Will you be telling us just who this company is, at least once they do the spam run? We'd like to hear your whole story. If they end up not taking your advice and you move on, that's the time to reveal what kind of scumbags they are, and just who they are.
Of course with the cost of living being as low as it is in India, it doesn't take much to reach a comfortable level for a limited few (the high tech workers). The problem for America is that it's now so easy to let Indians do the work cheaply, eventually so many Americans will be out of work the cost of living drops in America because so many can't afford it. Of course at some point people vote, and politicians will do things to try to slow it down or stop it (while businesses will continue to do it anyway). It'll just get ugly, and it's not the fault of either Indian workers or American workers (each is just trying to have a job and make a decent living). The real fault is businesses are just not up to the task of providing enough jobs for everyone in both countries (because their real goal is profits for the investors). America's current economic "recovery" is a "for the rich only" kind of recovery. Bush will lose his job (but not to worry, he gets a nice retirement plan and has lots of friends in high places that would hire him on as a consultant at overpaid executive salary levels) and Kerry will take over. He may, or may not, actually do anything about it (he doesn't really seem to understand it, so I doubt he does). It won't matter much either way because it's just too hard to prevent a company with a big office in India from hiring Indians, just because the company is an American based corporation. In the long run, though, it will be bad for India because it won't really solve the poverty problems there since only a few will ever see economic benefit from it... unless India builds up its own domestic economy (and comes to America to hire the impoverished).
But IPv6 has some problems. They can be dealt with. We ultimately need IPv6, and the sooner we move on to there, the better (the sooner we can all roll out new things that make good use of it).
IPv6 will still be slow going. Those who do move to it early will have problems of lack of connectivity everywhere while using it. That's not as much of a problem in places like China because as it expands to less technical people, it will be reaching those for whom connecting to the rest of the world won't matter, anyway.
The design of IPv6 also failed to address the routing scalability problem. It's still impractical to give everyone their own static IP addresses. It's partially mitigated by a better dynamic assignment method, but not entirely.
IPv6 could be expedited more quickly by offering a limited number of permanently assigned static netblocks to early adoptors to deploy working IPv6 connectivity, with reduced qualification requirements.
The IIT of India, which is about 7 autonomous campuses around the country, is considered by many to be on par with MIT. In terms of selectivity, maybe they are, and that would influence the end results a lot. But despite its lack of the same level of resources (especially in research areas) that schools like MIT have, the IIT campuses are producing a lot of good graduates.
I'd heard of IIT of Illinois, but only because I lived in Illinois for a few years long ago. I didn't know it had anything going on in India. I can see how that caused some confusion.
Ok I understand that the mediocre schools add noise to the American system. But one can filter that out by only looking at applicants from the good schools. So how is filtering out based on good schools in America different from filtering out based on graduates from India coming from a good school (and the only school of choice there).
Of course if you look at applicants only from good schools in either country, you are looking at a filtered pool. But, there are also as many, if not more, well qualified applicants in America that come from many other schools, that, while they don't compare to schools like MIT, they are still sufficiently good schools that their top NN% are going to compare well to average graduates of MIT (or IIT). These other schools, state univerities for example, are so numerous they cannot be ignored. Only a fraction of the good people in America come from the few best schools.
In India, it differs in that there is very little alternative to IIT. Those that don't make it into IIT, usually don't end up being in the pool at all. They are there to some extent, but the number is nowhere near what it is in America.
Put another way, if you had a free way to just pick just the best candidates in the whole pool in both countries, you'll find two things: (1) The Indian pool represent is almost entirely from IIT. (2) The American pool is much larger, and has only a small fraction from the very best schools.
The problem is, you can't just get a free filter of all the best candidates; the process costs money in America because the noise (all the other candidates from the other schools that are not the best schools).
Imagine if all computer science and engineering schools in America were shut down except for the ten best schools. And those ten best schools expand some, but not a lot, and remain as selective as ever. Now look at the whole pool of candidates. You'll now find Americans do a whole lot better. There's just fewer of them. And that's what the case is in India right now.
Either way it is not the 'filtering' that is making any difference. Because it can be easily done by either choosing one from India or choosing one from a good school in U.S.
The filtering isn't making any difference in America because that kind of filtering just isn't done that much. To do so would mean far fewer candidates.
American corporations are not choosing India because the pool is filtered; they are choosing India because it doesn't take as many dollars to given an Indian a nice lifestyle in his own country that he is happy with. But it just so happens that what you get are good programmers and engineers. But over time, and even now, this is changing. As the demand creates more recruiting within India, the barrel is dug deeper.
As for the unfortunate timing of both events... Well it is not a coincidence. It is exactly the dot com bust that have prompted companies to look for cheaper alternatives in mass numbers. They are not exclusive of each other by any means.
The timing is unfortunate, and the numbers are certainly influenced by the coincidence. But the scenario has been developing since the 1980's. What happened to accelerate it was not the dot-com bust, but rather, the dot-com boom of the latter 1990's. Businesses of all sizes wanted more people. The best of Americans were gotten the top dollar, and what was remained was mediocre. Some companies scrambled so fast to catch up with the booming internet that they scrambled for anything, and when to consulting and outsourcing companies from both America and India. Those companies, as well as larger corporations like Intel, IBM, Texas Instruments, Sun, etc, already knew about India, and already has people on staff here on H-1B visa, or in remote offices in India. It simply expanded in the rush.
Then the bust happened. But those who survived had to do as much with l
The problem with American job applicants is that the signal (e.g. top quality job applicants, which are in much higher proportion from top schools like MIT and CalTech) level is drowned out by noise among the applicants from so many other ordinary schools (who also have good graduates, too, among the many ordinary and mediocre ones). If you filtered them and only looked at the top people, you'd be seeing equal or better than from India. If you look at the job candidates from/in India, you're looking at an already filtered pool. The difference between these top pools in America and India is that the pool in India hasn't been so extenstively utilized, yet. As India finds more and more demand for high tech people, they will have to come from lower admission standards and expansion at IIT, or more IIT campuses, or other schools (there are others, too). Eventually, it will all balance out. It's just unfortunate that this shift happened to occur during the "dot com bust", and that employers are still hiring from/in India while Americans are out of work (including the top quality ones who are lost in the noise because American corporations find it easier to hire through a consultancy like Tata, than to search and recruit on their own domestically, which would require doing all that noise filtering).
Sorry, but you are wrong; it has already started. High tech companies are already popping up all over India (but generally concentrated around where the IIT campuses are). In some cases these startups are even stealing American intellectual property (though the Indian government is trying to crack down on that to avoid scaring away future businesses from employing in India).
The biggest reason that Indians are such good programmers (and engineers) is because, at the current time, only the best and brightest in India are being educated and trained to do this work. On average, America and India have the same proportion of people who are smart at some given level (assuming an equivalent educational level). But in India, the educational system, and the economy, are just not up to par with America in terms of cranking out more programmers. That doesn't mean India's premiere school, IIT, is bad. In fact is it an excellent school, despite the limitations of resources they still have to work with. But IIT is pretty much all there is in India (several campuses around the country). In proportion to population, America cranks out far more programmers than India does (at least for now). That means it has dug deeper down the barrel in its population. There are many times more programmers from America as from India.
Right now, there are lots of people in America who can be considered "la creme de la creme". But they just happened to be in the wrong place (like, working for a mismanaged company that failed) when things went downhill. There are plenty of these highly experienced, well educated, people around looking for work. But they are also drowned out by even more people who just can't come anywhere close. The "noise level" is basically drowning them out.
But in India, it's mostly just "la creme de la creme" that's available. The "bottom of the barrel" isn't even trying because they don't have the educational system scaled up the way America has, so they don't even have a hint of the basic skills needed. If you take 1000 random resumes of people in India looking for work, and 1000 random resumes of people in America looking for work, on average you're going to find that a much higher proportion of Indians are better qualified for that work. And that's only because such a higher proportion of the population in America is (still) trying to get these jobs, and thus you have lots of lesser qualified people in the pool (in America, but not in India). Give an employer a choice of which stack of resumes to take to fill a job, and quite many will choose the Indian stack just because of the better signal to noise ratio (even if the salaries would be exactly the same).
Ultimately, what America needs to do is cut back on cranking out more programmers (and engineers, and other high tech people), so that "la creme de la creme" can take the work and get well rewarded for it, regardless of which country they come from.
When you have a case of what is best for the whole and what is best for the individual in conflict, then the choices that get made are not the best for the whole, because it is the individuals that making those choices. People (and businesses) will always buy the cheapest, even if it means eventually driving the economy into the ground, and even if they realize this to be true. Way too few individuals will make their immediate buying choices based on that because most would rather have the cost reductions for themselves, and let "the other guy" take the cost hit for improving the economy. In the end, so many people will be out of work that prices (food, rent, everything) will fall. Over time (and it will be many years of time), America's cost and standard of living will fall to where it meets that of India (which will have been rising). At that point we'll also have about the same level of unemployment. And all that because those who do have some money to spend, want to have what is cheapest today, even though they will also be losers in a few years because of everyone making this same decision.
The fix for the problem, though, is not to make general restrictive rules or add new taxes. Instead, the fix is to level the playing field with regard to world trade. Outsourcing is simply the importation of the fruits of labor, which adds to the trade deficit. Any changes made by the government should be focused at making world trade work equally for everyone.
My solution for the problem is to disallow the use of national currencies for world trade. Create a special international trade currency which everyone wanting to buy something from a foreign country must purchase domestically first, in order to make that foreign purchase. The supply of this currency will be fixed as a deficit ceiling. Once the international currency supply is exhausted in a given country, that country has reached its deficit level, and no more will be available until some trade in the opposite direction reduces that deficit and brings some of that currency back in. As the supply drops in a given country, its market price in that country also goes up, which has a gradual slowing effect, so there really won't be a hard boundary (unless some country simply isn't exporting at all). The trade deficit will then find a level the market is willing to do, and stay around there.
However, given the correct design, such checking can be made as efficient as checking the destination address. And given that the overall loss of resource due to abuse far exceeds the cost of checking the source address even with the way routers do it now, if everyone did it (check packets for proper source address), the total loss of resources would go down.
The real problem is that the decisions to do this checking are not made globally, but individually. When examined individually, one will not see a benefit (less incoming abuse) that corresponds to the cost (filter all the packets). So everyone individually will make a "business decision" to let the abuse continue, even though if it were done collectively, it would result in savings (cost reductions) for everyone.
It is perfectly valid for an ISP to restrict outbound packets to have only source addresses that are appropriate. I started doing this back in 1997 to make sure my users could never forge someone else's IP address (prevent smurfing and such). For a small ISP, this is easy; just add an access list on the outbound path of the upstream interface at the border router(s). For a large ISP, this gets to be a problem because more than one netblock would have to be added, and such a list would chew up the router big time. But if the router manufacturers would add an extra route lookup step, applied to the source address, and see if the return route matches where the packet came from, this kind of filtering might become feasible.
What do you mean by "authenticated access"? Do you mean the password the user uses to submit mail via AUTH-SMTP and/or MSA? I'm sure the virus will (when it needs to) just sit there and wait for the user to actually send some mail, and just spy on the entered password, and proceed to spam far and wide at some point thereafter (like when the computer goes idle so the user doesn't know the spamming has started).
Most Linux install disks will clean a PC. Not only will they clean the PC of the infection, but they will also clean it of spyware, as well as greedware. And it's free.
I block all the DSL and cable addresses I know about, mostly by means of a large domain name based list I have compiled, plus a few DNS based blacklists. But I think spammers are figuring out that I'm doing this, and in their desperation to ensure I end up with the largest penis in the world, they have resorted to making their spam zombies use their ISP mail servers instead of connecting direct to my mail servers. This is a definite trend. I guess I will have to start blocking those servers next. In the mean time, I'm providing the abuse desks at those ISPs with lots more evidence to ignore. I wonder what the spammers will do if I just quit using the internet altogether? Carrier pigeon?
MD5 encryption of do-not-spam list
on
Spam Bits
·
· Score: 2, Insightful
Submitting an email address to the "do-not-spam list" risks that address leaking to foreign spammers (or domestic spammers operating in a foreign country). They would know the address is "for real" so they would be happy to add it to the lists they sell.
If the email addresses were distributed in MD5 encrypted format, it would be a little harder for spammers to do much else with it. Of course, as they scan their list to see who is on the "do-not-spam list", they can still sell those addresses to others (outside the US) as "for real". They won't get to know about new addresses from the list, but they will get to know whether or not new addresses gained from other places is real or maybe not.
Perhaps better would be to limit the list to domain names only. The domain name owner would have to authorize being on the list, but then it would specify any email address with any username part would be effectively listed. And even still, it would be MD5 encrypted so spammers aren't handed a list of domain names.
Ultimately, it will have very little effect (big time spammers will move operations to outside the US), and have some problems (spammers will be detecting many "for real" addresses in this). The real solution is to send spammers to the gallows.
You can write your boostrap compiler in any language you want, even an interpreted one. All you need is something that can let you parse the source and produce the binary output. Once that is done, now proceed to write the real compiler in the same language you created that it will be compiling. Once you have that working, you no longer need the bootstrap compiler, at least on that platform. Getting your language working on new machines might then involve that bootstrap compiler again, presuming what it was written in is already on that machine (so choose something reasonably portable).
One possibility for making a compiled language is to produce as compiled output something higher than assembly, such as C itself. This is how C++ got started so maybe C&& can get started the same way, too. That might be your bootstrap compiler or even your real compiler.
So C is not really dead. It's just being trampled on.
It might be illegal to rent a virtual server in the US, with a US assigned IP address, and run a private proxy server there for your own web access use. So for that reason you shouldn't do it.
I'm sure the cable companies loath having more customers calling support, and that this is why they've been reluctant to do this until now. But the fact remains that 95% of people won't do anything at all about the problem for various reasons:
Their computer still works fine (if it ain't broke, don't fix it)
They simply don't understand (they know that they aren't spamming)
Friends have told them to never install unknown software
Of course it would help if the provider gives them some support, and I think they should. But the provider is not obligated to do so. This is all probably already in the terms of service. It is the customer's responsibility to do whatever it takes to ensure that they are not enabling abuse on the internet. Just because they are ignorant about how this happens only means someone has to help them out; but it is not the provider's obligation to compensate for ignorance.
So, if you switch to Comcast, would you be doing anything stupid like letting your machine be used for abuse by others? Would you run an unsecured OS? The very fact that you are posting to/. suggests the probability of that is a lot lower for you than for the general population. So maybe you don't have to worry about it. As to those you live with... if any of them fit the category described above, then maybe it is you who need to provide that support.
Just use a dialup account for that. It can even be within your own IP space, or if you are not an ISP, one from that same ISP (explain to them what you are doing and why you need a wide open access). Then just don't include that IP address in the list of those that the mail server accepts mail from for relaying (to test incoming).
Actually, it's rather easy to do with just a few pieces of the right equipment and a little bit of programming. The account would be flagged in the database for this, and their DHCP assigned IP would become a 10.X.X.X address. Then all SMTP attempts would hit a null route, and all HTTP attempts would hit a proxy server that intercepts any connection and puts up a page to explain the problem, and that they need to take action (clear the virus, call a special support number, etc).
As to scaling, sure, as big as Comcast is, and as many infected customers that they have, they'd need to have several of those proxy servers. But it is relatively easy to do. How many infected customers do you think they have? The more they have, the more important it is to do this.
The message needs to be loud and clear. If your business in any way supports and encourages frivolous and harassing lawsuits by folding and paying off such criminals, then it, and its customers, and its customers' customers, will be considered to be equally culpable for the purpose of public response and reaction, such as boycotts.
Will you be telling us just who this company is, at least once they do the spam run? We'd like to hear your whole story. If they end up not taking your advice and you move on, that's the time to reveal what kind of scumbags they are, and just who they are.
At least drop a hint.
Of course with the cost of living being as low as it is in India, it doesn't take much to reach a comfortable level for a limited few (the high tech workers). The problem for America is that it's now so easy to let Indians do the work cheaply, eventually so many Americans will be out of work the cost of living drops in America because so many can't afford it. Of course at some point people vote, and politicians will do things to try to slow it down or stop it (while businesses will continue to do it anyway). It'll just get ugly, and it's not the fault of either Indian workers or American workers (each is just trying to have a job and make a decent living). The real fault is businesses are just not up to the task of providing enough jobs for everyone in both countries (because their real goal is profits for the investors). America's current economic "recovery" is a "for the rich only" kind of recovery. Bush will lose his job (but not to worry, he gets a nice retirement plan and has lots of friends in high places that would hire him on as a consultant at overpaid executive salary levels) and Kerry will take over. He may, or may not, actually do anything about it (he doesn't really seem to understand it, so I doubt he does). It won't matter much either way because it's just too hard to prevent a company with a big office in India from hiring Indians, just because the company is an American based corporation. In the long run, though, it will be bad for India because it won't really solve the poverty problems there since only a few will ever see economic benefit from it ... unless India builds up its own domestic economy (and comes to America to hire the impoverished).
Yeah, it was a troll.
But IPv6 has some problems. They can be dealt with. We ultimately need IPv6, and the sooner we move on to there, the better (the sooner we can all roll out new things that make good use of it).
IPv6 will still be slow going. Those who do move to it early will have problems of lack of connectivity everywhere while using it. That's not as much of a problem in places like China because as it expands to less technical people, it will be reaching those for whom connecting to the rest of the world won't matter, anyway.
The design of IPv6 also failed to address the routing scalability problem. It's still impractical to give everyone their own static IP addresses. It's partially mitigated by a better dynamic assignment method, but not entirely.
IPv6 could be expedited more quickly by offering a limited number of permanently assigned static netblocks to early adoptors to deploy working IPv6 connectivity, with reduced qualification requirements.
The IIT of India, which is about 7 autonomous campuses around the country, is considered by many to be on par with MIT. In terms of selectivity, maybe they are, and that would influence the end results a lot. But despite its lack of the same level of resources (especially in research areas) that schools like MIT have, the IIT campuses are producing a lot of good graduates.
I'd heard of IIT of Illinois, but only because I lived in Illinois for a few years long ago. I didn't know it had anything going on in India. I can see how that caused some confusion.
Of course if you look at applicants only from good schools in either country, you are looking at a filtered pool. But, there are also as many, if not more, well qualified applicants in America that come from many other schools, that, while they don't compare to schools like MIT, they are still sufficiently good schools that their top NN% are going to compare well to average graduates of MIT (or IIT). These other schools, state univerities for example, are so numerous they cannot be ignored. Only a fraction of the good people in America come from the few best schools.
In India, it differs in that there is very little alternative to IIT. Those that don't make it into IIT, usually don't end up being in the pool at all. They are there to some extent, but the number is nowhere near what it is in America.
Put another way, if you had a free way to just pick just the best candidates in the whole pool in both countries, you'll find two things: (1) The Indian pool represent is almost entirely from IIT. (2) The American pool is much larger, and has only a small fraction from the very best schools.
The problem is, you can't just get a free filter of all the best candidates; the process costs money in America because the noise (all the other candidates from the other schools that are not the best schools).
Imagine if all computer science and engineering schools in America were shut down except for the ten best schools. And those ten best schools expand some, but not a lot, and remain as selective as ever. Now look at the whole pool of candidates. You'll now find Americans do a whole lot better. There's just fewer of them. And that's what the case is in India right now.
The filtering isn't making any difference in America because that kind of filtering just isn't done that much. To do so would mean far fewer candidates.
American corporations are not choosing India because the pool is filtered; they are choosing India because it doesn't take as many dollars to given an Indian a nice lifestyle in his own country that he is happy with. But it just so happens that what you get are good programmers and engineers. But over time, and even now, this is changing. As the demand creates more recruiting within India, the barrel is dug deeper.
The timing is unfortunate, and the numbers are certainly influenced by the coincidence. But the scenario has been developing since the 1980's. What happened to accelerate it was not the dot-com bust, but rather, the dot-com boom of the latter 1990's. Businesses of all sizes wanted more people. The best of Americans were gotten the top dollar, and what was remained was mediocre. Some companies scrambled so fast to catch up with the booming internet that they scrambled for anything, and when to consulting and outsourcing companies from both America and India. Those companies, as well as larger corporations like Intel, IBM, Texas Instruments, Sun, etc, already knew about India, and already has people on staff here on H-1B visa, or in remote offices in India. It simply expanded in the rush.
Then the bust happened. But those who survived had to do as much with l
The problem with American job applicants is that the signal (e.g. top quality job applicants, which are in much higher proportion from top schools like MIT and CalTech) level is drowned out by noise among the applicants from so many other ordinary schools (who also have good graduates, too, among the many ordinary and mediocre ones). If you filtered them and only looked at the top people, you'd be seeing equal or better than from India. If you look at the job candidates from/in India, you're looking at an already filtered pool. The difference between these top pools in America and India is that the pool in India hasn't been so extenstively utilized, yet. As India finds more and more demand for high tech people, they will have to come from lower admission standards and expansion at IIT, or more IIT campuses, or other schools (there are others, too). Eventually, it will all balance out. It's just unfortunate that this shift happened to occur during the "dot com bust", and that employers are still hiring from/in India while Americans are out of work (including the top quality ones who are lost in the noise because American corporations find it easier to hire through a consultancy like Tata, than to search and recruit on their own domestically, which would require doing all that noise filtering).
Why do you think Indian Institute of Technology needs to have Americans attend?
Sorry, but you are wrong; it has already started. High tech companies are already popping up all over India (but generally concentrated around where the IIT campuses are). In some cases these startups are even stealing American intellectual property (though the Indian government is trying to crack down on that to avoid scaring away future businesses from employing in India).
The biggest reason that Indians are such good programmers (and engineers) is because, at the current time, only the best and brightest in India are being educated and trained to do this work. On average, America and India have the same proportion of people who are smart at some given level (assuming an equivalent educational level). But in India, the educational system, and the economy, are just not up to par with America in terms of cranking out more programmers. That doesn't mean India's premiere school, IIT, is bad. In fact is it an excellent school, despite the limitations of resources they still have to work with. But IIT is pretty much all there is in India (several campuses around the country). In proportion to population, America cranks out far more programmers than India does (at least for now). That means it has dug deeper down the barrel in its population. There are many times more programmers from America as from India.
Right now, there are lots of people in America who can be considered "la creme de la creme". But they just happened to be in the wrong place (like, working for a mismanaged company that failed) when things went downhill. There are plenty of these highly experienced, well educated, people around looking for work. But they are also drowned out by even more people who just can't come anywhere close. The "noise level" is basically drowning them out.
But in India, it's mostly just "la creme de la creme" that's available. The "bottom of the barrel" isn't even trying because they don't have the educational system scaled up the way America has, so they don't even have a hint of the basic skills needed. If you take 1000 random resumes of people in India looking for work, and 1000 random resumes of people in America looking for work, on average you're going to find that a much higher proportion of Indians are better qualified for that work. And that's only because such a higher proportion of the population in America is (still) trying to get these jobs, and thus you have lots of lesser qualified people in the pool (in America, but not in India). Give an employer a choice of which stack of resumes to take to fill a job, and quite many will choose the Indian stack just because of the better signal to noise ratio (even if the salaries would be exactly the same).
Ultimately, what America needs to do is cut back on cranking out more programmers (and engineers, and other high tech people), so that "la creme de la creme" can take the work and get well rewarded for it, regardless of which country they come from.
When you have a case of what is best for the whole and what is best for the individual in conflict, then the choices that get made are not the best for the whole, because it is the individuals that making those choices. People (and businesses) will always buy the cheapest, even if it means eventually driving the economy into the ground, and even if they realize this to be true. Way too few individuals will make their immediate buying choices based on that because most would rather have the cost reductions for themselves, and let "the other guy" take the cost hit for improving the economy. In the end, so many people will be out of work that prices (food, rent, everything) will fall. Over time (and it will be many years of time), America's cost and standard of living will fall to where it meets that of India (which will have been rising). At that point we'll also have about the same level of unemployment. And all that because those who do have some money to spend, want to have what is cheapest today, even though they will also be losers in a few years because of everyone making this same decision.
The fix for the problem, though, is not to make general restrictive rules or add new taxes. Instead, the fix is to level the playing field with regard to world trade. Outsourcing is simply the importation of the fruits of labor, which adds to the trade deficit. Any changes made by the government should be focused at making world trade work equally for everyone.
My solution for the problem is to disallow the use of national currencies for world trade. Create a special international trade currency which everyone wanting to buy something from a foreign country must purchase domestically first, in order to make that foreign purchase. The supply of this currency will be fixed as a deficit ceiling. Once the international currency supply is exhausted in a given country, that country has reached its deficit level, and no more will be available until some trade in the opposite direction reduces that deficit and brings some of that currency back in. As the supply drops in a given country, its market price in that country also goes up, which has a gradual slowing effect, so there really won't be a hard boundary (unless some country simply isn't exporting at all). The trade deficit will then find a level the market is willing to do, and stay around there.
However, given the correct design, such checking can be made as efficient as checking the destination address. And given that the overall loss of resource due to abuse far exceeds the cost of checking the source address even with the way routers do it now, if everyone did it (check packets for proper source address), the total loss of resources would go down.
The real problem is that the decisions to do this checking are not made globally, but individually. When examined individually, one will not see a benefit (less incoming abuse) that corresponds to the cost (filter all the packets). So everyone individually will make a "business decision" to let the abuse continue, even though if it were done collectively, it would result in savings (cost reductions) for everyone.
It is perfectly valid for an ISP to restrict outbound packets to have only source addresses that are appropriate. I started doing this back in 1997 to make sure my users could never forge someone else's IP address (prevent smurfing and such). For a small ISP, this is easy; just add an access list on the outbound path of the upstream interface at the border router(s). For a large ISP, this gets to be a problem because more than one netblock would have to be added, and such a list would chew up the router big time. But if the router manufacturers would add an extra route lookup step, applied to the source address, and see if the return route matches where the packet came from, this kind of filtering might become feasible.
What do you mean by "authenticated access"? Do you mean the password the user uses to submit mail via AUTH-SMTP and/or MSA? I'm sure the virus will (when it needs to) just sit there and wait for the user to actually send some mail, and just spy on the entered password, and proceed to spam far and wide at some point thereafter (like when the computer goes idle so the user doesn't know the spamming has started).
Most Linux install disks will clean a PC. Not only will they clean the PC of the infection, but they will also clean it of spyware, as well as greedware. And it's free.
I block all the DSL and cable addresses I know about, mostly by means of a large domain name based list I have compiled, plus a few DNS based blacklists. But I think spammers are figuring out that I'm doing this, and in their desperation to ensure I end up with the largest penis in the world, they have resorted to making their spam zombies use their ISP mail servers instead of connecting direct to my mail servers. This is a definite trend. I guess I will have to start blocking those servers next. In the mean time, I'm providing the abuse desks at those ISPs with lots more evidence to ignore. I wonder what the spammers will do if I just quit using the internet altogether? Carrier pigeon?
Submitting an email address to the "do-not-spam list" risks that address leaking to foreign spammers (or domestic spammers operating in a foreign country). They would know the address is "for real" so they would be happy to add it to the lists they sell.
If the email addresses were distributed in MD5 encrypted format, it would be a little harder for spammers to do much else with it. Of course, as they scan their list to see who is on the "do-not-spam list", they can still sell those addresses to others (outside the US) as "for real". They won't get to know about new addresses from the list, but they will get to know whether or not new addresses gained from other places is real or maybe not.
Perhaps better would be to limit the list to domain names only. The domain name owner would have to authorize being on the list, but then it would specify any email address with any username part would be effectively listed. And even still, it would be MD5 encrypted so spammers aren't handed a list of domain names.
Ultimately, it will have very little effect (big time spammers will move operations to outside the US), and have some problems (spammers will be detecting many "for real" addresses in this). The real solution is to send spammers to the gallows.
OneOfTheBigReasonsThatI DislikeJavaAndC PlusPlusOrAtLeastThe WayTheyAreCommonlyProgrammed IsTheStandardizationOf LotsOfNamesThatAre HardToReadBecause OfBeingAllJammedTogether. YesItCanBeReadButI FindItSlowsThingsDown AndIsMoreStressfulToDoSoI JustDoNotLikeItVeryMuchAtAll.
You can write your boostrap compiler in any language you want, even an interpreted one. All you need is something that can let you parse the source and produce the binary output. Once that is done, now proceed to write the real compiler in the same language you created that it will be compiling. Once you have that working, you no longer need the bootstrap compiler, at least on that platform. Getting your language working on new machines might then involve that bootstrap compiler again, presuming what it was written in is already on that machine (so choose something reasonably portable).
One possibility for making a compiled language is to produce as compiled output something higher than assembly, such as C itself. This is how C++ got started so maybe C&& can get started the same way, too. That might be your bootstrap compiler or even your real compiler.
So C is not really dead. It's just being trampled on.
No language can replace C until it can compile its own compiler written in itself.
It might be illegal to rent a virtual server in the US, with a US assigned IP address, and run a private proxy server there for your own web access use. So for that reason you shouldn't do it.
I'm sure the cable companies loath having more customers calling support, and that this is why they've been reluctant to do this until now. But the fact remains that 95% of people won't do anything at all about the problem for various reasons:
- Their computer still works fine (if it ain't broke, don't fix it)
- They simply don't understand (they know that they aren't spamming)
- Friends have told them to never install unknown software
Of course it would help if the provider gives them some support, and I think they should. But the provider is not obligated to do so. This is all probably already in the terms of service. It is the customer's responsibility to do whatever it takes to ensure that they are not enabling abuse on the internet. Just because they are ignorant about how this happens only means someone has to help them out; but it is not the provider's obligation to compensate for ignorance.So, if you switch to Comcast, would you be doing anything stupid like letting your machine be used for abuse by others? Would you run an unsecured OS? The very fact that you are posting to /. suggests the probability of that is a lot lower for you than for the general population. So maybe you don't have to worry about it. As to those you live with ... if any of them fit the category described above, then maybe it is you who need to provide that support.
Just use a dialup account for that. It can even be within your own IP space, or if you are not an ISP, one from that same ISP (explain to them what you are doing and why you need a wide open access). Then just don't include that IP address in the list of those that the mail server accepts mail from for relaying (to test incoming).
Actually, it's rather easy to do with just a few pieces of the right equipment and a little bit of programming. The account would be flagged in the database for this, and their DHCP assigned IP would become a 10.X.X.X address. Then all SMTP attempts would hit a null route, and all HTTP attempts would hit a proxy server that intercepts any connection and puts up a page to explain the problem, and that they need to take action (clear the virus, call a special support number, etc).
As to scaling, sure, as big as Comcast is, and as many infected customers that they have, they'd need to have several of those proxy servers. But it is relatively easy to do. How many infected customers do you think they have? The more they have, the more important it is to do this.
The message needs to be loud and clear. If your business in any way supports and encourages frivolous and harassing lawsuits by folding and paying off such criminals, then it, and its customers, and its customers' customers, will be considered to be equally culpable for the purpose of public response and reaction, such as boycotts.
It isn't that SCO thinks Linux is bad; it's that SCO thinks that using Linux without paying the extortion money to SCO is bad.