One further issue. Let's say we do have a spam law. Maybe it even requires double-opt-in. Now I get a piece of spam. Just how am I suppose to see that this guy gets fined? Step 1. Trace it to an ISP. Step two. Get a court order to release the identity of the spammer. Step three. Take him to court. For $500?
Or am I expected to just report it to the federal government and let them sue?
Any law that legitimizes opt-out mailings is going to make life hell. Everyone will be selling mailing lists. Every company will be sending you email. Every email will require a different mechanism to get off the list. But it will only get you off one list, in the meantime your name will have been sold elsewhere. Don't believe me? Go sign up at JackPot.Com and see how much fun you have getting off the lists that they don't own, but which they sent your address to before they even sent you mail. (No, I didn't sign up, but someone signed up using my email address.)
UCE vs. UCPM. People use the price argument (email costs the recipient), but it's not a strong argument. The stronger argument is scalability. *Everybody* can afford to email every email address on the planet. And everybody will. With paper mail at least there is some level of cost which makes it expensive to run, and encourages cleaning lists of bad addresses.
Finally. Opt-in. Web-based opt-in is a farce. There's no way to prove who entered the address. If you think phone-slamming is a problem, you haven't seen anything else. If we don't require positive confirmation of email addresses (no reply, address gets tossed), then we're going to find that legalized opt-in is no different than legalized opt-out.
Somewhere.Com - Two million bounces served every year.
This is a hard thing to explain to people who don't code, since they don't see, and don't understand, what goes on inside a program. But it's clear enough to anyone who can compare two programs that approach the same task in different ways.
The best analogy I can come up with (and it's not very good) is with a piece of active sculpture. Perhaps one of those ball and bucket ones you see in airports, or any type of moving sculpture. They do things, they have a function. But they also have an underlying beauty. Some of them are good, some of them are not, but nobody would argue that they aren't an expression and a statement by the artist. Code is like that. There are an infinite number of ways of saying something with code, but how you say is the difference between something that is elegant and a joy to read, and something that is ugly and unreadable.
People get fooled by the term "Computer Science". They think programming is something that is repeatable. That programers can be plugged in and out. But the best programmers are clearly artists. And the best programmers often never took any of those computer "science" courses.
It is quite beyond me why Sagan-bashing is so fashionable, but as an astronomer, I can assure you that Sagan's science was impeccable.
Whoa! I did not intend to bash Sagan (or Philip) with that statement. I just meant to say that they were not the originators of many of the concepts they popularized.
Perhaps I should have referred to Asimov's science writing instead. (But no doubt that would get me shot down for something I didn't know about Asimov.)
Certainly I'm looking at this with the benefit of my hindsite--having lost control of my own consulting company several years ago. But I think Philip should have a been a little bit less naive about some of these things. I also feel that there's a bit of ego and fact stretching involved in the description of aD, although perhaps I'm just missing some of the facts.
Philip claims he built the whole thing on a $10,000 investment. But if you read his books, he started off with some extremely high-end machines and Oracle databases, which certainly were worth more than $10k. It's never been entirely clear to me where his free MIT stuff left off and his company began.
He touts his stuff as open source. But in fact the AOL Server wasn't open source. What was open was the fact that it was written in tcl, which by definition is customer-editable. The advantages of Open Source are two-fold. One is customer modification. The other is a widespread development community. I don't see the latter with ACS. And the former isn't an open-source attribute as much as an attribute of using an extension language. He could have used VBScript and said the same thing.
He cites his books as indications of being a thought leader. I will certainly grant that he does an excellent job of pulling things together and presenting them well. Database-Backed Web Sites is an excellent book and I highly recommend it. But he's no more a thought-leader in that than Carl Sagan was in astronomy--he's just the person who can pull together existing best processes and write them down.
"I was still CEO and beginning to feel nervous that, for every task in the company, I could not say exactly who was supposed to do what and by when." I should hope not. That's not the CEO's job. In an 80-person company even the President isn't likely to know that down to the per-person level. If you're worried about that, you're micro-managing.
"Product Development". This is the bane of any consulting company. They all think that if they can just productize the tools they use, then everything will be repeatable and much cheaper. Been there, haven't done that. I've never seen it work. Consulting companies are not structured like product companies. They have different kinds of people, different kinds of demands, different kinds of customers and different kinds of schedules. Trying to turn consulting into products can kill a company.
Why on earth did he bring in a CEO without filling the two additional board positions? Maybe it's a hindsight thing. I've been through starting a consulting company and then losing control to the new CEO myself. But we went into it with open eyes, we didn't have the monetary position where we could have retained control. But in this case, the opportunity was there, but thrown away.
You don't grow from 80 people to 200 people in one year efficiently. The fact that Philip was still concerned about what people were doing day-to-day makes it clear that he was managing projects without a lot of intermediate managers. Building the infrastructure to handle a larger company is going to make the company less efficient. If you truly are going to get into the products business, the company is going to get even less efficient. You're going to be hiring more and more people who are not producing income directly, but who cost a lot of money. That's life in the product world. That's life in a large consulting firm.
"I was injuring their self-esteem it was better if they just turned a deaf ear." Here I'm on the same wavelength. Welcome to the difference between corporate america and hacker america. If you've grown up in the hacker community, then you know perfectly well that you an have a knock down, drag out, flame fight today... and tomorrow work together as best of friends, with one of you having surrendered the position, or the topic just being left as not worth pursuing, or whatever. Hit the world of suits and you'll discover that people hold grudges for a very long time. Everything has to be couched in positive terms, and you never say things exactly the way you mean them. And yes, not holding board meetings is a classic way to get around having unruly techies on your board.
I don't understand this surprise at a model that shows them shipping product or else going bankrupt. Philip wants to grow the product slowly. If that's the case, why on earth did he bring in VC financing? The VC model is not slow growth. The VC model tends to be "bet the farm". More importantly, he should have gone to the VCs with a business plan and made sure that everyone agreed with the business plan. He should have had the CEO and the board in place before going to the VCs. Otherwise you're walking up and saying "here's a bunch of good people and a revenue stream, do what you want with it."
Growing a consulting company past the "everyone is a consultant" stage is not easy. Converting a consulting company to a product company is virtually impossible. And bringing in VCs without having the techies lose control is impossible.
The machinations and intrigue Philip describes are not only not unusual, they are in my experience, rather tame. I've seen screaming matches, resignation threats, revenue boosting using pass-through sales, pumped up Forester reports using a friend-of-a-friend, court-suit threats, asset sales, harassment, incompetence.... and a hundred other things that make life at a growing startup so interesting. I've even worked at a place that had a psychologist on call to mediate differences between the founders--the same place that tried to make taking ritalin a condition of my continued employment.
But fundamentally, you need to realize that when you bring in VC financing and a new CEO--you have lost control of the company. Who holds the most shares does not matter, you've given up the reins. All you can do now is go along for the ride.
Opt-in is not enough - it has to be double opt-in
on
Opt-in vs. Opt-out
·
· Score: 1
Anyone who think that opt-in is sufficient, clearly hasn't been on the wrong end of a spammer's ire.
For instance. Somebody went to JackPot.Com and signed me up for all of their mailing lists. Within minutes JackPot.Com had sent my email address to a dozen different companies. When I complained, they promptly took my name off of my list (or as they put it, they "canceled my subscription", which of course assumes that I had subscribed in the first place.) But taking my name off of their list did *not* take my name off of any other list. Their partner's in this are still happily sending me email. Nobody told *them* to take me off *their* lists.
Or checkout all the email somewhere.com gets. When I spend time tracking down some offenders, I often find it's an "opt-in" mailing list that either isn't checking for bounces, or not being particularly good about cleaning the list from the bounce info they get.
The problems with spam go far beyond deleting a "few" messages from your inbox. A far larger problem is all the bounces and network traffic it creates. Not to mention stolen resources on relay machines (if the spammers ever start using tools to break into machines and install relays...), and the hundreds of people (yes, some ISPs really have to hire that many people) to deal with the abuse complaints.
Opt-in alone is not viable. You *must* have positive confirmation from the email owner before you can use their email address or any other information about it for anything other than that initial confirmation. No response? Delete the information.
And I would go one step further. You must confirm, at least once a year, that the person still wants an account. You can give that one a longer time before deleting the account (they might be on vacation, for instance), but you have to check. You need to do this, if for no other reason, because of address churn. People leave ISPs, they leave companies. New people come. They inherit and old email address. But that email address is still getting lots of old mailing list information. They have no clue how to get off, they probably aren't even given enough information to figure out how to get off.
I should have been more precise. When I used scripting in that context I meant (as with PHP) a language that is embedded in the HTML. JSP is like Embperl in that you have full access to the language (Java vs. Perl) along with some short cuts which expand to the language, but which are tailored to the environment.
A proper comparison would have been PHP, JSP and Perl environments such as Perl ASP, Mason or (my favorite) Embperl. For a more detailed (and wider-spread) comparison, see Web Scripting Tools - Compare and Contrast.
That kind of response would end spam in an instant.
End spam? It might slow spam from legit businesses. But what about all the fly-by-night operations? What about all the stuff routed through china, korea and the former eastern block? What about the mailing lists that never check for bounces? The idiots of put up "fake" email addresses on web sites, only to end up subscribing someone else to the list?
Somewhere.Com gets more than 2 million messages a year--all to non-existent addresses. (See SpamWatcher's realtime log). Legislation isn't going to solve spam. Court suits aren't going to stop spam.
Every bit helps. And certainly anything that educates legitimate businesses is a boon. (I just had to explain to a web site operator why using a web form and open mail relays to run an "anonymous mail service" was not a legitimate business model.) But there's no magic bullet.
Go read Tog's article (www.asktog.com) on what ReplayTV did, and what that means for subscription software. Once you subscribe to software, you lose the ability to freeze your features, to always get what you expect, and to vote with your wallet by not buying and upgrade.
Now look at privacy policies like Microsoft's. Sure they've "fixed" it. But I note that they haven't removed this piece.
Microsoft reserves the right to change the terms, conditions, and notices under which the Passport Web Site and Passport Services are offered. You are responsible for regularly reviewing these terms and conditions. Continued use of the Passport Web Site or Passport Services after any such changes shall constitute your consent to such changes.
In other words. They can always put it back to what it was before, and they won't tell you, and you will have "consented" if you continue to use it after they change it. (I see they at least got rid of the statement that using the web site at all constituted agreement--that would have meant that the act of reading the text was considered agreement.)
Web services are nothing more than subscription software sites. And privacy agreements can be "upgraded" at anytime. Show me one site that promises that their privacy agreement will never become less restrictive. And if you can, promise me that the agreement will survive a bankruptcy proceeding or even a sale of the company.
You have no privacy guarantees, on the web or off. In fact, it's worse off the web - see this Red Rock Eater Digest analysis of the new medical privacy rules, and then consider going to Defend Your Privacy and filling out the petition there.
But don't worry. Your video rental records are secure.
Re:Two things that alone is enough to use zsh
on
To Z Or Not To Z
·
· Score: 1
The poster didn't give what I'd consider the best example.
cdpath=(. $HOME/usr/local/usr/local/www )
Now if I say
cd foo
It will look in the cdpath and take me to the first "foo" it finds in it.
WRT the person who asks about the danger of ** (also one of my favorite zsh features).
** behaves just like *. To trigger the recursion you do **/*, or **/*.c and so on. **/* will search the current directory too, which is slightly non-intutitive, but it's a wonderful feature.
I've been using zsh for at least 10 years now. And while other shells do have some of its features, none of them give me so much power with so few keystrokes.
You don't own the bits. That's RIAA's position, and that's the reason MP3.Com's MyMP3 service got sued. If you owned the bits, then it would have been perfectly legal.
The following is from a conversation I had with a RIAA rep:
nazgul@somewhere.com: Finally, I'm curious about the legality of the following. If I take a CD over to a friend's house to tape (let's say he has a better tape recorder than I do), then so long as I only use that tape for my own personal use, that's fair use, correct? What if I go to his house with my CD and it turns out that he owns the same CD, and it's in his player, so instead of making a copy of my CD, I make a copy of his? Did we just break the law? Which of us did?
JSimson@riaa.com: Your example regarding the "copying of CD's" poses the question well: it is
technically infringing - when you make your copy from his CD.
nazgul@somewhere.com:
So it's the atoms that matter, not the bits.
nazgul@somewhere.com: When I posed my original question it was because I had gradually been ripping my CD's to MP3's in order to more easily listen to them at home and at work. I'd done about 30 CDs at the time. Since then of course, MP3.Com introduced their my.mp3.com service, saving me many hours of processing and gigabytes of storage. I have over 300 CDs that I can now access online (my only annoyance is that my wife and I can't listen at the same time, but that restriction is understandable). In the past few months I've listened to hundreds of albums that I hadn't had time to listen to for years. The ability to play my songs randomly and/or by genre greatly expands what I'll listen to--what's too much by album may be just fine scattered in the middle of 3000+ tracks. I've rediscovered artists and songs I'd completely forgotten, causing me to search out what they've released since I first heard them.
nazgul@somewhere.com: For my sake, and the sake of the recording artists who will benefit from greater use of their material by their legal licensees, I sincerely hope you lose your suit against MP3.Com.
nazgul@somewhere.com: I strongly recommend you read "Code and Other Laws of Cyberspace" by Lawrence Lessig. If you lose the fair use battle, you will be sorely tempted to take the "code" route, as was done with DAT. Think about the impact on society before you do. Limiting a licensees personal use of licensed information is beneficial to neither licensee nor licensor. And concern about atoms should definitely be left in the 1900's.
Needless to say, I did not receive a response to my final email message. Of course with MyMP3 shutdown, I had to give up on that. Instead I ripped all my CDs myself and now anyone can listen to them via Live365. How this was a win for the record company, I have no idea. http://www.somewhere.com/radio.pls"
I certainly use Dilbert as a measure of a company. I knew the company I co-founded was in trouble when I started seeing Dilbert cartoons appear. And now that I'm working from home as a consultant, I use the number of Dilbert cartoons at client sites as an indicator of how much politics I'm going to have to deal with.
It's not that obvious of course, it depends on the person. To me programming and system architecture are an art. I spend a lot of time working with clients trying to find the right software architecture to match their organizational needs, or trying to match their security requirements to what their corporate culture will bear. From that standpoint, I don't regret my BA in Anthropology at all. College taught me how to learn, Anthropology (and Psych) taught me about cultures and personalities. And since software is typically designed for *people*, that background is very helpful.
I've known great CS majors (my wife has a masters in CS). But with one exception, the best programmers and architects I know were dropouts or majors in completely different fields (Nuclear Physics, Philosophy...).
The key to college is learning how the world works. If you can pick up skills on your own, then don't bother with CS. If you feel more comfortable with formal learning, then by all means take it--but don't focus on it exclusively.
When I've worked somewhere without enough desk space I usually end up with piles of paper on the floor. That said--I am neater when there is less flat space to put things, but there's a limit, and that office space crosses it.
My ideal office is the one I have. The kitchen's down the hall, the library is next door, and I can watch the kids playing in the back yard. All I need to do now is move the machines into the basement and just keep the monitors here so that I don't get quite so much noise.
First it was the record companies, shutting down MyMP3 because they claim that you've licensed the atoms, not the bits, and that making a copy of somebody else's CD is not the same as making a copy of the one you own.
And now Microsoft is playing the same game. Amazing.
What isn't viable is lots of multi-million dollar financed B2C companies. There's no reason you can't set up a small company with a small but loyal clientele and offer something the big guys offer. Maybe you add some local touch they don't. Maybe you actually use them as the back-end. Just don't expect to get rich.
Last I checked PayPal required the payer to have a PayPal account.
More critically, the extra layer loses accountability. Someone used PayPal to set up an account on a credit card number stolen from me. Then payed out the maximum (probably to themselves). Paypal refused to tell either me *or* my credit card company who was paid.
You should be able to get it from any Perl respository. It makes your Apache server treat directoryname.pls as a playlist, and returns a list of streaming mp3 links suitable for WinAmp or your favorite player. Not fancy, but works well.
How odd. If it's not X, it must be M$ware? Expand your world-view a bit. There have been many other, networked and non-networked, window systems for Unix machines. Sun had two. Apollo had one. SGI of course had graphics systems that could blow the doors off anything you see under X. There were dozens of others. With the exception of Sun's NEWS system, none of them had the performance constraint of handing off all the processing to a separate process via badly designed RPC. All the performance hacks to X (sound, video...) have required bypassing that protocol (and thus losing the remote capabilities). And, contrary to what another poster said, this has nothing to do with desktops. The question is whether X hurts Unix. And there is no question at all that it hurts peformance. The only thing X gives you that another remote-control mechanism wouldn't is the ability to run specific applications remote, and the ability to run multiple users remotely off a single machine. Those are useful in a client/server environment. They aren't useful on an end-user desktop.
That was exactly what I did after posting my note here. I wish I had some of the content that was sent instead of just the logs. In the future I'm going to start bouncing messages but collecting the headers and some of the body.
All that does is cause a lot of work for a lot of people who had nothing to do with the spam.
Sites like http://www.spamcop.com/, or http://www.spamwatcher.com/ (which I'm in the process of setting up now--don't expect much) will help you track the sender, and who to report the problem to. You want to complain to the ISP where the spam originated. You want to complain to the hosting provider of any URLs mentioned. You want to send a warning note to the relay, telling them that their mailer is misconfigured. The rest of the addresses should be ignored.
These headers are nearly always forged: To: buddapest@LoadMail.com From: auto65686@hushmail.com Message-ID: The key is to look at the received headers. They track the message as it goes from one machine to the next. Most, but not all, mail servers record the IP address of the sending machine, and there is no way to forge that. So the goal is to find the first real machine to receive the email, and see where it got the mail from. That machine will typically either be one of yours, or it will be some (idiot) machine which left its mail software open for others to use as a relay. In the latter case, it's worth notify the that company, as well as the originating ISP.
Here are the Received headers in order: Received: from h11.mail.home.com ([24.0.95.45]) by mail.rdc2.pa.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id for (DELETED) Sat, 1 Jul 2000 06:46:51 -0700 Received: from mx11-rwc.mail.home.com (mx11-rwc.mail.home.com [24.0.95.29]) by h11.mail.home.com (8.9.3/8.9.0) with ESMTP id GAA25694 for (DELETED); Sat, 1 Jul 2000 06:46:51 -0700 (PDT) Received: from mx04.netaddress.usa.net (mx04.netaddress.usa.net [204.68.24.141]) by mx11-rwc.mail.home.com (8.9.1/8.9.1) with SMTP id GAA20861 for (DELETED); Sat, 1 Jul 2000 06:46:50 -0700 (PDT) Received: (qmail 4654 invoked by uid 0); 1 Jul 2000 13:46:00 -0000 Couldn't parse (qmail 4654 invoked by uid 0); 1 Jul 2000 13:46:00 -0000. Received: from gsnonweb.com [194.90.101.35] by mx04 via mtad (34FM1.5.01) with ESMTP id 143egaNtx0454M04; Sat, 01 Jul 2000 13:45:58 GMT Received: (apparently) from localhost ([216.8.12.174]) by gsnonweb.com with Microsoft SMTPSVC(5.5.1877.197.19); Sat, 1 Jul 2000 10:29:50 +0300
If we ignore the forgeable names, that makes a chain, and for element in the chain we can look it up and make sure that the chain makes sense.
From: 216.8.12.174 (la-ip-1-174.dynamic.ziplink.net) To: gsnonweb.com (194.90.1.6) From: 194.90.101.35 (gsnews.gsnonweb.com) To: mx04 via mtad (34FM1.5.01) (Unknown) From: 204.68.24.141 (mx04.netaddress.usa.net) To: mx11-rwc.mail.home.com (24.0.95.29) From: 24.0.95.29 (mx11-rwc.mail.home.com) To: h11.mail.home.com (24.0.95.45) From: 24.0.95.45 (h11.mail.home.com) To: mail.rdc2.pa.home.com (24.12.106.196)
So the spammer probably sent from 216.8.12.174 (la-ip-1-174.dynamic.ziplink.net). And gsnonweb.com (194.90.1.6) is probably a system with an open relay.
Here is information on the ISP that owns the domains in question.
Spammer: 216.8.12.174 (la-ip-1-174.dynamic.ziplink.net) Ziplink Inc. (NETBLK-NET-ZIPLINK2) 900 Chelmsford St., Tower 1, 5th Floor Lowell, MA 01851 US
Record last updated on 16-Nov-1999. Database last updated on 14-Jul-2000 18:30:27 EDT.
The ARIN Registration Services Host contains ONLY Internet Network Information: Networks, ASN's, and related POC's. Please use the whois server at rs.internic.net for DOMAIN related Information and whois.nic.mil for NIPRNET Information.
I have mail logs of over 1000 postings from YesMail to email addresses @somewhere.com that never existed. So not only do they accept email addresses without verification, they don't clean their lists of bounces--every one of those messages bounced, yet they keep sending to them.
The real scam though, is that they are charging customers for mail sent to those addresses.
And of course, YesMail never responded to any of my complaints.
X as a remote connect protocol is handy, but only in a server environment. Unix as a desktop does not need it--there are plenty of other ways to do remote control on non-remote Window systems.
I agree, X should go. It should never have come. When it came out it set the entire Workstation graphics community back an entire processor generation, and graphics performance has never truly recovered.
Slashdot Mirror
One further issue. Let's say we do have a spam law. Maybe it even requires double-opt-in. Now I get a piece of spam. Just how am I suppose to see that this guy gets fined? Step 1. Trace it to an ISP. Step two. Get a court order to release the identity of the spammer. Step three. Take him to court. For $500?
Or am I expected to just report it to the federal government and let them sue?
By that argument it's unconstitutional for the federal government to charge postage.
- Any law that legitimizes opt-out mailings is going to make life hell. Everyone will be selling mailing lists. Every company will be sending you email. Every email will require a different mechanism to get off the list. But it will only get you off one list, in the meantime your name will have been sold elsewhere. Don't believe me? Go sign up at JackPot.Com and see how much fun you have getting off the lists that they don't own, but which they sent your address to before they even sent you mail. (No, I didn't sign up, but someone signed up using my email address.)
- UCE vs. UCPM. People use the price argument (email costs the recipient), but it's not a strong argument. The stronger argument is scalability. *Everybody* can afford to email every email address on the planet. And everybody will. With paper mail at least there is some level of cost which makes it expensive to run, and encourages cleaning lists of bad addresses.
- Finally. Opt-in. Web-based opt-in is a farce. There's no way to prove who entered the address. If you think phone-slamming is a problem, you haven't seen anything else. If we don't require positive confirmation of email addresses (no reply, address gets tossed), then we're going to find that legalized opt-in is no different than legalized opt-out.
Somewhere.Com - Two million bounces served every year.This is a hard thing to explain to people who don't code, since they don't see, and don't understand, what goes on inside a program. But it's clear enough to anyone who can compare two programs that approach the same task in different ways.
The best analogy I can come up with (and it's not very good) is with a piece of active sculpture. Perhaps one of those ball and bucket ones you see in airports, or any type of moving sculpture. They do things, they have a function. But they also have an underlying beauty. Some of them are good, some of them are not, but nobody would argue that they aren't an expression and a statement by the artist. Code is like that. There are an infinite number of ways of saying something with code, but how you say is the difference between something that is elegant and a joy to read, and something that is ugly and unreadable.
People get fooled by the term "Computer Science". They think programming is something that is repeatable. That programers can be plugged in and out. But the best programmers are clearly artists. And the best programmers often never took any of those computer "science" courses.
Whoa! I did not intend to bash Sagan (or Philip) with that statement. I just meant to say that they were not the originators of many of the concepts they popularized.
Perhaps I should have referred to Asimov's science writing instead. (But no doubt that would get me shot down for something I didn't know about Asimov.)
Growing a consulting company past the "everyone is a consultant" stage is not easy. Converting a consulting company to a product company is virtually impossible. And bringing in VCs without having the techies lose control is impossible.
The machinations and intrigue Philip describes are not only not unusual, they are in my experience, rather tame. I've seen screaming matches, resignation threats, revenue boosting using pass-through sales, pumped up Forester reports using a friend-of-a-friend, court-suit threats, asset sales, harassment, incompetence.... and a hundred other things that make life at a growing startup so interesting. I've even worked at a place that had a psychologist on call to mediate differences between the founders--the same place that tried to make taking ritalin a condition of my continued employment.
But fundamentally, you need to realize that when you bring in VC financing and a new CEO--you have lost control of the company. Who holds the most shares does not matter, you've given up the reins. All you can do now is go along for the ride.
Anyone who think that opt-in is sufficient, clearly hasn't been on the wrong end of a spammer's ire.
For instance. Somebody went to JackPot.Com and signed me up for all of their mailing lists. Within minutes JackPot.Com had sent my email address to a dozen different companies. When I complained, they promptly took my name off of my list (or as they put it, they "canceled my subscription", which of course assumes that I had subscribed in the first place.) But taking my name off of their list did *not* take my name off of any other list. Their partner's in this are still happily sending me email. Nobody told *them* to take me off *their* lists.
Or checkout all the email somewhere.com gets. When I spend time tracking down some offenders, I often find it's an "opt-in" mailing list that either isn't checking for bounces, or not being particularly good about cleaning the list from the bounce info they get.
The problems with spam go far beyond deleting a "few" messages from your inbox. A far larger problem is all the bounces and network traffic it creates. Not to mention stolen resources on relay machines (if the spammers ever start using tools to break into machines and install relays...), and the hundreds of people (yes, some ISPs really have to hire that many people) to deal with the abuse complaints.
Opt-in alone is not viable. You *must* have positive confirmation from the email owner before you can use their email address or any other information about it for anything other than that initial confirmation. No response? Delete the information.
And I would go one step further. You must confirm, at least once a year, that the person still wants an account. You can give that one a longer time before deleting the account (they might be on vacation, for instance), but you have to check. You need to do this, if for no other reason, because of address churn. People leave ISPs, they leave companies. New people come. They inherit and old email address. But that email address is still getting lots of old mailing list information. They have no clue how to get off, they probably aren't even given enough information to figure out how to get off.
I should have been more precise. When I used scripting in that context I meant (as with PHP) a language that is embedded in the HTML. JSP is like Embperl in that you have full access to the language (Java vs. Perl) along with some short cuts which expand to the language, but which are tailored to the environment.
PHP and JSP are scripting environments.
Perl CGI is a programming language and library.
A proper comparison would have been PHP, JSP and Perl environments such as Perl ASP, Mason or (my favorite) Embperl. For a more detailed (and wider-spread) comparison, see Web Scripting Tools - Compare and Contrast.
End spam? It might slow spam from legit businesses. But what about all the fly-by-night operations? What about all the stuff routed through china, korea and the former eastern block? What about the mailing lists that never check for bounces? The idiots of put up "fake" email addresses on web sites, only to end up subscribing someone else to the list?
Somewhere.Com gets more than 2 million messages a year--all to non-existent addresses. (See SpamWatcher's realtime log). Legislation isn't going to solve spam. Court suits aren't going to stop spam.
Every bit helps. And certainly anything that educates legitimate businesses is a boon. (I just had to explain to a web site operator why using a web form and open mail relays to run an "anonymous mail service" was not a legitimate business model.) But there's no magic bullet.
Now look at privacy policies like Microsoft's. Sure they've "fixed" it. But I note that they haven't removed this piece.
In other words. They can always put it back to what it was before, and they won't tell you, and you will have "consented" if you continue to use it after they change it. (I see they at least got rid of the statement that using the web site at all constituted agreement--that would have meant that the act of reading the text was considered agreement.)Web services are nothing more than subscription software sites. And privacy agreements can be "upgraded" at anytime. Show me one site that promises that their privacy agreement will never become less restrictive. And if you can, promise me that the agreement will survive a bankruptcy proceeding or even a sale of the company.
You have no privacy guarantees, on the web or off. In fact, it's worse off the web - see this Red Rock Eater Digest analysis of the new medical privacy rules, and then consider going to Defend Your Privacy and filling out the petition there.
But don't worry. Your video rental records are secure.
The poster didn't give what I'd consider the best example. /usr/local /usr/local/www )
cdpath=(. $HOME
Now if I say
cd foo
It will look in the cdpath and take me to the first "foo" it finds in it.
WRT the person who asks about the danger of ** (also one of my favorite zsh features).
** behaves just like *. To trigger the recursion you do **/*, or **/*.c and so on. **/* will search the current directory too, which is slightly non-intutitive, but it's a wonderful feature.
I've been using zsh for at least 10 years now. And while other shells do have some of its features, none of them give me so much power with so few keystrokes.
You don't own the bits. That's RIAA's position, and that's the reason MP3.Com's MyMP3 service got sued. If you owned the bits, then it would have been perfectly legal.
The following is from a conversation I had with a RIAA rep:
Needless to say, I did not receive a response to my final email message. Of course with MyMP3 shutdown, I had to give up on that. Instead I ripped all my CDs myself and now anyone can listen to them via Live365. How this was a win for the record company, I have no idea. http://www.somewhere.com/radio.pls"
I certainly use Dilbert as a measure of a company. I knew the company I co-founded was in trouble when I started seeing Dilbert cartoons appear. And now that I'm working from home as a consultant, I use the number of Dilbert cartoons at client sites as an indicator of how much politics I'm going to have to deal with.
It's not that obvious of course, it depends on the person. To me programming and system architecture are an art. I spend a lot of time working with clients trying to find the right software architecture to match their organizational needs, or trying to match their security requirements to what their corporate culture will bear. From that standpoint, I don't regret my BA in Anthropology at all. College taught me how to learn, Anthropology (and Psych) taught me about cultures and personalities. And since software is typically designed for *people*, that background is very helpful.
I've known great CS majors (my wife has a masters in CS). But with one exception, the best programmers and architects I know were dropouts or majors in completely different fields (Nuclear Physics, Philosophy...).
The key to college is learning how the world works. If you can pick up skills on your own, then don't bother with CS. If you feel more comfortable with formal learning, then by all means take it--but don't focus on it exclusively.
When I've worked somewhere without enough desk space I usually end up with piles of paper on the floor. That said--I am neater when there is less flat space to put things, but there's a limit, and that office space crosses it.
My ideal office is the one I have. The kitchen's down the hall, the library is next door, and I can watch the kids playing in the back yard. All I need to do now is move the machines into the basement and just keep the monitors here so that I don't get quite so much noise.
First it was the record companies, shutting down MyMP3 because they claim that you've licensed the atoms, not the bits, and that making a copy of somebody else's CD is not the same as making a copy of the one you own.
And now Microsoft is playing the same game. Amazing.
What isn't viable is lots of multi-million dollar financed B2C companies. There's no reason you can't set up a small company with a small but loyal clientele and offer something the big guys offer. Maybe you add some local touch they don't. Maybe you actually use them as the back-end. Just don't expect to get rich.
Last I checked PayPal required the payer to have a PayPal account.
More critically, the extra layer loses accountability. Someone used PayPal to set up an account on a credit card number stolen from me. Then payed out the maximum (probably to themselves). Paypal refused to tell either me *or* my credit card company who was paid.
You should be able to get it from any Perl respository. It makes your Apache server treat directoryname.pls as a playlist, and returns a list of streaming mp3 links suitable for WinAmp or your favorite player. Not fancy, but works well.
How odd. If it's not X, it must be M$ware? Expand your world-view a bit. There have been many other, networked and non-networked, window systems for Unix machines. Sun had two. Apollo had one. SGI of course had graphics systems that could blow the doors off anything you see under X. There were dozens of others. With the exception of Sun's NEWS system, none of them had the performance constraint of handing off all the processing to a separate process via badly designed RPC. All the performance hacks to X (sound, video...) have required bypassing that protocol (and thus losing the remote capabilities). And, contrary to what another poster said, this has nothing to do with desktops. The question is whether X hurts Unix. And there is no question at all that it hurts peformance. The only thing X gives you that another remote-control mechanism wouldn't is the ability to run specific applications remote, and the ability to run multiple users remotely off a single machine. Those are useful in a client/server environment. They aren't useful on an end-user desktop.
That was exactly what I did after posting my note here. I wish I had some of the content that was sent instead of just the logs. In the future I'm going to start bouncing messages but collecting the headers and some of the body.
All that does is cause a lot of work for a lot of people who had nothing to do with the spam.
Sites like http://www.spamcop.com/, or http://www.spamwatcher.com/ (which I'm in the process of setting up now--don't expect much) will help you track the sender, and who to report the problem to. You want to complain to the ISP where the spam originated. You want to complain to the hosting provider of any URLs mentioned. You want to send a warning note to the relay, telling them that their mailer is misconfigured. The rest of the addresses should be ignored.
These headers are nearly always forged:
To: buddapest@LoadMail.com
From: auto65686@hushmail.com
Message-ID:
The key is to look at the received headers. They track the
message as it goes from one machine to the next. Most, but not
all, mail servers record the IP address of the sending machine,
and there is no way to forge that. So the goal is to find the
first real machine to receive the email, and see where it got the
mail from. That machine will typically either be one of yours,
or it will be some (idiot) machine which left its mail software
open for others to use as a relay. In the latter case, it's worth
notify the that company, as well as the originating ISP.
Here are the Received headers in order:
Received: from h11.mail.home.com ([24.0.95.45]) by mail.rdc2.pa.home.com (InterMail vM.4.01.03.00 201-229-121) with ESMTP id for (DELETED) Sat, 1 Jul 2000 06:46:51 -0700
Received: from mx11-rwc.mail.home.com (mx11-rwc.mail.home.com [24.0.95.29]) by h11.mail.home.com (8.9.3/8.9.0) with ESMTP id GAA25694 for (DELETED); Sat, 1 Jul 2000 06:46:51 -0700 (PDT)
Received: from mx04.netaddress.usa.net (mx04.netaddress.usa.net [204.68.24.141]) by mx11-rwc.mail.home.com (8.9.1/8.9.1) with SMTP id GAA20861 for (DELETED); Sat, 1 Jul 2000 06:46:50 -0700 (PDT)
Received: (qmail 4654 invoked by uid 0); 1 Jul 2000 13:46:00 -0000
Couldn't parse (qmail 4654 invoked by uid 0); 1 Jul 2000 13:46:00 -0000.
Received: from gsnonweb.com [194.90.101.35] by mx04 via mtad (34FM1.5.01) with ESMTP id 143egaNtx0454M04; Sat, 01 Jul 2000 13:45:58 GMT
Received: (apparently) from localhost ([216.8.12.174]) by gsnonweb.com with Microsoft SMTPSVC(5.5.1877.197.19); Sat, 1 Jul 2000 10:29:50 +0300
If we ignore the forgeable names, that makes a chain, and for
element in the chain we can look it up and make sure that the
chain makes sense.
From: 216.8.12.174 (la-ip-1-174.dynamic.ziplink.net)
To: gsnonweb.com (194.90.1.6)
From: 194.90.101.35 (gsnews.gsnonweb.com)
To: mx04 via mtad (34FM1.5.01) (Unknown)
From: 204.68.24.141 (mx04.netaddress.usa.net)
To: mx11-rwc.mail.home.com (24.0.95.29)
From: 24.0.95.29 (mx11-rwc.mail.home.com)
To: h11.mail.home.com (24.0.95.45)
From: 24.0.95.45 (h11.mail.home.com)
To: mail.rdc2.pa.home.com (24.12.106.196)
So the spammer probably sent from 216.8.12.174 (la-ip-1-174.dynamic.ziplink.net).
And gsnonweb.com (194.90.1.6) is probably a system with an open relay.
Here is information on the ISP that owns the domains in question.
Spammer: 216.8.12.174 (la-ip-1-174.dynamic.ziplink.net)
Ziplink Inc. (NETBLK-NET-ZIPLINK2)
900 Chelmsford St., Tower 1, 5th Floor
Lowell, MA 01851
US
Netname: NET-ZIPLINK2
Netblock: 216.8.0.0 - 216.8.63.255
Maintainer: ZIPL
Coordinator:
Clampitt, Dustin (DC35-ARIN) dclampitt@ZIPLINK.NET
978 551 8602 (FAX) 978 970 0358
Domain System inverse mapping provided by:
PICNIC.ZIPLINK.NET 206.15.168.65
TITANIC.ZIPLINK.NET 206.15.168.70
Record last updated on 16-Nov-1999.
Database last updated on 14-Jul-2000 18:30:27 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
Relay: gsnonweb.com (194.90.1.6)
inetnum: 194.90.0.0 - 194.90.6.255
netname: NVNET1
descr: NetVision Ltd.
descr: ISP
descr: Local Networks
country: IL
admin-c: NN105-RIPE
tech-c: NN105-RIPE
status: ASSIGNED PA
mnt-by: NV-MNT-RIPE
mnt-lower: NV-MNT-RIPE
changed: noc-team@netvision.net.il 19990413
source: RIPE
route: 194.90.0.0/16
descr: Netvision
descr: Omega Bldg.
descr: MATAM industrial park
descr: Haifa 31905
descr: Israel
origin: AS1680
advisory: AS690 1:1239 2:3561 3:6453
mnt-by: NV-MNT-RIPE
changed: noc-team@netvision.net.il 19990902
source: RIPE
role: Netvision NOC team
address: Omega Building
address: MATAM industrial park
address: Haifa 31905
address: Israel
phone: +972 48 560 600
fax-no: +972 48 551 132
e-mail: noc-team@netvision.net.il
trouble: Send abuse and spam reports to abuse@netvision.net.il
admin-c: YG-RIPE
admin-c: YS-RIPE
admin-c: NNT-RIPE
tech-c: YG-RIPE
tech-c: YS-RIPE
tech-c: NNT-RIPE
tech-c: WAN-RIPE
nic-hdl: NN105-RIPE
notify: noc-team@netvision.net.il
notify: hm-dbm-msgs@ripe.net
mnt-by: NV-MNT-RIPE
changed: noc-team@netvision.net.il 19990505
changed: noc-team@netvision.net.il 20000315
changed: noc-team@netvision.net.il 20000525
changed: noc-team@netvision.net.il 20000531
source: RIPE
I have mail logs of over 1000 postings from YesMail to email addresses @somewhere.com that never existed. So not only do they accept email addresses without verification, they don't clean their lists of bounces--every one of those messages bounced, yet they keep sending to them.
The real scam though, is that they are charging customers for mail sent to those addresses.
And of course, YesMail never responded to any of my complaints.
X as a remote connect protocol is handy, but only in a server environment. Unix as a desktop does not need it--there are plenty of other ways to do remote control on non-remote Window systems.
I agree, X should go. It should never have come. When it came out it set the entire Workstation graphics community back an entire processor generation, and graphics performance has never truly recovered.