Obviously an ureasonable attitude, except in certain narrow situations. Assigning blame does nothing to provide a solution, and dismissing everybody from the internet is neither reasonable nor desirable.
Unreasonable? The solution is to educate people. Unfortunately, the solution doesn't work...look at XP SP2 and what they did to try and do it for the user since they won't educate themselves. Time has proven again and again that the masses just don't care about stuff.
Are those kind of people better off using money order or checks online? Yes.
I don' think that will solve the problem. I would think that most of the numbers are skimmed in the real world and not stolen from cyberspace (though i may be wrong) Usually it's a cashier at a or a restaurant or bar or some establishment with a card reader thats made in China and thats it. That kind of activity is way easier then intercepting net traffic.
I'm sure a good number of stolen card databases come from phishing.
If we used public key based encryption with a PK signed certificate kind of scheme, the skimmers would only get public keys....which is what we want people to have.
I'm sure what I said is far too complicated for Joe Citizen, but I'm sure we'll eventually reach a point where people need to learn the technology or they don't have the luxury anymore.
I was recently brought on to an e-commerce project...day 1 was stopping the fraudulent orders being sent to Malaysia or to the drop sites in the US. All it takes is a 30 second call to the card company to get the issuing bank's number...99% of the bad cards were verified as stolen from the bank. One card wasn't reported as stolen yet...yay for me.
If Paypal, IIS, etc can figure out key encryption, why can't we?
1) Credit card company creates keys and issues it to the customer...the card number is replaced by a number identifying the key. 2) Payment request certificates are sent to the customer who either signs it or doesn't sign it. 3) Transactions are encrypted using keys....you, your bank, the merchant and the card company can decrypt the info, no one else.
Didn't I just describe SSL/GPG? Oh wait..I did.
It boils down to this: if you can't handle the technology (aka keep spyware off your machine, keep it updated, and keep your card number safe), DON'T USE THE TECHNOLOGY. Write a check...but of course, that's digitized now thanks to Check 21...that old technology will be deprecated very soon in favor of direct debit.
I wanted to leave the content out of the discussion...but since this is going in that direction...
I listen to BPM #81, 90s on 9 #9, Highway 16 #16, and Top 20 #20. Top 20 is pop..it's the same. Highway 16 is decent...they're pretty quick on the new songs.
90s was trashed. It's SOOO bad compared to when Kane/Girl/Priestly were on.
BPM is a mess. Disorganized, late on new music.
Even if we solve this lousy sound quality issue, I'm still debating on whether or not to just let my radio get deactivated from not paying.
The FM modulator does a thing that all FM signals have...it's called pre-emphasis. It has a special EQ curve that REALLY boosts the highs....it's like taking your treble knob, turning it up the whole way, and then going twice more. The radio does de-emphasis to undo that before you hear it.
When XM was sending crystal clear highs, it would often get that scratchy sound from overmodulating (sibilance)...since the sound quality has taken a nose dive and the highs are basically missing, it doesn't do that anymore.
The digital link sounds just as bad as the FM modulated links because the audio XM is sending is degraded...it's no longer a weak spot in the local hardware.
I haven't heard a noticeable degredation. I've subscribed in late 2001. Talk stations are pretty bad, but music hasn't been.
It's easier to tell with an FM modulator. It used to have mad sibilance from the pre-emphasis...now since the highs are completely GONE (low pass at 10khz or something ridiculous?) and warbled, you don't hear that anymore.
If my old Pioneer unit is no longer supported, don't you think XM would have said "we did technology improvements...you need to upgrade the firmware or buy a new unit manufacturered after XX"?
I have to say that the quality of XM's audio has significantly decreased since I got the service in 2002. It resembles a poorly encoded 96k MP3 now. It could be that they have too many channels and they had to drop the bandwidth...but it sounds AWFUL. FM stations in the area have more highs, not to mention actual audio processing (the stuff that gives it that "radio sound").
If bandwidth is becoming a problem with all these channels, change the technology. Put an MP3Pro-like encoder on it...newer units sound crystal clear again and older units sound the same.
I'd sure like to hear the technical explanation from XM as to why the audio has sucked over the last few months.
Just out of curiostiy, which version of Exim are you using? Is it configured to dump the message before the DATA phase of receipt? I want to integrate SPF checks with Exim 4 just as soon as Debian Sarge moves to stable.
I'm using a whole bunch of custom rulesets with the ACLs and Tom Kistner's exiscan-ACL with its built in SpamAssassin, malware and SPF checking (using libspf_alt). v4.34 is currently on the system...been too busy to put the latest (4.43) on.
I have it set just to warn on a failure of that nature...in the helo ACL:
The $acl_c1 variable is set earlier in the helo ACL if the remote host used our name in its greeting. At the end of each ACL, it looks for $acl_c1 to be set and delays the connection by 20 seconds, but doesn't deny the message until after DATA because it may keep delaying spammers and malware people 20 seconds on each command to tie them up.
There were 4,061 rejections on my system...of those, 89 were caught with SPF, 10 were caught with uvscan from McAfee, 23 were caught with SpamAssassin, and the rest were denied at SMTP time through my tight ACLs. 70 messages were delivered successfully. The only domains on my system are my personal one (samthecomputerman.com) and my videogame site (zophar.net).
Well, I would normally recommend Pest Patrol. They're located across the hall from me, I've had lunch with their CEO and co-founder, and it's an all around great product with some talented people behind it.
Oh wait...CA bought them, the new v5 sucks, and everyone who worked hard to make it great is about to lose their job.
You are a moron if you use paypal to run a business including the payroll, of all things.
Paypal doesn't run the business, the owner of the company runs the business. Paypal is just one of many payment options we give our customers...and since a large portion of sales come from eBay, people find Paypal very convenient.
Payroll isn't run by Paypal...but in order to facilitate payroll, you must withdraw funds from Paypal. It doesn't automatically sweep into our local bank account like our Linkpoint/CSI account does (money order/checks go directly into the local account). It's necessary to have several thousand dollars in the Paypal account when you do the volume we do for refunds, disputes, and general purchases...like today I bought a bunch of toner off of eBay and paid directly out of the Paypal account.
If a new storefront opened in the mall, we'll call them BankPal(tm). They want you to enter your credit card information, bank account numbers, address and phone numbers, and OH BY THE WAY we're not a bank, aren't held to bank standards or laws, can seize your account at any time for no reason, are not fdic insured, blah blah blah, how can anyone with more than two brain cells trust these jokers???
You seem to think that Paypal is our sole payment option. You were misinformed, or you assumed such. We offer credit card through our processor (Linkpoint/CSI, housed on OUR servers and OUR bank account), money order, check, or Paypal. Like I already said, the majority of eBay people prefer to pay with Paypal.
Apparently the majority of our customers have less than or equal to 2 brain cells.
A service which houses 50 million people, has billions of dollars flow through it, and is the primary payment service for the largest auction site in the world? Sounds pretty newsworthy to me, people.
Regardless, we accept Paypal payments for our business. Didn't work all weekend...and today I kept getting errors (I think it was 30004) telling me to "retry" or "return to main page". Took a few retries, but I did get stuff done....such as transfering money out for payroll on Friday. Auction and storefront sales were down from lack of a payment service though. Debit card had activity over the weekend, so that worked fine.
So how long until everything in the home has its own IP address and script kiddies decide to get their kicks messing with your air conditioning during a heat wave?
So how long until everyone realizes that maybe you shouldn't give your air conditioner an external IP address?
Do you have your network printer on an external IP address?
I hope the V2G hookups have a key on the door or require a latch from inside the car (like most gas doors). Stealing power could become a problem...so could shorting out the electrical system (similar to putting sugar in the gas tank).
After reading about XP SP2 and Windows Update v5 on Slashdot, I had a chance to play around with them. While I'm impressed at both the operating system and the updater as of late, I have to be honest and say you've failed to address the number one problem plaguing the computer industry: ignorance.
The average Joe--your primary customer--doesn't know about Windows Update. This person doesn't know about service packs. This person doesn't care to know. In fact, when you tell this person about how critical these updates are, the average Joe is going to say "I don't care."
I've been in the industry for quite some time. I've tried to explain it using jargon...using layman's terms...using fruity Powerpuff Girls language...EVERYTHING. The end user--soccer mom and Grandpa--just don't care. They don't see the importance of updates to software.
Maybe what they need is a scare tactic? YOU, Microsoft, tell them that they are a liability on the Internet. Their documents, taxes, pictures, money, passwords, et al are vulnerable to theft. Their machines are turned into zombies which wreak havoc on innocent Net users....use the new buzz word terrorism as it will get their attention. Nah...they won't listen after 6 months again.
Is the answer to cripple the operating system unless it phones home regularly? Was this part of the original plan when XP dialed home? Nah...won't work. You have millions of XP installations out there already which do not even have updates from 2001....there's no way those users will even think about updating to enable a mandatory update.
I don't have time to read fiction, poetry or short stories. From the time I wake up to the time I go to bed I'm constantly filling my head with reading material of the non-fiction variety:
o Slashdot and various news sites plus the actual articles o Product documentation o FAQs o Code syntax and programming guides o The ingredients and other useless info on my food so I'm not bored to death when I eat
If you counted up the amount that I read in a day (as in, actually READ...not just browse) I would probably put these reading programs to shame.
Besides, I do fiction and short stories all the time. Today I imagined how to do tweaks to my MTA exim, wrote up a synopsis, read up on it online, and made it happen. Barry The Retarded Elephant short story didn't help me at all.
I suppose you're against all the legislation for spam as well? Did you also not like the do-not-call list?
Making something illegal gives one recourse...my father was caught up my the dialer trojan and had a big bill. It was VERY involved because there was nothing which specifically prohibited it. Had there been legislation SPECIFICALLY outlining that activity, it would have been MUCH easier on everybody.
Slashdot Mirror
Obviously an ureasonable attitude, except in certain narrow situations. Assigning blame does nothing to provide a solution, and dismissing everybody from the internet is neither reasonable nor desirable.
Unreasonable? The solution is to educate people. Unfortunately, the solution doesn't work...look at XP SP2 and what they did to try and do it for the user since they won't educate themselves. Time has proven again and again that the masses just don't care about stuff.
Are those kind of people better off using money order or checks online? Yes.
I don' think that will solve the problem. I would think that most of the numbers are skimmed in the real world and not stolen from cyberspace (though i may be wrong)
Usually it's a cashier at a or a restaurant or bar or some establishment with a card reader thats made in China and thats it. That kind of activity is way easier then intercepting net traffic.
I'm sure a good number of stolen card databases come from phishing.
If we used public key based encryption with a PK signed certificate kind of scheme, the skimmers would only get public keys....which is what we want people to have.
I'm sure what I said is far too complicated for Joe Citizen, but I'm sure we'll eventually reach a point where people need to learn the technology or they don't have the luxury anymore.
I was recently brought on to an e-commerce project...day 1 was stopping the fraudulent orders being sent to Malaysia or to the drop sites in the US. All it takes is a 30 second call to the card company to get the issuing bank's number...99% of the bad cards were verified as stolen from the bank. One card wasn't reported as stolen yet...yay for me.
If Paypal, IIS, etc can figure out key encryption, why can't we?
1) Credit card company creates keys and issues it to the customer...the card number is replaced by a number identifying the key.
2) Payment request certificates are sent to the customer who either signs it or doesn't sign it.
3) Transactions are encrypted using keys....you, your bank, the merchant and the card company can decrypt the info, no one else.
Didn't I just describe SSL/GPG? Oh wait..I did.
It boils down to this: if you can't handle the technology (aka keep spyware off your machine, keep it updated, and keep your card number safe), DON'T USE THE TECHNOLOGY. Write a check...but of course, that's digitized now thanks to Check 21...that old technology will be deprecated very soon in favor of direct debit.
SPF, while not perfect, is already used in production servers (AOL anybody?) and with the advent of SRS, works pretty well.
My meaningless, insignificant, 2 domain email system:Most are AOL, earthlink or netzero. Funny how I don't see SPF records for microsoft, hotmail, etc.
I wanted to leave the content out of the discussion...but since this is going in that direction...
I listen to BPM #81, 90s on 9 #9, Highway 16 #16, and Top 20 #20. Top 20 is pop..it's the same. Highway 16 is decent...they're pretty quick on the new songs.
90s was trashed. It's SOOO bad compared to when Kane/Girl/Priestly were on.
BPM is a mess. Disorganized, late on new music.
Even if we solve this lousy sound quality issue, I'm still debating on whether or not to just let my radio get deactivated from not paying.
The FM modulator does a thing that all FM signals have...it's called pre-emphasis. It has a special EQ curve that REALLY boosts the highs....it's like taking your treble knob, turning it up the whole way, and then going twice more. The radio does de-emphasis to undo that before you hear it.
When XM was sending crystal clear highs, it would often get that scratchy sound from overmodulating (sibilance)...since the sound quality has taken a nose dive and the highs are basically missing, it doesn't do that anymore.
The digital link sounds just as bad as the FM modulated links because the audio XM is sending is degraded...it's no longer a weak spot in the local hardware.
I haven't heard a noticeable degredation. I've subscribed in late 2001. Talk stations are pretty bad, but music hasn't been.
It's easier to tell with an FM modulator. It used to have mad sibilance from the pre-emphasis...now since the highs are completely GONE (low pass at 10khz or something ridiculous?) and warbled, you don't hear that anymore.
If my old Pioneer unit is no longer supported, don't you think XM would have said "we did technology improvements...you need to upgrade the firmware or buy a new unit manufacturered after XX"?
I have to say that the quality of XM's audio has significantly decreased since I got the service in 2002. It resembles a poorly encoded 96k MP3 now. It could be that they have too many channels and they had to drop the bandwidth...but it sounds AWFUL. FM stations in the area have more highs, not to mention actual audio processing (the stuff that gives it that "radio sound").
If bandwidth is becoming a problem with all these channels, change the technology. Put an MP3Pro-like encoder on it...newer units sound crystal clear again and older units sound the same.
I'd sure like to hear the technical explanation from XM as to why the audio has sucked over the last few months.
I was late for work because the new 4WD/Acura.MDX@MM worm got me overnight.
I'm using a whole bunch of custom rulesets with the ACLs and Tom Kistner's exiscan-ACL with its built in SpamAssassin, malware and SPF checking (using libspf_alt). v4.34 is currently on the system...been too busy to put the latest (4.43) on.
I have it set just to warn on a failure of that nature...in the helo ACL:The $acl_c1 variable is set earlier in the helo ACL if the remote host used our name in its greeting. At the end of each ACL, it looks for $acl_c1 to be set and delays the connection by 20 seconds, but doesn't deny the message until after DATA because it may keep delaying spammers and malware people 20 seconds on each command to tie them up.
There were 4,061 rejections on my system...of those, 89 were caught with SPF, 10 were caught with uvscan from McAfee, 23 were caught with SpamAssassin, and the rest were denied at SMTP time through my tight ACLs. 70 messages were delivered successfully. The only domains on my system are my personal one (samthecomputerman.com) and my videogame site (zophar.net).
Well, I would normally recommend Pest Patrol. They're located across the hall from me, I've had lunch with their CEO and co-founder, and it's an all around great product with some talented people behind it.
:)
Oh wait...CA bought them, the new v5 sucks, and everyone who worked hard to make it great is about to lose their job.
Ad-Aware
Perhaps they're realizing that they should listen to the old saying:
Keep your friends close, but your enemies closer.
Why is everyone flipping out about domainkeys and SPF? Gmail already HAD spf...looky what I get from 'dig':
;; ANSWER SECTION:
...and from the headers of my email:
gmail.com. 300 IN TXT "v=spf1 a:mproxy.gmail.com a:rproxy.gmail.com ?all"
Received-SPF: pass (mojo: domain of gmail.com designates 64.233.170.203 as permitted sender) client-ip=64.233.170.203; envelope-from=xxx@gmail.com; helo=mproxy.gmail.com;
What we should question is why this is in my Exim logs for each gmail mail I receive:
2004-10-17 23:00:25 H=rproxy.gmail.com (mproxy.gmail.com) [64.233.170.203] Warning: remote host presented unverifiable HELO/EHLO greeting.
...helping us hide when we mispel sumthing.
You are a moron if you use paypal to run a business including the payroll, of all things.
Paypal doesn't run the business, the owner of the company runs the business. Paypal is just one of many payment options we give our customers...and since a large portion of sales come from eBay, people find Paypal very convenient.
Payroll isn't run by Paypal...but in order to facilitate payroll, you must withdraw funds from Paypal. It doesn't automatically sweep into our local bank account like our Linkpoint/CSI account does (money order/checks go directly into the local account). It's necessary to have several thousand dollars in the Paypal account when you do the volume we do for refunds, disputes, and general purchases...like today I bought a bunch of toner off of eBay and paid directly out of the Paypal account.
If a new storefront opened in the mall, we'll call them BankPal(tm). They want you to enter your credit card information, bank account numbers, address and phone numbers, and OH BY THE WAY we're not a bank, aren't held to bank standards or laws, can seize your account at any time for no reason, are not fdic insured, blah blah blah, how can anyone with more than two brain cells trust these jokers???
You seem to think that Paypal is our sole payment option. You were misinformed, or you assumed such. We offer credit card through our processor (Linkpoint/CSI, housed on OUR servers and OUR bank account), money order, check, or Paypal. Like I already said, the majority of eBay people prefer to pay with Paypal.
Apparently the majority of our customers have less than or equal to 2 brain cells.
A service which houses 50 million people, has billions of dollars flow through it, and is the primary payment service for the largest auction site in the world? Sounds pretty newsworthy to me, people.
Regardless, we accept Paypal payments for our business. Didn't work all weekend...and today I kept getting errors (I think it was 30004) telling me to "retry" or "return to main page". Took a few retries, but I did get stuff done....such as transfering money out for payroll on Friday. Auction and storefront sales were down from lack of a payment service though. Debit card had activity over the weekend, so that worked fine.
...helping people propogate hideous grammar.
For the realists...
No, they wouldn't have used his money. They would have gone into survival mode and just helped each other regardless of getting anything in return.
For the suspenders of disbelief...
When they get rescued, his money will still be worth something back home.
For everyone else...
There's an essay to read...it's not about Gilligan's Island.
So how long until everything in the home has its own IP address and script kiddies decide to get their kicks messing with your air conditioning during a heat wave?
So how long until everyone realizes that maybe you shouldn't give your air conditioner an external IP address?
Do you have your network printer on an external IP address?
I hope the V2G hookups have a key on the door or require a latch from inside the car (like most gas doors). Stealing power could become a problem...so could shorting out the electrical system (similar to putting sugar in the gas tank).
...but my comment for the last NSI/Verisign story still stands.
They're going in the right direction, but I still don't trust them nor will I ever use them for domain services.
After reading about XP SP2 and Windows Update v5 on Slashdot, I had a chance to play around with them. While I'm impressed at both the operating system and the updater as of late, I have to be honest and say you've failed to address the number one problem plaguing the computer industry: ignorance.
The average Joe--your primary customer--doesn't know about Windows Update. This person doesn't know about service packs. This person doesn't care to know. In fact, when you tell this person about how critical these updates are, the average Joe is going to say "I don't care."
I've been in the industry for quite some time. I've tried to explain it using jargon...using layman's terms...using fruity Powerpuff Girls language...EVERYTHING. The end user--soccer mom and Grandpa--just don't care. They don't see the importance of updates to software.
Maybe what they need is a scare tactic? YOU, Microsoft, tell them that they are a liability on the Internet. Their documents, taxes, pictures, money, passwords, et al are vulnerable to theft. Their machines are turned into zombies which wreak havoc on innocent Net users....use the new buzz word terrorism as it will get their attention. Nah...they won't listen after 6 months again.
Is the answer to cripple the operating system unless it phones home regularly? Was this part of the original plan when XP dialed home? Nah...won't work. You have millions of XP installations out there already which do not even have updates from 2001....there's no way those users will even think about updating to enable a mandatory update.
Remember this for your next Longhorn meeting.
...but kissing our asses won't make up for the fact you still want to deprecate NXDOMAIN for SiteFinder.
I don't have time to read fiction, poetry or short stories. From the time I wake up to the time I go to bed I'm constantly filling my head with reading material of the non-fiction variety:
o Slashdot and various news sites plus the actual articles
o Product documentation
o FAQs
o Code syntax and programming guides
o The ingredients and other useless info on my food so I'm not bored to death when I eat
If you counted up the amount that I read in a day (as in, actually READ...not just browse) I would probably put these reading programs to shame.
Besides, I do fiction and short stories all the time. Today I imagined how to do tweaks to my MTA exim, wrote up a synopsis, read up on it online, and made it happen. Barry The Retarded Elephant short story didn't help me at all.
I suppose you're against all the legislation for spam as well? Did you also not like the do-not-call list?
Making something illegal gives one recourse...my father was caught up my the dialer trojan and had a big bill. It was VERY involved because there was nothing which specifically prohibited it. Had there been legislation SPECIFICALLY outlining that activity, it would have been MUCH easier on everybody.