Why are spammers doing this?
on
Paid To Spam
·
· Score: 5, Interesting
Do you wonder why spammers are now trying to sign up individual users to help them relay spam?
The answer is because relay-blacklisting is working!
None of the client-side, server-side, content-based filtering has made any difference. What HAS made a difference are mail servers which are utilizing relay-blacklists of known spammer IP space and refusing to connect with them. This has forced the spammers to begin abandoning their havens in China, Brazil, Korea and other areas. Now they're trying to infiltrate domestic broadband IP space. First they tried it via propagating viruses and worms and that isn't working out as well as they'd like (and they probably figure sooner or later, the Feds just might actually prosecute one of them), so now they want to sucker people into spamming for them.
All this is an indication that relay blacklisting IS effective.
RBLs are becoming more sophisticated nowadays. Spamcop can usually ID a spam source in real time within an hour of it beginning operation. AOL and other major ISPs are now looking at RBLs to help them block spam. It's much more economical than strip-searching e-mail content using filters.
Let's keep up the pressure. Let's continue to force the spammers into smaller areas of the Internet where they can be identified and dealt with. This latest effort is a good sign they're getting desperate to figure out where they can send spam out from. None of the content-based filtering schemes have come nearly as close to slowing down their efforts as much as RBLs.
Re:$8760 per year -- very attractive
on
Paid To Spam
·
· Score: 1
This will seem very attractive to a lot of people. Running 24/7/365 it's $8760 per year, and would seem to only require a $500 dedicated computer. After taxes, that's about $5000 take-home for no effort at all!
Yea, right. You'll be operating about a week max before your ISP terminates your broadband connection. Factor that in.
DUL RBL *NOW*
on
Paid To Spam
·
· Score: 2, Interesting
This is why we need to get the major ISPs to contribute to centralized IP address lists of all broadband DUL space. Legitimate mail servers should refuse to accept mail from cable and DSL SMTP traffic. Then these spammers' schemes won't work, and it will also dramatically cut down on virus/worm propagation. I'm unaware of any really good DUL RBL except for Maps which is now pay. Does anyone know of a solid DUL RBL that's free?
The software protects users' privacy by uploading a database of content in small chunks to individual desktops, and then determining on the desktop whether to retrieve information from WhenU.com or third-party servers. To protect user privacy, the same database of content is sent to all desktops. Decisions regarding which ads to retrieve to an individual desktop are all processed on the user's desktop - and isolated from WhenU.com servers.
NOTE: It does NOT say the results of these decisions are not sent back to WhenU's servers. It merely states the "decisions regarding which ads to retrieve to an individual desktop are processed on the user's desktop". This reveals:
1. They are choosing to expend the user's processing/memory resources to make these decisions in lieu of their own network. That's more of a lets-waste-the-user's-resources-instead-of-our-own rather than a privacy issue. Bill O'Reilly would be proud of that spin.
2. They are not explicitly saying they aren't collecting detailed info on the criteria used to make a decision; merely that the decision is being made locally. The words are twisted in such a way as to give the user the false impression that they are somehow protected when they are not.
3. They can at any time, elect to pull content from WhenU's servers instead of the localized database, which in effect sends the decision information to WhenU and worse, unnamed "third parties".
User privacy is also protected in the following manner:
1) Personally-identifiable information is NOT required in order to use the software and
All they say here is the info is "not required" - which is meaningless. It doesn't say they won't try to acquire personal information, which they obviously will.
WhenU.com does NOT know the identity of individual users of the software
1. This is a red herring. They can easily collect enough information to qualify the individual identity of the user, but they can claim that even with all this information, there is no guarantee [ever] of knowing whether the information is accurate, therefore they "do NOT know the identity".
The important thing to note here is, they are merely claiming they "do not know the identity"; they're not saying they "WILL not seek the identity", or "will not collect personally identifiable information". They will and they do, but if you ask them, they'll say, "Gosh, we really don't know if we could identify you based on the info we've collected..."
2) As the user surfs the Internet, URLS visited by the user (i.e. the user's "clickstream data") are NOT transmitted to WhenU.com or any third party server
This is a great example of the classic privacy policy snow-job. What they are leaving out is the three magic words which are implied: AT THIS TIME "URLs are not transmitted to WhenU.com". Because of the policy being subject to change at any time, this statement merely says right now they're not getting that info. It doesn't say they "will not ever" collect this information. Why not say that?
3) WhenU.com does NOT assemble personally-identifiable browsing profiles of users 4) WhenU.com does NOT assemble anonymous machine-identifiable browsing profiles of individual users 5) WhenU.com does NOT track which ads and offers are seen or clicked on by individual machines - analysis and tracking is done in the aggregate.
Again, more of the same. "Here's what we're doing RIGHT NOW" - it doesn't mean that tomorrow we won't be giving your personal info to every Herbalife distributor in North America, but right now we don't do that. Hooray! Yea, sign me up!
The issue is, I do not really see where some peoples' complaints against major advertising companies lie, as it seems apparent to me that the softwares' privacy policy has always been available to the end-user.
Hey Vex, I got a bridge that I assure you I have the rights* to sell. (*rights subject to change) Wanna buy it?
Privacy policies don't mean anything - they've never proven to be very enforceable in the first place and they all have nifty little disclaimers which make them meaningless: WhenU.com may update privacy statements for the SaveNow software at any time.
WhenU.com may collect user information such as gender, age and zip code to compile anonymous trend information about Internet and WhenU.com usage patterns. WhenU.com compiles statistics by aggregating information across large numbers of users. These statistics may be provided to third parties.
At any time WhenU could easily modify their privacy policy to give them any kind of rights. So they lay down a "user friendly" policy when they need to have a nice face or snow-job users, and then later, they modify the policy and start raping and pillaging their users' privacy and it's perfectly legal.
There is one field of endeavour which I think is still devoid of geeks: pr0n.
Maybe in front of the camera, but behind the cameras it's all 1000% maximum geekage. Who do you think is running the pr0n sites? And what's worse is most of them still can't get laid.
My impression of the definition goes something like this:
Both geeks and nerds are characterized by their passion and obsessiveness over their interests. Nerds are more equated with intelligence; geeks are more associated with anti-social behavior. I.e., a nerd will rewire a toaster into a Jacob's Ladder; a geek will have a large collection of pewter fantasy figures.
The image of the anti-social guys in high school who end up being very successful are the nerds, the guys who couldn't get dates, but were in the chess and math clubs and got good grades. Geeks were [some of] the guys in the band. The nerds from my high school did very well later in life; the geeks on the other hand ended up in jail, the army or on drugs.
The geeks wouldn't inhereit the earth. That would be the nerds. The geeks would have lost the earth about a week after it was given to them.
1. Spam isn't primarily coming from legitimate SMTP relays like Yahoo or Hotmail
2. Ultimately to make such a system work, the mail would end up having to be flagged as "approved" by completing the process you suggest, which basically turns the scheme into a trusted-computing system (aka "whitelist"), and if you're going to go that route, you might as well call a spade a spade.
And since we're calling spades a spades, the way to do it is to require all SMTP servers to have a "license". Create a regulatory body in the same manner the TLDs are done (but with some competence) and endorse a sanctioned SMTP whitelist. Then when you get e-mail, you can choose to accept only mail from licensed SMTP servers.
Mark my words: This WILL happen. It's just a matter of time. It's the only way to stop spam. All the challenge-response systems; all the content-based filters eventually work because of NOT what they block, but because of the rules they use to determine what is legitimate.
I agree with you, but there are some cases, such as APNIC networks which, unless you have reason to communicate with China or Korea, it's much easier to simply put a 218.* reject in your sendmail access file and avoid all the overhead to call the RBLs.
One problem we're seeing now is that some of the RBLs like Spamcop, automatically expire a blacklisted entry after X days. The spammers take advantage of this by playing around in huge Asian-Pacific blocks of IP space that give them plenty of addresses from which to rotate their spamming. One way around this is to blacklist the entire rogue regions, and then let the legitimate operations in those spaces contact you for permission.
For example, if Bellsouth is operating in the 68.* domain, and the lion's share of their IP space are DULs which shouldn't be sending port 25 traffic, it's a lot easier to BL the entire block and then redirect users to a form where they can submit legitimate SMTP relays and have them whitelisted.
The problem I have with RBLs (even though I love them) is that they're singly-IP-based, when there are some areas that just need to be wholesale blocked, and I've yet to figure out how to configure Bind to easily resolve IP lookups on blocks of addresses.
Let's coin a new term: YASSI for yet another stupid spam-related idea.
This boneheaded scheme falls into the same category as all content-based filtering systems: It doesn't address the most henous crime on the part of spammers, which is the consumption of bandwidth and network resources. And like other client-side/content-based filtering systems, the system will work about 12 minutes before the spammers figure out a way around it and then your system doesn't work. And of course, you'll have to constantly update it in order to make in effective, which means you have yet another piece of software that requires routine updating, slows down the mail service, your computer and everything in between. And after all that, you'll still get spam.
The main reason spam is prevalent is because SPAMMERS STEAL BANDWIDTH WITHOUT PAYING FOR IT. When you force them to operate from a single location, then they have to act ethically and then they have to pay premium money to spam, and then they go out of business because it's only economical when they steal resources.
You don't have content-based filtering on other primary methods of communication. It's a federal crime to go through mail; (at least before Patriot) you needed a court order to tap phones. E-mail should be an equally sacred communication medium that shouldn't be subject to "strip searches" before it hits your inbox. And this whole boneheaded scheme will NEVER stop spam in the first place, so let's stop pursuing these efforts.
RBLs are most effective right now. The worm invasion is evidence of that, as spammers are finding less IP space to operate from so they're engaging in more aggressive tactics to take over peoples' machines, which, hopefully sooner-or-later, will land these sleazebags in jail.
A good way to start if you're running your own mailserver is to use an internal IP-based blacklist such as the one found here. It's incomplete due to Geocities limitations but send e-mail to that account and the guy running it will send you the whole file. It's a list that he's been compiling now for more than a year of IP blocks, mostly class Bs, that have virtually no useful SMTP traffic and should be completely cut off. This generally consists of the vast majority of Chinese, Korean and Brazillian DULs.
We've been able to effectively stop about 50% of the spam using these lists and save resources and bandwidth. What's left is to start RBL'ing the domestic DUL IP space (Comcast, SWBell, Bellsouth, etc.) on a class B-level until the ISPs start cracking down on their rogue users.
Why do U.S. companies outsource technical support when it isn't successful?
Who says it isn't successful? I recently found myself talking to a nice Indian chap to solve a tech issue and he was very competent and respectful and he helped solve my problem.
The knee-jerk reaction to the outsourcing issue is to place blame everywhere else but in the mirror. Outsourcing wouldn't be as much of an issue if the American workforce wasn't so lazy and undisciplined. It's never been just about costs; saving money and providing lower-quality service doesn't work. In many cases, there's likely a better ratio of quality:costs in outsourcing. The solution to the problem isn't to outlaw outsourcing or turn it into a sign of shame. It's to figure out how domestically, the workforce can be more productive and efficient, and especially in tech scenarios, this doesn't necessarily involve slave labor.
One thing I've always wanted to know is what percentage of products sold in most retail outlets like Wal-Mart, K-Mart, GAP, Old Navy and other stores are actually manufactured in the USA?
The other day I was in a Wal-Mart and I saw a figurine of an American Eagle with a US flag in its talons. On the bottom it said, "Made in China".
I estimate that at least 90% of most products sold in large retail chains comes from outside the country. It would be interesting to see a breakdown of which sectors do the most outsourcing and to what degree.
I think the situation with "cybersecurity" is part of the much larger problem that (at least in America) people these days are reactive as opposed to proactive.
Our idea of addressing crime is stiffer sentences and more prisons. Reactive, not proactive.
Our idea of fighting the spam problem is to pass more laws. Reactive, not proactive.
Most corporations don't really take security seriously until they have a serious security situation (say that 3 times fast) Reactive, not proactive.
The same thing goes for users. Nobody worries about viruses or worms until the third time they have to re-install Windows. Reactive, not proactive.
I have clients who know MS Outlook is a bad program, but they're too lazy to "learn something new"; same thing with IE alternatives. They'll spend 2 minutes installing Firefox and if one web site they use doesn't come up right, then they switch back to IE and blame it on the software.
Our idea of planning seems to involve reaching our hand out to stick a CD in our hard drive which promises to be proactive for us.
It seems for the majority, our society as a whole always seeks the "solution" to a problem which offers the most instant gratification. We use as an excuse, the adage, "If it ain't broke, don't fix it." even when we know something is broken but it hasn't fallen on our heads yet. The new adage should be, "If it doesn't explode in OUR face, then don't fix it."
I suspect the true solution to this problem lies in reprogramming the mainstream to appreciate the value of planning ahead and the not-always-obvious cause-and-effect relationship therein.
I know most people here are laughing at the thought of anyone stupid enough to buy into this IPO. But all it takes are a few ignorant or greedy fund managers to pump this stock. This is why I generally invest in blue-chip stocks or market index mutual funds over standard funds, which these days seem to be corrupt.
I think there's maybe six or seven financial investment companies that haven't been sanctioned by the SEC in the last two years for unethical activity. You can't trust the American media to even let you know when your investment company has been fined $200M for insider trading. The best source for really finding out how sleazy Wall Street is is through England's Financial Times, which doesn't pull any punches. If you have an IRA or any money in funds, keep a close eye on it. These rich fund managers are making a fortune off the pennies most working people scrounge up and think will be there for them in the future.
I never really dabbled much in the market until recently when I had a broker "friend" make recommendations for me. After I lost a bundle, I set up my own account on E*Trade and started doing my own investing - I beat my broker's ROI by 14% within six months. I'm pretty convinced these days most people in the financial community don't know anything, but that doesn't mean a bunch of people won't make money in this Gator IPO, but it will probably be at mutual fund holders' expense.
My advice to people is take control of your finances and invest in companies you believe in. Pull your money out of funds so you're not unwittingly financing SCO or Gator -- you'd be surprised how often you're in bed with the devil through your IRA.
Your logic is evidence that your are less civilized. The reason Americans run yellows is because the light stays red for perpendicular traffic until the yellow changes to red. The meanings of the lights is almost hardwired into people after using them for years, so if there were yellow lights at reds, then yes, Americans would probably run them.
With all due respect, get over yourself. I didn't say Americans were less civilized drivers... I merely raised the question.
However, logically-speaking, there actually is a lot of evidence that Americans are much less-civilized drivers. They have, in general, much less respect for pedestrians than Europeans. Try crossing any crosswalk in America and see how much respect you get -- it doesn't matter whether the area is rural or a big city like NYC where there are European-level ratios of drivers to non-drivers. Americans don't use their turning signals half as much as they should; they are notorious for stopping beyond the designated "white line", etc.
Furthermore, the idea of having a traffic light that changes to red based on the speed of the oncoming traffic is further evidence. Many signal trees are timed to produce optimum traffic flow or enforce a particular rate of speed on a thoroughfare. Such a punitive light-changing system would disrupt traffic patterns and efficiency. And why? Because of American drivers who apparently are so uncontrollable the whole traffic light system may need to be re-engineered in order to deal with them.
And of course, this is not even taking into account the current trend of idiots driving around in monster-sized vehicles when they don't need them.
I was in Switzerland last year and I noticed that the stoplights there would show the yello signal in both directions. So if you're at a red light, the yellow will go on to let you know the green is getting ready to change in the opposing lane.
In the states, this doesn't happen. It's almost as if we can't do that to people in the US - they'd run the yellow at the red. More evidence that Europeans are a more civilized in their driving?
It used to be $70, then NSI got nailed for an illegal internet tax, it was dropped to $35. Before that it was free. In fact, when the domain name system went over to a pay system, I contend it was illegal (as NSI had a government grant to provide the services and midway into their contract they changed the terms and started charging people - then when you renewed your domain you were obligated to accept the new terms of service. I had some domains that were registered before the fees were imposed. As a result, I was not obligated to EVER pay any renewal fee since I didn't accept any TOS, but when I had to make a DNS change on file, I was forced and then got billed again). The domain mafia issue has always been there, and it's gotten worse since deregulation in many respects. It's not a good analogy to use with the music download business unless you want to point out that all these enterprises eventually engage in misleading and coercive tactics. Deregulation of the TLD registrar field didn't do anything but create 100 unethical registrars where there was one.
I dare anyone to identify a true concept album (not a bunch of songs with similar themes tossed on a disc, but an central story told throughout the length of the album) released by an RIAA member label in the past 15 years.
There are plenty of concept albums. The concept behind them is to take your money for mediocre product.
Remember when domains cost $35? Now that they've opened it up, everyone and their grandma is selling domains, most of the time very cheaply. And you're not stuck having to buy hosting or other crap like what the music execs want to do now.
Actually, when the domain monopoly was busted up, that's when people DID get stuck having to buy hosting or other hooks. NSI was a sleazebag company for sure, and they had more than their share of fine print, but these days, the domain registration system is not a suitable reverse analogy for the state of the online music purchasing business. For example, the company Hostway seems to have some real sleazy fine print - you can get a cheap domain from them, but they lock it down and won't let you move the domain for a certain amount of time if you don't like their other services. Stay away from Hostway.
It's a natural progression for the industry to move from track-based to album-based. It's basic marketing strategy.
Personally, anyone who wants just one track off, "Dark Side of the Moon" is a freak. It does suck that you might not be able to get the songs individually and I think that's a crock, but there should definitely be breaks for selling entire albums.
If you average the price of a CD to $18 and with 13 tracks that comes out to $1.38 per track. Until they offer 44.1Khz+ CD-quality tracks, you won't catch me paying for any of that stuff. Why should I pay up to twice as much for a track with limited playability and a fraction of the quality found on a CD?
Granted, a lot of CDs are padded with bad songs, but that's not my problem.
I don't buy songs-per-track and won't until it's CD-quality. I might consider what the industry is offering IF the quality were there, but it isn't. It's a joke. Then again, maybe I'm the oddball that hasn't blown his earing by having a pair of bazookas mounted in the back seat?
What's most interesting about the online music sales is that it says a lot about the state of the music industry. We buy SONGS now. We are less interested in artists as we are "hits". The band has taken a back seat to the packaging of individual songs. That probably explains why half the bands these days all sound the same.. they might as well because it's all about the track, not the music, not the message, not the group.
Video killed the radio star. The Internet will kill the concept of a band/album.
That's a hoot. That should make a rather nice demographic IP database for tons of people. No thanks. I'm not participating in any information-gathering system like that which is running on a Microsoft product regardless of how innocuous the questionnaire may be.
I have noticed something though. My system seems to be under a lot more attacks since I've been reporting to Spamcop, which implies to me that the Spammers are retaliating against those who use Spamcop (likely a testimonial to how effective Spamcop is). For example:
Apr x xx:xx:xx inetd[1513]: ftp from 81.57.71.105 exceeded counts/min (limit 2/min) Apr x xx:xx:xx last message repeated 225 times
This IP address hit our ftp server 227 times in the period of ONE SECOND. The IP is from a French DSL pool, a common spam source. I'm not sure what they're doing but it's either a system probe for vulnerability or a kind of attack.
Spamcop mails a copy of the spam to the reporting abuse addresses. I believe that the spammers are using software now that embeds codes into the spam so they can trace spam reports back to a specific e-mail address.
Slashdot Mirror
Do you wonder why spammers are now trying to sign up individual users to help them relay spam?
The answer is because relay-blacklisting is working!
None of the client-side, server-side, content-based filtering has made any difference. What HAS made a difference are mail servers which are utilizing relay-blacklists of known spammer IP space and refusing to connect with them. This has forced the spammers to begin abandoning their havens in China, Brazil, Korea and other areas. Now they're trying to infiltrate domestic broadband IP space. First they tried it via propagating viruses and worms and that isn't working out as well as they'd like (and they probably figure sooner or later, the Feds just might actually prosecute one of them), so now they want to sucker people into spamming for them.
All this is an indication that relay blacklisting IS effective.
RBLs are becoming more sophisticated nowadays. Spamcop can usually ID a spam source in real time within an hour of it beginning operation. AOL and other major ISPs are now looking at RBLs to help them block spam. It's much more economical than strip-searching e-mail content using filters.
Let's keep up the pressure. Let's continue to force the spammers into smaller areas of the Internet where they can be identified and dealt with. This latest effort is a good sign they're getting desperate to figure out where they can send spam out from. None of the content-based filtering schemes have come nearly as close to slowing down their efforts as much as RBLs.
This will seem very attractive to a lot of people. Running 24/7/365 it's $8760 per year, and would seem to only require a $500 dedicated computer. After taxes, that's about $5000 take-home for no effort at all!
Yea, right. You'll be operating about a week max before your ISP terminates your broadband connection. Factor that in.
This is why we need to get the major ISPs to contribute to centralized IP address lists of all broadband DUL space. Legitimate mail servers should refuse to accept mail from cable and DSL SMTP traffic. Then these spammers' schemes won't work, and it will also dramatically cut down on virus/worm propagation. I'm unaware of any really good DUL RBL except for Maps which is now pay. Does anyone know of a solid DUL RBL that's free?
Michelin has been embedding RFID tags in tires for quite awhile now.
The software protects users' privacy by uploading a database of content in small chunks to individual desktops, and then determining on the desktop whether to retrieve information from WhenU.com or third-party servers. To protect user privacy, the same database of content is sent to all desktops. Decisions regarding which ads to retrieve to an individual desktop are all processed on the user's desktop - and isolated from WhenU.com servers.
n rather than a privacy issue. Bill O'Reilly would be proud of that spin.
NOTE: It does NOT say the results of these decisions are not sent back to WhenU's servers. It merely states the "decisions regarding which ads to retrieve to an individual desktop are processed on the user's desktop". This reveals:
1. They are choosing to expend the user's processing/memory resources to make these decisions in lieu of their own network. That's more of a lets-waste-the-user's-resources-instead-of-our-ow
2. They are not explicitly saying they aren't collecting detailed info on the criteria used to make a decision; merely that the decision is being made locally. The words are twisted in such a way as to give the user the false impression that they are somehow protected when they are not.
3. They can at any time, elect to pull content from WhenU's servers instead of the localized database, which in effect sends the decision information to WhenU and worse, unnamed "third parties".
User privacy is also protected in the following manner:
1) Personally-identifiable information is NOT required in order to use the software and
All they say here is the info is "not required" - which is meaningless. It doesn't say they won't try to acquire personal information, which they obviously will.
WhenU.com does NOT know the identity of individual users of the software
1. This is a red herring. They can easily collect enough information to qualify the individual identity of the user, but they can claim that even with all this information, there is no guarantee [ever] of knowing whether the information is accurate, therefore they "do NOT know the identity".
The important thing to note here is, they are merely claiming they "do not know the identity"; they're not saying they "WILL not seek the identity", or "will not collect personally identifiable information". They will and they do, but if you ask them, they'll say, "Gosh, we really don't know if we could identify you based on the info we've collected..."
2) As the user surfs the Internet, URLS visited by the user (i.e. the user's "clickstream data") are NOT transmitted to WhenU.com or any third party server
This is a great example of the classic privacy policy snow-job. What they are leaving out is the three magic words which are implied: AT THIS TIME "URLs are not transmitted to WhenU.com". Because of the policy being subject to change at any time, this statement merely says right now they're not getting that info. It doesn't say they "will not ever" collect this information. Why not say that?
3) WhenU.com does NOT assemble personally-identifiable browsing profiles of users
4) WhenU.com does NOT assemble anonymous machine-identifiable browsing profiles of individual users
5) WhenU.com does NOT track which ads and offers are seen or clicked on by individual machines - analysis and tracking is done in the aggregate.
Again, more of the same. "Here's what we're doing RIGHT NOW" - it doesn't mean that tomorrow we won't be giving your personal info to every Herbalife distributor in North America, but right now we don't do that. Hooray! Yea, sign me up!
The issue is, I do not really see where some peoples' complaints against major advertising companies lie, as it seems apparent to me that the softwares' privacy policy has always been available to the end-user.
Hey Vex, I got a bridge that I assure you I have the rights* to sell. (*rights subject to change) Wanna buy it?
Privacy policies don't mean anything - they've never proven to be very enforceable in the first place and they all have nifty little disclaimers which make them meaningless:
WhenU.com may update privacy statements for the SaveNow software at any time.
and a look at the Wayback machine reveals they've updated their privacy policy at least eleven times. In the past they had neat stuff like this:
WhenU.com may collect user information such as gender, age and zip code to compile anonymous trend information about Internet and WhenU.com usage patterns. WhenU.com compiles statistics by aggregating information across large numbers of users. These statistics may be provided to third parties.
At any time WhenU could easily modify their privacy policy to give them any kind of rights. So they lay down a "user friendly" policy when they need to have a nice face or snow-job users, and then later, they modify the policy and start raping and pillaging their users' privacy and it's perfectly legal.
There is one field of endeavour which I think is still devoid of geeks:
pr0n.
Maybe in front of the camera, but behind the cameras it's all 1000% maximum geekage. Who do you think is running the pr0n sites? And what's worse is most of them still can't get laid.
My impression of the definition goes something like this:
Both geeks and nerds are characterized by their passion and obsessiveness over their interests. Nerds are more equated with intelligence; geeks are more associated with anti-social behavior. I.e., a nerd will rewire a toaster into a Jacob's Ladder; a geek will have a large collection of pewter fantasy figures.
The image of the anti-social guys in high school who end up being very successful are the nerds, the guys who couldn't get dates, but were in the chess and math clubs and got good grades. Geeks were [some of] the guys in the band. The nerds from my high school did very well later in life; the geeks on the other hand ended up in jail, the army or on drugs.
The geeks wouldn't inhereit the earth. That would be the nerds. The geeks would have lost the earth about a week after it was given to them.
This scheme doesn't work because:
1. Spam isn't primarily coming from legitimate SMTP relays like Yahoo or Hotmail
2. Ultimately to make such a system work, the mail would end up having to be flagged as "approved" by completing the process you suggest, which basically turns the scheme into a trusted-computing system (aka "whitelist"), and if you're going to go that route, you might as well call a spade a spade.
And since we're calling spades a spades, the way to do it is to require all SMTP servers to have a "license". Create a regulatory body in the same manner the TLDs are done (but with some competence) and endorse a sanctioned SMTP whitelist. Then when you get e-mail, you can choose to accept only mail from licensed SMTP servers.
Mark my words: This WILL happen. It's just a matter of time. It's the only way to stop spam. All the challenge-response systems; all the content-based filters eventually work because of NOT what they block, but because of the rules they use to determine what is legitimate.
I agree with you, but there are some cases, such as APNIC networks which, unless you have reason to communicate with China or Korea, it's much easier to simply put a 218.* reject in your sendmail access file and avoid all the overhead to call the RBLs.
One problem we're seeing now is that some of the RBLs like Spamcop, automatically expire a blacklisted entry after X days. The spammers take advantage of this by playing around in huge Asian-Pacific blocks of IP space that give them plenty of addresses from which to rotate their spamming. One way around this is to blacklist the entire rogue regions, and then let the legitimate operations in those spaces contact you for permission.
For example, if Bellsouth is operating in the 68.* domain, and the lion's share of their IP space are DULs which shouldn't be sending port 25 traffic, it's a lot easier to BL the entire block and then redirect users to a form where they can submit legitimate SMTP relays and have them whitelisted.
The problem I have with RBLs (even though I love them) is that they're singly-IP-based, when there are some areas that just need to be wholesale blocked, and I've yet to figure out how to configure Bind to easily resolve IP lookups on blocks of addresses.
Let's coin a new term: YASSI for yet another stupid spam-related idea.
This boneheaded scheme falls into the same category as all content-based filtering systems: It doesn't address the most henous crime on the part of spammers, which is the consumption of bandwidth and network resources. And like other client-side/content-based filtering systems, the system will work about 12 minutes before the spammers figure out a way around it and then your system doesn't work. And of course, you'll have to constantly update it in order to make in effective, which means you have yet another piece of software that requires routine updating, slows down the mail service, your computer and everything in between. And after all that, you'll still get spam.
The main reason spam is prevalent is because SPAMMERS STEAL BANDWIDTH WITHOUT PAYING FOR IT. When you force them to operate from a single location, then they have to act ethically and then they have to pay premium money to spam, and then they go out of business because it's only economical when they steal resources.
You don't have content-based filtering on other primary methods of communication. It's a federal crime to go through mail; (at least before Patriot) you needed a court order to tap phones. E-mail should be an equally sacred communication medium that shouldn't be subject to "strip searches" before it hits your inbox. And this whole boneheaded scheme will NEVER stop spam in the first place, so let's stop pursuing these efforts.
RBLs are most effective right now. The worm invasion is evidence of that, as spammers are finding less IP space to operate from so they're engaging in more aggressive tactics to take over peoples' machines, which, hopefully sooner-or-later, will land these sleazebags in jail.
A good way to start if you're running your own mailserver is to use an internal IP-based blacklist such as the one found here. It's incomplete due to Geocities limitations but send e-mail to that account and the guy running it will send you the whole file. It's a list that he's been compiling now for more than a year of IP blocks, mostly class Bs, that have virtually no useful SMTP traffic and should be completely cut off. This generally consists of the vast majority of Chinese, Korean and Brazillian DULs.
We've been able to effectively stop about 50% of the spam using these lists and save resources and bandwidth. What's left is to start RBL'ing the domestic DUL IP space (Comcast, SWBell, Bellsouth, etc.) on a class B-level until the ISPs start cracking down on their rogue users.
Why do U.S. companies outsource technical support when it isn't successful?
Who says it isn't successful? I recently found myself talking to a nice Indian chap to solve a tech issue and he was very competent and respectful and he helped solve my problem.
The knee-jerk reaction to the outsourcing issue is to place blame everywhere else but in the mirror. Outsourcing wouldn't be as much of an issue if the American workforce wasn't so lazy and undisciplined. It's never been just about costs; saving money and providing lower-quality service doesn't work. In many cases, there's likely a better ratio of quality:costs in outsourcing. The solution to the problem isn't to outlaw outsourcing or turn it into a sign of shame. It's to figure out how domestically, the workforce can be more productive and efficient, and especially in tech scenarios, this doesn't necessarily involve slave labor.
One thing I've always wanted to know is what percentage of products sold in most retail outlets like Wal-Mart, K-Mart, GAP, Old Navy and other stores are actually manufactured in the USA?
The other day I was in a Wal-Mart and I saw a figurine of an American Eagle with a US flag in its talons. On the bottom it said, "Made in China".
I estimate that at least 90% of most products sold in large retail chains comes from outside the country. It would be interesting to see a breakdown of which sectors do the most outsourcing and to what degree.
I think the situation with "cybersecurity" is part of the much larger problem that (at least in America) people these days are reactive as opposed to proactive.
Our idea of addressing crime is stiffer sentences and more prisons. Reactive, not proactive.
Our idea of fighting the spam problem is to pass more laws. Reactive, not proactive.
Most corporations don't really take security seriously until they have a serious security situation (say that 3 times fast) Reactive, not proactive.
The same thing goes for users. Nobody worries about viruses or worms until the third time they have to re-install Windows. Reactive, not proactive.
I have clients who know MS Outlook is a bad program, but they're too lazy to "learn something new"; same thing with IE alternatives. They'll spend 2 minutes installing Firefox and if one web site they use doesn't come up right, then they switch back to IE and blame it on the software.
Our idea of planning seems to involve reaching our hand out to stick a CD in our hard drive which promises to be proactive for us.
It seems for the majority, our society as a whole always seeks the "solution" to a problem which offers the most instant gratification. We use as an excuse, the adage, "If it ain't broke, don't fix it." even when we know something is broken but it hasn't fallen on our heads yet. The new adage should be, "If it doesn't explode in OUR face, then don't fix it."
I suspect the true solution to this problem lies in reprogramming the mainstream to appreciate the value of planning ahead and the not-always-obvious cause-and-effect relationship therein.
I know most people here are laughing at the thought of anyone stupid enough to buy into this IPO. But all it takes are a few ignorant or greedy fund managers to pump this stock. This is why I generally invest in blue-chip stocks or market index mutual funds over standard funds, which these days seem to be corrupt.
I think there's maybe six or seven financial investment companies that haven't been sanctioned by the SEC in the last two years for unethical activity. You can't trust the American media to even let you know when your investment company has been fined $200M for insider trading. The best source for really finding out how sleazy Wall Street is is through England's Financial Times, which doesn't pull any punches. If you have an IRA or any money in funds, keep a close eye on it. These rich fund managers are making a fortune off the pennies most working people scrounge up and think will be there for them in the future.
I never really dabbled much in the market until recently when I had a broker "friend" make recommendations for me. After I lost a bundle, I set up my own account on E*Trade and started doing my own investing - I beat my broker's ROI by 14% within six months. I'm pretty convinced these days most people in the financial community don't know anything, but that doesn't mean a bunch of people won't make money in this Gator IPO, but it will probably be at mutual fund holders' expense.
My advice to people is take control of your finances and invest in companies you believe in. Pull your money out of funds so you're not unwittingly financing SCO or Gator -- you'd be surprised how often you're in bed with the devil through your IRA.
Your logic is evidence that your are less civilized. The reason Americans run yellows is because the light stays red for perpendicular traffic until the yellow changes to red. The meanings of the lights is almost hardwired into people after using them for years, so if there were yellow lights at reds, then yes, Americans would probably run them.
With all due respect, get over yourself. I didn't say Americans were less civilized drivers... I merely raised the question.
However, logically-speaking, there actually is a lot of evidence that Americans are much less-civilized drivers. They have, in general, much less respect for pedestrians than Europeans. Try crossing any crosswalk in America and see how much respect you get -- it doesn't matter whether the area is rural or a big city like NYC where there are European-level ratios of drivers to non-drivers. Americans don't use their turning signals half as much as they should; they are notorious for stopping beyond the designated "white line", etc.
Furthermore, the idea of having a traffic light that changes to red based on the speed of the oncoming traffic is further evidence. Many signal trees are timed to produce optimum traffic flow or enforce a particular rate of speed on a thoroughfare. Such a punitive light-changing system would disrupt traffic patterns and efficiency. And why? Because of American drivers who apparently are so uncontrollable the whole traffic light system may need to be re-engineered in order to deal with them.
And of course, this is not even taking into account the current trend of idiots driving around in monster-sized vehicles when they don't need them.
I was in Switzerland last year and I noticed that the stoplights there would show the yello signal in both directions. So if you're at a red light, the yellow will go on to let you know the green is getting ready to change in the opposing lane.
In the states, this doesn't happen. It's almost as if we can't do that to people in the US - they'd run the yellow at the red. More evidence that Europeans are a more civilized in their driving?
It used to be $70, then NSI got nailed for an illegal internet tax, it was dropped to $35. Before that it was free. In fact, when the domain name system went over to a pay system, I contend it was illegal (as NSI had a government grant to provide the services and midway into their contract they changed the terms and started charging people - then when you renewed your domain you were obligated to accept the new terms of service. I had some domains that were registered before the fees were imposed. As a result, I was not obligated to EVER pay any renewal fee since I didn't accept any TOS, but when I had to make a DNS change on file, I was forced and then got billed again). The domain mafia issue has always been there, and it's gotten worse since deregulation in many respects. It's not a good analogy to use with the music download business unless you want to point out that all these enterprises eventually engage in misleading and coercive tactics. Deregulation of the TLD registrar field didn't do anything but create 100 unethical registrars where there was one.
I dare anyone to identify a true concept album (not a bunch of songs with similar themes tossed on a disc, but an central story told throughout the length of the album) released by an RIAA member label in the past 15 years.
There are plenty of concept albums. The concept behind them is to take your money for mediocre product.
I agree with you. I'm sure almost everybody can point to at least one b-side that they prefer over all the "hits" on some album.
Remember when domains cost $35? Now that they've opened it up, everyone and their grandma is selling domains, most of the time very cheaply. And you're not stuck having to buy hosting or other crap like what the music execs want to do now.
Actually, when the domain monopoly was busted up, that's when people DID get stuck having to buy hosting or other hooks. NSI was a sleazebag company for sure, and they had more than their share of fine print, but these days, the domain registration system is not a suitable reverse analogy for the state of the online music purchasing business. For example, the company Hostway seems to have some real sleazy fine print - you can get a cheap domain from them, but they lock it down and won't let you move the domain for a certain amount of time if you don't like their other services. Stay away from Hostway.
It's a natural progression for the industry to move from track-based to album-based. It's basic marketing strategy.
Personally, anyone who wants just one track off, "Dark Side of the Moon" is a freak. It does suck that you might not be able to get the songs individually and I think that's a crock, but there should definitely be breaks for selling entire albums.
If you average the price of a CD to $18 and with 13 tracks that comes out to $1.38 per track. Until they offer 44.1Khz+ CD-quality tracks, you won't catch me paying for any of that stuff. Why should I pay up to twice as much for a track with limited playability and a fraction of the quality found on a CD?
Granted, a lot of CDs are padded with bad songs, but that's not my problem.
I don't buy songs-per-track and won't until it's CD-quality. I might consider what the industry is offering IF the quality were there, but it isn't. It's a joke. Then again, maybe I'm the oddball that hasn't blown his earing by having a pair of bazookas mounted in the back seat?
What's most interesting about the online music sales is that it says a lot about the state of the music industry. We buy SONGS now. We are less interested in artists as we are "hits". The band has taken a back seat to the packaging of individual songs. That probably explains why half the bands these days all sound the same.. they might as well because it's all about the track, not the music, not the message, not the group.
Video killed the radio star. The Internet will kill the concept of a band/album.
That's a hoot. That should make a rather nice demographic IP database for tons of people. No thanks. I'm not participating in any information-gathering system like that which is running on a Microsoft product regardless of how innocuous the questionnaire may be.
I have noticed something though. My system seems to be under a lot more attacks since I've been reporting to Spamcop, which implies to me that the Spammers are retaliating against those who use Spamcop (likely a testimonial to how effective Spamcop is). For example:
Apr x xx:xx:xx inetd[1513]: ftp from 81.57.71.105 exceeded counts/min (limit 2/min)
Apr x xx:xx:xx last message repeated 225 times
This IP address hit our ftp server 227 times in the period of ONE SECOND. The IP is from a French DSL pool, a common spam source. I'm not sure what they're doing but it's either a system probe for vulnerability or a kind of attack.
Spamcop mails a copy of the spam to the reporting abuse addresses. I believe that the spammers are using software now that embeds codes into the spam so they can trace spam reports back to a specific e-mail address.