Slashdot Mirror


User: khasim

khasim's activity in the archive.

Stories
0
Comments
5,818
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 5,818

  1. I like the concept, but not that implementation. on Darkmail Attacks - The Next Network Threat? · · Score: 1

    Suppose I setup a spamtrap of "george" because no one here uses that address.

    But a legitimate contact makes a mistake typing the address and does send it to "george".

    I would rather that it count the number of bad address attempts and blacklist the sender after X failures (5 for example).

    But the failures would have to be counted as unique and across multiple connections. So resending to "george" 5 times won't lock them out. But making 5 connections with a single attempt to Al, then Bill, then Curtis, then Daniel, then Frank would blacklist them (within a set time period such as 5 or 10 minutes).

    Actually, on that last attempt, I'd like it to receive the email and dump it into a special account so it can be forwarded to SpamCop and THEN blacklist it on my local server.

  2. You disgree with #8? on Equal Time For Creationism · · Score: 1
    And #8 is ...
    I believe the word is "DUH!"

    It would be difficult to reconcile a kind and loving God with the philosphy of nihilism.
    And that is "either straw man or a malformed argument."
    When you refer to Nietzsche, you are presumably referring to his entire body of work as it illustrates his personal philosophy. In contrast, ID is simply a narrow characterization of a minor philosphical _concept_.
    It does not matter. You claim it is philosophical, so you should be able to compare/contrast it with the work of a known philosopher.
    It's true that they can't be compared/contrasted, but then neither can you do that with, say, classical optics vs. Theory of Relativity
    Of course you can. The General and the Special Theories can be used to show how classical optics is valid for one specific case where all points are at uniform gravity conditions.

    That is the "compare" part.

    The "contrast" part is where the gravity fields are not uniform and/or the speeds/acceleration are different (and near relativistic). Classical optics will not result in the correct answer to the observations while the General Theory of Relativity will.
  3. Your's may not, but other do. on Equal Time For Creationism · · Score: 1
    IMHO science and religion do not compete because they do not answer the same question.
    That would depend upon whether the "God" in that religion is active in human affairs.
    Science answers the how and religion answers the why.
    That would depend upon what the "why" answer is. It can range from philosophical thought (see Nietzsche) to religious statements (God said it was sinful).
    Whatever progress science makes, it will never answer the question of purpose.
    The "purpose" of a storm ... does it have a purpose?

    Was it really sent to destroy your home because your behaviour was offensive to God and you failed to make the appropriate appeasements?

    Or was it a natural event that could be observed as happening in that same location over many years and if you want a home there that will survive the storms that hit there it will have to be built to these specs to withstand these conditions?

    Or would God have sent an even stronger storm if you built like that? Or are people with strong homes more appealing to God?

    Really, what does God have against trailer parks?
  4. And you still left it off .... on Equal Time For Creationism · · Score: 1
    I was trying to inject some much-needed humor into the conversation, but the fact is that you are most guilty of (1) with quite arguably elements of (2) appearing as well.
    And you don't include the statements that, even though I practically made the bulleted.
    I'd say your post had eight major assertions, and at least four of them did not involve any form of argument but were simply launched from your authority as...well, it isn't clear to me that you have any authority as a source of knowledge about philosophy.
    Again, how much easier can I make it for you to specify which statements you disagree with?
    I'll include a definition from M-W here for your benefit, because I think a simple reading will show that there are errors in your understanding of it. Beyond that, I don't see any benefit in further discussion.
    Yeah. Great. So because you cannot specify which points you disagree with, you'll just post a dictionary definition.
    b (1) archaic : ....
    Why are you referencing an archaic usage of the term?
    2 a : pursuit of wisdom ...
    And that contradicts my position how?

    You really don't know, do you? You just don't like what I'm saying. Too bad.
  5. You left off the most important bit ... on Equal Time For Creationism · · Score: 1
    From your link:
    In particular, an appeal to authority is inappropriate if:

          1. the person is not qualified to have an expert opinion on the subject,
          2. experts in the field disagree on this issue.
          3. the authority was making a joke, drunk, or otherwise not being serious
    So, which is it? Specifically?

    You don't accept that Nietzsche was a philosopher or you don't accept that if you cannot compare and/or contrast a statement ("life was designed") with a philosophical school of thought, then the statement is not philosophical in nature?

    Or maybe you just don't understand what philosophy is.
  6. Look! It's an infinite staircase. on Equal Time For Creationism · · Score: 1
    It is quite valid to question whether or not life may have guided or designed.
    Only in the specific (my life) and not in the general (all life).
    While supernatural origin is one possibility, it is no more (and much less) likely that life on Earth was planted by aliens or interstellar bacteria or Barney the purple dinasour.
    Again, this may have some relevence to my specific life, but when you discuss "life" and then claim that "life" here came from "life" there ... where did the "life" there come from?

    The Creationists "answer" this by resorting to "God" being SuperNatural.
    These kinds of questions are precisely the ones that Philosophy tries to answer.
    No. Philosophy tries to answer how we should behave and why we should behave that way.
    Philosophy often isn't interested in _proving_ something in a scientific manner; there are Philosophy PhDs out there spending their careers working on essentially unanswerable questions, like "do you really exist as a corporeal being, or are you just a brain in a vat?"
    Keep believing that.
    What makes your response doubly ironic is that the whole "brains in vats" area can be paraphrased into the question "are we all just souls in heaven, and is God creating the sensation of having bodies?" By your logic, does this then become religion and verboten?
    Yep. When it first mentions "God" or any other SuperNatural force, then it becomes religion.
    The fact of the matter is that all religions have at least some philosophic component, because religion tries to explain how the world works.
    But philosophy does not have a religious component.

    Don't confuse the two.
    The only real difference between a religious concept and a philosophical one is whether or not faith is required to understand or agree with it.
    And faith is religion. Congratulations, you're written your first tautology.
    This is probably the reason behind the fact that few public schools have philosophy programs: it's too close to religion for comfort for many people, and philosophical debates scare many religious people by challenging their belief systems.
    I believe the word is "DUH!"

    It would be difficult to reconcile a kind and loving God with the philosphy of nihilism.
    FWIW, I am completely against ID in schools because I am convinced that proponents are anti-scientific and have no desire for an intellectual debate. But, it is just silly to suggest that the question itself has no relevance in any forum.
    Not "in any forum". It is quite valid in any religious forum.

    Here's a good example to illustrate that.

    Compare/Contrast Intelligent Design and Nietzsche.

    If you cannot, then ID is not a philosophy.













  7. I see the problem ... on Equal Time For Creationism · · Score: 1
    And while some related with Intelligent Design may have decidedly anti-science agendas, "Intelligent Design" is nothing more than a name slapped on a group of ideas some of us have long held: namely, that there must be more than meets the eye in the wonderful complexity and elegance of our universe and life.
    So it is already your religion and you're defending teaching your religion.
    Will that ever be provable, or ever be science? No.
    Damn straight.
    But then, that is true for just about any philosophical idea. They're just that: ideas.
    And cats are pets so all pets are cats.

    You really need to take a philosophy class (you might want to make sure it includes Logic).

    Just because your religion can be stated as a philosophy does not mean that a sub-set of your religion can be stated as philosophy.
    I'm talking about exactly what I just said, which is a philosophical construct, a group of attempted answers to the oldest questions about why we're here and where we came from.
    No. That is NOT ID, unless by the "why" you mean "what should our goals in life be" rather than "because God wants me to be here".

    If it is about the goals, then ID does not answer that.

    If it is about God (or the "Designer") then it is a religion. It may be your religion and you may accept it as fact/truth/whatever, but it is still only a religion.
  8. Compare/contrast ID & Nietzsche on Equal Time For Creationism · · Score: 5, Insightful
    I'm European, so excuse my ignorance, but I really don't see why it should, from what I can tell it doesn't have any philosophical bearing. Or what is the philosophy that should be discussed in class?
    Exactly. ID has nothing in common with any other philosophy UNTIL you add the religious aspect.

    ID is not science.
    ID is not philosophy.
    ID is an attempt by a religious organization to counter the scientific method's encroachment on their domain.

    With every scientific advance, their concept of "God" becomes less effective and more nebulous and this scares them.
  9. You are wrong. on Equal Time For Creationism · · Score: 2, Insightful
    Christian Creationism has no place in the classroom (save for perhaps a religion class).
    Okay. That's acceptable.
    Intelligent Design != Creationism (even though some Creationists have co-opted the term, attempting to cloak promotion of Creationism in pseudoscience).
    Really? And what are the differences? I mean, aside from the obvious ones of spelling "God" and "Designer" and not directly referencing the Bible.
    Intelligent Design certainly has a place in the classroom.
    No. The only place it has is in a class on religions.
    I'd hope that we've evolved, no pun intended, to the point that we can agree that this might belong in, say, a philosophy classroom.
    No. Only if the "philosphy" class is actually a "religion" class.
    To say that it wholesale "doesn't belong in the classroom" is, I think, a disservice to honest discussions about our existence, further complicated by Creationists who want to do away with the theory and science of evolution completely.
    No. What philosophical discussion could there be?

    There is no way to provide support for it or to refute it and the concept does not affect a person's life outside of his/her religion.
  10. Re:Genetic algorithm for realistic spam on Risks of Partisan Spam Filtering? · · Score: 1
    It's not so simple since many return addresses are forged. And unless the spam gets bounced to the forged return address, the owner is likely unaware that their address is being forged and can't pursue corrective measures.
    Sorry, I should have said "sending IP address". There is no way to forge the IP address of the machine sending you the message and still receive the message.
    All this filtering does is selectively breed spam generators with more realistic content, sort of like a slow, manually operated genetic algorithm. Already most spam uses well formed headers and fully standards compliant messages.
    You would think that, wouldn't you? But it doesn't seem to be working.

    I guess that's because what looks "realistic" to you would not be "realistic" to me. So the spammer would have to tailor his spam to the recipient.

    Note, this does not work well in large ISP situations, but works incredibly well in single person situations. I use it at a small office (150 employees) and it works pretty good.
    That stopped the junk fax problem which some here may be old enough to recall.
    Yeah, it did. But with junk faxes it was easy to find the phone number that was faxing you.

    With spam, the machine sending it is probably a zombie.
    Spam costs. It costs schools, it costs businesses and it costs individuals. Sure electrons are 'cheaper' than fax paper, but time costs and weeding spam or messages lost due to false positives cost lots of time, especially the latter.
    I agree. But with the CAN-SPAM act, it is very difficult to make a FEDERAL case out of the spam. We need to get rid of that and allow each state to set their own laws.

    Sure, that would drive up the cost for the legitimate email advertisers, but why should I have to put up with spam just so they can keep their costs down?
  11. How sites/messages end up as "spam". on Risks of Partisan Spam Filtering? · · Score: 1

    #1. The sending address is on a blacklist because that address sent a message to a spam trap.

    #2. The sending address is on a blacklist because people received the email and submitted it as spam.

    #3. If #1 or #2 apply, web links inside the message can be classified as "spammy" content. This includes links to graphics, articles, and so forth.

    #4. See #3, but key words can be classified as "spammy" content. The easy way around this is to use the "this is not spam" function that should be available to you.

    So, the "problem" can be broken down as: The sender is an idiot for sending the crap to people who don't want to receive it.

  12. It's da Mouse! on CAFTA Treaty Exports DMCA · · Score: 1

    It's not about whether a tech article or other informational writing will be worth protecting.

    It's all about entertainment and keeping those few songs, movies and such securely locked up for as long as the corps can turn a profit.

  13. Mod parent up! on They Make Stuff? SCO's OpenServer 6 Reviewed · · Score: 1

    Unless your company absolutely needs one of these improvements RIGHT NOW, you'd do better waiting for the lawsuits to settle and seeing which company ends up with what.

    There is a good chance that SCO will not be around in 2 years (burning through money faster than bringing it in).

    Put off this upgrade as long as possible and see what the future holds for OpenServer.

  14. That's not what you think it is. on Classed as Spam by Large-Scale Free Email Servers? · · Score: 3, Informative
    In your original statement, you said:
    My domain has a SPF record, the IP resolves, and it doesn't appear to be on any blacklists.
    So ....

    chrisbartle.com resolves to 216.17.137.189

    but

    216.17.137.189 resolves to bartle189.dsl.frii.net

    So it doesn't resolve correctly. You might think you have a "static" IP address, but it appears the same as any other, dynamic, home DSL address.

    Unless you can get frii.net to change their DNS entry for you, you'll continue to have your mail rejected.
  15. Mod parent up! on Classed as Spam by Large-Scale Free Email Servers? · · Score: 1

    He's trying to use what appears to be a home DSL connection to run his email server.

    DUH! That's what most of the spam zombies do.

    If you don't want to be rejected because you look like them, then you must change how you look.

    Either get a business account or see if you can convince your ISP to change the reverse DNS lookup on your IP address (lots of luck on that).

    Remember, it is all about how you APPEAR to the receiving machine.

    If you APPEAR to be a legitimate server with the correct DNS entries, HELO, etc, then your mail will most likely be accepted.

    There is NOTHING you can do with your home DSL connection/server that spammers cannot also do with a zombie on such a connection. So ... even if you find a way to make it work TODAY, the spammers will pick up on it and flood those services and then the mail admins there will find a way to break it TOMORROW and you'll be right back where you are now.

    If this project isn't worth the additional cost of a business account, is it really worth the headaches?

  16. Red Cap! on If Microsoft Went Open Source · · Score: 3, Insightful

    So, Microsoft buys out Red Hat for a huge amount of money....

    Why would the people who worked at Red Hat still work there after Microsoft buys them?

    Why wouldn't that take their huge checks and start a new company, with all the GPL'd code and industry love they've earned and call it something like "Red Cap" and pick up right were they left off.

    Except they're all much richer than before.

    Microsoft can hire individuals away from Linux-based companies ... but Microsoft cannot do anything to the people who WANT to work on Linux.

    And I wouldn't trust Microsoft's lawyers not to have all kinds of provisions in a developer's contract with Microsoft.

    I'm sure Bill would happily pay Linus a million or two if he could legally prevent Linus from writing any more code.

  17. I am hereby patenting everything else. on Amazon Seeks Web Services Patent · · Score: 2, Funny

    I want a patent on a process whereby any information you could have asked a person for before (phone numbers, addresses, book titles) will be accessed via a computer and a computer will respond with the information.

  18. The important thing is ... on Russia's Biggest Spammer Brutally Murdered · · Score: 4, Funny

    ... that we're all available to support each other's alibis.

  19. I don't know about where you work. on The Seven Laws of Identity · · Score: 1
    OK, so let me get this straight. You won't do business with an online company that delegates some of its business functions to another business, because to you that means it has "a non-existant security model." And at the same time, here you are arguing against the security model.
    Well DUH! Of course I'm arguing against it. Because there wouldn't BE any security.

    Got that?

    Now, go look up the definition of "pernicious".
    Let me give you a concrete example. You log in to your company's corporate portal with your company credentials. You click on a button that says "401(k)." Instantly you are transported to a page that includes details about your retirement plan.
    Not where I work. It spawns another browser window and I have to log on using the credentials for their site.
    All that information is coming from a site operated by the financial services provider that runs your company's retirement programs. (Or healthcare plan, or HR information, or whatever else your employer wanted to outsource to a third party.) It still looks like your corporate portal. You still log in using the same credentials. But, in effect, the content you're seeing comes from a completely different site.
    Yeah. Sure. And the other windows that open that I have to enter my credentials are just ... something else.
    One big reason people are interested in federated digital identity systems is because of the scenario I've just described.
    Now it's "federated"? So, what's wrong with the way I have the Intranet setup where I work?

    It's far more secure than the situation you're describing.
    And when I say "big reason" I mean huge.
    Yeah. You keep believing that.
    If you have a job and you think your employer won't want to do this in the next five years -- or that it won't need to do it, because it will be the only way that financial institutions do business -- think again.
    Sorry, I didn't realize I was talking to Nostradamus.

    I know my employer won't be doing this in the next 5 years. I work for a small insurance company and they are VERY concerned about security.

    You seem to have lost the "security" issues somewhere in your discussion of "wants".

    Don't do that.

    It's all about the security.
  20. Mod parent up! on Congressman Seeks Scientists' Personal Data · · Score: 2, Insightful

    The GP is wrong. It doesn't matter who funded you as long as you reveal your methodology and data.

  21. Again, read the article. on The Seven Laws of Identity · · Score: 1
    From the article I keep telling you to read:
    As peoples' use of the web broadens, so does their exposure to these workarounds. Though no one is to blame, the result is pernicious.
    Look up what "pernicious" means.
    As for Slashdot, please don't put words into my fingers. I didn't say Slashdot's approach was universally good; in fact, I specifically noted that it was possible for someone to fake being me by grabbing my password.
    Again, the article refers to the current situation (which includes /.) as "pernicious".

    Either you agree with the article or you agree with me that /.'s identity system would not compromise you in any meaningful fashion.
    Much the same is true of the banking web site example. It's all very well saying that a browser should display accurate URLs today -- nice dig at IE, I'm surprised you didn't pimp Firefox while you were at it -- but also utterly irrelevant.
    Hardly irrelevant. If the site's address is correctly displayed, then the identity issues discussed do not apply.

    If it is not, then they are circumvented.
    What if you went to a financial site you belonged to, and it was going to redirect you to another company for a particular service.
    Then I would drop that business because of their non-existant security model.
    You have no idea what the correct URL would be, though presumably you trust the service that's directing you there.
    No. At that point I do not trust that company any more.
    Displaying dubious URLs properly won't help you here, but a form of trust-based verifiable identity will ensure that once you've been there from a trusted source, anything you come across later that claims to be the same company can be verified -- and all without any need for information on your part, incidentally.
    And that is where it breaks down.

    Because I do not know where I am supposed to be connected to, I cannot know if it is a legitimate site.

    Because I do not know if it is legitimate, I cannot (and should not) provide any information to it.

    And don't bother telling me that I wouldn't be providing it or that the original site's authentication would follow me. All that means is that there are MORE points that can be attacked.

    Me - to - bank site. 3 points to attack (my computer, man-in-the-middle, bank's system).

    Me - to - bank - to - other site. FIVE points to attack.

    And that's only if the bank validates against their internal system. Adding an external system (such as mentioned in TFA) would add another TWO attack points for EACH connection.

    Adding attack points is the OPPOSITE of "security". Particularly when you're adding a THIRD PARTY.

    Don't try to sell the "identity" concept by claiming that sites would suddenly abandon decent security practices.
  22. At least read the article you're defending. on The Seven Laws of Identity · · Score: 1
    Of course it is. But how is an untrustworthy web site going to convince you that it's really your bank when your browser pops up a flashing red warning sign all over your screen the the claimed identity can't be verified the instant you visit it?
    No. That is a function of the browser and how it displays the name/address of the site. That has been covered before.

    If the browser allows the site to hide the actual address and display a different one, then the identify authentication method has been circumvented.
    Slashdot only knows that I am the real Anonymous Brave Guy (or someone who ripped his password, at least) and the e-mail address I supplied at sign-up. It doesn't know my real life address, nor need to, in order to understand that I can post here with this identity attached to my writing.
    You may wish to read the article to which you are refering.

    That is the current situation and one that I am quite happy with. Should /. be compromised, they will get nothing that can be used on any other site.

    The article was proposing much more.
    You keep writing as if there's some sort of centralised authority that would have to manage all of this stuff. I don't see where that assumption comes from, or why any system based on the principles in TFA would have to work that way.
    Again, because our current system is setup that way.

    You know, the system that the entire article says needs to be overhauled because it doesn't work? Here's something you should read from the very beginning of TFA:
    Since this essential capability is missing, everyone offering an Internet service has had to come up with a workaround. It is fair to say that today's Internet, absent a native identity layer, is based on a patchwork of identity one-offs.
    As peoples' use of the web broadens, so does their exposure to these workarounds. Though no one is to blame, the result is pernicious.
    So, if you don't have a problem with /.'s approach, why do you defend an article refering to it as "pernicious"?

    Oh, don't know what that means?
    1. Tending to cause death or serious injury; deadly: a pernicious virus.

    2. Causing great harm; destructive: pernicious rumors.

    Archaic. Evil; wicked.

    So, you say that /. has a good approach, and you say the article is good, but the article says that /.'s approach is bad.
  23. You're wrong there. on The Seven Laws of Identity · · Score: 1
    If everything could ultimately be tracked back to you eventually, things like spamming, virus distribution, defamation, on-line fraud, and numerous other harmful behaviours would be dramatically reduced. You could improve a lot of people's lives here.
    Spamming and virus distribution can already be tracked back to a certain degree. Both are done by zombies and no identity system will solve that.

    As for defamation, that can, also, be easily tracked by legally requesting the logs of the server involved.

    Fraud would not be affected because if the person was already going to commit a crime, why not include using a false identity, too?
    Personally, I think most of the supposed advantages of anonymity on the Internet are illusory anyway. Does anyone really believe that all these people in China are happily speaking freely on the Internet as it stands today anyway?
    Nope. Nor do I believe that such happens in the US. Do you?

    The honest people will be the only ones affected by this and the crooks will find it easier when people believe that everyone is correctly identified.
    Hence, on balance, a reliable identity system gets my conditional agreement, subject to the devil in the details of course.
    Oh, of course! A perfect identity system ... who could be against that?

    What you don't understand is that this issue is all about the details.

    It is beyond naive to support the concept but to skip the details. Or, if you prefer, it is "utopian".
  24. You didn't read it right. on The Seven Laws of Identity · · Score: 1
    Having skimmed the article (the PDF works fine for all you 404 moaners...) it seems to make a lot of reasonable arguments.
    Yes, it seems to, until you start thinking about them.
    Any hint of subterfuge will immediately harm any information-based system's credibility, so we might as well start by ruling out the most serious form.
    Why? Isn't it understood that there will be websites out there that will use subterfuge in an attempt to get identity data from the system?
    I also like the claim-based approach. A claim needn't be "I am John Doe of 16 Some Street, Someville." It can be much more general, e.g., "I am a member of Group X, and therefore entitled to access Service Y."
    But they system would have to also know that you're "John Doe" as well as that "John Doe" belongs to group X.

    Then, when the identity info is requested, what is transfered is what the central system deems is appropriate.

    So, all those bad websites put up by bad people will be trying to get additional info held by the central system.

    They may even do this by tricking you into authorizing an elevated inquiry. Great. Just another way to lose your personal data.

    Since "identity" is useless unless accompanying "payment" (unless you count LiveJournal), why not focus on the payment aspect instead?

    That way, if Microsoft gets it wrong (what's the chance of that happening), all I'm out is the price of whatever I just bought ... rather than all my personal information.
  25. Who will trust Microsoft. on The Seven Laws of Identity · · Score: 1

    The key to ANY identity system is the central identify repository. That's the box that holds the criteria to prove that you are you.

    Who will trust Microsoft to maintain that?

    Who will trust Microsoft to SECURE that? Including the implementations and protocols used to access it.

    As you say, Microsoft wants an early lock-in on something that they still haven't convinced people they really need.

    An "identity" system means a single point to attack to get EVERYONE'S identify (everyone who has joined it).

    And it would have to be open to the public because they're the ones who would be using it.

    One error and everything is blown open.

    One employee who is willing to download the database and everything is blown open.

    Microsoft is focusing on how to convince others that Microsoft's ownership is a good thing. Those others need to be focused on what will happen if/when Microsoft is compromised.