You define commercial use as providing services for not-for-profit indivduals web surfing. Fine.
No, I don't. I define it as the use of the Internet for commerce, which is to say economic activity between consenting traders and investors -- what my left-wing friends would call "capitalism". I don't consider your sending of unsolicited advertisements to "an unconfirmed email address" (how many was it really?) to be commerce. I consider it to be spamming.
I define commercial use as trying to sell a product on the Internet and communicate with customers. You send one single email to an unconfirmed email address and you can be blocked for days. Do that enough and you are out of business.
You admit sending commercial email to an unconfirmed email address (how many addresses?), which turned out to belong to someone who had not solicited your message. By the usual definition of spamming as "unsolicited commercial email", that means that you admit to having spammed.
The techniques for operating confirmed mailing lists are not new. Mailing list software to operate confirmed lists has existed since well before the "e-commerce" boom. Thousands of businesses use such software. They operate confirmed, solicited commercial mailing lists... and they don't get listed as spammers.
It sounds to me, from your description of the situation, like you failed to do due diligence, failed to take advantage of the information resources available to you -- and as a result, you spammed. In that case, the folks who listed you as a source of spam were telling the truth, weren't they?
Don't bother saying it doesn't work that way - we just got unblocked from that happening.
Hey, I'm just working with what you give me. If you'd like to point to a published record of your exchange with the list operators, please do so. A Google search link into NANAE, if that's where the exchange took place, would be more than adequate.
The goal of most spam blockers is to eliminate commercial use of the Internet.
Actually, most "spam blockers" work for organizations which commercially use the Internet. They are mail administrators for ISPs or other companies, which have directed them to reduce the impact of spam on their businesses -- to cut costs or to improve service to customers.
I would not be suprised to see Spamhaus served a cease-and-desist before Verio does the Right Thing and starts punting luser spammers.
Luckily, the spamfighting community has a great deal of experience with such misbehavior. The slang expression among spamfighters for a sender of baseless legal threats is "cartooney", as in cartoon + attorney. Spammers send these out by the boatloads when their delusions suggest it will get people to stop trying to block their thefts.
Steve Linford, the operator of the SBL and ROKSO (and known in China as Stiff Linefeed) is a long-time anti-spam veteran, and has a great deal of support from others such. If Verio tries to harangue, hassle, or hornswoggle him into falsely removing them from SBL, he will have dozens of clued and supportive people on his side. If Verio files suit, Mr. Linford will have a substantial legal defense fund faster than you can say "Canter & Siegel".
Why content filtering is not enough
on
As the Spam Turns
·
· Score: 5, Insightful
The technology is out there, in the form of Bayesian filters, and is nearly perfect.
Bayesian filters, SpamAssassin, and other client-side content filters can indeed reduce the amount of spam that you see. As such, they can reduce some major costs of spam for the average Internet user, small site, or business: costs such as annoyance, offense, wasted time, and harm to productivity thereby caused -- that is to say, the end-user costs of spam.
However, they have no effect on the cost of the bandwidth and other resource costs of spam, which are substantial for large ISPs and large businesses -- and for the Internet as a whole. In order to perform content filtration on a piece of mail, you must receive it and store it first, which has its costs. (Consider that large ISPs regularly report that anywhere from one-third to two-thirds of their mail is spam.)
Only forms of spam filtration which do not permit the spammer to send the spam to your mail server can reduce the bandwidth cost of spam. In practicality, that means filters which apply to one or more of the following (in increasing order of cost):
The sending host's IP address;
The sending host's DNS name or other IP metadata; or
The contents of the SMTP envelope, that is, the arguments to the MAIL FROM and RCPT TO commands, or other sender behavior prior to the DATA command.
(Note the SMTP envelope is not the same as the mail headers, which are part of the SMTP DATA. An SMTP server is permitted to reject mail before DATA, but is not allowed to drop the connection in mid-DATA. If you do not understand this, read RFC 2821.)
DNSBLs -- such as SBL, MAPS RBL, and SPEWS -- all apply to the IP address of the sending system. Domain-based rejection lists (which are not commonly published) apply to the DNS name of the sending system. RHSBLs, and relay checking, apply to the SMTP envelope.
Keep also in mind that one function of some (but not all) DNSBLs is not merely to filter out spam, but to discourage it from being attempted in the first place. By rejecting mail from networks which have proven themselves to tolerate spammers, we tell network operators that if they wish to be able to send us mail, they must kick off their spammers. It's their choice which they do; they just have to choose which is worth more to them: being able to send mail to sites that don't like spam, or being able to host network-abusers with impunity.
(Incidentally, you will find precious little sympathy for calling spam filtering "censorship". Censorship, as those who have experienced it understand, happens when some party uses violent force to stop a view or expression from being published by its advocates (at their cost). Spammers aren't trying to publish their views at their own cost and being violently restrained from doing so: they're trying to steal the use of others' equipment to publish their stuff.)
Please do not spam Slashdot with multiple copies of the same posting. Excessive multi-posting is one of the classic Usenet definitions of spam, which now apparently applies here as well....
If you had contributed your effort to sending an email to MySQL AB instead of posting to slashdot, the bug could've been fixed when you first found it.
Actually, I alerted webmaster@mysql.com the first time I noticed it -- months ago -- and never heard back. I notice that they seem to have corrected the matter now, regardless of how it originated. Apparently, raising visibility of this problem in this public forum was successful in getting it fixed -- a pattern that I am familiar with from security-related forums.
I'm not willing to withdraw speculation that it was intentional, though, considering mySQL's untruths regarding the value of vital RDBMS functionality they hadn't at the time bothered to implement. This is a crew with a history of being dishonest about comparison between their product and others, by belittling an essential relational feature their product was missing.
Few pieces of software include in their documentation fallacious "explanations" of why a feature that all their competitors have, but they lack, is bad and unnecessary. It is only to be expected that those who do, and then go on to implement and promote those very "bad and unnecessary" features, would then remove the offending libels from the documentation. The link above includes a quote from mySQL documentation from before it supported relational integrity (aka "foreign key constraints"). You will note that the extravagant claims of integrity being unnecessary and confusing have been removed from the current mySQL documentation. Convenient.
If you have an explanation of how a bug could give rise to the dropping of this particular test from the crash-me results only when a version of mySQL was being evaluated, please do post it here. I will be glad to retract my speculation if it is disproven. Be crash-me's omission bug, or be it lie, no matter -- bugs and lies have in common a dislike for exposure.
If you look at what happened between MySQL and NuSphere, MySQL was never out to crucify anyone. They don't verbally bash anyone or toot their own horn. Look at what they say on their website about their own benchmarks and how they repeatedly point out that the competing products they have tested were not completely optimized due to their lack of knowledge regarding optimizations for those products.
It's still kind of odd that in their competitive comparison system, crash-me, some candidate features that are listed when you compare two other database products disappear when you add mySQL to the list you're comparing.
For instance, transactions are excluded from comparison whenever you ask to compare a database with mySQL 3.23.39. (They are included if you compare mySQL 3.23.29, in which case crash-me correctly reports that mySQL does not support transactions.)
Try it yourself. Go to crash-me with the above link. Check only the boxes for two non-mySQL databases (such as Oracle and Access, or PostgreSQL and Informix), and submit the form. Scroll down to the "Other features" section, near the bottom. You will see a row labeled "transactions". Now, go back and check the box for mySQL 3.2.39, and resubmit the page. Presto -- no line for transactions.
I'm trying to see this in a positive or even neutral light, but let me be truthful -- I can't. I don't see any honest reason that this special case would be added to the crash-me code. The only reason I can see that mySQL.com would add this behavior to their test suite would be to conceal -- indeed, to "un-ask" -- the question of whether or not mySQL supports transactions.
Re:MySQL gains more users thanks to Apple
on
SQL Fundamentals
·
· Score: 3, Interesting
Oh, and the R in RDBMS means "relational". Correct me if I'm wrong, but MySQL needs a plugin to even do foreign keys - you should really say just DBMS.
Actually, I've heard some folks take issue with the "M", on the grounds that a system that does not ensure relational integrity and transactional atomicity is not providing database management. Considering that many mySQL supporters bracket their support by saying that it is strongest for read-mostly databases (placing it in a category with LDAP's slapd), I would feel comfortable calling mySQL a "database daemon".
(For my own reasons to choose PostgreSQL, and some links on the subject, see my Slashdot journal about my current work project.)
For what it's worth, I'm glad that the mySQL folks have largely quit telling untruths about relational databases. A few years ago, they were saying in the mySQL documentation that foreign key constraints are for lazy programmers, and that anything that can be done with transactions can be done just as reliably with application code. (Imagine here Jamie Lee Curtis saying "Those are all mistakes, Otto. I looked them up.")
So why was UUENCODE and UUDECODE, then later MIME created?
Just a nitpick -- UUencode was not created for mail, nor was it created for its current popular use, netnews (where it is presently rivaled not only by standardized MIME encodings, but also by an amateur hack-job called yEnc).
No, UUencode was created for UUCP, the Unix-to-Unix copy system that predates the spread of the Internet. UUCP was a store-and-forward system for the delivery of files; usually, it operated over serial lines (read: mostly long-distance dialup!) at odd hours. Netnews was built to run on UUCP. (Some argue that news runs better over UUCP than its current protocol NNTP, though this may be nostalgia run amok.)
UUencode was necessary to move arbitrary binary data (as opposed to ASCII text) because many serial interfaces had limits on the bytes they could transfer. Many connections were only seven-bit-safe, meaning that they might strip or misinterpret a 1 on the high bit. Also, IIRC, many serial connections used characters 0-31 for signaling (with XON and XOFF being only the best-known) -- sending a file containing these characters might hang or abort your connection.
I've never seen a laptop with sharp, jagged edges. Or one that wasn't rectangular.
I've seen a few laptops that "grew" sharp edges when parts of the case came loose!
But, seriously -- Apple has made not one but two laptops that weren't particularly rectangular: the original "clamshell" iBook, and the eMate. The eMate was a subnotebook based on the Newton, but with a clamshell case and a full-size keyboard.
The U.S. is not ranked low. The U.S. is ranked #17 out of over 120 nations, and ahead of some other "civilized", "free", "Western" nations such as Great Britain. The U.S. is ranked high -- not as high as 16 other nations, but certainly not "low". The fact that we are so very successful in achieving freedom, even though we are imperfect, is a praiseworthy and proud statement. We should be saying "We are great, but we can obviously improve!" -- not "We suck, I want to move!", and certainly not "This report is biased against us!"
It is a higher form of patriotism to make one's country right and good than to proclaim it to be right and good.
It would be nice if we also had something like free literary universes. I mean, you could write fiction which would add to an existing universe and its storylines.
Aside from fanfic with its dubious legal status and contention with "canon", there is one example of this very idea which Slashdot readers may be familiar with: the Cthulhu Mythos.
The Mythos was begun by H. P. Lovecraft, who encouraged his fans to write stories in his settings. (There was little audience for the horror-SF genre at the time, and every good story was a boon to its popularity.) After Lovecraft's death, and to the present day, followers have continued to write and publish stories featuring Lovecraft's strange gods and cosmic horrors.
Like more commercially produced shared settings such as Star Trek, the Mythos and associated tales have spawned movies, magazines, and even a roleplaying game.
Sad to say, Lovecraft died in obscurity and poverty, which does not say much for starting a freely expandable universe as a means of employment. Nonetheless, it has certainly been a success in terms of storytelling.
(Lovecraft was by no means the only author who has invited fans to write in his universe. Another, rather more recently, told his readers to go ahead and write stories in his universe -- and then rescinded the offer after a fan wrote a story that offended him! The author in question was Larry Niven; the universe was Known Space; the fan was Elf Sternberg; the story was "The Only Fair Game".)
Every time a vulnerability exists, it is because of some sort of an error. This is true almost by definition.
This is a very good point -- indeed, an essential one. As anyone who's as much as lurked on Bugtraq or other security-oriented fora can tell you, the discovery of many vulnerabilities begins with the discovery of a way to crash the affected service.
This is particularly the case with buffer and stack overflows: if I can crash your FTP server by sending it a huge string of junk, that means that your FTP server is doing something invalid (such as smashing the stack) with that input. To crash a service entails getting it to execute nonsense code -- to crack it entails getting it to execute my code.
What does this mean for Microsoft's code -- or anyone else's? Well, any means to get a network-facing program to crash should really be considered a security vulnerability waiting to happen. Bug reports of the form "I can crash your program by sending it gubbish" should not be answered "Well, don't do that!" They should be treated almost as seriously as vulnerability reports themselves. While there are classes of remote crashes that don't lead to vulnerabilities, that's not the safe way to bet.
I'm not exactly sure why I'm not allowed to post it, as nothing says "you may not post this", but it is copyrighted to them, but I don't really know what that means.
The text of the price list can be copyrighted. The fact that company X offered to sell you product Y for price Z cannot, as it is expressions and not facts or ideas that are copyrighted. IANAL, but unless you're under an NDA or another contract not to disclose the prices you were offered, I think you can safely tell someone else what those prices were. Copyright on the price list just means you have to express those facts in your own words.
How would we tansmit (speeds, reliability, etc) from Mars to Earth?
Because Mars is sometimes on the other side of Sol from Earth, any means of communication that relies on line of sight at that range (radio, laser, etc.) is going to need to be relayed off of a station somewhere else in Solar orbit. Reasonable locations might include the L4 and L5 libration points (Trojan points), 60 degrees ahead of and behind Earth in its orbit around Sol.
Unless we learn how to modulate the luminiferous aether (subspace/ansible/fatline communication) we're just going to have to deal with half-hour-long ping times, though.
Tell that to the people who are really forceful in their criticism. The people who seem to be morally offended at RedHat's new user interface.
Yup, they're silly buggers, no question there.
But I don't think it's valuable to call them "fake free software people", or whatever the antonym of your "real free software people" upthread was supposed to be. I don't even know what a "free software person" is meant to be in that context -- an advocate? user? developer? We have clear criteria for what makes a program Free Software but we do not have criteria for what makes a "free software person."
I find it disturbing sometimes how much resentment there can be in the community. Whenever one of these atrocious flamewars breaks out, it seems to me that it's more because people are looking for a fight, looking for some battle line on whose sides they can form up. Quite often, it seems it's the resentful impulse that was once called levelling that serves as the impulse for this. Levelling is the harmful side of envy: instead of raising yourself up to the level of the envied one, you knock them down to yours.
Many free-software users hate Microsoft, because they observe that Microsoft has done wrong and profited by it -- but a sizable minority envy Red Hat, because while Red Hat has done no wrong it has profited where others have failed. None in this matter of KDE in Red Hat 8.0 have presented a coherent argument that Red Hat has done wrong; rather, they have seized on something unusual that Red Hat has done and unfoundedly declared it wrong, as a justification for knocking down Red Hat.
It's foolish, and in the end it drags everyone down. The negative publicity hurts Red Hat directly and the rest of Free Software/Open Source by association. The attitude of intolerance towards modifications -- that if I want to modify your code I need your explicit permission -- creates a contradiction with the operating principles of FS/OSS and works to deprive us of its benefits. The inherent ugliness and acrimony of unnecessary hostility hurts us all.
Of course I do know that and it doesn't change the fact that GNOME would not exist without KDE.
If you know the truth of proposition P (viz., that the purpose of the creation of GNOME was other than to "kill" KDE) but you assert in debate proposition not-P (that the purpose of creating GNOME was to "kill" KDE) then you engage in a wrongful act of lying. There is no place in intelligent debate for lying. The only purpose lying can serve in discussion is to attempt to lead another astray -- to cause another to think or act on the basis of information you know is wrong. Though lying may serve some useful purposes in certain social occasions (contra Kant) it has no justification in debate and is wholly immoral.
Now, back on topic -- license problems may not be a "real life" issue to you if you are neither a Free Software developer or distributor, nor of the opinion that secret-source, thought-monopoly software is harmful. However, not all the world is in the same boat you are. To a substantial number of people -- among them the GNU and GNOME core developers, self-evidently -- these are issues most assuredly real. They would be remiss in their ethical duties to set aside their own principles simply because a fool might someday mock them as impractical.
RedHat pushes GNOME and GNOME was only created to kill KDE. (Yes, you can mod this down, but it's still the truth and you know it.)
Actually, it's false, and I suspect you might not know it. GNOME was created by the GNU folks as an alternative to KDE at a time when KDE was dependent on a piece of non-free software, specifically the Qt libraries. Though it's now Free, Qt was at the time "shared source," more or less. Once Qt became Free, people kept developing and using GNOME because they were used to it and had come to prefer it.
They did it for the same reason RMS started GNU in the first place: to give people who insist on Free Software a good system to use. RMS didn't start GNU to "kill" SunOS or HP/UX or BSD, but to have the kind of system that his ethics and aesthetics preferred. Yes, BSD was non-free when GNU was started: BSD depended on AT&T proprietary Unix code. That quit being the case in 1994 or so -- but you wouldn't expect all the GNU and Linux developers to suddenly jump ship for BSD, would you? Of course not; as with GNOME and KDE, they had come to prefer their own system and kept developing it because they wished to.
That's called freedom. Not "killing" -- freedom. Learn to recognize it.
Real free software people wouldn't be emotionally offended by others taking advantage of their own freedoms to modify the software.
Okay, so if I use your XSLTFilter on a Web site that displays XML-indexed goatse pictures, you'll suddenly become convinced they're the most attractive thing you've ever seen?
There's a deep divide between toleration and approval. As I understand it, RMS (for one) is generally speaking opposed to war. However, the GPL under which he releases his software contains no provisions preventing militaries from using it in the development and deployment of weapons systems. RMS tolerates the use of glibc in weapons -- that is to say, he doesn't try to stop it. That doesn't mean he approves of it, or wouldn't be offended by the thought of a missile guided by glibc-linked code blowing up a village in Iraq. (Hell, I'm offended by it, and I didn't even write glibc.)
The confusion between toleration and approval (or between taking offense and being intolerant) is a dangerous one, like the confusion so many people have between criticism and censorship. It is destructive of public discourse, because it leads people to react emotionally as if they were being threatened with force, when in fact they are merely being told someone's opinion.
Don't give me the old "competition" argument either. There is only one Linux kernel, which seems to progress just fine without another competing project nipping at its feet and instigating flamewars.
You missed the VM system flamewars? The scheduler fights? The CML2 flamewars starring ESR? The kernel developers are by no means an egoless hive-mind, noiselessly producing good code. Read kernel-traffic for a little taste, or delve into the linux-kernel list raw & unfiltered for more than you evidently expect in the way of competition.
If you want to look for "Not Invented Here" mentalities and competition between kernel projects in the free-software world, consider also Linux vs. BSD. As I understand it, there's no reason that OpenBSD's pf firewall module -- which has some serious advantages over Linux's netfilter -- could not be integrated with the Linux network stack. It hasn't been, though, and I don't imagine it will be.
Seriously, though, I actually use "Linux" most often in the context of "Does program $foo run on Linux?" Regardless of what RMS wants, that is perfectly correct. Programs run on the kernel (Linux), not GNU tools such as emacs/sed/gcc.
Actually, most programs that run on the Linux kernel are linked against the GNU C library (glibc) and other GNU libraries which provide a significant portion of their function. I wouldn't want to be without ncurses, readline, or gtk+! These libraries dictate much more of the software's behavior than the kernel does -- and GNU readline works the same on a SunOS kernel, a BSD kernel, or a Linux kernel.
There's another catch to asking the question "Does $program run on Linux?" though: if the domain of software you're asking about includes secret-source software (proprietary, binary-only software), the answer may well be "Only sometimes!" Free software is usually portable to most or all of the platforms on which Linux runs, but secret-source programs often don't even consistently run on two distributions on the same platform!
People who ask "Does $program run on Linux?" about a secret-source program usually end up getting an answer instead to the question "Does $program run on the current release of Red Hat?" But most Free software is nowhere near as constrained as that: something like 90% of the packages that compile and run on Debian GNU/Linux for i386 also compile and run with no changes on my Debian for PowerPC systems.
The reason our folks like open anonymous FTP (until it gets polluted and we teach 'em about write-only "incoming" directories) is that they can collaborate with people at other sites without dicking around with accounts and passwords.
No, Freenet or the latest "p33 ][ p33" toy is not an option. "Cross-platform" here does not mean "runs on Windows 2000, Red Hat 7.x, and Mac OS X 10.1"; it means "runs on SunOS, HP/UX, Windows 98, IRIX, and Windows 2000, Red Hat, and Mac OS X." Folks here have been using Unix for 10+ years. They don't want to tell their partners at another institution, "Well, to access our data this week you need PantsShare 3.2; 3.1 won't work, and 3.3 has a trojan in it."
That's what's so entertaining about this setting. We have to teach them how to be secure without taking their way of working away from them. That's called "science, not IT, runs the institution." That's called "go ahead, be a bleeding-edge geek and work here; but don't expect someone who's been using Unix for 15 years to predicate her work on your toy because it's k3wl."
And yes, we've convinced 95% of them to use OpenSSH -- entirely by education; without BOFH (read: "fuckless IT asshole") tactics such as blocking Telnet at the firewall.
What, portscanning? In the U.S. at least, some
courts have ruled it legal, whereas some courts
have considered it an element of computer crime.
I don't know what the case is in Italy.
It is theoretically possible to block IP scanning almost instantaneously, if there was a protocol that traded information with other clients when it was abused.
Sure. Now, tell me how you'll secure this protocol
from forgery -- so that when Joe Hacktivist gets pissed
off at CNN kowtowing to Red China again, he can't
just tell the world that CNN is scanning him and
get them cut off the Net.
Think also of the sheer quantity of processing that
is involved in maintaining routing tables now, and
how fucked-up the Net gets when routers do stupid things
or when rogue ISPs (like
Above.net) propagate fraudulent routes as a mechanism of censorship.
Perhaps this will cut down on the number of port-21 scans I see from Tiscali. At present, they're one of the largest sources of scans for open anonymous FTP servers, right behind Wanadoo. The abusers are looking for FTP servers that allow both upload and download in the same directory. When they find them, they fill them up with warez, porn, and movies.
Now, you may think, hey, free warez, porn, and movies... but I'll bet you don't work for a site with a few hundred technically bright but security-dumb scientists. These folks like open FTP because it makes it easy to collaborate and share data, but they don't like having their disks fill up with blowjob MPEGs.
So if Tiscali can get its warezers and pr0nsters running Kazaa and shoving spyware onto each other's systems all day, maybe they will go away and leave my users' port 21 alone.
Slashdot Mirror
No, I don't. I define it as the use of the Internet for commerce, which is to say economic activity between consenting traders and investors -- what my left-wing friends would call "capitalism". I don't consider your sending of unsolicited advertisements to "an unconfirmed email address" (how many was it really?) to be commerce. I consider it to be spamming.
You admit sending commercial email to an unconfirmed email address (how many addresses?), which turned out to belong to someone who had not solicited your message. By the usual definition of spamming as "unsolicited commercial email", that means that you admit to having spammed.
The techniques for operating confirmed mailing lists are not new. Mailing list software to operate confirmed lists has existed since well before the "e-commerce" boom. Thousands of businesses use such software. They operate confirmed, solicited commercial mailing lists ... and they don't get listed as spammers.
It sounds to me, from your description of the situation, like you failed to do due diligence, failed to take advantage of the information resources available to you -- and as a result, you spammed. In that case, the folks who listed you as a source of spam were telling the truth, weren't they?
Hey, I'm just working with what you give me. If you'd like to point to a published record of your exchange with the list operators, please do so. A Google search link into NANAE, if that's where the exchange took place, would be more than adequate.
How many addresses did you spam, again?
Actually, most "spam blockers" work for organizations which commercially use the Internet. They are mail administrators for ISPs or other companies, which have directed them to reduce the impact of spam on their businesses -- to cut costs or to improve service to customers.
Spam isn't commercial use. It's criminal use.
Luckily, the spamfighting community has a great deal of experience with such misbehavior. The slang expression among spamfighters for a sender of baseless legal threats is "cartooney", as in cartoon + attorney. Spammers send these out by the boatloads when their delusions suggest it will get people to stop trying to block their thefts.
Steve Linford, the operator of the SBL and ROKSO (and known in China as Stiff Linefeed) is a long-time anti-spam veteran, and has a great deal of support from others such. If Verio tries to harangue, hassle, or hornswoggle him into falsely removing them from SBL, he will have dozens of clued and supportive people on his side. If Verio files suit, Mr. Linford will have a substantial legal defense fund faster than you can say "Canter & Siegel".
Bayesian filters, SpamAssassin, and other client-side content filters can indeed reduce the amount of spam that you see. As such, they can reduce some major costs of spam for the average Internet user, small site, or business: costs such as annoyance, offense, wasted time, and harm to productivity thereby caused -- that is to say, the end-user costs of spam.
However, they have no effect on the cost of the bandwidth and other resource costs of spam, which are substantial for large ISPs and large businesses -- and for the Internet as a whole. In order to perform content filtration on a piece of mail, you must receive it and store it first, which has its costs. (Consider that large ISPs regularly report that anywhere from one-third to two-thirds of their mail is spam.)
Only forms of spam filtration which do not permit the spammer to send the spam to your mail server can reduce the bandwidth cost of spam. In practicality, that means filters which apply to one or more of the following (in increasing order of cost):
(Note the SMTP envelope is not the same as the mail headers, which are part of the SMTP DATA. An SMTP server is permitted to reject mail before DATA, but is not allowed to drop the connection in mid-DATA. If you do not understand this, read RFC 2821.)
DNSBLs -- such as SBL, MAPS RBL, and SPEWS -- all apply to the IP address of the sending system. Domain-based rejection lists (which are not commonly published) apply to the DNS name of the sending system. RHSBLs, and relay checking, apply to the SMTP envelope.
Keep also in mind that one function of some (but not all) DNSBLs is not merely to filter out spam, but to discourage it from being attempted in the first place. By rejecting mail from networks which have proven themselves to tolerate spammers, we tell network operators that if they wish to be able to send us mail, they must kick off their spammers. It's their choice which they do; they just have to choose which is worth more to them: being able to send mail to sites that don't like spam, or being able to host network-abusers with impunity.
(Incidentally, you will find precious little sympathy for calling spam filtering "censorship". Censorship, as those who have experienced it understand, happens when some party uses violent force to stop a view or expression from being published by its advocates (at their cost). Spammers aren't trying to publish their views at their own cost and being violently restrained from doing so: they're trying to steal the use of others' equipment to publish their stuff.)
Copy two
Please do not spam Slashdot with multiple copies of the same posting. Excessive multi-posting is one of the classic Usenet definitions of spam, which now apparently applies here as well ....
Actually, I alerted webmaster@mysql.com the first time I noticed it -- months ago -- and never heard back. I notice that they seem to have corrected the matter now, regardless of how it originated. Apparently, raising visibility of this problem in this public forum was successful in getting it fixed -- a pattern that I am familiar with from security-related forums.
I'm not willing to withdraw speculation that it was intentional, though, considering mySQL's untruths regarding the value of vital RDBMS functionality they hadn't at the time bothered to implement. This is a crew with a history of being dishonest about comparison between their product and others, by belittling an essential relational feature their product was missing.
Few pieces of software include in their documentation fallacious "explanations" of why a feature that all their competitors have, but they lack, is bad and unnecessary. It is only to be expected that those who do, and then go on to implement and promote those very "bad and unnecessary" features, would then remove the offending libels from the documentation. The link above includes a quote from mySQL documentation from before it supported relational integrity (aka "foreign key constraints"). You will note that the extravagant claims of integrity being unnecessary and confusing have been removed from the current mySQL documentation. Convenient.
If you have an explanation of how a bug could give rise to the dropping of this particular test from the crash-me results only when a version of mySQL was being evaluated, please do post it here. I will be glad to retract my speculation if it is disproven. Be crash-me's omission bug, or be it lie, no matter -- bugs and lies have in common a dislike for exposure.
It's still kind of odd that in their competitive comparison system, crash-me, some candidate features that are listed when you compare two other database products disappear when you add mySQL to the list you're comparing.
For instance, transactions are excluded from comparison whenever you ask to compare a database with mySQL 3.23.39. (They are included if you compare mySQL 3.23.29, in which case crash-me correctly reports that mySQL does not support transactions.)
Try it yourself. Go to crash-me with the above link. Check only the boxes for two non-mySQL databases (such as Oracle and Access, or PostgreSQL and Informix), and submit the form. Scroll down to the "Other features" section, near the bottom. You will see a row labeled "transactions". Now, go back and check the box for mySQL 3.2.39, and resubmit the page. Presto -- no line for transactions.
I'm trying to see this in a positive or even neutral light, but let me be truthful -- I can't. I don't see any honest reason that this special case would be added to the crash-me code. The only reason I can see that mySQL.com would add this behavior to their test suite would be to conceal -- indeed, to "un-ask" -- the question of whether or not mySQL supports transactions.
That's odd. I think you said that once before, typo and all.
Actually, I've heard some folks take issue with the "M", on the grounds that a system that does not ensure relational integrity and transactional atomicity is not providing database management. Considering that many mySQL supporters bracket their support by saying that it is strongest for read-mostly databases (placing it in a category with LDAP's slapd), I would feel comfortable calling mySQL a "database daemon".
(For my own reasons to choose PostgreSQL, and some links on the subject, see my Slashdot journal about my current work project.)
For what it's worth, I'm glad that the mySQL folks have largely quit telling untruths about relational databases. A few years ago, they were saying in the mySQL documentation that foreign key constraints are for lazy programmers, and that anything that can be done with transactions can be done just as reliably with application code. (Imagine here Jamie Lee Curtis saying "Those are all mistakes, Otto. I looked them up.")
No, UUencode was created for UUCP, the Unix-to-Unix copy system that predates the spread of the Internet. UUCP was a store-and-forward system for the delivery of files; usually, it operated over serial lines (read: mostly long-distance dialup!) at odd hours. Netnews was built to run on UUCP. (Some argue that news runs better over UUCP than its current protocol NNTP, though this may be nostalgia run amok.)
UUencode was necessary to move arbitrary binary data (as opposed to ASCII text) because many serial interfaces had limits on the bytes they could transfer. Many connections were only seven-bit-safe, meaning that they might strip or misinterpret a 1 on the high bit. Also, IIRC, many serial connections used characters 0-31 for signaling (with XON and XOFF being only the best-known) -- sending a file containing these characters might hang or abort your connection.
But, seriously -- Apple has made not one but two laptops that weren't particularly rectangular: the original "clamshell" iBook, and the eMate. The eMate was a subnotebook based on the Newton, but with a clamshell case and a full-size keyboard.
It is a higher form of patriotism to make one's country right and good than to proclaim it to be right and good.
Aside from fanfic with its dubious legal status and contention with "canon", there is one example of this very idea which Slashdot readers may be familiar with: the Cthulhu Mythos.
The Mythos was begun by H. P. Lovecraft, who encouraged his fans to write stories in his settings. (There was little audience for the horror-SF genre at the time, and every good story was a boon to its popularity.) After Lovecraft's death, and to the present day, followers have continued to write and publish stories featuring Lovecraft's strange gods and cosmic horrors.
Like more commercially produced shared settings such as Star Trek, the Mythos and associated tales have spawned movies, magazines, and even a roleplaying game.
Sad to say, Lovecraft died in obscurity and poverty, which does not say much for starting a freely expandable universe as a means of employment. Nonetheless, it has certainly been a success in terms of storytelling.
(Lovecraft was by no means the only author who has invited fans to write in his universe. Another, rather more recently, told his readers to go ahead and write stories in his universe -- and then rescinded the offer after a fan wrote a story that offended him! The author in question was Larry Niven; the universe was Known Space; the fan was Elf Sternberg; the story was "The Only Fair Game".)
This is particularly the case with buffer and stack overflows: if I can crash your FTP server by sending it a huge string of junk, that means that your FTP server is doing something invalid (such as smashing the stack) with that input. To crash a service entails getting it to execute nonsense code -- to crack it entails getting it to execute my code.
What does this mean for Microsoft's code -- or anyone else's? Well, any means to get a network-facing program to crash should really be considered a security vulnerability waiting to happen. Bug reports of the form "I can crash your program by sending it gubbish" should not be answered "Well, don't do that!" They should be treated almost as seriously as vulnerability reports themselves. While there are classes of remote crashes that don't lead to vulnerabilities, that's not the safe way to bet.
The text of the price list can be copyrighted. The fact that company X offered to sell you product Y for price Z cannot, as it is expressions and not facts or ideas that are copyrighted. IANAL, but unless you're under an NDA or another contract not to disclose the prices you were offered, I think you can safely tell someone else what those prices were. Copyright on the price list just means you have to express those facts in your own words.
Because Mars is sometimes on the other side of Sol from Earth, any means of communication that relies on line of sight at that range (radio, laser, etc.) is going to need to be relayed off of a station somewhere else in Solar orbit. Reasonable locations might include the L4 and L5 libration points (Trojan points), 60 degrees ahead of and behind Earth in its orbit around Sol.
Unless we learn how to modulate the luminiferous aether (subspace/ansible/fatline communication) we're just going to have to deal with half-hour-long ping times, though.
Yup, they're silly buggers, no question there.
But I don't think it's valuable to call them "fake free software people", or whatever the antonym of your "real free software people" upthread was supposed to be. I don't even know what a "free software person" is meant to be in that context -- an advocate? user? developer? We have clear criteria for what makes a program Free Software but we do not have criteria for what makes a "free software person."
I find it disturbing sometimes how much resentment there can be in the community. Whenever one of these atrocious flamewars breaks out, it seems to me that it's more because people are looking for a fight, looking for some battle line on whose sides they can form up. Quite often, it seems it's the resentful impulse that was once called levelling that serves as the impulse for this. Levelling is the harmful side of envy: instead of raising yourself up to the level of the envied one, you knock them down to yours.
Many free-software users hate Microsoft, because they observe that Microsoft has done wrong and profited by it -- but a sizable minority envy Red Hat, because while Red Hat has done no wrong it has profited where others have failed. None in this matter of KDE in Red Hat 8.0 have presented a coherent argument that Red Hat has done wrong; rather, they have seized on something unusual that Red Hat has done and unfoundedly declared it wrong, as a justification for knocking down Red Hat.
It's foolish, and in the end it drags everyone down. The negative publicity hurts Red Hat directly and the rest of Free Software/Open Source by association. The attitude of intolerance towards modifications -- that if I want to modify your code I need your explicit permission -- creates a contradiction with the operating principles of FS/OSS and works to deprive us of its benefits. The inherent ugliness and acrimony of unnecessary hostility hurts us all.
If you know the truth of proposition P (viz., that the purpose of the creation of GNOME was other than to "kill" KDE) but you assert in debate proposition not-P (that the purpose of creating GNOME was to "kill" KDE) then you engage in a wrongful act of lying. There is no place in intelligent debate for lying. The only purpose lying can serve in discussion is to attempt to lead another astray -- to cause another to think or act on the basis of information you know is wrong. Though lying may serve some useful purposes in certain social occasions (contra Kant) it has no justification in debate and is wholly immoral.
Now, back on topic -- license problems may not be a "real life" issue to you if you are neither a Free Software developer or distributor, nor of the opinion that secret-source, thought-monopoly software is harmful. However, not all the world is in the same boat you are. To a substantial number of people -- among them the GNU and GNOME core developers, self-evidently -- these are issues most assuredly real. They would be remiss in their ethical duties to set aside their own principles simply because a fool might someday mock them as impractical.
Actually, it's false, and I suspect you might not know it. GNOME was created by the GNU folks as an alternative to KDE at a time when KDE was dependent on a piece of non-free software, specifically the Qt libraries. Though it's now Free, Qt was at the time "shared source," more or less. Once Qt became Free, people kept developing and using GNOME because they were used to it and had come to prefer it.
They did it for the same reason RMS started GNU in the first place: to give people who insist on Free Software a good system to use. RMS didn't start GNU to "kill" SunOS or HP/UX or BSD, but to have the kind of system that his ethics and aesthetics preferred. Yes, BSD was non-free when GNU was started: BSD depended on AT&T proprietary Unix code. That quit being the case in 1994 or so -- but you wouldn't expect all the GNU and Linux developers to suddenly jump ship for BSD, would you? Of course not; as with GNOME and KDE, they had come to prefer their own system and kept developing it because they wished to.
That's called freedom. Not "killing" -- freedom. Learn to recognize it.
Okay, so if I use your XSLTFilter on a Web site that displays XML-indexed goatse pictures, you'll suddenly become convinced they're the most attractive thing you've ever seen?
There's a deep divide between toleration and approval. As I understand it, RMS (for one) is generally speaking opposed to war. However, the GPL under which he releases his software contains no provisions preventing militaries from using it in the development and deployment of weapons systems. RMS tolerates the use of glibc in weapons -- that is to say, he doesn't try to stop it. That doesn't mean he approves of it, or wouldn't be offended by the thought of a missile guided by glibc-linked code blowing up a village in Iraq. (Hell, I'm offended by it, and I didn't even write glibc.)
The confusion between toleration and approval (or between taking offense and being intolerant) is a dangerous one, like the confusion so many people have between criticism and censorship. It is destructive of public discourse, because it leads people to react emotionally as if they were being threatened with force, when in fact they are merely being told someone's opinion.
You missed the VM system flamewars? The scheduler fights? The CML2 flamewars starring ESR? The kernel developers are by no means an egoless hive-mind, noiselessly producing good code. Read kernel-traffic for a little taste, or delve into the linux-kernel list raw & unfiltered for more than you evidently expect in the way of competition.
If you want to look for "Not Invented Here" mentalities and competition between kernel projects in the free-software world, consider also Linux vs. BSD. As I understand it, there's no reason that OpenBSD's pf firewall module -- which has some serious advantages over Linux's netfilter -- could not be integrated with the Linux network stack. It hasn't been, though, and I don't imagine it will be.
Kernels can be fighty places, too.
Actually, most programs that run on the Linux kernel are linked against the GNU C library (glibc) and other GNU libraries which provide a significant portion of their function. I wouldn't want to be without ncurses, readline, or gtk+! These libraries dictate much more of the software's behavior than the kernel does -- and GNU readline works the same on a SunOS kernel, a BSD kernel, or a Linux kernel.
There's another catch to asking the question "Does $program run on Linux?" though: if the domain of software you're asking about includes secret-source software (proprietary, binary-only software), the answer may well be "Only sometimes!" Free software is usually portable to most or all of the platforms on which Linux runs, but secret-source programs often don't even consistently run on two distributions on the same platform!
People who ask "Does $program run on Linux?" about a secret-source program usually end up getting an answer instead to the question "Does $program run on the current release of Red Hat?" But most Free software is nowhere near as constrained as that: something like 90% of the packages that compile and run on Debian GNU/Linux for i386 also compile and run with no changes on my Debian for PowerPC systems.
The reason our folks like open anonymous FTP (until it gets polluted and we teach 'em about write-only "incoming" directories) is that they can collaborate with people at other sites without dicking around with accounts and passwords.
No, Freenet or the latest "p33 ][ p33" toy is not an option. "Cross-platform" here does not mean "runs on Windows 2000, Red Hat 7.x, and Mac OS X 10.1"; it means "runs on SunOS, HP/UX, Windows 98, IRIX, and Windows 2000, Red Hat, and Mac OS X." Folks here have been using Unix for 10+ years. They don't want to tell their partners at another institution, "Well, to access our data this week you need PantsShare 3.2; 3.1 won't work, and 3.3 has a trojan in it."
That's what's so entertaining about this setting. We have to teach them how to be secure without taking their way of working away from them. That's called "science, not IT, runs the institution." That's called "go ahead, be a bleeding-edge geek and work here; but don't expect someone who's been using Unix for 15 years to predicate her work on your toy because it's k3wl."
And yes, we've convinced 95% of them to use OpenSSH -- entirely by education; without BOFH (read: "fuckless IT asshole") tactics such as blocking Telnet at the firewall.
What, portscanning? In the U.S. at least, some courts have ruled it legal, whereas some courts have considered it an element of computer crime. I don't know what the case is in Italy.
Sure. Now, tell me how you'll secure this protocol from forgery -- so that when Joe Hacktivist gets pissed off at CNN kowtowing to Red China again, he can't just tell the world that CNN is scanning him and get them cut off the Net.
Think also of the sheer quantity of processing that is involved in maintaining routing tables now, and how fucked-up the Net gets when routers do stupid things or when rogue ISPs (like Above.net) propagate fraudulent routes as a mechanism of censorship.
Now, you may think, hey, free warez, porn, and movies ... but I'll bet you don't work for a site with a few hundred technically bright but security-dumb scientists. These folks like open FTP because it makes it easy to collaborate and share data, but they don't like having their disks fill up with blowjob MPEGs.
So if Tiscali can get its warezers and pr0nsters running Kazaa and shoving spyware onto each other's systems all day, maybe they will go away and leave my users' port 21 alone.