Google isn't a search company, or a technology company - it's an advertising agency.
I see where you're coming from, but that's a misuse of the term "advertising agency". They compete in no way with the likes of Saatchi & Saatchi. They are an advertising broker, being a middle-man between those who have ad-space and those who want to place ads (some of which will have been designed by ad agencies). Even that doesn't do them justice, though -- it's merely a description of their main source (AFAIK) of revenue. What they are is an information organisation company. They apply that skill to many things, including the problem of ad brokerage. They gain revenue not only through the ad brokerage service, but also as an ad-space provider in their own right. They are successful in the former case because their information organisation skills result in (relatively) effective automated ad placement, and in the latter case because their various information organisation tools (like Gmail) are popular and double as ad-space.
Phishing. Set up fake accounts with the banks being phished and submit them to the phishing sites. I'm sure the banks will be more than happy to help. As soon as anybody tries to transfer money in our out of the account, freeze the account on the other end.
Honeypots have their uses, but they won't prevent phishing as well as you suppose. The "account on the other end" is owned by some ordinary Joe Schmoe who has responded to a job ad as a "financial manager" for some overseas company. Such "money mules" are employed in substantial numbers, and act as a buffer between law enforcement and the organised crime gangs initiating the phishing. Usually the mules don't realise that they are engaging in illegal handling of stolen funds.
I suppose the future of ads will be the viral ones like Carlton's Big Ad, which was a successful viral campaign on the Internet before it hit television, even though it was made for TV.
So it sounds like Mansfield first violated the law, then violated a court injunction.
I understand that Mansfield appealed the initial injunction, and it was changed. I think the argument went something like this.
Govt: He's continuing to break the law, your honour. Order him to stop. Judge: Fair enough. So ordered. Wayne: Hang on, I'm not breaking the law! I have permission from all those recipients: that's my point. If I can't send email for the duration of this case it will be crippling to my business. Govt: We have complaints from some of those recipients indicating that they emphatically did not grant permission. Wayne: Nobody's perfect. I'll remove them from my lists if you tell me who they are. Govt: They are concerned that you will sell their addresses to other spammers. Wayne: I promise I won't. Judge: Very well. The court orders that you desist from sending mail to those who have lodged complaints, as provided by the Government authority, and that you not divulge those addresses to anyone else in the process.
I've not seen any suggestion in any court document that Wayne violated this order. He continued to spam, yes, and that probably meant that the fine he payed in the end continued to increase with each documented violation, but he didn't directly violate a court order in doing so. Now that the case is over, there is a concrete judgment stating that his mailing practices did constitute spam, his objections to the contrary notwithstanding. The court has now told him, "what you did was wrong: you are therefore fined big bucks, and ordered not to do it anymore." So if he sends anyone spam now, he's liable to go to jail for violating a court order (in addition to being fined again).
The judgment against him includes an injunction against further spamming. If he violates that injunction he probably will go to jail, even though that isn't a normal part of the penalties for breaking the law. Injunctions like that are intended to prevent lawbreakers from thinking of fines as "the cost of doing business", I guess.
It's WAYNE Mansfield. "Robert" is his middle name. I was one of the people who lodged a complaint and appeared as a witness in the case. The ACMA press release on the matter is a pretty good resource. I have a blog entry on the subject which is short and to the point, and has useful links to other resources (like the ACMA press release).
This hurts users when their machines are compromised, encouraging them to secure their systems.
Or to change ISPs. Or to call the support number, resulting in increased costs for the ISP. It still seems to be in the ISP's rational economic self-interest to ignore bots on their own network.
You really don't know what you're getting into when you download and allow random code to freely run on your PC.
True, but the same is true when you purchase software (including the OEM software that came with the box itself), and also when you insert certain treacherous DRM-enabled audio discs into an insufficiently protected Windows box (e.g. Sony rootkit fiasco). So it's not really a question of how you obtain the code, but whether you trust the party providing it. In Google's case, at least they have an official stance of "don't be evil", which (as we've seen) is a lot better than some other sources. That, and they seem relatively competent in the overall scheme of things.
Australia passed a similar law about five years ago. Commentary here. Short version: ignoring for the moment the question of whether this is a case of over-governing, cutting off the point of payment is a really clever and effective way to get a legislative grip on the situation. You can't regulate a gambling establishment that's beyond your borders, but you can prevent the local banks from paying them, and that works just as well.
Dr. Who does not delve into the magical or supernatural, which is what differentiates science fiction from fantasy.
That's hardly a clear-cut distinction, as the most recent Doctor Who episodes amply demonstrate (to those who have already seen them). And may I remind you of Clarke's law that "any sufficiently advanced technology is indistinguishable from magic?" A slightly more detailed rendition of this argument (caveat: includes a spoiler if you haven't seen "The Idiot's Lantern" yet) can be found here.
You underestimate the problem. Phishing is actually a two-pronged attack -- or at least this is my experience in Australia. (Not that I've fallen victim, but I've conversed quite a bit with those that have.) The first prong of the attack is the fake bank message and website that we all know and loathe. The second prong doesn't even look remotely related: it's usually an employment scam, like the Norway Consulting Employment Scam which is arriving in my inbox with tedious regularity.
This is how it works. Phisher P (probably located in Russia, or nearby) obtains access to online bank account of victim V. At the same time, P also runs a job scam like the "Norway Consulting" job scam and ropes in "employee" E, who happens to have an account at the same bank. E is told that their job involves accepting payments from customers and forwarding the money via Western Union or Money Gram. (The exact pretext may change, but the money transfer part remains steadfastly constant.) So P then transfers funds from V to E, then contacts E and has him quickly withdraw the money and go make a Western Union transfer. By the time anyone realises that they've been had, P has his money and has vanished. The remaining question is whether the loss is to be borne by V for being a sucker, E for being a dupe, or all the bank's customers generally.
I'm doing anti-spam research, and although this sort of thing isn't my direct interest, I have dabbled enough to have implemented my own SMTP honeypot from scratch. My experience in doing so, and in tracking spam generally, is rather different from this article.
In the first instance, I'm surprised that botnets aren't listed as the #1 distribution vector for spam. Any computer criminal worth his salt uses a botnet these days. The really hard-core phishers not only distribute their spam that way, but reverse-proxy their websites through the botnet.
Open relays, on the other hand, seem to be relatively small beans in terms of actual spam distribution. Sure, I got a lot of hostile traffic on my SMTP honeypot, but it was a lot of sound and fury signifying nothing. Nearly all the relay-exploiting activity originated in Korea and sent non-English (presumably Korean) spam.
As for their testing of RFC-compliance -- what a joke! Most of the relay-testers I encountered couldn't even get SMTP syntax right: I had to adjust my parser to allow extra whitespace and other brain damage. What they test for is delivery. As far as I can tell, they don't give a damn about anything else but whether the mail passes through your system and into their test account (typically a free webmail account, like Yahoo!). I found that when I manually forwarded a test message out of my honeypot to the test address, I would get a flurry of mail representing an actual spam run (not just a relay test message). It gives one a certain smug satisfaction to know that you've just null-routed an entire spam run -- the first couple of times, at least. After that you realise that it's about as significant as taking a piss in the Pacific, and stop wasting your time.
The article says of the web-form distribution vector that "the spammer community maintains a database or list of vulnerable forms". I think their database is called "Google", or something like that. I get constant attempts at compromise on my phpBB forum, and I think that works the same way. Why maintain a database when you can just plug an identifying phrase into a search engine?
I should mention that the spam experience can vary distinctly from person to person, so my different experience doesn't necessarily indicate sloppy research on the part of this reporter. The article gives me the impression that this is his first foray into spam research, however.
As long as you get in early on stock being manipulated, and your not the one doing the spamming, your less guilty than the spammer and there is a slightly better chance you'll get away with it...
From a moral and ethical standpoint, however, you're knowingly aiding an act of securities fraud, and the spammer behind it.
...the scientific method is the only consistent iron clad way we have to map reality.
But the scientific method isn't consistent: it changes over time, or "evolves", if you like. One hopes that such change constitutes improvement.
In order to fully utilize the subjectivity enhancing insights of ethics we must FIRST have the firm grounding in empirical reality provided by science.
Given that the scientific method isn't written on stone tablets by the finger of Newton, but is something that exists as a "best current practice", how do we actually know that the methods are working as advertised? It's only reasonable to assume that our existing methods aren't perfect, because we believe that none of the superseded methods were. What selection process do we use in deciding which methods produce "truer" results?
I'm not even a science guy but a graphics geek and I know these things are true because there is a method for providing proof they are true.
Well clearly they've been teaching an oversimplified view of science itself if that's your understanding. Study a little of the philosophy of science, and come to an appreciation that "the scientific method" is not the magical pixie dust of truth that some make it out to be.
I've been through the honeymoon stage, and then reached the level of skill where a soft mat no longer responded quickly enough to my feet. Then, like an apprentice Jedi building his own lightsaber (pretentious, much?) I built my own hard dance platform. After much abuse, I eventually broke it. Likewise the MKII platform.
During one of these "no working platform" moments, I decided to try it sans platform entirely. I found it was actually better to work without the platform when exercising: when you're exercising, specifically, you aren't there to play the game as such.
My current exercise programme runs at approximately one hour a day, six days a week. I doubt that I've ever been fitter. I certainly haven't been slimmer in the last fifteen years. Yay for exercise-by-video-game!
The game has an "autoplay" mode (press F8 during game-play, if memory serves, or select it in the main options menu). In this mode, the game does not keep score, but merely regards each step as perfectly accurate. I just jump around on the floor in front of it (and wear holes in the carpet -- good thing it was already torn by my old cheap office chair).
My computer is usually set up this way for exercise, because all I want to do is get my heart-rate up to a certain level, not keep score. In any case, failing a song would only interrupt the routine: I use the "endless" mode for exercise, so that there's a more or less constant stream of random songs. A modestly experienced player has a pretty good idea how well they're doing at any given song anyhow.
The irony is that many of the companies that are uncomfortable with this medium for advertising is that they're perfectly willing to spend millions on TV and print advertising where they can't even reliably track anything.
Woah there! You had it right in the first paragraph when you said that the problem was "being charged for clicks that were meant to intentionally drive your costs up". Now all of a sudden you're on a completely different subject: the question of whether you can measure viewer response to the ad. If you sign up for a traditional TV, print, or radio ad, you can only estimate your response rate based on market research, but you know exactly what your outgoing costs are. With pay-per-click web ads, the situation is pretty much the other way around: you get good data about user activity, but your costs can only be estimated, and are subject to escalation by fraud.
But pay-per-click isn't the only revenue model out there. Pay-per-impression is considerably less prone to fraud (it can't be easily targeted if ads are randomised), and pay-per-day returns costs to the known-in-advance state. Both of these still allow tracking of user activity.
As a small-time ad-space provider, I'd far rather be hosting this kind of fraud-proof ad. That way the ad-broker can't arbitrarily accuse me of click fraud and suspend my account. It hasn't happened to me, personally, but I'm acutely aware that it could happen at any time without notice, and this precludes me from even considering it as a reliable source of income.
It's impressive that these rivals have banded together to address click-fraud, but don't forget that Google has other tricks up its corporate sleeves. As seen here a little while back, they are also looking into "cost per action" ads, which would eliminate the fraud unless the action itself could be performed in a fraudulent manner. (Bruce Schneier mentioned it in a commentary about click fraud.)
A video game that actually involves burning calories is probably just what the US needs, and more of it.
Not just the US, either: there are plenty of places with obesity issues. But for a good aerobic workout, you don't need DDD: DDR and its ilk will do nicely. Heck, I've lost about 10kg by exercising with StepMania in recent months, and most of the time I don't even use the dance-pad, let alone some fancy-schmancy video-based detector.
I've long considered John Gilmore's whining about his service provider "censoring" his email (that is, actually enforcing the terms of service which prohibited open relays) to be a case in point. Bear in mind that this guy is a director of the EFF. I often sympathise with the EFF perspective on matters, but I'm reluctant to lend my support to ranting hyperbolic ideologues.
In addition to everything else, I've seen several spams claiming to be from parties associated with Blue Security in the past 24 hours, but which are clearly Joe-jobs. Example text follows.
Skybox Security Solutions
Simulated DDoS Network Attacks and
Network Intrusions
Customer
Challenge:
Large corporations often hire consultants to conduct quarterly penetration
(DDoS)
testing on specific segments of their corporate network. This testing can
cost over
hundreds of thousands of dollars, and also exposes the network to many
potential
disruptions. These disruptions are the result of the intense DDoS attacks
testers
can impose on live networks in order to isolate vulnerabilities and
weaknesses.
Since the network is constantly changing, and DDoS attacks are rarely
dispersed
from a centralized location, the penetration test results often become
nullified
and
end up being limited to a small portion of the total network.
The Skybox Solution: Skybox
Security performs accurate and non-intrusive
DDoS attacks
across a larger
portion of the corporate network. The tests are modeled and analyzed
through an
automated process via our large botnet network rather than manually
performed on
a
live network. As a result, the tests are repeated rigorously on a scheduled
basis
without any fear of network disruption. Through DDoS attack and access
simulation,
vulnerability exposures as well as security control weaknesses are revealed
instantly.
DDoS attack simulation discovers all possible attack scenarios and reveals
the step
by step process that an attacker or worm may follow. It illustrates
specific vulnerabilities
to be exploited and network access traversed for each exploitable path.
Access simulation
calculates network access privileges determined by firewall and routing
configuration.
Our botnet helps characterize the interconnectivity between any two given
points,
reporting
not just whether access is possible, but also the detailed path to reach a
final
destination.
Based on these combined results, security personnel are able to determine
what additional
DDoS attacks are necessary and where to deploy our organizations
penetration testers.
Awards:
Info Security - Info Security Hot Companies 2006
The Wall Street Journal - One of the most
innovative
companies in 2005
Information Security Magazine - Product of the
year
Network Magazine - Most Visionary Security
Product
Network Magazine - Best of the Best in all
categories
Secure Enterprise Magazine - Editors
Choice
Gartner - " Cool Vendor " in the
security & privacy
space
SC Magazine Awards 2006 Winner - The Best
Security Solution
for Financial Services
IM2005 Award finalist - Information Security
and Product
of the Year
Company Profile:
Eran Reshef
Founder, Chairman & CEO of Blue
Security
( www.bluesecurity.com )
A serial entrepreneur, Eran is currently the founder, chairman & CEO of
Blue Security,
the do-not-disturb registry pioneer. Prior to Blue, Eran co-founded Skybox
Security
and
served as its Chairman. Prior to Skybox Eran founded and managed Sanctum
(acquired
by WatchFire), the leader in web application security. Eran holds a variety
of security-
related patents that are based on his inventions.
Following a successful career leading business development and R&D
operations in
high-growth software companies, Rina has been investing in software
companies ever
since.
Before joining Carmel she served as the VP Business Development at Clal
Industries
and
Investments where she was responsible for software investments. From 1989
to 1996,
Rina
hel
And yes, in some european countries it is mandatory to have your ID card with you when you leave the house. I don't think you'll be arrested for not having it, at least I've never heard of that happening after WW2.
You see, this is part of the issue. While there is no such thing as a national ID card, there is no possibility of a law which mandates that you carry it on your person at all times. I may trust the current government not to be too egregiously abusive of this card and the leverage it provides over the citizens (incompetence is a different story), but it's creating the sort of infrastructure on which an abusive totalitarian government thrives. First the ID cards are not mandatory unless you want the services for which you are being taxed; then the cards are mandatory; then you must carry them at all times by law, just as you must carry a license to drive; then they ramp up the random ID checks; then you're living in a totalitarian state. I'm inclined to nip this progression in the bud by bucking the ID cards at the outset.
Preservation through emulation
on
Abandoned Games
·
· Score: 1
Making the code available isn't usually a path you can easily take unless you plan for it up front. Even the Netscape guys had a lot of work to do before they could release Mozilla as open source. I think the best thing to do for these old software packages is emulate the old hardware. MAME and its ilk are what's going to keep 1980s arcade games alive forever: not source code. Same applies for PC abandonware. In the best cases, the emulator maintainers will get permission to distribute the abandonware binaries with the emulator, as happens in a few rare instances now.
Slashdot Mirror
I see where you're coming from, but that's a misuse of the term "advertising agency". They compete in no way with the likes of Saatchi & Saatchi. They are an advertising broker, being a middle-man between those who have ad-space and those who want to place ads (some of which will have been designed by ad agencies). Even that doesn't do them justice, though -- it's merely a description of their main source (AFAIK) of revenue. What they are is an information organisation company. They apply that skill to many things, including the problem of ad brokerage. They gain revenue not only through the ad brokerage service, but also as an ad-space provider in their own right. They are successful in the former case because their information organisation skills result in (relatively) effective automated ad placement, and in the latter case because their various information organisation tools (like Gmail) are popular and double as ad-space.
Honeypots have their uses, but they won't prevent phishing as well as you suppose. The "account on the other end" is owned by some ordinary Joe Schmoe who has responded to a job ad as a "financial manager" for some overseas company. Such "money mules" are employed in substantial numbers, and act as a buffer between law enforcement and the organised crime gangs initiating the phishing. Usually the mules don't realise that they are engaging in illegal handling of stolen funds.
I suppose the future of ads will be the viral ones like Carlton's Big Ad, which was a successful viral campaign on the Internet before it hit television, even though it was made for TV.
I understand that Mansfield appealed the initial injunction, and it was changed. I think the argument went something like this.
Govt: He's continuing to break the law, your honour. Order him to stop.
Judge: Fair enough. So ordered.
Wayne: Hang on, I'm not breaking the law! I have permission from all those recipients: that's my point. If I can't send email for the duration of this case it will be crippling to my business.
Govt: We have complaints from some of those recipients indicating that they emphatically did not grant permission.
Wayne: Nobody's perfect. I'll remove them from my lists if you tell me who they are.
Govt: They are concerned that you will sell their addresses to other spammers.
Wayne: I promise I won't.
Judge: Very well. The court orders that you desist from sending mail to those who have lodged complaints, as provided by the Government authority, and that you not divulge those addresses to anyone else in the process.
I've not seen any suggestion in any court document that Wayne violated this order. He continued to spam, yes, and that probably meant that the fine he payed in the end continued to increase with each documented violation, but he didn't directly violate a court order in doing so. Now that the case is over, there is a concrete judgment stating that his mailing practices did constitute spam, his objections to the contrary notwithstanding. The court has now told him, "what you did was wrong: you are therefore fined big bucks, and ordered not to do it anymore." So if he sends anyone spam now, he's liable to go to jail for violating a court order (in addition to being fined again).
The judgment against him includes an injunction against further spamming. If he violates that injunction he probably will go to jail, even though that isn't a normal part of the penalties for breaking the law. Injunctions like that are intended to prevent lawbreakers from thinking of fines as "the cost of doing business", I guess.
It's WAYNE Mansfield. "Robert" is his middle name. I was one of the people who lodged a complaint and appeared as a witness in the case. The ACMA press release on the matter is a pretty good resource. I have a blog entry on the subject which is short and to the point, and has useful links to other resources (like the ACMA press release).
Or to change ISPs. Or to call the support number, resulting in increased costs for the ISP. It still seems to be in the ISP's rational economic self-interest to ignore bots on their own network.
True, but the same is true when you purchase software (including the OEM software that came with the box itself), and also when you insert certain treacherous DRM-enabled audio discs into an insufficiently protected Windows box (e.g. Sony rootkit fiasco). So it's not really a question of how you obtain the code, but whether you trust the party providing it. In Google's case, at least they have an official stance of "don't be evil", which (as we've seen) is a lot better than some other sources. That, and they seem relatively competent in the overall scheme of things.
Australia passed a similar law about five years ago. Commentary here. Short version: ignoring for the moment the question of whether this is a case of over-governing, cutting off the point of payment is a really clever and effective way to get a legislative grip on the situation. You can't regulate a gambling establishment that's beyond your borders, but you can prevent the local banks from paying them, and that works just as well.
You underestimate the problem. Phishing is actually a two-pronged attack -- or at least this is my experience in Australia. (Not that I've fallen victim, but I've conversed quite a bit with those that have.) The first prong of the attack is the fake bank message and website that we all know and loathe. The second prong doesn't even look remotely related: it's usually an employment scam, like the Norway Consulting Employment Scam which is arriving in my inbox with tedious regularity.
This is how it works. Phisher P (probably located in Russia, or nearby) obtains access to online bank account of victim V. At the same time, P also runs a job scam like the "Norway Consulting" job scam and ropes in "employee" E, who happens to have an account at the same bank. E is told that their job involves accepting payments from customers and forwarding the money via Western Union or Money Gram. (The exact pretext may change, but the money transfer part remains steadfastly constant.) So P then transfers funds from V to E, then contacts E and has him quickly withdraw the money and go make a Western Union transfer. By the time anyone realises that they've been had, P has his money and has vanished. The remaining question is whether the loss is to be borne by V for being a sucker, E for being a dupe, or all the bank's customers generally.
I'm doing anti-spam research, and although this sort of thing isn't my direct interest, I have dabbled enough to have implemented my own SMTP honeypot from scratch. My experience in doing so, and in tracking spam generally, is rather different from this article.
In the first instance, I'm surprised that botnets aren't listed as the #1 distribution vector for spam. Any computer criminal worth his salt uses a botnet these days. The really hard-core phishers not only distribute their spam that way, but reverse-proxy their websites through the botnet.
Open relays, on the other hand, seem to be relatively small beans in terms of actual spam distribution. Sure, I got a lot of hostile traffic on my SMTP honeypot, but it was a lot of sound and fury signifying nothing. Nearly all the relay-exploiting activity originated in Korea and sent non-English (presumably Korean) spam.
As for their testing of RFC-compliance -- what a joke! Most of the relay-testers I encountered couldn't even get SMTP syntax right: I had to adjust my parser to allow extra whitespace and other brain damage. What they test for is delivery. As far as I can tell, they don't give a damn about anything else but whether the mail passes through your system and into their test account (typically a free webmail account, like Yahoo!). I found that when I manually forwarded a test message out of my honeypot to the test address, I would get a flurry of mail representing an actual spam run (not just a relay test message). It gives one a certain smug satisfaction to know that you've just null-routed an entire spam run -- the first couple of times, at least. After that you realise that it's about as significant as taking a piss in the Pacific, and stop wasting your time.
The article says of the web-form distribution vector that "the spammer community maintains a database or list of vulnerable forms". I think their database is called "Google", or something like that. I get constant attempts at compromise on my phpBB forum, and I think that works the same way. Why maintain a database when you can just plug an identifying phrase into a search engine?
I should mention that the spam experience can vary distinctly from person to person, so my different experience doesn't necessarily indicate sloppy research on the part of this reporter. The article gives me the impression that this is his first foray into spam research, however.
For a moment there, I thought you were quoting "V for Vendetta".
From a moral and ethical standpoint, however, you're knowingly aiding an act of securities fraud, and the spammer behind it.
But the scientific method isn't consistent: it changes over time, or "evolves", if you like. One hopes that such change constitutes improvement.
Given that the scientific method isn't written on stone tablets by the finger of Newton, but is something that exists as a "best current practice", how do we actually know that the methods are working as advertised? It's only reasonable to assume that our existing methods aren't perfect, because we believe that none of the superseded methods were. What selection process do we use in deciding which methods produce "truer" results?
Well clearly they've been teaching an oversimplified view of science itself if that's your understanding. Study a little of the philosophy of science, and come to an appreciation that "the scientific method" is not the magical pixie dust of truth that some make it out to be.
The real black hats want it to be widely deployed before they start exploiting it.
I've been through the honeymoon stage, and then reached the level of skill where a soft mat no longer responded quickly enough to my feet. Then, like an apprentice Jedi building his own lightsaber (pretentious, much?) I built my own hard dance platform. After much abuse, I eventually broke it. Likewise the MKII platform.
During one of these "no working platform" moments, I decided to try it sans platform entirely. I found it was actually better to work without the platform when exercising: when you're exercising, specifically, you aren't there to play the game as such.
My current exercise programme runs at approximately one hour a day, six days a week. I doubt that I've ever been fitter. I certainly haven't been slimmer in the last fifteen years. Yay for exercise-by-video-game!
The game has an "autoplay" mode (press F8 during game-play, if memory serves, or select it in the main options menu). In this mode, the game does not keep score, but merely regards each step as perfectly accurate. I just jump around on the floor in front of it (and wear holes in the carpet -- good thing it was already torn by my old cheap office chair).
My computer is usually set up this way for exercise, because all I want to do is get my heart-rate up to a certain level, not keep score. In any case, failing a song would only interrupt the routine: I use the "endless" mode for exercise, so that there's a more or less constant stream of random songs. A modestly experienced player has a pretty good idea how well they're doing at any given song anyhow.
The irony is that many of the companies that are uncomfortable with this medium for advertising is that they're perfectly willing to spend millions on TV and print advertising where they can't even reliably track anything.
Woah there! You had it right in the first paragraph when you said that the problem was "being charged for clicks that were meant to intentionally drive your costs up". Now all of a sudden you're on a completely different subject: the question of whether you can measure viewer response to the ad. If you sign up for a traditional TV, print, or radio ad, you can only estimate your response rate based on market research, but you know exactly what your outgoing costs are. With pay-per-click web ads, the situation is pretty much the other way around: you get good data about user activity, but your costs can only be estimated, and are subject to escalation by fraud.
But pay-per-click isn't the only revenue model out there. Pay-per-impression is considerably less prone to fraud (it can't be easily targeted if ads are randomised), and pay-per-day returns costs to the known-in-advance state. Both of these still allow tracking of user activity.
As a small-time ad-space provider, I'd far rather be hosting this kind of fraud-proof ad. That way the ad-broker can't arbitrarily accuse me of click fraud and suspend my account. It hasn't happened to me, personally, but I'm acutely aware that it could happen at any time without notice, and this precludes me from even considering it as a reliable source of income.
It's impressive that these rivals have banded together to address click-fraud, but don't forget that Google has other tricks up its corporate sleeves. As seen here a little while back, they are also looking into "cost per action" ads, which would eliminate the fraud unless the action itself could be performed in a fraudulent manner. (Bruce Schneier mentioned it in a commentary about click fraud.)
A video game that actually involves burning calories is probably just what the US needs, and more of it.
Not just the US, either: there are plenty of places with obesity issues. But for a good aerobic workout, you don't need DDD: DDR and its ilk will do nicely. Heck, I've lost about 10kg by exercising with StepMania in recent months, and most of the time I don't even use the dance-pad, let alone some fancy-schmancy video-based detector.
I've long considered John Gilmore's whining about his service provider "censoring" his email (that is, actually enforcing the terms of service which prohibited open relays) to be a case in point. Bear in mind that this guy is a director of the EFF. I often sympathise with the EFF perspective on matters, but I'm reluctant to lend my support to ranting hyperbolic ideologues.
You see, this is part of the issue. While there is no such thing as a national ID card, there is no possibility of a law which mandates that you carry it on your person at all times. I may trust the current government not to be too egregiously abusive of this card and the leverage it provides over the citizens (incompetence is a different story), but it's creating the sort of infrastructure on which an abusive totalitarian government thrives. First the ID cards are not mandatory unless you want the services for which you are being taxed; then the cards are mandatory; then you must carry them at all times by law, just as you must carry a license to drive; then they ramp up the random ID checks; then you're living in a totalitarian state. I'm inclined to nip this progression in the bud by bucking the ID cards at the outset.
Making the code available isn't usually a path you can easily take unless you plan for it up front. Even the Netscape guys had a lot of work to do before they could release Mozilla as open source. I think the best thing to do for these old software packages is emulate the old hardware. MAME and its ilk are what's going to keep 1980s arcade games alive forever: not source code. Same applies for PC abandonware. In the best cases, the emulator maintainers will get permission to distribute the abandonware binaries with the emulator, as happens in a few rare instances now.