The thing about XMPCR, you see, is that is doesn't access the network at all. That's the reason people bought them. Not everyone want to stream. Not everyone _can_ stream.
If you're stuck on a corporate network that's stingy with bandwidth or who disables streaming protocols, or if you don't have a broadband connection at home or only own an older PC that isn't up to processing a stream and letting you do anything useful, XMPCR brought a hell of a lot to the table.
Not everyone wants to save the music, some of us who are stuck in a highrise simply wanted to listen to something besides a bad FM signal from a crap clear channel clone.
Remote shutdown? Eh. Hell, even swapping the trailer to a new tractor will beat that idea.
Remote shutdown will work as well as a lo-jak does. Which is to say, it will only work if the miscreant does not have a lo-jak jammer.
The thing about Radio Frequency (RF) signals, you, is that to work, RF signals need to be transmitted, received, and then understood by the receiver.
If the transmitting frequency is blanketed with noise designed to destroy the signal's intelligence, the receiver's understanding of what should be done is ruined.
Such a basic concept. Do a google for Electronic countermeasures.
T.
Old crows never fade away. They just tell ya to "Jam it," and disappear.
I believe that you are missing the value of contacting the upstream provider.
I whole-heartedly agree that every record should have a valid email address (although I also believe that this is the source of many spams to domain holders) to provide a contact point.
But, I am completely opposed to providing a brick address or name for listing to the "public." The "public" has a bad reputation for stalking, identity theft, etc...
Sure, I'm paranoid. But paranoia saves lives when used in moderation.
It is always nice to see something about tech writing. FYI for many: Tech writer's document much more than code. Buy almost anything with a user's guide, and the chances good that it was put together by a tech writer. Of course, some docs are written by developers, engineers, or marketers, but we won't go there.
But all that chest puffing aside, if you can squeeze some money out of your budget or are willing to cough up the $25 or so out of your own pocket, pick up a copy of "Fowler's Modern English Usage."
The average person won't appreciate the subtleties of usage described in Fowler's, but there are some real doozies. Some afternoons when time actually begins to flow backwards, and when my editor's boss's boss is in the office and I can't get away with surfing for a bit, I read my Fowler's for some relief from the misery.
Antecs are quiet. Until they fry. Then you get a really cool Bzzzzbbzzzzzappphhttttttt noise, a nice fireworks display out the back (similar to that noted in a comment towards the beginning), and a very displeasing fried electronics smell that took two days to go away.
I've spent many evenings watching Brittas. And, I must admit, lusting a bit after Pippa;-)
I often wondered how a person with Gordon's personal "charm" could live long enough to breed. It hasn't been on the air in the NYC area for a couple years, now. I didn't realize how much I'd like to watch the series again (even though it's all repeats) until I noticed your post. Thanks!
This is a solution with the same flight characteristic as the DMCA. It won't fly.
Consider these points:
1. An aircraft in an emergency situation may need to make use of strips contained within a no-fly zone, or may need to fly through a no-fly zone as the most direct path to emergency facilities. If the pilot is unable to override the soft-wall... Well, let's just say things will be very interesting for him. But not for long.
2. Rely on GPS? Well, golly gee-whiz. Ever hear of circuit breakers? The flight engineer (and any potential hijacker) has access to the circuit breakers. You don't need any fancy navaids to fly a coastline or follow a river at 5000 feet. Pop goes the breaker. And the target.
Grab and crash is not a fad, it's only just getting started. Fancy high-tech solutions won't replace a well-aimed shot to the forehead. Add a few more air marshals.
I think the big money would be better spent on ecm and anti-ir systems for commercial airliners. It's damned easy to get shoulder-launched sams to anyplace you care to bring them. The US has been doing it for years. Anyone else can do it as well.
El Al was using anti-ir many years ago, they probably still are (I'm not in a position to know any more;-) ).
You can't use high-tech to stop a determined group trained up to the same level and with access to big money and to the technology. Sorry.
I also puchased the last book. Unfortunately, being the geek that I am I have not popped out the CD yet;-) But since I already had all of the Honor novels, I didn't really need to read them from the CD.
When I heard that Baen planned to release the entire series I was astounded. What marketing genius!
Can we compare MP3s and subsequent CD purchases to Baen's actions and the susequent increase in their book sales?
To me, it seems quite likely.
IMHO, the RIAA rant about billions in sales lost is actually a complaint that people didn't spend $18 to buy a CD based on a single song from the radio for a CD/group they ended up not liking.
I would be interested to see how many CDs were sold on the basis of hearing an MP3 rip beforehand.
Doesn't this show that people want to make certain that they like something before they buy it?
Thank goodness Ford, GM, et al. don't sue you for renting cars for a weekend just to _really_ check it out before buying.
Are you familiar with DNS? My domains have fixed IPs. They have always had a fixed IP. The problem is that my ISP will not provide a fixed IP, hence my complaint about Osirus using wirelist to block dynamic IPs.
I already have a fine hosting company. They are quite sufficient and I send them a fair chunk of money each month for my server. But that doesn't do dick to solve the blocking problem caused by verizon not supporting fixed-IP addresses.
I'm sorry if that wasn't clearly understood from my original post. This dynamic-IP blocking crap is my hot button. I don't send spam, nor do I buy spammed products, either. _And_ I make that fact known to the manufacturers.
This is an economics problem. As long as people can make money spamming, it will continue. When people selling products and services suffer from boycott actions, then the spam will diminish, but not before.
The practice of automatically branding everyone having a dynamic IP and sending email via their own domains. Using non-ISP email servers is not a crime.
I own several domains, a few of them for almost 9 years. In that time I have used seven or eight IPs. Only for a year or so did I have a fixed IP. I don't send spam, my servers are not open relays, but I am penalized now because I can not get a fixed IP from Verizon.
First, Osirus starts using the wirelist to block dynamic IPs, now AOL is blocking dynamic IP.
Why should I be restricted to sending mail from a verizon address? I am a business owner who has domains representing my business. Why is it wrong to want my emails to come from _my_ domain and not from Verizon?
Don't even start with the pompous BS about doing SSH tunneling, or expecting business class service for consumer prices. I don't want to hear it. I'm paying business prices for my service. So sod off. Not everyone is in a position to physically host their own on-site server or afford their own OC-3.
Is any of this blocking really going to affect the spam situation? I don't think so. Spam is economically viable because consumers continue to shop from businesses that use spam as a marketing tool. Consumers continue to buy spammed products.
Spam is not a problem that will be solved by refucing email from entire IP blocks. Spam is a consumer education problem.
If people were as quick to boycott spammed product as they have been to pour french wine in the gutter, spam would be a thing of the past.
I've used both Mozilla and Opera. And while both browsers block most of the popups and popunders, I've found that the best way to rid my self of page trash is to use a Proxy Blocker.
I favor Proxomitron, a W32 "Shonenware" local proxy package. To register, you need to send them a pic of you holding a Shonen Knife CD. Proxomitron dosn't stop working or anything, even if you never "register." All of the features are still there even if you never get a Shonen Knife CD. They're hot, though. You should get one! Shonen Knife is ok.
Proxomitron is a powerful package. It does not require an installation program or diddle with the registry. No nags, no splashscreens. It's good, solid software. Many language translation are available, too.
Using Proxomitron, I can even rid stop that annoying personals box on the Boston Globe. I can block anything I want.
The main problems are in collection and identification. The RECIPIENT is expected to maintain a whitelist of "good email" addresses. So, then I am expected to enter the the address book for my entire company, including their personal address? New addresses from friends on the road using a throwaway yahoo address?
Not to mention the administration aspects for ISPs. Or how anyone could enforce this on the world. Spam works because it can be sent by the bazillion; good addresses or bad addresses. It's all the same to them. If your address bouces, they don't know. they don't much care, either. From casual observation of my email server logs, I still receive plenty of spam to addresses and aliases I killed off years ago. Years!
I get email for addresses that never existed on my system. Some of those have been coming for at least five years.
The idea is well-intentioned, but ludicrous. It would be impossible to implement. This will become another urban legend in time, just as that old chectnut about the US Postal Service charging for modem use or for sending an email.
Pay attention to clown boy's rhetoric about safe harbor...
Now that dalnet has been beaten into submission and compliance, I'll bet you a diet coke and a couple pack of twinkies that the attacks cease after a suitable period to make it appear as a unrelated action.
It takes deep pockets and plenty of manpower to hunt down a ddos attack and no one in US enforcement is going to expend the effort to help stop the attacks. They know which side of the bread their butter is on. Any effort to stop the activity would be frowned on by the people holding the pursestrings.
After all, why do you think a rep from California made the proposal?
Well, it seems no one remembers last year's rumblings of RIAA using technical means to kill the mp3 trading scene.
It looks like they kicked dalnet's ass, doesn't it. RIAA/BSA have no qualms about black hat enforcement. They've hinted as much several times and even asked for permission. So how can anyone be surprised when they went ahead did it anyway? It's not as though the FBI is going to go hunting them down, is it? No, not when there are easier, and poorer targets to look for.
Hell, even this was taken to court, they'd be there for years and then RIAA/BSA would simply ignore the ruling now that Microsoft has set the modern-day precedent (as opposed to the early 1900's magnates doing it).
Ah, well yes. A SysAdmin. I see. Well, I call "newbie," so sit back down and do that homework so teacher isn't cross with you.
You'd better review the bat book and a simple dns/bind book (Sorry, O'Reilly, your's isn't) and see how things really work before you get huffy with your betters.
So, know how to use reply-to. La-di-da.
How are you spoofing the $client_* macros on server side? Schon, stick to playing with _User side_ software (snicker) and leave the server side to others, okay?
The client macros expand to provide the IP address and hostname for a header on the receipient's server. Some mere users (with more knowledge than you) filter on from, IP, and hostname to provide an additional level of filtering beyond what the sendmail provides.
Stick to Outlook Express and imapd and stop butting in.
However, the point being made is legitimate: RBL's find it simpler to tar an entire block as spam than to surgically excise the cancer. They've lost the pinpoint accuracy of years ago.
Simply defining a spammer as a sender with a dialup IP who relays email through a third-party smtp server is not valid.
I spend a couple thousand dollars a year on DSL, hosting, and network charges. I've owned and maintained several domains for a number of years. I don't send spam, none of my users send spam. So, why am I a "designated spammer?" Just because I have a dial-up IP? Damn. Isn't that kinda harsh?
Whining? Unfounded complaining? No. I guess I'm just one of the poor unfortunates who can't afford a T-1 to the noc where their servers live;-) I wish I could afford a T-1 to my basement just like you!
In my region, the fast access choices are Verizon DSL or cable modem. Verizon (through its monopolistic business practices) has made it extremely hard for other companies to get 1.5MB DSL lines into most COs. That gives them a lock on fast DSL service. Unfortunately, Verizon does not give fixed IP addresses.
Mr. Simpleanswer says, "Well, just request one."
Simply requesting a fixed IP won't get you one. The mythical "fixed-IP" tests are almost always in the VA area or _very_ small service areas in NY. Verizon uses DHCP and only leases the IP address for 24-36 hours.
Comcast Cable still sucks. They have longer dhcp leases, but they are a suck-assed ISP listed as dial-up in many lists. And they transfer limits on USENET. (WTF! What's up with that? What a dime-store operation!)
Changing ISPs to get a fixed-IP isn't an option. I need a fast line.
Mr. Simpleanswer says, "Well, why don't you just send email through your ISP's email servers?"
Well, that would look very professional and business-like, wouldn't it?
_My_ users expect _my_ emails to originate from _my_ domain. Does your sysadmin frequently send you email from a YaHoo address? From a Juno.com address? From a Verizon address?
Personally, if someone who represented themself as a SysAdmin from Verizon sent _me_ an email from a different domain, it'd go into the trash. And anyone who says they'd pay heed to any such email is probably also one of those people you read about who do odd sexual things for unknown phone callers. You know the ones, like the lady who gave herself a breast self-exam for a "doctor" conducting a phone survey....
Anyway, to summarize, RBls have lost the keen, effective edge they once held. Instead, they use the "Kill everyone and let god sort 'em out" approach to spam control. This is not a good thing.
Changing ISP or using an ISP's smtp server is not always practical.
My BEFSR11 router was zapped from the unknown about five weeks ago. It simply stopped passing traffic.
I checked everything else then tried the router. It would not accept my password. I verified it, then tried again, but this time I noticed that it identified itself as a "LinkSic" router, instead of a LinkSys.
I powered down and restarted and it came back as itself. When emailed LinkSys about it, they seemed to know about it but said they hadn't seen it before. (??)
Things are sucky when you need a NAT'ed router to protect your NAT'ed router;-)
The American government having realized that the Capper-Volstead Act (Prohibition) was a mistake, immediately changed its focus to the prohibition of drugs (Fool me once shame on you. Fool me twice...)
The United States of America, "The Land of the Free and the Home of the Brave"(tm) has the highest per capita prison population in the entire world.
65% of all prison inmates are incarcerated for a drug-related "crime" of some nature.
Private prison adminstration (i.e., privately owned or operated prisons) is rapidly becoming the newest high-tech, high-profit growth industry.
America is only so-called democracy where confiscation and seizure of private property without due process is the law.
With this track record, do not even think that the government can not punish a few million people.
At the very least, simple confiscation and destruction of your computer system would serve their purpose. At worst, you could be charged with a crime and given a fine with a form letter that has your name on it.
Don't misunderstand, I do not support DCMA. It's a mistake. I'm only trying to point out that the idea that "they can't punish everyone" is not so. This is not like speeding in a crowd. There is a log trail leading right to your door.
And they have the money to read the trail, too. The justice dept isn't paying for TSP, the movie industry is footing the tab.
Civil disobedience will not work here, people. You would end up paying them to prosecute you.
Boycotts and bad publicity, on the other hand, can be devastating to a corporate entity. Poor box office showings can hurt them where they live.
I'm not advocating any piracy, I'm saying stop going to the theaters. Eat away at their cash and maybe they will push a re-write we'll like.
Just remember, crime doesn't pay. Well, not unless you're elected.
You are entitled to hold any opiion that lets you sleep at night. However, it is that opinion that is flawed, not PGP.
Follow this chain:
1. PGP either decrypts or it fails. 2. If a PGP decryption presents you with garbage, then garbage was encrypted.
If the operator compromises the decrypted results, and thereby the private key/passphrase, then it is operator error. Period. Sounds like a court martial, a $100K fine, and ten years in the brig getting your ass kicked by mean Marines to me.
If you want to base your comm sec on hare-brained ideas, that's your lookout. It ain't happening in my shop. You handle either handle _everything_ like the keys to the kingdom, or you may as well just type it out and snail mail it 'cause it ain't worth encrypting to begin with. It's your call.
Security not based on forethought and intelligence is fantasy. That is truth.
Uhmmm... Perhaps I misunderstood, but:
a)The paper still talks about the email client performing automatic decryption of the received text.
b) The defender must also reply with plaintext of the garbled decipher:
"To do so, the adversary creates some new C and sends it to the user;this message is then automatically decrypted by
the user's computer and the user is presented with the corresponding message P. To the user, P appears to be garbled; the user therefore replies to the adversary with, for example, "What were you trying to send me?", but also quotes the
"garbled" message P'. Thus, the user himself unwittingly acts as a decryption
oracle for the adversary. Using information obtained in this way, the adversary
may be able to determine the original message."
That sounds like plaintext to me.
++++++++++
Using encryption implies a need for privacy. If this is the case, then leaving your keyring unattended (yes, if it's automatic, it's unattended) and your passphrase in memory (how else can an automatic decryption be performed?) begs for compromise.
This is an attack in name, only. It is actually poor security, i.e., user compromise of keys and materials. Flog 'em 'round the fleet keel 'aul 'em if there's anything left.
Perhaps my expectations too high. But, IMHO, there is no excuse for physical compromise. If a message arrives garbled, you ask for a resend. A keyring should only be available to PC when required and removed. The passprhase should not be stored in memory.
If you expect security, you must be responsible for your actions. Anything less than exacting procedures will always come back to bite you.
Of course, the little things such as guarding the keyring, never writing down the passphrase, good physical security of the workstation are what count the most. Now that U.S. agencies can legally perform what were previously illegal entries and illegal monitoring, these little things have become extremely vital...
I'm good for anything short of a Van Eyck attack.
Please, read this article a with an eye to word meanings and English usage.
This is a setup and usage problem in the email client, not in a flaw in PGP.
If a person is fool enough to leave their keyring available to the mail client (that's what the floppy disk in my pocket is for), to not remove their passphrase from memory, and to automatically include the plain-text version of an encrypted message when replying, they deserve no security.
This so-called "flaw" in PGP is on a par with calling an OUTLOOK email flaw a virus.
Slashdot Mirror
The thing about XMPCR, you see, is that is doesn't access the network at all. That's the reason people bought them. Not everyone want to stream. Not everyone _can_ stream.
If you're stuck on a corporate network that's stingy with bandwidth or who disables streaming protocols, or if you don't have a broadband connection at home or only own an older PC that isn't up to processing a stream and letting you do anything useful, XMPCR brought a hell of a lot to the table.
Not everyone wants to save the music, some of us who are stuck in a highrise simply wanted to listen to something besides a bad FM signal from a crap clear channel clone.
I found it funny that they won't allow any birth years prior to 1940.
;-)
I guess they don't want any visitors who remember Chosin through first=hand knowledge.
The slashdot username no longer works.
Try this one:
U: peckerheadviewer
P: peckerheadviewer
Now, go view them peckerwoods
Make Chesty proud!
Remote shutdown? Eh. Hell, even swapping the trailer to a new tractor will beat that idea.
Remote shutdown will work as well as a lo-jak does. Which is to say, it will only work if the miscreant does not have a lo-jak jammer.
The thing about Radio Frequency (RF) signals, you, is that to work, RF signals need to be transmitted, received, and then understood by the receiver.
If the transmitting frequency is blanketed with noise designed to destroy the signal's intelligence, the receiver's understanding of what should be done is ruined.
Such a basic concept. Do a google for Electronic countermeasures.
T.
Old crows never fade away. They just tell ya to "Jam it," and disappear.
I believe that you are missing the value of contacting the upstream provider.
I whole-heartedly agree that every record should have a valid email address (although I also believe that this is the source of many spams to domain holders) to provide a contact point.
But, I am completely opposed to providing a brick address or name for listing to the "public." The "public" has a bad reputation for stalking, identity theft, etc...
Sure, I'm paranoid. But paranoia saves lives when used in moderation.
Trent.
Hiya,
It is always nice to see something about tech writing. FYI for many: Tech writer's document much more than code. Buy almost anything with a user's guide, and the chances good that it was put together by a tech writer. Of course, some docs are written by developers, engineers, or marketers, but we won't go there.
But all that chest puffing aside, if you can squeeze some money out of your budget or are willing to cough up the $25 or so out of your own pocket, pick up a copy of "Fowler's Modern English Usage."
The average person won't appreciate the subtleties of usage described in Fowler's, but there are some real doozies. Some afternoons when time actually begins to flow backwards, and when my editor's boss's boss is in the office and I can't get away with surfing for a bit, I read my Fowler's for some relief from the misery.
I highly recommend it.
Antecs are quiet. Until they fry. Then you get a really cool Bzzzzbbzzzzzappphhttttttt noise, a nice fireworks display out the back (similar to that noted in a comment towards the beginning), and a very displeasing fried electronics smell that took two days to go away.
That was the first and only Antec I'll ever buy.
I've spent many evenings watching Brittas. And, I must admit, lusting a bit after Pippa ;-)
;-)
I often wondered how a person with Gordon's personal "charm" could live long enough to breed. It hasn't been on the air in the NYC area for a couple years, now. I didn't realize how much I'd like to watch the series again (even though it's all repeats) until I noticed your post. Thanks!
I think I'll look for the DVDs
This is a solution with the same flight characteristic as the DMCA. It won't fly.
;-) ).
Consider these points:
1. An aircraft in an emergency situation may need to make use of strips contained within a no-fly zone, or may need to fly through a no-fly zone as the most direct path to emergency facilities. If the pilot is unable to override the soft-wall... Well, let's just say things will be very interesting for him. But not for long.
2. Rely on GPS? Well, golly gee-whiz. Ever hear of circuit breakers? The flight engineer (and any potential hijacker) has access to the circuit breakers. You don't need any fancy navaids to fly a coastline or follow a river at 5000 feet. Pop goes the breaker. And the target.
Grab and crash is not a fad, it's only just getting started. Fancy high-tech solutions won't replace a well-aimed shot to the forehead. Add a few more air marshals.
I think the big money would be better spent on ecm and anti-ir systems for commercial airliners. It's damned easy to get shoulder-launched sams to anyplace you care to bring them. The US has been doing it for years. Anyone else can do it as well.
El Al was using anti-ir many years ago, they probably still are (I'm not in a position to know any more
You can't use high-tech to stop a determined group trained up to the same level and with access to big money and to the technology. Sorry.
I also puchased the last book. Unfortunately, being the geek that I am I have not popped out the CD yet ;-) But since I already had all of the Honor novels, I didn't really need to read them from the CD.
When I heard that Baen planned to release the entire series I was astounded. What marketing genius!
Can we compare MP3s and subsequent CD purchases to Baen's actions and the susequent increase in their book sales?
To me, it seems quite likely.
IMHO, the RIAA rant about billions in sales lost is actually a complaint that people didn't spend $18 to buy a CD based on a single song from the radio for a CD/group they ended up not liking.
I would be interested to see how many CDs were sold on the basis of hearing an MP3 rip beforehand.
Doesn't this show that people want to make certain that they like something before they buy it?
Thank goodness Ford, GM, et al. don't sue you for renting cars for a weekend just to _really_ check it out before buying.
Are you familiar with DNS? My domains have fixed IPs. They have always had a fixed IP. The problem is that my ISP will not provide a fixed IP, hence my complaint about Osirus using wirelist to block dynamic IPs.
I already have a fine hosting company. They are quite sufficient and I send them a fair chunk of money each month for my server. But that doesn't do dick to solve the blocking problem caused by verizon not supporting fixed-IP addresses.
I'm sorry if that wasn't clearly understood from my original post. This dynamic-IP blocking crap is my hot button. I don't send spam, nor do I buy spammed products, either. _And_ I make that fact known to the manufacturers.
This is an economics problem. As long as people can make money spamming, it will continue. When people selling products and services suffer from boycott actions, then the spam will diminish, but not before.
The practice of automatically branding everyone having a dynamic IP and sending email via their own domains. Using non-ISP email servers is not a crime.
I own several domains, a few of them for almost 9 years. In that time I have used seven or eight IPs. Only for a year or so did I have a fixed IP. I don't send spam, my servers are not open relays, but I am penalized now because I can not get a fixed IP from Verizon.
First, Osirus starts using the wirelist to block dynamic IPs, now AOL is blocking dynamic IP.
Why should I be restricted to sending mail from a verizon address? I am a business owner who has domains representing my business. Why is it wrong to want my emails to come from _my_ domain and not from Verizon?
Don't even start with the pompous BS about doing SSH tunneling, or expecting business class service for consumer prices. I don't want to hear it. I'm paying business prices for my service. So sod off. Not everyone is in a position to physically host their own on-site server or afford their own OC-3.
Is any of this blocking really going to affect the spam situation? I don't think so. Spam is economically viable because consumers continue to shop from businesses that use spam as a marketing tool. Consumers continue to buy spammed products.
Spam is not a problem that will be solved by refucing email from entire IP blocks. Spam is a consumer education problem.
If people were as quick to boycott spammed product as they have been to pour french wine in the gutter, spam would be a thing of the past.
I've used both Mozilla and Opera. And while both browsers block most of the popups and popunders, I've found that the best way to rid my self of page trash is to use a Proxy Blocker.
I favor Proxomitron, a W32 "Shonenware" local proxy package. To register, you need to send them a pic of you holding a Shonen Knife CD. Proxomitron dosn't stop working or anything, even if you never "register." All of the features are still there even if you never get a Shonen Knife CD. They're hot, though. You should get one! Shonen Knife is ok.
Proxomitron is a powerful package. It does not require an installation program or diddle with the registry. No nags, no splashscreens. It's good, solid software. Many language translation are available, too.
Using Proxomitron, I can even rid stop that annoying personals box on the Boston Globe. I can block anything I want.
Proxomitron
I read it.
The main problems are in collection and identification. The RECIPIENT is expected to maintain a whitelist of "good email" addresses. So, then I am expected to enter the the address book for my entire company, including their personal address? New addresses from friends on the road using a throwaway yahoo address?
Not to mention the administration aspects for ISPs. Or how anyone could enforce this on the world. Spam works because it can be sent by the bazillion; good addresses or bad addresses. It's all the same to them. If your address bouces, they don't know. they don't much care, either. From casual observation of my email server logs, I still receive plenty of spam to addresses and aliases I killed off years ago. Years!
I get email for addresses that never existed on my system. Some of those have been coming for at least five years.
The idea is well-intentioned, but ludicrous. It would be impossible to implement. This will become another urban legend in time, just as that old chectnut about the US Postal Service charging for modem use or for sending an email.
FARKer #459.
Not bloody likely. Pay for email?
Check's in the mail.
Well, personally, IMHO, I've just look them over and filed them with the AOL CDs.
It's a whole new class of CD coaster!
Hi,
Sorry for not including a link...
US House of Representatives
Pay attention to clown boy's rhetoric about safe harbor...
Now that dalnet has been beaten into submission and compliance, I'll bet you a diet coke and a couple pack of twinkies that the attacks cease after a suitable period to make it appear as a unrelated action.
It takes deep pockets and plenty of manpower to hunt down a ddos attack and no one in US enforcement is going to expend the effort to help stop the attacks. They know which side of the bread their butter is on. Any effort to stop the activity would be frowned on by the people holding the pursestrings.
After all, why do you think a rep from California made the proposal?
NW Fusion also has some stuff.
Well, it seems no one remembers last year's rumblings of RIAA using technical means to kill the mp3 trading scene.
It looks like they kicked dalnet's ass, doesn't it. RIAA/BSA have no qualms about black hat enforcement. They've hinted as much several times and even asked for permission. So how can anyone be surprised when they went ahead did it anyway? It's not as though the FBI is going to go hunting them down, is it? No, not when there are easier, and poorer targets to look for.
Hell, even this was taken to court, they'd be there for years and then RIAA/BSA would simply ignore the ruling now that Microsoft has set the modern-day precedent (as opposed to the early 1900's magnates doing it).
Ah, well yes. A SysAdmin. I see. Well, I call "newbie," so sit back down and do that homework so teacher isn't cross with you.
You'd better review the bat book and a simple dns/bind book (Sorry, O'Reilly, your's isn't) and see how things really work before you get huffy with your betters.
So, know how to use reply-to. La-di-da.
How are you spoofing the $client_* macros on server side? Schon, stick to playing with _User side_ software (snicker) and leave the server side to others, okay?
The client macros expand to provide the IP address and hostname for a header on the receipient's server. Some mere users (with more knowledge than you) filter on from, IP, and hostname to provide an additional level of filtering beyond what the sendmail provides.
Stick to Outlook Express and imapd and stop butting in.
Yes, the article does appear very one-sided.
;-) I wish I could afford a T-1 to my basement just like you!
However, the point being made is legitimate: RBL's find it simpler to tar an entire block as spam than to surgically excise the cancer. They've lost the pinpoint accuracy of years ago.
Simply defining a spammer as a sender with a dialup IP who relays email through a third-party smtp server is not valid.
I spend a couple thousand dollars a year on DSL, hosting, and network charges. I've owned and maintained several domains for a number of years. I don't send spam, none of my users send spam. So, why am I a "designated spammer?" Just because I have a dial-up IP? Damn. Isn't that kinda harsh?
Whining? Unfounded complaining? No. I guess I'm just one of the poor unfortunates who can't afford a T-1 to the noc where their servers live
In my region, the fast access choices are Verizon DSL or cable modem. Verizon (through its monopolistic business practices) has made it extremely hard for other companies to get 1.5MB DSL lines into most COs. That gives them a lock on fast DSL service. Unfortunately, Verizon does not give fixed IP addresses.
Mr. Simpleanswer says, "Well, just request one."
Simply requesting a fixed IP won't get you one. The mythical "fixed-IP" tests are almost always in the VA area or _very_ small service areas in NY. Verizon uses DHCP and only leases the IP address for 24-36 hours.
Comcast Cable still sucks. They have longer dhcp leases, but they are a suck-assed ISP listed as dial-up in many lists. And they transfer limits on USENET. (WTF! What's up with that? What a dime-store operation!)
Changing ISPs to get a fixed-IP isn't an option. I need a fast line.
Mr. Simpleanswer says, "Well, why don't you just send email through your ISP's email servers?"
Well, that would look very professional and business-like, wouldn't it?
_My_ users expect _my_ emails to originate from _my_ domain. Does your sysadmin frequently send you email from a YaHoo address? From a Juno.com address? From a Verizon address?
Personally, if someone who represented themself as a SysAdmin from Verizon sent _me_ an email from a different domain, it'd go into the trash. And anyone who says they'd pay heed to any such email is probably also one of those people you read about who do odd sexual things for unknown phone callers. You know the ones, like the lady who gave herself a breast self-exam for a "doctor" conducting a phone survey....
Anyway, to summarize, RBls have lost the keen, effective edge they once held. Instead, they use the "Kill everyone and let god sort 'em out" approach to spam control. This is not a good thing.
Changing ISP or using an ISP's smtp server is not always practical.
Hi,
;-)
My BEFSR11 router was zapped from the unknown about five weeks ago. It simply stopped passing traffic.
I checked everything else then tried the router. It would not accept my password. I verified it, then tried again, but this time I noticed that it identified itself as a "LinkSic" router, instead of a LinkSys.
I powered down and restarted and it came back as itself. When emailed LinkSys about it, they seemed to know about it but said they hadn't seen it before. (??)
Things are sucky when you need a NAT'ed router to protect your NAT'ed router
-
The American government having realized that the Capper-Volstead Act (Prohibition) was a mistake, immediately changed its focus to the prohibition of drugs (Fool me once shame on you. Fool me twice...)
-
The United States of America, "The Land of the Free and the Home of the Brave"(tm) has the highest per capita prison population in the entire world.
-
65% of all prison inmates are incarcerated for a drug-related "crime" of some nature.
-
Private prison adminstration (i.e., privately owned or operated prisons) is rapidly becoming the newest high-tech, high-profit growth industry.
-
America is only so-called democracy where confiscation and seizure of private property without due process is the law.
With this track record, do not even think that the government can not punish a few million people.At the very least, simple confiscation and destruction of your computer system would serve their purpose. At worst, you could be charged with a crime and given a fine with a form letter that has your name on it.
Don't misunderstand, I do not support DCMA. It's a mistake. I'm only trying to point out that the idea that "they can't punish everyone" is not so. This is not like speeding in a crowd. There is a log trail leading right to your door.
And they have the money to read the trail, too. The justice dept isn't paying for TSP, the movie industry is footing the tab.
Civil disobedience will not work here, people. You would end up paying them to prosecute you.
Boycotts and bad publicity, on the other hand, can be devastating to a corporate entity. Poor box office showings can hurt them where they live.
I'm not advocating any piracy, I'm saying stop going to the theaters. Eat away at their cash and maybe they will push a re-write we'll like.
Just remember, crime doesn't pay. Well, not unless you're elected.
You are entitled to hold any opiion that lets you sleep at night. However, it is that opinion that is flawed, not PGP.
Follow this chain:
1. PGP either decrypts or it fails.
2. If a PGP decryption presents you with garbage, then garbage was encrypted.
If the operator compromises the decrypted results, and thereby the private key/passphrase, then it is operator error. Period. Sounds like a court martial, a $100K fine, and ten years in the brig getting your ass kicked by mean Marines to me.
If you want to base your comm sec on hare-brained ideas, that's your lookout. It ain't happening in my shop. You handle either handle _everything_ like the keys to the kingdom, or you may as well just type it out and snail mail it 'cause it ain't worth encrypting to begin with. It's your call.
Security not based on forethought and intelligence is fantasy. That is truth.
That sounds like plaintext to me. ++++++++++ Using encryption implies a need for privacy. If this is the case, then leaving your keyring unattended (yes, if it's automatic, it's unattended) and your passphrase in memory (how else can an automatic decryption be performed?) begs for compromise.
This is an attack in name, only. It is actually poor security, i.e., user compromise of keys and materials.
Flog 'em 'round the fleet keel 'aul 'em if there's anything left.
Perhaps my expectations too high. But, IMHO, there is no excuse for physical compromise. If a message arrives garbled, you ask for a resend. A keyring should only be available to PC when required and removed. The passprhase should not be stored in memory.
If you expect security, you must be responsible for your actions. Anything less than exacting procedures will always come back to bite you. Of course, the little things such as guarding the keyring, never writing down the passphrase, good physical security of the workstation are what count the most. Now that U.S. agencies can legally perform what were previously illegal entries and illegal monitoring, these little things have become extremely vital...
I'm good for anything short of a Van Eyck attack.
Please, read this article a with an eye to word meanings and English usage.
This is a setup and usage problem in the email client, not in a flaw in PGP.
If a person is fool enough to leave their keyring available to the mail client (that's what the floppy disk in my pocket is for), to not remove their passphrase from memory, and to automatically include the plain-text version of an encrypted message when replying, they deserve no security.
This so-called "flaw" in PGP is on a par with calling an OUTLOOK email flaw a virus.
Link to The Norway Post's story.