When I first saw this topic it really got my brain reeling about the possibilities.
Then I came back down to earth.
As much as I have hundreds of questions I could pose to each of the candidates, I know that ultimately any real tough or direct question would never be answered from them in any straightforward manner.
So what's the point?
Ask yourself, what could either of these men tell you that would really change your mind about them? What brilliant revelation will come from their lips that will suddenly make you understand? We've delved into their history to the nth degree. If you can't tell what kind of people they are from their past and their present, and knowing that in person you're going to get "politician-speak", what's the point?
98% of the questions posed here would never pass muster to be asked to either of the candidates in a substantive public forum, and ironically, all of us know what the answers would be. Bush would respond with a shallow, thoughtless one-to-three word quip and then look at you like you slept with his wife while signalling the SS to remove you, and Kerry would blather all around the subject and twist it around to the talking points he rehearsed earlier in the day.
No wonder people don't vote. No wonder we don't have truly great people in office any more. Who wants to put up with it?
Aside from that, you bet your ass I'll be voting this year, as I do every year. The people this election is really about are not the people running, but everybody else in the country. You don't need to know diddly about Bush or Kerry. Look at your world and ask yourself if in the last four years you like the way things have been going. If you feel safer, more secure, live more comfortably, have more money and job security and better healthcare, then vote for GW Bush. If you aren't happy with the way things are going, one things for sure, keeping the same guy in office won't improve things and considering how the last election went, you can't afford to vote idealistically for a candidate who has no chance of winning. So it comes down to Bush or Kerry, and you must vote Kerry if you don't like the status quo. What either of them do or say at this point is moot to me. I'd vote for a bagel over Bush just to see if it could run the country better, and even in that case I'd be more hopeful and optimistic than I am now.
And so what is your explanation for the hyper-avoidance of liability in the United States?
I'm not proposing an end to restitution -- what I don't like is punitive damages.
For every goofy case you can cite that appears to be an abuse of the system, there are a thousand people who were shafted by corporate america and don't get the justice they deserve.
The problem is that the current model -- allow those who sue to take as large a chunk of flesh as they can rip off -- clearly has major problems. I'm watching general practitioners unable to practice in West Virginia because the costs of insurance now exceed the money that can be made. I drink my coffee in the morning from a cup with a safety-molded top with a tiny slit in it so that the coffee can only come out slowly with a big extruded text warning reading "CAUTION: BEVERAGE MAY BE HOT! SIP WITH CAUTION!" I want to pont out that no products can list actual health hazards any more because they're drowned out with cover-your-ass garbage added onto the products by corporate lawyers.
You know, I KNEW you were going to bring up the McDonald's case as an example, and fall prey to the same ignorant propaganda that you're regurgitate. How much do you actually know about the infamous McDonald's coffee-spill case? Have you read the court documents? No, I bet your impression of the abuse of the legal system is the result of 10-second soundbytes spewed at you from Fox News.
Why don't you read that case. Get the original documents and don't further propagate completely inaccurate characterizations.
This is one of the classic cases that shills for the insurance industry foise upon the public without disclosing the whole details, to call attention to outrageous punitive damages. In the McDonald's case they don't tell you a number of things:
The Facts
McFacts about the McDonalds Coffee Lawsuit
Everyone knows what you're talking about when you mention "the McDonald's lawsuit." Even though this case was decided in August of 1994, for many Americans it continues to represent the "problem" with our civil justice system.
The business community and insurance industry have done much to perpetuate this case. They don't want us to forget it. They know it helps them convince politicians that "tort reform" and other restrictions on juries is needed. And worse, they know it poisons the minds of citizens who sit on juries.
Unfortunately, not all the facts have been communicated - facts that put the case and the monetary award to the 81-year old plaintiff in a significantly different light.
According to the Wall Street journal, McDonald's callousness was the issue and even jurors who thought the case was just a tempest in a coffee pot were overwhelmed by the evidence against the Corporation.
The facts of the case, which caused a jury of six men and six women to find McDonald's coffee was unreasonably dangerous and had caused enough human misery and suffering that no one should be made to suffer exposure to such excessively hot coffee again, will shock and amaze you:
McFact No. 1: For years, McDonald's had known they had a problem with the way they make their coffee - that their coffee was served much hotter (at least 20 degrees more so) than at other restaurants.
McFact No. 2: McDonald's knew its coffee sometimes caused serious injuries - more than 700 incidents of scalding coffee burns in the past decade have been settled by the Corporation - and yet they never so much as consulted a burn expert regarding the issue.
McFact No. 3: The woman involved in this infamous case suffered very serious injuries - third degree burns on her groin, thighs and buttocks that required skin grafts and a seven-day hospital stay.
McFact No. 4: The woman, an 81-year old former department store clerk who had never before filed suit against anyone, said she wouldn't have brought the lawsuit against McDonald's had the Corporati
Do Linux geeks take this to seriously and too heart? It seems, and it was predictable, that Linux geeks where going to come out firing at this. But why? Who cares if someone is using Windows over Linux.
It's not about Linux vs Windows. It's about truth vs propaganda.
This is an important story because you have a very big publishing company that is repackaging completely erroneous FUD as "news". This trend keeps continuing, in part due to people like you who seem to have this, "who cares?" attitude instead of challenging journalists to be responsible.
This article is analagous to someone hiring a crappy mechanic who can't fix their car and charges them too much, and blaming it on the brand of vehicle. It's completely misleading and inappropriate.
I recently turned down a job where the client wanted me to develop a Linux-based solution for them, but I actually recommended an all-Windows sytem because they were an all-Microsoft shop running SQL server and it seemed like the best choice for them. There are scenarios where one might choose Microsoft over Linux, but the ones outlined in the article are completely misleading and false in the claims and rationality employed.
Likewise, I've developed Linux-based e-commerce systems that have been in continuous operation for almost ten years, handling tens of millions of dollars in transactions for sites exponentially larger than the two lame companies cited in the story. The story implies that Linux can't handle even modest capabilities in this area. That's a total lie.
I find it offensive that they had the ignorance and audacity to blame their mess on the operating platform when it was obviously a crappy developer/contractor.
And I'd bet the real story is, some mid-level-manager boneheads in both companies came up with the idea to blame the OS to save their own jobs.
This kind of BS promotes the idea that the talent is secondary to the tools, which no self-respecting tech person would agree with.
If you don't challenge ridiculous crap like this, it starts to grow larger than life and you become part of the problem, rather than the solution.
I hope the Software Publishers Association is reading this article... this brings up a great new tactic for them to identify places to raid.
Any company that moves from Linux to Windows, or claims Windows has a lower TCO needs to be raided because you sure as hell know half the stuff they're running is unlicensed.
I would like to ask you, how did you feel when Telnet was replaced with SSH? That required phasing out a (security-wise) broken protocol with something that works a whole lot better. You could have insisted on policies which say "thou shalt not eavesdrop" but that clearly doesn't work. A better solution is to just make it technically/computationally impossible (or at least as hard as possible) to eavesdrop.
Telnet was not replaced with SSH. That's an invalid analogy. SSH was an *alternative* to Telnet that was an improvement. It didn't force anyone else to abandon telnet as a protocol; it didn't require global standardization. This was only relevant between two specific hosts that wanted to connect to each other - it's not basically a public-serving protocol like smtp or http.
I choose SSH over Telnet because I completely control who I want to have shell access on my server. This is different from SMTP which is a global protocol that continuously accepts connections from unknown hosts.
Do you see from the previous example the difference between "thou shalt not send spam" vs. "thou cannot send spam"?
You're living in a dream world if you ever think you can completely stop people from sending spam.
What do you hope to accomplish by redefining the protocol? What?? Enforcing accuracy in e-mail header/source information? What good will that do? Do you think spammers aren't capable of operating from legit hosts and have reverse DNS control? Of course they can. So then what? You have your fancy-schmancy new protocol and the spammers are using it, and they're just as legit as anyone else. So how does this change anything? Oh, you say, if they can't forge header information then you can stop them? How? Oh wait.. by blacklisting them. Well, that's what we already do and we don't need any stupid rewrite to the protocol!
It's not about "thou cannot send spam". It's about: "thou can send spam, but not to my system *click*"
That's why RBLs are the ONLY way to go. Your idea is counterproductive, wastes exponentially more resources, consumes more bandwidth, costs more money, requires more manpower, slows down mail service, slows down all internet-based services, requires an unrealistic mass change in system standardization, and in the end, STILL WON'T MAKE ANY DIFFERENCE.
The only real change in protocol that will work is one which checks the validity of the remote relay against a list of acceptable/unacceptable hosts - everything else can be subverted.
If US legal cases had capped damages, companies wouldn't be so hung up on avoiding the slightest hint of liability, willing to lose customers, even, to avoid the faintest trace.
Puleeze. Try that propaganda someplace where the readers have an average I.Q. under 50.
For every goofy case you can cite that appears to be an abuse of the system, there are a thousand people who were shafted by corporate america and don't get the justice they deserve. Stop propagating myths trumped up by corporate america to further screw over the consumer. We don't need tort reform; we need court reform and corporate reform.
I shopped around for years. I refuse to use Godaddy and NSI. I think there is no perfect registrar, but I've been very pleased with Dotster. When I first started they were running a horrendously-inefficient.ASP-based system that croaked during peak hours. I complained and apparently they listened, and converted over to PHP and their system works much better now.
I blame one unscrupulous company for most of the problems in this area, and that's the Domain Registry of America scam where they send out misleading "renewal notices" even though they're not the registrar for the domain. Why these people are still allowed to operate is beyond me.
Mail servers should be "licensed" to operate on the Internet
This doesn't work. Think zombie machines in some ISP's network.. Windoze machines which the ISP considers trusted, most likely, since it's their customers we're talking about. The mail server is licensed, all right, but the zombie client can pump out a million messages through that licensed server.
It does work. Like you said earlier, smart relays should trigger an alarm if any single client starts to send out too much mail, but that should be a voluntary (responsible) practice adopted by ISPs who handle large user bases. It should NOT be part of some goofy new protocol standard which requires everyone on the planet to upgrade.
If the ISP can't control their internal clients, then they deserve to lose their SMTP license.
This is the same topology that's threatening the more irresponsible ISPs. If they don't start controlling port 25 traffic on their DULs, their whole IP space gets blacklisted... as it should be, until they start losing business because nobody wants to take their smtp traffic.
You see, the problem with spamming is that the spammers do not follow the system: they'll break into a licensed SMTP box if need be. To beat spam, you just have to make it (physically) impossible to send large numbers of mail messages. It's that simple.
You obviously don't have much experience in this area.
Spammers aren't breaking into known legit relays any more. Because those relays are locked solid and monitored. They're very hard to control.
Besides, let spammers break into inner networks and create zombies through legit SMTP relays. I GUARANTEE you in such cases the ISP will act A LOT FASTER to fix the problem, lest they get their main relay blacklisted. As it stands, they don't give a crap about zombies polluting the internet autonomously.
Bring up the services list to get a general idea of what is running or can be run (on demand). Keep in mind that the list is incomplete and disabling a service there might not really turn it off;
Ahhh, Unix, how do I love thee... Let me count the ways... at least I can get an accurate list.
The last two Star Wars movies were parodies themselves. How can you tell the difference?
Seriously, Mr. Lucas, please put down the bullhorn and step away from the camera. Start writing children's books or something, but on behalf of myself and others, I urge you to back away from the franchise and let it die a natural death. There's no sense running it over a cliff.
"When is the last time the SEC or a Certified Public Accountant identified a case of major corporate fraud before the scam was so far gone it sent the company to court and probably bankruptcy?"
When dod the police catch on a planned murder (or other crime) before it is actually comitted? -- very very rarely. So should we disband the police? Or should we consider that even if they are too late to prevent a crime punishing the criminal provides justice and prevention to other criminals.
Wow. Worst analogy evah!
Since when do criminal file annual reports on their crime activity? Since when do criminals submit quarterly estimated tax returns? Since when do criminals submit to independent audits of their business?
I don't understand why these companies can "settle" the case arbitrarily. This seems like BS to me. If they did something illegal, there should be no "settling". There should be a trial and punishment, criminal punishment.
I am beginning to believe these cases are not unlike the old Ford Pinto problems of the past, where the corporation has factored into their scam, how much it would cost to "settle" and end up profiting even after they get caught.
1. Eliminate four positions, increase one person's salary by 20% Give them four times more work. Solicit young college grads instead of older people who don't know they're getting shafted.
2. Send out a press release showing the economy is doing great because salaries are going up.
What's even more interesting is that the CPUs are split almost 50-50 between Intel and AMD.
Unfortunately, the major computer vendors are not offering many choices in the way of AMD processors.
It seems to me that the mainstream PC vendors better jump on the AMD bandwagon or else more and more users are going to be building their own, cheaper and faster.
So, rewrite the mail system in such a way that each mail sent requires the sender's computer to crack a small computational puzzle, which takes e.g. 10 seconds. That's a technological solution. It restricts you so that you can only send 6 mails per minute. For normal use, this is more than enough: in 10 minutes you can send 60 mails. However, you cannot achieve throughput in the rate of many tens of mails per second. Rate of spamming is thereby reduced.
How is this any form of improvement? Penalize everyone on the planet because of spammers? Force an entire worldwide network systems upgrade? Slow down mail service exponentially?
And for what? A gamble that it will make any difference whatsoever? It's doubtful it would. The idea is totally impractical as well as 99% likely to be ineffective in the first place.
The closest thing we have to a technological solution is very simple, and all effective methods of spam control ultimately gravitate towards this solution, which is SMTP whitelisting. Mail servers should be "licensed" to operate on the Internet and regulated by some centrally-located body that follows very strict standards mutually agreed upon. People argue that finding a body that could legitimately regulate such a system would be impossible. I disagree. We have a TLD system that, for the most part, performs a similar service in handling DNS. We could do one step better with the licensing of SMTP relays and offer networks the ability to only accept mail from whitelisted relays.
This can be done without having to rewrite any smtp protocol and it would actually result in *improved* mail service performance. It would also almost completely eradicate the propagation of worm/virus mail which almost always involves turning the client PC into an (unauthorized) SMTP relay.
There's your technical solution. I'll bet good money if there ever is any major dent done technologically to spamming, it will be based on a form of mail relay whitelisting. Right now RBLs are THE most effective method across the board; the next step is to move from blacklisting to whitelisting. If we don't do this before we migrate to IPv6, we're all screwed.
All of this notwithstanding, we still have nonexistent law enforcement in cyberspace. No technological solution will make up for the fact that the Internet is full of criminals who operate without fear because law enforcement for the most part refuses to take action against these criminals - this is the other half of the "solution" and the onc in which the least amount of progress has been made.
First I think it's fascinating, the whole notion of trying to create an effective bot. I generally agree with most of the comments here. Bots wouldn't put an end to the industry; for every angle they may be able to exploit, there's at least one angle to exploit and/or discover them.
I've been playing a bit of online poker and there are times when I felt I was at a table of "non-humans" the way they played so mechanically and didn't talk.
However, if I were the developer of a poker system, one of the first things I'd do would be to regularly inventory the list of running processes on the machine - this would be one way of eventually identifying bots. To thwart this, you'd need a much more elaborate multi-machine system.
I think it's a lot easier to design systems to thwart bots than it is to create an effective one.
As I see it, the entire online gambling industry, even at its most reputable level, is still extremely dubious and unstable. You never know if you hit the big jackpot, whether or not the company will pay you or come up with some excuse to not do so, and since online gambling is a questionably legal activity in the first place, I think anyone who takes it too seriously is foolish. Then again, fools have always been drawn by the appeal of easy money.
I believe most tech people really aren't that interested in gambling. Once you know the odds, if you're smart, you know better than to gamble. OTOH, there is definitely an appeal to creating a bot/design that can manipulate the system.
I think this problem will just escalate for as long as we have SMTP in use. So maybe SMTP as a protocol needs a rehaul, or a revision to rewrite it completely (and call it something different). I think it wouldn't be impossible to pull off.
Waste of time.
Every month someone suggests that there's a technological solution to this problem. But there isn't. This isn't a tech problem. It's a law-enforcement/sociological problem.
You can only go so far technologically as long as spammers are allowed to compromise peoples' computers and use them for improper activities.
Ever ask yourself why this doesn't happen with POTS? If someone called your phone once every two minutes to sell you something, the phone company is compelled to do something about it. We don't have this mandate in cyberspace. And spammers commit felony crimes in the tens of thousands every single day, yet law enforcement doesn't go after these guys.
I contend there are approximately a dozen or so spamming outfits that are responsible for 80% of the spam on the Internet. These criminals are in the United States; they're well known and easy to track. They may use foreign systems to partially hide their tracks, but their tracks can easily be traced. If law enforcement would prosecute a few of these outfits and put some spammers in jail, I think we'd see a lot less spam. Some might argue that this wouldn't deter future spammers. I disagree.
Please take this opportunity to call your local District Attorney and request that his office begin prosecuting computer tampering cases. In most states, each instance of the installation of a worm on a machine carries a criminal sentence of 1-3 years in prison. These are serious felony crimes that can be prosecuted in state and federal court.
One spammer, caught with a list of zombie PCs and evidence he has been using these PCs could be sent to jail for a long time IF the authorities would get off their asses and start prosecuting these cases.
Anyone in law enforcement needs to do nothing more than set up an unpatched copy of Windows and wait 30 minutes to catch someone, then start documenting who exploits their systems and nail them.
The first time someone goes to jail for this, we'll see a major drop in the propagation of these worms.
We all know this activity is mainly being perpetrated in the US by US citizens. They may be contracting with Indians and foreigners for design work, but their tracks can be traced. We all know it - explain this to the DA and the Federal Attorneys we want these cases prosecuted. Right now they blow off these cases.
Call your District Attorney and let him know that you will not tolerate the apathy they've exhibited towards bringing these criminals to justice.
The idea that things not specifically "needed" (as determined by whom?) are suspect or should need to be justified for some reason has implications that I don't like, most especially when applied blithely to weapons (potentially, at least) of self defense.
Wow, no disrespect, but you've come up with the worst analogies I've seen. To use your analogy, who needs guns in the first place? We can use rocks. But who needs rocks? That argument goes nowhere.
Another snide but serious answer to "Who needs a gun designed to kill people?" is, "Well, the Swiss seem to think that they do, and they don't get invaded very often."
Apples and Oranges. The citizens of Switzerland are its militia. They all have assault weapons, true. But they don't have a standing army like we do. They are also NOT ALLOWED to use the weapons they have except as specifically mandated.
Slashdot Mirror
When I first saw this topic it really got my brain reeling about the possibilities.
Then I came back down to earth.
As much as I have hundreds of questions I could pose to each of the candidates, I know that ultimately any real tough or direct question would never be answered from them in any straightforward manner.
So what's the point?
Ask yourself, what could either of these men tell you that would really change your mind about them? What brilliant revelation will come from their lips that will suddenly make you understand? We've delved into their history to the nth degree. If you can't tell what kind of people they are from their past and their present, and knowing that in person you're going to get "politician-speak", what's the point?
98% of the questions posed here would never pass muster to be asked to either of the candidates in a substantive public forum, and ironically, all of us know what the answers would be. Bush would respond with a shallow, thoughtless one-to-three word quip and then look at you like you slept with his wife while signalling the SS to remove you, and Kerry would blather all around the subject and twist it around to the talking points he rehearsed earlier in the day.
No wonder people don't vote. No wonder we don't have truly great people in office any more. Who wants to put up with it?
Aside from that, you bet your ass I'll be voting this year, as I do every year. The people this election is really about are not the people running, but everybody else in the country. You don't need to know diddly about Bush or Kerry. Look at your world and ask yourself if in the last four years you like the way things have been going. If you feel safer, more secure, live more comfortably, have more money and job security and better healthcare, then vote for GW Bush. If you aren't happy with the way things are going, one things for sure, keeping the same guy in office won't improve things and considering how the last election went, you can't afford to vote idealistically for a candidate who has no chance of winning. So it comes down to Bush or Kerry, and you must vote Kerry if you don't like the status quo. What either of them do or say at this point is moot to me. I'd vote for a bagel over Bush just to see if it could run the country better, and even in that case I'd be more hopeful and optimistic than I am now.
Sad but true unfortunately.
I'm not proposing an end to restitution -- what I don't like is punitive damages.
For every goofy case you can cite that appears to be an abuse of the system, there are a thousand people who were shafted by corporate america and don't get the justice they deserve.
The problem is that the current model -- allow those who sue to take as large a chunk of flesh as they can rip off -- clearly has major problems. I'm watching general practitioners unable to practice in West Virginia because the costs of insurance now exceed the money that can be made. I drink my coffee in the morning from a cup with a safety-molded top with a tiny slit in it so that the coffee can only come out slowly with a big extruded text warning reading "CAUTION: BEVERAGE MAY BE HOT! SIP WITH CAUTION!" I want to pont out that no products can list actual health hazards any more because they're drowned out with cover-your-ass garbage added onto the products by corporate lawyers.
You know, I KNEW you were going to bring up the McDonald's case as an example, and fall prey to the same ignorant propaganda that you're regurgitate. How much do you actually know about the infamous McDonald's coffee-spill case? Have you read the court documents? No, I bet your impression of the abuse of the legal system is the result of 10-second soundbytes spewed at you from Fox News.
Why don't you read that case. Get the original documents and don't further propagate completely inaccurate characterizations.
This is one of the classic cases that shills for the insurance industry foise upon the public without disclosing the whole details, to call attention to outrageous punitive damages. In the McDonald's case they don't tell you a number of things:
The Facts
Do Linux geeks take this to seriously and too heart? It seems, and it was predictable, that Linux geeks where going to come out firing at this. But why? Who cares if someone is using Windows over Linux.
It's not about Linux vs Windows. It's about truth vs propaganda.
This is an important story because you have a very big publishing company that is repackaging completely erroneous FUD as "news". This trend keeps continuing, in part due to people like you who seem to have this, "who cares?" attitude instead of challenging journalists to be responsible.
This article is analagous to someone hiring a crappy mechanic who can't fix their car and charges them too much, and blaming it on the brand of vehicle. It's completely misleading and inappropriate.
I recently turned down a job where the client wanted me to develop a Linux-based solution for them, but I actually recommended an all-Windows sytem because they were an all-Microsoft shop running SQL server and it seemed like the best choice for them. There are scenarios where one might choose Microsoft over Linux, but the ones outlined in the article are completely misleading and false in the claims and rationality employed.
Likewise, I've developed Linux-based e-commerce systems that have been in continuous operation for almost ten years, handling tens of millions of dollars in transactions for sites exponentially larger than the two lame companies cited in the story. The story implies that Linux can't handle even modest capabilities in this area. That's a total lie.
I find it offensive that they had the ignorance and audacity to blame their mess on the operating platform when it was obviously a crappy developer/contractor.
And I'd bet the real story is, some mid-level-manager boneheads in both companies came up with the idea to blame the OS to save their own jobs.
This kind of BS promotes the idea that the talent is secondary to the tools, which no self-respecting tech person would agree with.
If you don't challenge ridiculous crap like this, it starts to grow larger than life and you become part of the problem, rather than the solution.
I hope the Software Publishers Association is reading this article... this brings up a great new tactic for them to identify places to raid.
Any company that moves from Linux to Windows, or claims Windows has a lower TCO needs to be raided because you sure as hell know half the stuff they're running is unlicensed.
I would like to ask you, how did you feel when Telnet was replaced with SSH? That required phasing out a (security-wise) broken protocol with something that works a whole lot better. You could have insisted on policies which say "thou shalt not eavesdrop" but that clearly doesn't work. A better solution is to just make it technically/computationally impossible (or at least as hard as possible) to eavesdrop.
Telnet was not replaced with SSH. That's an invalid analogy. SSH was an *alternative* to Telnet that was an improvement. It didn't force anyone else to abandon telnet as a protocol; it didn't require global standardization. This was only relevant between two specific hosts that wanted to connect to each other - it's not basically a public-serving protocol like smtp or http.
I choose SSH over Telnet because I completely control who I want to have shell access on my server. This is different from SMTP which is a global protocol that continuously accepts connections from unknown hosts.
Do you see from the previous example the difference between "thou shalt not send spam" vs. "thou cannot send spam"?
You're living in a dream world if you ever think you can completely stop people from sending spam.
What do you hope to accomplish by redefining the protocol? What?? Enforcing accuracy in e-mail header/source information? What good will that do? Do you think spammers aren't capable of operating from legit hosts and have reverse DNS control? Of course they can. So then what? You have your fancy-schmancy new protocol and the spammers are using it, and they're just as legit as anyone else. So how does this change anything? Oh, you say, if they can't forge header information then you can stop them? How? Oh wait.. by blacklisting them. Well, that's what we already do and we don't need any stupid rewrite to the protocol!
It's not about "thou cannot send spam". It's about: "thou can send spam, but not to my system *click*"
That's why RBLs are the ONLY way to go. Your idea is counterproductive, wastes exponentially more resources, consumes more bandwidth, costs more money, requires more manpower, slows down mail service, slows down all internet-based services, requires an unrealistic mass change in system standardization, and in the end, STILL WON'T MAKE ANY DIFFERENCE.
The only real change in protocol that will work is one which checks the validity of the remote relay against a list of acceptable/unacceptable hosts - everything else can be subverted.
If US legal cases had capped damages, companies wouldn't be so hung up on avoiding the slightest hint of liability, willing to lose customers, even, to avoid the faintest trace.
Puleeze. Try that propaganda someplace where the readers have an average I.Q. under 50.
For every goofy case you can cite that appears to be an abuse of the system, there are a thousand people who were shafted by corporate america and don't get the justice they deserve. Stop propagating myths trumped up by corporate america to further screw over the consumer. We don't need tort reform; we need court reform and corporate reform.
I shopped around for years. I refuse to use Godaddy and NSI. I think there is no perfect registrar, but I've been very pleased with Dotster. When I first started they were running a horrendously-inefficient .ASP-based system that croaked during peak hours. I complained and apparently they listened, and converted over to PHP and their system works much better now.
I blame one unscrupulous company for most of the problems in this area, and that's the Domain Registry of America scam where they send out misleading "renewal notices" even though they're not the registrar for the domain. Why these people are still allowed to operate is beyond me.
Mail servers should be "licensed" to operate on the Internet
This doesn't work. Think zombie machines in some ISP's network.. Windoze machines which the ISP considers trusted, most likely, since it's their customers we're talking about. The mail server is licensed, all right, but the zombie client can pump out a million messages through that licensed server.
It does work. Like you said earlier, smart relays should trigger an alarm if any single client starts to send out too much mail, but that should be a voluntary (responsible) practice adopted by ISPs who handle large user bases. It should NOT be part of some goofy new protocol standard which requires everyone on the planet to upgrade.
If the ISP can't control their internal clients, then they deserve to lose their SMTP license.
This is the same topology that's threatening the more irresponsible ISPs. If they don't start controlling port 25 traffic on their DULs, their whole IP space gets blacklisted... as it should be, until they start losing business because nobody wants to take their smtp traffic.
You see, the problem with spamming is that the spammers do not follow the system: they'll break into a licensed SMTP box if need be. To beat spam, you just have to make it (physically) impossible to send large numbers of mail messages. It's that simple.
You obviously don't have much experience in this area.
Spammers aren't breaking into known legit relays any more. Because those relays are locked solid and monitored. They're very hard to control.
Besides, let spammers break into inner networks and create zombies through legit SMTP relays. I GUARANTEE you in such cases the ISP will act A LOT FASTER to fix the problem, lest they get their main relay blacklisted. As it stands, they don't give a crap about zombies polluting the internet autonomously.
Wake up. It's not 1995 any more.
There's no sense running it over a cliff"
You must be new here...
ROFL... point taken.
Bring up the services list to get a general idea of what is running or can be run (on demand). Keep in mind that the list is incomplete and disabling a service there might not really turn it off;
Ahhh, Unix, how do I love thee... Let me count the ways... at least I can get an accurate list.
The last two Star Wars movies were parodies themselves. How can you tell the difference?
Seriously, Mr. Lucas, please put down the bullhorn and step away from the camera. Start writing children's books or something, but on behalf of myself and others, I urge you to back away from the franchise and let it die a natural death. There's no sense running it over a cliff.
Please tell your professor he is an idiot.
"When is the last time the SEC or a Certified Public Accountant identified a case of major corporate fraud before the scam was so far gone it sent the company to court and probably bankruptcy?"
When dod the police catch on a planned murder (or other crime) before it is actually comitted? -- very very rarely. So should we disband the police? Or should we consider that even if they are too late to prevent a crime punishing the criminal provides justice and prevention to other criminals.
Wow. Worst analogy evah!
Since when do criminal file annual reports on their crime activity? Since when do criminals submit quarterly estimated tax returns? Since when do criminals submit to independent audits of their business?
I suspect you used to work for Andersen.
I don't understand why these companies can "settle" the case arbitrarily. This seems like BS to me. If they did something illegal, there should be no "settling". There should be a trial and punishment, criminal punishment.
I am beginning to believe these cases are not unlike the old Ford Pinto problems of the past, where the corporation has factored into their scam, how much it would cost to "settle" and end up profiting even after they get caught.
that guarantees X amount of money to be put into enforcement/education efforts against existing cybercrime?
We don't need any more laws. We need law enforcement of existing laws. The current anti-computer tampering laws are effective in most cases.
CNN or my paycheck?
Your paycheck is obviously part of the liberal media. You are either with CNN or against democracy(tm).
1. Eliminate four positions, increase one person's salary by 20% Give them four times more work. Solicit young college grads instead of older people who don't know they're getting shafted.
2. Send out a press release showing the economy is doing great because salaries are going up.
3. Profit
What's even more interesting is that the CPUs are split almost 50-50 between Intel and AMD.
Unfortunately, the major computer vendors are not offering many choices in the way of AMD processors.
It seems to me that the mainstream PC vendors better jump on the AMD bandwagon or else more and more users are going to be building their own, cheaper and faster.
So, rewrite the mail system in such a way that each mail sent requires the sender's computer to crack a small computational puzzle, which takes e.g. 10 seconds. That's a technological solution. It restricts you so that you can only send 6 mails per minute. For normal use, this is more than enough: in 10 minutes you can send 60 mails. However, you cannot achieve throughput in the rate of many tens of mails per second. Rate of spamming is thereby reduced.
How is this any form of improvement? Penalize everyone on the planet because of spammers? Force an entire worldwide network systems upgrade? Slow down mail service exponentially?
And for what? A gamble that it will make any difference whatsoever? It's doubtful it would. The idea is totally impractical as well as 99% likely to be ineffective in the first place.
The closest thing we have to a technological solution is very simple, and all effective methods of spam control ultimately gravitate towards this solution, which is SMTP whitelisting. Mail servers should be "licensed" to operate on the Internet and regulated by some centrally-located body that follows very strict standards mutually agreed upon. People argue that finding a body that could legitimately regulate such a system would be impossible. I disagree. We have a TLD system that, for the most part, performs a similar service in handling DNS. We could do one step better with the licensing of SMTP relays and offer networks the ability to only accept mail from whitelisted relays.
This can be done without having to rewrite any smtp protocol and it would actually result in *improved* mail service performance. It would also almost completely eradicate the propagation of worm/virus mail which almost always involves turning the client PC into an (unauthorized) SMTP relay.
There's your technical solution. I'll bet good money if there ever is any major dent done technologically to spamming, it will be based on a form of mail relay whitelisting. Right now RBLs are THE most effective method across the board; the next step is to move from blacklisting to whitelisting. If we don't do this before we migrate to IPv6, we're all screwed.
All of this notwithstanding, we still have nonexistent law enforcement in cyberspace. No technological solution will make up for the fact that the Internet is full of criminals who operate without fear because law enforcement for the most part refuses to take action against these criminals - this is the other half of the "solution" and the onc in which the least amount of progress has been made.
First I think it's fascinating, the whole notion of trying to create an effective bot. I generally agree with most of the comments here. Bots wouldn't put an end to the industry; for every angle they may be able to exploit, there's at least one angle to exploit and/or discover them.
I've been playing a bit of online poker and there are times when I felt I was at a table of "non-humans" the way they played so mechanically and didn't talk.
However, if I were the developer of a poker system, one of the first things I'd do would be to regularly inventory the list of running processes on the machine - this would be one way of eventually identifying bots. To thwart this, you'd need a much more elaborate multi-machine system.
I think it's a lot easier to design systems to thwart bots than it is to create an effective one.
As I see it, the entire online gambling industry, even at its most reputable level, is still extremely dubious and unstable. You never know if you hit the big jackpot, whether or not the company will pay you or come up with some excuse to not do so, and since online gambling is a questionably legal activity in the first place, I think anyone who takes it too seriously is foolish. Then again, fools have always been drawn by the appeal of easy money.
I believe most tech people really aren't that interested in gambling. Once you know the odds, if you're smart, you know better than to gamble. OTOH, there is definitely an appeal to creating a bot/design that can manipulate the system.
I think this problem will just escalate for as long as we have SMTP in use. So maybe SMTP as a protocol needs a rehaul, or a revision to rewrite it completely (and call it something different). I think it wouldn't be impossible to pull off.
Waste of time.
Every month someone suggests that there's a technological solution to this problem. But there isn't. This isn't a tech problem. It's a law-enforcement/sociological problem.
You can only go so far technologically as long as spammers are allowed to compromise peoples' computers and use them for improper activities.
Ever ask yourself why this doesn't happen with POTS? If someone called your phone once every two minutes to sell you something, the phone company is compelled to do something about it. We don't have this mandate in cyberspace. And spammers commit felony crimes in the tens of thousands every single day, yet law enforcement doesn't go after these guys.
I contend there are approximately a dozen or so spamming outfits that are responsible for 80% of the spam on the Internet. These criminals are in the United States; they're well known and easy to track. They may use foreign systems to partially hide their tracks, but their tracks can easily be traced. If law enforcement would prosecute a few of these outfits and put some spammers in jail, I think we'd see a lot less spam. Some might argue that this wouldn't deter future spammers. I disagree.
Date, RBL rejects:
Sep 6 19190
Sep 7 19202
Sep 8 20092
Sep 9 23417
Sep 10 23229
Sep 11 17529
Sep 12 19330
Sep 13 27464
Sep 14 24520
Sep 15 20670
Hey spam decreased on Sept 11 - that's surely evidence that the spammers were taking a moment of pause to honor our nation's "sacrifice".
Then why have any laws at all?
Your logic is flawed.
Please take this opportunity to call your local District Attorney and request that his office begin prosecuting computer tampering cases. In most states, each instance of the installation of a worm on a machine carries a criminal sentence of 1-3 years in prison. These are serious felony crimes that can be prosecuted in state and federal court.
One spammer, caught with a list of zombie PCs and evidence he has been using these PCs could be sent to jail for a long time IF the authorities would get off their asses and start prosecuting these cases.
Anyone in law enforcement needs to do nothing more than set up an unpatched copy of Windows and wait 30 minutes to catch someone, then start documenting who exploits their systems and nail them.
The first time someone goes to jail for this, we'll see a major drop in the propagation of these worms.
We all know this activity is mainly being perpetrated in the US by US citizens. They may be contracting with Indians and foreigners for design work, but their tracks can be traced. We all know it - explain this to the DA and the Federal Attorneys we want these cases prosecuted. Right now they blow off these cases.
Call your District Attorney and let him know that you will not tolerate the apathy they've exhibited towards bringing these criminals to justice.
The idea that things not specifically "needed" (as determined by whom?) are suspect or should need to be justified for some reason has implications that I don't like, most especially when applied blithely to weapons (potentially, at least) of self defense.
Wow, no disrespect, but you've come up with the worst analogies I've seen. To use your analogy, who needs guns in the first place? We can use rocks. But who needs rocks? That argument goes nowhere.
Another snide but serious answer to "Who needs a gun designed to kill people?" is, "Well, the Swiss seem to think that they do, and they don't get invaded very often."
Apples and Oranges. The citizens of Switzerland are its militia. They all have assault weapons, true. But they don't have a standing army like we do. They are also NOT ALLOWED to use the weapons they have except as specifically mandated.