... it was jazz, then it was too much television, then it was rock and roll, then it was metal music, then it was role playing games, then video games, then too much time playing on the computer, then too much time on their cell phone....
Who knows what they'll try to blame troubled youth on in the next generation?
I will agree that ideally we want to a K.I.S.S. approach, but in actuality the solution I suggested has only one extra level of complexity over even a straight reverse lookup approach. This complexity is only required because there are lawful and legitimate uses for spoofing, as I mentioned previously, and that the admittedly much more straightforward approach of just routing through the spoofed exchange would place an additional burden on that exchange because it must manage that connection for the duration of the entire call instead of only for a few moments which would not be scalable to handling commercial call volumes.
Obviously a small mom and pop shop would not have a problem with it, but then the small mom and pop shop isn't going to generally have to be spoofing a number that isn't on their own exchange in the first place. If they are, then then the distant exchange is still going to need to verify that the caller that wants to route through it is coming from where they say are, which requires an additional reverse lookup at that location, and is actually no simpler than the system I described anyways.
The scammers, meanwhile, are left quite high and dry. They cannot forge a number that you cannot call back, since a reverse lookup would fail, and they cannot forge a real number that isn't actually on the exact same directly connected exchange as they are, because otherwise when your exchange does the reverse lookup, it wouldn't get any response from the exchange that it tries to talk to.
Yes, that sounds fully sensible: someone calls a (potential) customer, only to have that (potential) customer, when he calls back, land somewhere far away from the caller.
Sarcasm noted.
However, yes... it is fully sensible. There is nothing wrong with a company wanting its 1-800 number to show up instead of some direct-dial line. And if the caller's direct dial-out line might not even be in the same city as the recipient, how would presenting that number be a win for the receiver? The idea of routing a call through that location's own switchboard would only be practical for very small numbers of calls. Ultimately, I'm afraid it would not very scalable to handling commercial call volumes, because it would invariably overload the call centers where the main office is, since all calls would have to be routed through it, and that burden would have to remain for the duration of the entire phone call, as opposed to just a few moments of brief data exchange needed by the system I described.
And note that in the system I described while allowing such spoofing introduces much more complexity (in particular, it requires that the spoofed number exchange, if any different from the caller, the caller's exchange, and the receiver's exchange all support the protocol), it closes virtually all and does not further introduce any additional vulnerabilities to illegitimate spoofing. If the carrier that is directly connected to the caller is still going to allow illegitimate spoofing, then there is nothing that can be done directly, but the only numbers it will be able to spoof are those that would be routed through it if the destination were to call the number that is being presented as the caller. Since the caller cannot actually control that route, the only exchange this could safely be in all cases is going to be a real phone number that is directly connected to the same exchange as the actual caller (since if it is not a real phone number, there is no guarantee that the reverse lookup would pass into the same exchange). This would tend to place a hard cap on the number of phone numbers that could be so spoofed, and they could eventually be easily filtered or blacklisted.
Yes, but we do not know if the human programmer intuition is behaving non-deterministically or not (even if the universe is deterministic, it can be shown through a paraphrasing of the halting problem that non-deterministic systems could theoretically exist within it without violating any underlying deterministic nature, thereby allowing for the existence of things like free will).
We're getting a bit OT, but in that particular case, the term I believe a lawyer would use is here "unconscionable terms". Such parts of the contract would not be sustained in any law abiding court anywhere in North America.
Oh, as a caveat... this could be worked around if the caller spoofed its number as a number on the same exchange as its own, and the caller's carrier was willing to always answer "yes" to any query, but because these calls can be isolated to always being from particular carriers, they should be fairly easy to filter out.
First of all, it is important to realize that there can, in fact, be legitimate reasons to spoof a phone number... for example, calling from a direct dial out line for a business, but wanting the main business head office number to show up on the caller ID instead, which might even be located in a different country or state.
So given that, much of the problem becomes how to enable spoofing where it is legitimate, but to not present a spoofed number as the caller when it is not.
A carrier, when receiving a call that is on its own exchange always knows the exact number that is being called from (we will call that phone number A), the number that is being called (we will call that phone number B), and also knows what number the caller is wanting to spoof as (if any, which we will call phone number C). Whether the caller is trying to spoof or not, the carrier for A adds a temporary entry int a local cache that tracks outgoing calls, indicating that it is making a call from A to B. This entry is kept alive only for a minute or two at most before being deleted.
If the caller does not want to spoof, then assume that C = A, and the remainder of this paragraph can be ignored. If the caller wants to spoof, then the following additional steps must be performed. The carrier for A tries to tell the carrier for C that it wants to use that carrier to spoof to spoof, making a call to #B. This request might pass through a number of other carrriers, so let us assume that the carrier for C sees the number that is calling it as X, since it is possible that the carrier for A, or any intermediate carrier might be conspiring to spoof. If the carrier for C allows the number X to be spoofed with C, then the carrier for C will then ask the carrier for X if it is presently making a call from X to B. If it does, then it adds an entry in its own cache that it is making a call from C to B. If the carrier for C does not recognize X as a number it can spoof for, then the request is ignored entirely, and the carrier for C will not do anything. Please note, that if X has been illegitimately spoofed, but X is still legitimately recognized by C as being a number it can spoof for, then the carrier for X as reached by C will not issue any response, so C doesn't have any obligation to add an entry to its table in that case.
Whether or not the caller from A is trying to spoof, the carrier for A concurrently rings the carrier for B. The carrier for B, seeing the number C as being the number claimed to be called from, asks the carrier for C (as seen from B) if it is currently making a call to B. If the answer is yes, then the number shown in call display can be assumed to be valid. If C does not respond, then no number should show up.
This whole verification process should take a few seconds at most, and can happen concurrently with the ringing of the line. A person who answers quickly might not get a verified caller ID until after they have already picked up the phone.
The cached entries, as I said, are temporary, and are individually deleted after being present for a short time (one or two minutes would likely be enough time to be sure that the call is really valid).
This is just something I came up with when I had some spare time and thought about it while I was taking the bus to work one day.... there might still be vulnerabilities, but I wasn't able to find them..
Uh, sure.... except they were talking about Facebook, not a singles or dating site, hookup site, or porn site... and, in particular, people searching their own *friends*, not strangers' pics.
Maybe I am a prude, but I seriously had no idea that using Facebook in this way was actually a real life thing until seeing this. In retrospect, I know I shouldn't have been all that surprised, but that didn't mean it was something that I'd have actually ever imagined real people doing.
The "victims" aren't likely to sue, because the supplements don't typically make any existing conditions actually any worse than they already are. The companies that market these products also do not typically offer any statement to the effect that their claims about being an effective treatment for some disease or condition are medically proven or the like. They may even already explicitly state that their product should not be taken as any sort of substitute for following medical advice, but may be taken concurrently with it.
While nobody can deny that there is no scientific evidence that products that make outrageous claims of being able to cure or treat diseases that we have no actual medically approved solution for, the claims they might make that their products *CAN BE* (very key words there) an effective treatment for some condition or disease, and while they can encourage its use, as long as they also explicitly state that it should not be taken as any sort of actual replacement for following medical advice, their claims would remain unfalsifiable, and as such not really in the purview of the FDA, and possibly even a first amendment right. All the FDA could do, then, is issue warnings to the general public about such products, advising them that the products have not been tested or verified, and that they use them at their own risk. This could have a significant impact on the company's sales, but they still might not care if their cost of production is low enough and they can still make a profit.
Well, he did mention the "birds and the bees"... call me old fashioned, but I'd generally think that a person is going to have at least some amount of romantic (as opposed to platonic) attraction to whoever they decide to mate with.
And why limit to a single friend of the female gender ?
My bad. Monogomy is the social norm for human beings, so I may have overgeneralized.
And on that subject, I wouldn't have figured a person to be so without as to not know who a friend is that they had some sort of romantic interest in that they couldn't simply search for photos directly on the person's name. I'm underwhelmed.
Okay.... I guess. But when I am trying to recall someone I've met, the first thing that I might try and use to figure out who it was is where I had seen that person or when, not what sex they are. The idea of cataloguing someone's sex as an attribute that you'd even bother to use for search criteria for someone you know seems weird to me... about on par with cataloguing which of my friends are left handed vs right handed, for example... and I had to seriously think for a while to come up with that comparison. Honestly, I would have had no idea it was a thing if I hadn't seen this story.
While I can understand wanting to look for photos of friends, what possible reason could someone have for only wanting to see pics of their male friends or female friends? If they have someone in mind, they can search for pictures of that person.
But I can think of precisely zero cases where I would want to discriminate which photos I wanted to see of my friends based on their gender.
So am I out to lunch here? Can someone explain why this should actually even be a thing?
Either the class of programs for which this would work is so narrow as to be practically useless for most people or they have effectively claimed to have solved the Turing Halting Problem.
There's nothing mean spirited about it... the idea is to make the consequences severe enough that many young people will simply not even try, or if they do, then eventually come to regret that choice because of the consequences, and learn as they become adults that the measures were actually there for their own welfare.
The thing here is that they don't actually outright *say* that their stuff will cure the disease, they only say that it *can* cure the disease, or has been recorded as being an effective treatment.
The fact that the evidence to support their claims is purely anecdotal is irrelevant, it's not really an objectively provably false claim.
Any more than it's possible to prove that god doesn't exist, for example.
Choices like that don't merit a death penalty. The consequences they will have wrought upon themselves for it will be plenty severe enough.
The idea isn't to be "sure", it's to provide a sufficiently discouraging penalty so that people will generally *choose* to not go and do it, even if the only reason they are avoiding it is because they are afraid of the consequence. By the time they are adults, hopefully they will have come to realize that such measures were actually in place for their own benefit. If it takes directly experiencing some really harsh consquences to get them to that point if they do decide to infringe, then why is that so bad?
Seriously, if you think that what I've described is no better than simply killing them, then you do not have any appreciation at all for the ability of people to adapt and grow. We would still be living in caves, or more likely have long since been rendered extinct if we could not learn from our mistakes.
However harsh what I've described sounds, the kids would still be alive, and where there is life, there is still hope.
There are lots of products that are for sale today, both online and at your brick and mortar stores, that do not have FDA approval. The only restriction, as far as I know, is that these products cannot utilize the FDA approved logo or imply that they they have such approval.
Indeed, but it would also eliminate the possibility that they might learn from their mistakes having faced some real measurable consequences for them, and make smarter choices in the future.
Slashdot Mirror
Who knows what they'll try to blame troubled youth on in the next generation?
I will agree that ideally we want to a K.I.S.S. approach, but in actuality the solution I suggested has only one extra level of complexity over even a straight reverse lookup approach. This complexity is only required because there are lawful and legitimate uses for spoofing, as I mentioned previously, and that the admittedly much more straightforward approach of just routing through the spoofed exchange would place an additional burden on that exchange because it must manage that connection for the duration of the entire call instead of only for a few moments which would not be scalable to handling commercial call volumes.
Obviously a small mom and pop shop would not have a problem with it, but then the small mom and pop shop isn't going to generally have to be spoofing a number that isn't on their own exchange in the first place. If they are, then then the distant exchange is still going to need to verify that the caller that wants to route through it is coming from where they say are, which requires an additional reverse lookup at that location, and is actually no simpler than the system I described anyways.
The scammers, meanwhile, are left quite high and dry. They cannot forge a number that you cannot call back, since a reverse lookup would fail, and they cannot forge a real number that isn't actually on the exact same directly connected exchange as they are, because otherwise when your exchange does the reverse lookup, it wouldn't get any response from the exchange that it tries to talk to.
Sarcasm noted.
However, yes... it is fully sensible. There is nothing wrong with a company wanting its 1-800 number to show up instead of some direct-dial line. And if the caller's direct dial-out line might not even be in the same city as the recipient, how would presenting that number be a win for the receiver? The idea of routing a call through that location's own switchboard would only be practical for very small numbers of calls. Ultimately, I'm afraid it would not very scalable to handling commercial call volumes, because it would invariably overload the call centers where the main office is, since all calls would have to be routed through it, and that burden would have to remain for the duration of the entire phone call, as opposed to just a few moments of brief data exchange needed by the system I described.
And note that in the system I described while allowing such spoofing introduces much more complexity (in particular, it requires that the spoofed number exchange, if any different from the caller, the caller's exchange, and the receiver's exchange all support the protocol), it closes virtually all and does not further introduce any additional vulnerabilities to illegitimate spoofing. If the carrier that is directly connected to the caller is still going to allow illegitimate spoofing, then there is nothing that can be done directly, but the only numbers it will be able to spoof are those that would be routed through it if the destination were to call the number that is being presented as the caller. Since the caller cannot actually control that route, the only exchange this could safely be in all cases is going to be a real phone number that is directly connected to the same exchange as the actual caller (since if it is not a real phone number, there is no guarantee that the reverse lookup would pass into the same exchange). This would tend to place a hard cap on the number of phone numbers that could be so spoofed, and they could eventually be easily filtered or blacklisted.
Yes, but we do not know if the human programmer intuition is behaving non-deterministically or not (even if the universe is deterministic, it can be shown through a paraphrasing of the halting problem that non-deterministic systems could theoretically exist within it without violating any underlying deterministic nature, thereby allowing for the existence of things like free will).
We're getting a bit OT, but in that particular case, the term I believe a lawyer would use is here "unconscionable terms". Such parts of the contract would not be sustained in any law abiding court anywhere in North America.
How was LaTeX broken?
Okay, that would work... it cuts out the middleman needed for legitimate spoofing.
You need some kind of reverse lookup to verify that the call is really coming from where it appears to be, otherwise it can be too easy to spoof.
Oh, as a caveat... this could be worked around if the caller spoofed its number as a number on the same exchange as its own, and the caller's carrier was willing to always answer "yes" to any query, but because these calls can be isolated to always being from particular carriers, they should be fairly easy to filter out.
First of all, it is important to realize that there can, in fact, be legitimate reasons to spoof a phone number... for example, calling from a direct dial out line for a business, but wanting the main business head office number to show up on the caller ID instead, which might even be located in a different country or state.
So given that, much of the problem becomes how to enable spoofing where it is legitimate, but to not present a spoofed number as the caller when it is not.
A carrier, when receiving a call that is on its own exchange always knows the exact number that is being called from (we will call that phone number A), the number that is being called (we will call that phone number B), and also knows what number the caller is wanting to spoof as (if any, which we will call phone number C). Whether the caller is trying to spoof or not, the carrier for A adds a temporary entry int a local cache that tracks outgoing calls, indicating that it is making a call from A to B. This entry is kept alive only for a minute or two at most before being deleted.
If the caller does not want to spoof, then assume that C = A, and the remainder of this paragraph can be ignored. If the caller wants to spoof, then the following additional steps must be performed. The carrier for A tries to tell the carrier for C that it wants to use that carrier to spoof to spoof, making a call to #B. This request might pass through a number of other carrriers, so let us assume that the carrier for C sees the number that is calling it as X, since it is possible that the carrier for A, or any intermediate carrier might be conspiring to spoof. If the carrier for C allows the number X to be spoofed with C, then the carrier for C will then ask the carrier for X if it is presently making a call from X to B. If it does, then it adds an entry in its own cache that it is making a call from C to B. If the carrier for C does not recognize X as a number it can spoof for, then the request is ignored entirely, and the carrier for C will not do anything. Please note, that if X has been illegitimately spoofed, but X is still legitimately recognized by C as being a number it can spoof for, then the carrier for X as reached by C will not issue any response, so C doesn't have any obligation to add an entry to its table in that case.
Whether or not the caller from A is trying to spoof, the carrier for A concurrently rings the carrier for B. The carrier for B, seeing the number C as being the number claimed to be called from, asks the carrier for C (as seen from B) if it is currently making a call to B. If the answer is yes, then the number shown in call display can be assumed to be valid. If C does not respond, then no number should show up.
This whole verification process should take a few seconds at most, and can happen concurrently with the ringing of the line. A person who answers quickly might not get a verified caller ID until after they have already picked up the phone.
The cached entries, as I said, are temporary, and are individually deleted after being present for a short time (one or two minutes would likely be enough time to be sure that the call is really valid).
This is just something I came up with when I had some spare time and thought about it while I was taking the bus to work one day.... there might still be vulnerabilities, but I wasn't able to find them..
Uh, sure.... except they were talking about Facebook, not a singles or dating site, hookup site, or porn site... and, in particular, people searching their own *friends*, not strangers' pics.
Maybe I am a prude, but I seriously had no idea that using Facebook in this way was actually a real life thing until seeing this. In retrospect, I know I shouldn't have been all that surprised, but that didn't mean it was something that I'd have actually ever imagined real people doing.
The "victims" aren't likely to sue, because the supplements don't typically make any existing conditions actually any worse than they already are. The companies that market these products also do not typically offer any statement to the effect that their claims about being an effective treatment for some disease or condition are medically proven or the like. They may even already explicitly state that their product should not be taken as any sort of substitute for following medical advice, but may be taken concurrently with it.
While nobody can deny that there is no scientific evidence that products that make outrageous claims of being able to cure or treat diseases that we have no actual medically approved solution for, the claims they might make that their products *CAN BE* (very key words there) an effective treatment for some condition or disease, and while they can encourage its use, as long as they also explicitly state that it should not be taken as any sort of actual replacement for following medical advice, their claims would remain unfalsifiable, and as such not really in the purview of the FDA, and possibly even a first amendment right. All the FDA could do, then, is issue warnings to the general public about such products, advising them that the products have not been tested or verified, and that they use them at their own risk. This could have a significant impact on the company's sales, but they still might not care if their cost of production is low enough and they can still make a profit.
We're getting OT here, but meat is regulated by the Department of Agriculture. I'm pretty sure the FDA would have absolutely no say in the matter.
Well, he did mention the "birds and the bees"... call me old fashioned, but I'd generally think that a person is going to have at least some amount of romantic (as opposed to platonic) attraction to whoever they decide to mate with.
My bad. Monogomy is the social norm for human beings, so I may have overgeneralized.
And on that subject, I wouldn't have figured a person to be so without as to not know who a friend is that they had some sort of romantic interest in that they couldn't simply search for photos directly on the person's name. I'm underwhelmed.
Okay.... I guess. But when I am trying to recall someone I've met, the first thing that I might try and use to figure out who it was is where I had seen that person or when, not what sex they are. The idea of cataloguing someone's sex as an attribute that you'd even bother to use for search criteria for someone you know seems weird to me... about on par with cataloguing which of my friends are left handed vs right handed, for example... and I had to seriously think for a while to come up with that comparison. Honestly, I would have had no idea it was a thing if I hadn't seen this story.
While I can understand wanting to look for photos of friends, what possible reason could someone have for only wanting to see pics of their male friends or female friends? If they have someone in mind, they can search for pictures of that person.
But I can think of precisely zero cases where I would want to discriminate which photos I wanted to see of my friends based on their gender.
So am I out to lunch here? Can someone explain why this should actually even be a thing?
Either the class of programs for which this would work is so narrow as to be practically useless for most people or they have effectively claimed to have solved the Turing Halting Problem.
My money is on the former.
There's nothing mean spirited about it... the idea is to make the consequences severe enough that many young people will simply not even try, or if they do, then eventually come to regret that choice because of the consequences, and learn as they become adults that the measures were actually there for their own welfare.
The thing here is that they don't actually outright *say* that their stuff will cure the disease, they only say that it *can* cure the disease, or has been recorded as being an effective treatment.
The fact that the evidence to support their claims is purely anecdotal is irrelevant, it's not really an objectively provably false claim. Any more than it's possible to prove that god doesn't exist, for example.
Choices like that don't merit a death penalty. The consequences they will have wrought upon themselves for it will be plenty severe enough.
The idea isn't to be "sure", it's to provide a sufficiently discouraging penalty so that people will generally *choose* to not go and do it, even if the only reason they are avoiding it is because they are afraid of the consequence. By the time they are adults, hopefully they will have come to realize that such measures were actually in place for their own benefit. If it takes directly experiencing some really harsh consquences to get them to that point if they do decide to infringe, then why is that so bad?
Seriously, if you think that what I've described is no better than simply killing them, then you do not have any appreciation at all for the ability of people to adapt and grow. We would still be living in caves, or more likely have long since been rendered extinct if we could not learn from our mistakes.
However harsh what I've described sounds, the kids would still be alive, and where there is life, there is still hope.
There are lots of products that are for sale today, both online and at your brick and mortar stores, that do not have FDA approval. The only restriction, as far as I know, is that these products cannot utilize the FDA approved logo or imply that they they have such approval.
Shut down how, exactly?
How can the FDA revoke approval for things it never gave approval for in the first place?
If they are actually wanting to make such claims about their products, I highly doubt that they'd care what the FDA has to say.
Indeed, but it would also eliminate the possibility that they might learn from their mistakes having faced some real measurable consequences for them, and make smarter choices in the future.