$25K may be but a drop in the bucket, but it's money regardless. According to the article, the contribution was made just after the Oracle deal closed, and the official who accepted the contribution resigned. I'd say there's certainly a tie-in somewhere. If not, something stinks even worse.
I wrote the submission text. For the record, I'm a democrat. I have nothing against Gray Davis and I wasn't trying to make a subliminal political statement by mentioning the contribution. Payola is payola, no matter which party and no matter who the contributor.
Are you talking about RACSA? This RACSA? The RACSA that brings up more than 13,000 various spam sightings, complaints, and abuse reports in a Google search? Considering that most internet users have little clue on what to do with spam, and the percentage of clued folks actually posting to the news.admin.net-abuse* groups is extremely small, 13,000 is a big number.
Do you recognize the name Ralsky? There's less than 6000 Google hits for him. 13,000 is a big number.
RACSA has a spam problem. They need to fix it. Until they do, they're going to be running what amounts to a big LAN.
..if I decide to watch the ads, I can quit paying money to watch cable?
I was under the impression that the money I pay to my cable company - Time Warner, which is a Turner enterprise in its own right - is passed along to the cable content providers in licensing fees. I thought that my cable subscription fee was divvied up and sent piece by piece to Showtime, E!, the Comedy channel, etc. I guess perhaps I've been wrong all these years, and Turner is giving the programming to my (Turner) cable company? That Turner isn't making a penny off the fees I pay to my cable company? Ignoring, of course, the obvious Turner-Time Warner relationship.
I really don't get it. I pay for cable programming, it has commercials. My local TV stations are free, they have commercials. Guess which channels on which I'm more likely to mute/skip commercials? Damn right - the channels I pay for.
Most consumer grade DSL and Cable Acceptable Use Policies prohibit re-selling of the service.
Most DSL and cable companies wouldn't sell consumer service to a storefront location to begin with, though. Assuming the guy's cafe is going to be run from any sort of commercial property, he'll have to buy a commercial DSL line. Around here, both DSL (BellSouth) and cable (RoadRunner) offer "business class" service, which is more expensive but comes with fewer restrictions.
Shaun
Re:Where can I get a list of domains to block
on
XP, Phone Home
·
· Score: 2
There's a hosts file containing ~900 verified ad serving, cookie dropping, and spyware collection machines at http://winfosec.com/features/five/HOSTS.txt. sa.windows.com is now in the list as a privacy violator - I don't have annotations describing each host, but most of the hostnames are their own description.
Drop this file into %WINDIR% and you'll wipe out about half of all banner ads. Depending on your version of Windows, you may get better performance by replacing 127.0.0.1 with 0.0.0.0 in the hosts file.
You raise an excellent point here. I've often wondered (while putting bogus info into registration forms) how many people are naive enough to give their real information to everyone who asks. How many people sign up for Yahoo and actually give out their home address, phone number, income range, hobbies... And would they give out that same information to some random guy on the street? The net effect is about the same, but even after all the hyped-up news stories about how dangerous it supposedly is to give your information out online, I guess plenty of people still do it. Go figure.
I don't remember the last time I signed up for anything and put in a legitimate name or address. I'll use a fake email address too, if I can get away with it; i.e. sites which don't require a password, or let you proceed without confirming it via email. I find it hard to believe that anyone would give out their real information more than a time or two; especially with the number of places requesting it these days. Not only is it faster to type "Bob Doe" than your real name (assuming your real name isn't Bob Doe;) it just seems logical that they're asking for that information for a reason, regardless of what their privacy policy states.
Some time ago I realized that mildly bogus information will even work for online purchases. At most merchants, as long as the ZIP code checks out, you can use any name and address you like. I typically use the address of a former workplace which has been out of business since 1999. I've never had any problem. Obviously this method won't work if you need to have something shipped to you, but it works fine for online subscriptions.
>It seems the companies didn't like having a middleman between them and the consumers
Gee, who'd have guessed. Microsoft, the company who's trying to incorporate every possible end-user application into their OS (thus killing the middleware, shareware, and even some commercial software industries) didn't see this coming? They couldn't imagine that other companies might have the same interests in mind? Aside from the obvious consumer objections, it should have been obvious to Microsoft from the get-go that other companies aren't going to trust them to keep track of userdata.
CBDTPA universally rejected and Hailstorm bites the dust. I have to say, today was a good day.
The htaccess directives in this example will eliminate the noise from your error_logs. They'll also redirect inbound Nimda or CodeRed requests to Microsoft. Not that Nimda or CodeRed grok the 302 Found replies, but it's nice to dream of giving M$ a taste of their own medicine:)
(I tried to post the directives here, but the lameness filter wouldn't let it through.)
This is probably exactly what happened. King Mongo doesn't mention whether or not the email address used in the registration (myuniq_id@themail.com) is his, but I tend to doubt it, since he seems to have other domains and wouldn't need a freebie mail account.
Sounds like someone just registered the domain to him for no good reason - most of mine are or were registered to fictitious addresses, it's easy enough to do. The record was updated in December; perhaps since the poster is listed as the owner, Verisign would be willing to give him information regarding the history of the domain. The state of the record prior to December might bear some information regarding who actually registered it.
In any case, I have my doubts that Verisign was behind this. Most likely it was some sort of prank, or maybe an undelivered gift?
I've managed to convince a few otherwise stubborn people that spyware, malware, and god-knows-what-it's-installing-ware are bad things. After trying several approaches, I found there's one argument that always seems to work: tell them that these sort of junk addons could delete their MP3 collection. The average KaZaA user, as you pointed out, doesn't care much (if all) about the privacy and security implications of clicking through the EULA. What they do care about is their MP3s, and you can use that thought to get them concerned about spyware. Think of it as reverse-psychology FUD; applying facts to a topic that's bound to scare them into paying attention.
To a lot of people, music trading is a compulsion, much like some people "collect" porn or warez. (The comment about kids skipping class to download more is a fairly sad indication of this.) It's not so much about using the stuff, as it is about having the stuff; the bigger the collection the better, etc. Compare someone who's really into MP3 swapping with someone who's really into warez. Chances are, you'll find that they have a large collection, the majority of which they never use personally, and some of which they probably don't even like but have saved to enlarge the packrat's nest. You'll probably also find that they're outright frightened by the thought of losing any of it, even the stuff they don't use. It's a hoarding mentality, regardless of whether it's warez, porn, music, or whatever.
With that knowledge you can make a pretty convincing argument, even to the most computer-ignorant people, about the possible repercussions of disregarding EULAs and letting the installer do whatever it wants. Toss around the idea that the spyware du jour might be a program written by record companies to delete all MP3s on the hard drive. Suggest that hidden background apps might be making lists of MP3 files and sending them to a record company's lawyer. These things are technically possible - and if this Altnet turdlet has been lying dormant and undiscovered in Kazaa for a few months, who knows what else is waiting? Maybe some innocently named function call in an installer-dropped DLL isn't doing what its name would suggest.
Don't get too technical (most people get lost if you say "RIAA" instead of "record company," for instance) but be sure to plant the idea that recklessly installing software could wipe out their music collection, or their porn collection, or [insert whatever data is most valuable to them]. You'll get their attention pretty quickly.
What it does is bad enough, but what it's called is even worse. I think some of these dot com companies might do a little better if they didn't spend all the VC money on crack for the marketing department..:)
>They post stories against subscriptions and big ugly banner ads, and >look at what they do. They post about the MPAA being terrible, and then >they post stories about DVDs for star trek, star wars, tron, etc. They >post microsoft ads. They scream out against the anti-unix ads when half >their site is dedicated to discrediting microsoft. And yes, they have >ads from doubleclick after all their privacy issues
That's called being impartial. Take a look around at the world of media today - print, broadcast, or online. You won't find many magazines, TV shows, or websites willing to publish stories which go against the grain of their advertisers. Macworld will never publish an article that gives an Adobe product a one-mouse rating. MSNBC will never run an interview with Linus; even their "Silicon Summit" specials reek of prefabrication. Slashdot on the other hand has maintained at least a modicum of integrity.
Microsoft might be paying OSDN good money to run MS ads, but Slashdot isn't backing down and taking a soft stance on MS issues. Entertainment conglomerates might pay for ad space, and there are a lot of free plugs for entertainment here too (especially anime and SF) but Slashdot will still post the dirt on MPAA/RIAA/etc. And even while taking DoubleClick's money, they'll go live with stories about DoubleClick, which certainly doesn't have a good reputation among the readership; stories which are sure to draw numerous negative comments.
>I wish slashdot would a.) quit being bias
See above. I won't disagree that Slashdot is biased, but the examples you gave don't really prove it.
>and become a real news company
Real news companies make Slashdot's bias look like the center of the road.
>but im wondering, has anyone else done work on this or heard of work like this?
I wrote one a few weeks ago that catches FormMail probes and mails a warning message to the person who's probing. Since putting the script in place across several domains, I've seen a significant decrease in repeat offenders. I used to get scanned by the same people day in and day out (i.e. the recipient value in the GET requests was the same), and I had a few who'd scan me weekly. Not anymore.
FWIW, the script is here. It's written in PHP, so you'll have to either redirect requests for formmail.pl to the PHP version, or use a CGI wrapper (hence the shebang line at the top of a PHP script:)
I also like the idea of a FormMail honeypot. Basically such a script would accept and deliver the first message received from any IP address; this would be the test message indicating that the probe was successful, so you'd want to make sure it was actually sent. Subsequent accesses to the script from the same/8 over the next 24 hours would generate log entries but not actually send mail, the spammer would be spamming into a black hole, [complete the honeypot analogy here]. I'd do it myself but I don't care for the idea of someone hammering me with thousands and thousands of requests. I'd love to know if someone else sets something like this up, though.
>Does anyone have a clue how the Record Companies were planning to accurately >count listeners?
Probably by purchasing legislation which mandates that every personal computer in the free world can run only hardware and software designed/purchased/approved by the record cartels. With that amount of control, figuring out how many people are listening to which internet radio station doesn't seem such a daunting task...
>I find it hard to believe that Cox believes that he's going to be arrested >in the US for posting security fixes
And I don't think Dmitry Sklyarov believed he would be arrested in the US for writing software which ought to be under the "Accessibility" option in a Windows install.
>He's not saying "Screw you, DOJ" he's saying "WTF, do you think we're gods?"
One time long ago, in a land far away, there was no Windows. Microsoft built Windows from the ground up (DOS base and lifted "look-and-feel" arguments aside, please; I'm talking about the code that drives the OS). It was Microsoft talent, Microsoft employees, and Microsoft dollars that built Windows. Now they want to jump in and claim that IE can't possibly be removed without breaking Windows, that they couldn't continue development even if such a move were possible, and that it's not possible anyway. Because Microsoft are not gods.
I say bullshit. No, Microsoft are not gods, they're humans; but what so many people (especially politicians) fail to see is that Windows is a human creation, not a godly one. I don't know of anything mankind has done once which it cannot collectively do again. Microsoft built Windows once with far less industry power, far fewer programmers inhouse, and far less money than they have today. Why couldn't they recreate it, from scratch if need be, without the need for embedded IE (perhaps they could fix a few bugs while they're at it)?
You give some good ideas. Here are some slightly cheaper ones, for the rest of us... Those of us who'd rather spend the $500 on beer than incorporation;)
1. Change your phone number, today, right now. Call the phone company and request an unlisted and unpublished number. (There's a difference between unlisted and unpublished, and unless you request both, you may very well get fucked.) BellSouth charges $3/month to maintain an unlisted/unpublished number, YMMV.
2. Rent either a P.O. Box or a PMB (private mailbox at an authorized mail agent, like Mailboxes Etc.). Use this address for everything you can get away with. Hint: the only things you can't get away with are a) the utility bill, b) the phone bill, and c) the cable bill, if applicable. Yes, even your bank and the IRS will send stuff to a private mailbox!
3. If you're really freaking paranoid, move, then repeat steps 1 and 2.
4. Get caller ID. Do NOT, under ANY circumstances, answer the telephone unless you know who's calling. Do NOT, under ANY circumstances, hook up an answering machine to your phone line. Period. People you know or care about should get your cell/pager number, not your home number. Once a single telemarketing firm verifies your home number as both active and "live" (i.e. something answers) you can kiss your privacy goodbye. It's better to let it ring than to answer it.
5. Never answer the door unless you're expecting company. Even manual marketers share information. If you really stick to this principle, you may not even have to participate in the census! The poor census volunteer for my area actually had to stake me out to catch me leaving my place in order to get me to reply to the basic census questions. No, I'm not kidding.
6. Give legitimate but bogus information to anyone who requires personal info. That is, the information should check out, but it shouldn't be something that can be used to annoy you or track you down. Someone wants your address? Give them your P.O. Box or PMB. Someone wants your phone number? Give them the local dating line, or the number of your previous employer. The key is to pick information that matches your locale, and perhaps even your identity, but can't be hooked to your physical location. Hint: when subscribing for things online, all that really needs to match is the ZIP code. Pick any valid address in your ZIP code and the purchase will typically be approved.
I've been at my current place for 2 1/2 years. I get maybe 1 or 2 unidentifiable calls per week (either wrong number or out of area type calls). Someone might knock on my door once a month. And as best as I can remember, I haven't gotten a single piece of postal mail addressed to me personally that wasn't a bill. That's right, not a single piece of postal spam since I moved here. Why? Because I'm careful. The only people who know my landline phone number and postal address are the same people I trust with my life. Not fucking many.
Guard your privacy as if it were your most valuable asset. It might take some effort on the front end, but once you get used to the routines (not answering the phone, not answering the door, etc) you'll save yourself from the satanic world of marketing.
A. If you do not wish to accept the revised Privacy Policy once it is effective (May 15, 2001), you may cancel your eBay registration by emailing decline@ebay.com. [...]
No idea whether or not this works, the info eBay has on file for me is already in the hands of every marketdroid on the planet so I'll be keeping my account alive.
Check out Rokso. This site maintains a database of well known spammers, as well as spam samples, MO's, partners in spam and, yes, personal info for many of the spammers.
Try going to SPEWS and searching on the IP addresses of any SMTP relays used in the mail. If you find a hit, view the evidence file. It will usually contain information about the sender of the spam, their ISP, and related domains.
Subscribe to news.admin.net-abuse.email via your news provider of choice, or search the archives at groups.google.com. If you type in some particulars about the spam - for example the domain being advertised, or maybe the email address listed on the whois for that domain - Google will usually bring up some pertinent matches from NANAE. When it's a new spam run, or a new spammer, remember that Google's archive is usually at least 12 hours behind.
If you don't find anything, or even if you do find something and you're in a sharing mood, post the spam you get to news.admin.net-abuse.sightings and if you've done any research into the spammer, include it at the top of your post.
I've occasionally replied to spam posing as a potential customer, usually when I want to know who's really behind a particular spam. I don't hear back from humans very often, either. I doubt it's that the spammer (or his client) doesn't want our "business." In most cases I think it can probably be explained by one of the following,
a) Spammer sent spam, checked for replies for awhile, then abandoned that dropbox for a fresh one. By the time I replied to his spam, he was no longer checking on that box.
b) Spammer sent spam, and because everything under the sun was in tune, someone with a clue was reading abuse@ and nuked his dropbox.
c) Spammer sent spam, got mailbombed with thousands of junk letters and didn't bother to clean the dropbox out. Both Hotmail and Yahoo - from my experience, anyway - will spool new messages for you even when you exceed your storage quota. Those messages won't show in your inbox until you delete some of the existing drek, but they don't bounce either; we could be sending order inquiries to a "full" dropbox that's never cleared.
Of course, we can always dream about
d) Spammer sent spam, was visited by a few guys with baseball bats, and was rendered physically unable to reply to our solicitations!
>What I don't understand is why it is better to let them THINK >it is getting through than it is to let them realize that it >is not.
Because if they think the spam is getting through, the spammer ends up wasting a whole lot of time sending spams which don't get delivered. If they realize they've got a honeypot, they move to another relay and start sending spams which do get delivered. Clearly it's better to have a spammer sending mail to nowhere than sending it to everywhere, but no spammer's going to intentionally send mail to nowhere. That's where the trickery comes in.
The idea is to occupy time and/or resources that the spammer would otherwise be using to pollute the net. The stats on the Russian honeypot show that they trapped a spam run which lasted four full days and totalled more than a million recipients. This adds up to quite a bit of wasted spamming time, and quite a lot of spam messages that would have otherwise been delivered.
I think it's an attempt at subtle humor. Remember when the Microsoft licensing contractor in Reno received a letter from overseas that tested positive for anthrax? I could swear the McWhortle building is either that Microsoft contractor's building, or the American Media building. It's definitely been in the news because I recognize the picture. That the "company's" headquarters is a building that was caught up in the anthrax scare strikes me as one of those red flags the SEC is trying to raise.
I dug around on both CNN and MSNBC and - oddly enough - the photos of the buildings have disappeared from most of the AMI articles and all of the Microsoft articles. (Even more interesting, an MSNBC search for "Microsoft Reno Anthrax" yields no appropriate results...)
If anyone has shots of the buildings I mentioned, I'd be interested in knowing whether or not McWhortle's is a match.
Looking at the big picture, I think I'd rather have the option to pay $5/month than pay $30/month.
After using Redhat linux for a couple of years, I decided to buy the upgrade to 7.0 last summer instead of just downloading it. For one thing it was simpler to get the CDs in the mail than to figure out what to download and roll my own. I also felt good supporting a company that's treated me well (RHAT +150.00 in two weeks...) in the past. But I never did activate my support, because it was only good for X number of days and after that I'd have to pay almost as much monthly as I'd paid for the bundle. I decided to save my code until I absolutely needed the support.
I'd feel more comfortable activating my support today, knowing that I'd only have to pay $5/month upkeep for a bit less service, than I'd have felt activating the support when I got the 7.0 CDs. I've always been in favor of choices, end-user empowerment, the idea that the person using software should be able to make the decisions. In that light I think Redhat has made a good move here. The more expensive option is still available to those who can afford it and would like the "VIP" treatment, but the cheaper option probably appeals to more people.
Remember that Redhat is a corporation, and needs to make money. I'm willing to bet that there are at least six times as many people willing to pay $5/month as there are people who are willing to pay $30/month. Offering the lower grade of RH Network will likely be a profitable decision as well as one that pleases consumers. Maybe I'll buy stock again;)
Of course, I still ain't subscribing to the support unless I really need it! But when that day comes I'll be much happier that there's a less expensive option.
Slashdot Mirror
$25K may be but a drop in the bucket, but it's money regardless. According to the article, the contribution was made just after the Oracle deal closed, and the official who accepted the contribution resigned. I'd say there's certainly a tie-in somewhere. If not, something stinks even worse.
I wrote the submission text. For the record, I'm a democrat. I have nothing against Gray Davis and I wasn't trying to make a subliminal political statement by mentioning the contribution. Payola is payola, no matter which party and no matter who the contributor.
Shaun
Are you talking about RACSA? This RACSA? The RACSA that brings up more than 13,000 various spam sightings, complaints, and abuse reports in a Google search? Considering that most internet users have little clue on what to do with spam, and the percentage of clued folks actually posting to the news.admin.net-abuse* groups is extremely small, 13,000 is a big number.
Do you recognize the name Ralsky? There's less than 6000 Google hits for him. 13,000 is a big number.
RACSA has a spam problem. They need to fix it. Until they do, they're going to be running what amounts to a big LAN.
Shaun
..if I decide to watch the ads, I can quit paying money to watch cable?
I was under the impression that the money I pay to my cable company - Time Warner, which is a Turner enterprise in its own right - is passed along to the cable content providers in licensing fees. I thought that my cable subscription fee was divvied up and sent piece by piece to Showtime, E!, the Comedy channel, etc. I guess perhaps I've been wrong all these years, and Turner is giving the programming to my (Turner) cable company? That Turner isn't making a penny off the fees I pay to my cable company? Ignoring, of course, the obvious Turner-Time Warner relationship.
I really don't get it. I pay for cable programming, it has commercials. My local TV stations are free, they have commercials. Guess which channels on which I'm more likely to mute/skip commercials? Damn right - the channels I pay for.
Shaun
Shaun
There's a hosts file containing ~900 verified ad serving, cookie dropping, and spyware collection machines at http://winfosec.com/features/five/HOSTS.txt. sa.windows.com is now in the list as a privacy violator - I don't have annotations describing each host, but most of the hostnames are their own description.
Drop this file into %WINDIR% and you'll wipe out about half of all banner ads. Depending on your version of Windows, you may get better performance by replacing 127.0.0.1 with 0.0.0.0 in the hosts file.
Shaun
You raise an excellent point here. I've often wondered (while putting bogus info into registration forms) how many people are naive enough to give their real information to everyone who asks. How many people sign up for Yahoo and actually give out their home address, phone number, income range, hobbies... And would they give out that same information to some random guy on the street? The net effect is about the same, but even after all the hyped-up news stories about how dangerous it supposedly is to give your information out online, I guess plenty of people still do it. Go figure.
;) it just seems logical that they're asking for that information for a reason, regardless of what their privacy policy states.
I don't remember the last time I signed up for anything and put in a legitimate name or address. I'll use a fake email address too, if I can get away with it; i.e. sites which don't require a password, or let you proceed without confirming it via email. I find it hard to believe that anyone would give out their real information more than a time or two; especially with the number of places requesting it these days. Not only is it faster to type "Bob Doe" than your real name (assuming your real name isn't Bob Doe
Some time ago I realized that mildly bogus information will even work for online purchases. At most merchants, as long as the ZIP code checks out, you can use any name and address you like. I typically use the address of a former workplace which has been out of business since 1999. I've never had any problem. Obviously this method won't work if you need to have something shipped to you, but it works fine for online subscriptions.
Shaun
>It seems the companies didn't like having a middleman between them and the consumers
Gee, who'd have guessed. Microsoft, the company who's trying to incorporate every possible end-user application into their OS (thus killing the middleware, shareware, and even some commercial software industries) didn't see this coming? They couldn't imagine that other companies might have the same interests in mind? Aside from the obvious consumer objections, it should have been obvious to Microsoft from the get-go that other companies aren't going to trust them to keep track of userdata.
CBDTPA universally rejected and Hailstorm bites the dust. I have to say, today was a good day.
-s
The htaccess directives in this example will eliminate the noise from your error_logs. They'll also redirect inbound Nimda or CodeRed requests to Microsoft. Not that Nimda or CodeRed grok the 302 Found replies, but it's nice to dream of giving M$ a taste of their own medicine :)
(I tried to post the directives here, but the lameness filter wouldn't let it through.)
-s
This is probably exactly what happened. King Mongo doesn't mention whether or not the email address used in the registration (myuniq_id@themail.com) is his, but I tend to doubt it, since he seems to have other domains and wouldn't need a freebie mail account.
Sounds like someone just registered the domain to him for no good reason - most of mine are or were registered to fictitious addresses, it's easy enough to do. The record was updated in December; perhaps since the poster is listed as the owner, Verisign would be willing to give him information regarding the history of the domain. The state of the record prior to December might bear some information regarding who actually registered it.
In any case, I have my doubts that Verisign was behind this. Most likely it was some sort of prank, or maybe an undelivered gift?
Shaun
I've managed to convince a few otherwise stubborn people that spyware, malware, and god-knows-what-it's-installing-ware are bad things. After trying several approaches, I found there's one argument that always seems to work: tell them that these sort of junk addons could delete their MP3 collection. The average KaZaA user, as you pointed out, doesn't care much (if all) about the privacy and security implications of clicking through the EULA. What they do care about is their MP3s, and you can use that thought to get them concerned about spyware. Think of it as reverse-psychology FUD; applying facts to a topic that's bound to scare them into paying attention.
To a lot of people, music trading is a compulsion, much like some people "collect" porn or warez. (The comment about kids skipping class to download more is a fairly sad indication of this.) It's not so much about using the stuff, as it is about having the stuff; the bigger the collection the better, etc. Compare someone who's really into MP3 swapping with someone who's really into warez. Chances are, you'll find that they have a large collection, the majority of which they never use personally, and some of which they probably don't even like but have saved to enlarge the packrat's nest. You'll probably also find that they're outright frightened by the thought of losing any of it, even the stuff they don't use. It's a hoarding mentality, regardless of whether it's warez, porn, music, or whatever.
With that knowledge you can make a pretty convincing argument, even to the most computer-ignorant people, about the possible repercussions of disregarding EULAs and letting the installer do whatever it wants. Toss around the idea that the spyware du jour might be a program written by record companies to delete all MP3s on the hard drive. Suggest that hidden background apps might be making lists of MP3 files and sending them to a record company's lawyer. These things are technically possible - and if this Altnet turdlet has been lying dormant and undiscovered in Kazaa for a few months, who knows what else is waiting? Maybe some innocently named function call in an installer-dropped DLL isn't doing what its name would suggest.
Don't get too technical (most people get lost if you say "RIAA" instead of "record company," for instance) but be sure to plant the idea that recklessly installing software could wipe out their music collection, or their porn collection, or [insert whatever data is most valuable to them]. You'll get their attention pretty quickly.
Shaun
What it does is bad enough, but what it's called is even worse. I think some of these dot com companies might do a little better if they didn't spend all the VC money on crack for the marketing department.. :)
-s
>They post stories against subscriptions and big ugly banner ads, and
>look at what they do. They post about the MPAA being terrible, and then
>they post stories about DVDs for star trek, star wars, tron, etc. They
>post microsoft ads. They scream out against the anti-unix ads when half
>their site is dedicated to discrediting microsoft. And yes, they have
>ads from doubleclick after all their privacy issues
That's called being impartial. Take a look around at the world of media today - print, broadcast, or online. You won't find many magazines, TV shows, or websites willing to publish stories which go against the grain of their advertisers. Macworld will never publish an article that gives an Adobe product a one-mouse rating. MSNBC will never run an interview with Linus; even their "Silicon Summit" specials reek of prefabrication. Slashdot on the other hand has maintained at least a modicum of integrity.
Microsoft might be paying OSDN good money to run MS ads, but Slashdot isn't backing down and taking a soft stance on MS issues. Entertainment conglomerates might pay for ad space, and there are a lot of free plugs for entertainment here too (especially anime and SF) but Slashdot will still post the dirt on MPAA/RIAA/etc. And even while taking DoubleClick's money, they'll go live with stories about DoubleClick, which certainly doesn't have a good reputation among the readership; stories which are sure to draw numerous negative comments.
>I wish slashdot would a.) quit being bias
See above. I won't disagree that Slashdot is biased, but the examples you gave don't really prove it.
>and become a real news company
Real news companies make Slashdot's bias look like the center of the road.
Shaun
>but im wondering, has anyone else done work on this or heard of work like this?
:)
/8 over the next 24 hours would generate log entries but not actually send mail, the spammer would be spamming into a black hole, [complete the honeypot analogy here]. I'd do it myself but I don't care for the idea of someone hammering me with thousands and thousands of requests. I'd love to know if someone else sets something like this up, though.
I wrote one a few weeks ago that catches FormMail probes and mails a warning message to the person who's probing. Since putting the script in place across several domains, I've seen a significant decrease in repeat offenders. I used to get scanned by the same people day in and day out (i.e. the recipient value in the GET requests was the same), and I had a few who'd scan me weekly. Not anymore.
FWIW, the script is here. It's written in PHP, so you'll have to either redirect requests for formmail.pl to the PHP version, or use a CGI wrapper (hence the shebang line at the top of a PHP script
I also like the idea of a FormMail honeypot. Basically such a script would accept and deliver the first message received from any IP address; this would be the test message indicating that the probe was successful, so you'd want to make sure it was actually sent. Subsequent accesses to the script from the same
Shaun
>Does anyone have a clue how the Record Companies were planning to accurately
>count listeners?
Probably by purchasing legislation which mandates that every personal computer in the free world can run only hardware and software designed/purchased/approved by the record cartels. With that amount of control, figuring out how many people are listening to which internet radio station doesn't seem such a daunting task...
Shaun
>I find it hard to believe that Cox believes that he's going to be arrested
>in the US for posting security fixes
And I don't think Dmitry Sklyarov believed he would be arrested in the US for writing software which ought to be under the "Accessibility" option in a Windows install.
Shaun
>He's not saying "Screw you, DOJ" he's saying "WTF, do you think we're gods?"
One time long ago, in a land far away, there was no Windows. Microsoft built Windows from the ground up (DOS base and lifted "look-and-feel" arguments aside, please; I'm talking about the code that drives the OS). It was Microsoft talent, Microsoft employees, and Microsoft dollars that built Windows. Now they want to jump in and claim that IE can't possibly be removed without breaking Windows, that they couldn't continue development even if such a move were possible, and that it's not possible anyway. Because Microsoft are not gods.
I say bullshit. No, Microsoft are not gods, they're humans; but what so many people (especially politicians) fail to see is that Windows is a human creation, not a godly one. I don't know of anything mankind has done once which it cannot collectively do again. Microsoft built Windows once with far less industry power, far fewer programmers inhouse, and far less money than they have today. Why couldn't they recreate it, from scratch if need be, without the need for embedded IE (perhaps they could fix a few bugs while they're at it)?
Shaun
>To sum up: Do the facts even matter? PANIC!
A perfect candidate for "New Slashdot Motto" if I ever saw one!
-s
You give some good ideas. Here are some slightly cheaper ones, for the rest of us... Those of us who'd rather spend the $500 on beer than incorporation ;)
1. Change your phone number, today, right now. Call the phone company and request an unlisted and unpublished number. (There's a difference between unlisted and unpublished, and unless you request both, you may very well get fucked.) BellSouth charges $3/month to maintain an unlisted/unpublished number, YMMV.
2. Rent either a P.O. Box or a PMB (private mailbox at an authorized mail agent, like Mailboxes Etc.). Use this address for everything you can get away with. Hint: the only things you can't get away with are a) the utility bill, b) the phone bill, and c) the cable bill, if applicable. Yes, even your bank and the IRS will send stuff to a private mailbox!
3. If you're really freaking paranoid, move, then repeat steps 1 and 2.
4. Get caller ID. Do NOT, under ANY circumstances, answer the telephone unless you know who's calling. Do NOT, under ANY circumstances, hook up an answering machine to your phone line. Period. People you know or care about should get your cell/pager number, not your home number. Once a single telemarketing firm verifies your home number as both active and "live" (i.e. something answers) you can kiss your privacy goodbye. It's better to let it ring than to answer it.
5. Never answer the door unless you're expecting company. Even manual marketers share information. If you really stick to this principle, you may not even have to participate in the census! The poor census volunteer for my area actually had to stake me out to catch me leaving my place in order to get me to reply to the basic census questions. No, I'm not kidding.
6. Give legitimate but bogus information to anyone who requires personal info. That is, the information should check out, but it shouldn't be something that can be used to annoy you or track you down. Someone wants your address? Give them your P.O. Box or PMB. Someone wants your phone number? Give them the local dating line, or the number of your previous employer. The key is to pick information that matches your locale, and perhaps even your identity, but can't be hooked to your physical location. Hint: when subscribing for things online, all that really needs to match is the ZIP code. Pick any valid address in your ZIP code and the purchase will typically be approved.
I've been at my current place for 2 1/2 years. I get maybe 1 or 2 unidentifiable calls per week (either wrong number or out of area type calls). Someone might knock on my door once a month. And as best as I can remember, I haven't gotten a single piece of postal mail addressed to me personally that wasn't a bill. That's right, not a single piece of postal spam since I moved here. Why? Because I'm careful. The only people who know my landline phone number and postal address are the same people I trust with my life. Not fucking many.
Guard your privacy as if it were your most valuable asset. It might take some effort on the front end, but once you get used to the routines (not answering the phone, not answering the door, etc) you'll save yourself from the satanic world of marketing.
Shaun
Q. What do I do now?
A. If you do not wish to accept the revised Privacy Policy once it is effective (May 15, 2001), you may cancel your eBay registration by emailing decline@ebay.com. [...]
No idea whether or not this works, the info eBay has on file for me is already in the hands of every marketdroid on the planet so I'll be keeping my account alive.
Shaun
>Why didn't they do anything else interesting.
They were going to, but they forgot. If only the early Alzheimer's detection had been available a generation sooner...
Shaun
Check out Rokso. This site maintains a database of well known spammers, as well as spam samples, MO's, partners in spam and, yes, personal info for many of the spammers.
Try going to SPEWS and searching on the IP addresses of any SMTP relays used in the mail. If you find a hit, view the evidence file. It will usually contain information about the sender of the spam, their ISP, and related domains.
Subscribe to news.admin.net-abuse.email via your news provider of choice, or search the archives at groups.google.com. If you type in some particulars about the spam - for example the domain being advertised, or maybe the email address listed on the whois for that domain - Google will usually bring up some pertinent matches from NANAE. When it's a new spam run, or a new spammer, remember that Google's archive is usually at least 12 hours behind.
If you don't find anything, or even if you do find something and you're in a sharing mood, post the spam you get to news.admin.net-abuse.sightings and if you've done any research into the spammer, include it at the top of your post.
Shaun
I've occasionally replied to spam posing as a potential customer, usually when I want to know who's really behind a particular spam. I don't hear back from humans very often, either. I doubt it's that the spammer (or his client) doesn't want our "business." In most cases I think it can probably be explained by one of the following,
a) Spammer sent spam, checked for replies for awhile, then abandoned that dropbox for a fresh one. By the time I replied to his spam, he was no longer checking on that box.
b) Spammer sent spam, and because everything under the sun was in tune, someone with a clue was reading abuse@ and nuked his dropbox.
c) Spammer sent spam, got mailbombed with thousands of junk letters and didn't bother to clean the dropbox out. Both Hotmail and Yahoo - from my experience, anyway - will spool new messages for you even when you exceed your storage quota. Those messages won't show in your inbox until you delete some of the existing drek, but they don't bounce either; we could be sending order inquiries to a "full" dropbox that's never cleared.
Of course, we can always dream about
d) Spammer sent spam, was visited by a few guys with baseball bats, and was rendered physically unable to reply to our solicitations!
Shaun
>What I don't understand is why it is better to let them THINK
>it is getting through than it is to let them realize that it
>is not.
Because if they think the spam is getting through, the spammer ends up wasting a whole lot of time sending spams which don't get delivered. If they realize they've got a honeypot, they move to another relay and start sending spams which do get delivered. Clearly it's better to have a spammer sending mail to nowhere than sending it to everywhere, but no spammer's going to intentionally send mail to nowhere. That's where the trickery comes in.
The idea is to occupy time and/or resources that the spammer would otherwise be using to pollute the net. The stats on the Russian honeypot show that they trapped a spam run which lasted four full days and totalled more than a million recipients. This adds up to quite a bit of wasted spamming time, and quite a lot of spam messages that would have otherwise been delivered.
Shaun
>I wonder which building is pictured, anyways
I think it's an attempt at subtle humor. Remember when the Microsoft licensing contractor in Reno received a letter from overseas that tested positive for anthrax? I could swear the McWhortle building is either that Microsoft contractor's building, or the American Media building. It's definitely been in the news because I recognize the picture. That the "company's" headquarters is a building that was caught up in the anthrax scare strikes me as one of those red flags the SEC is trying to raise.
I dug around on both CNN and MSNBC and - oddly enough - the photos of the buildings have disappeared from most of the AMI articles and all of the Microsoft articles. (Even more interesting, an MSNBC search for "Microsoft Reno Anthrax" yields no appropriate results...)
If anyone has shots of the buildings I mentioned, I'd be interested in knowing whether or not McWhortle's is a match.
Shaun
Looking at the big picture, I think I'd rather have the option to pay $5/month than pay $30/month.
;)
After using Redhat linux for a couple of years, I decided to buy the upgrade to 7.0 last summer instead of just downloading it. For one thing it was simpler to get the CDs in the mail than to figure out what to download and roll my own. I also felt good supporting a company that's treated me well (RHAT +150.00 in two weeks...) in the past. But I never did activate my support, because it was only good for X number of days and after that I'd have to pay almost as much monthly as I'd paid for the bundle. I decided to save my code until I absolutely needed the support.
I'd feel more comfortable activating my support today, knowing that I'd only have to pay $5/month upkeep for a bit less service, than I'd have felt activating the support when I got the 7.0 CDs. I've always been in favor of choices, end-user empowerment, the idea that the person using software should be able to make the decisions. In that light I think Redhat has made a good move here. The more expensive option is still available to those who can afford it and would like the "VIP" treatment, but the cheaper option probably appeals to more people.
Remember that Redhat is a corporation, and needs to make money. I'm willing to bet that there are at least six times as many people willing to pay $5/month as there are people who are willing to pay $30/month. Offering the lower grade of RH Network will likely be a profitable decision as well as one that pleases consumers. Maybe I'll buy stock again
Of course, I still ain't subscribing to the support unless I really need it! But when that day comes I'll be much happier that there's a less expensive option.
Shaun