I have a shotgun, and i don't care who comes to my house - its my freaking house - and if i don't want them in, i'm shooting first, and asking questions later.
I agree that you shouldn't piss off too many people. Believe me, I haven't shed any tears over Ralsky's fate. But the power of DOS attacks is that they can be initiated easily by motivated *individuals*. As I said on another post, it would be easy to automate what happened to Ralsky such that a single person could initiate a flood of junk mail to any specified postal address. Or maybe you could flood a town's post office with junk mail to create a diversion and then send a real nasty letter (e.g. Anthrax) to the same place in an attempt to hide it. That is the real danger.
I doubt I would incur the amount of motivated anger for a group of people to spend this much time doing it.
Maybe, but it wouldn't even take a group of people. All you'd need is one motivated person with a search engine and a Web manipulation module like Perl's LWP. You could easily write a script to flood a person with junk mail all by yourself. A little easier to trace maybe, but still damn hard to stop.
Sure, the Ralsky attack is funny and ironic and all, but imagine if it happened to you. This wouldn't be a pizza delivery or Playgirl subscription every now and then, we're talking *pounds* of mail every day from many, many sources (God! your mailman would *hate* you). Easy to initiate, not easy to trace and really hard to stop.
Also, you can't write filters to automatically route or categorize snail mail. You have to go through it all to find the non-spam. If this kind of attack catches on, watch out.
I'm interested, is there anyone out there that works for the Postal Service? How can victims deal with this sort of thing?
Has anyone else noticed that Scientific American has suffered some serious Omni-fication in the past couple of years?
This is true and unfortunate. I'm still subscribed, but it's no longer a must read like it used to be. I think it's not limited to SciAm though. The journal publishing industry has been hit hard the last couple of years. The only way publishers can think of to boost circulation, it seems, is make their mags shout out on the newsstands. Very sad.
Lawrence Lessig has a good response on his blog...
Let this extremism finally force recognition of the best response to this problem for now: a compulsory license with a large carve out for non-commercial "sharing."
Umm...yes. And I have seen a lot of schemes. This is the only one I've ever seen that nicely addresses all the usual objections everyone always raises around here. That's what I mean when I say "well articulated." Have you read the article or are you just engaging in idle accusations?
Ahhhh! Finally someone who has read the article! You've just made my friends list. I even like David Bowie.
One problem I can think of is still pending : what happens if the sender is also equiped with a similar system? Will we see payment notices bouncing back and forth between both ends without ever reaching an inbox? I guess a solution would be to automatically whitelist any address you've sent an email to, if only for 1 hour.
Yes the general case of mail bouncing has to be dealt with, but doesn't a bounced message contain headers that identify it as bounced? I think the system should be able to handle bounces pretty easily.
Congratulations on the uber-meta-dupe thing. It had to happen eventually.
Any solution that requires other people to change their software to email you is not going to work. And I'm certainly not going to pay any money to email someone. A few people might, but the vast majority won't. This system would do far worse with false positives then any filter. And it wouldn't do any better at all then requiring a simple digital signatures anyway!
The system doesn't require other people to change their software to email you. They simply have to provide a token (that they purchase from you via a third party) in plain text in the body of the message. Unless they do so, their message never sees your inbox and their email bounces. If they do purchase a token and can convince you that their message isn't spam, you stop the charge and they get a free path to your inbox. It's brilliant , really.
Reading all the comments here makes me think that this is the worst case of people not reading the article before posting that I've ever seen. All of the concerns expressed here are addressed. This one is worth taking the time on, trust me.
The details of my punishment do not concern me as much as the net result. Right now I don't have to pay anything to send mail. Nor do I have to maintain another list or login or whatever. So the net result is that I get to pay for what I do freely now. No thanks, I'd rather make comercial unsolicited email against the law and fine people who send it.
NO! You are mischaracterizing the article. Please, please go read it before commenting further. This is the most well articulated scheme I've ever seen. It deserves better than this perfunctory brush-off.
An Indian making 30% of what I make could have a personal maid, chef, and cheuffer, and never wear the same clothes twice. It doesn't cost a couple grand USD per month to be a homeowner there.
Screw this place, then. I'm movin' to India! Who's with me?
But is that really what is happening. When I read the above quote, I wonder, how many QUALITY programmers are losing their jobs to concerns overseas?
Similarly, if this is the case, okay, so now what? The computers didn't disappear, nor is the need for software going to go away.
Amen! Offshoring activities are going to happen whether we like it or not. The silver lining in all this is that it is forcing us to get our act together and actually improve the quality of our work in order to stay employed. God knows the industry needs this.
US workers have earned the reputation of being the best and most innovative in the world. Every once in a while (i.e. now) we have to prove it again.
My parents have a toaster that they bought at a garage sale back in the 50's. It still works great. I don't think I've ever had a toaster that lasted longer than 2 years. I'm hoping to inherit it.
Let me guess: Yahoo's several dozen, AOL's however many, and the ones at Earthlink, demon.co.uk, and MSN -- and I close?
That would be a good start but my point is that it is a difficult problem. It's sort of like the problem of training a neural net to do something useful. Lots of repetition works, but if you can pick the right few lessons, you can save a lot of time.
The other big problem would be convincing AOL, Yahoo etc. that it would be in their interest (or at least not against their interest) to slow down mail delivery under certain circumstances. Not an easy sell.
I agree with you that Perl would be a better choice than Java for this particular job. Python would work nicely as well. Java just isn't suited for it. I think the guy is just trying to pad his resume by using Java;-)
Unfortunately the critical mass for this to really work is very, very large.
I don't think this is necessarily true. As the article points out, setting it up on a few servers would be sufficient to get things started provided those few servers were the right ones. I'll leave it as an exercise to the reader to determine which servers they should be.
I don't think they should be doing this in Java though. Java is not a text parsing language and this thing really requires some text parsing muscle. Cross platform ability isn't as important.
To search for as in on the Web. After the Internet based search engine company. Usage: I googled my blind date before got ready to go and found out she's a felon.
To engage in the practice of sending stupid cease and desist letters in an attempt to alter the natural evolution of language usage. After the same. Usage: Holy Crap! My Star Trek fan site just got googled by Paramount.
Aside from the usual compiled vs. interpreted divide, a lot of the differences between programming and scripting languages boils down to strong vs. weak typing. A recent Guido van Rossum (of Python fame) interview was a real eye opener for this primarily programming language coder. For instance:
In a strongly typed language, when you change to a different data structure, you will likely have to change the argument and return types of many methods that just pass these things on. You may also have to change the number of arguments, because suddenly you pass the information as two or three parts instead of one. In Python, if you change the type of something, most likely pieces of code that only pass that something around and don't use it directly don't have to change at all.
He goes on to talk about how, as a consequence of this, your scripts are much shorter and easier to read. Of course, one man's flexibility is another man's "coding without a net", but van Rossum makes an important point here that I think gives a huge advantage to scripting languages like Python.
Slashdot Mirror
I don't want this guy on my side.
Whew! I've never been accused of trying to get Bush reelected before. (*That* is the "real danger" :), I think).
I agree that you shouldn't piss off too many people. Believe me, I haven't shed any tears over Ralsky's fate. But the power of DOS attacks is that they can be initiated easily by motivated *individuals*. As I said on another post, it would be easy to automate what happened to Ralsky such that a single person could initiate a flood of junk mail to any specified postal address. Or maybe you could flood a town's post office with junk mail to create a diversion and then send a real nasty letter (e.g. Anthrax) to the same place in an attempt to hide it. That is the real danger.
Gees! I'm becomming such a conspiracy theorist!
Maybe, but it wouldn't even take a group of people. All you'd need is one motivated person with a search engine and a Web manipulation module like Perl's LWP. You could easily write a script to flood a person with junk mail all by yourself. A little easier to trace maybe, but still damn hard to stop.
Sure, the Ralsky attack is funny and ironic and all, but imagine if it happened to you. This wouldn't be a pizza delivery or Playgirl subscription every now and then, we're talking *pounds* of mail every day from many, many sources (God! your mailman would *hate* you). Easy to initiate, not easy to trace and really hard to stop.
Also, you can't write filters to automatically route or categorize snail mail. You have to go through it all to find the non-spam. If this kind of attack catches on, watch out.
I'm interested, is there anyone out there that works for the Postal Service? How can victims deal with this sort of thing?
This is true and unfortunate. I'm still subscribed, but it's no longer a must read like it used to be. I think it's not limited to SciAm though. The journal publishing industry has been hit hard the last couple of years. The only way publishers can think of to boost circulation, it seems, is make their mags shout out on the newsstands. Very sad.
Lawrence Lessig has a good response on his blog...
Time to write my Congressman again...
$97 trillion would buy a heckuva lot of ramen noodles.
Umm...yes. And I have seen a lot of schemes. This is the only one I've ever seen that nicely addresses all the usual objections everyone always raises around here. That's what I mean when I say "well articulated." Have you read the article or are you just engaging in idle accusations?
Ahhhh! Finally someone who has read the article! You've just made my friends list. I even like David Bowie.
Yes the general case of mail bouncing has to be dealt with, but doesn't a bounced message contain headers that identify it as bounced? I think the system should be able to handle bounces pretty easily.
Congratulations on the uber-meta-dupe thing. It had to happen eventually.
The system doesn't require other people to change their software to email you. They simply have to provide a token (that they purchase from you via a third party) in plain text in the body of the message. Unless they do so, their message never sees your inbox and their email bounces. If they do purchase a token and can convince you that their message isn't spam, you stop the charge and they get a free path to your inbox. It's brilliant , really.
Reading all the comments here makes me think that this is the worst case of people not reading the article before posting that I've ever seen. All of the concerns expressed here are addressed. This one is worth taking the time on, trust me.
NO! You are mischaracterizing the article. Please, please go read it before commenting further. This is the most well articulated scheme I've ever seen. It deserves better than this perfunctory brush-off.
It is customary to attribute quotations when you publish them. Otherwise it's called plagarism. Credit where credit is due and all that.
Unless, of course this particular AC is Rick Jelliffe, in which case I apologize.
Screw this place, then. I'm movin' to India! Who's with me?
Amen! Offshoring activities are going to happen whether we like it or not. The silver lining in all this is that it is forcing us to get our act together and actually improve the quality of our work in order to stay employed. God knows the industry needs this.
US workers have earned the reputation of being the best and most innovative in the world. Every once in a while (i.e. now) we have to prove it again.
Last I checked (a few hours ago), Intellij still didn't have a 1.4 compatible release for OS X. Do you know something I don't?
My parents have a toaster that they bought at a garage sale back in the 50's. It still works great. I don't think I've ever had a toaster that lasted longer than 2 years. I'm hoping to inherit it.
Or more accurately, blog readers beware.
That would be a good start but my point is that it is a difficult problem. It's sort of like the problem of training a neural net to do something useful. Lots of repetition works, but if you can pick the right few lessons, you can save a lot of time.
The other big problem would be convincing AOL, Yahoo etc. that it would be in their interest (or at least not against their interest) to slow down mail delivery under certain circumstances. Not an easy sell.
I agree with you that Perl would be a better choice than Java for this particular job. Python would work nicely as well. Java just isn't suited for it. I think the guy is just trying to pad his resume by using Java ;-)
I don't think this is necessarily true. As the article points out, setting it up on a few servers would be sufficient to get things started provided those few servers were the right ones. I'll leave it as an exercise to the reader to determine which servers they should be.
I don't think they should be doing this in Java though. Java is not a text parsing language and this thing really requires some text parsing muscle. Cross platform ability isn't as important.
v. googled, googling
Aside from the usual compiled vs. interpreted divide, a lot of the differences between programming and scripting languages boils down to strong vs. weak typing. A recent Guido van Rossum (of Python fame) interview was a real eye opener for this primarily programming language coder. For instance:
He goes on to talk about how, as a consequence of this, your scripts are much shorter and easier to read. Of course, one man's flexibility is another man's "coding without a net", but van Rossum makes an important point here that I think gives a huge advantage to scripting languages like Python.
This article is the journalistic equivalent of flamebait. Pay no heed.
It's sort of like my flexible dieting policy. You know, where I eat anything I want and however much I want. I'm really proud of it as well.
Sheesh!