A "man in the middle" attack server hits pages with captcha challenges. That server advertises a "free porn" website, presenting to its human audience the captchas it hit.
That's why your captchas should have your trademark and/or website URL somehow shown in it. It wouldn't stop the M-I-M attack, but you'd have a better chance of being notified that such was happening to your site, and you might be able to take the site down on a DMCA violation.
The captcha concept breaks down if the user can't see the image, either through the limitations of their browser (links) or the limitations of their eyes.
That's why you add an audio captcha interface. (i.e. a link to an audio file reading the captcha.) Craigslist has such. In fact, one time the captcha came up with the text being the same color as the background (it appeared blank) so I used the audio captcha to read it.
Even though I think their decision to charge $ in this way it a bad choice, it's not my threshold of blocking them (AOL). When AOL stops reading email sent to abuse@aol.com (which they occassionally have done), I'll be blocking them for that. Right now, I get _very_ little spam sourcing from AOL, so I haven't had to test that address recently. (It's currently not listed in the RFCi DNSbl.)
For what it's worth... I have a customer (of my support business) on Comcast connected to me via a VPN who I sometimes call on a SIP phone over that VPN connection, and I haven't had a problem yet. I have the phone codecs set to G723, which has a bandwidth of 6.3kbs (or 5.3kbs selectable).
Seriously. Just create a central database of "valid" mail servers. Require anyone that wants to run a mail server to pay $25/year, and go through a "verification" process that shows they aren't spammers, and that their servers are setup correctly.
Then you just go and do that... all the rest of us that think having such a central registry is silly will just continue to exchange email without being registered in your central server. When you bounce abuse report emails because we're not registered in your central server, we'll block you for not having a working abuse@ address.
And who would administer such a central registry? And how would we be sure that spammers wouldn't pay off the group controlling it or circumvent the procedures? (Because we all know the phishers don't have valid SSL certificates signed by a CA that's distributed with most browsers!)
Well...fuck off. You don't need to run your own mailserver. There's just no valid reason to do so.
Just because you can't think of a valid reason for someone to run their own mailserver doesn't mean that there isn't a valid reason... so fuck you too.
For the truly paranoid, remove all root certificates, and only after verifying the thumbprint proceed to install that cert into your cache.
In the mean time, just delete Geotrust's certificate from your browser. If the market makes their certificate authority worthless, then maybe they (and other companies watching the fallout from this) will get motivated to implement better procedures.
The BBC is now providing its content online for PC viewing. As long as there is a need for the BBC online (and there currently is), I believe a license fee (read "tax") should be payable on all computers wired up and capable of decoding and displaying BBC content at an acceptable quality. If you don't have the software though, or your computer is too slow, or it doesn't have a monitor, or your network connectivity is spotty, then I don't think you should have to pay anything.
The way computers work, compared to analog broadcast television, makes it very easy to specifically charge those who receive and view the content. If such was feasible when television came about, I suspect that Britain would have gone that direction instead of just taxing everyone who had a capable receiver.
Additionally, compared to an analog television receiving (a limited number of) on air signals (i.e. no cable), there is no other real use for having a television. That is not the same for a computer. There're many things to do with a computer without receiving any BBC content. Having a computer is almost necessary for life today.
It's seems pretty ridiculous to me to see Britain going that direction (of taxing every computer to subsidize the BBC), but I guess it's a natural progression of a big government tax that the public is accustomed to.
Maybe they need to go dump some TEAvees in a harbor.
As for me, I live across the big pond. My interests are in seeing that none of my money (tax or otherwise) goes to NPR, since I don't partake of any of their content.
The lot of us that hates spyware the most need to get a couple Class-Action lawsuits going against the adware/spam companies and the companies that benefit from them.
IANAL
If we(1) litigate by class action, then anyone who _would_ be part of the class would be prevented from bringing any action, themself. That's unless they specifically exclude themself from the class action before the action.
I prefer to just see multiple actions... death by a thousand paper cuts for the spyware pushers.
[...]where he stole PDP-10 time from a Seattle company (which went out of business), one of the Universities in Seattle (which kicked him and Paul Allen out when they found out about it), and even Harvard University.
I'm not questioning the validity of this statement in this post, but it would be great if someone would post some links to evidence supporting this allegation.
[...]although I would have preferred a court ruling that said patent law does not extend beyond the US border.
Patent law does not need to extend beyond the US border for this case to still be pertinent. The Canadian company that is making/selling the devices that allegedly infringe on the patents... is selling them INSIDE the US.
If RIM was allowed a pass on this because they're outside the US border, then every US company should be getting no sleep at night because of worrying about foreign companies that are allowed to sell their patent-infinging-products with impunity in the same market where a US company would not be able to.
If this was a matter where RIM was only selling in Canada, then your point would be valid for discussion.
I live in a dorm. It's a public place, and sometimes I leave my door open. What if I step out for a moment, and someone loads some child porn on my machine and runs away? Or what if my machine gets compromised and starts downloading such things in the background?
Hopefully you wouldn't go and burn those files to a CDR once you discovered they were there. Doing such would establish that you know/knew the content was there, and wished to preserve it.
Correct me if I'm wrong, but isn't there a provably secure, open cryptography-supported way to make sure elections are fair and allow anyone to investigate fraud? I don't have time to search for the URLs at the moment, but there were several methods developed even before the 2000 presidential election in the U.S.
Bruce Schneier described such a system in his book Applied Cryptography.
ISBN 0-471-59756-2 (1993 first ed. there're newer ones)
Firefox/Mozilla plus Adblock; add the filter "*.2o7.net/*"
While you're at it, ad:
*.doubleclick,net/*
*.advertising.com/*
*.atdmt.com/*
There're plenty more you can add too, but I always use the above as a good start on the machines I set up. The next step is having a firewall with iptables, and then blackholing networks that host the worst of the spyware pushers.
When the majority of the best and brightest in the country all lean towards a particular political philosophy, what should that tell you? (Hint: It's not that they were brainwashed and indoctrinated...)
Argumentum ad finitum
There's also a majority in this country (the USA; please adjust if you're not here) that believes in Christianty, but does that (itself) make it right? How about when a majority of people believed that the Sun orbitted the Earth? Or that the Earth was flat? When does the fact that any majority believes a certain way make the belief true and factual?
In addition, I question the notion that such are "the best and brightest". In my college education I met enough professors that were there because they weren't smart enough to cut it in the real world of business... where there is no tenure for your job if you're incompetent. As much as education pays (as a career), I sometimes wondered why some of them were there. Either they really believed in the furthering of knowledge, or it was a means to an end in indoctrinating others with their views. The professors I had the most respect for were that part time professors that taught in addition to working a real world job.
Along with everything else wrong with the ramp (regarding the idea of reclaiming "wasted" energy)... the energy derived from this contraption should be quantified in 'joules' per car, not 'watts' per car.
For those not familiar with the distinction, a 'watt' is a 'rate' of energy, and a 'joule' is an 'amount' of energy. To know the amount of 'watts' produced by this thing, you'd have to know how many cars were crossing it per unit time.
Like so many other tech articles, it appears that this one, too, was not written by an engineer. (For the record, IAAEE.)
There is software that can detect VoIP traffic and even identify the carrier. Telcos use this to *protect their networks*, but it can also be extended to protect their profits.
If such became common practice, a protocol and software arms race would ensue. Users and providers would modify their VoIP connections. (e.g. different or random ports, changing packet sizes, SSL or other encryptions) It would be like the evolution of P2P software: FTP --> Napster1 --> Gnutella (Fastrack, et al) --> something like FreeNet/Gnunet.
The ISPs adding latency to ALL traffic is the only end game I see. At the current cost of DRAM, it wouldn't be too hard.
I already run all the interoffice VoIP calls for my customers over the same VPN I have in place for their computer systems. Any ISP's network that cannot properly handle my customer's traffic will be replaced, any ISP that properly carries my traffic will continue to have a customer.
I think the long term free market effect of that is that only the phone company ISPs will be the ones to intentionally add latency, as they'd be the ones losing the most from VoIP. Everyone else (ISP wise) can only gain from VoIP.
Replace Bernoulli effect with another physics term (that escapes me right now) whereas one surface in motion drags along air with it. Maybe it was the skin effect.
And why is this relevent? Isn't there atmosphere inside all manned spacecraft?
Per experience working for a NASA subcontractor making (non-critical) instrumentation...
The pressure the craft is operated at is less than standard sea level air pressure. (I don't know how much less.) It was, though, so much less that the hard drives sent up (on the project I worked on) were failing due to the lack of air for the Bernoulli effect (the pnenomena that holds the heads up when the drive spins), along with not enough air for cooling. We moved to Flash memory, which had just come out at that time.
The heat from hard drives is another significant factor (from TFA).
Slashdot Mirror
That's why your captchas should have your trademark and/or website URL somehow shown in it. It wouldn't stop the M-I-M attack, but you'd have a better chance of being notified that such was happening to your site, and you might be able to take the site down on a DMCA violation.
That's why you add an audio captcha interface. (i.e. a link to an audio file reading the captcha.) Craigslist has such. In fact, one time the captcha came up with the text being the same color as the background (it appeared blank) so I used the audio captcha to read it.
Don't confuse OSS with FOSS. Most of the OSS is FOSS, but OSS is not necessarily FOSS.
Only when the "y" in it is capitalized. Last time I checked, it was lower case.
When I can DL the source for their client and compile it on my machine to run on my machine, I will.
I had a prototype, but the batteries in the receiver wouldn't last long enough.
Even though I think their decision to charge $ in this way it a bad choice, it's not my threshold of blocking them (AOL). When AOL stops reading email sent to abuse@aol.com (which they occassionally have done), I'll be blocking them for that. Right now, I get _very_ little spam sourcing from AOL, so I haven't had to test that address recently. (It's currently not listed in the RFCi DNSbl.)
Just one little data point.
FWIW, when I changed my default seach engine from Yahoo to Google, it was because some words out of a friend's mouth turned me on to Google.
Then you just go and do that... all the rest of us that think having such a central registry is silly will just continue to exchange email without being registered in your central server. When you bounce abuse report emails because we're not registered in your central server, we'll block you for not having a working abuse@ address.
And who would administer such a central registry? And how would we be sure that spammers wouldn't pay off the group controlling it or circumvent the procedures? (Because we all know the phishers don't have valid SSL certificates signed by a CA that's distributed with most browsers!)
Just because you can't think of a valid reason for someone to run their own mailserver doesn't mean that there isn't a valid reason... so fuck you too.
In the mean time, just delete Geotrust's certificate from your browser. If the market makes their certificate authority worthless, then maybe they (and other companies watching the fallout from this) will get motivated to implement better procedures.
The way computers work, compared to analog broadcast television, makes it very easy to specifically charge those who receive and view the content. If such was feasible when television came about, I suspect that Britain would have gone that direction instead of just taxing everyone who had a capable receiver.
Additionally, compared to an analog television receiving (a limited number of) on air signals (i.e. no cable), there is no other real use for having a television. That is not the same for a computer. There're many things to do with a computer without receiving any BBC content. Having a computer is almost necessary for life today.
It's seems pretty ridiculous to me to see Britain going that direction (of taxing every computer to subsidize the BBC), but I guess it's a natural progression of a big government tax that the public is accustomed to.
Maybe they need to go dump some TEAvees in a harbor.
As for me, I live across the big pond. My interests are in seeing that none of my money (tax or otherwise) goes to NPR, since I don't partake of any of their content.
IANAL
If we(1) litigate by class action, then anyone who _would_ be part of the class would be prevented from bringing any action, themself. That's unless they specifically exclude themself from the class action before the action.
I prefer to just see multiple actions... death by a thousand paper cuts for the spyware pushers.
(1) T.I.N.W.
I'm not questioning the validity of this statement in this post, but it would be great if someone would post some links to evidence supporting this allegation.
Patent law does not need to extend beyond the US border for this case to still be pertinent. The Canadian company that is making/selling the devices that allegedly infringe on the patents... is selling them INSIDE the US.
If RIM was allowed a pass on this because they're outside the US border, then every US company should be getting no sleep at night because of worrying about foreign companies that are allowed to sell their patent-infinging-products with impunity in the same market where a US company would not be able to.
If this was a matter where RIM was only selling in Canada, then your point would be valid for discussion.
Hopefully you wouldn't go and burn those files to a CDR once you discovered they were there. Doing such would establish that you know/knew the content was there, and wished to preserve it.
The link is to a story on CNN about actual naval pirates... the ones that jump on your cruise ship and you have to 'swash-buckle' them off.
It's a shame that our language has been diluted such that 'piracy' has become a synonym for 'copyright infringement'.
Bruce Schneier described such a system in his book Applied Cryptography.
ISBN 0-471-59756-2 (1993 first ed. there're newer ones)
Firefox/Mozilla plus Adblock; add the filter "*.2o7.net/*"
While you're at it, ad:
*.doubleclick,net/*
*.advertising.com/*
*.atdmt.com/*
There're plenty more you can add too, but I always use the above as a good start on the machines I set up. The next step is having a firewall with iptables, and then blackholing networks that host the worst of the spyware pushers.
Argumentum ad finitum
There's also a majority in this country (the USA; please adjust if you're not here) that believes in Christianty, but does that (itself) make it right? How about when a majority of people believed that the Sun orbitted the Earth? Or that the Earth was flat? When does the fact that any majority believes a certain way make the belief true and factual?
In addition, I question the notion that such are "the best and brightest". In my college education I met enough professors that were there because they weren't smart enough to cut it in the real world of business... where there is no tenure for your job if you're incompetent. As much as education pays (as a career), I sometimes wondered why some of them were there. Either they really believed in the furthering of knowledge, or it was a means to an end in indoctrinating others with their views. The professors I had the most respect for were that part time professors that taught in addition to working a real world job.
For those not familiar with the distinction, a 'watt' is a 'rate' of energy, and a 'joule' is an 'amount' of energy. To know the amount of 'watts' produced by this thing, you'd have to know how many cars were crossing it per unit time.
Like so many other tech articles, it appears that this one, too, was not written by an engineer. (For the record, IAAEE.)
*(I _am_ an EE.)
>http://www.engadget.com/entry/1234000373059415/
FTA:
[...] upping efficiency from 35% to at least 97% [...]
My BS detector started to go off. Something doesn't sound right here.
If such became common practice, a protocol and software arms race would ensue. Users and providers would modify their VoIP connections. (e.g. different or random ports, changing packet sizes, SSL or other encryptions) It would be like the evolution of P2P software: FTP --> Napster1 --> Gnutella (Fastrack, et al) --> something like FreeNet/Gnunet.
The ISPs adding latency to ALL traffic is the only end game I see. At the current cost of DRAM, it wouldn't be too hard.
I already run all the interoffice VoIP calls for my customers over the same VPN I have in place for their computer systems. Any ISP's network that cannot properly handle my customer's traffic will be replaced, any ISP that properly carries my traffic will continue to have a customer.
I think the long term free market effect of that is that only the phone company ISPs will be the ones to intentionally add latency, as they'd be the ones losing the most from VoIP. Everyone else (ISP wise) can only gain from VoIP.
Replace Bernoulli effect with another physics term (that escapes me right now) whereas one surface in motion drags along air with it. Maybe it was the skin effect.
Per experience working for a NASA subcontractor making (non-critical) instrumentation...
The pressure the craft is operated at is less than standard sea level air pressure. (I don't know how much less.) It was, though, so much less that the hard drives sent up (on the project I worked on) were failing due to the lack of air for the Bernoulli effect (the pnenomena that holds the heads up when the drive spins), along with not enough air for cooling. We moved to Flash memory, which had just come out at that time.
The heat from hard drives is another significant factor (from TFA).