Since all their software is not only proprietary but also "closed-source" so nobody can see the source code, automatically nobody can copy or include their sources into other software.
Unless of course, the person who wrote the software in question, for Microsoft, is also a Free Software author, who contributes to Open Source projects in his "non-work" time. In this case, the employee should be fired, and they should be ousted by the Open Source community immediately.
Don't think for a moment, that all Free Software authors are nice people, or that they don't have a grudge to carry, even against their "own" community.
When all you know about a person sending you a "patch" to fix an issue in your project, or add a feature, is their email address.... how can you validate that the code they've "written", didn't get yanked from some other place? How do you know they had the right to share the code in the "patch" passed onto you? How can you verify that it was written by them?
Funny. A couple posts up in this very thread you posted a couple of lines of sendmail config to do exactly this, bounce HTML mail. So which is it?
As you know, blocking mail at the MTA is not a bounce. "A couple of posts up", I posted a bit of a sendmail hook that blocks (i.e. rejects before receipt) mail with the Content-Type of text/html. That is not a bounce. I am not regenerating an additional email, which would be sent to an incorrect (in most cases, innocent) recipient.
Starting yesterday, my mail server has been thwarting an attack from 2,734 separate external machines, all trying to send a message to 3 non-existant users on 1 domain that I host which has 0 mail accounts, no website, and no users behind it. It's a registered domain pointed to my IP address, nothing more.
So far today, we've received 15,833 separate attempts to send mail from these 2,734 hosts that my server has blocked (with a quick virtusertable hook to send them 'nouser'). The number of unique external hosts has been slowly increasing. It was 1,633 at the end of yesterday, and has now grown to 75% more than that number, up to 2,734 as I type this.
THESE are bounces. Clearly someone has sparked off a trojan somewhere that was lurking inside a LOT of companies in a lot of machines (some of the domains are worldbank, dell.com, aol.com, etc., CLEARLY not spammers inside these companies, not THIS many of them) who are now trying to send this one message to these same 3 non-existant users at this 1 domain.
I just checked again, from the time I started typing this reply, and we're up to 2,746 hosts trying to send this 1 spam message to these 3 non-existant users.
So trust me, I'm well aware of the difference between blocking a message and bouncing a message.
While I could write all of your code for you, I won't. Note too, that we were talking about using Perl to un-SPAM the spam. At no point was it suggested by anyone, that one set of Perl, could solve ALL of the SPAM tricks proposed in the article. Each one requires special attention and testing.
That being said, maybe this will give you some more ideas. If I spend another 10 minutes on this, with the addition of HTML::TableExtract, I bet I could easily replicate that back as normal text again, in non-Slice-n-Diced format.
use strict; use HTML::Entities; use HTML::TokeParser; use HTML::Strip;
my %verb = (S => 4, # start tag E => 2, # end tag T => 1, # text element C => 1, # comment D => 1, # declaration PI => 2); # processing # instruction
my $p = HTML::TokeParser->new(\$content); my $nff_content;
while( my $t = $p->get_token ) { if ($t->[0] eq 'S' and $t->[1] eq 'font') {
my $attr = $t->[2]; delete $attr->{face}; my $attributes = join(" ", map {qq{$_="$attr->{$_}"}} keys %$attr);
yes, but then you'd have to write it down. Maybe you are a super genius at remembering 100-long alphanumeric + additional character passwords, but most of us are not.
Ah there you go, thinking linearly again. No, all I have to do is grab a biometric token, hash it, and add my (relatively short) password at the end of it, hash that, and there's my password. All I had to do was stick my thumb on a pad and type a password on the end of that. The hashing algo did the rest at sign-in time. Try reversing my DNA + fingerprint biometric + remembered password.
Regarding "storing" the DNA or biometric data anywhere, you don't have to worry about that, it's permanently stored anyway... on me.
Simply entering a password does not make something secure, and in fact, the Code of Federal Regulations (CFR21:11, specifically) states that you have to have 2 of 3 parts, to be validated and authenticated:
Something you have (key card, JavaRing, magstripe)
Something you are (biometric: fingerprint, retinal, dna stick)
Something you know (password, phrase, token)
Having just one of any of the three is not enough. Having two, guarantees one of two things:
I am the person authorized to use those credentials
I have conspired with that person to obtain those credentials
This would not work well because HTML::FormatText removes all the color and fonts that spammers are using to hide text and doesn't render tables.
Sigh.
If the text that the spammer is trying to hide is inside the html tags themselves, the user isn't going to see it anyway. What text are you referring to?
If the spammer uses something like:
<font color="#ffffff">HA!</font>
That would render as:
HA!
When converted to text, from HTML. It doesn't render "white on white" as spaces in text. Have you actually read the POD on the module in question?
And yes, it does convert tables, but if you want actual "pretty" tables, you'd want to use HTML::TableExtract anyway, for that. I use these modules quite extensively in a lot of functional perl code, where they are passed HTML'esque code, and I've never seen them miss any visible text, including white on white or text with interspersed comment tags between them.
All it takes is one disgruntled folding@Home grad student out at stanford to break even the most stringent password.
Except that I can generate a fairly small password (relatively speaking) that would be impossible to crack for all of the computers invented from the beginning of time, until the end of time, collectively, working as a distributed "cracking" collective.
Why?
Because processor power and computing power is currently finite, limited by the speed of the electron.
Until we find another way to push bits around that is faster than the electron, or find a way to get quantum computing to work in the real world (and not just in a lab, under microscopes), then it might be possible, but again, I can still create one larger than that, which would be unfeasible to crack.
Sure, you can crack it, but would you really care what information it held if it took you 1,000 years to crack?
Show me which RFC covers sending mail to someone that never sent you an email. You call this a "bounce", except that it isn't a bounce, because the mail never came from the person you bounced it to.
Have you been following the recent tricks that spammers use at all? Or are you just making this up?
While I agree, that a valid system, sending valid mail, with a valid Return-Path, Reply-To, and From (as well as "From:") header is completely legitimate to bounce, one where those fields are either missing, or invalid, should NOT BE BOUNCED.
Converting to plain text leaves them in, but they should actually be ignored.
Except that it doesn't.
Text is text, not color. I don't think you've actually tried this at all, so you aren't speaking from a position of knowledge. You aren't just "flattening" HTML, you're converting it to basically the equivalent of what a cut-n-paste in a browser view of the email would provide, i.e. text, and only text. Not comments, not color, not formatting. Text.
Where is the spec that defines color in 7-bit ascii text?
I know bouncing and sending a message is either stupid (confirming a live address to a spammer while bouncing it) or redundant (if it's not a spammer) but I can decide which is best once I know how to send a message, if I can.
Not to mention, you yourself could be seen as a spammer for bouncing messages back. I certainly hope you're not bouncing them back based on the "From:" line in the message headers, because 99.999% of those are forged now, and can quite-possibly be an innocent person's email.
If a spammer decides to use myrealname@mydomain.com to spam 100,000 people, and someone decides to bounce that "spam" back to the "sender" (which in this case would end up going back to me, not the sender of the spam), you can bet I'll be immediately reporting them to their ISP/provider for UCE, and their access will be cut, based on the AUP of their provider. Most providers do not tolerate spammers inside their networks, and it's strictly against their AUP.
So just be aware, if you happen to bounce a message that looks like spam, back to someone like myself, who is not sending you spam, do not be surprised when your internet access gets cut, or you get a call from your provider for being a spammer yourself.
Do not EVER bounce messages back. Ever. Not only is it wrong, it is inept, and you're not helping the problem. In fact, you're propagating it, and affecting the bandwidth of everyone else between you and the (incorrect) recipient of that bounced message.
And lastly.. to those who think they're going to outsmart those of us who report UCE and spam by configuring your mail servers to query my web server for every single message you receive I will configure the server to return positive results for any lookup from your mail server. Period.
You could also just take the HTML, run it through a series of Perl modules (XML::LibXML, HTML::Lint, HTML::Clean, HTML::FormatText, etc.) and return just the textual representation of the content itself, and then scan/score that.
Doing so would then compress whitespace, remove colors, and basically un-SPAM the SPAM. I do this for web content, which I need re-rendered as text-based articles before they are sent to the client. It's about 12 lines of Perl, and can be easily stuffed into a SpamAssassin milter. If you want some working code, feel free to contact me (I'm also for hire, so I can do this as c custom gig for you or your company).
In fact, you could probably put a small function in your milter to just strip all HTML entirely, before the client ever sees it. There's no need to use OCR (and the overhead associated with it) to handle this, just turn the HTML back into text. It works with foreign, encoded, obfuscated entities, and should be no problem to correct before scoring.
Re:I can't believe people mod this up
on
Qt On DirectFB
·
· Score: 1
Obviously you've never read up on the history of Jabber, developed by someone who was clearly still in high-school.
You might consider donating because we (as Free Software authors, although I am not one of the core Mozilla developers, I speak for the same community) have already donated to you, and to countless thousands of others, by providing something useful for you, out of our spare time, so your computing experience can be enhanced and/or improved.
Software (Free or otherwise) costs money, lots of money in fact:
Bandwidth to host the site that the project resides on, and not just web, but cvs and ftp space as well, to the tune of several dozen (or hundred) gigabytes per day consumed. Bandwidth is not cheap, and it's definately not getting cheaper.
Testing every new change, on various kinds of software platforms and configurations; Windows, Linux, BSD, OSX, and others.
Hosting the requisite sub-projects that might rely on the main project. In the case of Mozilla, all of the other XUL projects (Calendar, et al).
Domain names to point your browser to, including dozens of other parner domains (mozdev.org, etc.)
Hardware, machines, test boxes, routers, switches, networking equipment.
Backups, backup hardware (tape drives, CDR media and drives, RAID sets of drives).
Time. Time to test, time to code, time taken out of a normal day to deliver a high-class product you use, and rely on.
Many of us also have day-jobs, so the time we have left at the end of our "official" working day, is either divided up between our spouses, eating, sleeping, or coding. We're all spending our own hard-earned dollars out of our own pockets, to pay for all of the above, just to keep the project(s) going, and publically available to users like yourself. A contribution of $5.00 or more isn't going to cripple your yearly income.
So, if you feel that our time is not well-spent, to help your computing experience improve in any way, then by all means, do not donate. Just remember, that you have absolutely no voice when it comes to prioritizing bugs or bug reports or outstanding issues you want fixed in a product you don't care to return the favor of support for.
If you're unsatisfied, feel free to return it to the store for a refund of your full purchase price.
I almost forgot to mention, I don't run Red Hat, nor do I run distribution-supplied kernels. I always build from full, complete, pristine, upstream kernel.org sources, no patches.
No, I don't think so.. everywhere I read possible explanations to this problem, it mentions the machine being under load. I can boot the machine, do NOTHING on it, except load X, and try to open a terminal, and it will exhibit the behavior, under zero load. In fact, under VERY heavy load, it gets better, but the problem still exists.
In any case, 2.4 is SIGNIFICANTLY faster (20-30% faster, based on contest-0.61), so I'll stick with that. Like Apache 2.0, the 2.5 and 2.6 kernels aren't fully baked yet.
2.6.0-test1 is MUCH slower than 2.4.21 or 2.4.21-preempt-rml here. I see that the timing issues are still not fixed in 2.6.0-test1, and haven't been working since 2.5.68. I've reported this at least a dozen times to the appropriate people, with no fixes eminent yet.
To test this issue out, run Sawfish, and bind a key like Ctrl-Alt-B to a black-background xterm. Launch X, and run Sawfish. Hit Ctrl-Alt-B once and see what happens. It's consistant here across about 6 machines, all different hardware.. a 3-4 second delay, then anywhere from none to 4 xterms will open up. On 2.4.anything, it opens the xterm instantly, and only opens one of them, not 3, not none.
The other issue is that there's some underlying change in the TCP stack/net drivers that cause rsync and anything running over ssh/ipsec to fail with weird dropped-socket errors from the applications using them. Again, on 2.4, it works flawlessly.
It's very annoying, and both of these are blockers for me and most of the machines I'd be running this on. It happens with anything that involves keyboard shortcuts; menu accels, launched applications, keybindings, everything.
Changing to the different schedulers does not help; deadline, as, or cfq. 2.5.68 worked perfectly, and didn't have these anomalies, but every single kernel since that time, has had it. I've diffed, and I can't tell which of the dozens of changes actually broke this.
You know, the firewire disk driver. Man that thing has never worked 100%.
That's funny, because I've been happily using my QueFire firewire CDRW under Linux 2.4 and 2.5 with the native sbp2 drivers in the kernel tree for at least 2 years without a single hiccup, in about 10 kernels during that time, on one of my production machines. I've never seen a read or write error yet. Maybe IDE drives are different than the SCSI emulation layer, but I doubt it.
Why isn't devfs the default now - it's been working fine for ages - for me anyway.
Because devfs is exploitable, slow, and is being ditched by all of the Linux distribution manufacturers. As one former coworker of mine put it so well:
"Devfs is an over-engineered solution to a non-existant problem..."
Seriously though, you need to look at the new work going on, udev, a userspace implementation of devfs.
I don't know what version of Windows you have there, but a clean Windows2000 Professional and Windows2000 Server install, with clean Service Pack 4 on both of them, do not have this option, nor is it in the release notes.
Where did you find this option? It's not in Control Panel->Add/Remove, so where is it?
Two things, if he's collecting unenployment, it means he didn't leave under his own accord. Secondly, it often happens that a person can't find a job that pays as much as unenployment. Why work a meanial job when you look for a better one and get paid as much or more doing it?
Ahem, wrong. You can most-certainly get unemployment if you resign your job. You don't have to get fired or laid off to be granted unemployment.
I resigned my job back in November of 2001, moved across the country in seek of work, found nothing, and decided to apply for California unemployment (where my "job" was prior to my resignation). I was granted unemployment, and I've been on it for a few months now. Without it, I wouldn't be able to eat or pay the bills.
Why was I given unemployment, when I was the one who resigned? Because I joined the company with a specific set of skills, and after surviving 5 rounds of layoffs, 4 new CEOs in 2 years, and an entire gutting of the senior management team, the company changed directions into an area drastically different from the one I was hired to contribute to. I no longer had "Those" skills, I only had "These" skills. So I resigned.
I've been out of work since, 573 days total as of this post. After sending out 400-500 resumes and making dozens upon dozens of phone calls, without so much as a single response back from anyone (email, phone or otherwise), you realize that it's not going to get better, and it's not you that sucks, it's the job market that sucks.
If I were to get an offer for a job that paid less than unemployment (and I'm actually getting the max allowed by law, roughly $9.25/hour), I would have to turn it down, because accepting it negates my ability to retain my unemployment benefits, should that job not work out in a week or two. That's just the way it works, and unfortunately, there are a LOT of developer jobs hiring people at $8.00 and $9.00/hr now, because they think they can just pick from the barrel of the other 8% of us who are unemployed.
Just because we're out of work, doesn't mean we're whores.
And why anything with double-barreled extensions (.doc.pdf) are also killed
That's not going to solve anything, and you're actually blocking legitimate content, depending on your business structure. A period character, '.', is actually a valid and syntactically-correct character in a filename, even if Windows doesn't think so. Take for example: backup-06.06.2003.tar.gz
..even if the staff can't email screensavers to their friends.
Except now they'll just rename the.scr file to.doc, and tell their friends on the other side to rename it back. Or they'll just put it in a zipfile and send it that way. Users always blindly open zipfiles and double-click (cringe) the files found in side to open them, despite for years Microsoft telling you that double-clicking on executable files is not the way to install programs.
The other problem is that ALL sane operating systems use the file magic itself to determine what the file is. If a file is called MyDog.jpg, and is actually a document file, and not an image file, the sane OS opens it in a document viewer/editor, NOT in an image viewer. Windows, on the other hand, uses the file extension to determine file type, which is just plain braindead. If Microsoft were to fix this, extensions would be moot (as they are everywhere else, (save only for the human factor's associative abilities: "Oh, it has a.doc, it must be a document file!"), you would see many more infections happening with files like "ProjectProposal" (no extension).
The better solution is to associate a specific viewer, like Notepad, with viewing.pif and.scr files. This ensures that the user who may double-click the file, will see junk, and either call tech-support (which is a GOOD thing here, and notifies you that another virus/trojan is on campus), or that they shrug it off and delete the message (also a good thing). Also, making sure that your users' desktop machines are set to show extensions, so Foo.doc.pif (or Foo.doc.exe) is actually shown as Foo.doc.pif, not Foo.doc.
Never underestimate the stupidity (or intelligence) of your userbase. They'll blindly double-click file attachments and infect themselves (or others), or if you make it hard for them to send screensavers and "Frog-in-a-Blender" executable "games" to their friends, they'll find ways to work around it.
"Of course, my decision was really made for me this time 'round: I use a Mac at home, and Palm is the only company that really supports Mac OS"
Don't be so sure. Their partners are dropping Mac support like flies. Metrowerks has already dropped their Mac support for their CodeWarrior IDE for PalmOS development, orphaning off the Mac developers. Expect to see more and more of this in the very near future.
Thankfully, many of them are beginning to see that there IS still support for Linux, Unix, Mac/OSX, and Windows users, through a Free Software project called pilot-link, so they're moving in that direction instead.
Free, Open, Available, and most-of-all, friendly. Many things Palm and partners are not.
Actually, this has absolutely nothing to do with pilot-link. It has to do with the way USB on any hardware is handled. You have to make the physical electrical connection between Palm handheld and Cradle before the hardware (your computer) can see the device, map a driver against the device, and allow you to communicate across it.
That being said, the pilot-link maintainer (hey, that's me!) has fixed this in a pseudo-fashion by adding a sleep() loop in the latest CVS code that I can see, which means you can launch pilot-link first, or hit the HotSync button on your Palm/Cradle first, and it will "Just Work".
KDE's Kpilot works like this, Gnome has a similar application too.
Both of these tools, built on top of the libraries provided by pilot-link, provide their own daemon process; kpilotDaemon from KPilot in KDE-land, and gnome-pilot (gpilotd) in GNOME-land, which polls for device creation in/proc, and binds accordingly.
Other than being built upon pilot-link, these applications have nothing whatsoever to do with the pilot-link codebase. This means, for those who don't run GNOME or KDE (a growing percentage from what I understand), this is not an option, so they use pilot-link and J-Pilot (also built upon libraries provided by pilot-link).
Have you tried meeting up with us on irc for some "real-time" help? Check the pilot-link.org homepage for details (it's very obvious).
Have you read README.usb yet? It should get you started. I also have a bunch of HOWTO documents I've written that may also help you get things working.
Are you running 0.11.7 of pilot-link (which is required for USB to work with any of the other apps, KPilot, J-Pilot, gnome-pilot, etc.) I'll be releasing 0.11.8 shortly.
Is your kernel recent enough to support it? Use 2.4.20 or later, but not 2.5, if you want the most stable. Previous kernels had issues with the visor driver crashing, which have been resolved in 2.4.20 and later kernel versions.
Slashdot Mirror
Unless of course, the person who wrote the software in question, for Microsoft, is also a Free Software author, who contributes to Open Source projects in his "non-work" time. In this case, the employee should be fired, and they should be ousted by the Open Source community immediately.
Don't think for a moment, that all Free Software authors are nice people, or that they don't have a grudge to carry, even against their "own" community.
When all you know about a person sending you a "patch" to fix an issue in your project, or add a feature, is their email address.... how can you validate that the code they've "written", didn't get yanked from some other place? How do you know they had the right to share the code in the "patch" passed onto you? How can you verify that it was written by them?
Two words: You can't.
As you know, blocking mail at the MTA is not a bounce. "A couple of posts up", I posted a bit of a sendmail hook that blocks (i.e. rejects before receipt) mail with the Content-Type of text/html. That is not a bounce. I am not regenerating an additional email, which would be sent to an incorrect (in most cases, innocent) recipient.
Starting yesterday, my mail server has been thwarting an attack from 2,734 separate external machines, all trying to send a message to 3 non-existant users on 1 domain that I host which has 0 mail accounts, no website, and no users behind it. It's a registered domain pointed to my IP address, nothing more.
So far today, we've received 15,833 separate attempts to send mail from these 2,734 hosts that my server has blocked (with a quick virtusertable hook to send them 'nouser'). The number of unique external hosts has been slowly increasing. It was 1,633 at the end of yesterday, and has now grown to 75% more than that number, up to 2,734 as I type this.
THESE are bounces. Clearly someone has sparked off a trojan somewhere that was lurking inside a LOT of companies in a lot of machines (some of the domains are worldbank, dell.com, aol.com, etc., CLEARLY not spammers inside these companies, not THIS many of them) who are now trying to send this one message to these same 3 non-existant users at this 1 domain.
I just checked again, from the time I started typing this reply, and we're up to 2,746 hosts trying to send this 1 spam message to these 3 non-existant users.
So trust me, I'm well aware of the difference between blocking a message and bouncing a message.
Are you?
While I could write all of your code for you, I won't. Note too, that we were talking about using Perl to un-SPAM the spam. At no point was it suggested by anyone, that one set of Perl, could solve ALL of the SPAM tricks proposed in the article. Each one requires special attention and testing.
.= .=
That being said, maybe this will give you some more ideas. If I spend another 10 minutes on this, with the addition of HTML::TableExtract, I bet I could easily replicate that back as normal text again, in non-Slice-n-Diced format.
use strict;
use HTML::Entities;
use HTML::TokeParser;
use HTML::Strip;
my %verb = (S => 4, # start tag
E => 2, # end tag
T => 1, # text element
C => 1, # comment
D => 1, # declaration
PI => 2); # processing
# instruction
my $p = HTML::TokeParser->new(\$content);
my $nff_content;
while( my $t = $p->get_token ) {
if ($t->[0] eq 'S'
and $t->[1] eq 'font') {
my $attr = $t->[2];
delete $attr->{face};
my $attributes = join(" ",
map {qq{$_="$attr->{$_}"}}
keys %$attr);
$nff_content
"<font $attributes>";
} else {
$nff_content
$t->[$verb{ $t->[0]}];
}
}
my $decoded = decode_entities($nff_content);
my $hs = HTML::Strip->new();
my $clean_text = $hs->parse($decoded);
$hs->eof();
print $clean_text;
Ah there you go, thinking linearly again. No, all I have to do is grab a biometric token, hash it, and add my (relatively short) password at the end of it, hash that, and there's my password. All I had to do was stick my thumb on a pad and type a password on the end of that. The hashing algo did the rest at sign-in time. Try reversing my DNA + fingerprint biometric + remembered password.
Regarding "storing" the DNA or biometric data anywhere, you don't have to worry about that, it's permanently stored anyway... on me.
Simply entering a password does not make something secure, and in fact, the Code of Federal Regulations (CFR21:11, specifically) states that you have to have 2 of 3 parts, to be validated and authenticated:
Having just one of any of the three is not enough. Having two, guarantees one of two things:
Sigh.
If the text that the spammer is trying to hide is inside the html tags themselves, the user isn't going to see it anyway. What text are you referring to?
If the spammer uses something like:
That would render as:
When converted to text, from HTML. It doesn't render "white on white" as spaces in text. Have you actually read the POD on the module in question?
And yes, it does convert tables, but if you want actual "pretty" tables, you'd want to use HTML::TableExtract anyway, for that. I use these modules quite extensively in a lot of functional perl code, where they are passed HTML'esque code, and I've never seen them miss any visible text, including white on white or text with interspersed comment tags between them.
Except that I can generate a fairly small password (relatively speaking) that would be impossible to crack for all of the computers invented from the beginning of time, until the end of time, collectively, working as a distributed "cracking" collective.
Why?
Because processor power and computing power is currently finite, limited by the speed of the electron.
Until we find another way to push bits around that is faster than the electron, or find a way to get quantum computing to work in the real world (and not just in a lab, under microscopes), then it might be possible, but again, I can still create one larger than that, which would be unfeasible to crack.
Sure, you can crack it, but would you really care what information it held if it took you 1,000 years to crack?
Have you been following the recent tricks that spammers use at all? Or are you just making this up?
While I agree, that a valid system, sending valid mail, with a valid Return-Path, Reply-To, and From (as well as "From:") header is completely legitimate to bounce, one where those fields are either missing, or invalid, should NOT BE BOUNCED.
Except that it doesn't.
Text is text, not color. I don't think you've actually tried this at all, so you aren't speaking from a position of knowledge. You aren't just "flattening" HTML, you're converting it to basically the equivalent of what a cut-n-paste in a browser view of the email would provide, i.e. text, and only text. Not comments, not color, not formatting. Text.
Where is the spec that defines color in 7-bit ascii text?
Not to mention, you yourself could be seen as a spammer for bouncing messages back. I certainly hope you're not bouncing them back based on the "From:" line in the message headers, because 99.999% of those are forged now, and can quite-possibly be an innocent person's email.
If a spammer decides to use myrealname@mydomain.com to spam 100,000 people, and someone decides to bounce that "spam" back to the "sender" (which in this case would end up going back to me, not the sender of the spam), you can bet I'll be immediately reporting them to their ISP/provider for UCE, and their access will be cut, based on the AUP of their provider. Most providers do not tolerate spammers inside their networks, and it's strictly against their AUP.
So just be aware, if you happen to bounce a message that looks like spam, back to someone like myself, who is not sending you spam, do not be surprised when your internet access gets cut, or you get a call from your provider for being a spammer yourself.
Do not EVER bounce messages back. Ever. Not only is it wrong, it is inept, and you're not helping the problem. In fact, you're propagating it, and affecting the bandwidth of everyone else between you and the (incorrect) recipient of that bounced message.
And lastly.. to those who think they're going to outsmart those of us who report UCE and spam by configuring your mail servers to query my web server for every single message you receive I will configure the server to return positive results for any lookup from your mail server. Period.
I also use a set of other rules to block 'charset=koi', images, and other unnecessary attachments. YMMV of course.
Doing so would then compress whitespace, remove colors, and basically un-SPAM the SPAM. I do this for web content, which I need re-rendered as text-based articles before they are sent to the client. It's about 12 lines of Perl, and can be easily stuffed into a SpamAssassin milter. If you want some working code, feel free to contact me (I'm also for hire, so I can do this as c custom gig for you or your company).
In fact, you could probably put a small function in your milter to just strip all HTML entirely, before the client ever sees it. There's no need to use OCR (and the overhead associated with it) to handle this, just turn the HTML back into text. It works with foreign, encoded, obfuscated entities, and should be no problem to correct before scoring.
Obviously you've never read up on the history of Jabber, developed by someone who was clearly still in high-school.
You might consider donating because we (as Free Software authors, although I am not one of the core Mozilla developers, I speak for the same community) have already donated to you, and to countless thousands of others, by providing something useful for you, out of our spare time, so your computing experience can be enhanced and/or improved.
Software (Free or otherwise) costs money, lots of money in fact:
Many of us also have day-jobs, so the time we have left at the end of our "official" working day, is either divided up between our spouses, eating, sleeping, or coding. We're all spending our own hard-earned dollars out of our own pockets, to pay for all of the above, just to keep the project(s) going, and publically available to users like yourself. A contribution of $5.00 or more isn't going to cripple your yearly income.
So, if you feel that our time is not well-spent, to help your computing experience improve in any way, then by all means, do not donate. Just remember, that you have absolutely no voice when it comes to prioritizing bugs or bug reports or outstanding issues you want fixed in a product you don't care to return the favor of support for.
If you're unsatisfied, feel free to return it to the store for a refund of your full purchase price.
I almost forgot to mention, I don't run Red Hat, nor do I run distribution-supplied kernels. I always build from full, complete, pristine, upstream kernel.org sources, no patches.
In any case, 2.4 is SIGNIFICANTLY faster (20-30% faster, based on contest-0.61), so I'll stick with that. Like Apache 2.0, the 2.5 and 2.6 kernels aren't fully baked yet.
To test this issue out, run Sawfish, and bind a key like Ctrl-Alt-B to a black-background xterm. Launch X, and run Sawfish. Hit Ctrl-Alt-B once and see what happens. It's consistant here across about 6 machines, all different hardware.. a 3-4 second delay, then anywhere from none to 4 xterms will open up. On 2.4.anything, it opens the xterm instantly, and only opens one of them, not 3, not none.
The other issue is that there's some underlying change in the TCP stack/net drivers that cause rsync and anything running over ssh/ipsec to fail with weird dropped-socket errors from the applications using them. Again, on 2.4, it works flawlessly.
It's very annoying, and both of these are blockers for me and most of the machines I'd be running this on. It happens with anything that involves keyboard shortcuts; menu accels, launched applications, keybindings, everything.
Changing to the different schedulers does not help; deadline, as, or cfq. 2.5.68 worked perfectly, and didn't have these anomalies, but every single kernel since that time, has had it. I've diffed, and I can't tell which of the dozens of changes actually broke this.
If anyone has a solution, I'm all ears.
That's funny, because I've been happily using my QueFire firewire CDRW under Linux 2.4 and 2.5 with the native sbp2 drivers in the kernel tree for at least 2 years without a single hiccup, in about 10 kernels during that time, on one of my production machines. I've never seen a read or write error yet. Maybe IDE drives are different than the SCSI emulation layer, but I doubt it.
Perhaps you have bad hardware? A bad controller?
Because devfs is exploitable, slow, and is being ditched by all of the Linux distribution manufacturers. As one former coworker of mine put it so well:
Seriously though, you need to look at the new work going on, udev, a userspace implementation of devfs.
Where did you find this option? It's not in Control Panel->Add/Remove, so where is it?
You do realize why hammers cost that much, right? Because the extra cash is funneled off into black projects and undocumented research.
Ahem, wrong. You can most-certainly get unemployment if you resign your job. You don't have to get fired or laid off to be granted unemployment.
I resigned my job back in November of 2001, moved across the country in seek of work, found nothing, and decided to apply for California unemployment (where my "job" was prior to my resignation). I was granted unemployment, and I've been on it for a few months now. Without it, I wouldn't be able to eat or pay the bills.
Why was I given unemployment, when I was the one who resigned? Because I joined the company with a specific set of skills, and after surviving 5 rounds of layoffs, 4 new CEOs in 2 years, and an entire gutting of the senior management team, the company changed directions into an area drastically different from the one I was hired to contribute to. I no longer had "Those" skills, I only had "These" skills. So I resigned.
I've been out of work since, 573 days total as of this post. After sending out 400-500 resumes and making dozens upon dozens of phone calls, without so much as a single response back from anyone (email, phone or otherwise), you realize that it's not going to get better, and it's not you that sucks, it's the job market that sucks.
If I were to get an offer for a job that paid less than unemployment (and I'm actually getting the max allowed by law, roughly $9.25/hour), I would have to turn it down, because accepting it negates my ability to retain my unemployment benefits, should that job not work out in a week or two. That's just the way it works, and unfortunately, there are a LOT of developer jobs hiring people at $8.00 and $9.00/hr now, because they think they can just pick from the barrel of the other 8% of us who are unemployed.
Just because we're out of work, doesn't mean we're whores.
That's not going to solve anything, and you're actually blocking legitimate content, depending on your business structure. A period character, '.', is actually a valid and syntactically-correct character in a filename, even if Windows doesn't think so. Take for example: backup-06.06.2003.tar.gz
Except now they'll just rename the .scr file to .doc, and tell their friends on the other side to rename it back. Or they'll just put it in a zipfile and send it that way. Users always blindly open zipfiles and double-click (cringe) the files found in side to open them, despite for years Microsoft telling you that double-clicking on executable files is not the way to install programs.
The other problem is that ALL sane operating systems use the file magic itself to determine what the file is. If a file is called MyDog.jpg, and is actually a document file, and not an image file, the sane OS opens it in a document viewer/editor, NOT in an image viewer. Windows, on the other hand, uses the file extension to determine file type, which is just plain braindead. If Microsoft were to fix this, extensions would be moot (as they are everywhere else, (save only for the human factor's associative abilities: "Oh, it has a .doc, it must be a document file!"), you would see many more infections happening with files like "ProjectProposal" (no extension).
The better solution is to associate a specific viewer, like Notepad, with viewing .pif and .scr files. This ensures that the user who may double-click the file, will see junk, and either call tech-support (which is a GOOD thing here, and notifies you that another virus/trojan is on campus), or that they shrug it off and delete the message (also a good thing). Also, making sure that your users' desktop machines are set to show extensions, so Foo.doc.pif (or Foo.doc.exe) is actually shown as Foo.doc.pif, not Foo.doc.
Never underestimate the stupidity (or intelligence) of your userbase. They'll blindly double-click file attachments and infect themselves (or others), or if you make it hard for them to send screensavers and "Frog-in-a-Blender" executable "games" to their friends, they'll find ways to work around it.
Don't be so sure. Their partners are dropping Mac support like flies. Metrowerks has already dropped their Mac support for their CodeWarrior IDE for PalmOS development, orphaning off the Mac developers. Expect to see more and more of this in the very near future.
Thankfully, many of them are beginning to see that there IS still support for Linux, Unix, Mac/OSX, and Windows users, through a Free Software project called pilot-link, so they're moving in that direction instead.
Free, Open, Available, and most-of-all, friendly. Many things Palm and partners are not.
Actually, this has absolutely nothing to do with pilot-link. It has to do with the way USB on any hardware is handled. You have to make the physical electrical connection between Palm handheld and Cradle before the hardware (your computer) can see the device, map a driver against the device, and allow you to communicate across it.
That being said, the pilot-link maintainer (hey, that's me!) has fixed this in a pseudo-fashion by adding a sleep() loop in the latest CVS code that I can see, which means you can launch pilot-link first, or hit the HotSync button on your Palm/Cradle first, and it will "Just Work".
Both of these tools, built on top of the libraries provided by pilot-link, provide their own daemon process; kpilotDaemon from KPilot in KDE-land, and gnome-pilot (gpilotd) in GNOME-land, which polls for device creation in /proc, and binds accordingly.
Other than being built upon pilot-link, these applications have nothing whatsoever to do with the pilot-link codebase. This means, for those who don't run GNOME or KDE (a growing percentage from what I understand), this is not an option, so they use pilot-link and J-Pilot (also built upon libraries provided by pilot-link).
Have you read README.usb yet? It should get you started. I also have a bunch of HOWTO documents I've written that may also help you get things working.
Are you running 0.11.7 of pilot-link (which is required for USB to work with any of the other apps, KPilot, J-Pilot, gnome-pilot, etc.) I'll be releasing 0.11.8 shortly.
Is your kernel recent enough to support it? Use 2.4.20 or later, but not 2.5, if you want the most stable. Previous kernels had issues with the visor driver crashing, which have been resolved in 2.4.20 and later kernel versions.
Considered a donation to the project?
Good luck.