Re:This is depressing...
on
As the Spam Turns
·
· Score: 3, Insightful
How about facing this fact.
ISP's that don't do something to combat spam are going to have customers leave over it.
There are other ways of maintaining the list. I have heard the arguements many times, but fundamentally, its up to the sender to be certain that the recipients want to receive the email.
First of all, is the sign up process a Double Opt-In process? A pita to implement if it isn't done already, but good luck keeping an accurate list without it. It also helps establish a trust with the people who want the mail. 99% of the spam I still get claims that at some point in time I signed up for this list.
Secondly how active is the list? Someone signing up for a list that doesn't generate any traffic for 6 months is a sure way to have people think your spamming them, even if they did actually ask to be on the list.
As far as the spam lists, I've had to deal with there overzealous behaviour as well. They block mail servers that have an open relay hole in them very fast. The more zealous the site, the less likely I am to use the list. No ISP is doing their customers a service by using lists that are ready to block every IP out there and damn them to hell for ever.
I knew all these SUV's were good for something... and it is... we can now import our PS2's and Plasma TV's cheaper with the new northern passage.
Everyone turn on everything electic and crank up the heat. We need to get some of those old shutdown powerplants online to speed this global warming thing up. Don't do it for me, do it for your toyful future.
IPSec will allow you to encrypt all traffic to each end host. So for example, your traffic to/. would be encrypted by your end, and decrypted by their end. At least thats the ideal.
PPTP will let you setup encrypted tunnels, but its still out in the open after some point in time.
Because other encoders are written for people who can tell the difference between sound that seems to be good and sound that really is good.;-)
But you must be mistaken, I mean, millions of fans love Backstreet Boys and they can't all be wrong? And what about N'Sync, I mean, they almost sorta had cameo's in Eps2. Certainly the majority of people can determine what is true quality!
Once you've identified the message as spam, you can submit it to services like spamcop or create a short term blackhole list to block future connection attempts. This is of course based on the claim that it stops all but 5 out of 1000 spam messages, with 0 false positives
I suspect that the implementation of this would best be done in the mail client, and not on the mail server, which might be a problem. Setting up a hash for every user on any mail server with a reasonably large userbase would require massive disk space and huge processing time.
I'm not sure how this is really relevant though. The courts had to decide who owned the idea. IANAL, but it seems to me that his only basis for ownership of the idea was that he started this idea years before he was hired.
There are really 3 issues that I see.
Evan Brown defended himself. This was probably for financial reasons. Still, if you go to his personal page, it seems like he was quite overwhelmed by the legal system (Thats probably another discussion right there)
He tried to turn his idea into financial gain inside the company. One interpretation of this is "Give me money and royalties or I take my idea and start my own company". This may not have been his intention, but I suspect that Alcatel interpreted the situation as this.
He didn't document his idea. To quote from the site:
"Brown asserts that he began developing the idea in 1975, well before his employment with DSC began in 1987, and had achieved about 80 percent of the solution. In March 1996, Brown claims, he mentally solved the remaining 20 percent while vacationing."
Personally, I would doubt that someone could develop an idea for 21 years and not have any documentation to prove it. I will not say that its impossible, but I think it would be highly improbable.
All this said, I am curious what would have been the ruling (or are there any) if he had a partner in his idea? What if this partner worked for another large intrested company? Who would have had ownership?
This movie was a real action movie based on a comic book hero, nothing more nothing less. I personally found it to be quite entertaining, but I wasn't expecting something that would move my soul. If you want to pick on something to complain about, why not some of the "wrestling moves" used in a few of the fight scenes.
I found the plot to be sufficient to move from one fight to the next. They make a decent effort to explain things like Whistler still being alive, and they had already established the nature of the virus in the first movie. It had more action then the Blade, but was exactly what I was expecting to see. I wasn't disappointed in it at all and intend on seeing it again with a friend.
The problem here is that both sides were expecting different things from the other side. ISP's were not expecting people to stay connected with their modems 7x24, nor were they expecting them to run P2P and effectively become a server.
Consider it this way, Rogers is essentially permitting high bandwidth applications such as P2P software.
Uhm... its CDN$40/month, which is almost US$25 per month, for 300k/50k connection. Also, bandwidth costs and infrastructure costs are much higher in Canada then they are in the US.
I've always found it very weird how we have faster connections for cheaper money.
Having read that article I have to say that I'm not surprised. If there is a good general rule of thumb, its that the kernel isn't stable until the fork for the next kernel has happened.
That said, I have 2 production boxes up and running with 2.4.x (one is 2.4.9 and the other is 2.4.12). If I remember the timeline for the big VM switch right, one is pre and one is post.
2.4.12: up 69 days, 43 min
2.4.9: up 53 days, 17:00
So far, none of these boxes has had any problem. We generally don't upgrade kernels on a production box, prefering to rebuild the entire system. This may explain why these boxes are so reliable. They were setup with distributions that used the 2.4 kernel.
The simple answer is treaties. If you read a bit further in the page, you will see a list of treaties, which include the need for the participants to provide some legal framework to protect the copyright holders.
http://strategis.ic.gc.ca/SSG/ip01076e.html
Basically, yes, this is coming, and frankly, I don't have a problem with the intent, so long as the implementation is done properly. It really shouldn't be too hard to see the faults with the American implementation and to create one that is much more accomidating. Also, if we can do it properly, it would create a haven for development in Canada just like encryption is now.
Uhm... if they are blocking all port 25 traffic from going through their network, then any rogue SMTP servers will -NOT- be used as relays since they will be denied the ability to send mail to other servers on port 25.
I suppose it depends on how these companies have these rules defined, but what you identify yourself as to the mail server can be different then what you identify yourself in the body of the message.
I like it when a story is consistent. There is alot of Star Trek lore built up over the years, and if Paramount throws it all away, yes, it will bother me.
I wasn't too happy with either DS9 or Voyager, and I hope that they aren't creating a "Enterprise" just to try to "erase" the relative failures that the non Enterprise shows were.
Hope its good, won't watch if its bad.
Personally, I think its very cool that people are trying to see if they can get this or that working on this or that. They aren't doing it to benefit anyone, just too see if it can be done. Unix was created in a similar fashion.
The more that corporate and/or commerical intrestes get invested into Linux the more people are critical of projects that they don't see benefiting themselves. I would suggest that if you (refering to everyone here) don't see value in a specific project, then just ignore it.
I'm wishing that this was me selling it. I mean... just think what you could do with $10,100. I mean, a new computer, a good chunk of a new car, Might even be enough for a down payment on a house.
To solve the problem of how to keep the logs in such a way that privacy is ensured, have the data stored for the user account using a public key, and have the client receive the contents in an encrypted format. Only their key can access it.
As for infrastructure. I see two issues. First of all is capturing all webtraffic. I suppose this could be done with either a transparent proxy (this has issues) or something that will sniff the traffic and record the resources as they are requested (might be a bit numerous depending on the site).
The other issue I see is linking the connection back to a specific login. I know that our Radius server generates alot of logs. I imagine realtime information would be nice, but with Radius not providing very reliable information this is probably not very feasible.
For accounting, we only look at stop records. A missing stop record will not result in inflated numbers. For Gore's plan, I imagine that you would have to maitain a list of URL's for a specific IP. If a stop record is received for the given IP, process the list, if a start record is received for that IP, clear the list. Also, the duration of the connection given in the stop record should be used to verify that the URL's are only for that session.
I consider this a very bad idea imho, but figured it might be intresting to discuss how it could be deployed rather then why it shouldn't be.
PayPal will only win and become the defacto standard if they become international. I know that they say that they will be going international, but my attitude is, I'll believe it when I see it, words are cheap.
They may get very rich, but they will not have any longevity if they don't go international, regardless of all the risks included. Basically, if they don't someone else will. Who do you think I will signup with considering that I'm not American.
I suspect that if PayPal doesn't push to cover all of North America and get to Europe, they will see strong competition come from Europe. Europe, with its unified currency seems to me to be a perfect place for this type of company to start, and if they are aggressive. Well...sucks to be PayPal.
Furthermore, many people submitted the information without charging anybody and they thought their help would remain free, because the initital licence was GPL
Was CDDB GPL'ed when it started or at some point during its life? If so, does that version contain this "encoding" in it?
My company uses Microsoft Exchange (or Lotus Notes). Will I be able to replace my Windows machine with a Linux machine running Evolution?
We will support as many (useful) open protocols as we can, but the first release will most likely not be able to interoperate with all of the features of various closed proprietary systems.
True, but again, I'm not sure where the benefit is. If your system is compromised where someone can modify a file on one partition, modifying it on your root partition is no different. I am ignoring NFS, where I could see some value to mounting a partition nosuid.
Moving SUIDed programs may not be the best way to go. I'm not sure what the benefits of moving the setuid programs are. I can think of numerous situations where doing this woudl be very bad though.
If you use chroot to secure certain facilities on your server, and have any setuid program located within, your script would move the program out of the tree. The symbolic link would not function because the path would be invalid.
I personally would tend to be suspicious of anything that wasn't in it anticipated spot. Now, if I move something, then obviously I'm aware of whats going on, but any auditing system/procedure might not. And lets face it, and auditing system that crys wolf alot, is only marginally better then no system.
IMHO, the best way to watch setuid programs is to do just that. Just scan them for changes that your not aware of, or new ones showing up or going missing, and take what ever action you deem to be required.
Downloading MP3's of copyright music is wrong. Someone put alot of effort into creating this art, and their intention was to receive some financial reward for their efforts. I have no problem with this, and I have no problem providing a portion of their reward if I believe it is worthy of my hard earned money. My issue with these lawsuits is that napster is a distribution method, and nothing more. It allows people to share their MP3's. The mistake is in equating copyrighted music with MP3's. An MP3 is simply a format that contains encoded music. This music may be illegal, or it may be legitimate shareable content. That depends on the source of the file, not its mere existence.
Napster makes a tool which allows people to distribute MP3 files to other people. It doesn't care what the contents of these files are. It seems to me that charging Napster for making a distribution tool is wrong. This would be like charging PKware for making compression programs that can be used to aid in the distribution of illegal software. I mean, why else would you compress something on your machine. Perhaps every system that runs a news server should be charged since they are running a service that permits the distribution of illegal software.
You may believe that the statement of suing Napster users is ridiculous. IMHO they are the only ones who have really violated the copyright of the artists. The reason that Napster is the target, is because it is perceived as a control point. Take it out and you have the ability to affect the highest number of users. The music industry is fighting this out as a war, and really doesn't care about anything more then buisness.
I must say that this seems like a very intresting approach to deal with this issue. I'd be intrested in finding out how well it works. My only concern is will it create a level of laziness when it comes to security.
When I'm writting code, why should I worry about such trivial issues such as buffer overflows. I mean, libsafe will cover my butt now. Also, why should I upgrade my ftp server, my machine is a fortress now.
Security is not something I consider tangible. It doesn't come down to the system being secure or not secure, it comes down to the people who run the system being secure or not secure. Part of that is the people running the system need to stay on top of issues and resolve them. My biggest concern with this package is people getting a false sense of security with it. Having worked with people who believed that a system was unbreakable because it was using ssh, I'm very afraid about what they will believe with this package.
That said, I do plan on checking it out, I will consider it a tool too help make my system(s) more secure.
A very wise man once said the most secure machine is one incased in cement at the bottom of the ocean.
I know what I would prefer to be the case, but if there is a technical method to enforce a rule on content (ie no deep linking) is the technical methods presence enough to prevent the legal solution from being adapted?
I'm wondering if ticketmaster is using the legal method to hurt/destroy tickets.com rather then to protect their content. If they implemented a technical solution, they really wouldn't have a case against tickets.com, and wouldn't that be a shame.
It seems to me that AI is something that you either have achieved, or something that you have not achieved. Alot of people though claim to have acheived some degree of AI. Is there a definition of AI that allows these claims to be true, or are they simply trying to take advantage of (and/or build) hype around the concept of AI?
Slashdot Mirror
How about facing this fact.
ISP's that don't do something to combat spam are going to have customers leave over it.
There are other ways of maintaining the list. I have heard the arguements many times, but fundamentally, its up to the sender to be certain that the recipients want to receive the email.
First of all, is the sign up process a Double Opt-In process? A pita to implement if it isn't done already, but good luck keeping an accurate list without it. It also helps establish a trust with the people who want the mail. 99% of the spam I still get claims that at some point in time I signed up for this list.
Secondly how active is the list? Someone signing up for a list that doesn't generate any traffic for 6 months is a sure way to have people think your spamming them, even if they did actually ask to be on the list.
As far as the spam lists, I've had to deal with there overzealous behaviour as well. They block mail servers that have an open relay hole in them very fast. The more zealous the site, the less likely I am to use the list. No ISP is doing their customers a service by using lists that are ready to block every IP out there and damn them to hell for ever.
I knew all these SUV's were good for something... and it is... we can now import our PS2's and Plasma TV's cheaper with the new northern passage.
Everyone turn on everything electic and crank up the heat. We need to get some of those old shutdown powerplants online to speed this global warming thing up. Don't do it for me, do it for your toyful future.
IPSec will allow you to encrypt all traffic to each end host. So for example, your traffic to /. would be encrypted by your end, and decrypted by their end. At least thats the ideal.
PPTP will let you setup encrypted tunnels, but its still out in the open after some point in time.
But you must be mistaken, I mean, millions of fans love Backstreet Boys and they can't all be wrong? And what about N'Sync, I mean, they almost sorta had cameo's in Eps2. Certainly the majority of people can determine what is true quality!
Once you've identified the message as spam, you can submit it to services like spamcop or create a short term blackhole list to block future connection attempts. This is of course based on the claim that it stops all but 5 out of 1000 spam messages, with 0 false positives
I suspect that the implementation of this would best be done in the mail client, and not on the mail server, which might be a problem. Setting up a hash for every user on any mail server with a reasonably large userbase would require massive disk space and huge processing time.
There are really 3 issues that I see.
- Evan Brown defended himself. This was probably for financial reasons. Still, if you go to his personal page, it seems like he was quite overwhelmed by the legal system (Thats probably another discussion right there)
- He tried to turn his idea into financial gain inside the company. One interpretation of this is "Give me money and royalties or I take my idea and start my own company". This may not have been his intention, but I suspect that Alcatel interpreted the situation as this.
- He didn't document his idea.
All this said, I am curious what would have been the ruling (or are there any) if he had a partner in his idea? What if this partner worked for another large intrested company? Who would have had ownership?To quote from the site: Personally, I would doubt that someone could develop an idea for 21 years and not have any documentation to prove it. I will not say that its impossible, but I think it would be highly improbable.
Blade Bio
This movie was a real action movie based on a comic book hero, nothing more nothing less. I personally found it to be quite entertaining, but I wasn't expecting something that would move my soul. If you want to pick on something to complain about, why not some of the "wrestling moves" used in a few of the fight scenes.
I found the plot to be sufficient to move from one fight to the next. They make a decent effort to explain things like Whistler still being alive, and they had already established the nature of the virus in the first movie. It had more action then the Blade, but was exactly what I was expecting to see. I wasn't disappointed in it at all and intend on seeing it again with a friend.
The problem here is that both sides were expecting different things from the other side. ISP's were not expecting people to stay connected with their modems 7x24, nor were they expecting them to run P2P and effectively become a server.
Consider it this way, Rogers is essentially permitting high bandwidth applications such as P2P software.
Uhm... its CDN$40/month, which is almost US$25 per month, for 300k/50k connection. Also, bandwidth costs and infrastructure costs are much higher in Canada then they are in the US.
I've always found it very weird how we have faster connections for cheaper money.
Having read that article I have to say that I'm not surprised. If there is a good general rule of thumb, its that the kernel isn't stable until the fork for the next kernel has happened.
That said, I have 2 production boxes up and running with 2.4.x (one is 2.4.9 and the other is 2.4.12). If I remember the timeline for the big VM switch right, one is pre and one is post.
2.4.12: up 69 days, 43 min
2.4.9: up 53 days, 17:00
So far, none of these boxes has had any problem. We generally don't upgrade kernels on a production box, prefering to rebuild the entire system. This may explain why these boxes are so reliable. They were setup with distributions that used the 2.4 kernel.
The simple answer is treaties. If you read a bit further in the page, you will see a list of treaties, which include the need for the participants to provide some legal framework to protect the copyright holders.
http://strategis.ic.gc.ca/SSG/ip01076e.html
Basically, yes, this is coming, and frankly, I don't have a problem with the intent, so long as the implementation is done properly. It really shouldn't be too hard to see the faults with the American implementation and to create one that is much more accomidating. Also, if we can do it properly, it would create a haven for development in Canada just like encryption is now.
Uhm... if they are blocking all port 25 traffic from going through their network, then any rogue SMTP servers will -NOT- be used as relays since they will be denied the ability to send mail to other servers on port 25. I suppose it depends on how these companies have these rules defined, but what you identify yourself as to the mail server can be different then what you identify yourself in the body of the message.
I like it when a story is consistent. There is alot of Star Trek lore built up over the years, and if Paramount throws it all away, yes, it will bother me. I wasn't too happy with either DS9 or Voyager, and I hope that they aren't creating a "Enterprise" just to try to "erase" the relative failures that the non Enterprise shows were. Hope its good, won't watch if its bad.
Personally, I think its very cool that people are trying to see if they can get this or that working on this or that. They aren't doing it to benefit anyone, just too see if it can be done. Unix was created in a similar fashion.
The more that corporate and/or commerical intrestes get invested into Linux the more people are critical of projects that they don't see benefiting themselves. I would suggest that if you (refering to everyone here) don't see value in a specific project, then just ignore it.
I'm wishing that this was me selling it. I mean... just think what you could do with $10,100. I mean, a new computer, a good chunk of a new car, Might even be enough for a down payment on a house.
As for infrastructure. I see two issues. First of all is capturing all webtraffic. I suppose this could be done with either a transparent proxy (this has issues) or something that will sniff the traffic and record the resources as they are requested (might be a bit numerous depending on the site).
The other issue I see is linking the connection back to a specific login. I know that our Radius server generates alot of logs. I imagine realtime information would be nice, but with Radius not providing very reliable information this is probably not very feasible.
For accounting, we only look at stop records. A missing stop record will not result in inflated numbers. For Gore's plan, I imagine that you would have to maitain a list of URL's for a specific IP. If a stop record is received for the given IP, process the list, if a start record is received for that IP, clear the list. Also, the duration of the connection given in the stop record should be used to verify that the URL's are only for that session.
I consider this a very bad idea imho, but figured it might be intresting to discuss how it could be deployed rather then why it shouldn't be.
They may get very rich, but they will not have any longevity if they don't go international, regardless of all the risks included. Basically, if they don't someone else will. Who do you think I will signup with considering that I'm not American.
I suspect that if PayPal doesn't push to cover all of North America and get to Europe, they will see strong competition come from Europe. Europe, with its unified currency seems to me to be a perfect place for this type of company to start, and if they are aggressive. Well...sucks to be PayPal.
Furthermore, many people submitted the information without charging anybody and they thought their help would remain free, because the initital licence was GPL
Was CDDB GPL'ed when it started or at some point during its life? If so, does that version contain this "encoding" in it?
From the Evolution Faq which is available here.
My company uses Microsoft Exchange (or Lotus Notes). Will I be able to replace my Windows machine with a Linux machine running Evolution?
We will support as many (useful) open protocols as we can, but the first release will most likely not be able to interoperate with all of the features of various closed proprietary systems.
True, but again, I'm not sure where the benefit is. If your system is compromised where someone can modify a file on one partition, modifying it on your root partition is no different. I am ignoring NFS, where I could see some value to mounting a partition nosuid.
If you use chroot to secure certain facilities on your server, and have any setuid program located within, your script would move the program out of the tree. The symbolic link would not function because the path would be invalid.
I personally would tend to be suspicious of anything that wasn't in it anticipated spot. Now, if I move something, then obviously I'm aware of whats going on, but any auditing system/procedure might not. And lets face it, and auditing system that crys wolf alot, is only marginally better then no system.
IMHO, the best way to watch setuid programs is to do just that. Just scan them for changes that your not aware of, or new ones showing up or going missing, and take what ever action you deem to be required.
Napster makes a tool which allows people to distribute MP3 files to other people. It doesn't care what the contents of these files are. It seems to me that charging Napster for making a distribution tool is wrong. This would be like charging PKware for making compression programs that can be used to aid in the distribution of illegal software. I mean, why else would you compress something on your machine. Perhaps every system that runs a news server should be charged since they are running a service that permits the distribution of illegal software.
You may believe that the statement of suing Napster users is ridiculous. IMHO they are the only ones who have really violated the copyright of the artists. The reason that Napster is the target, is because it is perceived as a control point. Take it out and you have the ability to affect the highest number of users. The music industry is fighting this out as a war, and really doesn't care about anything more then buisness.
When I'm writting code, why should I worry about such trivial issues such as buffer overflows. I mean, libsafe will cover my butt now. Also, why should I upgrade my ftp server, my machine is a fortress now.
Security is not something I consider tangible. It doesn't come down to the system being secure or not secure, it comes down to the people who run the system being secure or not secure. Part of that is the people running the system need to stay on top of issues and resolve them. My biggest concern with this package is people getting a false sense of security with it. Having worked with people who believed that a system was unbreakable because it was using ssh, I'm very afraid about what they will believe with this package.
That said, I do plan on checking it out, I will consider it a tool too help make my system(s) more secure.
A very wise man once said the most secure machine is one incased in cement at the bottom of the ocean.
I'm wondering if ticketmaster is using the legal method to hurt/destroy tickets.com rather then to protect their content. If they implemented a technical solution, they really wouldn't have a case against tickets.com, and wouldn't that be a shame.
It seems to me that AI is something that you either have achieved, or something that you have not achieved. Alot of people though claim to have acheived some degree of AI. Is there a definition of AI that allows these claims to be true, or are they simply trying to take advantage of (and/or build) hype around the concept of AI?