But it's still cheaper and easier to use google apps
(a) No, not if you have competent IT staff, it's not and (b) should universities REALLY have email
service provided by the lowest bidder?
With respect to (b), email has been an integral part of campus communication systems for 20+ years.
It carries everything from class assignments to administrative discussions to sports chit-chat to
well, EVERYTHING else. It's a key part of the function of the university by now, and because it is,
much of what it carries needs to remain private, for varying values of "private". Outsourcing
to someone who says that they can do it cheaply -- and then of course will just cookie-cutter another
mail service instance just like all the other ones -- shows really poor judgment. Doubly so when
the chosen outsource vendor has a very, very, very long history of miserable performance on privacy issues.
Triply so when there is no reason on the table (at the moment) to believe that they'll attempt to defend
it against wholesale harvesting by government agencies. (Your own university might not either, or they might not do so very well -- but
historically, universities as a class have shown vastly more spine than Google has. And at least if they're compelled to, you have a decent chance of finding out that they have -- whereas with Google, you're likely to hear nothing.)
Incidentally, I've run email services ranging in size from "a few" to "a few million" users, and I've run some of them in academic environments -- i.e., I'm not speculating.
1. It's too open to issues: security, privacy, conflict-of-interest, reliability, etc. Everyone knows
(or should know) that Google's and Microsoft's and Yahoo's mail services are "loss leaders": they
exist only (a) to drive customers to products that make money and (b) to monetize as much private
information about users as possible. That's why it should surprise nobody that the latter two are
absolutely hideous: completely overrun by spammers years ago -- and the former muddles along
at a minimally acceptable quailty level, no better.
2. Any university that can't stand up a functional mail service really needs to evaluate its IT
capabilities. It's not hard. I know, I've done it many times. In fact, it gets easier every year
due to (a) reduction in server costs (b) improvements in open-source software (c) improvements
in load-balancing/fault-tolerance/scalability hardware and software and (d) reduction in storage costs.
To put it another way: it's only hard if you make it hard. If you do stupid things like
using Exchange, using Outlook, trying to implement mail quotas, failing to teach people how
to send links instead of files, trying to use hideously-overpriced commercial anti-spam "solutions"
that are anything but, and so on, then YES it will be hard. But if you do smart things -- like
using open source throughout, like realizing that in any email environment at most 1% of the people
will be storage hogs and it's silly to design an entire infrastructure just to deal with them, like
paying attention on mailop/postfix/courier/sendmail/dovecot/imap/etc. mailing lists, like
figuring out that basic traffic analysis will give you an awfully good first approximation to
the whitelisting you'll need -- then it's just not that difficult. Or expensive.
3. The corpus of mail generated and received by a university community has value --
monetary and otherwise -- to third parties. Therefore there exists a nonzero set of potential
buyers. Within that exists a subset who have sufficient funding and sufficient
motivation to attempt to acquire it. And within that exists another subset who will succeed.
When email is outsourced, the most cost-effective and expedient path to that goal
is to identify someone who works for the outsourced supplier and bribe or blackmail
them. If they're even modestly clueful, they'll be able to maintain full plausible
deniability. Granted, this risk exists even with university employees, but at teast
(a) they have a dog in the fight and (b) they're subject to university discipline.
Bottom line: the myth that email is hard/expensive is just that. It's really quite easy
and quite cheap, when done in-house and done properly. And while doing it in-house
doesn't guarantee privacy, security, or anything else, it's a far better bet.
The average web site is now loaded with buttons and icons whose meaning is obvious...once you know their meaning. (Look at this one, for example.) Adding still more is not forward progress.
I think it's a useful exercise for all web designers to attempt to use their sites in text-only browsers. Not only does this give at least some appreciation for the difficulties of handicapped users, but it tends to highlight problems that affect all users. It strips away all the eye candy and leaves only the skeleton of basic function -- and sometimes that function isn't very good. I'm not just talking about navigation (although that's often an issue) but communication: is it obvious INSTANTLY to someone what the site is trying to tell them? Or is the site using some cute and idiosyncratic mechanism that everyone involved thinks is great...but which leaves users with "huh?".
First, the obvious reason: as we've seen over and over and over again, spammers can make huge sums of money and then settle up pre-trial for a fraction of it. Then they can dissolve the company, move somewhere else, reincorporate, and use both the capital acquired and the lessons learned to try their hand at something even more abusive. The classic example of this is Sanford Wallace, but he's not the only one.
Second, the non-obvious reason: Facebook are spammers. But we don't see any AG going after them, because they're big and powerful, and they've wrapped themselves in the cloak of corporate respectability.
First, let's presume you're running Linux for what follows.
1. You're going to want to be familiar with both file(1) and find(1). File(1) is pretty
straightforward, but be aware that its heuristics for file type detection vary in accuracy.
If you're not find-literate, then at least get used to this construct:
find/foo/bar -name "*.jpg" -print | sort -u >/tmp/files.jpg
which will recursively search directory/foo/bar for all files suffixed ".jpg" and dump a sorted list of them into/tmp/files.jpg and this one:
find/foo/bar -type f -print | sort -u >/tmp/files.all
which will search the same directory, but will return a list of all (plain) files, that is,
things which are not directories, devices, sockets, etc., sorted and dumped into file/tmp/files.all.
(Note that the method by which find traverses filesystem trees won't yield sorted output, hence the
need to pipe these through sort.)
2. You now have (a) a list of all jpg files and (b) a list of all files. (I picked jpg arbitrarily
to illustrate the process, by the way.) You can now generate a list of all files that are NOT
jpg with this: comm -13/tmp/files.jpg/tmp/files.all >/tmp/files.all2l The point of this exercise is that you can now repeat steps 1-2 with.gif,.mpg,
etc., as you deal with each file type and reduce the remaining list to those awaiting
your attention./tmp/files.all3,/tmp/files.all4, etc. will each be smaller and eventually,
if you deal with all files,/tmp/files.allX will be zero-length. Note that not all files
have suffixes, of course -- and those without will likely be the ones requiring the most
manual effort. If you want to know which suffixes are most numerous, something like sed -e "s/.*\.//"/tmp/files.all | sort | uniq -c | sort -n will give you a rough idea.
3. Now then...you'll need some tools for dealing with each file type. The first tool
I'd use is stat(1), to check sizes for plausability. Then things like jpeginfo(1), mp3val(1),
tidy(1), will be some help, but of course you'll need to distinguish between "error message
emitted because file is corrupt" and "error message emitted because file has minor
issues...that it had BEFORE this episode". You may need to check the Ubuntu repository
for tools you don't have; you may need to do some searching on the web for "Linux tool to check PDF integrity) and similar.
4. If you have backups of any kind and can restore them, then you could try using sum(1)
to compare checksums pre- and post-incident. This is a filetype-invariant method, which
is good because it lets you skip the above...but bad because all it wll tell you is "different",
not "mildly damaged" or "horribly corrupted" or something in between.
5. I would recommend against deleting anything at this point. Instead, move it to
secondary storage, like an external drive. I don't have a specific reason for advising this,
other than "many years of experience doing partially-manual, partially-automated things like
this and a recognition that sometimes errors in the methodology...or fatigue introduced by
the tedium of executing it...lead to mistakes".
Prolific spammer Facebook allegedly implements an anti-spam mechanism?
In related news, Exxon has announced that henceforth its offshore drilling platforms will be
called "environmental enhancement modules".
Welcome to the dumbing down of the Internet, which is increasingly compromised at all levels
of software designed to cater to the stupid, the clueless, the impatient, the vapid, the illiterate,
the uneducated, the ignorant, the selfish...and not at all to those who are even modestly
intelligent, resourceful, and self-educating.
If you can understand "find/etc -type d -print" or any of its thousands of equivalents, you're
now among a tiny few who actually take some kind of interest in how things work. The vast
majority just wants to hand over their private data to spammer Mark Zuckerberg, blather away
in worthless140-character sound bites, and look at cat pictures. The Internet, for them, is
entertainment and shopping mall, because that's the height of their pitiful intellectual activity.
And the Firefox, the Ubuntu, the Gmail developers and more are enabling them, because
they lack the spines to say "no".
As someone who has been using web browsers since before some of you were born, I'd like to make a few comments on this latest foray into copying either Chrome or that spawn-of-evil, Metro.
Alright, one comment. A very brief comment.
No.
Firefox does not need its UI endlessly tweaked by a circle jerk of self-congratulatory programmers who rejoice at every spline and every pixel-level change. Firefox needs the following:
1. Bug fixes. There are a lot of them pending. Have you noticed? I have. It's not nearly as much as fun as playing with the UI, but it needs to be done. (Yes, I've helped. But I'm getting damn tired of writing extremely detailed, carefully researched bug reports that sit in the queue indefinitely.)
2. Security and privacy improvements. A substantial subset of the functionality of NoScript, AdBlock Plus, Better Privacy, Beef TACO, Disconnect, BlockSite, BugMeNot, ShareMeNot and oh yes, HTTPS Everywhere, needs to be IN THE BROWSER. Not an add-on. IN THE BROWSER. Hell, you have a budget: buy the technology if you have to, but get it in. Security and privacy are NOT add-ons, they're core functions. Make it happen.
3. Resource usage. Not everyone on this planet is wealthy enough to afford a new laptop every two years just to run a web browser. And make it possible for users to clamp memory footprint, CPU utilization, and other resources so that they don't find their web browser eating their system alive.
4. Standards compliance. I don't care if you think some of the standards suck -- I think they do too. Do it anyway.
5. Stop dumbing it down. THAT function should be in an add-on, call it "Training Wheels for Firefox".
6. If anyone suggests adding "social network" functions, please give my earnest sympathies to their surviving friends and family.
7. Respect Mah Authoritah! No automatic updates, no automatic checking for updates, nothing. (Why? Think about browser fingerprinting techniques and add-ons, and why some people really, REALLY don't want their browser to provide any clues to those who are doing DPI on the network they're connected through at the moment.)
8. Every icon in every panel needs to be set up as (a) icon only (b) text only or (c) icon and text. All of them. Because i'm getting damn tired of squinting at my 7" netbook screen trying to figure out WTF some squiggle means.
9. Get off my lawn!
10. Stop trying to out-Opera Opera, out-Chrome Chrome, and REALLY stop trying to out-IE IE. You have...had...a vision of a pretty good piece of software and somewhere around Firefox 4, you lost it. Stop. Go find it. Pick it up, dust it off, and tack it on the wall. Then pay attention to it.
I recommend taking the following steps to defend your operations against
spammer Gary Munitz:
1. Block all email to/from socialloot.com. (This might need updating if they
register additional domains to avoid blocking. A very common spammer tactic is
to use sequentially numbered domains, e.g., example01.com, example02.com,
example03.com.)
2. Firewall out 122.252.6.0/24. Make the block is bidirectional so that
nobody on your network can reach their allocation. (This will probably need
updating if they receive an additional allocation.)
3. If you run a DNSBL or RHSBL, list the domain and the network allocation. If you maintain
a list of spammer/phisher/abuser domains, add the domain.
4. If you run an ISP or similar operation, make it a policy that any user participating
in this scam will be terminated immediately. Same for mailing lists, web forums,
newsgroups, etc.
5. Do not hire anyone who has ever worked for socialloot.com. Make sure that words
spread that working for spammer Gary Munitz is toxic.
This has happened because ICANN has become a perfect example of regulatory capture: that is, the people running it are (for all practical purposes) the people that it's supposed to be regulating. Insider deals and quid pro quos are now the rule. That's what we got the.xxx TLD: nobody needed it, nobody wanted it, but there was money to be made -- primarily by extortion of non-porn sites, driven to purchase.xxx domains before someone else did by a fear-mongering campaign.
And that's why we'll get 200 or 400 or whatever more TLDs: because the registrars, not content with selling domains to spammers by the tens of millions (yes, really -- and that's probably an underestimate by an order of magnitude), want MORE money. (Why do you think GoDaddy is pushing.co as a.com alternative, as utterly ridiculous as that is?)
The solution to this is to make these new TLDs completely worthless and unusable. And we can. As soon as the list is announced, do the following:
1. If you run a DNS server: mark these TLDs as invalid/unresolvable. (You could use DNS RPZ to do this if you use a DNS that supports it, like BIND.)
2. If you run any HTTP proxies or filtes, blacklist these TLDs.
3. If you run a mail server, then block all email from or to these TLDs.
4. If you maintain a blacklist of spammer/phisher/abuser domains, add these TLDs to it.
And so on. The idea is to make them disappear from your operation's view of the Internet, just as we've collectively done in other cases -- with spammer-operated networks and similar. Except in this case, we should be able to do all this before they even go live, driving the value of a domain in any of these TLDs to zero.
Yes, I'm quite serious. The only people who want these are ICANN and their cronies. There is absolutely no obligation or need on our part to go along with this scam.
I'll go a step further: religious people aren't "people", per se. They've failed the qualifying intelligence test for classification as "homo sapiens". Accordingly, they should be treated in the same way as other inferior primates: humanely, of course, but there's no way they should be granted citizenship, suffrage or human rights.
This is, as you might guess, not a popular viewpoint (even among my fellow atheists). But before you reject it outright, or label it as flame-bait (which is NOT how it's intended), consider that religion in 2012 consist of a limited set of Bronze-age superstitions that have managed to survive -- out of a larger set, most of which didn't. As Bertrand Russell so astutely observed: "Religion is something left over from the infancy of our intelligence. It will fade away as we adopt reason and science as our guidelines." We are slowly (very slowly, unfortunately) seeing that happen -- which is an entirely good thing, as any species which does not discard religion is doomed. But it's not happening without a prolonged struggle, because of course those in positions of religious power are as reluctant to surrender their positions as those in political or economic power. We have a long way to go before eveyone on this planet who actually thinks they're a human manages to meet the criteria for truly being so.
Tenneesee legislators today decreed that the earth is flat, that it is the center
of the universe, that global warming doesn't exist and if it does, it's not caused in
large part by human activity, that humans are the only sentient species in the universe,
that one's fate is determined by the visible alignment of stars/planets/solar flares/etc.
at the moment of one's birth, that the shape of bumps on one's head determines character
and intelligence, that witches/demons/robot overlords/etc. are real and must be hunted,
that vaccines cause cancer/herpes/autism/bad breath, that the entire history of the world
is the consequences of the actions of rich white Christian people (who, out of all the "chosen"
people are actually the only really "chosen" ones), and that their one god...I mean tripartite god...no,
I mean one god with three...okay, I'll get back to you on that one.
Proportional fonts mangle the formatting of things like tab-separated tables, and any competent 'nix person
deals with those all day long. They thus cause the loss of semantic content, because the alignment of the
fields in those tables is important. Moreover, the display choice of type for those of us who work remotely
is a pseudo tty, which is unlikely to support them. As someone trained in typography, I recognize that
proportional fonts have a slight readability advantage, but judicious choice of monospace font compensates
for most of that.
HTML email is, as I said, used exclusively by spammers and ignorant newbies. HTML email bloats messages,
often by factor of several times -- and you're wrong about storage and bandwidth being plentiful, when you're
on a bandwidth-constrained data plan from one of the members of the telco cartel, it's not. And when you're
trying to walk around with an email archive for refererence -- say, the last five years of the NANOG list --
the storage becomes a factor too. Worse, the HTML markup inserted by mail clients is TERRIBLE --
have you actually looked at it or run it through "tidy" to check for standards compliance? It's not uncommon
for it to contain multiple errors per line. It's absolute crap, that any sensible person should be horribly
embarrassed to send. HTML markup also makes it possible -- as anyone possessing minimal security
competence well knows -- to embed all kinds of exploits directed at the parser. (See "web bugs", as they're
sometimes called, for example.) And speaking of HTML parsers, errors in those lead to rendering differences
and errors because of differences between the ones used by the senders and the ones used by recipients.
There's a reason all the mailing lists where the people who built and run the Internet gather forbid HTML
email: it's because these elite professionals know that text is vastly more functional, effcient, portable,
scalable, and usable.
I once proposed that anyone who top-posted or full-quoted should lose a finger every time they did so. I believe that the overall quailty of mail traffic, particularly on large mailing lists, would be markedly improved in short order.
Regrettably, the RFC didn't find traction within the IETF. Pity.
Strongly seconded. Mutt is my mail client of choice -- and I've used quite a few over the decades that I've been online.
Mutt also:
- plays nice with tools like fetchmail, procmail and grepmail
- lets me use MY editor-of-choice (vi, of course)
- runs beautifully over low-bandwidth connections
- does not fill up my screen with pretty-but-useless crap
- allows me to define key bindings and macros to my taste
- I can use color-coding (when on a color-supporting tty) to highlight
things like URLs, email addresses, etc.
- it does NOT parse HTML (HTML email is used exclusively by two
groups of people: (1) spammers and (2) ignorant newbies who don't know any better.)
- it handles MIME sanely -- and has a nifty feature that lets you delete individual
MIME attachments, which is very handy on occasion. Adding attachments is
also quite easy.
- it supports multiple mailbox formats, it supports POP and IMAP
- it's highly resistant to attacks by design AND implementation
Actually, there was a LOT available by the mid-80's. The ARPAnet, CSnet, and Usenet were all going strong. There were mailing lists and newsgroups for interaction, there were UUCP and FTP for file transfer (therefore there were archives of all kinds of thing, including open source code), and there were growing communities at research institutions, universities, and corporations. Granted, speeds were severely limited once you moved off a LAN, email addressing was sometimes a nightmare, and DNS was pretty new, but it all worked amazingly well.
There were also cultural differences: it was easy to each anyone, because system/network admins were hidden behind layers of bureaucracy, and because they were actually focused on making things work. And abuse was just about nonexistent: spammers and such were VERY quickly removed, with prejudice, because everyone recognized that their responsibility to the entire network made that a priority. (Today? Too many clueless newbie admins working for places that only care about profit -- and don't give a damn about being responsible, professional network neighbors.)
Those of us who have spent the past few decades in the trenches dealing with spam know that this -- at very best -- wishful thinking. The long-term trend line is up, with the only real debate being over the shape of the curve. Momentary decreases, such as the one reported here, are either (a) an artifact of the measurement methodology -- and many methodologies are horribly flawed or (b) real, but unimportant.
Low-end spammers are now fully integrated with malware authors, botnet operators, phishers, purveyors of illicit/illegal content, data brokers, and carders. High-end spammers are now quite successful at assuming the mantle of "respectable corporations" while continuing to do what they've always done. In both cases, the profits are huge, more than enough to encourage them to continue in fact of the largely-insignificant threat of prosecution. (Only the stupid ones get caught, and there is some evidence which suggests that they're being caught because their fellow spammers set them up.)
Have their been some temporary, isolated successes in fight against spam? Sure. But the key words are "temporary" and "isolated". As others with long experience in the field have said, we're only at the beginning of the spam fight, and it's going to get MUCH worse: there are known techniques that spammers have only just begun exploiting, and when they become pervasive, they're going to break every anti-spam methodology currently deployed. (Which is kinda the reason they were developed.)
When will this happen? Dunno. Crystal ball cloudy. But when it does, it's going to catch the ignorant newbies and incompetent amateurs at a number of commercial "anti-spam" operations completely by surprise, because they're too busy selling overpriced, worthless crap to actually do this thing we call "research", where, you know, you LEARN things about your adversary so that you can actually have a decent chance of anticipating their next move instead of getting blindsided by it. To put it another way: if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises. If you've made the horrible mistake of outsourcing to the chumps out there who are in it for a quick buck, then you're going to be really screwed.
I strongly disagree. There has never been any need for.info and there is no need for it now. Domains in other TLDs are quite affordable -- provided you only want a few, of course, which is all that any responsible entity needs. Now if you want thousands, it's not -- but in that case, you're an abuser and I don't really care what you think. As for it not being in the USA, please...spare me. If the USG wants to confiscate.info domains, it will. You will not stop it. And as for your so-called "onerous qualifications", I've registered domains in.com,.net and.org over the past two decades with no trouble at all -- there was nothing at all "onerous" about the process.
I'm sure that "domaineers" don't like this, but domaineers are filthy, greedy parasites who should be banned from the Internet for life: they're the allies of spammers and the best customers of corrupt registrars.
It's not a just a perception that.info has been overrun by spammers, it's a measurement. I've been working in this area for a very long time, and have done extensive number-crunching at the scale of "tens of millions of domains". It's certainly true that there are non-spammer-owned.info domains, but it's also true that spammers buy them BY THE THOUSANDS. (Registrars approve of this, of course; bulk customers are terrific for them. Even better: repeat bulk customers, because spammers who burn through all those domains will be back for more.) Of course, without inventorying all.info domains, I can't give an exact percentage; but based on what I've seen, it looks to me like 97-99% of.info domains are owned by abusers. And whether the "true" number is 98.2 or 99.3 or whatever, it doesn't really matter in a practical sense: blacklisting.info in toto and making exceptions is extremely effective.
ICANN has been rolling out TLDs in order to profit its core constituency: the registrars.
Nobody needed.xxx -- except the registrar who pushed it and is now using extortion
tactics to pressure people into buying domains in it, e.g. "get yours...before someone
else does".
Nobody needed.info -- what, domains in other TLDs don't contain "information"?
(Well...alright...spammers needed it, and quickly overran it. It's been a best practice
in anti-spam engineering to block *.info and whitelist what you need for many years.)
But registrars stood to profit, especially from the spammers buying domains by the
thousands, so it was created.
Nobody needed.biz -- because we already had.com. But it was a chance to sell
the same thing twice, always a great business opportunity for registrars, so ICANN
made it happen.
And nobody needs hundreds of additional TLDs, either. There is no clamor of
voices among the billion people on the Internet for.pepsi or.google or.dell.
It's not an exaggeration to say that the majority of domains in existence today
are used for abusive purposes: spam, phishing, typosquatting, search engine
manipulation, etc. Yet ICANN wants to do whatever it can to explode the number,
to keep the cash registers ringing at the registrars.
What ICANN could be doing -- but isn't -- is to reign in the epidemic abuses.
There are registrars that are owned by known spammers, for example. Another
thing it could be tackling are domain confiscations (by the USG) without due
process: ICANN can and should push back hard against that. But none of
this will happen: ICANN is corrupt to the bone, a textbook example of
regulatory capture, therefore it will do whatever maximizes the profits
of its masters.
It's just that it wasn't called "the Internet", and that in part was because it
was composed of disparate but interconnecting pieces. By 1983, Usenet/UUCPnet
had about 500 nodes; the next year it had doubled to around 1000. CSnet was a couple
of years old and was growing. Same for BITNET. And of course the ARPAnet was
still expanding.
There was no web, of course, but the web isn't the Internet. And a lot of people didn't
use computers to access it -- they used terminals, connected to computers via serial
lines or phone lines. But it was growing quickly, it was used heavily by folks in academia
and research, and a lot of experiments/projects were underway.
Granted, the "club" was limited: you either had to work in the right places, or be a student
there. But it was already large and growing. (And one of the ironies that often strikes
me is that it was quite routine for Unix users to edit with vi, format documents with troff,
read mail with Berkeley mail, and issue remote execution/file retrieval requests...all at
the commad line. And I don't mean CS types: I mean everyone from undergraduates
to the secretarial staff. A lot of them were very fast and efficient with those tools.
Compare/contrast with today. This moment of rose-colored geezer reflection brought to
by the letters V, A and X and the number 780.)
...keep in mind that those you work for would cut you loose without a second
though if it were convenient for them do so. You owe them no loyalty whatsoever:
that's why it's called a "job", you're only obligated to do what you do as long as you're
being paid for it, and that obligation ceases instantly when you're not. (If you think
that their perceived obligation to you will last one nanosecond longer, then you are
foolish and naive.)
So while you hold the job, you should do the best that you can to document and
to explain. Of course, if you're being replaced by an idiot, no amount of documentation
and explanation will suffice: stupid people are, well, stupid. But presuming that your
replacement has at least minimally acceptable level intelligence, it shouldn't be
all that difficult for them to transition into your role.
Despite all of this, however, you WILL be blamed when something goes wrong
because that's a natural human tendency: people who do not think through
cause-and-effect relationships leap to conclusions, and this particular one is
especially tempting. It's really not worth going through the effort to refute it;
doubly so if your replacement reinforces the idea. (I'm STILL being blamed
for the failure of a subsequent admin to read a very-well documented shell
script that was specifically and extensively covered during my last handoff,
despite the fact that I handed this person a piece of paper with that script
mentioned by name, in bold 18-point type, in the first 3 minutes of our
first meeting. *shrug* There's nothing I can do when faced with such an
alarmingly low level of comprehension.)
Trying to be a douche about it with DRM and spyware is simply going to
cause someone, somewhere, to crack your product and rip out the spyware code.
You will waste a lot of money and time playing this game, and you will never win.
Instead, learn from those who have figured out that if someone's pirating your program,
that someone is a possible customer. WHY didn't they buy it? Was it too expensive?
Was it not available? What was their reason?
Go find out. Go ask them. Use this as a market research exercise and figure out
what you're doing wrong -- because you ARE doing something wrong.
And then fix it. Maybe the fix is a free "only some of the features" version.
Maybe the fix is "100 free copies to people who are working for nonprofits
and doing good things for the world". Maybe the fix is...something else that
you and I can't even imagine yet. But if you fix it, you will turn some of those
pirates into customers, you will build good will, you will find OTHER customers,
and you will avoid falling into the every-pirated-copy-is-a-lost-sale fallacy that
has crippled so many companies.
This won't stop the piracy, of course. Nor is it intended to. You'll just have
to accept that it CANNOT be stopped no matter what you do. But since it's
inevitable, you should figure out how to profit from it. Others have.
Slashdot Mirror
Given the rousing success of .mail, which immediately succeeded in reducing spam to a...oh...wait...
.pro, which is used exclusively by millions of professionals and...oh...umm...
.secure domain? Everyone knows they're secure.
And then there's
Alright, never mind that. Of course it will be secure, because a well-known security company is on the job and...oh...errrrmm... Verisign, Pillar of Internet Security, Hacked...
Doesn't matter. I'm certain it will work perfectly. I mean, really, what blackhat would target a
But it's still cheaper and easier to use google apps
(a) No, not if you have competent IT staff, it's not and (b) should universities REALLY have email service provided by the lowest bidder?
With respect to (b), email has been an integral part of campus communication systems for 20+ years. It carries everything from class assignments to administrative discussions to sports chit-chat to well, EVERYTHING else. It's a key part of the function of the university by now, and because it is, much of what it carries needs to remain private, for varying values of "private". Outsourcing to someone who says that they can do it cheaply -- and then of course will just cookie-cutter another mail service instance just like all the other ones -- shows really poor judgment. Doubly so when the chosen outsource vendor has a very, very, very long history of miserable performance on privacy issues. Triply so when there is no reason on the table (at the moment) to believe that they'll attempt to defend it against wholesale harvesting by government agencies. (Your own university might not either, or they might not do so very well -- but historically, universities as a class have shown vastly more spine than Google has. And at least if they're compelled to, you have a decent chance of finding out that they have -- whereas with Google, you're likely to hear nothing.)
Incidentally, I've run email services ranging in size from "a few" to "a few million" users, and I've run some of them in academic environments -- i.e., I'm not speculating.
1. It's too open to issues: security, privacy, conflict-of-interest, reliability, etc. Everyone knows (or should know) that Google's and Microsoft's and Yahoo's mail services are "loss leaders": they exist only (a) to drive customers to products that make money and (b) to monetize as much private information about users as possible. That's why it should surprise nobody that the latter two are absolutely hideous: completely overrun by spammers years ago -- and the former muddles along at a minimally acceptable quailty level, no better.
2. Any university that can't stand up a functional mail service really needs to evaluate its IT capabilities. It's not hard. I know, I've done it many times. In fact, it gets easier every year due to (a) reduction in server costs (b) improvements in open-source software (c) improvements in load-balancing/fault-tolerance/scalability hardware and software and (d) reduction in storage costs. To put it another way: it's only hard if you make it hard. If you do stupid things like using Exchange, using Outlook, trying to implement mail quotas, failing to teach people how to send links instead of files, trying to use hideously-overpriced commercial anti-spam "solutions" that are anything but, and so on, then YES it will be hard. But if you do smart things -- like using open source throughout, like realizing that in any email environment at most 1% of the people will be storage hogs and it's silly to design an entire infrastructure just to deal with them, like paying attention on mailop/postfix/courier/sendmail/dovecot/imap/etc. mailing lists, like figuring out that basic traffic analysis will give you an awfully good first approximation to the whitelisting you'll need -- then it's just not that difficult. Or expensive.
3. The corpus of mail generated and received by a university community has value -- monetary and otherwise -- to third parties. Therefore there exists a nonzero set of potential buyers. Within that exists a subset who have sufficient funding and sufficient motivation to attempt to acquire it. And within that exists another subset who will succeed. When email is outsourced, the most cost-effective and expedient path to that goal is to identify someone who works for the outsourced supplier and bribe or blackmail them. If they're even modestly clueful, they'll be able to maintain full plausible deniability. Granted, this risk exists even with university employees, but at teast (a) they have a dog in the fight and (b) they're subject to university discipline.
Bottom line: the myth that email is hard/expensive is just that. It's really quite easy and quite cheap, when done in-house and done properly. And while doing it in-house doesn't guarantee privacy, security, or anything else, it's a far better bet.
The average web site is now loaded with buttons and icons whose meaning is obvious...once you know their meaning. (Look at this one, for example.) Adding still more is not forward progress.
I think it's a useful exercise for all web designers to attempt to use their sites in text-only browsers. Not only does this give at least some appreciation for the difficulties of handicapped users, but it tends to highlight problems that affect all users. It strips away all the eye candy and leaves only the skeleton of basic function -- and sometimes that function isn't very good. I'm not just talking about navigation (although that's often an issue) but communication: is it obvious INSTANTLY to someone what the site is trying to tell them? Or is the site using some cute and idiosyncratic mechanism that everyone involved thinks is great...but which leaves users with "huh?".
First, the obvious reason: as we've seen over and over and over again, spammers can make huge sums of money and then settle up pre-trial for a fraction of it. Then they can dissolve the company, move somewhere else, reincorporate, and use both the capital acquired and the lessons learned to try their hand at something even more abusive. The classic example of this is Sanford Wallace, but he's not the only one.
Second, the non-obvious reason: Facebook are spammers. But we don't see any AG going after them, because they're big and powerful, and they've wrapped themselves in the cloak of corporate respectability.
First, let's presume you're running Linux for what follows.
/foo/bar -name "*.jpg" -print | sort -u > /tmp/files.jpg
/foo/bar for all files suffixed ".jpg" and dump a sorted list of them into /tmp/files.jpg and this one:
/foo/bar -type f -print | sort -u > /tmp/files.all
/tmp/files.all.
(Note that the method by which find traverses filesystem trees won't yield sorted output, hence the
need to pipe these through sort.)
/tmp/files.jpg /tmp/files.all > /tmp/files.all2l
.gif, .mpg,
etc., as you deal with each file type and reduce the remaining list to those awaiting
your attention. /tmp/files.all3, /tmp/files.all4, etc. will each be smaller and eventually,
if you deal with all files, /tmp/files.allX will be zero-length. Note that not all files
have suffixes, of course -- and those without will likely be the ones requiring the most
manual effort. If you want to know which suffixes are most numerous, something like /tmp/files.all | sort | uniq -c | sort -n
1. You're going to want to be familiar with both file(1) and find(1). File(1) is pretty straightforward, but be aware that its heuristics for file type detection vary in accuracy. If you're not find-literate, then at least get used to this construct:
find
which will recursively search directory
find
which will search the same directory, but will return a list of all (plain) files, that is, things which are not directories, devices, sockets, etc., sorted and dumped into file
2. You now have (a) a list of all jpg files and (b) a list of all files. (I picked jpg arbitrarily to illustrate the process, by the way.) You can now generate a list of all files that are NOT jpg with this:
comm -13
The point of this exercise is that you can now repeat steps 1-2 with
sed -e "s/.*\.//"
will give you a rough idea.
3. Now then...you'll need some tools for dealing with each file type. The first tool I'd use is stat(1), to check sizes for plausability. Then things like jpeginfo(1), mp3val(1), tidy(1), will be some help, but of course you'll need to distinguish between "error message emitted because file is corrupt" and "error message emitted because file has minor issues...that it had BEFORE this episode". You may need to check the Ubuntu repository for tools you don't have; you may need to do some searching on the web for "Linux tool to check PDF integrity) and similar.
4. If you have backups of any kind and can restore them, then you could try using sum(1) to compare checksums pre- and post-incident. This is a filetype-invariant method, which is good because it lets you skip the above...but bad because all it wll tell you is "different", not "mildly damaged" or "horribly corrupted" or something in between.
5. I would recommend against deleting anything at this point. Instead, move it to secondary storage, like an external drive. I don't have a specific reason for advising this, other than "many years of experience doing partially-manual, partially-automated things like this and a recognition that sometimes errors in the methodology...or fatigue introduced by the tedium of executing it...lead to mistakes".
6. Good luck.
Prolific spammer Facebook allegedly implements an anti-spam mechanism? In related news, Exxon has announced that henceforth its offshore drilling platforms will be called "environmental enhancement modules".
Welcommmmmmme to the machine.
/etc -type d -print" or any of its thousands of equivalents, you're
now among a tiny few who actually take some kind of interest in how things work. The vast
majority just wants to hand over their private data to spammer Mark Zuckerberg, blather away
in worthless140-character sound bites, and look at cat pictures. The Internet, for them, is
entertainment and shopping mall, because that's the height of their pitiful intellectual activity.
No, wait, wrong reference.
Welcome to the dumbing down of the Internet, which is increasingly compromised at all levels of software designed to cater to the stupid, the clueless, the impatient, the vapid, the illiterate, the uneducated, the ignorant, the selfish...and not at all to those who are even modestly intelligent, resourceful, and self-educating.
If you can understand "find
And the Firefox, the Ubuntu, the Gmail developers and more are enabling them, because they lack the spines to say "no".
As someone who has been using web browsers since before some of you were born, I'd like to make a few comments on this latest foray into copying either Chrome or that spawn-of-evil, Metro.
Alright, one comment. A very brief comment.
No.
Firefox does not need its UI endlessly tweaked by a circle jerk of self-congratulatory programmers who rejoice at every spline and every pixel-level change. Firefox needs the following:
1. Bug fixes. There are a lot of them pending. Have you noticed? I have. It's not nearly as much as fun as playing with the UI, but it needs to be done. (Yes, I've helped. But I'm getting damn tired of writing extremely detailed, carefully researched bug reports that sit in the queue indefinitely.)
2. Security and privacy improvements. A substantial subset of the functionality of NoScript, AdBlock Plus, Better Privacy, Beef TACO, Disconnect, BlockSite, BugMeNot, ShareMeNot and oh yes, HTTPS Everywhere, needs to be IN THE BROWSER. Not an add-on. IN THE BROWSER. Hell, you have a budget: buy the technology if you have to, but get it in. Security and privacy are NOT add-ons, they're core functions. Make it happen.
3. Resource usage. Not everyone on this planet is wealthy enough to afford a new laptop every two years just to run a web browser. And make it possible for users to clamp memory footprint, CPU utilization, and other resources so that they don't find their web browser eating their system alive.
4. Standards compliance. I don't care if you think some of the standards suck -- I think they do too. Do it anyway.
5. Stop dumbing it down. THAT function should be in an add-on, call it "Training Wheels for Firefox".
6. If anyone suggests adding "social network" functions, please give my earnest sympathies to their surviving friends and family.
7. Respect Mah Authoritah! No automatic updates, no automatic checking for updates, nothing. (Why? Think about browser fingerprinting techniques and add-ons, and why some people really, REALLY don't want their browser to provide any clues to those who are doing DPI on the network they're connected through at the moment.)
8. Every icon in every panel needs to be set up as (a) icon only (b) text only or (c) icon and text. All of them. Because i'm getting damn tired of squinting at my 7" netbook screen trying to figure out WTF some squiggle means.
9. Get off my lawn!
10. Stop trying to out-Opera Opera, out-Chrome Chrome, and REALLY stop trying to out-IE IE. You have...had...a vision of a pretty good piece of software and somewhere around Firefox 4, you lost it. Stop. Go find it. Pick it up, dust it off, and tack it on the wall. Then pay attention to it.
I recommend taking the following steps to defend your operations against spammer Gary Munitz:
1. Block all email to/from socialloot.com. (This might need updating if they register additional domains to avoid blocking. A very common spammer tactic is to use sequentially numbered domains, e.g., example01.com, example02.com, example03.com.)
2. Firewall out 122.252.6.0/24. Make the block is bidirectional so that nobody on your network can reach their allocation. (This will probably need updating if they receive an additional allocation.)
3. If you run a DNSBL or RHSBL, list the domain and the network allocation. If you maintain a list of spammer/phisher/abuser domains, add the domain.
4. If you run an ISP or similar operation, make it a policy that any user participating in this scam will be terminated immediately. Same for mailing lists, web forums, newsgroups, etc.
5. Do not hire anyone who has ever worked for socialloot.com. Make sure that words spread that working for spammer Gary Munitz is toxic.
This has happened because ICANN has become a perfect example of regulatory capture: that is, the people running it are (for all practical purposes) the people that it's supposed to be regulating. Insider deals and quid pro quos are now the rule. That's what we got the .xxx TLD: nobody needed it, nobody wanted it, but there was money to be made -- primarily by extortion of non-porn sites, driven to purchase .xxx domains before someone else did by a fear-mongering campaign.
.co as a .com alternative, as utterly ridiculous as that is?)
And that's why we'll get 200 or 400 or whatever more TLDs: because the registrars, not content with selling domains to spammers by the tens of millions (yes, really -- and that's probably an underestimate by an order of magnitude), want MORE money. (Why do you think GoDaddy is pushing
The solution to this is to make these new TLDs completely worthless and unusable. And we can. As soon as the list is announced, do the following:
1. If you run a DNS server: mark these TLDs as invalid/unresolvable. (You could use DNS RPZ to do this if you use a DNS that supports it, like BIND.)
2. If you run any HTTP proxies or filtes, blacklist these TLDs.
3. If you run a mail server, then block all email from or to these TLDs.
4. If you maintain a blacklist of spammer/phisher/abuser domains, add these TLDs to it.
And so on. The idea is to make them disappear from your operation's view of the Internet, just as we've collectively done in other cases -- with spammer-operated networks and similar. Except in this case, we should be able to do all this before they even go live, driving the value of a domain in any of these TLDs to zero.
Yes, I'm quite serious. The only people who want these are ICANN and their cronies. There is absolutely no obligation or need on our part to go along with this scam.
I'll go a step further: religious people aren't "people", per se. They've failed the qualifying intelligence test for classification as "homo sapiens". Accordingly, they should be treated in the same way as other inferior primates: humanely, of course, but there's no way they should be granted citizenship, suffrage or human rights.
This is, as you might guess, not a popular viewpoint (even among my fellow atheists). But before you reject it outright, or label it as flame-bait (which is NOT how it's intended), consider that religion in 2012 consist of a limited set of Bronze-age superstitions that have managed to survive -- out of a larger set, most of which didn't. As Bertrand Russell so astutely observed: "Religion is something left over from the infancy of our intelligence. It will fade away as we adopt reason and science as our guidelines." We are slowly (very slowly, unfortunately) seeing that happen -- which is an entirely good thing, as any species which does not discard religion is doomed. But it's not happening without a prolonged struggle, because of course those in positions of religious power are as reluctant to surrender their positions as those in political or economic power. We have a long way to go before eveyone on this planet who actually thinks they're a human manages to meet the criteria for truly being so.
Tenneesee legislators today decreed that the earth is flat, that it is the center of the universe, that global warming doesn't exist and if it does, it's not caused in large part by human activity, that humans are the only sentient species in the universe, that one's fate is determined by the visible alignment of stars/planets/solar flares/etc. at the moment of one's birth, that the shape of bumps on one's head determines character and intelligence, that witches/demons/robot overlords/etc. are real and must be hunted, that vaccines cause cancer/herpes/autism/bad breath, that the entire history of the world is the consequences of the actions of rich white Christian people (who, out of all the "chosen" people are actually the only really "chosen" ones), and that their one god...I mean tripartite god...no, I mean one god with three...okay, I'll get back to you on that one.
Two separate issues: proportional fonts and HTML.
Proportional fonts mangle the formatting of things like tab-separated tables, and any competent 'nix person deals with those all day long. They thus cause the loss of semantic content, because the alignment of the fields in those tables is important. Moreover, the display choice of type for those of us who work remotely is a pseudo tty, which is unlikely to support them. As someone trained in typography, I recognize that proportional fonts have a slight readability advantage, but judicious choice of monospace font compensates for most of that.
HTML email is, as I said, used exclusively by spammers and ignorant newbies. HTML email bloats messages, often by factor of several times -- and you're wrong about storage and bandwidth being plentiful, when you're on a bandwidth-constrained data plan from one of the members of the telco cartel, it's not. And when you're trying to walk around with an email archive for refererence -- say, the last five years of the NANOG list -- the storage becomes a factor too. Worse, the HTML markup inserted by mail clients is TERRIBLE -- have you actually looked at it or run it through "tidy" to check for standards compliance? It's not uncommon for it to contain multiple errors per line. It's absolute crap, that any sensible person should be horribly embarrassed to send. HTML markup also makes it possible -- as anyone possessing minimal security competence well knows -- to embed all kinds of exploits directed at the parser. (See "web bugs", as they're sometimes called, for example.) And speaking of HTML parsers, errors in those lead to rendering differences and errors because of differences between the ones used by the senders and the ones used by recipients.
There's a reason all the mailing lists where the people who built and run the Internet gather forbid HTML email: it's because these elite professionals know that text is vastly more functional, effcient, portable, scalable, and usable.
"Any serious email user who doesn't top-post."
I once proposed that anyone who top-posted or full-quoted should lose a finger every time they did so. I believe that the overall quailty of mail traffic, particularly on large mailing lists, would be markedly improved in short order.
Regrettably, the RFC didn't find traction within the IETF. Pity.
Strongly seconded. Mutt is my mail client of choice -- and I've used quite a few over the decades that I've been online.
Mutt also:
- plays nice with tools like fetchmail, procmail and grepmail
- lets me use MY editor-of-choice (vi, of course)
- runs beautifully over low-bandwidth connections
- does not fill up my screen with pretty-but-useless crap
- allows me to define key bindings and macros to my taste
- I can use color-coding (when on a color-supporting tty) to highlight things like URLs, email addresses, etc.
- it does NOT parse HTML (HTML email is used exclusively by two groups of people: (1) spammers and (2) ignorant newbies who don't know any better.)
- it handles MIME sanely -- and has a nifty feature that lets you delete individual MIME attachments, which is very handy on occasion. Adding attachments is also quite easy.
- it supports multiple mailbox formats, it supports POP and IMAP
- it's highly resistant to attacks by design AND implementation
And so on.
Actually, there was a LOT available by the mid-80's. The ARPAnet, CSnet, and Usenet were all going strong. There were mailing lists and newsgroups for interaction, there were UUCP and FTP for file transfer (therefore there were archives of all kinds of thing, including open source code), and there were growing communities at research institutions, universities, and corporations. Granted, speeds were severely limited once you moved off a LAN, email addressing was sometimes a nightmare, and DNS was pretty new, but it all worked amazingly well.
There were also cultural differences: it was easy to each anyone, because system/network admins were hidden behind layers of bureaucracy, and because they were actually focused on making things work. And abuse was just about nonexistent: spammers and such were VERY quickly removed, with prejudice, because everyone recognized that their responsibility to the entire network made that a priority. (Today? Too many clueless newbie admins working for places that only care about profit -- and don't give a damn about being responsible, professional network neighbors.)
Those of us who have spent the past few decades in the trenches dealing with spam know that this -- at very best -- wishful thinking. The long-term trend line is up, with the only real debate being over the shape of the curve. Momentary decreases, such as the one reported here, are either (a) an artifact of the measurement methodology -- and many methodologies are horribly flawed or (b) real, but unimportant.
Low-end spammers are now fully integrated with malware authors, botnet operators, phishers, purveyors of illicit/illegal content, data brokers, and carders. High-end spammers are now quite successful at assuming the mantle of "respectable corporations" while continuing to do what they've always done. In both cases, the profits are huge, more than enough to encourage them to continue in fact of the largely-insignificant threat of prosecution. (Only the stupid ones get caught, and there is some evidence which suggests that they're being caught because their fellow spammers set them up.)
Have their been some temporary, isolated successes in fight against spam? Sure. But the key words are "temporary" and "isolated". As others with long experience in the field have said, we're only at the beginning of the spam fight, and it's going to get MUCH worse: there are known techniques that spammers have only just begun exploiting, and when they become pervasive, they're going to break every anti-spam methodology currently deployed. (Which is kinda the reason they were developed.)
When will this happen? Dunno. Crystal ball cloudy. But when it does, it's going to catch the ignorant newbies and incompetent amateurs at a number of commercial "anti-spam" operations completely by surprise, because they're too busy selling overpriced, worthless crap to actually do this thing we call "research", where, you know, you LEARN things about your adversary so that you can actually have a decent chance of anticipating their next move instead of getting blindsided by it. To put it another way: if you're running your own anti-spam setup using a combination of firewalls, 'nix, open-source MTA, DNSBLs, etc. then you're in a decent position to adapt quickly when the need arises. If you've made the horrible mistake of outsourcing to the chumps out there who are in it for a quick buck, then you're going to be really screwed.
...and playing "Too Rolling Stoned" all the way through.
Rock on, Jim...rock on.
I strongly disagree. There has never been any need for .info and there is no need for it now. Domains in other TLDs are quite affordable -- provided you only want a few, of course, which is all that any responsible entity needs. Now if you want thousands, it's not -- but in that case, you're an abuser and I don't really care what you think. As for it not being in the USA, please...spare me. If the USG wants to confiscate .info domains, it will. You will not stop it. And as for your so-called "onerous qualifications", I've registered domains in .com, .net and .org over the past two decades with no trouble at all -- there was nothing at all "onerous" about the process.
I'm sure that "domaineers" don't like this, but domaineers are filthy, greedy parasites who should be banned from the Internet for life: they're the allies of spammers and the best customers of corrupt registrars.
It's not a just a perception that .info has been overrun by spammers, it's a measurement. I've been working in this area for a very long time, and have done extensive number-crunching at the scale of "tens of millions of domains". It's certainly true that there are non-spammer-owned .info domains, but it's also true that spammers buy them BY THE THOUSANDS. (Registrars approve of this, of course; bulk customers are terrific for them. Even better: repeat bulk customers, because spammers who burn through all those domains will be back for more.) Of course, without inventorying all .info domains, I can't give an exact percentage; but based on what I've seen, it looks to me like 97-99% of .info domains are owned by abusers. And whether the "true" number is 98.2 or 99.3 or whatever, it doesn't really matter in a practical sense: blacklisting .info in toto and making exceptions is extremely effective.
ICANN has been rolling out TLDs in order to profit its core constituency: the registrars.
.xxx -- except the registrar who pushed it and is now using extortion
tactics to pressure people into buying domains in it, e.g. "get yours...before someone
else does".
.info -- what, domains in other TLDs don't contain "information"?
(Well...alright...spammers needed it, and quickly overran it. It's been a best practice
in anti-spam engineering to block *.info and whitelist what you need for many years.)
But registrars stood to profit, especially from the spammers buying domains by the
thousands, so it was created.
.biz -- because we already had .com. But it was a chance to sell
the same thing twice, always a great business opportunity for registrars, so ICANN
made it happen.
.pepsi or .google or .dell.
Nobody needed
Nobody needed
Nobody needed
And nobody needs hundreds of additional TLDs, either. There is no clamor of voices among the billion people on the Internet for
It's not an exaggeration to say that the majority of domains in existence today are used for abusive purposes: spam, phishing, typosquatting, search engine manipulation, etc. Yet ICANN wants to do whatever it can to explode the number, to keep the cash registers ringing at the registrars.
What ICANN could be doing -- but isn't -- is to reign in the epidemic abuses. There are registrars that are owned by known spammers, for example. Another thing it could be tackling are domain confiscations (by the USG) without due process: ICANN can and should push back hard against that. But none of this will happen: ICANN is corrupt to the bone, a textbook example of regulatory capture, therefore it will do whatever maximizes the profits of its masters.
It's just that it wasn't called "the Internet", and that in part was because it was composed of disparate but interconnecting pieces. By 1983, Usenet/UUCPnet had about 500 nodes; the next year it had doubled to around 1000. CSnet was a couple of years old and was growing. Same for BITNET. And of course the ARPAnet was still expanding.
There was no web, of course, but the web isn't the Internet. And a lot of people didn't use computers to access it -- they used terminals, connected to computers via serial lines or phone lines. But it was growing quickly, it was used heavily by folks in academia and research, and a lot of experiments/projects were underway.
Granted, the "club" was limited: you either had to work in the right places, or be a student there. But it was already large and growing. (And one of the ironies that often strikes me is that it was quite routine for Unix users to edit with vi, format documents with troff, read mail with Berkeley mail, and issue remote execution/file retrieval requests...all at the commad line. And I don't mean CS types: I mean everyone from undergraduates to the secretarial staff. A lot of them were very fast and efficient with those tools. Compare/contrast with today. This moment of rose-colored geezer reflection brought to by the letters V, A and X and the number 780.)
...keep in mind that those you work for would cut you loose without a second though if it were convenient for them do so. You owe them no loyalty whatsoever: that's why it's called a "job", you're only obligated to do what you do as long as you're being paid for it, and that obligation ceases instantly when you're not. (If you think that their perceived obligation to you will last one nanosecond longer, then you are foolish and naive.)
So while you hold the job, you should do the best that you can to document and to explain. Of course, if you're being replaced by an idiot, no amount of documentation and explanation will suffice: stupid people are, well, stupid. But presuming that your replacement has at least minimally acceptable level intelligence, it shouldn't be all that difficult for them to transition into your role.
Despite all of this, however, you WILL be blamed when something goes wrong because that's a natural human tendency: people who do not think through cause-and-effect relationships leap to conclusions, and this particular one is especially tempting. It's really not worth going through the effort to refute it; doubly so if your replacement reinforces the idea. (I'm STILL being blamed for the failure of a subsequent admin to read a very-well documented shell script that was specifically and extensively covered during my last handoff, despite the fact that I handed this person a piece of paper with that script mentioned by name, in bold 18-point type, in the first 3 minutes of our first meeting. *shrug* There's nothing I can do when faced with such an alarmingly low level of comprehension.)
Trying to be a douche about it with DRM and spyware is simply going to cause someone, somewhere, to crack your product and rip out the spyware code. You will waste a lot of money and time playing this game, and you will never win.
Instead, learn from those who have figured out that if someone's pirating your program, that someone is a possible customer. WHY didn't they buy it? Was it too expensive? Was it not available? What was their reason?
Go find out. Go ask them. Use this as a market research exercise and figure out what you're doing wrong -- because you ARE doing something wrong.
And then fix it. Maybe the fix is a free "only some of the features" version. Maybe the fix is "100 free copies to people who are working for nonprofits and doing good things for the world". Maybe the fix is...something else that you and I can't even imagine yet. But if you fix it, you will turn some of those pirates into customers, you will build good will, you will find OTHER customers, and you will avoid falling into the every-pirated-copy-is-a-lost-sale fallacy that has crippled so many companies.
This won't stop the piracy, of course. Nor is it intended to. You'll just have to accept that it CANNOT be stopped no matter what you do. But since it's inevitable, you should figure out how to profit from it. Others have.