Slashdot Mirror


User: plover

plover's activity in the archive.

Stories
0
Comments
7,233
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,233

  1. Re:About time... on Netflix Sued Over Fradulently Obtained Patents · · Score: 3, Insightful
    What, because one patent troll sues another patent troll we should celebrate?

    Now, if someone were to invalidate all software patents, that would be a reason to celebrate. This is just the (hopeful) invalidation of two patents out of two million, and perhaps the spanking of yet another company acting evil.

    In the time it's taking me to write this response, I imagine three other software patents are being granted. Even if this moves forward (which it hasn't yet) we're still moving backwards.

  2. Re:I thought Broadband Was... on Broadband isn't Broadband Unless its 2Mbps? · · Score: 1
    I hate the mis-definition too. Broadband is a transmission technology, not a speed. The term itself seems to have been hijacked a while ago, probably by DSL marketing asshats originally lying about offering "Broadband speeds over your phone line!" Now everything faster than 56kbps (including EDGE and EV/DO wireless technologies which are in fact narrowband transmissions) claim to be "broadband."

    Some of the more amusing aspects about the legislation are that it leaves DSL out of the new definition (hopefully meaning an end to Quest's misinformation marketing campaign); and some of the oldest actual-factual broadband technology was only 1mbps, which no longer fits the new definition.

    A better approach would be to call speeds what they are, such as "7mbps", and drop the not-so-catchy names. If they feel names are more accessible than facts, at least use names that have no implied relationships. A chart of speeds could be like this:

    • Bob Speed - 0 <= 56kbps
    • Fred Speed - 56kbps <= 1mbps
    • Tom Speed - 1mbps <= 10mpbs
    • Jim Speed - 10mbps <= 100mbps
    That way when we need to market speeds faster than Jim Speed, we can create Barney Speed without invalidating any of the other terms. There's only so much Ultra-mega-giga-hyper-adjectivization the population can take.
  3. Re:Here's how it works from another perspective on How Image Spam Works · · Score: 1
    Maybe you just need some fresher spam.

    Take a look at Phishtank. They have plenty of fresh phish you can sample to see if the web sites are still up. Some of the submitted links are for spamvertisements, and not just phish, so you can sample what's currently out there.

    The other thing is that the merchants and the spammers don't always speak the same language, and the merchants are pretty stupid. They may send an email saying something like "Ill pay you too send a emale for sellign viagar?" The spammer simply pastes his request letter into his spam engine and charges the idiot's credit card $60. The rest of us get spammed with letters that read exactly this: "Ill pay you too send a emale for sellign viagar?", the spammer gets his $60, and Cletus wonders why he's not selling any viagra.

  4. Re:Here's how it works from another perspective on How Image Spam Works · · Score: 1

    How do you find a "spammer" to hire?
    Google for bulk email services. The first couple of links will get you in touch with companies who will get you in touch with companies that provide lists of companies that offer bulk email services.

    For a price. Hey, nothing's free.

    Can't the DOJ pretend they have a case of Viagre to sell?
    Apart from the fact that the people who decide what cases to pursue are too busy protecting their own jobs to chase spammers, there's a couple of problems that get in their way: entrapment laws, and national boundaries. Asking someone to do something illegal constitutes entrapment. And since the net doesn't respect national boundaries, a cut-out company located in Russia or Estonia can completely block an investigation. I'm not saying they can't be caught, just that it's very tough to do it in a legally sound way.
  5. Re:The scourge of broken web sites on How Image Spam Works · · Score: 1

    Thanks, I got that one, that's the bit with the pictures. What I can't get is page two of http://csoonline.com/read/040107/fea_spam.html the actual article itself. I've even tried in an unmodified IE, no dice.

  6. Re:Here's how it works from another perspective on How Image Spam Works · · Score: 5, Insightful
    You have to look at the business of spam to understand why it hasn't gone away yet.

    There are actually three parties involved in spamming: the merchant, the spammer, and the victims/recipients. The merchant is the trailer trash dude who fished a case of expired viagra out of some pharmacy's dumpster. He wants to sell it online and make a fortune. So he hires a spammer who agrees to send out 10,000 emails for $60.00.

    Whether or not the merchant makes a single sale has no effect on the spammer. The spammer made his money just by sending the crap emails out. And the supply of idiots with get-rich-quick schemes is virtually infinite, guaranteeing the spammers a never-ending stream of fools willing to hand them $60.00 apiece.

    This means we'll probably be fighting spam until the world runs out of greedy idiots.

  7. Re:A thought on How Image Spam Works · · Score: 1

    RTFA. A big part of the article is devoted to the images being split up, animated and fuzzed (just like CAPTCHAs) so they can dodge OCR based spam filters.

  8. The scourge of broken web sites on How Image Spam Works · · Score: 1
    Grr. I'd like to read TFA, but it's telling me to "turn the page". Viewing the source yields a commented out navigation section that contain broken links. The printable page is broken. Even the "mail this page" link is broken.

    I'd like to believe that the submitter of an article at least read TFA, but now I'm not so sure.

  9. Re:Typical Microsoft response on Malware Hijacks Windows Update · · Score: 1
    Who said they changed any system files? This particular exploit is simply piggybacking on the authority of an OS service, but it sure didn't have to change anything to make it work.

    There are provisions in Windows for injecting a DLL into a currently running process (SetWindowsHookEx). The malware author could simply set the hook, which would inject code into this other process. He could then use the hook as a proxy to do his data communication without tripping the Windows Firewall. BITS is a good choice because anyone getting updates already has a hole poked in their firewall for it.

  10. Re:Makes me wonder . . . on Malware Hijacks Windows Update · · Score: 2, Insightful

    . . . why didn't this happen before? Did it happen before and just now somebody found out?
    Well, that's exactly the problem with undisclosed vulnerabilities. You never know if someone has used them before or not. At least publishing a vulnerability will make sure that if someone was exploiting it, they'll be out of business once it's patched.
  11. Re:0,16% on Click Here To Infect Your PC! · · Score: 1
    It also could be the "loyal fan base" clicking because the page begged them to. How many pages have you been to that have asked you to "Please click on our advertisers!" Have you ever done so out of sympathy for the page owner as opposed to interest in the product being advertised? Would you always study those ads before clicking on them?

    Yes, Occam's razor does suggest that these are the stupidest of the stupid, and that Darwinism is desperately trying to drive them offline. But I wanted to point out that it's not an all-or-nothing proposition, and that there are other rational explanations that could account for a few percent of those clicks.

  12. I had a Magnavox Odyssey growing up on Videogames Turn 40 · · Score: 3, Interesting
    My dad bought us one of the Magnavox Odysseys based on the AY-3-8500 chip. It was all monochrome, and wasn't nearly as cool as an Atari, but I hacked that thing to pieces, replacing pots with different values, adding additional game switches, and having fun.

    And now this article comes out.

    Jeez, I'm old.

  13. Re:aren't you special? on Botnet Mafia in Online Turf War · · Score: 1

    I'm still firing off email to random people looking for me one true e-pen-pal.
    Good luck with that. By the way, you might get more replies if you dropped the pretense that you're a Nigerian prince, trying to escape the country with a fortune ...
  14. Re:Alter their paths? on Hurricane's Eye Reveals a New Power Source · · Score: 1

    Of course, what would really be beautiful would be investment in infrastructure to limit the damage caused by these storms and improve evacuation routes combined with a gigantic beating with the common sense stick for those who choose to live along areas where hurricanes can hit but also choose to not prepare at all for the inevitable storm.

    I think the insurance companies hold the big stick, and they need to start swinging it hard. I'm paying for hurricane damage through my homeowner policy rates, and I live in Minnesota! Why should I be covering someone who takes out insurance on a grass hut on the beach, or doesn't bother to shutter their house, or who builds in a below-sea-level swamp? I'm fine with paying if everyone else expresses as much common sense as I do, but when someone builds crap and places it directly in harm's way, I shouldn't be responsible for their stupidity.

    When I buy a life insurance policy some nurse comes by, takes my blood pressure and pulse, and takes a sample of my blood to presumably test for conditions indicating I might die soon. Why don't the homeowner insurance companies do the same thing? I'd expect them to stop by, look at each home's construction, and make sure the owners have hurricane shutters or at least a pile of plywood for covering their windows before writing them a policy. If someone wants to insure that grass hut on the beach that's fine, but they need to pay roughly half the cost of the house annually in premiums, because I sure don't want to pick up that tab.

  15. Re:Predicting? How about controlling? on Hurricane's Eye Reveals a New Power Source · · Score: 1

    Unfortunately, no. Hurricanes are way too big and generate way too much energy for us to have an effect. This [noaa.gov] will answer all of your questions about trying to destroy hurricanes.

    Thanks. In one of your linked article's FAQ answers, I found this very relevant quote from the NAS's conclusions from 1985:

    A special committee of the National Academy of Sciences concluded that a more complete understanding of the physical processes taking place in hurricanes was needed before any additional modification experiments. But isn't the point of TFA pretty much that we now have exactly that: "a more complete understanding of the physical processes taking place in hurricanes"? So do we now know enough to try again?
  16. Predicting? How about controlling? on Hurricane's Eye Reveals a New Power Source · · Score: 4, Informative
    I understand that predicting hurricane strength and path is important for evacuations and hurricane preparations, but how about some research on disrupting hurricanes?

    Is there a way to break up these moisture exchanges that "fuel" the hurricane (the article used a rather poor analogy about 'raising octane')? Like we do with forest fires, can we do some creative cloud seeding to either reduce their intensity, or perhaps alter their paths away from densely populated areas?

  17. Re:Their arguments: 1-5 on Should Vendors Close All Security Holes? · · Score: 1

    Chances are if the software developers know about an exploitable bug, so do the crackers.

    First, employees (including software developers, but can include anyone from the testers to management) that know about an exploitable bug and don't report it should get fired. It's irresponsible to your company's owners to risk their products and their reputation because you don't think it's important, or because you want to have a back door. Not that it has to be fixed immediately, but it needs to be reported and tracked so it can be scheduled to be fixed.

    I disagree with your assumption that crackers know as much as the developers, at least not initially. Once the developers fix a bug, though, the crackers test exploitable patterns based on the fix, and that's how they can get ahead in the game. And that's one of the main points the author raises: by releasing a patch-at-a-time, those big-picture attacks can get ignored in the rush to publish the fix. Sure, you may have shut down the SQL injection attack on the username query, but what about on the password query? What about on the quantity query? Upon seeing a fix for SQL injection, a smart attacker will try SQL injection attacks throughout the code, or will try variations on the attack, hoping the coder carelessly fixed only the immediate problem of an ASCII quote and not a UNICODE-8 quote.

    Roger Grimes is fond of pointing out that "Security through obscurity works in practice." And he's right, to a certain degree. Don't do the crackers work for them. You still have to fix the problems, but you shouldn't have to do it under the gun if you can avoid it.

    Finally, what I read the company's point of view was this: we won't release the fix until the next release of software, not that they wouldn't publicize it upon the next release.

  18. Re:aren't you special? on Botnet Mafia in Online Turf War · · Score: 1

    If you're one of those, take a few of the cycles that you're spending cleaning out your inbox and think of a practical way to halt spam. Share it.

    That'd be nice, but it's not possible. Unfortunately, every spam solution proposed fails for one or more of the reasons in the canonical spam solutions checklist, quoted below. I'm not intentionally being obtuse, I'm just saying that there are conflicting goals that prevent spam from being a solvable problem. For example, the rest of the world is (wisely) not going to let the U.S. dictate the future standards for email, but the current U.S. government is not going to accept a foreign-born solution that doesn't include provisions for NSA spying.

    I understand completely why some people think email is useless to them. But it is not useless to the rest of us; only a very tiny minority of people are willing to give it up simply because of the S/N ratio. Some of us fight it with technological means, others who are technically unable to do so typically live with it. But pronouncing email dead because you personally haven't figured out how to cope with spam is like saying BSD is dead because you switched to Linux. Even my sister figured out that she could get a new email address and avoid the spam mistakes of her past -- and I have to believe that every slashdotter is more net-savvy than she is.

    Right now, the best defense against spam is to kill these botnets. Let them have their turf wars for now, hardening their own networks against attacks from each other. Any defenses they add are better than the soft targets they originally were. Meanwhile, if the operators do get rolled up, their networks could be shut down for good, and would present no convenient targets to the other botnet operators.

    Your post advocates a

    ( ) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    ( ) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    ( ) It will stop spam for two weeks and then we'll be stuck with it
    ( ) Users of email will not put up with it
    ( ) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    ( ) Requires immediate total cooperation from everybody at once
    ( ) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    ( ) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    ( ) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    ( ) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filterin

  19. Re:Trying to care on Botnet Mafia in Online Turf War · · Score: 1

    Who starts those damn things anyway?

    Oh, kids who want a million emails, pranksters who want a million emails sent to their friends, wannabee Ponzi scam artists, desperate people, bored people, people with only one kidney, misguided do-gooders, spammers, evangelicals, gullible people and racists.

    Any malicious-minded person can start one; all they have to do is think of a money-making scheme or collect a few racist thoughts, combined with a few gullible people on their contact list they're good to go.

    I think a lot of them are started by good intentions (somehow littering the road to Hell with spam seems appropriate): "Joe told me he saw this thing on the news where a guy got shot by a gang after flashing his headlights! I better tell my sister-in-law not to flash her headlights!" who forwards it to her mother, who forwards it to her card club, who forward it to their churches and scout troops and families and work friends. It doesn't take too many forwards before it snowballs.

    I did find that after replying to half a dozen of these with a link to a Snopes article debunking the chain, plus a caution to think about how stupid it sounds for Bill Gates to give away a thousand dollars per email that I'm not getting nearly as many as I used to. That tells me that either I'm making a positive change in the way people think about this crap; or that my relatives are removing me from these stupid lists because I don't play along. Either explanation works for me. :-)

  20. Re:Trying to care on Botnet Mafia in Online Turf War · · Score: 1

    I did start getting a few stock pump image spams after I used my work address to register and download some drivers from iomega.

    Even for things like this at work I use sneakemail.com. Iomega may not be spammers (or maybe they are?) but that doesn't automatically make their web site or registration site secure.

    Of course, it could just be bad timing, too. Another useful thing sneakemail has shown me is that the vast majority of the spam I get is harvested from email chains, not from malicious web sites. "I just got this emailed guardian angel, I better forward it to everyone in my whole contact list so it can get its wings!" (And I'm just the unfortunate nephew on the contact list.) Someone eventually posts it with all of the cc: addresses to the alt.hallucinations.guardian.angels newsgroup, and that's all the spam address harvester needs. And while you may treat your work email and your home email separately, there are undoubtedly some work people who have you in their email contact list who don't exercise the same caution.

  21. Re:aren't you special? on Botnet Mafia in Online Turf War · · Score: 2, Interesting

    Part of my point was that we don't really need e-mail. ... We shouldn't get too worked up over botnets fighting.

    I assume you mean "we" as in the "my family and I" sense; because you certainly don't speak for the rest of us. 27 years ago an emailed message led to me meeting my wife, an event that I personally consider very important.

    Just because you don't find email useful doesn't make it useless to the rest of us.

    Apart from the spam aspect, botnets are also used to stage attacks on all manner of targets. Extortion schemes, phishing, adware distribution, web site hijackings, identity thefts, and more botnet recruitment attacks are just some of their malicious payloads.

    It's likely these criminals do affect you. If you shop on-line, you're probably taking precautions against having your credit information stolen by one of these attackers. And if you don't go shopping on-line, it may be because you're afraid that one of these attackers might steal your credit information. In either case I doubt that you avoid shopping on-line because you're a Luddite, or because you're unable to figure it out -- there are very few of those kinds of people posting to Slashdot.

  22. Re:Mr Spoons on Electronic Frontier Foundation Sues Uri Geller · · Score: 2, Interesting
    I'm not so sure that money was as big a waste as you believe it to be.

    Geller heralded a flood of legitimate parapsychological research. Not that the subject itself was legitimate, but the science and the studies were. Virtually every one of them proved psi, ESP, etc., to be nonsense, with a few notable exceptions that were themselves proven to be flawed studies. The end result is more people are now better educated about the chicanery.

    Sunshine is a great disinfectant.

    Don't get me wrong, it's not like there's been a battle that was won. There are still plenty of people who will continue to fall for these tricks, out of desperation or ignorance. But the chances are better than they'll be acquainted with someone who can recognize the scam for what it is, and hopefully correct them before they've squandered too much time or money on the scammers. That would be a big social benefit.

    In a way, this is like any other case of social engineering, like phishing. Before phishing became so common, people would easily fall for any trick email that came their way. Now, thanks to the visibility of the exploits, many more ordinary people are more suspicious than ever about seemingly ordinary things that used to be exploited. The result is the doors are more tightly closed to the crooks. That doesn't make phishing (or lying about your non-existent psychic abilities) right, but we now have a generally more wise population as a result.

  23. Re:Defamatory on Electronic Frontier Foundation Sues Uri Geller · · Score: 1
    Wait ... wait ... listen for it ... here it comes .... ssss ---- WHOOSH!

    That was the joke, going 0.95 Mach just above your head.

  24. Re:Premature Especulation on Bill Bans NSA Eavesdropping · · Score: 1
    Except signing statements do not have the force of law, contrary to what the malefactor-in-chief seems to think. Signing statements may be used by the courts during judicial review to figure out what the intent of the law was, or what the executive thought of them, but the signing statement itself can't actually change the law as written by Congress.

    Of course, the smirking chimp in charge has proven time and again that he has no respect for the laws or the citizens of this or any country, and since he has his own branch of government with which to strike down naysayers, what he says goes. For now. The best we can hope for is that Congress will keep him wrapped up in all these scandals of his own making, distracting him from furthering his agenda.

  25. Re:Hello Bug Me Not on NY Times To Data-Mine Its Visitors · · Score: 1
    Oh, I see.

    Regarding BugMeNot, it's brilliant. As far as easy to use, I have the Firefox extension. It reduces using BugMeNot to a simple a right click on the username field (or whatever) and select "Login with BugMeNot." It automatically fills in the username and password, and submits the signon request. It saves me the time of going through the signup process with a null or fake email address, and it saves even more time and trouble when the signup process requires email confirmation.

    If I'm wanting a bit more uniqueness than BugMeNot provides, I frequently use the Mailinator. It doesn't require me to create a throwaway account in advance, I can make up any address I like on the fly, such as player@mailinator.com, then I go and check their web site to answer the signup confirmation email. Don't use this for anything secure, as there is no security!

    Finally, for those sites where I really do want to have a long term relationship (like Slashdot), I use Sneakemail to create a unique email address. If the website proves untrustworthy, I just delete that email address. I've had some Sneakemail addresses for over five years now!