Um, unless you're a mere mortal and not knowledgeable enough to question your ISP about their censorship policies when you sign up.
If my ISP ran cyberpatrol or netnanny on all my traffic, I would expect them to tell me up front. ISPs who use the RBL rarely tell their clients, because it's usually some misguided techie who configures the ISP to do so. Half the time management doesn't even know. When they do know, they've usually been told that it "blocks access to mail servers which are sending out spam" or some equally bogus explanation.
I've had numerous scrapes with MAPS. The funny thing is, they're always right. Not *once* have they admitted that they might have *ever* made a mistake. It's a first in the history of the world: a perfect, flawless autocratic body.
MAPS are a bunch of zealots. Zealots want two things: attention and power. MAPS gets lots of both, primarily because it's founded and supported by two of the most powerful technical people in the internet community: Paul Vixie and Dave Rand. Both very bright, incredibly capable people. But both are so driven to "fix" spam that they're willing to do (imo) unethical things to do so.
I am all for blocking spam. But MAPS isn't about blocking spam, as this/. article points out. It's about leverage, and forcing *other* people to do "their part" to stop spam. Nevermind that it never actually comes around to stopping spam; it's the pushing people around that makes the MAPS folks feel like they've accomplished something ("I didn't stop any spam... but I did shut down this website that was hosted by the same place as another site that sells software that spammers can use.").
Sure, it's just a list. But it's a list that is totally dishonest about its intent. Technical people like us know that MAPS is a political organization out to stiffle speech they don't like. If you don't like the speech, sure, configure your home mail server to use the RBL.
If you're providing internet service for someone else, though, you'd better put "I reserve the right to prevent you from connecting to any address or range of addresses on the internet without warning, based on their content or who they choose to do business with." How many of us would sign up for internet service with that caveat?
There are lots of dangerous people in the world. Spammers count, but really they're just vermin in need of some better legislation. The people you really have to watch out for are the ones who tell you "the ends justify the means," or "we just have to take a tiny bit of your freedom to make you safer."
The RBL is a sham and I'm really glad that people are starting to realize it.
...until the National Cooperative Business Association sees their revenue up 10x or more from their share in name registrations. And then they'll start loosening the definition of "cooperative" until ibm.coop makes perfect sense.
The only way this kind of thing would work would be if the NCBA doesn't see any benefit from a larger subscription base. And, if that were the case, why in the world would they agree to police the namespace?
Having Linux knowledgeable people run the test allows performance tuning for the application being tested.
So basically the Linux community should cheat just like Microsoft? I work in real-world IT, and I can tell you that the only meaningful test would be one that compares performance as the operating systems and applications are most likely to be configured, not in an ultimate, super-tuned, hacked, tweaked, and generally compeltely unrealistic scenario.
If someone does an out-of-the-box NT versus red hat comparison, I'm interested. But real companies are too busy getting on with their core business to spend huge amounts of time, money, and attention on operating system tweakage.
... Okay, then, these 37331 boyz know how to write CGI scripts. It'll land them their dream $70K webmaster jobs. Now, maybe they could explain to me briefly Turing's Halting Theorem and present an informal proof in a paragraph or less.
...
Sadly, these 18-year old high school kids are probably more likely to get hired than a 23-year old college graduate for some jobs. The reasons are that (1) they don't need to be paid as much, and (2) that they know all the latest buzzword languages (Java, C#, Delphi, etc.). The college kid will have the background to pick up this buzzword crap quickly, but will not necessarily have it on his resume.
I think this sums up what I mostly hear from pro-college types. It also demonstrates how a good education can make one a lot better able to deal with theory than practice.
This guy (who I have nothing personal against) seems mystified/irritated that companies are more interested in hiring webmasters who can write CGI scripts than "proper" computer people who can write one paragraph informal proofs of Turing's Halting Theorem.
Guess what: I hire people for tech jobs. I work a tech/management job. And I personally want people who can write CGI scripts, and who know the latest buzzword languages. I have the utmost respect for academics, and people who love CS for the sheer joy of it. Without those people, the industry I work in wouldn't exist. They are undeniably better educated, better coders, and have a better understanding of how this stuff works than the $70k/year webmasters I work with and hire.
But I don't need Turing's Halting Theorem proved (or disproved, or debated, or whatever). I need software developed. And yes, I have worked with some college grads who are fantastic. But I've also worked with others who think that doing actual, practical work is somehow dirty or beneath them. On the whole, my experience with college grads leads me, as a hiring manager, to be neutral with regard to degrees.
Bottom line: as far as I'm concerned, I care about how well people do their job. Having the college experience may make people better coders, but it may also make them prissy academics who think that information technology should be treated as an art, not a business, and who will miss deadlines and simply not *do* their job because they have philosophical objections to some 10 year old API's structure. On the whole it's a wash.
So get a degree if you're into learning Turing's theorems. If you keep your feet on the ground, you may even be employable after that. But don't be upset if you fall in love with the cerebral purity of ivory tower CS, then graduate to make less than CGI scripting webmasters.
...you could go to college, pay $15k/year, be too busy with studies to generate any income, learn obsolete technology, and live in a crappy dorm with annoying roommates while getting no real world experience other than "how to cope with hangovers".
Or you could get an entry/mid level IS job, earn $50k/year, learn new and interesting technologies, live in a decent apartment/house, and get started learning the stuff which will ultimately make you worth $250k/year.
Sure, college offers chances for cultural exposure and a self betterment. Me, I'd take the paycheck now, retire at 35, and travel the world. That's what I call cultural exposure and self betterment.
Well, wait a minute. I said it had a "real" directory service, not a "good" one.
There are severe limitations with AD, which I guess I should have pointed out. But the bottom line is that it 1) uses DNS as its naming scheme, and 2) does away with the crazy transitive trust issues that plagued NT 4 (yes, you can still implement transitive trusts with AD if you are a masochist, but they are not required in most normal situations... unlike NT 4, which more or less mandated them for 3+ domains).
The flat namespace is a backwards compatibility thing, and ugly. But I would still rather manage 60,000 users on 500 servers using Win2K + AD than Linux +... what? Yp? NIS?
(not that I'd want to manage that scale of a W2K implementation, anyway, for other reasons... but at least it's not unthinkable, like NT4 was, due to lack of directory services).
NDS is still better. Heck, Banyan is better. But in the context of the original question, W2K is better than Linux here (today! No fair posting "But someone will port NDS...". This is a real-time question, not an ideal-world question).
...Linux is simpler and cleaner, and does what it does better and with fewer bugs and generally less weirdness.
...W2K is bigger, has a ton more features, and suffers from the usual microsoft "better to have a feature with bugs than to not have the feature at all" philosophy.
In particular, W2K finally has real directory services (which Linux lacks), better management instrumentation from WMI, better hot-plug PCI and disk support.
As usual, the real answer to these comparitive questions is "they have different strengths; it depends what you want to do." My rule of thumb: if it can be done easily and "normally" (ie no kernal hacking) on Linux, do it that way. If you have to use something else, use something else.
But remember, these are operating systems. Nobody in their right mind buys/installs operating systems; in the real world, people need applications, and operating systems are just there to support applications.
I'm all for hysterical handwringing about how the press just *loves* Microsoft's, and how unfairly open source is being treated in the same media, but this is ridiculous.
Here's why this is article is either very slanted (to the point of distortion, not just the usual bias we all know and love on/.), or very ignorant, or both:
1) SQL 7 does not listen on port 80.
2) The blank SA password has been the standard since MS acquired the software from Sybase for version 4.21, something like 8 years ago.
3) You know what -- cisco equipment has a blank password by default! Oh no! Every single Cisco router and switch has a built in vulerability! Quick, call the press.
4) Anyone who is qualified to configure a SQL server knows this is just part of the install. Just like Cisco equipment.
The Piranha thing was somewhat worse because it wasn't intentional, it listens on port 80, and if I recall correctly it was installed implitly, so people might not know it was on their system. I'd welcome corrections there if I'm wrong.
Even given that the two situations are analagous (which I still maintaint that they are *not*), what about all the hysterical handwringing about how unfair the press coverage of Piranha was? Maybe the press learned. Sheesh. Is there some "if the press screwed something up one time, they are obligated to make the same mistake other stories to maintain a level field for zealots to do battle on" standard that I wasn't briefed on?
What do you think of Judge Kaplan's characterization of the defendants as "adherents of a movement that believes that information should be available without charge to anyone clever enough to break into the computer systems or data storage media in which it is located."
I'm assuming that you'd take issue with that view of the defense's arguments.
In hindsight, do you see any errors in judgement on the defense that might have caused this (in my opinion) wildly off-base view of the defense?
Going forward, what impact will this characterization have on the appeals process? By my reading (and many others'), the DMCA specifically allows DeCSS by virtue of the interoperability clause. Is there any hope of the case returning to this focus, or has it wandered irretrievably into the socio-political arena?
Defendants, on the other hand, are adherents of a movement that believes that information should be available without charge to anyone clever enough to break into the computer systems or data storage media in which it is located
I followed this case kind of closely, and I don't remember even a shred of the DeCSS defense revolving around the argument that intellectual property should be free to all. The strongest DeCSS argument, in my opinion, was the one that the reverse engineering was specifically legal because it allowed the content to be played on platforms for which there was not a "legitimate" player.
But regardless of that, I think this ruling shows a fairly huge amount of bias on the part of Kaplan, since I don't believe someone who actually read and understood the defensive filings would summarize the defenese's position in this manner.
Or, to be less sinister, maybe it was just a serious lack of understanding on Kaplan's part. One way or another though, the gross misrepresentation of defense's argument in the ruling should be strong grounds for appeal.
Funny, I didn't see anything at all about "fault" in his comments.
He seems to be saying that linux is more dangerous in the wrong hands, and that in a large organization there may be -- gasp -- less than qualified people. It's a valid point.
I personally disagree -- anyone knowledgeable enough to *make* a kernel tweak is probably serious enough to document it -- but he absolutely is not pointing fingers or assigning blame.
If you can't take the idea of Linux maybe having shortcomings, you should read his comments in the "we shouldn't issue Yamaha FZR-1100 motorcycles to teenagers because they're too powerful for the casual driver" context. If someone said that to you, would you think they were somehow blaming the motorcycle?
This/. post just confirms the mainstream impression of Linux people as zealots who get defensive at the drop of a hat. Calm down, people. It's an OS.
I only have a cell phone, which is great because 1) PacBell sucks and I no longer give them a monthly check, and 2) I only have one number, so people don't have to chase me around and leave messages all over the place.
The problem is that telemarketers drive me nuts, since other than them, only people I want to talk to have the number. I usually bust them with "This is a cell phone, and you just dragged me out of a meeting with my biggest client," but I would love to have some legal ammo to use when they persist:
I like the CR approach, but I don't think that the situation is quite as grim as you suggest. You can have journalistic independence without purchasing product, but it's not easy. And it takes a strong position in the marketplace.
A couple of years ago, I worked in a very big IT publication's review department. At the time, we had enough clout that we had no concern whatsoever for what vendors thought. We could write whatever we thought, and vendors really had no pull with us because if they *didn't* give us product, it looked really bad. "We compared products W,X, and Y. Vendor Z declined to participate in the comparison" is pretty damning.
I never had a major vendor refuse to participate. I did have one pull their ads (a $1 million/year account) after I wrote negative things, but that created no pressure whatsoever, even from the salesperson who lost a big commission check.
My point is that, if you let yourself become beholden to a vendor (or vendors in general), what can you expect? The vendor's people would be remiss if they didn't try to use every bit of leverage they can. It's their *job* to promote their company, just like it's a journalists' job to get the straight facts out.
If you build your whole business on complete integrity (and if you've got clout in the marketplace [which I believe complete integrity will produce]), you've got nothing to fear. In Kyle's case, it may cost him some early review boards. No sweat. Just buy the boards when they appear, and be sure to mention "Due to previous unfavorable converage, nVidia declined to provide early product..." I, for one, will take those reviews with fewer salt grains than those from nVidia-approved publications.
American Express recently stopped doing business with anything they consider to be internet based adult entertainment. Ibill qualifies because the bulk of their business is with adult sites.
While other processors still offer amex, I would advise anyone running an adult business to just not accept amex. Otherwise, when your processor appears on amex's radar and they stop processing transactions, you'll have a bushell of angry customers who think they are still subscribers, even though amex has stopped paying you.
I don't really blames amex; adult businesses do generally have higher chargebacks and create more hassles. I do with they'd take those businesses on a case by case basis, but I guess it's just not worth it to them.
This is a much more complicated question than it sounds like.
As several people have noted, you basically can choose to get your own merchant account, or use a third party to effectively resell your goods or services. That's the easy part.
Getting a merchant account for an online-only business is very difficult. If you've been in business for at least two years in the real world, it will be easier.
However, I would strongly advice against the merchant account approach unless you're willing to provide real live customer service at least 12 hours a day, 5 days a week. 24/7 is better.
A key metric that credit card companies look at is chargebacks. Chargebacks are when a consumer disputes a charge, claiming either that they didn't make the charge or that the goods/services were not as advertised.
If you go over 1% in chargebacks, watch out. If you hit 2%, you're all but certain to get your merchant account revoked.
That sounds easy (just run an honest business, right?), but it's not. Credit card companies exist to serve the consumer, not businesses. Many consumers have found that it's easy to get free stuff by disputing lots of charges, especially internet charges. The burden of proof is on you to show that every one of these people did actually get and use your goods/services.
Hopefully I've convinced you to use a third party processor. Now, the question is who. This comes down to three key elements:
1) Are you selling goods, services, or both? Services include web site access ir intellectual property.
2) Are you in the adult entertainment industry?
3) What monthly transaction volume do you expect to do?
The first question is critical. Paypal only does tangible goods, Ibill only does services. You've got to find a processor that handles your kind of transaction.
The second question is important. Many processors refuse to to business with adult entertainment companies because, let's face it, many of those companies are unscrupulous, unprofessional, and untrustworthy.
Chargebacks are typically higher with adult content, both because many adult businesses are misleading ("FREE! Just give us your CC# to prove your an adult" often turns into a $59.99 charge), and because consumers are more likely to dispute adult charges ("No, Honey! I would never have signed up at cumslurpingteens.com! Someone must have found my credit card on the internet! I'll dispute the charge!")
And, finally, the third question (processing volume) will determine how seriously you are taken by your processor. If you can pull about us$20,000/month or more, you'll start to get some special treatment which will reduce chargebacks and generally make life easier. If you're going to be doing this kind of business, ask your processor if they have a premium accounts department, and what the threshold is to qualify.
Ok, so we've covered picking a processor based on your needs. Now let's move on to things to look out for:
1) Retroactive fees/chargebacks. One of the large processing houses really screwed its clients over a year or two ago by imposing huge, retroactive fees. Basically the processor (DMR, if I recall correctly) got in trouble with Visa for too many chargebacks, and Visa levelled a multi-million dollar fine, as specified in the merchant contract. Rather than eat this fine, DMR passed it on to their clients -- by withholding their revenue until they had met their portion of the fine. Ouch! It was ugly. Check to make sure your processor won't do this. Look for language in the contract that is fishy.
2) Financial stability. See #1. Do some research to ascertain that the processor is stable, pays on time, doesn't bounce checks, etc. Ask for references, how long they've been in business, etc.
3) Internet connectivity. If people can't get to your processor, they can't pay you. Is your processor colocated on both the east and west coasts at a Tier 1 provider? Or do they have a 384kbps frame from Joe's Internet Service in Milwaukee?
4) Internet political considerations. Ibill has been in several well-publicized scrapes with the RBL, but it looks like that may be over. That probably means the RBL will turn their attention to other processors. Much as I think the RBL is a bunch of power-hungry thugs, they bear paying attention to. Check that your provider has anti-spam policies, doesn't specialize in hosting spammers' accounts, and ask if they promise to capitulate to any demand the RBL may make. It's ugly, but there's not much you can do about it.
You'll note that nowhere in here do I mention rates. Expect to may almost 15% for a respectable processor that also handles customer service. Yes, that's a lot. But it's cheaper than having a full time employee to answer the phone (Visa and MasterCard merchant account contracts explicitly say that real live people must be available by phone). As volume increases, you'll pay less. But it's worth it at 15%.
Hopefully that's been helpfull. I have a lot of experience in this area, and would be happy to share more specifics. Drop me an email if interested.
Funny this should come up on the heels of the other RBL topic.
I'll say it again: the RBL (and ORBS, for that matter) is no longer about fighting spam. It's a bunch of power-hungry anti-spam zealots who are behaving childishly because they're frustrated.
I can sympathizy -- spam is incredibly irritating, and it seems like traditional methods (filters, etc) just don't work. But these people have completely lost sight of their original goal, and they're even turning on each other.
It's unfortunate, but maybe it will be eye-opening to those who have been snowed by both groups. Their intent is noble, but their behavior is, once again, childish and dangerous.
You're kind of cheating here by misrepresenting my argument, then arguing against the misrepresentation. It makes it easier, yes, but it doesn'r make for the most constructive conversation.
1) Of course you, as a personal sysadmin, have the right to block traffic wherever you want. However, if you are a common carrier (as ISPs clamor to be considered whenever content liability comes up), you absolutely do not have that right.
What would you think if your phone company decided that you shouldn't be able to call certain numbers? If the post office declared that it would not deliver mail to (or from) your neighborhood, because of someone else's abuse?
Once you resell access, you lose some of those rights (in return for protection from liability).
2) I never, ever said Ibill was an innocent third party. I specifically said they shared guilt. However, the RBL action primarily affected people *who do business with Ibill*. Now those people, I think you'll have to agree, are pretty innocent (see postscript). And my complaint is not just that these people (myself included) were affected... what really infuriated me was that RBL denied any responsibility! They flat old told me that my losses were not their fault, and that their nomination process somehow absolved them of any responsibility for colateral damage (if that makes sense to you, please explain).
3) Of course the people enabling spam are part of the problem. You know what? Sendmail is part of the problem. Network Solutions is part of the problem. Heck, electric companies are part of the problem. What I take issue with is the RBL's change of focus as to what part of the problem it addresses.
Perspective is indeed a great idea. And your arguments here are typical of the "my cause can do no wrong, and trumps anybody else's rights and concerns" attitude that zealots are known for.
Your willingness to trade my financial well-being for "millions upon millions of other people"'s freedom from spam is very pragmatic, but I maintain that you do not have the right to make that trade. Yes, you have good intentions. But sometimes ethics goes beyond good intentions.
Like I said originally -- I hate spam. I would absolutely support an RBL that blocked spam effectively. But a group that pulls the classic "we had to kill you to save you" shtick doesn't deserve respect or support.
-b
ps: A common thing to hear is "well, it's your fault for doing business with Ibill." If someone will provide me with the name of an alternative processor who has a good track record (2+ years in business), is financially stable (no late payments, ever, no retroactive chargebacks), and has stronger anti-spam policies, I'll gladly switch. Hint: None of Ibill's three main competitors meet those criteria.
It's an old topic, and maybe dead, but I couldn't resist responding. You seem a decent, reasonable sort, but please read over your post again.
There is no such thing as a "vigilante" in this context. We *are* the legitimate authorities, we sysadmins.
Right. And that's just what vigilantes have always said: "Nobody else is handling the problem, it's up to us to take it into our hands." Sysadmins, however noble, are not a legal authority. If it were simply a question of an opt-in list, I'd have little complaint. But when you consider how the RBL misrepresents the "service" offered, it's an affront, and it clearly is another piece of the "ends justify the means" philosophy that the RBL has adopted.
That's what it comes down to. If you can make someone stop spamming, and you don't, you're going to get listed.
Well, at least you're honest enough to more or less call coercion by its proper name. But this comes back to my whole argument: in cases like ibill, the RBL is no longer about stopping spam, but instead about using innocent third parties as hostages in the battle against spam.
I got beat up badly by the RBL -- and when I complained, they basically said they would continue harming my business until I fought Ibill on their behalf. Again, it's an "ends justify means" attitude. I don't know about you, but I think that putting a gun to someone's head is not the best way to gain an ally.
And, finally, you haven't addressed the issue of where you draw the line. Doesn't it make sense to RBL the US congress? After all, they could make people stop spamming very effectively. And they haven't done an adequate job of it. And certainly Bank of America, where many spammers keep accounts. Fed Ex? McDonalds?
As someone else on this topic noted: guilt for spam is not, and should not be, transitive. And trying to make it so absolutely does not further the goals of the RBL. Pushing innocent third parties around is probably satisfying, and it definitely demostrates considerable power, but it demonstrates such hypocrisy that I don't know whether to be angry, or sad, or both.
DISCLOSURE: Like about 50,000 legitimate, non-spamming businesses, one of the projects I work on uses Ibill. Some of my attitude towards the RBL comes from discussions I had with them after the RBL of Ibill cost my company about $6000 in a few days, and the RBL people had the gall to tell me that I should blame Ibill, as it was "their fault." This is analagous the kidnapper blaming the authorities when he shoots a hostage.
The change in the RBL over the past few years has been from actively fighting spam to fighting things that, in your words "contribute to a significant flow of spam." The problem, obviously, is that it's easy to point to almost anything and claim that it somehow contributes to spam, and to use that as a justification for pretty much any aggressive action.
Ibill is an excellent example. Yes, they allowed spammers to profit, and have typically been far too slow cancelling spammers' accounts. And yes, they seem to have some really, really nasty people working there. That Ed Cherry guy is particularly unpleasant.
But I dare say that the current, ongoing battle between Ibill and the RBL has a lot more to do with personal animosity and childish behavior on both sides than it does with stopping spam. And that, my friend, is very counter to the RBL charter.
If the RBL's criteria is "organizations which spammers use," why not go after federal express, and the banks where spammers' accounts are kept? How about ebay? Oops, they're a huge AboveNet client. Can't RBL them.
What about RBLing state legislatures that aren't moving fast enough enacting anti-spam laws? How about the US congress? They could surely do more to fight spam, and they are choosing not to. I say we get 'em! Do you see how ridiculous this is getting?
This "go after spam precursers" attitude is new to RBL in the past few years, and I for one don't like it. It's vigilanteism, and while it's satisfying in the short run, it sets a bad precedent and demonstrates a complete disregard for the rule of law.
(The usual counter-argument here is that spammers disregard the law, and therefore this kind of action is necessary. To which I say: emulating spammers to stop spam shows moral and ethical bankruptcy).
Blocking spam, yes. If the RBL simply blocked networks that were originating spam, I would put it back on the equipment I manage.
But going after third parties who do business with spammers is going too far. And getting into personal battles and acting unprofessionally is certainly right out.
But the RBL has gone so far from its charter that I don't support it these days. Today, the RBL is more a tool of vengeance than a way to protect networks from spam.
Did you know that the RBL not only blocks networks that send spam, but also networks that they believe do business with spammers? Many of the entries on the RBL have never, ever been accused of spamming people or allowing spam through their networks, knowingly or unknowingly. But as far as the RBL gods are concerned, they faciilitate spam, or they don't do enough themselves to fight spam. And that gets them on the RBL.
There's also the blocking of email lists which don't comply with the RBL's opinion of how to run an opt-in list. And now this new case.
So I'm happy to see them in court. There is a free speech issue here, but there is also the issue of gross misrepresentation, as the RBL no longer even follows its own charter. The way I see it, the RBL is committing fraud by promising a service that is completely different from what they actually do.
Slashdot Mirror
Um, unless you're a mere mortal and not knowledgeable enough to question your ISP about their censorship policies when you sign up.
If my ISP ran cyberpatrol or netnanny on all my traffic, I would expect them to tell me up front. ISPs who use the RBL rarely tell their clients, because it's usually some misguided techie who configures the ISP to do so. Half the time management doesn't even know. When they do know, they've usually been told that it "blocks access to mail servers which are sending out spam" or some equally bogus explanation.
-b
I've had numerous scrapes with MAPS. The funny thing is, they're always right. Not *once* have they admitted that they might have *ever* made a mistake. It's a first in the history of the world: a perfect, flawless autocratic body.
/. article points out. It's about leverage, and forcing *other* people to do "their part" to stop spam. Nevermind that it never actually comes around to stopping spam; it's the pushing people around that makes the MAPS folks feel like they've accomplished something ("I didn't stop any spam... but I did shut down this website that was hosted by the same place as another site that sells software that spammers can use.").
MAPS are a bunch of zealots. Zealots want two things: attention and power. MAPS gets lots of both, primarily because it's founded and supported by two of the most powerful technical people in the internet community: Paul Vixie and Dave Rand. Both very bright, incredibly capable people. But both are so driven to "fix" spam that they're willing to do (imo) unethical things to do so.
I am all for blocking spam. But MAPS isn't about blocking spam, as this
Sure, it's just a list. But it's a list that is totally dishonest about its intent. Technical people like us know that MAPS is a political organization out to stiffle speech they don't like. If you don't like the speech, sure, configure your home mail server to use the RBL.
If you're providing internet service for someone else, though, you'd better put "I reserve the right to prevent you from connecting to any address or range of addresses on the internet without warning, based on their content or who they choose to do business with." How many of us would sign up for internet service with that caveat?
There are lots of dangerous people in the world. Spammers count, but really they're just vermin in need of some better legislation. The people you really have to watch out for are the ones who tell you "the ends justify the means," or "we just have to take a tiny bit of your freedom to make you safer."
The RBL is a sham and I'm really glad that people are starting to realize it.
-b
...until the National Cooperative Business Association sees their revenue up 10x or more from their share in name registrations. And then they'll start loosening the definition of "cooperative" until ibm.coop makes perfect sense.
The only way this kind of thing would work would be if the NCBA doesn't see any benefit from a larger subscription base. And, if that were the case, why in the world would they agree to police the namespace?
It's doomed.
-b
Good god, I'd want a couple of Octane boxes for my house if I gave an interview like that...
-b
...I'm not going to be impressed until they get a Commodore PET to run WAP. Now *there's* a portable system for you, Arnold.
-b
So basically the Linux community should cheat just like Microsoft? I work in real-world IT, and I can tell you that the only meaningful test would be one that compares performance as the operating systems and applications are most likely to be configured, not in an ultimate, super-tuned, hacked, tweaked, and generally compeltely unrealistic scenario.
If someone does an out-of-the-box NT versus red hat comparison, I'm interested. But real companies are too busy getting on with their core business to spend huge amounts of time, money, and attention on operating system tweakage.
Cheers
-b
Sadly, these 18-year old high school kids are probably more likely to get hired than a 23-year old college graduate for some jobs. The reasons are that (1) they don't need to be paid as much, and (2) that they know all the latest buzzword languages (Java, C#, Delphi, etc.). The college kid will have the background to pick up this buzzword crap quickly, but will not necessarily have it on his resume.
I think this sums up what I mostly hear from pro-college types. It also demonstrates how a good education can make one a lot better able to deal with theory than practice.
This guy (who I have nothing personal against) seems mystified/irritated that companies are more interested in hiring webmasters who can write CGI scripts than "proper" computer people who can write one paragraph informal proofs of Turing's Halting Theorem.
Guess what: I hire people for tech jobs. I work a tech/management job. And I personally want people who can write CGI scripts, and who know the latest buzzword languages. I have the utmost respect for academics, and people who love CS for the sheer joy of it. Without those people, the industry I work in wouldn't exist. They are undeniably better educated, better coders, and have a better understanding of how this stuff works than the $70k/year webmasters I work with and hire.
But I don't need Turing's Halting Theorem proved (or disproved, or debated, or whatever). I need software developed. And yes, I have worked with some college grads who are fantastic. But I've also worked with others who think that doing actual, practical work is somehow dirty or beneath them. On the whole, my experience with college grads leads me, as a hiring manager, to be neutral with regard to degrees.
Bottom line: as far as I'm concerned, I care about how well people do their job. Having the college experience may make people better coders, but it may also make them prissy academics who think that information technology should be treated as an art, not a business, and who will miss deadlines and simply not *do* their job because they have philosophical objections to some 10 year old API's structure. On the whole it's a wash.
So get a degree if you're into learning Turing's theorems. If you keep your feet on the ground, you may even be employable after that. But don't be upset if you fall in love with the cerebral purity of ivory tower CS, then graduate to make less than CGI scripting webmasters.
</metarant>...you could go to college, pay $15k/year, be too busy with studies to generate any income, learn obsolete technology, and live in a crappy dorm with annoying roommates while getting no real world experience other than "how to cope with hangovers".
Or you could get an entry/mid level IS job, earn $50k/year, learn new and interesting technologies, live in a decent apartment/house, and get started learning the stuff which will ultimately make you worth $250k/year.
Sure, college offers chances for cultural exposure and a self betterment. Me, I'd take the paycheck now, retire at 35, and travel the world. That's what I call cultural exposure and self betterment.
-b
Well, wait a minute. I said it had a "real" directory service, not a "good" one.
... what? Yp? NIS?
There are severe limitations with AD, which I guess I should have pointed out. But the bottom line is that it 1) uses DNS as its naming scheme, and 2) does away with the crazy transitive trust issues that plagued NT 4 (yes, you can still implement transitive trusts with AD if you are a masochist, but they are not required in most normal situations... unlike NT 4, which more or less mandated them for 3+ domains).
The flat namespace is a backwards compatibility thing, and ugly. But I would still rather manage 60,000 users on 500 servers using Win2K + AD than Linux +
(not that I'd want to manage that scale of a W2K implementation, anyway, for other reasons... but at least it's not unthinkable, like NT4 was, due to lack of directory services).
NDS is still better. Heck, Banyan is better. But in the context of the original question, W2K is better than Linux here (today! No fair posting "But someone will port NDS...". This is a real-time question, not an ideal-world question).
-b
...Linux is simpler and cleaner, and does what it does better and with fewer bugs and generally less weirdness.
...W2K is bigger, has a ton more features, and suffers from the usual microsoft "better to have a feature with bugs than to not have the feature at all" philosophy.
In particular, W2K finally has real directory services (which Linux lacks), better management instrumentation from WMI, better hot-plug PCI and disk support.
As usual, the real answer to these comparitive questions is "they have different strengths; it depends what you want to do." My rule of thumb: if it can be done easily and "normally" (ie no kernal hacking) on Linux, do it that way. If you have to use something else, use something else.
But remember, these are operating systems. Nobody in their right mind buys/installs operating systems; in the real world, people need applications, and operating systems are just there to support applications.
-b
...they're jumping in just in time to get beat up by the open source processor groundswell.
...get a job as a professor in a CS department. Where else are you going to find assembly language and Pascal?
-b
I'm all for hysterical handwringing about how the press just *loves* Microsoft's, and how unfairly open source is being treated in the same media, but this is ridiculous.
/.), or very ignorant, or both:
Here's why this is article is either very slanted (to the point of distortion, not just the usual bias we all know and love on
1) SQL 7 does not listen on port 80.
2) The blank SA password has been the standard since MS acquired the software from Sybase for version 4.21, something like 8 years ago.
3) You know what -- cisco equipment has a blank password by default! Oh no! Every single Cisco router and switch has a built in vulerability! Quick, call the press.
4) Anyone who is qualified to configure a SQL server knows this is just part of the install. Just like Cisco equipment.
The Piranha thing was somewhat worse because it wasn't intentional, it listens on port 80, and if I recall correctly it was installed implitly, so people might not know it was on their system. I'd welcome corrections there if I'm wrong.
Even given that the two situations are analagous (which I still maintaint that they are *not*), what about all the hysterical handwringing about how unfair the press coverage of Piranha was? Maybe the press learned. Sheesh. Is there some "if the press screwed something up one time, they are obligated to make the same mistake other stories to maintain a level field for zealots to do battle on" standard that I wasn't briefed on?
-b
What do you think of Judge Kaplan's characterization of the defendants as "adherents of a movement that believes that information should be available without charge to anyone clever enough to break into the computer systems or data storage media in which it is located."
I'm assuming that you'd take issue with that view of the defense's arguments.
In hindsight, do you see any errors in judgement on the defense that might have caused this (in my opinion) wildly off-base view of the defense?
Going forward, what impact will this characterization have on the appeals process? By my reading (and many others'), the DMCA specifically allows DeCSS by virtue of the interoperability clause. Is there any hope of the case returning to this focus, or has it wandered irretrievably into the socio-political arena?
I followed this case kind of closely, and I don't remember even a shred of the DeCSS defense revolving around the argument that intellectual property should be free to all. The strongest DeCSS argument, in my opinion, was the one that the reverse engineering was specifically legal because it allowed the content to be played on platforms for which there was not a "legitimate" player.
But regardless of that, I think this ruling shows a fairly huge amount of bias on the part of Kaplan, since I don't believe someone who actually read and understood the defensive filings would summarize the defenese's position in this manner.
Or, to be less sinister, maybe it was just a serious lack of understanding on Kaplan's part. One way or another though, the gross misrepresentation of defense's argument in the ruling should be strong grounds for appeal.
-b
Funny, I didn't see anything at all about "fault" in his comments.
/. post just confirms the mainstream impression of Linux people as zealots who get defensive at the drop of a hat. Calm down, people. It's an OS.
He seems to be saying that linux is more dangerous in the wrong hands, and that in a large organization there may be -- gasp -- less than qualified people. It's a valid point.
I personally disagree -- anyone knowledgeable enough to *make* a kernel tweak is probably serious enough to document it -- but he absolutely is not pointing fingers or assigning blame.
If you can't take the idea of Linux maybe having shortcomings, you should read his comments in the "we shouldn't issue Yamaha FZR-1100 motorcycles to teenagers because they're too powerful for the casual driver" context. If someone said that to you, would you think they were somehow blaming the motorcycle?
This
-b
Is this true (about it being illegal)?
I only have a cell phone, which is great because 1) PacBell sucks and I no longer give them a monthly check, and 2) I only have one number, so people don't have to chase me around and leave messages all over the place.
The problem is that telemarketers drive me nuts, since other than them, only people I want to talk to have the number. I usually bust them with "This is a cell phone, and you just dragged me out of a meeting with my biggest client," but I would love to have some legal ammo to use when they persist:
Drone: I ... am ... calling ... to ... offer ... you ... a ... valuable... -
Me: Hello? Is this a sales call? This is a cell phone and I just left a meeting with my biggest account because I'm expecting an urgent call.
Drone: I ... understand ... your ... objections ... but ... this ... service ... will ... save ... -
Me: It's already cost me money. Please don't call this number again.
Drone: I ... understand ... your ... objections ... but ... this ... service ...
Me: click.
Cell phone: ring
I like the CR approach, but I don't think that the situation is quite as grim as you suggest. You can have journalistic independence without purchasing product, but it's not easy. And it takes a strong position in the marketplace.
A couple of years ago, I worked in a very big IT publication's review department. At the time, we had enough clout that we had no concern whatsoever for what vendors thought. We could write whatever we thought, and vendors really had no pull with us because if they *didn't* give us product, it looked really bad. "We compared products W,X, and Y. Vendor Z declined to participate in the comparison" is pretty damning.
I never had a major vendor refuse to participate. I did have one pull their ads (a $1 million/year account) after I wrote negative things, but that created no pressure whatsoever, even from the salesperson who lost a big commission check.
My point is that, if you let yourself become beholden to a vendor (or vendors in general), what can you expect? The vendor's people would be remiss if they didn't try to use every bit of leverage they can. It's their *job* to promote their company, just like it's a journalists' job to get the straight facts out.
If you build your whole business on complete integrity (and if you've got clout in the marketplace [which I believe complete integrity will produce]), you've got nothing to fear. In Kyle's case, it may cost him some early review boards. No sweat. Just buy the boards when they appear, and be sure to mention "Due to previous unfavorable converage, nVidia declined to provide early product..." I, for one, will take those reviews with fewer salt grains than those from nVidia-approved publications.
American Express recently stopped doing business with anything they consider to be internet based adult entertainment. Ibill qualifies because the bulk of their business is with adult sites.
While other processors still offer amex, I would advise anyone running an adult business to just not accept amex. Otherwise, when your processor appears on amex's radar and they stop processing transactions, you'll have a bushell of angry customers who think they are still subscribers, even though amex has stopped paying you.
I don't really blames amex; adult businesses do generally have higher chargebacks and create more hassles. I do with they'd take those businesses on a case by case basis, but I guess it's just not worth it to them.
This is a much more complicated question than it sounds like.
As several people have noted, you basically can choose to get your own merchant account, or use a third party to effectively resell your goods or services. That's the easy part.
Getting a merchant account for an online-only business is very difficult. If you've been in business for at least two years in the real world, it will be easier.
However, I would strongly advice against the merchant account approach unless you're willing to provide real live customer service at least 12 hours a day, 5 days a week. 24/7 is better.
A key metric that credit card companies look at is chargebacks. Chargebacks are when a consumer disputes a charge, claiming either that they didn't make the charge or that the goods/services were not as advertised.
If you go over 1% in chargebacks, watch out. If you hit 2%, you're all but certain to get your merchant account revoked.
That sounds easy (just run an honest business, right?), but it's not. Credit card companies exist to serve the consumer, not businesses. Many consumers have found that it's easy to get free stuff by disputing lots of charges, especially internet charges. The burden of proof is on you to show that every one of these people did actually get and use your goods/services.
Hopefully I've convinced you to use a third party processor. Now, the question is who. This comes down to three key elements:
1) Are you selling goods, services, or both? Services include web site access ir intellectual property.
2) Are you in the adult entertainment industry?
3) What monthly transaction volume do you expect to do?
The first question is critical. Paypal only does tangible goods, Ibill only does services. You've got to find a processor that handles your kind of transaction.
The second question is important. Many processors refuse to to business with adult entertainment companies because, let's face it, many of those companies are unscrupulous, unprofessional, and untrustworthy.
Chargebacks are typically higher with adult content, both because many adult businesses are misleading ("FREE! Just give us your CC# to prove your an adult" often turns into a $59.99 charge), and because consumers are more likely to dispute adult charges ("No, Honey! I would never have signed up at cumslurpingteens.com! Someone must have found my credit card on the internet! I'll dispute the charge!")
And, finally, the third question (processing volume) will determine how seriously you are taken by your processor. If you can pull about us$20,000/month or more, you'll start to get some special treatment which will reduce chargebacks and generally make life easier. If you're going to be doing this kind of business, ask your processor if they have a premium accounts department, and what the threshold is to qualify.
Ok, so we've covered picking a processor based on your needs. Now let's move on to things to look out for:
1) Retroactive fees/chargebacks. One of the large processing houses really screwed its clients over a year or two ago by imposing huge, retroactive fees. Basically the processor (DMR, if I recall correctly) got in trouble with Visa for too many chargebacks, and Visa levelled a multi-million dollar fine, as specified in the merchant contract. Rather than eat this fine, DMR passed it on to their clients -- by withholding their revenue until they had met their portion of the fine. Ouch! It was ugly. Check to make sure your processor won't do this. Look for language in the contract that is fishy.
2) Financial stability. See #1. Do some research to ascertain that the processor is stable, pays on time, doesn't bounce checks, etc. Ask for references, how long they've been in business, etc.
3) Internet connectivity. If people can't get to your processor, they can't pay you. Is your processor colocated on both the east and west coasts at a Tier 1 provider? Or do they have a 384kbps frame from Joe's Internet Service in Milwaukee?
4) Internet political considerations. Ibill has been in several well-publicized scrapes with the RBL, but it looks like that may be over. That probably means the RBL will turn their attention to other processors. Much as I think the RBL is a bunch of power-hungry thugs, they bear paying attention to. Check that your provider has anti-spam policies, doesn't specialize in hosting spammers' accounts, and ask if they promise to capitulate to any demand the RBL may make. It's ugly, but there's not much you can do about it.
You'll note that nowhere in here do I mention rates. Expect to may almost 15% for a respectable processor that also handles customer service. Yes, that's a lot. But it's cheaper than having a full time employee to answer the phone (Visa and MasterCard merchant account contracts explicitly say that real live people must be available by phone). As volume increases, you'll pay less. But it's worth it at 15%.
Hopefully that's been helpfull. I have a lot of experience in this area, and would be happy to share more specifics. Drop me an email if interested.
Funny this should come up on the heels of the other RBL topic.
I'll say it again: the RBL (and ORBS, for that matter) is no longer about fighting spam. It's a bunch of power-hungry anti-spam zealots who are behaving childishly because they're frustrated.
I can sympathizy -- spam is incredibly irritating, and it seems like traditional methods (filters, etc) just don't work. But these people have completely lost sight of their original goal, and they're even turning on each other.
It's unfortunate, but maybe it will be eye-opening to those who have been snowed by both groups. Their intent is noble, but their behavior is, once again, childish and dangerous.
Some comments from the last thread about RBL
-b
You're kind of cheating here by misrepresenting my argument, then arguing against the misrepresentation. It makes it easier, yes, but it doesn'r make for the most constructive conversation.
1) Of course you, as a personal sysadmin, have the right to block traffic wherever you want. However, if you are a common carrier (as ISPs clamor to be considered whenever content liability comes up), you absolutely do not have that right.
What would you think if your phone company decided that you shouldn't be able to call certain numbers? If the post office declared that it would not deliver mail to (or from) your neighborhood, because of someone else's abuse?
Once you resell access, you lose some of those rights (in return for protection from liability).
2) I never, ever said Ibill was an innocent third party. I specifically said they shared guilt. However, the RBL action primarily affected people *who do business with Ibill*. Now those people, I think you'll have to agree, are pretty innocent (see postscript). And my complaint is not just that these people (myself included) were affected... what really infuriated me was that RBL denied any responsibility! They flat old told me that my losses were not their fault, and that their nomination process somehow absolved them of any responsibility for colateral damage (if that makes sense to you, please explain).
3) Of course the people enabling spam are part of the problem. You know what? Sendmail is part of the problem. Network Solutions is part of the problem. Heck, electric companies are part of the problem. What I take issue with is the RBL's change of focus as to what part of the problem it addresses.
Perspective is indeed a great idea. And your arguments here are typical of the "my cause can do no wrong, and trumps anybody else's rights and concerns" attitude that zealots are known for.
Your willingness to trade my financial well-being for "millions upon millions of other people"'s freedom from spam is very pragmatic, but I maintain that you do not have the right to make that trade. Yes, you have good intentions. But sometimes ethics goes beyond good intentions.
Like I said originally -- I hate spam. I would absolutely support an RBL that blocked spam effectively. But a group that pulls the classic "we had to kill you to save you" shtick doesn't deserve respect or support.
-b
ps: A common thing to hear is "well, it's your fault for doing business with Ibill." If someone will provide me with the name of an alternative processor who has a good track record (2+ years in business), is financially stable (no late payments, ever, no retroactive chargebacks), and has stronger anti-spam policies, I'll gladly switch. Hint: None of Ibill's three main competitors meet those criteria.
It's an old topic, and maybe dead, but I couldn't resist responding. You seem a decent, reasonable sort, but please read over your post again.
There is no such thing as a "vigilante" in this context. We *are* the legitimate authorities, we sysadmins.
Right. And that's just what vigilantes have always said: "Nobody else is handling the problem, it's up to us to take it into our hands." Sysadmins, however noble, are not a legal authority. If it were simply a question of an opt-in list, I'd have little complaint. But when you consider how the RBL misrepresents the "service" offered, it's an affront, and it clearly is another piece of the "ends justify the means" philosophy that the RBL has adopted.
That's what it comes down to. If you can make someone stop spamming, and you don't, you're going to get listed.
Well, at least you're honest enough to more or less call coercion by its proper name. But this comes back to my whole argument: in cases like ibill, the RBL is no longer about stopping spam, but instead about using innocent third parties as hostages in the battle against spam.
I got beat up badly by the RBL -- and when I complained, they basically said they would continue harming my business until I fought Ibill on their behalf. Again, it's an "ends justify means" attitude. I don't know about you, but I think that putting a gun to someone's head is not the best way to gain an ally.
And, finally, you haven't addressed the issue of where you draw the line. Doesn't it make sense to RBL the US congress? After all, they could make people stop spamming very effectively. And they haven't done an adequate job of it. And certainly Bank of America, where many spammers keep accounts. Fed Ex? McDonalds?
As someone else on this topic noted: guilt for spam is not, and should not be, transitive. And trying to make it so absolutely does not further the goals of the RBL. Pushing innocent third parties around is probably satisfying, and it definitely demostrates considerable power, but it demonstrates such hypocrisy that I don't know whether to be angry, or sad, or both.
DISCLOSURE: Like about 50,000 legitimate, non-spamming businesses, one of the projects I work on uses Ibill. Some of my attitude towards the RBL comes from discussions I had with them after the RBL of Ibill cost my company about $6000 in a few days, and the RBL people had the gall to tell me that I should blame Ibill, as it was "their fault." This is analagous the kidnapper blaming the authorities when he shoots a hostage.
The change in the RBL over the past few years has been from actively fighting spam to fighting things that, in your words "contribute to a significant flow of spam." The problem, obviously, is that it's easy to point to almost anything and claim that it somehow contributes to spam, and to use that as a justification for pretty much any aggressive action.
Ibill is an excellent example. Yes, they allowed spammers to profit, and have typically been far too slow cancelling spammers' accounts. And yes, they seem to have some really, really nasty people working there. That Ed Cherry guy is particularly unpleasant.
But I dare say that the current, ongoing battle between Ibill and the RBL has a lot more to do with personal animosity and childish behavior on both sides than it does with stopping spam. And that, my friend, is very counter to the RBL charter.
If the RBL's criteria is "organizations which spammers use," why not go after federal express, and the banks where spammers' accounts are kept? How about ebay? Oops, they're a huge AboveNet client. Can't RBL them.
What about RBLing state legislatures that aren't moving fast enough enacting anti-spam laws? How about the US congress? They could surely do more to fight spam, and they are choosing not to. I say we get 'em! Do you see how ridiculous this is getting?
This "go after spam precursers" attitude is new to RBL in the past few years, and I for one don't like it. It's vigilanteism, and while it's satisfying in the short run, it sets a bad precedent and demonstrates a complete disregard for the rule of law.
(The usual counter-argument here is that spammers disregard the law, and therefore this kind of action is necessary. To which I say: emulating spammers to stop spam shows moral and ethical bankruptcy).
Blocking spam, yes. If the RBL simply blocked networks that were originating spam, I would put it back on the equipment I manage.
But going after third parties who do business with spammers is going too far. And getting into personal battles and acting unprofessionally is certainly right out.
-b
Everyone hates spam. I hate spam.
But the RBL has gone so far from its charter that I don't support it these days. Today, the RBL is more a tool of vengeance than a way to protect networks from spam.
Did you know that the RBL not only blocks networks that send spam, but also networks that they believe do business with spammers? Many of the entries on the RBL have never, ever been accused of spamming people or allowing spam through their networks, knowingly or unknowingly. But as far as the RBL gods are concerned, they faciilitate spam, or they don't do enough themselves to fight spam. And that gets them on the RBL.
There's also the blocking of email lists which don't comply with the RBL's opinion of how to run an opt-in list. And now this new case.
So I'm happy to see them in court. There is a free speech issue here, but there is also the issue of gross misrepresentation, as the RBL no longer even follows its own charter. The way I see it, the RBL is committing fraud by promising a service that is completely different from what they actually do.
-b