Best ANSI standard one-liner hello world I could think of:
int main(void) { return puts("Hello world!\n"); }
Re:How can IBM provide what SCO is requesting?
on
SCOrched Earth
·
· Score: 1
I'm sure they have a central source repository, like CVS, which means they do have a way to reconstruct any version of any file in the project. I know that I usually check in every file I modified that day that at least compiles without breaking, even on projects where I am the only coder.
Not too likely. I think it might be part of the USB spec that all USB hubs have transparent cases. At least that's the impression I get at the local electronics store.
Most systems use a symmetric cipher on the data, then public key cipher on the symmetric key, then send both together. So, the camera could do the fast symmetric encryption on the photo data in hardware then encrypt the key in software. Generating random keys is easy since you have a random data source, the photo sensor. Then, securing the camera is a matter of securing the software. Unflashable firmware, sealing off the key intercept path by putting the crypto, rom and processor on the same die, make it so hacking it is more expensive than just buying a decent camera. Also make it so any key intercept hacks are just impractical. Are you really going to carry a scope around with you on vacation?
My new business model is for all Slashdot users with ID numbers ending in '9' to pay me five dollars per post. You can always re-register until you get an ID that doesn't end in 9 if you don't want to pay. How can you put me out of work by not paying me for your post? I rely on that revenue!
Any blocklister could sign his lists, addition notices or deletion notices. As far as accountability, these days the only thing we have is the reputation of the blocklister. In any decentralized distribution system, you are simply trusting a signature rather than a centralized server. Of course, making it easier to publish blockslits would mean anyone could become a blocklist publisher, which means more work determining which listings you want to trust and use.
I believe that the most popular services of monkeys.com were its unsecured proxies list and unsecured formmail.pl list. Most likely lists of individual IPs, though I've never used them.
As far as self appointed email cops go, just about anyone can propose and implement an anti-spam system. It is the reputation and effectiveness in the eyes of that system's users that matter. Poorly thought-out or excessively agressive systems simply aren't widely used. And as hard as it may be to wrap your mind around this, there are those out there who don't mind collateral damage, and some who even prefer it.
As far as federal laws go, the one entity that has the most power to stop network abuse is the network infrastructure. Any federal laws targetting spam should pin the responsibility on the ISP for allowing it onto the public internet. I believe it would be possible to write such laws without harming any common-carrier status or tread too close to censorship. Spam and DDoS attacks have nothing to do with content, they are infrastructure abuse.
ISPs are not policing their own networks well. They have little motivation to do so. Federal laws requiring it may be the only motivation they get.
I've considered a system similar to Usenet (NNTP) that would be a way for a blacklist or whitelist "authority" to distribute signed deny/accept reccomendations for IP addresses. Aside from deny/accept "posts", you could also have posts from a single authority recommending several other authorities, building a web of trust. A mail admin can collect posts from his web of trust and build his deny/accept list for his mail server using whatever system he wants (i.e., score each IP based on who says it's good or bad, run whitelist only, etc.). Advantages would be an open, decentralized system that keeps blacklist maintainers honest.
The distinction is sending the 5xx message at SMTP time. Accepting the mail with 250 OK and then silently dropping it can be bad if it is a false positive - the sender will never know. If you send a 5xx on a false positive, the legitimate sender will at least know there is a problem immediately.
Re:So the highest bidder get's to spam?
on
P2P Spam?
·
· Score: 1
It's already happening. There are outfits that sell subscriptions to get access to a fresh supply of open proxies for spamming. From what I've heard, their software can also scan for open proxies and report back positive hits to add to the master list. The only difference with SoBig is that someone has set out to create the open proxy resources, rather than scan for existing proxies. So, spammers are already taking the risk of unauthorized use of computers, and getting away with it. And I don't think there will be one "buyer" of the whole network, but an outfit who will sell monthly or per-message use of the network to any spammer. The only upside is that this may be an egregious enough abuse of the internet that law enforcement finally starts going after proxy hijackers.
Sony Dork here (own a Clie and Cybershot) who has never had problems reading memory sticks from either device with Windows 98, Linux, or Mac OS X. Just another data point for your future rants.
And I think you missed the point that schon was making -- that sobig is offtopic in the context of the immediate discussion, which is technical security breaches, not social security breaches. I don't see how a social problem of a user running malware has anything to do with security through obscurity or open source bugs being shallow, which is where you originally mentioned sobig.
People buy laptops for other reasons than having a machine to lug around the world. I bought a 17 inch Powerbook as a desktop replacement that I can move around the house with ease. I would say that the advent of cheap and easy wireless networking has helped the market for bigger "portable" computers used as desktop replacements, but not necessarily travel computers. I think we will definitely see more like it.
The trick they use, as I understand it, is to rig their DNS servers to respond differently based on the IP address querying the spammed domains. The DNS responds with the address of an open HTTP proxy normally, and when the open HTTP proxy does the lookup, it gets a different address - the spammer's webserver. That webserver then only responds to those open proxies. The moral of the story is to be more careful when you put any proxy on the internet.
You're right that telephone companies and other common carriers are not subject to the FTC rule, neither are banks. But they are still bound to the TCPA. They still have to maintain their own do-not-call lists, they just get one free shot at you. This makes it easier for you to keep track of which companies you have asked not to call you anymore. Just banks and common carriers, rather than every single company in America with some crap to sell.
It's still not perfect, but better than before. If calls increase from those exempt industries, I hope that government will come up with something better, like a do-not-call amendment to the TCPA. They did finally get this much passed, but I wouldn't hold my breath.
I'm pretty sure I'm on every major long-distance carrier's do-not-call lists, since I haven't gotten a call from one of them in more than a year. But most of my telemarketing calls come from banks, as in credit card offers. And there are alot more banks to keep track of than long-distance carriers.
And the last political campaign that called me got chewed out. It would be in politician's best interest to not call people who don't want to be called, so as not to lose voters.
A common rule about spammers is that they all define spam as that which they do not do. The same goes for phone spammers, telemarketers. They define telemarketing in a way that excludes their particular pitch method.
I would say that this two-stage sales method is a violation, since they are generating the initial lead through the cold call. They are free to try such a scheme with people on the do not call list. If they call me after October 1, when enforcement begins, I will report them to the FTC for violating the telemarketing rule just the same. Then we will see just how effective the new rule is.
And does anyone else just love the Google ads that come up on this story? Right now, I'm looking at one for the TeleZapper, and three for telemarketing scumbags selling lists.
"Most vendors have worked to ensure their products have interoperability between IPv6 and IPv4 and because migration and deployment of IPv6 networks across the globe will be gradual,
gradual as michael easing himself into taco's backside, the two standards will coexist for many years to come."
So, do you do this to subvert the moderators, or to catch logged-in karma whores who copy-paste AC posts of the article text into their own posts?
Every time I call Verizon I get a nice message in a soothing voice that I could probably use voice mail service on my line, a second number or some other crap. I don't expect them to be any better than the telemarketers when it comes to my privacy. Of course they respect my privacy, they just have a definition of privacy that maximizes their revenue.
Slashdot Mirror
Best ANSI standard one-liner hello world I could think of:
I'm sure they have a central source repository, like CVS, which means they do have a way to reconstruct any version of any file in the project. I know that I usually check in every file I modified that day that at least compiles without breaking, even on projects where I am the only coder.
Not too likely. I think it might be part of the USB spec that all USB hubs have transparent cases. At least that's the impression I get at the local electronics store.
Most systems use a symmetric cipher on the data, then public key cipher on the symmetric key, then send both together. So, the camera could do the fast symmetric encryption on the photo data in hardware then encrypt the key in software. Generating random keys is easy since you have a random data source, the photo sensor. Then, securing the camera is a matter of securing the software. Unflashable firmware, sealing off the key intercept path by putting the crypto, rom and processor on the same die, make it so hacking it is more expensive than just buying a decent camera. Also make it so any key intercept hacks are just impractical. Are you really going to carry a scope around with you on vacation?
My new business model is for all Slashdot users with ID numbers ending in '9' to pay me five dollars per post. You can always re-register until you get an ID that doesn't end in 9 if you don't want to pay. How can you put me out of work by not paying me for your post? I rely on that revenue!
Evil hacker!
Only works if you're the lawyer.
Canadia. That's a good one. I'll have to remember it next time I want to make fun of that country.
Canadia. Brilliant.
Any blocklister could sign his lists, addition notices or deletion notices. As far as accountability, these days the only thing we have is the reputation of the blocklister. In any decentralized distribution system, you are simply trusting a signature rather than a centralized server. Of course, making it easier to publish blockslits would mean anyone could become a blocklist publisher, which means more work determining which listings you want to trust and use.
I believe that the most popular services of monkeys.com were its unsecured proxies list and unsecured formmail.pl list. Most likely lists of individual IPs, though I've never used them.
As far as self appointed email cops go, just about anyone can propose and implement an anti-spam system. It is the reputation and effectiveness in the eyes of that system's users that matter. Poorly thought-out or excessively agressive systems simply aren't widely used. And as hard as it may be to wrap your mind around this, there are those out there who don't mind collateral damage, and some who even prefer it.
As far as federal laws go, the one entity that has the most power to stop network abuse is the network infrastructure. Any federal laws targetting spam should pin the responsibility on the ISP for allowing it onto the public internet. I believe it would be possible to write such laws without harming any common-carrier status or tread too close to censorship. Spam and DDoS attacks have nothing to do with content, they are infrastructure abuse.
ISPs are not policing their own networks well. They have little motivation to do so. Federal laws requiring it may be the only motivation they get.
I've considered a system similar to Usenet (NNTP) that would be a way for a blacklist or whitelist "authority" to distribute signed deny/accept reccomendations for IP addresses. Aside from deny/accept "posts", you could also have posts from a single authority recommending several other authorities, building a web of trust. A mail admin can collect posts from his web of trust and build his deny/accept list for his mail server using whatever system he wants (i.e., score each IP based on who says it's good or bad, run whitelist only, etc.). Advantages would be an open, decentralized system that keeps blacklist maintainers honest.
The distinction is sending the 5xx message at SMTP time. Accepting the mail with 250 OK and then silently dropping it can be bad if it is a false positive - the sender will never know. If you send a 5xx on a false positive, the legitimate sender will at least know there is a problem immediately.
It's already happening. There are outfits that sell subscriptions to get access to a fresh supply of open proxies for spamming. From what I've heard, their software can also scan for open proxies and report back positive hits to add to the master list. The only difference with SoBig is that someone has set out to create the open proxy resources, rather than scan for existing proxies. So, spammers are already taking the risk of unauthorized use of computers, and getting away with it. And I don't think there will be one "buyer" of the whole network, but an outfit who will sell monthly or per-message use of the network to any spammer. The only upside is that this may be an egregious enough abuse of the internet that law enforcement finally starts going after proxy hijackers.
So, are they all supposed to be Rastafarians now?
Sony Dork here (own a Clie and Cybershot) who has never had problems reading memory sticks from either device with Windows 98, Linux, or Mac OS X. Just another data point for your future rants.
Pointless plea to moderators to waste their points.
And I think you missed the point that schon was making -- that sobig is offtopic in the context of the immediate discussion, which is technical security breaches, not social security breaches. I don't see how a social problem of a user running malware has anything to do with security through obscurity or open source bugs being shallow, which is where you originally mentioned sobig.
People buy laptops for other reasons than having a machine to lug around the world. I bought a 17 inch Powerbook as a desktop replacement that I can move around the house with ease. I would say that the advent of cheap and easy wireless networking has helped the market for bigger "portable" computers used as desktop replacements, but not necessarily travel computers. I think we will definitely see more like it.
The trick they use, as I understand it, is to rig their DNS servers to respond differently based on the IP address querying the spammed domains. The DNS responds with the address of an open HTTP proxy normally, and when the open HTTP proxy does the lookup, it gets a different address - the spammer's webserver. That webserver then only responds to those open proxies. The moral of the story is to be more careful when you put any proxy on the internet.
You're right that telephone companies and other common carriers are not subject to the FTC rule, neither are banks. But they are still bound to the TCPA. They still have to maintain their own do-not-call lists, they just get one free shot at you. This makes it easier for you to keep track of which companies you have asked not to call you anymore. Just banks and common carriers, rather than every single company in America with some crap to sell.
It's still not perfect, but better than before. If calls increase from those exempt industries, I hope that government will come up with something better, like a do-not-call amendment to the TCPA. They did finally get this much passed, but I wouldn't hold my breath.
I'm pretty sure I'm on every major long-distance carrier's do-not-call lists, since I haven't gotten a call from one of them in more than a year. But most of my telemarketing calls come from banks, as in credit card offers. And there are alot more banks to keep track of than long-distance carriers.
And the last political campaign that called me got chewed out. It would be in politician's best interest to not call people who don't want to be called, so as not to lose voters.
A common rule about spammers is that they all define spam as that which they do not do. The same goes for phone spammers, telemarketers. They define telemarketing in a way that excludes their particular pitch method.
I would say that this two-stage sales method is a violation, since they are generating the initial lead through the cold call. They are free to try such a scheme with people on the do not call list. If they call me after October 1, when enforcement begins, I will report them to the FTC for violating the telemarketing rule just the same. Then we will see just how effective the new rule is.
And does anyone else just love the Google ads that come up on this story? Right now, I'm looking at one for the TeleZapper, and three for telemarketing scumbags selling lists.
Good Evening, Mr. Talking Goat,
I am writing to let you know that I moderated upward the parent of my parent with a +1 moderation of "Funny," as per your request.
Good Day Sir,
So, do you do this to subvert the moderators, or to catch logged-in karma whores who copy-paste AC posts of the article text into their own posts?
dont like it? take a bus.
And then the bus gets stuck behind one?
$crash = 0xF00F;
Of course.
Every time I call Verizon I get a nice message in a soothing voice that I could probably use voice mail service on my line, a second number or some other crap. I don't expect them to be any better than the telemarketers when it comes to my privacy. Of course they respect my privacy, they just have a definition of privacy that maximizes their revenue.