I played SWG early on. Ironically I found the game to be so immersive and creative when it came to the realism of the world, that the gameplay itself took a back seat. I think this is a case of some great softare that has critically flawed game design.
Then again, it's entirely possible that SWG may be the most incredible MMORPG ever conceived, and because it seems to rely so much on player-generated content, it may take years before the game matures and shows what it's capable of.
However, the brilliance (or lack thereof) of the game may be moot. The other night I was in a club with a group of people and there was a Ms. Pac Man cocktail table game in the bar that people were lining up to play. Sometimes I think today's games have become so complex they've negated their value.
When you're playing a game that has 5000+ pages of documentation, with a minority hardcore community that considers you a n00b if you don't know that ALT-SHIFT-PgUp in combination with the alternative UI loaded and the spatial relativity ability received from completing the Lord Eladril quest will improve your defensive attack posture, you have to begin to wonder whether real life demoralization isn't preferable?
You get what you deserve for leaving register_globals on. It might be a PITA having it turned off, but explaining to all your customers that some guy in China will now be using their credit card numbers to purchase computer equipment might be a bigger pain in the ass.
Puleeze... give me a break. Stern may be many things, but he's way down on the list of people trying to protect freedom of speech. All he seems to care about is money, degrading women, and bowel movements.
He made a move for the money - not for the freedom. I suspect he only has one trick, and that's getting strippers to take off their tops and french kiss a fat guy, and he's worn out his welcome in the mainstream radio market.
I'm all for him having some place to practice his "art." And sometimes his show is amusing, but generally, when you grow up, you grow out of his sophmoric, degrading attempt at humor.
I think there are many other people who are more worthy of being appreciated for their attempts to express themselves in politically-incorrect ways.
Considering how Bush has avoided saying Bin Laden's name for the last few years, I'm inclined to not expect him to turn up before the election. If the administration had any hopes of showing up with him before the election, I can't imagine they'd try to get the American people to forget who he is like they've been doing.
Whatever the October surprise is going to be, I suspect it will turn up right before the election, not leaving any time for thorough investigation into the legitimacy of whatever stunt the administration may pull to affect last minute voting.
The truth of the matter is that the United States of America was already in a state of war with Iraq due to the earlier invasion of Kuwait,
Wrong. The truth of the matter is that you need to read the Consitution and the War Powers Act to understand the reality that our nation has not been at "war". Only Congress can declare war and that hasn't been done since WWII and Congress does not have the authority to give the executive branch the ability to do so.
Guys like you need to figure out which side of the fence you're going to be on. Either you respect the Constitution, or you don't. You can't pick-and-choose which elements of it you respect and ignore the others. Our founding fathers crafted a very specific process by which our nation declares war. The purpose of which was to avoid arbitrary provacative conflicts without thoughtful debate. Unfortunately that's what's happened in this circumstance, and the media and the administration calling this a "war" is pissing on the principals of our democracy.
Mr. Bush, why is our government protecting one of the world's most notorious arms smugglers, Victor Bout, known affectionately as the "merchant of death" and is suspected of supplying weapons to Al Quaeda? The administration has pushed to protect Bout from international sanctions claiming he's "assisting" the US in Iraq. Why is our country protecting this criminal? Why would the US do business with a man who has been supplying terrorists with weapons? Why is this story not being covered by the mainstream media?
Clinton didn't just lie -- he lied under oath during testimony at a trial. That's serious, especially for the leader of the Free World.
It's not confirmed that Clinton lied. He said he "did not have sexual relations" - the details are over the semantics of that statement. Clinton did not have sexual intercourse with Lewinski, and if his definition of the term centered around that act, his statement was accurate.
I fail to see how Clinton's ambiguous statement is any less semantically manipulative than Bush's. And Bush's "lies" were much more detrimental to the country.
Interesting story, but the problem is all the right wing pundits have been working their asses off for the last few years (not unlike what they're doing with CBS now) to promote the impression that the New York Times is a "liberal publication" that can't be trusted to report anything accurately.
This presents an easy opportunity to dismiss whatever they write whenever it isn't supportive. This seems to be a fundamental tenet of the conservative agenda: discredit the messenger and ignore the issue.
I don't know of any media that hasn't made mistakes, but you would think based on what gets the most attention (NYT, Dan Rather, Michael Moore, etc.), that this is exclusively limited to entities which have the audacity to promote items that aren't unconditionally supportive of the right-wing agenda.
I don't see how any non-right-wing-biased news source can ultimately survive when you have hoards of conservative pundits like Limbaugh, Hannity, O'Reilly and others with hours and hours of broadcast time each and every day spewing their unchallenged contempt for any institution which disagrees with their agenda.
It's really frightening how this notion of objectivity gets pushed further and further to the right.
Point 5 is downright idiotic. HTML is not executable by it self and unless you use a very old version of outlook (in which case you are asking for trouble), any javascript, vbscript or whatever will not be executed. Most virus mails are formatted as plaintext btw. The virus is almost always an attachment.
On a security level, html-email is LESS SECURE. That is a fact. I'm not talking specifically about executable issues, but actually, you're wrong about that too, with the recent vulnerability discovered in the JPEG rendering engine, an embedded image in html email could have the ability to execute arbitrary code on the client computer.
The idea is only idiotic if you're ignorant of the ways in which your machine and your personal security can be compromised. Even assuming there are no vulnerabilities, html-enabled e-mail allows anonymous parties to acquire more information about you. An embedded image in an e-mail can tie your IP address to your e-mail address and help identify your physical location.
Security isn't just about viruses. It's about protecting your privacy as well.
I tackle security in a more pragmatic fashion. I don't like removing features for security reasons. I ran without a firewall (not even NAT) & virusscanners throughout all the major virus and worms outbreaks over the past few years. None of them affected me because I knew how to configure outlook, shutdown services, etc. It's really that simple.
If you get paid by the hour to put out fires, the pragmatic approach is profitable... for you. But the article discusses proactive approaches.
I can afford to do this because I know what I'm doing. Ordinary users should rely on firewalls, virusscanners and spyware checkers to stay safe.
I'm sorry, but if you knew what you were doing, you wouldn't be giving others a false sense of security by promoting a goofy software gadget as a substitution for industry best security practices.
It's amusing that people focus on the latest-and-greatest security software, which IMO is more counterproductive than it is productive.
You get a whiz-bang anti-virus/firewall system set up and what does it do? Give you a false sense of security so you can feel more confident about engaging in irresponsible computer use. The problem is almost every piece of security software out there has at one point or another been vulnerable, so you're flirting with disaster.
I think no matter how many advances we have in this area, the basic rules of security will always apply:
1. Limit Accessibility.
99% of security issues are inside jobs. Limit physical access to your resources. Don't put any sensitive data on a machine that anyone else has access to that you don't want public. Use encryption, multi-wipe free space and turn off your machine when you're not using it.
Some people don't want to hear this but it needs to be said: DON'T USE WIRELESS if you're worried about security. No matter what precautions you're taking, by going Wireless you dramatically lower the integrity of your personal security PERIOD. It's one thing to use wireless on the road, but you should limit the sensitive information on your laptop in the first place because it's mobile, but it's really just plain lazy and irresponsible to run wireless in a permanent installation like your home if there is any practical way to avoid doing so.
I can't stress this enough: *unconditionally* WIRELESS IS MUCH LESS SECURE. It doesn't matter what protocol/encryption you're using, by going wireless you introduce additional ways your system/data can be accessed.
Remember the first commandment: True security is more dependent upon reducing access points than it is implementing protection of access points.
2. Disable ALL non-critical services. Don't run anything except what you need on your PC. Close all unused ports; remove all services and extra features and plug-ins that aren't needed. The fewer systems, the fewer points of vulnerability.
3. Keep all software fully-patched and up to date.
4. If possible, never use the "industry standard" software if it's not the most secure solution available. Dump IE and Outlook and switch to Firefox and Eudora.
5. TEXT ONLY E-MAIL... This, after #1 is IMO the biggest threat of them all. The added superficial benefit of html-email is not worth the security liabilities that come along with it. If you want to use html e-mail, I'd recommend a second, sandboxed account for that.
6. Never put a machine on public-addressable IP space unless it's a public server. Use a DSL/cable switch and put your systems on a VPN on the other side of a hardware firewall that filters out all non-essential traffic.
7. After you've taken care of 1-6, then and only then should you consider anti-virus/spyware and related software to be a useful addition.
I'm a conservative Republican that doesn't buy into the spew, and I don't support the crooks who have taken over my party. Maybe that's why I enjoy the Daily Show.
I think the Democratic party has become what the old Republican party used to be - they're a lot more focused on fiscal responsibility and less government regulation. The Republican party has swung so far right that it's now under the control of closed-minded, xenophobic, religious extremists with a precarious and dangerous plan for imposing a new world order.
If you're Republican, Conservative or Moderate, you need to take some time and seriously consider whether it's more practical to support the Democratic party than it is to try to change the extremist path of the current GOP. There's no motivation for the Republicans to do anything different, so if you're not happy with the status quo, it would be crazy to support them come November.
I don't know any Republicans who don't have just as many complaints as Democrats do with the current administration. So why would you maintain the status quo? Does anybody think that during his second term, Bush is suddenly going to become more fiscally responsible? Is he going to mysteriously develop a newfound respect for the rest of the world? Is he going to stop taking money from the people and giving it to huge multinational corporations? No. And if he gets elected in November, it will be perceived as a total validation of his methods and priorities.
One thing you can assume is that as long as the GOP doesn't fear losing its base, it has no intention of changing its priorities, so anyone who wants progress or change won't get it by keeping Bush in office. OTOH, the Democrats are so desperate to regain some of their lost power and status, they're much more impressionable. It would be a lot easier to get Kerry in office and then push for conservative-oriented solutions than it would be to vote for Bush and expect anything to be different.
But you did realize that all the calculation is done on the client end? Not in the server end. The server does not bruteforce anything. The server just makes a large random number r, runs MD5 (or what ever one-way hash function) to get H, sends H to client along with some bits of the r and tells the client to figure out the original r.
Whoever does the cpu work is irrelevant. It would be reasonable to assume that during the process of the client calculating the proper response, a socket would remain open to the server, thus wasting precious resources. This in quantity creates a denial-of-service condition. But then you address this...
The client can (and should!) work off-line, it does not have to be connected to the server while it does the computation.
And in the stateless environment of the Internet, how does the server allow the client to reconnect and validate itself? I guess the server has the burden of maintaining an elaborate database of IP state information... creating yet another drain of resources and an additional point of attack and method by which the server can be brought to its knees.
Beyond this, you're proposing that a single mail transaction require twice as many TCP connections, which cuts performance in half and doubles peak resource requirements. In reality, such a transaction would require much more than double the server resources because the server now has the added burden of validating all inbound connections against some sort of state database.
I agree, it's interesting debating with you on this issue. I apologize if I was overly acerbic with my words, but seriously, I really think this idea is totally counterproductive and I have trouble understanding how anyone with experience in all aspects of the spam problem would not agree with me.
You need to understand some basic premises to the spam problem... what most people think of when they think of "spam" are just a bunch of junk e-mails in their inbox. The spam problem affects much more than this.. and a true anti-spam solution has to do more than just limit junk e-mail.
There are several casualties of the spamedemic - here are them listed from most to least significant:
1. Internet Bandwidth - first and foremost, this is the big problem that most client-side spam solutions ignore. It's conservatively estimated that more than half the bandwidth on the Internet is unsolicited crap traffic like spam. This slows down performance of all other net-based services.
Your idea appears to address the issue by creating a condition upon which mail is accepted (or rejected prior to any more bandwidth being wasted), but it compounds the problem by doubling the amount of TCP connections needed. Result: no advantage.
RBLs are THE most bandwidth-efficient method of stopping spammers wasting bandwidth PERIOD. Under your scheme a challenge-response is requested. Using RBLs, as soon as the server determines the IP is invalid, the connection is closed. It's many times more efficient.
2. System resources - ISPs and companies that run their own mail servers have to build systems that are capable of handling ten or more times the mail traffic they would normally expect, just to not interrupt legitimate mail flow. This is a huge burden on legitimate companies that is passed along to consumers that most people don't consider. The degree to which an ISP can effectively handle mail determines the efficiency, speed and value of the service. If you've ever used AOL, you know that sometimes it may take hours or days for mail to arrive. This is the result of anti-spam systems being bogged down.
Your idea doesn't address this critical issue. In fact, your idea compounds the problem by requiring more client and server side resources. In fact, I'd say your idea probably increases the necessary server-side resources by a factor of 20-100 or more just to maintain the status quo.
In the last five years, I've personally spent over $20,000 on reso
I think this would be interesting, but how do you actually rebut a hundred different blogs?
Here's an example of a political blog that makes a lot of noise about political issues. Are these war rooms going to do a bunch of astroturfing, replying to peoples blogs, or are they going to serve as some central reference post that others can refer to?
No, no, no, no! Less spam, yes. But the legitimate mail would not be affected that much. Why? BECAUSE a normal person does NOT send 100s of mails per hour. They send maybe 2 or 3 (amortized over the duration of the day). For them the new kind of system wouldn't make any differences.
Yes, a normal person doesn't send 100s of mail an hour, BUT a normal mail server DOES handle 100s of legitimate mail an hour. And if you impose a stupid computational hash routine on each connection, you cut down on the efficiency of the mail server exponentially.
The whole concept is completely ridiculous and you have not demonstrated in the slightest that this would actually reduce spam any more than it would definitely cut down on legitimate e-mail efficiency.
I assumed you knew this but maybe you don't.
Servers have limitations on how many concurrent clients they can serve. These limits vary but every server and ever service, be in web or mail, has a threshold. This determines how fast and efficient information can be delivered. The most critical factor in performance is the speed at which the transaction can be concluded. If you impose a deliberate delay to this process that is ten thousand times greater than what it normally takes to complete, you effectively cripple the performance across-the-board of the service, and create a virtual "traffic jam" of pending requests - basically a "slashdot effect" on a mail server - and it won't distinguish between legit and spam mail.
Here's another example. Let's say your protocol is in force. You refuse to accept mail from spammers, but they have a large zombie army hitting your mail server from 50 different IPs at the same time. Under the old system, if your server only allowed 20 concurrent connections, you'd be unavailable for a second. Under your system, this zombie army, even though they might not be able to send spam, would still tie up the mail server and create a denial-of-service condition.
Your plan has no way of ever working.
I work in the trenches every day with this stuff. I've tried every solution you can imagine. I know what I'm talking about here. There's no way in hell I'd cripple my mail server on the goofball premise that it might reduce spam, when I know it won't.
Abandon this idea or else continue to lose credibility. There is NO WAY it would ever work.
We understand how important it is for people to feel someone listens when they offer comments and suggestions. As a result, we've developed this automated attendant to help process your inquiry.
Thank you very much for your letter. Your letter is important to us. But first please check our knowledge base, F.A.Q., and unofficial message forums. If this fails, fill out the 3-page customer service ticket at http://internet.com/cust/level1/sectionA/form1a.cf m
If this fails, you can speak to a customer service representative but please make sure to do so during standard business hours in the country of Pakistan, and have Java, ActiveX, Flash, Quicktime and the latest version of IE before you visit the user support area.
By using a hashcash-like computational puzzles, it just is PHYSICALLY IMPOSSIBLE for anyone to send large numbers of mails. (The machine which is to receive the message gives a computational puzzle for the client to solve, and will accept the message only after the result has been verified. This can be done in such a way that it WILL require e.g. 7 seconds of calculation per mail. And it cannot be bypassed. For instance the client has to bruteforce a collision for an n-bit hash function, given m bits, where m n (m chosen suitably to make the computation of desired length).
Like I said before... that's the most ridiculous, wasteful idea I've ever heard. Let's make e-mail rival snail mail in terms of delivery efficiency as a solution to solving spam?
One of the great values of e-mail is that it travels at the speed of light. To deliberately slow this down is offensive and stupid IMO. That's like creating a web site that can only handle one visitor every seven seconds. What's the point? Why even bother?
I got an idea for you that uses the same analogy. If you're worried about burglars breaking into your house, why don't you BURN IT DOWN? That way there won't be anything to break into. It's as good an ideas your computational hash challenge smtp circle jerk protocol.
3. Why RBLs are not the "ONLY way to go": RBL systems break down the moment someone 0wns the machine and uses that zombie box to send the mails. You cannot avoid this. It's a reality that systems are insecure.
Like you said, all systems are ultimately insecure, so your system doesn't solve the problem either - it just puts the entire Internet e-mail service on slo-mo... yes, you get less spam, but you also get less legitimate mail - and ultimately the preportion to spam-to-legitimate mail is exactly the same. Zero Sum Gain with the added bonus of almost completely destroying the usefulness of the e-mail system in the process. Congrats!
If you answer, please give an answer how a hashcash system can be subverted. I'm sure many people would like to know.
Do I even need to explain this to you? Like you said, every system can be subverted.
In any case, your idea only strenghens the value of spammers employing massive armies of zombie PCs which would send a spam e-mail at whatever interval the new protocol allowed.
In fact, your idea might actually increase the spam-to-legitimate mail ratio, because the spammers would adapt to the nature of the boneheaded protocol whereas end users would just arbitrarily send mail without thought as to the limitations of the protocol.
Think man. Why would you propose such a ridiculous standard that makes everyone suffer and slows down all mail service? It could just as easily be subverted... You're basing the value of your idea on the erroneous premise that we have small numbers of relays sending out massive amounts of spam - that's not the case any more - now we have wide arrays of relays bursting little bits of spam at programmed intervals... your idea would only make things worse. I'm curious, are you the author of the CAN-SPAM act?
How much advancement in battery technology has there been verses advancement in power conservation? We haven't developed fuels that get better milage; we've developed vehicles that use fuel more efficiently. We haven't developed better cell phone batteries; we've developed better cell phones and other electronic devices that use power more effectively.
Moore's law certainly doesn't apply to reserve energy resources.
This is why I find it frustrating that the government's solution to oil revolves around finding more/cheaper oil. It never has and never will be a solution. Just like it's not a solution to wear a battery belt pack to have a longer-living laptop. It's all about conservation and energy efficiency. At least the electronics industry knows this. Some other industries act like they don't.
Everyone has an agenda. Every piece of information you absorb was written by folks who lean one way or the other.
Stop calling shows "left" or "right" leaning. It shouldn't matter if you're open minded and do your own research.
When you complain that a show doesn't cater to your specific political slant, you advertise that you're too lazy to figure things out for yourself and you want someone to chew your food for you.
Be a big boy and stop whining. Everything is slanted. Exercise your brain to do your own research instead of exercising your mouth to complain about it.
There's plenty of dumb stuff on both sides of the aisle, but these days he hammers the Republicans, and lets the Dems completely off the hook.
I don't see where you get this. On every show he makes fun of Kerry. While the Daily Show is anything but right-leaning, they have more high-powered right wing figures as guests than they do the left on average, and they routinely promote the impression that Kerry is a monotone, one-dimensional person that's incapable of inspiring people - the idea of which might have been funny the first 10,000 times they played this tired joke, but that hasn't stopped them from continuing.
The Daily Show has always been a bit anti-republican. That's why its audience members are smarter and more informed. They don't fall for that, "They hate us because of our freedom" malarky the right-wing spew. If you're conservative/republican and you claim to be a party supporter yet you dismiss all the intelligence-insulting rhetoric your party routinely spews, you might want to get a grip and start doing your own research instead of demonizing any show that doesn't 100% jive with your agenda.
And let's be honest, the right wingers are the ones all-too-quick to completely condemn an institution if it doesn't meet with their narrow view of "unbiased". Totally unrealistic and naive.
Bush is specifically telling us we're safer and more secure and things are going great. It's not that I expect government to provide all those things (although feeling safe from a foreign invasion is something I'd generally hope my government would provide), these are the things Bush has been preaching he's doing.
Now if you choose Bush over Gore, why aren't you over in Iraq fighting? No excuses. If you're one of those who is in favor of my tax dollars going to invade countries who haven't threatened us, get your ass over there and fight. The sooner you lose your head, the higher the collective IQ of the remaining populace will increase.
Slashdot Mirror
I played SWG early on. Ironically I found the game to be so immersive and creative when it came to the realism of the world, that the gameplay itself took a back seat. I think this is a case of some great softare that has critically flawed game design.
Then again, it's entirely possible that SWG may be the most incredible MMORPG ever conceived, and because it seems to rely so much on player-generated content, it may take years before the game matures and shows what it's capable of.
However, the brilliance (or lack thereof) of the game may be moot. The other night I was in a club with a group of people and there was a Ms. Pac Man cocktail table game in the bar that people were lining up to play. Sometimes I think today's games have become so complex they've negated their value.
When you're playing a game that has 5000+ pages of documentation, with a minority hardcore community that considers you a n00b if you don't know that ALT-SHIFT-PgUp in combination with the alternative UI loaded and the spatial relativity ability received from completing the Lord Eladril quest will improve your defensive attack posture, you have to begin to wonder whether real life demoralization isn't preferable?
You get what you deserve for leaving register_globals on. It might be a PITA having it turned off, but explaining to all your customers that some guy in China will now be using their credit card numbers to purchase computer equipment might be a bigger pain in the ass.
My dog will be holding an important press conference in the backyard tomorrow at 3pm. He will discuss his agenda if he's elected President.
Puleeze... give me a break. Stern may be many things, but he's way down on the list of people trying to protect freedom of speech. All he seems to care about is money, degrading women, and bowel movements.
He made a move for the money - not for the freedom. I suspect he only has one trick, and that's getting strippers to take off their tops and french kiss a fat guy, and he's worn out his welcome in the mainstream radio market.
I'm all for him having some place to practice his "art." And sometimes his show is amusing, but generally, when you grow up, you grow out of his sophmoric, degrading attempt at humor.
I think there are many other people who are more worthy of being appreciated for their attempts to express themselves in politically-incorrect ways.
Considering how Bush has avoided saying Bin Laden's name for the last few years, I'm inclined to not expect him to turn up before the election. If the administration had any hopes of showing up with him before the election, I can't imagine they'd try to get the American people to forget who he is like they've been doing.
Whatever the October surprise is going to be, I suspect it will turn up right before the election, not leaving any time for thorough investigation into the legitimacy of whatever stunt the administration may pull to affect last minute voting.
The truth of the matter is that the United States of America was already in a state of war with Iraq due to the earlier invasion of Kuwait,
Wrong. The truth of the matter is that you need to read the Consitution and the War Powers Act to understand the reality that our nation has not been at "war". Only Congress can declare war and that hasn't been done since WWII and Congress does not have the authority to give the executive branch the ability to do so.
Guys like you need to figure out which side of the fence you're going to be on. Either you respect the Constitution, or you don't. You can't pick-and-choose which elements of it you respect and ignore the others. Our founding fathers crafted a very specific process by which our nation declares war. The purpose of which was to avoid arbitrary provacative conflicts without thoughtful debate. Unfortunately that's what's happened in this circumstance, and the media and the administration calling this a "war" is pissing on the principals of our democracy.
At least right-winged news sources openly proclaim that they are biased,
What have you been smoking?
I guess Fox News' "Fair and Balanced" slogan, or O'Reilly's "No Spin Zone" are examples of such proclaimations?
Mr. Bush, why is our government protecting one of the world's most notorious arms smugglers, Victor Bout, known affectionately as the "merchant of death" and is suspected of supplying weapons to Al Quaeda? The administration has pushed to protect Bout from international sanctions claiming he's "assisting" the US in Iraq. Why is our country protecting this criminal? Why would the US do business with a man who has been supplying terrorists with weapons? Why is this story not being covered by the mainstream media?
Clinton didn't just lie -- he lied under oath during testimony at a trial. That's serious, especially for the leader of the Free World.
It's not confirmed that Clinton lied. He said he "did not have sexual relations" - the details are over the semantics of that statement. Clinton did not have sexual intercourse with Lewinski, and if his definition of the term centered around that act, his statement was accurate.
I fail to see how Clinton's ambiguous statement is any less semantically manipulative than Bush's. And Bush's "lies" were much more detrimental to the country.
Interesting story, but the problem is all the right wing pundits have been working their asses off for the last few years (not unlike what they're doing with CBS now) to promote the impression that the New York Times is a "liberal publication" that can't be trusted to report anything accurately.
This presents an easy opportunity to dismiss whatever they write whenever it isn't supportive. This seems to be a fundamental tenet of the conservative agenda: discredit the messenger and ignore the issue.
I don't know of any media that hasn't made mistakes, but you would think based on what gets the most attention (NYT, Dan Rather, Michael Moore, etc.), that this is exclusively limited to entities which have the audacity to promote items that aren't unconditionally supportive of the right-wing agenda.
I don't see how any non-right-wing-biased news source can ultimately survive when you have hoards of conservative pundits like Limbaugh, Hannity, O'Reilly and others with hours and hours of broadcast time each and every day spewing their unchallenged contempt for any institution which disagrees with their agenda.
It's really frightening how this notion of objectivity gets pushed further and further to the right.
The best and funniest political game has to be BUSHGAME starring a huge cast of famous characters and tremendous amounts of content.
Point 5 is downright idiotic. HTML is not executable by it self and unless you use a very old version of outlook (in which case you are asking for trouble), any javascript, vbscript or whatever will not be executed. Most virus mails are formatted as plaintext btw. The virus is almost always an attachment.
On a security level, html-email is LESS SECURE. That is a fact. I'm not talking specifically about executable issues, but actually, you're wrong about that too, with the recent vulnerability discovered in the JPEG rendering engine, an embedded image in html email could have the ability to execute arbitrary code on the client computer.
The idea is only idiotic if you're ignorant of the ways in which your machine and your personal security can be compromised. Even assuming there are no vulnerabilities, html-enabled e-mail allows anonymous parties to acquire more information about you. An embedded image in an e-mail can tie your IP address to your e-mail address and help identify your physical location.
Security isn't just about viruses. It's about protecting your privacy as well.
I tackle security in a more pragmatic fashion. I don't like removing features for security reasons. I ran without a firewall (not even NAT) & virusscanners throughout all the major virus and worms outbreaks over the past few years. None of them affected me because I knew how to configure outlook, shutdown services, etc. It's really that simple.
If you get paid by the hour to put out fires, the pragmatic approach is profitable... for you. But the article discusses proactive approaches.
I can afford to do this because I know what I'm doing. Ordinary users should rely on firewalls, virusscanners and spyware checkers to stay safe.
I'm sorry, but if you knew what you were doing, you wouldn't be giving others a false sense of security by promoting a goofy software gadget as a substitution for industry best security practices.
It's amusing that people focus on the latest-and-greatest security software, which IMO is more counterproductive than it is productive.
You get a whiz-bang anti-virus/firewall system set up and what does it do? Give you a false sense of security so you can feel more confident about engaging in irresponsible computer use. The problem is almost every piece of security software out there has at one point or another been vulnerable, so you're flirting with disaster.
I think no matter how many advances we have in this area, the basic rules of security will always apply:
1. Limit Accessibility.
99% of security issues are inside jobs. Limit physical access to your resources. Don't put any sensitive data on a machine that anyone else has access to that you don't want public. Use encryption, multi-wipe free space and turn off your machine when you're not using it.
Some people don't want to hear this but it needs to be said: DON'T USE WIRELESS if you're worried about security. No matter what precautions you're taking, by going Wireless you dramatically lower the integrity of your personal security PERIOD. It's one thing to use wireless on the road, but you should limit the sensitive information on your laptop in the first place because it's mobile, but it's really just plain lazy and irresponsible to run wireless in a permanent installation like your home if there is any practical way to avoid doing so.
I can't stress this enough: *unconditionally* WIRELESS IS MUCH LESS SECURE. It doesn't matter what protocol/encryption you're using, by going wireless you introduce additional ways your system/data can be accessed.
Remember the first commandment: True security is more dependent upon reducing access points than it is implementing protection of access points.
2. Disable ALL non-critical services. Don't run anything except what you need on your PC. Close all unused ports; remove all services and extra features and plug-ins that aren't needed. The fewer systems, the fewer points of vulnerability.
3. Keep all software fully-patched and up to date.
4. If possible, never use the "industry standard" software if it's not the most secure solution available. Dump IE and Outlook and switch to Firefox and Eudora.
5. TEXT ONLY E-MAIL... This, after #1 is IMO the biggest threat of them all. The added superficial benefit of html-email is not worth the security liabilities that come along with it. If you want to use html e-mail, I'd recommend a second, sandboxed account for that.
6. Never put a machine on public-addressable IP space unless it's a public server. Use a DSL/cable switch and put your systems on a VPN on the other side of a hardware firewall that filters out all non-essential traffic.
7. After you've taken care of 1-6, then and only then should you consider anti-virus/spyware and related software to be a useful addition.
I'm a conservative Republican that doesn't buy into the spew, and I don't support the crooks who have taken over my party. Maybe that's why I enjoy the Daily Show.
I think the Democratic party has become what the old Republican party used to be - they're a lot more focused on fiscal responsibility and less government regulation. The Republican party has swung so far right that it's now under the control of closed-minded, xenophobic, religious extremists with a precarious and dangerous plan for imposing a new world order.
If you're Republican, Conservative or Moderate, you need to take some time and seriously consider whether it's more practical to support the Democratic party than it is to try to change the extremist path of the current GOP. There's no motivation for the Republicans to do anything different, so if you're not happy with the status quo, it would be crazy to support them come November.
I don't know any Republicans who don't have just as many complaints as Democrats do with the current administration. So why would you maintain the status quo? Does anybody think that during his second term, Bush is suddenly going to become more fiscally responsible? Is he going to mysteriously develop a newfound respect for the rest of the world? Is he going to stop taking money from the people and giving it to huge multinational corporations? No. And if he gets elected in November, it will be perceived as a total validation of his methods and priorities.
One thing you can assume is that as long as the GOP doesn't fear losing its base, it has no intention of changing its priorities, so anyone who wants progress or change won't get it by keeping Bush in office. OTOH, the Democrats are so desperate to regain some of their lost power and status, they're much more impressionable. It would be a lot easier to get Kerry in office and then push for conservative-oriented solutions than it would be to vote for Bush and expect anything to be different.
But you did realize that all the calculation is done on the client end? Not in the server end. The server does not bruteforce anything. The server just makes a large random number r, runs MD5 (or what ever one-way hash function) to get H, sends H to client along with some bits of the r and tells the client to figure out the original r.
Whoever does the cpu work is irrelevant. It would be reasonable to assume that during the process of the client calculating the proper response, a socket would remain open to the server, thus wasting precious resources. This in quantity creates a denial-of-service condition. But then you address this...
The client can (and should!) work off-line, it does not have to be connected to the server while it does the computation.
And in the stateless environment of the Internet, how does the server allow the client to reconnect and validate itself? I guess the server has the burden of maintaining an elaborate database of IP state information... creating yet another drain of resources and an additional point of attack and method by which the server can be brought to its knees.
Beyond this, you're proposing that a single mail transaction require twice as many TCP connections, which cuts performance in half and doubles peak resource requirements. In reality, such a transaction would require much more than double the server resources because the server now has the added burden of validating all inbound connections against some sort of state database.
I agree, it's interesting debating with you on this issue. I apologize if I was overly acerbic with my words, but seriously, I really think this idea is totally counterproductive and I have trouble understanding how anyone with experience in all aspects of the spam problem would not agree with me.
You need to understand some basic premises to the spam problem... what most people think of when they think of "spam" are just a bunch of junk e-mails in their inbox. The spam problem affects much more than this.. and a true anti-spam solution has to do more than just limit junk e-mail.
There are several casualties of the spamedemic - here are them listed from most to least significant:
1. Internet Bandwidth - first and foremost, this is the big problem that most client-side spam solutions ignore. It's conservatively estimated that more than half the bandwidth on the Internet is unsolicited crap traffic like spam. This slows down performance of all other net-based services.
Your idea appears to address the issue by creating a condition upon which mail is accepted (or rejected prior to any more bandwidth being wasted), but it compounds the problem by doubling the amount of TCP connections needed. Result: no advantage.
RBLs are THE most bandwidth-efficient method of stopping spammers wasting bandwidth PERIOD. Under your scheme a challenge-response is requested. Using RBLs, as soon as the server determines the IP is invalid, the connection is closed. It's many times more efficient.
2. System resources - ISPs and companies that run their own mail servers have to build systems that are capable of handling ten or more times the mail traffic they would normally expect, just to not interrupt legitimate mail flow. This is a huge burden on legitimate companies that is passed along to consumers that most people don't consider. The degree to which an ISP can effectively handle mail determines the efficiency, speed and value of the service. If you've ever used AOL, you know that sometimes it may take hours or days for mail to arrive. This is the result of anti-spam systems being bogged down.
Your idea doesn't address this critical issue. In fact, your idea compounds the problem by requiring more client and server side resources. In fact, I'd say your idea probably increases the necessary server-side resources by a factor of 20-100 or more just to maintain the status quo.
In the last five years, I've personally spent over $20,000 on reso
I think this would be interesting, but how do you actually rebut a hundred different blogs?
Here's an example of a political blog that makes a lot of noise about political issues. Are these war rooms going to do a bunch of astroturfing, replying to peoples blogs, or are they going to serve as some central reference post that others can refer to?
No, no, no, no! Less spam, yes. But the legitimate mail would not be affected that much. Why? BECAUSE a normal person does NOT send 100s of mails per hour. They send maybe 2 or 3 (amortized over the duration of the day). For them the new kind of system wouldn't make any differences.
Yes, a normal person doesn't send 100s of mail an hour, BUT a normal mail server DOES handle 100s of legitimate mail an hour. And if you impose a stupid computational hash routine on each connection, you cut down on the efficiency of the mail server exponentially.
The whole concept is completely ridiculous and you have not demonstrated in the slightest that this would actually reduce spam any more than it would definitely cut down on legitimate e-mail efficiency.
I assumed you knew this but maybe you don't.
Servers have limitations on how many concurrent clients they can serve. These limits vary but every server and ever service, be in web or mail, has a threshold. This determines how fast and efficient information can be delivered. The most critical factor in performance is the speed at which the transaction can be concluded. If you impose a deliberate delay to this process that is ten thousand times greater than what it normally takes to complete, you effectively cripple the performance across-the-board of the service, and create a virtual "traffic jam" of pending requests - basically a "slashdot effect" on a mail server - and it won't distinguish between legit and spam mail.
Here's another example. Let's say your protocol is in force. You refuse to accept mail from spammers, but they have a large zombie army hitting your mail server from 50 different IPs at the same time. Under the old system, if your server only allowed 20 concurrent connections, you'd be unavailable for a second. Under your system, this zombie army, even though they might not be able to send spam, would still tie up the mail server and create a denial-of-service condition.
Your plan has no way of ever working.
I work in the trenches every day with this stuff. I've tried every solution you can imagine. I know what I'm talking about here. There's no way in hell I'd cripple my mail server on the goofball premise that it might reduce spam, when I know it won't.
Abandon this idea or else continue to lose credibility. There is NO WAY it would ever work.
Dear John Q. Irony
We understand how important it is for people to feel someone listens when they offer comments and suggestions. As a result, we've developed this automated attendant to help process your inquiry.
Thank you very much for your letter. Your letter is important to us. But first please check our knowledge base, F.A.Q., and unofficial message forums. If this fails, fill out the 3-page customer service ticket at http://internet.com/cust/level1/sectionA/form1a.c
If this fails, you can speak to a customer service representative but please make sure to do so during standard business hours in the country of Pakistan, and have Java, ActiveX, Flash, Quicktime and the latest version of IE before you visit the user support area.
Thank you. We do care.
- Internet Inc.
But what do you call people who are disenfranchised by both the major American parties?
Americans, or at least 99.99% of them.
By using a hashcash-like computational puzzles, it just is PHYSICALLY IMPOSSIBLE for anyone to send large numbers of mails. (The machine which is to receive the message gives a computational puzzle for the client to solve, and will accept the message only after the result has been verified. This can be done in such a way that it WILL require e.g. 7 seconds of calculation per mail. And it cannot be bypassed. For instance the client has to bruteforce a collision for an n-bit hash function, given m bits, where m n (m chosen suitably to make the computation of desired length).
Like I said before... that's the most ridiculous, wasteful idea I've ever heard. Let's make e-mail rival snail mail in terms of delivery efficiency as a solution to solving spam?
One of the great values of e-mail is that it travels at the speed of light. To deliberately slow this down is offensive and stupid IMO. That's like creating a web site that can only handle one visitor every seven seconds. What's the point? Why even bother?
I got an idea for you that uses the same analogy. If you're worried about burglars breaking into your house, why don't you BURN IT DOWN? That way there won't be anything to break into. It's as good an ideas your computational hash challenge smtp circle jerk protocol.
3. Why RBLs are not the "ONLY way to go": RBL systems break down the moment someone 0wns the machine and uses that zombie box to send the mails. You cannot avoid this. It's a reality that systems are insecure.
Like you said, all systems are ultimately insecure, so your system doesn't solve the problem either - it just puts the entire Internet e-mail service on slo-mo... yes, you get less spam, but you also get less legitimate mail - and ultimately the preportion to spam-to-legitimate mail is exactly the same. Zero Sum Gain with the added bonus of almost completely destroying the usefulness of the e-mail system in the process. Congrats!
If you answer, please give an answer how a hashcash system can be subverted. I'm sure many people would like to know.
Do I even need to explain this to you? Like you said, every system can be subverted.
In any case, your idea only strenghens the value of spammers employing massive armies of zombie PCs which would send a spam e-mail at whatever interval the new protocol allowed.
In fact, your idea might actually increase the spam-to-legitimate mail ratio, because the spammers would adapt to the nature of the boneheaded protocol whereas end users would just arbitrarily send mail without thought as to the limitations of the protocol.
Think man. Why would you propose such a ridiculous standard that makes everyone suffer and slows down all mail service? It could just as easily be subverted... You're basing the value of your idea on the erroneous premise that we have small numbers of relays sending out massive amounts of spam - that's not the case any more - now we have wide arrays of relays bursting little bits of spam at programmed intervals... your idea would only make things worse. I'm curious, are you the author of the CAN-SPAM act?
This doesn't surprise me at all.
How much advancement in battery technology has there been verses advancement in power conservation? We haven't developed fuels that get better milage; we've developed vehicles that use fuel more efficiently. We haven't developed better cell phone batteries; we've developed better cell phones and other electronic devices that use power more effectively.
Moore's law certainly doesn't apply to reserve energy resources.
This is why I find it frustrating that the government's solution to oil revolves around finding more/cheaper oil. It never has and never will be a solution. Just like it's not a solution to wear a battery belt pack to have a longer-living laptop. It's all about conservation and energy efficiency. At least the electronics industry knows this. Some other industries act like they don't.
There is no such thing as "non-partisian"!
Everyone has an agenda. Every piece of information you absorb was written by folks who lean one way or the other.
Stop calling shows "left" or "right" leaning. It shouldn't matter if you're open minded and do your own research.
When you complain that a show doesn't cater to your specific political slant, you advertise that you're too lazy to figure things out for yourself and you want someone to chew your food for you.
Be a big boy and stop whining. Everything is slanted. Exercise your brain to do your own research instead of exercising your mouth to complain about it.
There's plenty of dumb stuff on both sides of the aisle, but these days he hammers the Republicans, and lets the Dems completely off the hook.
I don't see where you get this. On every show he makes fun of Kerry. While the Daily Show is anything but right-leaning, they have more high-powered right wing figures as guests than they do the left on average, and they routinely promote the impression that Kerry is a monotone, one-dimensional person that's incapable of inspiring people - the idea of which might have been funny the first 10,000 times they played this tired joke, but that hasn't stopped them from continuing.
The Daily Show has always been a bit anti-republican. That's why its audience members are smarter and more informed. They don't fall for that, "They hate us because of our freedom" malarky the right-wing spew. If you're conservative/republican and you claim to be a party supporter yet you dismiss all the intelligence-insulting rhetoric your party routinely spews, you might want to get a grip and start doing your own research instead of demonizing any show that doesn't 100% jive with your agenda.
And let's be honest, the right wingers are the ones all-too-quick to completely condemn an institution if it doesn't meet with their narrow view of "unbiased". Totally unrealistic and naive.
Bush is specifically telling us we're safer and more secure and things are going great. It's not that I expect government to provide all those things (although feeling safe from a foreign invasion is something I'd generally hope my government would provide), these are the things Bush has been preaching he's doing.
Now if you choose Bush over Gore, why aren't you over in Iraq fighting? No excuses. If you're one of those who is in favor of my tax dollars going to invade countries who haven't threatened us, get your ass over there and fight. The sooner you lose your head, the higher the collective IQ of the remaining populace will increase.