This is stupid. Why not just send some little blurb of out-of-band data 'open-says-me'. Why go through the whole sequence? Even a benign looking sequence of HTTP requests would be better.
This can be done by requiring that senders post a bond of say 1/10 of 1 cent per item sent.
I agree. It has to be a system where you submit money but aren't charged unless it's determined you're violating the contract.
For example, you could buy a digital certificate for $30 that gives you authorized access to any number of mail relays. If you're a relay you pay $100 to talk to other relays. If a certificate is identified as being responsible for sending spam it is immediately revoked (well, almost immediately) and you lose the money. As more and more users use these certificates the mail relays can begin to require them. A new backbone of clean-mail will eventually overgrow the old unprotected "dirty" network.
A silly detail that means we'll be stuck with x86 compilers longer. I would much rather the development be put into a compiler that will eventually pave the way for new and interesting things. X86 is holding us back in this respect.
...prying $20 from your thin wallet to buy Linuxant's DriverLoader
Man, that's a pretty strange wallet if you can afford a centrino wireless device but you can't scrape up $20. Small businesses must have an impossible time trying to sell software on the Internet. Have a peanut butter and jelly sandwich one night instead of ROTK again. If I had centrino wireless (and I came really close having bought a T30 a few weeks before the T40s) I would be delighted to pay $20. It beats bying the Cisco mini-pci module which I believe is the only alternative for the T40.
Problem is, $10 is a vast sum for many people in the world who perhaps use email at cybercafes without ever dreaming of owning one
Well in this case I think the cybercafe would have to provide the certificate. I think cybercafe users would expect the process to be easy. In which case it's the cyber cafe owners responsibility to ensure their users do not abuse the mail certificate. Abuse it and loose it. They'll get knocked off the mail server for a half hour while they buy another one.
All of this really depends on how quickly one can detect abuse. If someone can highjack one of these certificates and send 10000 spams before the cert gets revoked and that state get's communicated back up the credential chain and then down into other mail servers around the world then I admit my scheme won't work. But I think the technique for replicating information globally in a relatively short period exists (e.g. 5min).
I know this seems pedantic, but law is pedantic, and I'm thinking...
Pedantic means showing off your knowledge to the point of being unnecessary. So the law is not pedantic. This response is pedantic. Perhaps you mean thorough or exhaustive.
The bigger problem with this though is real mailing lists. Its easy enough to sign up for the countrpane newsletter on a lot of accounts (script), and then (again scripted) when a newsletter arrives hit the charge button.
Ok, how about this idea:
You pay $10 up-front for a digital certificate that works with any major ISP for 5 years. If it's abused, it's automatically revoked within minutes. If it expires or you've used up the $10 (presumably mail accedentally tagged as spam) then it's revoked with fair warning. When you subscribe to a mailing list you give them permission in advance using the certificate somehow. For example, you compute a hash with your private key that is then compared to a hash generated with your public key on the server. If the server picks the random data to be hashed that adds a little computational cost to the equation as well.
Now for really big mailing lists the major ISPs will relax this scheme a little. For example you only need to compute the hash once with a special cert (need a certain number of credible sponsors to get one) for your company/mail server.
So if a spammer tries to use one of these certs, wheather it be purchased or stolen, then can only send a small amount of spam before being detected. Certainly they would not see a positive return for their efforts.
What if I accidently type in "joe@yahoo.com" instead of "joel@yahoo.com" and joe decides I am spamming him? Should I be required to pay up becuase of a mistake?
Yes! Why would you care about $0.01 or whatever it is. In practice I suspect you would probably have to pay something up front anyway. For example, for $10 you get a digital certificate that works with any major ISPs mail server for 5 years. The minute it's abused it's revoked. Of course I don't know how it really works. I'd have to read the article first!
filters, expensive computation for e-mail and the digital equivalent to stamps, paid if the receiver considers he is being spammed
Uhm, I like this. So even if Gates himself writes the spec I would stongly encourage every MTA developer to implement these ideas even if it means loosing market share to Exchange. We need this.
Try using XSLT to generate troff. The CStyleX package will let you generate concise troff macros for GNU style C programming interface man pages (just like the screenshot on this page):
Actually the best part is that this will also generate HTML from the same source XML. And nothing prevents you from generting PostScript in the future or just about anything else for that matter. IOW you write XML run make and get man pages and HTML.
PS: The package hasn't been updated in a while. The latest man.xsl and ref.xsl transforms are in the libmba package cited on the page referenced.
Just send another rover ASAP. While you're at it, try the other side of the planet this time. There's nothing but red rocks at the Spirit site. I liked the landing part best anyway. Ok? Well I'm off for two full weeks of ice fishing in Montana and won't have any contact with the outside world whatsoever...
I don't think that these util classes can be used in anything that will be given away or sold because the Java Runtime Libraries are not GPL. In fact, I wonder if anyone other than the author can use them *at all*. Otherwise I could demand that the author produce the GPL'd source of the Java Runtime libraries. For example, I just looked and saw one of his classes uses java.util.ResourceBundle. So where's the GPL'd source for java/util/ResourceBundle.java? This lack of GPL'd class libraries is the driving force behind the Classpath project. It is also the reason why most Java Open Source projects are LGPL.
I've seen each of the LOTR movies *once* and I'm really exited about The Return of the King but I did not read the books and I'm having trouble keeping track of everything that's happening. I want to go into The Return of the King with a prepared mind so my question is; is there a good resource on The Internet regarding the characters, plot, middle-earth history, etc without spoilers that I can use to study-up beforehand? I would prefer something that references important passages in the books that cannot easily be communicated in film (e.g. the history of the relationship between Elv's and Humans).
I didn't realize how easy it is to actually pay someone with paypal. I have ~30 dollars languishing uselessly in my Paypal account. This guy wanted a meager 1 USD so I clicked on the little paypal icon and in literally 3 clicks the deal was done. This is how the web should work. Better yet, take 1 penny out of my Paypal account every time I visit your site 5 times in a week. After a good slashdotting that guy would get a nice bone for his work and I would make back my contribution many times in Yahoo! stock appreciation.
There are several seemingly small things that are actually pretty important. I'm sure others will chime in with the usual stuff but let me point out one that I find very important; process shared sepaphores and condition variables. Many serious applications are much more sophisticated than the traditional model of launching a process with all of the state it needs and then letting it run to completion. Today's applications need to coordinate access to data in shared memory between processes. You can do this with threads but then you cannot use different locales or uids in different threads. So basically LinuxThreads suck. That's been admitted and they're trying to fix that. But even the new implementation (based on their userspace file lock "Futex" thing) isn't up to snuff yet either. Solaris supports process shared semaphores and condition variables and it scales to many more than 4 processors which is about the limit of Linux (don't know about *BSD).
What about wall sockets? Considering their perpensity to start fires and the like I would think they're positioned to be in the top 10 list of technologies that need an upgrade. Certainly there must be a better connecter for home power.
So in one sense it is correct to say that X failed to define every conceivable data type that could exist on the clipboard, but failing to support images is an application issue.
I don't think X needs to support every conceivable data type in the clipboard but a little more super structure than XA_STRING, BITMAP, etc would go a long way. Personally I believe this should be supported by X simply because the concept of sharing data between applications requires coordination from a third party (X). The problem appears to be that it's just too late to add super structure when you have none to begin with. You would have to change the API or all applications that use the clipboard will break. Which is the bane of the bazarr (as opposed to the cathedral).
but there are many regular expression filters like this one. Note, with 2.x you need to use the 'mime_header_checks' directive rather than 'body_checks'.
If you want to send someone an executable, send it to them in a zip or tar.gz.
They also have an add about a "Secruity Whitepaper". I doubt they're crass enough to circulate that one today. Our IT guys stayed late to patch machines tonite.
Slashdot Mirror
This is stupid. Why not just send some little blurb of out-of-band data 'open-says-me'. Why go through the whole sequence? Even a benign looking sequence of HTTP requests would be better.
This can be done by requiring that senders post a bond of say 1/10 of 1 cent per item sent.
I agree. It has to be a system where you submit money but aren't charged unless it's determined you're violating the contract.
For example, you could buy a digital certificate for $30 that gives you authorized access to any number of mail relays. If you're a relay you pay $100 to talk to other relays. If a certificate is identified as being responsible for sending spam it is immediately revoked (well, almost immediately) and you lose the money. As more and more users use these certificates the mail relays can begin to require them. A new backbone of clean-mail will eventually overgrow the old unprotected "dirty" network.
A silly detail that means we'll be stuck with x86 compilers longer. I would much rather the development be put into a compiler that will eventually pave the way for new and interesting things. X86 is holding us back in this respect.
...prying $20 from your thin wallet to buy Linuxant's DriverLoader
Man, that's a pretty strange wallet if you can afford a centrino wireless device but you can't scrape up $20. Small businesses must have an impossible time trying to sell software on the Internet. Have a peanut butter and jelly sandwich one night instead of ROTK again. If I had centrino wireless (and I came really close having bought a T30 a few weeks before the T40s) I would be delighted to pay $20. It beats bying the Cisco mini-pci module which I believe is the only alternative for the T40.
Problem is, $10 is a vast sum for many people in the world who perhaps use email at cybercafes without ever dreaming of owning one
Well in this case I think the cybercafe would have to provide the certificate. I think cybercafe users would expect the process to be easy. In which case it's the cyber cafe owners responsibility to ensure their users do not abuse the mail certificate. Abuse it and loose it. They'll get knocked off the mail server for a half hour while they buy another one.
All of this really depends on how quickly one can detect abuse. If someone can highjack one of these certificates and send 10000 spams before the cert gets revoked and that state get's communicated back up the credential chain and then down into other mail servers around the world then I admit my scheme won't work. But I think the technique for replicating information globally in a relatively short period exists (e.g. 5min).
I know this seems pedantic, but law is pedantic, and I'm thinking ...
Pedantic means showing off your knowledge to the point of being unnecessary. So the law is not pedantic. This response is pedantic. Perhaps you mean thorough or exhaustive.
The bigger problem with this though is real mailing lists. Its easy enough to sign up for the countrpane newsletter on a lot of accounts (script), and then (again scripted) when a newsletter arrives hit the charge button.
Ok, how about this idea:
You pay $10 up-front for a digital certificate that works with any major ISP for 5 years. If it's abused, it's automatically revoked within minutes. If it expires or you've used up the $10 (presumably mail accedentally tagged as spam) then it's revoked with fair warning. When you subscribe to a mailing list you give them permission in advance using the certificate somehow. For example, you compute a hash with your private key that is then compared to a hash generated with your public key on the server. If the server picks the random data to be hashed that adds a little computational cost to the equation as well.
Now for really big mailing lists the major ISPs will relax this scheme a little. For example you only need to compute the hash once with a special cert (need a certain number of credible sponsors to get one) for your company/mail server.
So if a spammer tries to use one of these certs, wheather it be purchased or stolen, then can only send a small amount of spam before being detected. Certainly they would not see a positive return for their efforts.
What if I accidently type in "joe@yahoo.com" instead of "joel@yahoo.com" and joe decides I am spamming him? Should I be required to pay up becuase of a mistake?
Yes! Why would you care about $0.01 or whatever it is. In practice I suspect you would probably have to pay something up front anyway. For example, for $10 you get a digital certificate that works with any major ISPs mail server for 5 years. The minute it's abused it's revoked. Of course I don't know how it really works. I'd have to read the article first!
filters, expensive computation for e-mail and the digital equivalent to stamps, paid if the receiver considers he is being spammed
Uhm, I like this. So even if Gates himself writes the spec I would stongly encourage every MTA developer to implement these ideas even if it means loosing market share to Exchange. We need this.
The syntax for roff just sucks.
Try using XSLT to generate troff. The CStyleX package will let you generate concise troff macros for GNU style C programming interface man pages (just like the screenshot on this page):
http://www.ioplex.com/~miallen/cstylex/
Actually the best part is that this will also generate HTML from the same source XML. And nothing prevents you from generting PostScript in the future or just about anything else for that matter. IOW you write XML run make and get man pages and HTML.
PS: The package hasn't been updated in a while. The latest man.xsl and ref.xsl transforms are in the libmba package cited on the page referenced.
Just send another rover ASAP. While you're at it, try the other side of the planet this time. There's nothing but red rocks at the Spirit site. I liked the landing part best anyway. Ok? Well I'm off for two full weeks of ice fishing in Montana and won't have any contact with the outside world whatsoever...
Just because you're good at [stuff] doesn't mean that anyone who can't do those things well is inferior.
Actually...I think by definition it does.
I don't think that these util classes can be used in anything that will be given away or sold because the Java Runtime Libraries are not GPL. In fact, I wonder if anyone other than the author can use them *at all*. Otherwise I could demand that the author produce the GPL'd source of the Java Runtime libraries. For example, I just looked and saw one of his classes uses java.util.ResourceBundle. So where's the GPL'd source for java/util/ResourceBundle.java? This lack of GPL'd class libraries is the driving force behind the Classpath project. It is also the reason why most Java Open Source projects are LGPL.
I've seen each of the LOTR movies *once* and I'm really exited about The Return of the King but I did not read the books and I'm having trouble keeping track of everything that's happening. I want to go into The Return of the King with a prepared mind so my question is; is there a good resource on The Internet regarding the characters, plot, middle-earth history, etc without spoilers that I can use to study-up beforehand? I would prefer something that references important passages in the books that cannot easily be communicated in film (e.g. the history of the relationship between Elv's and Humans).
I didn't realize how easy it is to actually pay someone with paypal. I have ~30 dollars languishing uselessly in my Paypal account. This guy wanted a meager 1 USD so I clicked on the little paypal icon and in literally 3 clicks the deal was done. This is how the web should work. Better yet, take 1 penny out of my Paypal account every time I visit your site 5 times in a week. After a good slashdotting that guy would get a nice bone for his work and I would make back my contribution many times in Yahoo! stock appreciation.
What advantages does solaris offer over [FreeOS]?
There are several seemingly small things that are actually pretty important. I'm sure others will chime in with the usual stuff but let me point out one that I find very important; process shared sepaphores and condition variables. Many serious applications are much more sophisticated than the traditional model of launching a process with all of the state it needs and then letting it run to completion. Today's applications need to coordinate access to data in shared memory between processes. You can do this with threads but then you cannot use different locales or uids in different threads. So basically LinuxThreads suck. That's been admitted and they're trying to fix that. But even the new implementation (based on their userspace file lock "Futex" thing) isn't up to snuff yet either. Solaris supports process shared semaphores and condition variables and it scales to many more than 4 processors which is about the limit of Linux (don't know about *BSD).
Put down the mouse and put your hands on the monitor. Do it now!
A stoned beaver will rip through entire forests when it gets "the munchies".
Do people really run Exchange on the open Internet? I doubt it. If they do they deserve the consequences. Web mail maybe. Exchange no.
Someone help me. I think I died but I think my soul is trapped in cyberspace!
What about wall sockets? Considering their perpensity to start fires and the like I would think they're positioned to be in the top 10 list of technologies that need an upgrade. Certainly there must be a better connecter for home power.
So in one sense it is correct to say that X failed to define every conceivable data type that could exist on the clipboard, but failing to support images is an application issue.
I don't think X needs to support every conceivable data type in the clipboard but a little more super structure than XA_STRING, BITMAP, etc would go a long way. Personally I believe this should be supported by X simply because the concept of sharing data between applications requires coordination from a third party (X). The problem appears to be that it's just too late to add super structure when you have none to begin with. You would have to change the API or all applications that use the clipboard will break. Which is the bane of the bazarr (as opposed to the cathedral).
Except it doesn't. There's been several successful mail trojans in recent months that use a ZIP package
Then use this body_check expression:
REJECT Keep your executables!
It matches all Win32 executable binary formats.
It's a very good idea these days to just reject all executable attachments at "the gates" so to speak. I use postfix 1.1 so I added:
/etc/main.cf where the file referenced came from here:
c ks
body_checks = pcre:/etc/postfix/mime_header_checks
to
http://www.securitysage.com/files/mime_header_che
but there are many regular expression filters like this one. Note, with 2.x you need to use the 'mime_header_checks' directive rather than 'body_checks'.
If you want to send someone an executable, send it to them in a zip or tar.gz.
They also have an add about a "Secruity Whitepaper". I doubt they're crass enough to circulate that one today. Our IT guys stayed late to patch machines tonite.