Slashdot Mirror


User: Todd+Knarr

Todd+Knarr's activity in the archive.

Stories
0
Comments
3,572
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,572

  1. Re:Spam is one of the most complex issues on EFF speaks out against MAPS · · Score: 2

    Well, I don't like having to block all mail from a domain just to get the spammers. But what other pressure can be put on the rogue ISPs to take action against spammers on their networks? If following up a complaint would cost you money and ignoring it wouldn't adversely affect your company at all, if the only standard your board of directors looks at is your financial bottom line which course would you take?

    I liken it to another course: if a car dealer is being used to fence cars because he refuses to do any checks on the provenance of the cars he takes in, should people buying cars who know about him only avoid the stolen cars he's selling or should they start avoiding his lot entirely?

  2. Re:Spam is one of the most complex issues on EFF speaks out against MAPS · · Score: 2

    You're right, but there's one problem. You have a hard time blocking just the spammers from an ISP, and if you limit it to the spammers then the ISP has no motivation to do anything. The spammers keep paying them for new usernames and such, and the ISP doesn't suffer if it ignores the complaints since they're all coming from people who don't pay them any money. The only way to goad the ISPs into taking action against the spammers is if their paying customers start suffering and complaining because of the spammers, to the point where the spammers are costing the ISP more than they're paying the ISP.

    That's where MAPS and ORBL and such come in. They list ISPs who don't police their own userbase. They make it easy for other ISPs to refuse to do business with offending ISPs until the offenders do police their own users. Call it a mass boycott of companies who won't play by certain rules.

    I think users should have the right to know which blocking lists, if any, their ISP uses. I disagree with the EFF that blocking lists are a problem, though. Blocking lists are, like boycotts, the solution to the problem. The problem is ISPs who tolerate customers who abuse the rest of us.

  3. Re:Amount of SPAM question... on EFF speaks out against MAPS · · Score: 2

    Having checked, I have to update this. The average is now about 20-40 thousand attempts from MAPS-listed sites blocked per day, with occasional dips down to 15 thousand or so. This out of an average volume of 200 thousand pieces of mail per day.

  4. Re:From a small isp perspective.. on EFF speaks out against MAPS · · Score: 3, Informative

    SMTP AUTH maybe? Relaying allowed for authorized users, nobody else. End of open-relay problem.

  5. Re:Amount of SPAM question... on EFF speaks out against MAPS · · Score: 3, Interesting

    I don't know how authoritative this is, but my old ISP (XMission in Salt Lake City) had a page listing attempts blocked by the MAPS rules. They were blocking somewhere about 10-20 thousand attempts per day on average, with regular spikes into the 40 thousand range and occasional spikes into the 70-80 thousand attempt neighborhood.

    As a sanity check, they only flagged messages listed on ORBS and, for a while, only flagged messages listed on MAPS (until the spamload got too high). In 6 years, I got precisely one piece of mail that was ORBS-flagged that wasn't spam, and no non-spam with a MAPS-flag while MAPS flagging was in effect. Since ORBS is more aggresive in listing sites than MAPS is, this is sufficient evidence to me that at the very least the amount of non-spam incorrectly flagged by MAPS and/or ORBS was a small fraction of the amount of spam they were catching.

  6. Re:RTFA on Microsoft Blames the Messengers · · Score: 5, Informative

    Except that that was tried. What happened was that the vendors responded with "We can't reproduce that, you must be mistaken, there's no hole in our product.". After a while, the security community came to the conclusion that the only way to get vendors to wake up and actually fix their products was to release enough details that, if there was any question whether the hole existed, the skeptic could recreate the exploit and try it and see for himself. Which leaves the vendor with no way to spin the story, which is what Microsoft's really pissed off about.

  7. Re:You All Suck on Hucksters, Suckers, and the Cue:Cat · · Score: 2

    Is this a problem with the public, or simply a failure of your business model? Nobody ever offered you a guarantee that your customers would do exactly what you wanted them to do, after all.

    Something businesspeople forget: implementing a stupid business plan on the business owner's part does not imply an obligation to insure he succeeds on the customer's part.

  8. Re:Pro-RIAA perspective on RIAA Abandons Hacking Amendment · · Score: 2

    No, they haven't misconstrued the RIAA's intentions. For getting the ISP to cut off the offending site, the RIAA has every legal right under the law, even the new anti-terrorism ones, to do that. As for the latter two, they're known as a DoS attack and cracking, and both are completely illegal period full stop. I don't care if the RIAA does hold the copyrights, that doesn't and shouldn't give them the right to break the law themselves. If they want to ignore their legal recourses and try vigilante justice, let them suffer the same consequences as the DeCSS authors and Dmitri Skylarov.

  9. Re:Double opt-in? What the hell? on MAPS and Experian Settle Lawsuit · · Score: 2

    You don't get it. Why should that list use double opt-in? They're a list being run by someone like Experian who says "You did opt in. See, here's the request from you to be added.". You didn't send that request, but that's beside the point for them, they've got the request.

    So the malicious person who decided to get you's happy, you're getting spammed. The list operator's happy, he's got a new target free and clear. The only one who suffers is you, as legitimate e-mail to you goes into the bit bucket because the lists have filled up your mailbox with mail you didn't ask to get.

  10. Interference with contract? on MAPS and Experian Settle Lawsuit · · Score: 4, Interesting

    One thought. Now that MAPS is charging for access to their service, can someone paying for their services consider there to be a contract between MAPS and them wherein MAPS agrees to provide a list of IP addresses that meet it's definition of 'spammer'? If so, and Company A goes to court and prevents MAPS from listing their IP addresses even though they meet MAPS' definition, can RBL subscribers sue Company A for damages due to Company A's interference in MAPS' performance of it's duties under it's contract with them?

  11. Re:Double opt-in? What the hell? on MAPS and Experian Settle Lawsuit · · Score: 3, Insightful

    Think about what happens if someone else subscribes you to a mailing list with a high volume. Single opt-in means your mailbox starts getting filled up with mail without giving you any chance to avoid it. Do you really want to enable people to kill your e-mail easily by just signing you up for a few dozen multi-megabyte-per-day single-opt-in mailing lists?

  12. Re:And then they came for the N*SYNC listeners... on NSync Copy Protected CD · · Score: 2

    No, we don't need to write letters or crack the protection. Hit them in the pocketbook with returns of the CDs as unplayable. The record stores can't afford to and won't carry music that's going to generate high return rates. It costs too much and wipes out their profits. And Media Play and Wherehouse and such don't care about philosophy, they care only about their profits. The record company loses a couple of big chains because of it, they'll sit up and take notice real quick.

  13. Re:But it's not television! on Salon Goes For Annoying Jump-Through Ads · · Score: 2

    Actually I don't find the ads on Slashdot offensive. They load reasonably fast, sit at the top of the page and don't intrude on the content, and are usually something I might reasonably be interested in at some point. I can handle this.

    What the companies doing the advertising have to realize is that ad success != clickthroughs. When I'm reading the newspaper or a magazine or watching a TV show and see an ad for something, I don't immediately drop what I'm doing to go to a store and buy it. Not even if I'm interested in buying that specific item at that time. But I will remember the item and the brand, and when I'm at the store or out shopping for it I'll be looking for it because of the ad. So stop treating Web ads differently from any other sort of ad.

    Sites have to learn a different lesson. Readers are coming to your site for the content, not the ads. The harder you make it for the readers to get to what they've come for, the more of them you'll drive away. Those readers are your product. They're what you're selling to the advertisers. Drive enough of them away, and you won't have anything to sell. Smart move, boy-o.

  14. Steganography detection on Study Finds Low Use Of Steganography On Internet · · Score: 1, Redundant

    So they failed to detect steganography in the images. Erm, isn't that the point of steganograpy, that you can't detect that there's a message there?

  15. Copied? on IP Theft in the Linux Kernel · · Score: 2, Insightful

    The structures do look similar, and if the Linux headers were copied then I hope they smack the guy responsible and reinstate the copyright notice. If the files were cut-n-paste copied it should be possible to nail this down, and copying something this cut-and-dried is stupid enough to merit a serious LARTing.

    OTOH, if you give two programmers the same specs for a data structure and they have to follow the same coding and indentation style, you're likely to get two very similar structures, right down to the names in obvious cases, even if they don't copy each others' work. The fields themselves have to be specific types in a specific order because that's the way it's laid out on disk, and the coding style's pretty much fixed by the Linux kernel coding standards, and things like dummy_1, dummy_2 for filler fields are pretty standard (those're what I'd pick without seeing any other code, for example), how much variation in the structures is actually possible?

    For a real-world example, look at any two independent implementations of the CRC32 algorithm. They're probably identical in everything but some variable names and indentation, because there's only one really fast way of writing that algorithm and everybody uses it automatically. Nigh-identical code, no copying done or required to get it.

  16. Automatic propagation on Microsoft's Vision For Future Operating Systems · · Score: 2

    Software automatically propagates across the network, installing itself on new machines as neccesary. Nice idea for making sure patches and updates are applied.

    But can we say "designed from the ground up to propagate malicious worms", kids? I knew we could. You think NIMBA was bad, this system'll make that look like a walk in the park on a sunny day.

  17. Re:I think, John... on Civil Liberties And The New Reality · · Score: 2

    Perhaps. Then again, completely prohibiting unchecked luggage wouldn't have stopped the WTC hijackers, they didn't use unchecked luggage to conceal their box knives. Heck, I've carried a Swiss Army pocketknife through in my pocket and a Leatherman on my belt. And the points under discussion weren't as trivial as whether you have to check your bags into the hold or not, they were matters of "can you talk to someone else privately" and "can you walk down the street without the government recording exactly which stores you looked into".

  18. I think, John... on Civil Liberties And The New Reality · · Score: 5, Insightful

    I think the first thing that needs to be asked about all these proposed new laws is, "Would they have done anything to stop the WTC incident had they been in effect before it?". For example, would the new wiretap powers have done anything given that the government doesn't seem to know that communication between the terrorists was going on at all? If US-made crypto tech has back doors or key escrow or other access mechanisms installed, do you think the terrorists will give up what they already have and switch to it? And if they don't, will those access mechanisms help one bit? Will additional restrictions on checked luggage and manifest checks stop someone who walks past a bored security guard carrying a knife in his pocket and boards the plane?

    This is my heartburn with a lot of what's being proposed. Not that it may restrict our rights, but that it will restrict our rights without doing anything about the problem being used to justify it.

  19. Re:Try this on for size... on Moglen On Enforcing The GPL · · Score: 2

    Plaintiff: Internet Explorer 6 is available as a free download. ICQ is advertised as free software on the official Web site. Is the court saying that anyone who downloads them may then alter, reverse-engineer, sell and otherwise use and distribute them without any restrictions?

  20. Re:GPL vs. LGPL on Moglen On Enforcing The GPL · · Score: 2

    Nope, X has another option: ask Z for a license to his code that isn't the GPL. He can say yes or no. Simple, easy, probably takes one phone call to get the answer. The whole point of the GPL is to prevent a company from doing what you want in your last paragraph without going back to the original author for permission. Why should the GPL be modified, then? If the author didn't want what the GPL did, he wouldn't have used the GPL.

  21. Re:Still need a real test on RTLinux Patents: Issue Closed? · · Score: 3, Insightful

    True, but every time some company changes the licensing terms on software they derived from GPL'd code it's one more point on the FSF's side when they finally do meet up with a hostile infringer. Firstly it establishes a track record of the industry considering the GPL valid. Secondly, if the infringer tries to claim it's not valid because it's unreasonable, the FSF can trot out examples of the actual, reasonable changes needed to comply to rebut the infringer. It's a variation on the same principle the big boys have used: start with the small fry and the ones who don't lose much by accomodating you and build up precedent before going after larger targets.

  22. Re:Proxomitron on Mozilla 0.9.4 Released · · Score: 2

    What doesn't render correctly? As of now, IE4/5/6, NS6, Mozilla 0.9.3+ and derived browsers and Opera5 all render HTML4/CSS1/etc. per the standards. Some include proprietary extensions, but all of them handle standards-compliant HTML4 correctly. NS4 doesn't but then NS4 doesn't do HTML4/CSS1, having been designed and built before those standards were finalized. Now if you mean they render the HTML differently, that's true, but then they're allowed by the standard to render it differently. The basic idea is that the browser should render things the way they ought to be rendered on the client system, which can vary from system to system as look-and-feel differs.

    Of course, you might be trying to do precise page layout and such. Don't. You don't know anything about the client system, so trying to do pixel-level control of layout or force page widths and such doesn't work. I hate pages that make me scroll horizontally because they were designed for a wider screen than I've got, and I hate pages that leave half my browser window blank because they were designed for an 800x600 screen and my system's 1600x1200 on a 21" monitor.

    As for frames, I've seen more than a few pages that, when hit with Mozilla 0.9.3, tell me I need a frames-compatible browser. They do this because they've got a hard-coded list of browsers that support frames, and anything that isn't on that list is assumed not to whether it does or not. Worse yet is the site that requires frames but only uses them for a navigation/menu sidebar. Oddly, if I take that side, scan the source and put in the URL to the nav/menu frame manually, I can navigate the site just fine. I've got to hit the Back button to get the menu back to change areas, but it's entirely navigable and usable without frames even though it was designed to require it. And all it takes is one anchor tag in the NOFRAMES section, but the designer won't do it.

  23. Re:Proxomitron on Mozilla 0.9.4 Released · · Score: 4, Insightful

    How about not optimizing your page code instead? Just write HTML 4.01 or XHTML 1.0 or CSS1/CSS2 or Javascript 1.2 or whatever according to the standards ( see www.w3c.org for all of them ) and make life easy on all of us. I find it annoying to go to a site and see "Sorry, Netscape 6.x isn't supported.", flip the user-agent string to IE5.5 and discover that the site renders perfectly in Mozilla 0.9.recent. To me it says that the site doesn't care what customers it annoys and that the designer doesn't know how to create HTML pages.

  24. Best reply on Congress Considers Mandatory Crypto Backdoors · · Score: 5, Insightful

    I think the best reply one can give to the politicians who want to impose this is:
    "And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?"

  25. Turnabout on Congress Plans DMCA Sequel: The SSSCA · · Score: 5, Insightful

    I'd suggest writing the appropriate Congresscritters and suggesting that you'll support passage of that law only if it requires hardware to completely comply with copyright law, including USC Title 17 Sections 106 through 122 and Section 1201(c), and all relevant case law. The corps would drop this like a hot potato if the hardware was legally required to enforce those portions of copyright law, because most of their copy-protection schemes would be illegal.