So they are going to place this device in a pristine enviornment, previously untouched by man, and leave it there for the ages. Not to mention all the junk they will leave behind during their trek.
Who is going to pick up the trash?
Tabbed browsing broken for 2 years
on
Firefox 1.0 Released
·
· Score: 2, Interesting
not to be a ninny, but when are they going to fix the tabbed focus stealing bug? This is an extermely irritating and confusing bug that affects every user using tabs.
You can always put printfs in places you know must execute and work your way back from there. I work with "millions" of lines of code, large chunks of it in the kernel. printf() is more versatile and useful than any debugger, both in userspace and in the kernel where crashing means a reboot and sometimes a reformat.
Thus the DMCA backed by the sclerotic RIAA and MPAA begin stifling innovation in the U.S. The U.S. will continue to trail as long as copyright is wielded as weapon to maintain perpetual status quo.
"Also, I'd hardly call the 7% sales tax a penalty. It puts alot of money into the state. You don't want your state ending up like California; billions in debt."
That most be the dumbest remark I've read in while. Must be a troll. Just because you are being taxed doesn't mean the state is spending wisely or doing anything useful with the your money. To prove my point, CA has an 8% sales tax
Folks, it is only a matter of time before StarForce disappear off the face of the planet. Right off from the first question they start spewing garbage from a technical persepctive. Drivers cannot stop SoftICE from working, at best they can try to be aware of it and try to malfunction when they detect its presence. Drivers can be uninstalled (the easiest method being to simply delete the file). Furthermore any activity of their driver can be spoofed by a replacement driver that just says everything is ok. Their driver is a simple Windows IFS driver that filters filesystem calls (so called IRPs), probably based on hardware/process name. The reason they mess up people's USB drives is because they mis-detect them.
On the surface, it appears it would take only a couple hours for an experienced IFS driver writer to completely bypass their driver (probably along the lines of letting the driver run but ensuring it never gets to see any of the file system calls).
I'm willing to bet the only reason none of the games shipped with their product have been cracked has to do more with the lack of popularity of the games then with the copy protection.
Classic Microsoft. There is no way MS could or would want to release such a cheap device but it sure as hell is great to FUD everyone out of buying an iPOD.
But wait a minute! I thought Microsoft was not selling me software! The EULA always claim I didn't buy anything and only licensed their software for use on one machine blah blah blah. Does this mean that I've been wrongly taxed until now? I want my money back!
My 5 year old niece seems to get along quite well with a GUI machine. Phones were initially a mystery to people and I've heard stories from today's grandparents, then whiz kids, helping their grandparents crank and dial a phone. Today, that sounds laughable. Ten years down the line this will be a non-issue.
Re:You're having trouble reading tonight.
on
Gates on Spam
·
· Score: 1
Well, it has been a long day. Still you shouldn't get so testy. So yes, your idea removes the need for the "authority" server.
Now back to the original question why won't anyone do it?!?!?!
Yes, we are discussing mostly the same things with different terms except for one exception.
You say: "There is no reason for the recieving mailserver to verify the identity of the sender if that step has been already done by the senders mailserver already (as I described in my previous post and in my above comment)."
And this is exactly where I differ. You are trusting the sending server which in all probability is either owned by the spammer or a zombie PC in someone's home. You cannot trust the remote server so you trust DNS which is harder to mess with.
I was not referring to the IP address of the actual person writing the email. That person, uses his mail client to use POP3, IMAP, web mail, Exchange etc. to send his email to a server. That server then relays the email to the outside world - that server can be and usually will have a well known IP address that can be easily verified. Your approach requires the user to be well known and is important if you really want to know who is sending the email. In the approach I outlined, you don't really care who wrote the email, it is the mail server that is accountable.
Mailing lists, forwarding services, email-this-link-to-a-friend, all that stuff and more would become illegitimate email under this scheme, and also under SPF.
How would mailing lists become illegitimate? Please explain. Emailing a link to a friend... Use the originators email maybe instead of a spoofed email perhaps? Seriously, this is laughable.
For someone complaining about insight you provide very little of it.
Re:backward compatibility [Re:I don't get it]
on
Gates on Spam
·
· Score: 2, Insightful
The proposed scheme can be easily modified to accept that. It is called configuration. You can authorise some domains to get away with it and others not. Yes, at first it would be like a bucket full of holes but eventually the holes seal up. This scheme would be trivial to integrate into the next version of here. You are not going to come up with an immediate solution because there is none but if you start with something like this or a hash cash solution, within several years spam will become harder and harder to send. At some point it will just become uneconomical. There is no silver bullet but you can slowly strangle the ability to spam.
Re:Cha ching, reloaded.
on
Gates on Spam
·
· Score: 1
"And how is it going to know the answer in advance?"
It's actually very easy to do.
1. The server generates a random number in the range of 0 to N and hashes it with a cryptographically secure HMAC (keyed hash) using a random key. 2. The server tells the client I hashed a number in the range 0 to N, here is the HMAC key and here is the hash. Tell me what the original number was. 3. To solve the riddle, the client needs to try every number from 0 to N. On average, it will solve the riddle after N/2 steps.
Now you just need to pick a large enough N for the client to be forced to spend a long time calculating the response. The keyed MAC is used to prevent dictionary or replay attacks.
There you have it. A trivially fast way for a server to generate a riddle that would require centuries to solve with a relatively small N.
I don't get it
on
Gates on Spam
·
· Score: 4, Interesting
Most spam originates from spoofed email addresses. Those emails that don't come from spoofed email addresses can be sued into oblivion. So it is a simple matter of finding the spoofed email addresses. This is how an email server would check inbound email: 1. receive email 2. lookup domain of sender. If does not resolve, discard. 3. lookup "domain email authority" of domain, say "authorize.yahoo.com" for senders originating at yahoo.com. No authority, discard. 4. ask authority it if the user is known and what IP address it would be sending email from. 5. Is user known and does "authorized" IP address match IP address of sender? If not, discard.
This mechanism would also make it easy to circumvent non-spoofed email addresses since the spammers would need to support the extra authorization queries. It would also force them to centralize their efforts making them an easy target for elimination.
The result: No spam, no Microsoft tax. Nothing. Only a little bit of overhead on DNS and email servers which could be eased with a little bit of caching.
Why wouldn't this work? Is there a problem with this?
By respecting copyrights you mean not disseminating copies of the source, right? It is probably not illegal to look at the Windows source so long as you don't distribute it or compile something based on it and distribute that. I would guess the source code itself would qualify as a former trade secret at best.
Those sets are useless. I bought a couple for my niece, first the smaller one and then the larger one, and the bulk of the pieces in them are 2x1 bricks. Have you ever tried building anything substantial with a bucket load of 2x1 bricks? It's not bulk, it's a rip off. Beyond that, I find that Lego bricks don't "stick" the way they used to only 10-15 years ago. Essentially, Lego lost their soul and sold out to blatant commercialism du jour. Serves them right.
As for CATV. Comcast raised the prices also for me and so I opted out of CATV. Lo and behold after about 4 months Comcast came a callin' and offered me a permanent discount to reconnect my CATV. I guess this is so that they can boost their viewership numbers to advertisers. As it turns out they might need us more than we think.
Here is the spammer's link. And now I urge everyone on/. to visit this highly informative page and see what they can do about their patehtic penises. Let's harness the/. effect for good!
Actually, this would be a great service for the net. A weekly (or even daily)/. of a spam site!
Slashdot Mirror
So they are going to place this device in a pristine enviornment, previously untouched by man, and leave it there for the ages. Not to mention all the junk they will leave behind during their trek.
Who is going to pick up the trash?
not to be a ninny, but when are they going to fix the tabbed focus stealing bug? This is an extermely irritating and confusing bug that affects every user using tabs.
No, but, barring a HW accelerator, it increases CPU load considerably.
Don't forget the good services of SSL.
You should use https for everything so that you get a b c d
You can always put printfs in places you know must execute and work your way back from there.
I work with "millions" of lines of code, large chunks of it in the kernel. printf() is more versatile and useful than any debugger, both in userspace and in the kernel where crashing means a reboot and sometimes a reformat.
Thus the DMCA backed by the sclerotic RIAA and MPAA begin stifling innovation in the U.S.
The U.S. will continue to trail as long as copyright is wielded as weapon to maintain perpetual status quo.
The author seems to be really attached to his debugger. He should learn to use the printf() the most powerful debugging tool ever devised.
"Also, I'd hardly call the 7% sales tax a penalty. It puts alot of money into the state. You don't want your state ending up like California; billions in debt."
That most be the dumbest remark I've read in while. Must be a troll.
Just because you are being taxed doesn't mean the state is spending wisely or doing anything useful with the your money. To prove my point, CA has an 8% sales tax
Folks, it is only a matter of time before StarForce disappear off the face of the planet.
Right off from the first question they start spewing garbage from a technical persepctive.
Drivers cannot stop SoftICE from working, at best they can try to be aware of it and try to malfunction when they detect its presence.
Drivers can be uninstalled (the easiest method being to simply delete the file). Furthermore any activity of their driver can be spoofed by a replacement driver that just says everything is ok.
Their driver is a simple Windows IFS driver that filters filesystem calls (so called IRPs), probably based on hardware/process name. The reason they mess up people's USB drives is because they mis-detect them.
On the surface, it appears it would take only a couple hours for an experienced IFS driver writer to completely bypass their driver (probably along the lines of letting the driver run but ensuring it never gets to see any of the file system calls).
I'm willing to bet the only reason none of the games shipped with their product have been cracked has to do more with the lack of popularity of the games then with the copy protection.
Classic Microsoft. There is no way MS could or would want to release such a cheap device but it sure as hell is great to FUD everyone out of buying an iPOD.
But wait a minute!
I thought Microsoft was not selling me software! The EULA always claim I didn't buy anything and only licensed their software for use on one machine blah blah blah.
Does this mean that I've been wrongly taxed until now?
I want my money back!
My 5 year old niece seems to get along quite well with a GUI machine.
Phones were initially a mystery to people and I've heard stories from today's grandparents, then whiz kids, helping their grandparents crank and dial a phone. Today, that sounds laughable.
Ten years down the line this will be a non-issue.
Well, it has been a long day. Still you shouldn't get so testy.
So yes, your idea removes the need for the "authority" server.
Now back to the original question why won't anyone do it?!?!?!
Yes, we are discussing mostly the same things with different terms except for one exception.
You say: "There is no reason for the recieving mailserver to verify the identity of the sender if that step has been already done by the senders mailserver already (as I described in my previous post and in my above comment)."
And this is exactly where I differ. You are trusting the sending server which in all probability is either owned by the spammer or a zombie PC in someone's home. You cannot trust the remote server so you trust DNS which is harder to mess with.
All in all, it sounds very workable.
I was not referring to the IP address of the actual person writing the email. That person, uses his mail client to use POP3, IMAP, web mail, Exchange etc. to send his email to a server. That server then relays the email to the outside world - that server can be and usually will have a well known IP address that can be easily verified.
Your approach requires the user to be well known and is important if you really want to know who is sending the email. In the approach I outlined, you don't really care who wrote the email, it is the mail server that is accountable.
Mailing lists, forwarding services, email-this-link-to-a-friend, all that stuff and more would become illegitimate email under this scheme, and also under SPF.
How would mailing lists become illegitimate? Please explain.
Emailing a link to a friend... Use the originators email maybe instead of a spoofed email perhaps? Seriously, this is laughable.
For someone complaining about insight you provide very little of it.
The proposed scheme can be easily modified to accept that. It is called configuration. You can authorise some domains to get away with it and others not. Yes, at first it would be like a bucket full of holes but eventually the holes seal up. This scheme would be trivial to integrate into the next version of here.
You are not going to come up with an immediate solution because there is none but if you start with something like this or a hash cash solution, within several years spam will become harder and harder to send. At some point it will just become uneconomical.
There is no silver bullet but you can slowly strangle the ability to spam.
"And how is it going to know the answer in advance?"
It's actually very easy to do.
1. The server generates a random number in the range of 0 to N and hashes it with a cryptographically secure HMAC (keyed hash) using a random key.
2. The server tells the client I hashed a number in the range 0 to N, here is the HMAC key and here is the hash. Tell me what the original number was.
3. To solve the riddle, the client needs to try every number from 0 to N. On average, it will solve the riddle after N/2 steps.
Now you just need to pick a large enough N for the client to be forced to spend a long time calculating the response. The keyed MAC is used to prevent dictionary or replay attacks.
There you have it. A trivially fast way for a server to generate a riddle that would require centuries to solve with a relatively small N.
Most spam originates from spoofed email addresses. Those emails that don't come from spoofed email addresses can be sued into oblivion.
So it is a simple matter of finding the spoofed email addresses.
This is how an email server would check inbound email:
1. receive email
2. lookup domain of sender. If does not resolve, discard.
3. lookup "domain email authority" of domain, say "authorize.yahoo.com" for senders originating at yahoo.com. No authority, discard.
4. ask authority it if the user is known and what IP address it would be sending email from.
5. Is user known and does "authorized" IP address match IP address of sender? If not, discard.
This mechanism would also make it easy to circumvent non-spoofed email addresses since the spammers would need to support the extra authorization queries. It would also force them to centralize their efforts making them an easy target for elimination.
The result: No spam, no Microsoft tax. Nothing. Only a little bit of overhead on DNS and email servers which could be eased with a little bit of caching.
Why wouldn't this work? Is there a problem with this?
By respecting copyrights you mean not disseminating copies of the source, right?
It is probably not illegal to look at the Windows source so long as you don't distribute it or compile something based on it and distribute that. I would guess the source code itself would qualify as a former trade secret at best.
It's heavy, it rusts, and its accuracy is pathetic because the sights jiggle all over the place.
I carried it for 3 years and it is a dog. Gimme an M-16 any day.
Those sets are useless. I bought a couple for my niece, first the smaller one and then the larger one, and the bulk of the pieces in them are 2x1 bricks. Have you ever tried building anything substantial with a bucket load of 2x1 bricks? It's not bulk, it's a rip off.
Beyond that, I find that Lego bricks don't "stick" the way they used to only 10-15 years ago.
Essentially, Lego lost their soul and sold out to blatant commercialism du jour. Serves them right.
As for CATV. Comcast raised the prices also for me and so I opted out of CATV. Lo and behold after about 4 months Comcast came a callin' and offered me a permanent discount to reconnect my CATV.
I guess this is so that they can boost their viewership numbers to advertisers. As it turns out they might need us more than we think.
Here is your chance to put your money where your mouth is.
Instead of steadily consuming their slop why don't you make them feel your dissatsifaction.
But what I am thinking, this is Slashdot. Spineless.
Here is the spammer's link. And now I urge everyone on /. to visit this highly informative page and see what they can do about their patehtic penises. Let's harness the /. effect for good!
Actually, this would be a great service for the net. A weekly (or even daily) /. of a spam site!