Slashdot Mirror


User: Animats

Animats's activity in the archive.

Stories
0
Comments
14,273
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 14,273

  1. Don't expect much. - the DMA is involved. on FBI Plans Spammer Smackdown · · Score: 2, Insightful
    The FBI now claims to be "investigating spam". But they've contracted with the Direct Marketing association for support, the project has been going on since at least August 2003, and they're vague about what resources are actually being devoted to the project.

    The "Notable early accomplishments" read very strangely. They seem to have been drafted for maximum deniability. "Developed ten primary subject packets developed and for referral to Law Enforcement" "We are already planning meetings to ensure that this initiative is on track, and to further define the scope and packaging of this activity are being planned." Doesn't sound like a major roundup of criminals is in the works.

    The FBI doesn't actually produce many arrests per hour expended. The FBI's Baltimore-based child porno operation produces about 1.6 arrests per agent year. They have 200 agents on that operation, or about 2% of their agent staff. (The FBI isn't that big. There are only about 12,000 agents. The NYPD is four times as large.) So to shut down 100 spammers per year, they'd probably have to devote about 75 agents to the operation, which is a big bite for them.

    The DMA involvement is part of the problem. The DMA carefully crafted the CAN-SPAM act to make it expensive to enforce. The California law (which CAN-SPAM invalidated) was nice and simple - advertise using spam, go to jail. It's easy to find and arrest the advertisers, who collect the money. CAN-SPAM requires finding the actual spammers, which is much harder. With the DMA working closely with the FBI, they can direct the FBI away from "responsible e-mail marketers", as the DMA puts it. They may also receive FBI cooperation in lobbying against stronger anti-spam legislation in future.

  2. The OS should enforce those principles on Google's Software Principles · · Score: 1
    Many of those principles are enforceable by the operating system. If an application doesn't need to connect to the outside world to do the job it says it is doing, it shouldn't have the permissions to do so. Installation should be much more contained - installers should have far more limited privileges.

    The basic UNIX permissions model is too weak to enforce this, but something based on NSA Secure Linux might work.

  3. FBI claims to be "investigating spam" on Accused Spammer to Debate SpamCop Founder · · Score: 2, Interesting
    The FBI now claims to be "investigating spam". But they've contracted with the Direct Marketing association for support, the project has been going on since at least August 2003, and they're vague about what resources are actually being devoted to the project.

    The "Notable early accomplishments" read very strangely. They seem to have been drafted for maximum deniability. "Developed ten primary subject packets developed and for referral to Law Enforcement" "We are already planning meetings to ensure that this initiative is on track, and to further define the scope and packaging of this activity are being planned." Doesn't sound like a major roundup of criminals is in the works.

    The FBI doesn't actually produce many arrests per hour expended. The FBI's Baltimore-based child porno operation produces about 1.6 arrests per agent year. They have 200 agents on that operation, or about 2% of their agent staff. (The FBI isn't that big. There are only about 12,000 agents. The NYPD is four times as large.) So to shut down 100 spammers per year, they'd probably have to devote about 75 agents to the operation, which is a big bite for them.

  4. Domain proliferation on Berners-Lee on the TLD Explosion · · Score: 1
    I've been saying that for years, all the way back to when Esther Dyson was "queen of the Internet". I think we should limit ".org" to organizations with members, keep ".net" and ".com", and sunset all the other non-country domains. Country domains should be limited to activities with a physical presence in the country involved.

    The total number of domains registered peaked years ago, and is steadily decreasing. The registrars are frantically trying to devise new revenue streams, most of which involve extracting more money per domain holder.

    Registration in ".com" should require that the registration info for individuals match the name and address on the credit card used to pay for the domain. Domains registered in the name of a corporation should be validated against the registry of corporations for the appropriate jurisdiction. That would improve the validity of the "whois" information.

    I'd only do this for ".com". Non-business websites that don't want to clearly identify themselves should move to ".net" or ".org". Any business not in ".com" would then be assumed to be fraudulent.

  5. Where are the banks? on 71% of Spam Servers are Located in China · · Score: 3, Insightful

    If you put a credit card number into a site, what bank gets the transaction? That's how to track spammers.

  6. Windows and Linux are both monolithic kernels on Andy Tanenbaum on 'Who Wrote Linux' · · Score: 1
    Windows and Linux are both monolithic kernels. Both have drivers, networking, and file systems inside the kernel. Windows NT 4.0 and later even have much of the GUI inside the kernel. (NT 3.51 and earlier did not. The reason that stuff moved inside the kernel had to do with replicating the exact, if broken, behavior of Windows 95 in NT 4.)

    Microkernels are hard to do, but QNX demonstrates that you can do everything you need to do with a very small microkernel.

  7. ETS can't construct a valid sentence on Indiana First With Computerized Grading · · Score: 1
    From the ETS site:
    • "If you would like to try out e-rater, you can obtain an ID and password and submit and original essay for scoring on the CriterionSM Web site."

    Automatic essay grading should not be used until the grading program has enough intelligence to construct counter-arguments to the essay.

  8. You don't have to go on Can Star Wars Episode III Be Saved? · · Score: 3, Insightful
    So don't go. I haven't seen any of the Star Wars movies since #3 or so, which is about when they started to suck.

    The embarassing thing about the whole Star Wars series is that nobody else has done much better space opera. It's been a quarter century, after all. The special effects problems have all been solved. There are franchises out there, in the space opera genre alone, with more potential. David Weber's Honor Harrington series, or the Man-Kzin Wars, to cite two good examples. Yet the industry is bringing back Battlestar Galactica, which, in its day, was generally considered lousy. And turning about four big-budget vampire movies per year.

    Meanwhile, effort should be devoted to insuring that Star Wars III merchandise is biodegradeable, so there's no major disposal problem like last time.

  9. This exists, and it's called Renderware on Microsoft's Real Plan For XNA Gaming Domination? · · Score: 5, Interesting
    There already is a product that does now what XNA claims to do someday. It's called Renderware. Renderware claims that about one in four games published today use Renderware.

    Renderware is billed as a "universal game engine", more or less. Actually, it's the physics engine from Mathengine, an AI engine from Knyogon, a rendering engine, and an audio engine, which more or less play together. There's also a generic level editor, a build tool, and a configuration management system for all the game assets. All the major target platforms are supported.

    In general, none of those components are considered the best in their class. When you look at the titles supported, you don't see any of the top 10 games. But there are time-to-market advantages in buying them all your tools from one vendor. That's the sort of thinking that attracts Microsoft.

    So if you want to see what XNA would be like, check out Renderware.

  10. Re:Free download of a similar system for Java on High Integrity Software · · Score: 1
    I'm glad to see someone is working on that.

    If you're involved in that, you might want to look into how we avoided the "false axiom" problem that makes ESC/Java unsound. ESC/Java has an Oppen/Nelson type prover. So did we. But we also used the Boyer-Moore theorem prover, which understands recursion, to prove more difficult theorems. This removed the need for users to add "axioms".

    There's so much that could be done in this area. We really do know in theory how to eliminate bugs. Somebody needs to make that a usable technology.

  11. Re:GNU Nana for C++ on High Integrity Software · · Score: 1
    Eiffel's Bertrand Meyer is considered father of Design by Contract methodologies.

    No, he's just the publicity guru of them. He came late to that technology. C.A. Hoare is probably the "father", back in the 1970s.

  12. Like in Spy Kids 3D? on Star Wars Episode III : Birth Of The Empire · · Score: 4, Funny
    'A thrilling lightsabre clash between Obi-Wan Kenobi and Anakin Skywalker while surfing on lava.'

    You mean like the lava surfing scene in Spy Kids 3D?

    Lucas used to be original. But THX-1138 was a long time ago.

  13. Free download of a similar system for Java on High Integrity Software · · Score: 5, Insightful
    We did this twenty years ago, for a dialect of Pascal. See Practical Program Verification. Back then, you could do it, but it was rather slow. Today, with machines thousands of times faster than the VAX 11/780 we used back then, it's much more feasible. But you need a language suitable for verification. C and C++ are hopeless - the semantics of the language are ambiguous. (Casts, pointer arithmetic, and "void *", make the typing system unreliable.) The Pascal/Modula/Ada family are suitable, with modifications and limitations. Eiffel and Sather do well, but few use them. Java, though, is both verifiable and widely used.

    The best available modern system for formal verification is the Extended Static Checking system for Java developed at DEC SRL. This was developed at DEC before HP shut down that research operation. It's still available as a free download.

    What all this machinery does is put teeth into "design by contract". With systems like this, you can tell if a function implements its contract, and you can tell if a caller complies with the contract of each thing they call. Before running the program.

    Developing in this mode means spending forever getting rid of the static analysis errors. Then, the program usually just runs. That's exactly what you want for embedded systems. But it's painful for low-grade programming like web site development, where "cosmetic errors" are tolerable and time-to-market matters more than correctness.

  14. Trade your game currencies here on Economics of Online Gaming · · Score: 1
    The article mentions that there's a market maker for game currencies, but doesn't link to it.. It's here.. Gaming Open Market makes a market in ten different game currencies, from Therebucks to EVE ISKs. The usual charts and chatter of commodity speculation appear on the site:
    • "Are we seeing a reversal in TBUX prices? The past few months have pushed the price of the Therebuck down substantially from around $1.04 (per 2000 Therebucks) at the start of March to an all-time low of $0.85 seen on April 19. Just this past week has indicated that there might still be some hope."

    Gaming Open Market offers game currency portability; you can exchange your Ultima Online gold for Therebucks. This may increase game churn, just as number portability does for phones. You can take it with you when you leave the game.

  15. Once, you could log into Stallman's account on Safe and Insecure? · · Score: 5, Interesting
    Long, long ago, anyone could log into Stallman's account at MIT via the Internet. He didn't have a password. That was intentional. Anyone on the net could look at and copy his files. Even make changes, although you didn't do that without a really good reason. That was how free software worked in 1981.

    So that's where this all came from.

  16. Fission and coal, if we have to on Out of Gas · · Score: 4, Interesting
    If we have to, we can run everything on fission power and coal, with batteries for vehicles. The US still has about 400 years worth of coal left.

    Nuclear waste disposal isn't really a problem. It's a political football in the US, but that's a political problem, not a technical one. There are rock formations that have been stable for twenty million years. (Yucca Mountain isn't one of them, though.)

    The problem is Chernoybl-sized disasters and air pollution from the coal. Everybody worries about the first, but the second is more dangerous.

  17. Re:Visit the Pro Bulk Club for fun and profit. on Anti-Spammers Infiltrate Private Online Spam Clubs · · Score: 1
    One of the three "merchants" linking to "buy-secure.com" is here. They're selling the "Gary Halbert Stock System". Searching for "Gary Halbert" turns up this litigation release from the Securities and Exchange Commission.. The SEC would like Mr. Halbert to answer some questions, and has asked a federal court to compel him to appear.

    I think we're getting close.

  18. Re:Visit the Pro Bulk Club for fun and profit. on Anti-Spammers Infiltrate Private Online Spam Clubs · · Score: 1
    Just for fun, more on Pro Bulk Club.

    They bill through Buy-Secure.com, which looks like a payment processing service but is probably a dummy front.

    The Buy-Secure.com site seems to be a ripoff of the site of Multicards, in the Netherlands. Even the fax number is the same. They even link to Multicards' Verisign ID and have an SSL certificate issued by RSA but with Multicards' address.

    Checking Google for all links to "buy-secure.com" provides some interesting leads. Only three "businesses" use "buy-secure.com", and some of them can be located.

  19. Visit the Pro Bulk Club for fun and profit. on Anti-Spammers Infiltrate Private Online Spam Clubs · · Score: 1
    You, too, can visit the Pro Bulk Club, home of the "Millions CD" Some quotes:

    "As a professional direct emailer, you know that it is becoming much more difficult to distribute commercial email due to new anti-spam and double opt-in legislation currently operating in both the USA, UK and eventually the world...." "We give you the resources to potentially email EVERY PERSON IN THE WORLD."

    This site resides on "4usservers.net", which appears to be on a COVAD line in McLean, VA, "h-68-166-46-225.mclnva23.covad.net" [68.166.46.225], in case anybody cares. That's probably an 0wned proxy, since it's an old Sun Cobalt Linux system with a known vulnerability.

  20. Get a real merchant account on Paypal Deals Blow To Freenet · · Score: 3, Informative

    If you want to accept credit card payments, get a real merchant account. It's not hard. Or sign up with a donation processing service, like Click and Pledge.

  21. SCOX hits new 52-week low. on Linus Not The Father Of Linux, According to Report · · Score: 1
    SCOX closed at $4.81 today, down 6.60% for the day. This is a significant milestone, because it's a new 52-week low. SCOX is now back to where it was a year ago, roughly when the FUD attack started.

    Monday's daily chart is interesting. I mentioned earlier that it looked like someone was trying to prop up the price. It wouldn't go below $5.00, even momentarily. If that was SCO's announced stock buyback in action, the buyback had to stop half an hour before the market close to comply with SEC Rule 10b-18. And, sure enough, half an hour before market close, the price goes into a dive.

    SCO's stock buyback has failed to stem the decline. They apparently tried to support the price around 10, and that failed. They seem to have tried at 6, and that failed. Now it looks like they tried at 5, and that failed.

    How low can it go? Well, SCO's all-time low, reached around two years ago, is around 1.

  22. Re:Run QNX on the desktop on The Windows Security Nightmare · · Score: 1
    For people who just need a browser and E-mail, QNX is an option, and a relatively trouble-free one. Admittedly it's an unusual option, but then, so was Linux on the desktop three years ago.

    The QNX kernel doesn't need constant patches. It's a true microkernel. All it does is manage memory, CPU, and message passing. Everything else is in a protected-mode user process. That includes networking, file systems, drivers, and windowing. The QNX kernel is updated perhaps every one to two years. Once the message-passing primitives work right, all new features go in user space. The most recent set of microkernel updates was to support 64-bit address spaces.

    Both Microsoft and the Linux crowd, with their bloated kernels, are trapped in an endless cycle of patching, then patching the patches. The kernel never settles down into a rock-solid set of primitives.

    QNX is what the GNU Hurd should have been, if the Hurd crowd had ever been able to get their act together. Microkernels, unlike UNIX clones, are hard to design. Few have succeeded. L4, Eros, Mach, and the Hurd were unsuccessful. I'd like to see an open source system as good as QNX, but nobody has been able to bring it off.

    The classic complaint about microkernels is that they waste too much time copying data around. But in practice, that's not a big problem if message passing is at all efficient. You get some of that overhead back if you do message passing right, and the scheduler understands that a message pass normally implies an immediate context switch.

    My point here is that the "bloat and patch" model used by both Microsoft and Linux is falling apart of its own weight. QNX offers a way out.

  23. Run QNX on the desktop on The Windows Security Nightmare · · Score: 4, Informative
    One safe option is to run the free version of QNX on the desktop.

    The free version of QNX comes with no inbound services enabled. Most of the standard UNIX-type services are available, but they're not installed by default. It's a pure client. In fact, it's very close to what the iOpener ran. Both dial-up and LAN connections are supported.

    Mozilla 1.1 runs, but without Flash. There's a word processor, ABIword. The whole GNU toolchain is available. Unfortunately, OpenOffice hasn't been ported.

    It's refreshing to run a system without all the Microsoft crap, or the Linux emulations of it.

  24. Fortunately, nobody is taking this seriously on Linus Not The Father Of Linux, According to Report · · Score: 1
    The mainstream press doesn't seem to be citing this story, except as a joke. That's a very good sign.

    Meanwhile, SCOX is down to 5.00. It looks like someone is trying to support the price at exactly 5.00. The price is bouncing around, but never goes lower than 5.00. There was a similar attempt to support the price back at 6.00, and what appeared to be an earlier attempt around 10, none of which worked. If it's SCO's own buyback program, support should stop half an hour before the market closes, in compliance with SEC Rule 10b-18. So wait until 3:30 EST and watch the movement then.

  25. Mod parent up - there is no "grid computing" on GGF and Grid Security · · Score: 3, Insightful
    Is there a "grid community"? So far, "grid computing" seems to be mostly hype by people desperate to develop a new revenue stream. There are few, if any, real buyers of "grid computing" service.

    When you look at case studies of commercial "grid computing", what they're really talking about are dedicated clusters of machines. This is just clustering.

    If "grid computing" were saleable, ISPs would be offering off-peak compute time on their server farms, and people would be buying it. They're not.

    It's time sharing, people. And time sharing is dead.