Of the items you listed. only item 2 is required of spyware. The other are properties of viruses and/or worms.
Not necessarily. Lots of software monitors user activity and connects to the Internet. E-mail programs. Web browsers. We don't want to make the definition too broad, lest we include software that is okay.
What makes software "spyware" IMO is whether this behaviour is done surreptitiously. That is why clause 1 and 3 are there. That way, we narrow the definition and yet have a definition that still includes Gator.
As for viruses and worms, many don't include clause 2.
I feel that software is "spyware" if it meets the following tests:
1. Does the software install itself without the user's knowledge or consent? 2. Does it monitor user behaviour of any kind? 3. Does it do this monitoring without the user's consent?
EULAs of other software that has the spyware as a bundle that mention the forced installation of bundled third-party software do not satisfy the consent requirements in (1). IANAL, but I feel that a clause in an EULA that requires a user to enter into a contractual arrangement with an unknown third party is invalid.
For (2), monitoring on its own is not sufficient. It also has to send back information to an external host. However, for the purposes of (2), any encrypted communications to the Internet counts as monitoring until proven otherwise (what is the software doing that requires encryption?)
For (3), it's not sufficient to have this in the EULA, and especially so if the user is not presented with the EULA or the software otherwise installs surreptitiously as defined in (1). EULAs cannot be enforced if the user is not given the opportunity to read them.
If Gator meets these 3 tests, it's spyware. Whether it has other functions that allow it to be called "adware" is irrelevant.
Ask to see their liquor licence. I don't know what Canada's laws are here regarding the licences required to sell alcohol, but if it's like other places they need a licence to sell liquor. What if you are risking being arrested for drinking in unlicensed premises? You definitely want to cover your butt so you don't get into trouble. So ask to see it before you enter. If they won't show it to you, well it's no problem for you to go elsewhere.
You'll hold up the queue... which is always fun to do. After a while you might "cut a deal" and waive the request if they waive theirs...
80,000 km is not the closest. How about the Grand Teton Meteor of 1972? This one was seen in the US and Canada as a bright daylight fireball. It was very close - about 50 km - but did not hit. Instead, it burned through the atmosphere and went off back into space.
Then there's this one, which is believed to be a meteor that was put into Earth orbit on the first pass, then re-entered 100 minutes later after orbiting the Earth once.
I'm wondering if you have considered replacing the dish with a lighter model. A 100 kg satellite dish is obviously made for permanent mounting, and isn't designed for portability. You should be able to substitute a lighter dish somehow.
There's a sucker born every minute. Spammers make a "living" the same way. Spammers spam to millions, and make all their profit on the miniscule percentage that respond to the offer. The RIAA is doing much the same thing - making a dubious offer to the gullible - and it's not really surprising that the response rates are similar to the response rates for spam.
I would love to get hold of the list of people that have responded to the RIAA's offer. I have a bridge in Brooklyn that I want to sell cheap.
Harvesting? HARVESTING? I hate that term because it implies that the addresses are the spammers' crops and they are simply collecting their own property.
In reality, the spammers are stealing the addresses. So why not use a term that is closer to the mark, such as "address looting", "address pillaging" or "address plundering".
Dictionary.com says: Loot: 1. Valuables pillaged in time of war; spoils. 2. Stolen goods. 3. Informal. Goods illicitly obtained, as by bribery. 4. Informal. Things of value, such as gifts, received on one occasion. 5. Slang. Money.
Pillage: 1. v. tr. To rob of goods by force, especially in time of war; plunder. 2. v. tr. To take as spoils. 3. v. intr. To take spoils by force. 4. n. The act of pillaging. 5. n. Something pillaged; spoils.
Plunder: 1. v. tr. To rob of goods by force, especially in time of war; pillage: plunder a village. 2. v. tr. To seize wrongfully or by force; steal: plundered the supplies. 3. v. intr. To take booty; rob. 4. n. The act or practice of plundering. 5. n. Property stolen by fraud or force; booty.
I had a simple solution to the "Any" key problem that worked a treat. Instead of messages like
"Press any key to continue"
I reworded the message slightly in some of my applications:
"Press a key to continue"
It works great. The experienced users know what to do, and the users who can't find the "any" key will have more success when they try to find the "a" key.
In order that the method should not be fooled by simple changes
How about doing the comparison on the binaries? That would ignore whitespace, would compare at the statement level, and would replace variable names and routine names by standard placeholders.
Somehow, saying "First actual case of bug being found" seems fake to me.
No, the term "bugs" meaning "faults in a system" was in use at that time. There's mention of "bugs" as faults in a system in one of Asimov's robot stories from 1940.
The Bulk Club does not promote any portion of this site via bulk email period. It is against our hosting providers terms of service to do so and we will not tolerate anyone who abuses these rules on our web site.
Hmm... You thinking what I'm thinking?
1. Write bulk e-mail software 2. Loot e-mail addresses from the Net (spammers are so quaint when they say they "harvest" e-mail addresses....) 3. Spamvertise "TheBulkClub.com"
We can pretend that TheBulkClub.com is a website for penis enlargement pills. I mean the name is just asking for trouble....
4. Wait for the site to be shut down for violating the TOS for the bandwidth provider.
Muhahaha!
And now for my next trick.... inventing a gun that can use luncheon meat for ammunition.
Think of the ways that you can defeat this scheme: * Print out the document and send it however you like. I suspect that printing may be one of the permissions granted under this scheme.
* Take screenshots and send the images as JPEGs. That probably won't work. Microsoft have already done this kind of thing in the past. If, for example, you hit the PRINT SCREEN button while Windows Media Player is running, WMP will only return a black screen instead of a frame from the movie.
Even if you were to take screenshots with a digital camera, that assumes that you have the permissions to read the document in the first place.
* Use the built-in fax modem to fax it somewhere. * Copy the text into the clipboard and paste it into another app. Same deal - such permissions may be covered by the scheme.
The exploits are endless. You'd have to cripple the entire operating system while the document is open. Have you heard of "Longhorn"? I understand that it's going to be a whole OS with "permissions" and "trusted computing" built into it. With the permissions and trust being decided by Microsoft, not you.
I have 2 lines of code which are completely indentical to 2 lines of code in 2.6.
Oh yes... I have also written lots of lines of code that are identical to lines of code in the Linux kernel.
Here's one: } Here's another: { Here's another:... and Bingo! I think I'll charge everyone US$9,999/CPU for Linux licenses, with a 100% discount if you don't work for Microsoft and your Linux deployment is not in premises owned by Microsoft. Yeah.
Not much wrong with SMTP, just use teergrubing
on
Replacing SMTP?
·
· Score: 2, Insightful
There's not a lot wrong with SMTP. The trouble is that SMTP is always implemented so it delivers mail as fast as possible. And that's the problem.
Judicious teergrubing (intentional slowing of responses; teergrube is German for tarpit) can alleviate many problems.
For example, let's examine the Rumplestiltskin attack (a form of dictionary attack to guess e-mail addresses). The trouble here is that most mail servers send back their "No such account" response immediately, so an attacker can try about 5-15 addresses a second. If the mail server was programmed to wait 5 seconds before sending back the response, then the Rumplestiltskin attack would be slowed down by about 50 times. Even better would be to make the delay longer and longer for repeated attempts from the same IP. This way, a normal user with a couple of dud e-mail addresses is not harmed much, but the Rumplestiltskin attack eventually gets bogged down in the tarpit. We have a 3 second delay at the login prompt if we enter the wrong password, so why not a delay at the mail server for incorrect e-mail addresses?
Another way to slow the spam is to teergrube *all* e-mail connections so all email takes a few minutes to send. Legitimate users aren't harmed much by this, but spammers are hurt a lot. Spammers rely on speed to send all their e-mail, and if we slow them down we can hurt them.
Then there's the question of what happens if a spammer sends another RCPT or other similar packet before receiving the response from the first? SMTP can legally drop the connection because such command buffering may be "unsupported". So the spammer must be teergrubed or must experience a *lot* of dropped connections.
There's no need to replace SMTP yet. Instead, we use the tools we have in a slightly different way, and the spammer can be inconvenienced a lot.
The first amendment to the American constitution does *not* give anyone the right to force others to listen, nor does it give people the right to break other laws to exercise their first amendment rights.
This is the main reason its so hard to pass a federal law to stop spam.
No - the reason why it is so hard to pass a law is the fierce lobbying from vested interests such as the Direct Marketing Association. The DMA have stopped several anti-spam laws from being passed, and they will continue to oppose any anti-spam law that will prevent *them* from spamming you.
Milonic's Woolley said the senator's unlicensed use of his software was just "the tip of the iceberg." He said he knows of at least two other senators using unlicensed copies of his software, and many big companies.
Continental Airlines, for example, one of the largest airlines in the United States, uses Woolley's system throughout its Continental.com website. Woolley said the airline has not paid for the software. Worse, the copyright notices in the source code have been removed.
Can the author of the software use the DMCA to shut down the senator's and Continental's web sites? I heard that all it takes is a copyright infringement notice to the ISP, and the site can be shut down.
He shouldn't have ever been qualified for DSL service
You're missing the point. Telstra's conduct is technically illegal under the Trade Practices' Act.
(emphasis is mine)
53. A corporation shall not, in trade or commerce, in connexion with the supply or possible supply of goods or services or in connexion with the promotion by any means of the supply or use of goods or services-
(a) falsely represent that goods or services are of a particular standard, quality or grade, or that goods are of a particular style or model;
Here, Telstra have falsely claimed that the standard of service that could be provided was of a lower standard than was actually possible, and thus are in technical breach of the law. Whether they are actually complying with their own arbitrary rules is irrelevant.
The rules that they have are probably designed so that they don't falsely claim a higher level of service than is possible. It's been demonstrated in this case that, in spite of their guidelines to the contrary, good service is indeed possible. For them to claim that a good quality service is *not* possible is where the problem lies, and where they are in the poo legally.
Nothing will prevent a spammer listing 0.0.0.0/0 as authorized sender addresses
Then you just block that email because the RMX record lists too many valid IPs.
From the RMX document, chapter 7 (Enforcement policy)
Domain owners will still be free to have an RMX record with a network and mask 0.0.0.0/0, i.e. to allow e-mails with that domain from everywhere. On the other hand, mail receivers will be free to refuse mails from domains without RMX records or RMX records which are too loose. Advanced MTAs might have a configuration option to set the maximum number of IP addresses authorized to use a domain. E-mails from a domain, which's RMX records exceed this limit, would be rejected. For example, a relay could reject e-mails from domains which authorize more than 8 IP addresses. That allows to accept e-mails only from domains with a reasonable security policy.
Slashdot Mirror
Of the items you listed. only item 2 is required of spyware. The other are properties of viruses and/or worms.
Not necessarily. Lots of software monitors user activity and connects to the Internet. E-mail programs. Web browsers. We don't want to make the definition too broad, lest we include software that is okay.
What makes software "spyware" IMO is whether this behaviour is done surreptitiously. That is why clause 1 and 3 are there. That way, we narrow the definition and yet have a definition that still includes Gator.
As for viruses and worms, many don't include clause 2.
I agree.
I feel that software is "spyware" if it meets the following tests:
1. Does the software install itself without the user's knowledge or consent?
2. Does it monitor user behaviour of any kind?
3. Does it do this monitoring without the user's consent?
EULAs of other software that has the spyware as a bundle that mention the forced installation of bundled third-party software do not satisfy the consent requirements in (1). IANAL, but I feel that a clause in an EULA that requires a user to enter into a contractual arrangement with an unknown third party is invalid.
For (2), monitoring on its own is not sufficient. It also has to send back information to an external host. However, for the purposes of (2), any encrypted communications to the Internet counts as monitoring until proven otherwise (what is the software doing that requires encryption?)
For (3), it's not sufficient to have this in the EULA, and especially so if the user is not presented with the EULA or the software otherwise installs surreptitiously as defined in (1). EULAs cannot be enforced if the user is not given the opportunity to read them.
If Gator meets these 3 tests, it's spyware. Whether it has other functions that allow it to be called "adware" is irrelevant.
You could be evil if they do this.
... which is always fun to do. After a while you might "cut a deal" and waive the request if they waive theirs...
Ask to see their liquor licence. I don't know what Canada's laws are here regarding the licences required to sell alcohol, but if it's like other places they need a licence to sell liquor. What if you are risking being arrested for drinking in unlicensed premises? You definitely want to cover your butt so you don't get into trouble. So ask to see it before you enter. If they won't show it to you, well it's no problem for you to go elsewhere.
You'll hold up the queue
80,000 km is not the closest. How about the Grand Teton Meteor of 1972? This one was seen in the US and Canada as a bright daylight fireball. It was very close - about 50 km - but did not hit. Instead, it burned through the atmosphere and went off back into space.
Then there's this one, which is believed to be a meteor that was put into Earth orbit on the first pass, then re-entered 100 minutes later after orbiting the Earth once.
When I try following your link, I get redirected to a Japanese casino site that tries to force malware onto me. What's going on here?
I'm wondering if you have considered replacing the dish with a lighter model. A 100 kg satellite dish is obviously made for permanent mounting, and isn't designed for portability. You should be able to substitute a lighter dish somehow.
What does ob mean?
There's a sucker born every minute. Spammers make a "living" the same way. Spammers spam to millions, and make all their profit on the miniscule percentage that respond to the offer. The RIAA is doing much the same thing - making a dubious offer to the gullible - and it's not really surprising that the response rates are similar to the response rates for spam.
I would love to get hold of the list of people that have responded to the RIAA's offer. I have a bridge in Brooklyn that I want to sell cheap.
Harvesting? HARVESTING? I hate that term because it implies that the addresses are the spammers' crops and they are simply collecting their own property.
In reality, the spammers are stealing the addresses. So why not use a term that is closer to the mark, such as "address looting", "address pillaging" or "address plundering".
Dictionary.com says:
Loot:
1. Valuables pillaged in time of war; spoils.
2. Stolen goods.
3. Informal. Goods illicitly obtained, as by bribery.
4. Informal. Things of value, such as gifts, received on one occasion.
5. Slang. Money.
Pillage:
1. v. tr. To rob of goods by force, especially in time of war; plunder.
2. v. tr. To take as spoils.
3. v. intr. To take spoils by force.
4. n. The act of pillaging.
5. n. Something pillaged; spoils.
Plunder:
1. v. tr. To rob of goods by force, especially in time of war; pillage: plunder a village.
2. v. tr. To seize wrongfully or by force; steal: plundered the supplies.
3. v. intr. To take booty; rob.
4. n. The act or practice of plundering.
5. n. Property stolen by fraud or force; booty.
I had a simple solution to the "Any" key problem that worked a treat. Instead of messages like
"Press any key to continue"
I reworded the message slightly in some of my applications:
"Press a key to continue"
It works great. The experienced users know what to do, and the users who can't find the "any" key will have more success when they try to find the "a" key.
"rscheearch" is spelt wrong - I thnik it shuold be "rscheearer"....
In order that the method should not be fooled by simple changes
How about doing the comparison on the binaries? That would ignore whitespace, would compare at the statement level, and would replace variable names and routine names by standard placeholders.
Somehow, saying "First actual case of bug being found" seems fake to me.
No, the term "bugs" meaning "faults in a system" was in use at that time. There's mention of "bugs" as faults in a system in one of Asimov's robot stories from 1940.
The Bulk Club does not promote any portion of this site via bulk email period. It is against our hosting providers terms of service to do so and we will not tolerate anyone who abuses these rules on our web site.
... You thinking what I'm thinking?
.... inventing a gun that can use luncheon meat for ammunition.
Hmm
1. Write bulk e-mail software
2. Loot e-mail addresses from the Net (spammers are so quaint when they say they "harvest" e-mail addresses....)
3. Spamvertise "TheBulkClub.com"
We can pretend that TheBulkClub.com is a website for penis enlargement pills. I mean the name is just asking for trouble....
4. Wait for the site to be shut down for violating the TOS for the bandwidth provider.
Muhahaha!
And now for my next trick
Think of the ways that you can defeat this scheme:
* Print out the document and send it however you like.
I suspect that printing may be one of the permissions granted under this scheme.
* Take screenshots and send the images as JPEGs.
That probably won't work. Microsoft have already done this kind of thing in the past. If, for example, you hit the PRINT SCREEN button while Windows Media Player is running, WMP will only return a black screen instead of a frame from the movie.
Even if you were to take screenshots with a digital camera, that assumes that you have the permissions to read the document in the first place.
* Use the built-in fax modem to fax it somewhere.
* Copy the text into the clipboard and paste it into another app.
Same deal - such permissions may be covered by the scheme.
The exploits are endless. You'd have to cripple the entire operating system while the document is open.
Have you heard of "Longhorn"? I understand that it's going to be a whole OS with "permissions" and "trusted computing" built into it. With the permissions and trust being decided by Microsoft, not you.
Ah, then you must be the guy who successfully made a computer network out of a barbed wire fence.
Yep, and it also works well if you encode numbers like this:
Your digits are -1, 0, 1 (which I will simplify as -, 0, +)
Your place values are powers of 3
Then your numbers are easy to express:
5 = +-- = 9 - 3 - 1
-17 = -+0+ = -27 + 9 + 0 + 1
etc.
Don't forget what happened next in the Matrix.
The bad guys intentionally put a bug in, the good guys had to remove the bug, then the good guys removed the whole thing....
I have 2 lines of code which are completely indentical to 2 lines of code in 2.6.
... I have also written lots of lines of code that are identical to lines of code in the Linux kernel.
... and Bingo! I think I'll charge everyone US$9,999/CPU for Linux licenses, with a 100% discount if you don't work for Microsoft and your Linux deployment is not in premises owned by Microsoft. Yeah.
Oh yes
Here's one:
}
Here's another:
{
Here's another:
There's not a lot wrong with SMTP. The trouble is that SMTP is always implemented so it delivers mail as fast as possible. And that's the problem.
Judicious teergrubing (intentional slowing of responses; teergrube is German for tarpit) can alleviate many problems.
For example, let's examine the Rumplestiltskin attack (a form of dictionary attack to guess e-mail addresses). The trouble here is that most mail servers send back their "No such account" response immediately, so an attacker can try about 5-15 addresses a second. If the mail server was programmed to wait 5 seconds before sending back the response, then the Rumplestiltskin attack would be slowed down by about 50 times. Even better would be to make the delay longer and longer for repeated attempts from the same IP. This way, a normal user with a couple of dud e-mail addresses is not harmed much, but the Rumplestiltskin attack eventually gets bogged down in the tarpit. We have a 3 second delay at the login prompt if we enter the wrong password, so why not a delay at the mail server for incorrect e-mail addresses?
Another way to slow the spam is to teergrube *all* e-mail connections so all email takes a few minutes to send. Legitimate users aren't harmed much by this, but spammers are hurt a lot. Spammers rely on speed to send all their e-mail, and if we slow them down we can hurt them.
Then there's the question of what happens if a spammer sends another RCPT or other similar packet before receiving the response from the first? SMTP can legally drop the connection because such command buffering may be "unsupported". So the spammer must be teergrubed or must experience a *lot* of dropped connections.
There's no need to replace SMTP yet. Instead, we use the tools we have in a slightly different way, and the spammer can be inconvenienced a lot.
For more information on teergrubing, go here.
The first amendment to the American constitution does *not* give anyone the right to force others to listen, nor does it give people the right to break other laws to exercise their first amendment rights.
This is the main reason its so hard to pass a federal law to stop spam.
No - the reason why it is so hard to pass a law is the fierce lobbying from vested interests such as the Direct Marketing Association. The DMA have stopped several anti-spam laws from being passed, and they will continue to oppose any anti-spam law that will prevent *them* from spamming you.
It's true anytime someone comes up with a good idea MS goes ahead and builds it into their OS.
Maybe we've finally found a GOOD use for software patents? To stop M$ doing just that?
Milonic's Woolley said the senator's unlicensed use of his software was just "the tip of the iceberg." He said he knows of at least two other senators using unlicensed copies of his software, and many big companies.
Continental Airlines, for example, one of the largest airlines in the United States, uses Woolley's system throughout its Continental.com website. Woolley said the airline has not paid for the software. Worse, the copyright notices in the source code have been removed.
Can the author of the software use the DMCA to shut down the senator's and Continental's web sites? I heard that all it takes is a copyright infringement notice to the ISP, and the site can be shut down.
You're missing the point. Telstra's conduct is technically illegal under the Trade Practices' Act.
(emphasis is mine)
Here, Telstra have falsely claimed that the standard of service that could be provided was of a lower standard than was actually possible, and thus are in technical breach of the law. Whether they are actually complying with their own arbitrary rules is irrelevant.
The rules that they have are probably designed so that they don't falsely claim a higher level of service than is possible. It's been demonstrated in this case that, in spite of their guidelines to the contrary, good service is indeed possible. For them to claim that a good quality service is *not* possible is where the problem lies, and where they are in the poo legally.
Disclaimer; IANAL.
Then you just block that email because the RMX record lists too many valid IPs.
From the RMX document, chapter 7 (Enforcement policy)