This works if and only if the server is accurately reporting its information.
All email is delivered using TCP connections, where the sender's server IP number is accurately known to the receiving server.
This is reliable in almost all cases, because TCP requries at least one packet from the receiving server to make its way to the sending server in order to establish connection details that allow data to be transmitted. The server sending the email, even if compromized, is generally not in control of the routing tables in all of the gateways and routers between it and the receipient.
Once the connection is established, any false data can be sent. But the IP number is not usually forgable because of the way TCP works. Almost all servers add a "Received:" header, with the true IP number of the server that sent the message.
A common trick is to add false Received: headers, to give the appearance that the sender is merely forwarding the message on someone else's behalf. So you can't trust all of the Received: headers in a message, but the last one... the one added by your own server, is trustworthy. Well, at least as far as you trust your ISP, company, or server admin.
The original suggestion, to try to guess the physical location of the sending IP number and warn if it does not match up with the claimed domain name's believed location or if it's from an "untrusted" country is difficult in that there are not good databases for that sort of thing. But this is exactly what a lot of spam filters try to do.
You seem to be saying that the Italian police were justified in using deadly force against a protester who was damaging property by hitting cars with a fire extinguisher...
AND that those Italian police are also justified in shutting down Indymedia's (likely biased) news coverage of their use of deadly force.
So sure are you that it's proper for the police to censor anyone who speaks critically of them and their portrays their actions unfavorably that your advise is to "Stop whining".
Ever know anyone who has been in thre porn industry?
As a matter of fact, I happen to know a few young women who do porn modeling. They all seem to like it. I don't know a lot of the finer details, but it sounds like they regularly do photo shoots where they get airfare, hotel or some other accomidation, some cash, and sometimes rights to repost some/all pics on certain other sites. They really seem to like the travel and the work. They don't make a lot of money, but it seems to be enough to pay the bills. Some work part time at "normal" jobs.
One woman in particular I know hated her day job and gradually started to earn enough to finally quit. She launched her own website (warning, not just any 'ole porn... kinky rope bondage porn, but this link goes to the consent splash page).
It is not exactly a "happy funtime" industry to work in. Unless reaching the status of a Jenna Jamison or Ron Jeremy, they are considered little more than filthy whores, and treated as less than dirt.
If you follow that link to her website, you'll see she has a journal over at livejournal. She updates her journal not just daily.... but usually multiple times per day. Go ahead, read a bit. Is this the writing and life of a degraded woman driven to the brink of committing suicide?
Then again, if you don't have time to read the journal, perhaps scroll down to Oct 7th for some eye candy (again, warning: graphic images... though the one with nudity has an additional link to click).
What do you suppose the chances are that they will actually pay the $25000 and stop spamming, rather than relocate, change their identities, and continue with yet more effort to mask their true identity?
Maybe Tom (the Massachusetts Attorney General) is going to need to recruit an army of unskilled work-from-home people hoping to get-rich-quick by taking their cut in collecting the unpaid moneyary fine imposed by the court?
The following statement seems to assume that 8 bit CPUs have a uniform instruction size of a single 8-bit opcode, and 32 bit CPUs have a single 32 bit instruction size, and that an arbitrary program would need the same number of instructions.
With 32 bit processors, you need four times the memory to run the same program as an 8 bit CPU.
For some popular 8 bit microcontrollers:
8051: instructions 1 to 3 bytes. Heavy use of registers tends to average around 1.5 bytes/instruction, heavy use of direct memory addressing will average 2 bytes/instruction.
PIC: 12, 14 or 16 bits per instruction
AVR: 16 bits per instruction... some rarely used instructions are 32 bits.
Now, for the 32 bit ARM processor (the one article is about):
Normal Mode: 32 bits per instruction
Thumb Mode: 16 bits per instruction
So, you can easily see that in thumb mode, the 32 bit ARM chip has instructions comperable in code size to popular 8 bit chips. But the registers are 32 bits.
a lot of (most?) consumer electronics still use 4-bit MCUs.
This was true about 10+ years ago.
ECN magazine, for example, sometimes would publish charts showing 4, 8, 16 and 32 cpu market share. I recall seeing one of these charts around 98 or 99, and indeed 8 bit chips had the vast majority of the market. I believe the topic of the article was about how 16 bit chips had failed to live up to marketing expectations... probably due to higher prices and maybe higher power consumption.
To be fair, many of these aren't the MPAA (though at least the 2nd one is)... but there is definately a pattern of abuse. These are just the ones I found in 5-10 minutes of searching. It's quite likely there are many more out there, and many that go utterly unreported.
For most slashdot readers, likely age 12 to 22 who are full time students with a lot of time on their hands and little disposable income, this logic must seem iron-clad:
spend time on p2p filesharing apps, download lots of music
can't afford many cd
buy (or acquire as gift) ipod
load existing downloaded files already on PC
Well, that probably is a trend for everyone who has spent most of their life living as a full time student, working perhaps a few part-time, low-wage jobs.
But consider that many ipods are also owned by "movers and shakers", age 25+ who work full time. These days, many jobs are pretty demanding and lots of folks work overtime, eat breakfast in their cars while stuck in rush hour traffic on the way to work, grab lunch from restaurants nearby the workplace as it saves time (getting takeout and eating at your desk is a common trend).
These people often can afford to buy an ipod on a whim, or don't think twice about buying one as a gift for their spouse or lover. These folks have the money to buy CDs. What they lack is the time... often CDs are purchased as a second thought while shopping for important things (like groceries and clothes for the kids). Most of these people simply don't have a lot of extra time, and with the small exception of the computer enthusiasts among them, mand spend part or all day in front of a computer and don't want to waste time on file sharing networks. Some play computer games, some like to just relax and watch TV, others are active or go the a health club and work out (after about age 30, most people gain weight and lose energy if they don't work out).
For people in this crowd, a more likely scenario:
Have large collection of CDs... most sit on shelf, except for 5 in the changer at home and some favorites in the car on the way to/from work.
Can afford to buy a CD
Buy ipod, or receive as gift
Use iTunes to load existing music collection already on CDs.
My point, being 34 myself and personally knowing lots of folks approximately that age, is they love ipods too. But if some exceptions, they just don't have the time to spend fiddling with new software and chasing after songs on file sharing (especially these days, when many are bogus). They have lots of CDs, and when they hear something they like and remember the artist name, they often times just buy the CD if they see it at the store. $15 is just not a big deal, when you work full time with a decent job and the one precious thing you don't have anymore is lots of free time.
I'm sure a lot of slashdot readers, who are full time students and so far have had only disappointing wages at part-time jobs will find this all very strange. Just wait 10-15 years. Assuming things like the economy and offshore outsourcing don't turn into disasters, you'll know this routine all too well. Of course, if history repeats itself, 10-15 years is about the amount of time it takes for publishers to stop fighting and embrace new technology.
The simple fact is that 99 cents a song just isn't worth it. ...
Instead we see songs being sold for more than what they cost ln a cd. IE cd with 14 songs= 12.99 thats less than 14 a song.
I believe iTunes and others sell the full album for about $10, or $1 per song. So you don't pay $14 for a 14-song album, unless you've already purchased 5 songs individually, or unless you're simply ignorant regarding the full album pricing.
Still, it's not nearly a "fair" price compared to a physical, considering that all the physical expenses are gone, as well as the retail storefront. But saying you need to pay $14 for a 14-song album on iTunes is simply wrong, as most albums are available for about $10.
You are right about one thing... IE is old news. Microsoft won.
So how about Windows Media Player?
Microsoft provides marketing funds to major computer manufacturers (which are critical to survival in such a competitive market), but there are numerous terms and conditions. Among them, those OEMs are not allowed to make several important MIME types default to any media player other than Microsoft's. Sure, they can install Real's player, or Apple's Quicktime. But they're not allowed to let those launch when any important MPEG, AVI, MP3 or other file types are clicked on the desktop, in broswers, attached to email, and so on.
So fine, be tired of hearing about how Microsoft got away with blantant anti-trust violations. Bury your head in the sand... because it's still going on, business as usual. Similar stories regarding java, search tools, internet service (msn). They're up to the same old tricks.
Sure, individuals have "choice"... but the reality is that only open source can survive Microsoft's tactics that decimate the value of the market for any commercial competitors.
These have just gotta be the lamest excuses I've seen yet. Maybe it was a joke and I missed the punchline?
Its parsing is too complex
It's really pretty simple, and there are free reference implementations.
No sane firewall is going to let TXT records through
No sane firewall is going to let TCP DNS packets through
Most "sane firewalls" are either going to allow DNS queries to originate from the intranet and replies to be received (eg, simple NAT routers)....
Or they're going to block all DNS and a caching nameserver is going to hear requests from the internal network and perform the queries.
Both cases work fine.
The parsing can loop forever
Example, please?
It will increase DNS scaning as spamers hunt for broken SPF records
Wow, there's a solid reason not to do something... it'll cause spammers to waste everyone else's resources.
They already do lots of scanning, connecting to random domains and mounting dictionary-based guessing attacks. SPF scanning is just one simple query for each domain. The term "one drop in a bucket" comes to mind.
Its too complex to be implimented inside the MTA where it needs to be done
Reference implmentations exist and work (well, in beta). Cost is minimal. Extra delay for DNS queries is on-par with existing checks many MTAs do. CPU usage is minimal. Message can be rejected BEFORE data is sent, which SAVES bandwidth.
It can't be properly parsed in sendmail
Milter
ISO 8839 8859 59-15 utf-8 issues for domain names may kill some dns servers
These domains are already publishing their names with servers that can do this. Anybody successfully communicating with these domains (not typing the IPs manually) is already successfully querying them.
If you want to advocate SPF, publish a SPF record for your domain, and then register it. Already,
126518 domains have published SPF records (at the time of this writing).
By the time the FTC's summit comes around, it's looking like SPF is going to be pretty well established.
Of course, nobody behaves like this in the Linux world.
I believe you missed the zlib buffer overflow, which turned out to be staticly linked into many applications, as well as in the shared library.
Yeah, not quite the same, since static linking is different (perhaps worse) than having lots of copies of the DLL in different directories, as far as updating is concerned. Also, a different situation because developers had the option to link the way they wanted.
But to say this sort of thing never happens in the "linux world" and that all library security bugs are easily cured for all apps by updating the shared libs neglects some really unfortunate occurances like the zlib buffer overflow.
The user can corrupt the hell out of their hard disk, and they have only themselves to blame.
If you RTFA, that is exactly what happened.
In addition to having themselves to blame, the abusive network traffic disrupted connectivity between 40 company locations and connectivity to the internet.
So yeah, a some individual machines were messed up. But almost ALL other machines were impacted, because without connectivity to the rest of the company, employees were unable to conduct their dialy activities.
... and next thing you know, a company will change management, rename itself, claim they own this ancient technology, try to pretend like source code was never released, and then launch a major lawuit claiming that modern systems infringe upon a variety of vauge intellectual property rights from ancient code.
I would rather extract the domain, look up the IP, and check the IP.
That won't help against "bulletproof hosting", commonly used by spammers, where a nameserver in a country like Russia or Poland resolves the name to one of thousands of zombie machines hosting the site.
The SURBL approach does.
Yes, I know that servers many host many domains:... This will only increase pressure on the spamheaven server admins to get rid of the people who use spam to spamvertize their sites.
Spammers don't use $10/month shared virtual hosting for their websites.
The real question is why Real... perceived as a malicious company?
It wasn't long ago that you were promised a "free real player"... but to get it, you had to search out the tiny, virtually hidden little link on not one but several pages in a sequence to finally get to the "free" version that would not expire in several days and demand you pay.
Of course, the non-free (as in beer) version that expired quickly wasn't conspiciously labeled as such in the several places it was displayed... so most people, even knowledgable technical people, were usually tricked into downloading the trial version of the expensive player, having a reasonable believe that they were in fact installing the free one they had been promised.
Many sites that offered videos in Real's format resorted to giving detailed explaination of exactly where to find the free one and how to get past all the attempts to trick you into downloading the expiring trial. What did Real Networks do? They regularly changed the pages, in what appears to any rational observer a deliberate attempt to intentionally hide the truely free version and dupe anyone looking for it into downloading the one that isn't free.
Upon installing either the free or trial versions of Real's player, it wasn't long ago that they would randomly throw popup advertising on the screen. Perhaps there was a way to disable this, but it wasn't obvious.
During the installation process, Real would demand the user to give their email address. The purpose was only to sell these addresses to marketers. The typical install, which is what most users select, would subscribe you to lots of junk. The custom/expert/advanced install would have a list of marketing partners.
Slashdot even had coverage of Real's highly deceptive tactic of using a very long list of opt-in marketing, where the ones that initially appeared in the list were all unselected.... giving the user an appearance that the default was to opt-out. But MANY more appeared below the visible portion and were only seen if the user scrolled down. All those others, not shown without scrolling, where checked by default. That's a pretty sneaky trick.
But it doesn't stop there. It's keep running in the background, even if asked not to. They had a history of sending private info back to their server, even if told not to. They have a history of grabbing file associations when they reasonably shouldn't. The list goes on and on. If there's a sneaky, deceptive tactic to be used in free downloads, Real has done it.
Maybe that's changed now. But they have left a legacy of mistrust that is very well deserved.
Its their business how they license that content to you.
It also appears to be their business to impose additional restrictions that go far beyond the way they "license that content to you".
I do believe they've got every right to do that since the material belongs to them.
Apparantly you have not heard of "fair use", which was originally introduced by the supreme court and later written explicitly into the law by congress.
In a nutshell, the doctrine of fair use (which is the law), states that in some cases it is legal to copy or otherwise excersize the copyright holders exclusive rights without permission, depending on these 4 factors:
the purpose and character of your use
the nature of the copyrighted work
the amount and substantiality of the portion taken, and
the effect of the use upon the potential market.
It is well established case law that recording a television program for later private, in-home viewing is a fair use. Specifically, for #1 is it non-commercial use and #4 there is virtually no impact on the potential market for the copyright holder.
As far as "most people don't care", we will see. I suspect a lot of Tivo owners are going to be upset when/if their tivo refuses to record or store some show or movie.
Records already published by 70000+ domains, including some very important ones like aol.com.
A way to guess a default record for any domain not yet publishing, that works for most existing mail servers.
Code already under development and in beta testing for all major MTAs.
Algorithm already implemented in upcoming SpamAssassin filter, which is currently in release testing
It's an inferior attempt at authentication.
Yeah, yeah, yeah... it has crypto, so it must be strong.
Like the grandparent says, it's all a big waste of time. I'm going to delete those TXT records right now...
And replace it with a yahoo DomainKey? How are you going to do that? Oh, you're going to go download the reference implementation, compile this alpha-release source code, and run the "dknewkey" to get something like this:
testkey._domainkey IN TXT "k=rsa; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANazc9du4IFEWnSr idEMAuv9UvCojT8hiTg1L646F6T4dRTsz7MB0WdnG2cF5J6HgA AlvpIB8HN1bh43FBb1MqkCAwEAAQ=="
Then you're going to
head over head and grab this while ignoring the advisory section:
THIS IS PRE-RELEASE SOFTWARE, and should not be used in any critical production environments.
For someone highly concerned about what is and is not a waste of time (unlikely, posting to slashdot).... if you already did publish a SPF record, your best course of action is probably to just leave it there.
Certainly, Yahoo's DomainKeys is not yet to a degree of maturity to be actually used for much more than development and alpha testing.
In contrast, SPF is already protecting 70000+ domains and numerous sites are beginning to filter out forged messages pretending to be from those domains.
Very soon, SpamAssassin 3.x will be released (already on second release canidate), with SPF checking built in and turned on by default. Other anti-spam filters will follow.
From a practical point of view for the near future, choosing between installing a TXT record of the form "v=spf1..." or "k=rsa...", it's pretty clear which of these is useful today and which (unless you're a developer working on DomainKeys) is a waste of time.
Inexpensive techniques (spammer's cost) will become much less effective. Profits from spamming are likely decrease.
Virus code will be prevented from easily spoofing fake addresses, likely resulting in easier identification and cleansing (or disconnection) of infected machines.
Virus propagation speeds by email will likely be reduced when a good portion of their messages are not delivered or filtered to a junk folder.
Reduction in widespread virus infections may diminish the available pool of zombie machines that can be sold to spammers.
spammers hijack the machine of some dumb sap who's a legitimate customer of such an ISP, and send under his name
Spam or virus messages that are forced to traverse an ISPs mail server will likely be subject to rate limiting and other anti-spam / anti-virus checks before the SPF authorized MTA transmits them to their destination.
Abuse complaints will be directed to administrators whose MTAs originated their message, not a spoofed third party.
The whole exercise has been a waste of time and attention for all involved, and the sooner it's forgotten, the better.
What a negative attitude encapsulating an untrue factual assertion. To refute "a waste of time for all involved", all that is required is to show that some involved have received some benefit.
Already, many people who have implemented SPF checking have filtered out many messages with spoofed aol.com addresses.
So there. That's one clear, undisputable examples of actual people who have received benefit from SPF, even at this very early stage of adoption. There are many similar examples.
If it widely known that spammers will manage to adopt to SPF, but at increased cost and increased risk.
Whether virus code and phishing scams can adopt remains to be seen. They will have a harder time.
IBM there are no notes or emails relevant to the case from a couple high level executives who were supposedly involved in IBM's linux stratagies.
IBM doesn't want to disclose every tiny unreleased revision to every file in AIX and Dynix over the last 20 years
IBM doesn't have contact info for a bunch of people who aren't IBM employees anymore (including some SCO folks).
Comparing source code is too difficult
Too many third parties contributed to linux and IBM won't tell SCO who they were (they'll only point SCO to the changelogs).
IBM's source control software has just gotta have an easy way to extract everything SCO wants.
and tell us what we are not seeing, give us ONE SHREAD of proof that IBM has done anything wrong
Oh, I'm sorry. You asked for a fact. Well, those are in sort supply these days. But some will probably turn up eventually, if the court orders IBM to let SCO have billions more lines of IBM's code, every email every IBM programmer ever wrote or read, and photocopies of everything every one of their people has ever applied to paper using a pencil or pen. After all that, and 25000 or so man-years to go through it all, we can speculate that maybe, just maybe a fact will turn up.
Slashdot Mirror
All email is delivered using TCP connections, where the sender's server IP number is accurately known to the receiving server.
This is reliable in almost all cases, because TCP requries at least one packet from the receiving server to make its way to the sending server in order to establish connection details that allow data to be transmitted. The server sending the email, even if compromized, is generally not in control of the routing tables in all of the gateways and routers between it and the receipient.
Once the connection is established, any false data can be sent. But the IP number is not usually forgable because of the way TCP works. Almost all servers add a "Received:" header, with the true IP number of the server that sent the message.
A common trick is to add false Received: headers, to give the appearance that the sender is merely forwarding the message on someone else's behalf. So you can't trust all of the Received: headers in a message, but the last one... the one added by your own server, is trustworthy. Well, at least as far as you trust your ISP, company, or server admin.
The original suggestion, to try to guess the physical location of the sending IP number and warn if it does not match up with the claimed domain name's believed location or if it's from an "untrusted" country is difficult in that there are not good databases for that sort of thing. But this is exactly what a lot of spam filters try to do.
AND that those Italian police are also justified in shutting down Indymedia's (likely biased) news coverage of their use of deadly force.
So sure are you that it's proper for the police to censor anyone who speaks critically of them and their portrays their actions unfavorably that your advise is to "Stop whining".
By the time it becomes a regular problem, you won't be ABLE to complain. Well, at least not in a meaningful way.
Also assumign this is just a single instance theres almost zero chance of it being politcal...
Hello, have you actually read Indymedia? Yeah, sure, it's not political. I also hear there's a lovely bargain on a bridge for sale in Brooklyn.
As a matter of fact, I happen to know a few young women who do porn modeling. They all seem to like it. I don't know a lot of the finer details, but it sounds like they regularly do photo shoots where they get airfare, hotel or some other accomidation, some cash, and sometimes rights to repost some/all pics on certain other sites. They really seem to like the travel and the work. They don't make a lot of money, but it seems to be enough to pay the bills. Some work part time at "normal" jobs.
One woman in particular I know hated her day job and gradually started to earn enough to finally quit. She launched her own website (warning, not just any 'ole porn... kinky rope bondage porn, but this link goes to the consent splash page).
It is not exactly a "happy funtime" industry to work in. Unless reaching the status of a Jenna Jamison or Ron Jeremy, they are considered little more than filthy whores, and treated as less than dirt.
If you follow that link to her website, you'll see she has a journal over at livejournal. She updates her journal not just daily.... but usually multiple times per day. Go ahead, read a bit. Is this the writing and life of a degraded woman driven to the brink of committing suicide?
Then again, if you don't have time to read the journal, perhaps scroll down to Oct 7th for some eye candy (again, warning: graphic images... though the one with nudity has an additional link to click).
Two words:
Rob Enderle
Well, how about 4 more:
Laura Didio
Daniel Lyons
Maybe Tom (the Massachusetts Attorney General) is going to need to recruit an army of unskilled work-from-home people hoping to get-rich-quick by taking their cut in collecting the unpaid moneyary fine imposed by the court?
With 32 bit processors, you need four times the memory to run the same program as an 8 bit CPU.
For some popular 8 bit microcontrollers:
8051: instructions 1 to 3 bytes. Heavy use of registers tends to average around 1.5 bytes/instruction, heavy use of direct memory addressing will average 2 bytes/instruction.
PIC: 12, 14 or 16 bits per instruction
AVR: 16 bits per instruction... some rarely used instructions are 32 bits.
Now, for the 32 bit ARM processor (the one article is about):
Normal Mode: 32 bits per instruction
Thumb Mode: 16 bits per instruction
So, you can easily see that in thumb mode, the 32 bit ARM chip has instructions comperable in code size to popular 8 bit chips. But the registers are 32 bits.
This was true about 10+ years ago.
ECN magazine, for example, sometimes would publish charts showing 4, 8, 16 and 32 cpu market share. I recall seeing one of these charts around 98 or 99, and indeed 8 bit chips had the vast majority of the market. I believe the topic of the article was about how 16 bit chips had failed to live up to marketing expectations... probably due to higher prices and maybe higher power consumption.
Just in case anyone didn't see this as satire....
MPAA mistakes various free code in small zip files (all under 64k) as the movie "Basic" and television serial "Alias")4 0047
http://www.scene.org/showforum.php?forum=5&topic=
MPAA mistakes a file manager for X windows as X-Files movie based on television series.a _iselfhelpi.html
http://lsolum.typepad.com/copyfutures/2004/09/dmc
ESA mistakes "INFMapPacks123FULL-MAN.zip" as Pac Mac video game.e r
http://gauley.ucs.indiana.edu/~cshields/dmca_lett
RIAA accuses Penn State's Peter Usher of pirating music by rap band "Usher".n g+letter/2100-1025_3-1001095.html
http://news.com.com/RIAA+apologizes+for+threateni
RIAA admitts to "several dozens more additional errors" but won't disclose details. No direct link to Cnet coverage on May 13, 2003.. php#_edn2
http://www.eff.org/IP/P2P/20030926_unsafe_harbors
Diebold intentionally files false takedown notice to silence (very well deserved) criticism of its shoddly voting machines:. php
http://www.corante.com/importance/archives/001465
Cult of Scientology attempts (yet again) to shut down xenu.net, which exposes embarrasing truths about their documents made public in a court case:1 044497702-DMCA_Takedown_Notice_Scientology_and_Pac Bell.shtml
http://www.peerfear.org/rss/permalink/2003/02/04/
Apparant con artist David Waathiq attempts to use DMCA threat to shut down critical website:
http://mdwaathiq.worldwidewarning.net/DMCA.aspx
.
To be fair, many of these aren't the MPAA (though at least the 2nd one is)... but there is definately a pattern of abuse. These are just the ones I found in 5-10 minutes of searching. It's quite likely there are many more out there, and many that go utterly unreported.
Well, that probably is a trend for everyone who has spent most of their life living as a full time student, working perhaps a few part-time, low-wage jobs.
But consider that many ipods are also owned by "movers and shakers", age 25+ who work full time. These days, many jobs are pretty demanding and lots of folks work overtime, eat breakfast in their cars while stuck in rush hour traffic on the way to work, grab lunch from restaurants nearby the workplace as it saves time (getting takeout and eating at your desk is a common trend).
These people often can afford to buy an ipod on a whim, or don't think twice about buying one as a gift for their spouse or lover. These folks have the money to buy CDs. What they lack is the time... often CDs are purchased as a second thought while shopping for important things (like groceries and clothes for the kids). Most of these people simply don't have a lot of extra time, and with the small exception of the computer enthusiasts among them, mand spend part or all day in front of a computer and don't want to waste time on file sharing networks. Some play computer games, some like to just relax and watch TV, others are active or go the a health club and work out (after about age 30, most people gain weight and lose energy if they don't work out).
For people in this crowd, a more likely scenario:
My point, being 34 myself and personally knowing lots of folks approximately that age, is they love ipods too. But if some exceptions, they just don't have the time to spend fiddling with new software and chasing after songs on file sharing (especially these days, when many are bogus). They have lots of CDs, and when they hear something they like and remember the artist name, they often times just buy the CD if they see it at the store. $15 is just not a big deal, when you work full time with a decent job and the one precious thing you don't have anymore is lots of free time.
I'm sure a lot of slashdot readers, who are full time students and so far have had only disappointing wages at part-time jobs will find this all very strange. Just wait 10-15 years. Assuming things like the economy and offshore outsourcing don't turn into disasters, you'll know this routine all too well. Of course, if history repeats itself, 10-15 years is about the amount of time it takes for publishers to stop fighting and embrace new technology.
Instead we see songs being sold for more than what they cost ln a cd. IE cd with 14 songs= 12.99 thats less than 14 a song.
I believe iTunes and others sell the full album for about $10, or $1 per song. So you don't pay $14 for a 14-song album, unless you've already purchased 5 songs individually, or unless you're simply ignorant regarding the full album pricing.
Still, it's not nearly a "fair" price compared to a physical, considering that all the physical expenses are gone, as well as the retail storefront. But saying you need to pay $14 for a 14-song album on iTunes is simply wrong, as most albums are available for about $10.
So how about Windows Media Player?
Microsoft provides marketing funds to major computer manufacturers (which are critical to survival in such a competitive market), but there are numerous terms and conditions. Among them, those OEMs are not allowed to make several important MIME types default to any media player other than Microsoft's. Sure, they can install Real's player, or Apple's Quicktime. But they're not allowed to let those launch when any important MPEG, AVI, MP3 or other file types are clicked on the desktop, in broswers, attached to email, and so on.
So fine, be tired of hearing about how Microsoft got away with blantant anti-trust violations. Bury your head in the sand... because it's still going on, business as usual. Similar stories regarding java, search tools, internet service (msn). They're up to the same old tricks.
Sure, individuals have "choice"... but the reality is that only open source can survive Microsoft's tactics that decimate the value of the market for any commercial competitors.
Probably the other 60% that DO NOT wipe linux in favor of windows.
If only Microsoft could get regulations passed to make 100% of those machines have windows, the those other 60% would not get comfortable with linux.
Its parsing is too complex
It's really pretty simple, and there are free reference implementations.
No sane firewall is going to let TXT records through
No sane firewall is going to let TCP DNS packets through
Most "sane firewalls" are either going to allow DNS queries to originate from the intranet and replies to be received (eg, simple NAT routers)....
Or they're going to block all DNS and a caching nameserver is going to hear requests from the internal network and perform the queries.
Both cases work fine.
The parsing can loop forever
Example, please?
It will increase DNS scaning as spamers hunt for broken SPF records
Wow, there's a solid reason not to do something... it'll cause spammers to waste everyone else's resources.
They already do lots of scanning, connecting to random domains and mounting dictionary-based guessing attacks. SPF scanning is just one simple query for each domain. The term "one drop in a bucket" comes to mind.
Its too complex to be implimented inside the MTA where it needs to be done
Reference implmentations exist and work (well, in beta). Cost is minimal. Extra delay for DNS queries is on-par with existing checks many MTAs do. CPU usage is minimal. Message can be rejected BEFORE data is sent, which SAVES bandwidth.
It can't be properly parsed in sendmail
Milter
ISO 8839 8859 59-15 utf-8 issues for domain names may kill some dns servers
These domains are already publishing their names with servers that can do this. Anybody successfully communicating with these domains (not typing the IPs manually) is already successfully querying them.
By the time the FTC's summit comes around, it's looking like SPF is going to be pretty well established.
I believe you missed the zlib buffer overflow, which turned out to be staticly linked into many applications, as well as in the shared library.
Yeah, not quite the same, since static linking is different (perhaps worse) than having lots of copies of the DLL in different directories, as far as updating is concerned. Also, a different situation because developers had the option to link the way they wanted.
But to say this sort of thing never happens in the "linux world" and that all library security bugs are easily cured for all apps by updating the shared libs neglects some really unfortunate occurances like the zlib buffer overflow.
If you RTFA, that is exactly what happened.
In addition to having themselves to blame, the abusive network traffic disrupted connectivity between 40 company locations and connectivity to the internet.
So yeah, a some individual machines were messed up. But almost ALL other machines were impacted, because without connectivity to the rest of the company, employees were unable to conduct their dialy activities.
... and next thing you know, a company will change management, rename itself, claim they own this ancient technology, try to pretend like source code was never released, and then launch a major lawuit claiming that modern systems infringe upon a variety of vauge intellectual property rights from ancient code.
That won't help against "bulletproof hosting", commonly used by spammers, where a nameserver in a country like Russia or Poland resolves the name to one of thousands of zombie machines hosting the site.
The SURBL approach does.
Yes, I know that servers many host many domains: ... This will only increase pressure on the spamheaven server admins to get rid of the people who use spam to spamvertize their sites.
Spammers don't use $10/month shared virtual hosting for their websites.
It wasn't long ago that you were promised a "free real player"... but to get it, you had to search out the tiny, virtually hidden little link on not one but several pages in a sequence to finally get to the "free" version that would not expire in several days and demand you pay.
Of course, the non-free (as in beer) version that expired quickly wasn't conspiciously labeled as such in the several places it was displayed... so most people, even knowledgable technical people, were usually tricked into downloading the trial version of the expensive player, having a reasonable believe that they were in fact installing the free one they had been promised.
Many sites that offered videos in Real's format resorted to giving detailed explaination of exactly where to find the free one and how to get past all the attempts to trick you into downloading the expiring trial. What did Real Networks do? They regularly changed the pages, in what appears to any rational observer a deliberate attempt to intentionally hide the truely free version and dupe anyone looking for it into downloading the one that isn't free.
Upon installing either the free or trial versions of Real's player, it wasn't long ago that they would randomly throw popup advertising on the screen. Perhaps there was a way to disable this, but it wasn't obvious.
During the installation process, Real would demand the user to give their email address. The purpose was only to sell these addresses to marketers. The typical install, which is what most users select, would subscribe you to lots of junk. The custom/expert/advanced install would have a list of marketing partners.
Slashdot even had coverage of Real's highly deceptive tactic of using a very long list of opt-in marketing, where the ones that initially appeared in the list were all unselected.... giving the user an appearance that the default was to opt-out. But MANY more appeared below the visible portion and were only seen if the user scrolled down. All those others, not shown without scrolling, where checked by default. That's a pretty sneaky trick.
But it doesn't stop there. It's keep running in the background, even if asked not to. They had a history of sending private info back to their server, even if told not to. They have a history of grabbing file associations when they reasonably shouldn't. The list goes on and on. If there's a sneaky, deceptive tactic to be used in free downloads, Real has done it.
Maybe that's changed now. But they have left a legacy of mistrust that is very well deserved.
It also appears to be their business to impose additional restrictions that go far beyond the way they "license that content to you".
I do believe they've got every right to do that since the material belongs to them.
Apparantly you have not heard of "fair use", which was originally introduced by the supreme court and later written explicitly into the law by congress.
In a nutshell, the doctrine of fair use (which is the law), states that in some cases it is legal to copy or otherwise excersize the copyright holders exclusive rights without permission, depending on these 4 factors:
It is well established case law that recording a television program for later private, in-home viewing is a fair use. Specifically, for #1 is it non-commercial use and #4 there is virtually no impact on the potential market for the copyright holder.
As far as "most people don't care", we will see. I suspect a lot of Tivo owners are going to be upset when/if their tivo refuses to record or store some show or movie.
This exact idea... to build a sender reputation system on top of sender authentication, is already being worked upon.
Records already published by 70000+ domains, including some very important ones like aol.com.
A way to guess a default record for any domain not yet publishing, that works for most existing mail servers.
Code already under development and in beta testing for all major MTAs.
Algorithm already implemented in upcoming SpamAssassin filter, which is currently in release testing
It's an inferior attempt at authentication.
Yeah, yeah, yeah... it has crypto, so it must be strong.
Like the grandparent says, it's all a big waste of time. I'm going to delete those TXT records right now...
And replace it with a yahoo DomainKey? How are you going to do that? Oh, you're going to go download the reference implementation, compile this alpha-release source code, and run the "dknewkey" to get something like this:
Then you're going to head over head and grab this while ignoring the advisory section:
For someone highly concerned about what is and is not a waste of time (unlikely, posting to slashdot).... if you already did publish a SPF record, your best course of action is probably to just leave it there.
Certainly, Yahoo's DomainKeys is not yet to a degree of maturity to be actually used for much more than development and alpha testing.
In contrast, SPF is already protecting 70000+ domains and numerous sites are beginning to filter out forged messages pretending to be from those domains.
Very soon, SpamAssassin 3.x will be released (already on second release canidate), with SPF checking built in and turned on by default. Other anti-spam filters will follow.
From a practical point of view for the near future, choosing between installing a TXT record of the form "v=spf1..." or "k=rsa...", it's pretty clear which of these is useful today and which (unless you're a developer working on DomainKeys) is a waste of time.
Inexpensive techniques (spammer's cost) will become much less effective. Profits from spamming are likely decrease.
Virus code will be prevented from easily spoofing fake addresses, likely resulting in easier identification and cleansing (or disconnection) of infected machines.
Virus propagation speeds by email will likely be reduced when a good portion of their messages are not delivered or filtered to a junk folder.
Reduction in widespread virus infections may diminish the available pool of zombie machines that can be sold to spammers.
spammers hijack the machine of some dumb sap who's a legitimate customer of such an ISP, and send under his name
Spam or virus messages that are forced to traverse an ISPs mail server will likely be subject to rate limiting and other anti-spam / anti-virus checks before the SPF authorized MTA transmits them to their destination.
Abuse complaints will be directed to administrators whose MTAs originated their message, not a spoofed third party.
The whole exercise has been a waste of time and attention for all involved, and the sooner it's forgotten, the better.
What a negative attitude encapsulating an untrue factual assertion. To refute "a waste of time for all involved", all that is required is to show that some involved have received some benefit.
Already, many people who have implemented SPF checking have filtered out many messages with spoofed aol.com addresses.
So there. That's one clear, undisputable examples of actual people who have received benefit from SPF, even at this very early stage of adoption. There are many similar examples.
If it widely known that spammers will manage to adopt to SPF, but at increased cost and increased risk.
Whether virus code and phishing scams can adopt remains to be seen. They will have a harder time.
IBM there are no notes or emails relevant to the case from a couple high level executives who were supposedly involved in IBM's linux stratagies.
IBM doesn't want to disclose every tiny unreleased revision to every file in AIX and Dynix over the last 20 years
IBM doesn't have contact info for a bunch of people who aren't IBM employees anymore (including some SCO folks).
Comparing source code is too difficult
Too many third parties contributed to linux and IBM won't tell SCO who they were (they'll only point SCO to the changelogs).
IBM's source control software has just gotta have an easy way to extract everything SCO wants.
and tell us what we are not seeing, give us ONE SHREAD of proof that IBM has done anything wrong
Oh, I'm sorry. You asked for a fact. Well, those are in sort supply these days. But some will probably turn up eventually, if the court orders IBM to let SCO have billions more lines of IBM's code, every email every IBM programmer ever wrote or read, and photocopies of everything every one of their people has ever applied to paper using a pencil or pen. After all that, and 25000 or so man-years to go through it all, we can speculate that maybe, just maybe a fact will turn up.