least see the message, although with the headers prepended.)
Thanks to spammers, you can buy lists of 'open proxies' that will let you hide your IP and access the person with the owned computer's ISP's usenet server, which you really only need to do when sending messages. Thus rendering any sort of traffic analysis of the group completely useless.
But the best method of sending data on the internet is hiding it in, say, a GIF. You don't even need to use stenography, you can just take an encrypted binary file, put a GIF header at the start of it, and put it in a 1x1 image link somewhere on a web page between two specific times, and have any receipient 'innocently' surf past your page, and then go get it out of their cache. Bonus points if you manage to write bad HTML so that only one specific browser will go and get the 'image', like IE 4 or Firefox 0.7, although you shouldn't make that obvious or people might get curious. Be sure to put a real image up there the rest of the time, and reset the date back whenever you make changes.
And you can trivially think of a way to have two people do this to each other so they can talk back and forth. They just each have pages on somewhat related things, and browse a bunch of pages on that topic, always making sure to go past each other's.
The great thing about this is that the receiving end can defeat a keylogger. Just make sure the 'check the cache for encrypted files' is a program that they won't notice when installing the keylogger, for example a solitaire game, and it pops up the decoded message when you start it between exactly 32 minutes and 37 minutes after adding the image to your cache, or something. Most software keyloggers do not include any sort of screen capturing, because that would require a lot of space, and hardware ones cannot do it at all, or at least not reasonably. (And see Cryptonomicron for how to defeat this, although note the method of communication in that can be logged also.)
Although obviously if you send messages, a keylogger will catch them. In theory, you could click on the letter via your mouse, but a lot of software keyloggers are including mouse clicks exactly because of that. Although the message can be hidden via moving buttons around and renaming them, that is incredibly annoying for any message over two sentences, and it doesn't hide the fact you were doing something very suspicious, which, if they've bugged your machine, they were already pretty sure of.