It's counterproductive for Microsoft to do this. They can't argue that this is because running an IM network is expensive and then give away their client for free. What they want is control and to kill off the competition that makes it easy for people to use multiple protocols without loading multiple programs. This is nothing new for Microsoft, of course.
It will be interesting to see the results of this. I use Linux/Gaim and many people such as myself will be forced to stop using MSN Messenger. We will obviously tell our contacts to please install Yahoo Messenger, ICQ, or AIM. None of my contacts are particulary averse to loading lots of programs on their computer so I know none of them will complain. They'll just do it. These are people that currently only use MSN Messenger and Microsoft is going to drive them to install other IM clients that they would have never otherwise installed. Regardless of whether or not these people stop using MSN, is this really in Microsoft's best interest?
I personally think this could end up being a very interesting case study in closed vs. open protocols. The people that bend over and install the latest version of MSN Messenger are the people that already use Microsoft's messenger to start with. I bet that very, very few people that use Gaim, Trillian, Kopete, etc. are going to consider installing the official Microsoft client. They're just going to drive these users away from MSN Messenger which makes the service LESS useful since fewer people will be reachable via MSN Messenger.
If Yahoo Messenger or AIM plays this right they could really pick up some market share here. Especially if Yahoo and AIM made an agreement to interoperate between those two protocols and publicize it as the cheapest, most open way to communicate with the largest number of people on the planet with the client of your choice. Microsoft would look pretty foolish for locking their protocol down. It'd also be hard for Microsoft to complain about being excluded from the interoperability since they just finished making a huge move against interoperability themselves.:)
How is that different from getting 100 confirmation emails from 100 mailing lists you've been "subscribed" to without your permission? Such confirmation emails are considered good; what's so bad about challenge/response?
It's different because a mailing list asking for confirmation does so to protect the person being sent the confirmation from being signed up to the mailing list without their authorization. It's not to protect the mailing list, it's to protect the person that someone is trying to screw by signing them up against their wishes.
It's also different in that I've run an opt-in mailing list with email confirmation on one of my websites for the last 5 years. In that time I have not received a single complaint or report of that opt-in message being used to bomb someone with unwanted confirmation messages. And if it became a problem I would certainly build in a throttle to limit future damage.
Users of challenge/response, such as you, know very well that they're receiving 200+ spams per day. You know full well that each of those spams is generating a challenge message and that many will be undeliverable and the rest will go to innocent third parties, filling up their inbox. THAT'S what's rude and you become part of the spam problem in the eyes of those innocent parties.
If my mailing list was sending 200 undesired confirmation messages to users each day, believe me, I'd fix that. Yet that's the norm for challenge/response.
Challenge/response isn't really much different from people who habitually screen all phone calls through their answering machine, and never answer unless they hear someone they want to talk to.
No, challenge/response is like leaving a message on an answering machine along with your (supposed) phone number. The answering machine then calls the (supposed) phone number and asks if it's really you... but 200 times per day the answering machine bothers people that never called the answering machine to start with just because someone left that phone number.
Interestingly, passively screening calls with an answering machine is closer to a traditional or Bayesian filter than it is to a challenge/response system.
Society seems to have accepted that practice, knowing those people are generally trying to escape the annoyance of telemarketing calls -- why shouldn't society accept challenge/response as a way to escape the annoyance of spam?
Again, using an answering machine to passively filter phone calls is fine. And that is equivalent to using a passive filter, Bayesian or otherwise, to filter email. I'm entirely in favor of that. But if telemarketers started calling and leaving messages and leaving random phone numbers and that same answering machine started calling the number to verify the caller, believe me, you'd see people hopping mad and looking for legislation to ban those machines.
I think you need to take a careful look at what you're suggesting. I personally find C/R offensive as a legitimate user emailing someone else and having to help them with their spam problem. But even more annoying is the hundreds of users that receive C/R messages from users that they never emailed.
That's where it's both rude and technically flawed. You're "solving" the spam problem for one person (you) at the cost of hassle for those sending email to you *AND* the hundreds of people that are hit by the challenges your system creates in response to the spam it receives. As long as email can be forged it's just a flawed concept.
I think in the case of a nuclear reactor multiple firewalls would be recommended. One to protect the organization from the Internet, and at least another one to protect all safety/mission critical servers from internal infection. Behind that firewall NOTHING should be connected, certainly not laptops that leave the building.
I periodically look at my TMDA pending queue to see if there are messages from people who can't figure out how to respond to a challenge. There aren't any.
How do you know? If you are receiving 200+ spams per day and you check your pending queue every 2 weeks, that's 2800 messages. Are you positive that you've never missed a message in the middle of all that spam that was legitimate? If so, how much time does it take you to review those 2800 messages? And is reviewing those 2800 messages any better than checking a Bayesian filter for false positives?
TMDA's challenge-response system keeps 200+ spams a day from my inbox.
You do realize that you are generating 200+ challenge messages for those daily spams, right? You realize that that creates more traffic on the Internet, right? Not only that, you know that spammers often forge real email addresses as the return address for their spams such that many of your hundreds of daily challenge messages are being sent to innocent people who never had any intention to contact you and that, to them, your challenge message is spam, too?
But if I had 200 junk messages in my mailbox every day, nobody would be able to reach me, because I would stop using e-mail.
But if you used Bayesian you'd only get about 1 spam every couple of days and wouldn't be generating useless challenge messages that further burden the email system and fill up the mailboxes of others that simply had their email address forged by a spammer.
This isn't rude.
Tell that to the person that receives 100 challenge responses because a spammer used their email address and happened to hit 100 people that use the C/R system. The only reason C/R isn't being widely criticized is because it's not widely used. If it were to become widely used you'd see more and more people complaining about receiving the challenges, especially challenges that they're only receiving because a spammer used their email address as the return address.
Email has changed. One way or another, you're going to have to cope.
Yes. And technology, such as the Bayesian filter I use, allow me to cope without burdening me or the people emailing me, and without creating more useless email traffic in the form of challenges sent to email addresses that have nothing to do with the person that really sent the message.
Add up the hours you spend trying to keep your "good Bayesian filter" hitting at 0.5% over an extended peiod of time
Hours? You said you used Bayesian before going to challenge/response. Is that really true? All I had to do was click a few "you got that wrong" links when I first started using the filter. Ever since then it pretty much trained itself. Now I don't even know it's there on a daily basis.
Suggesting that I've spent hours on my Bayesian filter to get it working is absurd.
... plus the time you spend checking your spambox for false positives
Compared to your system where you don't even KNOW you had a false positive. In all fairness, the people that don't bother to go through the hassle of validating themselves can be considered a false positive in challenge response. Do you even know how many people didn't go through your C/R process? Do you even know your false positive rate?
... and compare that with my "spam free existance" My mail works cleanly with minimal effort on my part and that of those I correspond with.
That's downright selfish. You ignore the fact that your "spam free existance" is at the cost of creating more spam for all the innocent people who are subject to your challenge requests just because some spammer decided to forge their email as the return address. They didn't contact you and yet you are spamming them with challenge emails.
My spam-free existance (about 7 spams per month) is very tolerable and I don't spew out thousands of useless challenges to innocent people in the process. My spam-free existance doesn't come at the cost of increasing the volume of spam for other innocent parties.
I think you have it backwards. Spammers are sociopaths.
I think you are using the definition of "sociopath" very liberally if you think that all--or even most--spammers are sociopaths. I hate spammers as much as the next guy, but sociopaths? The definition of sociopath is "One who is affected with a personality disorder marked by antisocial behavior." Spammers are insensitive and thieves, but I don't think that most of them suffer from a personality disorder.
Would you move to another country - turning your back on your family and friends, just so that you could continue harrassing innocent people? I doubt most spammers would either.
If the spammer is making a few hundred thousand per year I don't think a move to Cancun is going to hurt that much. After all, if they are sociopaths are their links to families and friends going to be all that important? They're sociopaths after all.:)
And the technology will always exist - or are you advocating the dismantling of email?
No, I'm advocating that we lock our doors before we ask Congress to do something about people breaking into our houses. We have the technical means to pretty much solve the spam problem and I think we should obviously exploit those technical means before we go crying to Washington for help that, frankly, they probably won't do a very good job at anyway.
How do filters make the technology "harder to abuse"? It's just as easy to abuse, and (more importantly) you're still paying for it
It's harder to abuse if the spammer has a harder time delivering his message to his intended victim. Filters make it less likely that a spammers' message will get through, thus less likely that a dumb idiot will respond to the spammer, that reduces the profits of the spammer which lowers the incentive to spam in the first place. It's not a silver bullet that will solve the spam problem in one day, but Congress isn't going to be able to give us a silver bullet either.
A "better filter" will only help you to avoid the problem, it doesn't make the problem go away.
See above. You're looking for instant gratification. As they say, the spam problem didn't hit us overnight and we won't defeat it overnight. But widely implemented effective spam filters will reduce even further the response rate of spam which will mean less motivation to send it in the first place. So, yes, a better filter will eventually help the problem go away as long as it is widely implemented. And we have the technical means to implement them widely.
Oh. My. God. You consider that you pay for 2420 pieces of email that you don't want a good thing?!?!?!
Those 2420 pieces of spam consumed 11MB of bandwidth. If I go over my bandwidth allocation (which I don't), I pay $2/GB. So if we assume that I'm paying $2/GB those 11MB of spam cost me about two pennies. Now I'm not saying that I think that it's good that I have to pay anything at all, but my time is much more valuable than the bandwidth cost of spam. And people need to understand that. The bandwidth is annoying, but the real cost of spam is in the time that everyone has to spend dealing with it.
So, yes, the fact that in the last 3 weeks I've had to manually delete 5 spams instead of 2420 is a good thing. If we can get rid of spam and save me three or four pennies per month, great, but I'd rather lose a nickle per month in bandwidth than invite the Federal government to start regulating aspects of email.
But if all we're doing is sending a message to spammers that YES, you're doing something illegal, then an anti-spam law that says something "The practice of spamming is considered theft of services and is illegal" would be sufficient. I would not be opposed to a 1-liner like that.
Problem is, laws are never 1-liners. It's going to get padded, definitions of spams are going to be added, consequences of certain types of spamming will be added, etc. And all the sudden you have one of these useless, burdensome laws that do more harm than good since it probably (unintentionally) opens loopholes that, again, the spammers will exploit to say "No, I'm not doing anything illegal. According to the law..."
Plus, I actually think the spammers know what they're doing is illegal. Even the ones that say they aren't. They know they're stealing the services of other mail servers. They're just playing dumb to justify why what they're doing is ok, but that doesn't mean they really believe it. It's their justification. Pasing the above 1-liner would make it impossible for them to play dumb, but again, I think they'd just find the loopholes.
You're assuming that all unsolicited e-mail is advertising a product. It isn't.
I'm interested in one-on-one conversation via email. If I didn't sign up for a mailing group I don't want mass-generated emails being sent to me. Period.
A policy of "no e-mail unless you are old friends" will make business-to-business communication impossible, and bring the economy to a complete stop.
You're probably right, but I didn't advocate a policy of "no e-mail unless you are old friends."
What I do advocate is absolutely no unsolicited mass mailing without the receiver's express double opt-in consent.
What if someone wanted to invest in your company? Would you delete that e-mail too because you don't know the person?
No, because that isn't spam. That's a single person taking the time to email me and initiate communication. That's a valid use of email. If that same person sent an email supposedly wanting to invest in my company and also sent the same mail to thousands of other companies in an automated fashion, yes, I would want that email deleted.
The difference is humans communicating with humans. Email should be used by one human communicating with another. If it's going to a computer mass mailing me impersonally along with thousands or millions of others then I only want to receive that if I expressly indicated I wanted a computer emailing me.
A human sitting down and writing me an email--even unsolicited--is completely different than a human pressing the "Go" button and dumping his load on thousands or millions of email addresses while he watches The Partridge Family on TV.
No. Spamming broke the concept of email years ago. The only question is how to fix things. Based on the hoops you're going through with SA, your email sounds just as broken.
I agree with grandparent, C/R is a lame response to spam. It puts the burden of your spam problem on those legitimate users that may want to mail you. Forgetting the technical problems, that's just rude. I am *not* your spam filter and, like parent, if I receive a C/R response I will just ignore it.
Technically, C/R is also lame. So you're getting, say, 100 spams coming in per day to your C/R system. Most of those are coming from non-existant addresses or addresses that belong to someone NOT involved in the spamming. So your C/R system is faithfully sending challenge messages to those 100 senders. Perhaps half fail because they are undeliverable, the other 50 find their way to innocent parties not involved in sending spam.
So for you to enjoy a spam-free email experience you've annoyed your legitimate senders, some probably decided not to bother (false positives that you don't see), you've attempted to deliver 1 challenge message for every spam you received (increasing spam-related traffic), and have managed to annoy 50 innocent people just because their email address happened to be forged by a spammer. But I guess the important thing is that you weren't bothered by the 0.5% of the spam that might get past a good Bayesian filter.
So... can you explain to me again why C/R is such a good thing?
It also makes it impossible for people to do business, since it will be impossible for people to introduce themselves through e-mail.
Unless it's personal, one-to-one conversation from a friend of mine recommending some company for something my friend knows I'm interested in, I don't *WANT* to be introduced to any company via email. If I'm interested in a company's product, I'll go Google and find it. Then we can have an email exchange if necessary. But I positively never want to receive a "cold call" via email.
My email address is there to serve ME, not to serve others in their efforts to get-rich-quick at the cost of my time.
You're asking Slashdot folks to *help* the Bush administration, even when it's right? Let's get back to reality here. The most important think here is to bash Microsoft, then bash Bush, then once that's done any remaining options may or may not be on the table.
The "they will all go offshore" excuse is BS. Sure, some might, but many won't.
You probably have it backwards. Many will go offshore, but some won't.
Plus, it might not be necessary. There is so much spam and spammers are constantly dodging bullets to keep themselves anonymous I'm not sure if it'd really be necessary to go overseas. There are not enough resources to track down spammers that are covering their tracks unless some "public bounty" is authorized that gives the *public* an incentive to track them down themselves. Even then I think you'll find many of the shadier spammers will just use stolen credit cards and/or free ISP trials to send their spam. The trail is going to get awfully cold for a civilian trying to track down a spammer when you run into stolen credit card numbers or need to find the phone number that dialed into the ISP at a given date/time.
Spam is a social problem, not a technological one. Social problems can only be solved by social contracts or laws.
Spam is NOT a social problem any more than junk snail mail is a social problem. It takes advantage of available technology to serve a business purpose and as long as the technology is available to take advantage of, it will continue. The problem is that in the case of email the technology makes spam free.
The solution is make spamming not free (with lawsuits based on existing laws) or make the technology harder to abuse (with filters, etc.). New laws are completely unnecessary and, as the FTC director said, most would be counterproductive.
Technological solutions fail. Even bayesian filters, those much heralded bleeding edge anti-spam flavor of the moment, are being beaten regularly--my SpamBayes filter catches still a good deal, but more and more slip through despie over 150,000 'training' emails as the spammers get smarter.
Then get a better Bayesian filter. With just 3000 good and 10,000 bad emails my Bayesian filter is running at 99.8%. 5 spams have gone through my Bayesian filter so far this month out of 2415 spams--2 were in a foreign language and the other 3 were on-topic enough that they got by and might have even been something I was interested in. My Bayesian filter accuracy has been going up constantly for the last 4 months.
I'm willing to do deal with 1 spam in my inbox every 3 or 4 days to avoid federal legislation that will probably be less than perfect and certainly will not eliminate 99.8% of the spam.
And, bayesian filters (even at the ISP level) don't begin to address the crucial problem of bandwidth use.
Overnight, no. But if more and more people and ISPs implemented Bayesian less spam would be seen my users--including the dumb ones that respond to spam. In time the motivation to spam will decrease and that will decrease the bandwidth problem.
Oh come on, leave off the traditional "blame the Republican for all our woes" line. It's getting old. RTFA. The reasons the FTC director gave for the anti-spam laws being useless are right on the money.
New laws to outlaw spam are, as the FTC director said, probably useless. Most of the spam being sent is fraudulent or deceptive in some way--or porn spam that is also being sent to minors. Spammers aren't bothered violating current laws, why does anyone think they won't ignore new anti-spam laws?
I've never received any, at least not since I stopped using the ICQ client back in, what, 1999 or 2000 or so? I only accept messages from those that are in my contact list. That seems to be all you need to do to not get spammed.
Besides, she's used to ignoring the porn spam. She has a Hotmail account.
I've tried using Jabber in the past. Unfortunately, I've never succeeded. For example, I tried it just seconds ago since the topic was brought up. In Gaim 0.66, I add a Jabber account, enter a screenname, etc. and click "Register" and it crashes out the entire Gaim app in Linux. Same thing happened in previous versions of Gaim under Linux. And when I just tried registering a Jabber ID with my wife's Windows machine (which is using the Windows version of Gaim 0.66) it gave me some kind of error and also shut down the entire Gaim app.
So what's up with Jabber? Why can't I create an account for Jabber under Gaim?
I am a GAIM user and was spammed by Microsoft on this issue about 30 times yesterday. I'm not buying the "a small number of users receive the email multiple times" line. A quick broswe of the newsgroups suggests that many people received many copies in many different languages.
I am hopeful that the developers of Gaim will be able to implement the latest MSN protocol by the Oct. 15th deadline. If not, well, my Gaim is also running Yahoo Messenger, ICQ, and AOL... any of which are fine with me. I'll have to get my parents to switch to ICQ but that shouldn't be a problem.
According to IMDB, the top 10 movies worldwide are:
1: Titanic $1,835,300,000
2: Harry Potter and the Sorcerer's Stone $968,600,000
3: Episode I - The Phantom Menace $922,300,000
4: Jurassic Park $919,700,000
5: LOTR The Two Towers $918,600,000
6: Harry Potter and the Chamber of Secrets $866,300,000
7: LOTR The Fellowship of the Ring $860,200,000
8: Independence Day $811,200,000
9: Spider-Man $806,700,000
10: Star Wars $797,900,000
What he's saying is that the fact that you used the code under what you believed was a valid GPL license does not indemify you from copyright infringement.
If someone else is responsible for the infringement and SCO knows who it is (apparently they do) then it is not reasonable to go after end-users who obtained the code in a legal manner from a source that they had a reasonable expectation to provide legal code.
Even if the end-user could in theory be guilty of copyright infringement, I don't think the user can be held responsible until SCO tells us all what sections of code are infringing. So far we just have idle threats with no evidence. If SCO were to let everyone know the supposedly infringing code I think we'd all take action to make sure we weren't using it. The fact that SCO doesn't tell anyone forces end-users to continue to infringe because we haven't been told what they think is infringing.
Basically, we can't do anything until we are sued by SCO. That's bogus.
The point is that even if the GPL is valid the end user is still responsible for any infringement.
I doubt that will be found to be the case if this goes to court. I think the infringement was committed by the people/persons/company that took code from SCO and put it in Linux (if it indeed happened). Those are the ones SCO needs to go after. Going after end users is like going after Honda owners because they own cars that happen to contain designs that Honda stole from Toyota.
Chris Sontag, senior vice president and general manager of the company's SCOsource business, added: "There is no warranty for infringement of intellectual property [in the GPL], so all of the liability ends up with end users."
So SCO says the GPL is invalid and won't stand up in court... but they use it as the basis to justify suing end users and hold them responsible for (supposedly) someone else inserting questionable code in the kernel? So which is it? Is GPL valid or not. Some of their claims depend on GPL being valid and others depend on it being invalid.
Your message doesn't make a lot of sense. It seems you are trying to make a point, but I'm not sure what it is.
Oh, and the new Prius hybrid? 0-60 in 10 seconds. Not bad for a soccermommobile.
Still uses gas, 52mpg. Granted, less gas than most cars... But we've been able to do 50+ mpg internal combustion for a decade. Heck this owner reported getting 55mpg out of his 1993 Geo Metro! And that's normal internal combustion without any fancy hybrid environmental buzzwords. So I don't see the "hybrid" is really getting us a whole lot.
I actually enjoyed Independence Day. I don't really remember it fizzling. It was the #1 grossing moving in 1996 and only 7 pictures have beat it's international gross. I can't find information regarding how much money it made on its first, second, third week, etc. but it made $811 million worldwide. You can't write that off on a "mega opening weekend."
Also, if you look at international gross, ID4 actually grossed more than all the Star Wars pictures except for Phantom Menace. How such a stupid movie gets the third highest gross of all time is beyond me. The only thing that bothers me more is that the #2 film is apparently Harry Potter. That's just annoying.
Slashdot Mirror
It will be interesting to see the results of this. I use Linux/Gaim and many people such as myself will be forced to stop using MSN Messenger. We will obviously tell our contacts to please install Yahoo Messenger, ICQ, or AIM. None of my contacts are particulary averse to loading lots of programs on their computer so I know none of them will complain. They'll just do it. These are people that currently only use MSN Messenger and Microsoft is going to drive them to install other IM clients that they would have never otherwise installed. Regardless of whether or not these people stop using MSN, is this really in Microsoft's best interest?
I personally think this could end up being a very interesting case study in closed vs. open protocols. The people that bend over and install the latest version of MSN Messenger are the people that already use Microsoft's messenger to start with. I bet that very, very few people that use Gaim, Trillian, Kopete, etc. are going to consider installing the official Microsoft client. They're just going to drive these users away from MSN Messenger which makes the service LESS useful since fewer people will be reachable via MSN Messenger.
If Yahoo Messenger or AIM plays this right they could really pick up some market share here. Especially if Yahoo and AIM made an agreement to interoperate between those two protocols and publicize it as the cheapest, most open way to communicate with the largest number of people on the planet with the client of your choice. Microsoft would look pretty foolish for locking their protocol down. It'd also be hard for Microsoft to complain about being excluded from the interoperability since they just finished making a huge move against interoperability themselves. :)
It's different because a mailing list asking for confirmation does so to protect the person being sent the confirmation from being signed up to the mailing list without their authorization. It's not to protect the mailing list, it's to protect the person that someone is trying to screw by signing them up against their wishes.
It's also different in that I've run an opt-in mailing list with email confirmation on one of my websites for the last 5 years. In that time I have not received a single complaint or report of that opt-in message being used to bomb someone with unwanted confirmation messages. And if it became a problem I would certainly build in a throttle to limit future damage.
Users of challenge/response, such as you, know very well that they're receiving 200+ spams per day. You know full well that each of those spams is generating a challenge message and that many will be undeliverable and the rest will go to innocent third parties, filling up their inbox. THAT'S what's rude and you become part of the spam problem in the eyes of those innocent parties.
If my mailing list was sending 200 undesired confirmation messages to users each day, believe me, I'd fix that. Yet that's the norm for challenge/response.
Challenge/response isn't really much different from people who habitually screen all phone calls through their answering machine, and never answer unless they hear someone they want to talk to.
No, challenge/response is like leaving a message on an answering machine along with your (supposed) phone number. The answering machine then calls the (supposed) phone number and asks if it's really you... but 200 times per day the answering machine bothers people that never called the answering machine to start with just because someone left that phone number.
Interestingly, passively screening calls with an answering machine is closer to a traditional or Bayesian filter than it is to a challenge/response system.
Society seems to have accepted that practice, knowing those people are generally trying to escape the annoyance of telemarketing calls -- why shouldn't society accept challenge/response as a way to escape the annoyance of spam?
Again, using an answering machine to passively filter phone calls is fine. And that is equivalent to using a passive filter, Bayesian or otherwise, to filter email. I'm entirely in favor of that. But if telemarketers started calling and leaving messages and leaving random phone numbers and that same answering machine started calling the number to verify the caller, believe me, you'd see people hopping mad and looking for legislation to ban those machines.
I think you need to take a careful look at what you're suggesting. I personally find C/R offensive as a legitimate user emailing someone else and having to help them with their spam problem. But even more annoying is the hundreds of users that receive C/R messages from users that they never emailed.
That's where it's both rude and technically flawed. You're "solving" the spam problem for one person (you) at the cost of hassle for those sending email to you *AND* the hundreds of people that are hit by the challenges your system creates in response to the spam it receives. As long as email can be forged it's just a flawed concept.
Just like the smoke they exhale...
Because "no-one ever got fired for going with Microsoft." Hehehehe.
How do you know? If you are receiving 200+ spams per day and you check your pending queue every 2 weeks, that's 2800 messages. Are you positive that you've never missed a message in the middle of all that spam that was legitimate? If so, how much time does it take you to review those 2800 messages? And is reviewing those 2800 messages any better than checking a Bayesian filter for false positives?
TMDA's challenge-response system keeps 200+ spams a day from my inbox.
You do realize that you are generating 200+ challenge messages for those daily spams, right? You realize that that creates more traffic on the Internet, right? Not only that, you know that spammers often forge real email addresses as the return address for their spams such that many of your hundreds of daily challenge messages are being sent to innocent people who never had any intention to contact you and that, to them, your challenge message is spam, too?
But if I had 200 junk messages in my mailbox every day, nobody would be able to reach me, because I would stop using e-mail.
But if you used Bayesian you'd only get about 1 spam every couple of days and wouldn't be generating useless challenge messages that further burden the email system and fill up the mailboxes of others that simply had their email address forged by a spammer.
This isn't rude.
Tell that to the person that receives 100 challenge responses because a spammer used their email address and happened to hit 100 people that use the C/R system. The only reason C/R isn't being widely criticized is because it's not widely used. If it were to become widely used you'd see more and more people complaining about receiving the challenges, especially challenges that they're only receiving because a spammer used their email address as the return address.
Yes. And technology, such as the Bayesian filter I use, allow me to cope without burdening me or the people emailing me, and without creating more useless email traffic in the form of challenges sent to email addresses that have nothing to do with the person that really sent the message.
Add up the hours you spend trying to keep your "good Bayesian filter" hitting at 0.5% over an extended peiod of time
Hours? You said you used Bayesian before going to challenge/response. Is that really true? All I had to do was click a few "you got that wrong" links when I first started using the filter. Ever since then it pretty much trained itself. Now I don't even know it's there on a daily basis.
Suggesting that I've spent hours on my Bayesian filter to get it working is absurd.
Compared to your system where you don't even KNOW you had a false positive. In all fairness, the people that don't bother to go through the hassle of validating themselves can be considered a false positive in challenge response. Do you even know how many people didn't go through your C/R process? Do you even know your false positive rate?
That's downright selfish. You ignore the fact that your "spam free existance" is at the cost of creating more spam for all the innocent people who are subject to your challenge requests just because some spammer decided to forge their email as the return address. They didn't contact you and yet you are spamming them with challenge emails.
My spam-free existance (about 7 spams per month) is very tolerable and I don't spew out thousands of useless challenges to innocent people in the process. My spam-free existance doesn't come at the cost of increasing the volume of spam for other innocent parties.
I think you are using the definition of "sociopath" very liberally if you think that all--or even most--spammers are sociopaths. I hate spammers as much as the next guy, but sociopaths? The definition of sociopath is "One who is affected with a personality disorder marked by antisocial behavior." Spammers are insensitive and thieves, but I don't think that most of them suffer from a personality disorder.
Would you move to another country - turning your back on your family and friends, just so that you could continue harrassing innocent people? I doubt most spammers would either.
If the spammer is making a few hundred thousand per year I don't think a move to Cancun is going to hurt that much. After all, if they are sociopaths are their links to families and friends going to be all that important? They're sociopaths after all. :)
And the technology will always exist - or are you advocating the dismantling of email?
No, I'm advocating that we lock our doors before we ask Congress to do something about people breaking into our houses. We have the technical means to pretty much solve the spam problem and I think we should obviously exploit those technical means before we go crying to Washington for help that, frankly, they probably won't do a very good job at anyway.
How do filters make the technology "harder to abuse"? It's just as easy to abuse, and (more importantly) you're still paying for it
It's harder to abuse if the spammer has a harder time delivering his message to his intended victim. Filters make it less likely that a spammers' message will get through, thus less likely that a dumb idiot will respond to the spammer, that reduces the profits of the spammer which lowers the incentive to spam in the first place. It's not a silver bullet that will solve the spam problem in one day, but Congress isn't going to be able to give us a silver bullet either.
A "better filter" will only help you to avoid the problem, it doesn't make the problem go away.
See above. You're looking for instant gratification. As they say, the spam problem didn't hit us overnight and we won't defeat it overnight. But widely implemented effective spam filters will reduce even further the response rate of spam which will mean less motivation to send it in the first place. So, yes, a better filter will eventually help the problem go away as long as it is widely implemented. And we have the technical means to implement them widely.
Oh. My. God. You consider that you pay for 2420 pieces of email that you don't want a good thing?!?!?!
Those 2420 pieces of spam consumed 11MB of bandwidth. If I go over my bandwidth allocation (which I don't), I pay $2/GB. So if we assume that I'm paying $2/GB those 11MB of spam cost me about two pennies. Now I'm not saying that I think that it's good that I have to pay anything at all, but my time is much more valuable than the bandwidth cost of spam. And people need to understand that. The bandwidth is annoying, but the real cost of spam is in the time that everyone has to spend dealing with it.
So, yes, the fact that in the last 3 weeks I've had to manually delete 5 spams instead of 2420 is a good thing. If we can get rid of spam and save me three or four pennies per month, great, but I'd rather lose a nickle per month in bandwidth than invite the Federal government to start regulating aspects of email.
But if all we're doing is sending a message to spammers that YES, you're doing something illegal, then an anti-spam law that says something "The practice of spamming is considered theft of services and is illegal" would be sufficient. I would not be opposed to a 1-liner like that.
Problem is, laws are never 1-liners. It's going to get padded, definitions of spams are going to be added, consequences of certain types of spamming will be added, etc. And all the sudden you have one of these useless, burdensome laws that do more harm than good since it probably (unintentionally) opens loopholes that, again, the spammers will exploit to say "No, I'm not doing anything illegal. According to the law..."
Plus, I actually think the spammers know what they're doing is illegal. Even the ones that say they aren't. They know they're stealing the services of other mail servers. They're just playing dumb to justify why what they're doing is ok, but that doesn't mean they really believe it. It's their justification. Pasing the above 1-liner would make it impossible for them to play dumb, but again, I think they'd just find the loopholes.
I'm interested in one-on-one conversation via email. If I didn't sign up for a mailing group I don't want mass-generated emails being sent to me. Period.
A policy of "no e-mail unless you are old friends" will make business-to-business communication impossible, and bring the economy to a complete stop.
You're probably right, but I didn't advocate a policy of "no e-mail unless you are old friends." What I do advocate is absolutely no unsolicited mass mailing without the receiver's express double opt-in consent.
What if someone wanted to invest in your company? Would you delete that e-mail too because you don't know the person?
No, because that isn't spam. That's a single person taking the time to email me and initiate communication. That's a valid use of email. If that same person sent an email supposedly wanting to invest in my company and also sent the same mail to thousands of other companies in an automated fashion, yes, I would want that email deleted.
The difference is humans communicating with humans. Email should be used by one human communicating with another. If it's going to a computer mass mailing me impersonally along with thousands or millions of others then I only want to receive that if I expressly indicated I wanted a computer emailing me.
A human sitting down and writing me an email--even unsolicited--is completely different than a human pressing the "Go" button and dumping his load on thousands or millions of email addresses while he watches The Partridge Family on TV.
I agree with grandparent, C/R is a lame response to spam. It puts the burden of your spam problem on those legitimate users that may want to mail you. Forgetting the technical problems, that's just rude. I am *not* your spam filter and, like parent, if I receive a C/R response I will just ignore it.
Technically, C/R is also lame. So you're getting, say, 100 spams coming in per day to your C/R system. Most of those are coming from non-existant addresses or addresses that belong to someone NOT involved in the spamming. So your C/R system is faithfully sending challenge messages to those 100 senders. Perhaps half fail because they are undeliverable, the other 50 find their way to innocent parties not involved in sending spam.
So for you to enjoy a spam-free email experience you've annoyed your legitimate senders, some probably decided not to bother (false positives that you don't see), you've attempted to deliver 1 challenge message for every spam you received (increasing spam-related traffic), and have managed to annoy 50 innocent people just because their email address happened to be forged by a spammer. But I guess the important thing is that you weren't bothered by the 0.5% of the spam that might get past a good Bayesian filter.
So... can you explain to me again why C/R is such a good thing?
Unless it's personal, one-to-one conversation from a friend of mine recommending some company for something my friend knows I'm interested in, I don't *WANT* to be introduced to any company via email. If I'm interested in a company's product, I'll go Google and find it. Then we can have an email exchange if necessary. But I positively never want to receive a "cold call" via email.
My email address is there to serve ME, not to serve others in their efforts to get-rich-quick at the cost of my time.
Absolutely incorrect.
The "they will all go offshore" excuse is BS. Sure, some might, but many won't.
You probably have it backwards. Many will go offshore, but some won't.
Plus, it might not be necessary. There is so much spam and spammers are constantly dodging bullets to keep themselves anonymous I'm not sure if it'd really be necessary to go overseas. There are not enough resources to track down spammers that are covering their tracks unless some "public bounty" is authorized that gives the *public* an incentive to track them down themselves. Even then I think you'll find many of the shadier spammers will just use stolen credit cards and/or free ISP trials to send their spam. The trail is going to get awfully cold for a civilian trying to track down a spammer when you run into stolen credit card numbers or need to find the phone number that dialed into the ISP at a given date/time.
Spam is a social problem, not a technological one. Social problems can only be solved by social contracts or laws.
Spam is NOT a social problem any more than junk snail mail is a social problem. It takes advantage of available technology to serve a business purpose and as long as the technology is available to take advantage of, it will continue. The problem is that in the case of email the technology makes spam free.
The solution is make spamming not free (with lawsuits based on existing laws) or make the technology harder to abuse (with filters, etc.). New laws are completely unnecessary and, as the FTC director said, most would be counterproductive.
Technological solutions fail. Even bayesian filters, those much heralded bleeding edge anti-spam flavor of the moment, are being beaten regularly--my SpamBayes filter catches still a good deal, but more and more slip through despie over 150,000 'training' emails as the spammers get smarter.
Then get a better Bayesian filter. With just 3000 good and 10,000 bad emails my Bayesian filter is running at 99.8%. 5 spams have gone through my Bayesian filter so far this month out of 2415 spams--2 were in a foreign language and the other 3 were on-topic enough that they got by and might have even been something I was interested in. My Bayesian filter accuracy has been going up constantly for the last 4 months.
I'm willing to do deal with 1 spam in my inbox every 3 or 4 days to avoid federal legislation that will probably be less than perfect and certainly will not eliminate 99.8% of the spam.
And, bayesian filters (even at the ISP level) don't begin to address the crucial problem of bandwidth use.
Overnight, no. But if more and more people and ISPs implemented Bayesian less spam would be seen my users--including the dumb ones that respond to spam. In time the motivation to spam will decrease and that will decrease the bandwidth problem.
Legislation is NOT the answer.
New laws to outlaw spam are, as the FTC director said, probably useless. Most of the spam being sent is fraudulent or deceptive in some way--or porn spam that is also being sent to minors. Spammers aren't bothered violating current laws, why does anyone think they won't ignore new anti-spam laws?
Besides, she's used to ignoring the porn spam. She has a Hotmail account.
So what's up with Jabber? Why can't I create an account for Jabber under Gaim?
I am hopeful that the developers of Gaim will be able to implement the latest MSN protocol by the Oct. 15th deadline. If not, well, my Gaim is also running Yahoo Messenger, ICQ, and AOL... any of which are fine with me. I'll have to get my parents to switch to ICQ but that shouldn't be a problem.
1: Titanic $1,835,300,000
2: Harry Potter and the Sorcerer's Stone $968,600,000
3: Episode I - The Phantom Menace $922,300,000
4: Jurassic Park $919,700,000
5: LOTR The Two Towers $918,600,000
6: Harry Potter and the Chamber of Secrets $866,300,000
7: LOTR The Fellowship of the Ring $860,200,000
8: Independence Day $811,200,000
9: Spider-Man $806,700,000
10: Star Wars $797,900,000
If someone else is responsible for the infringement and SCO knows who it is (apparently they do) then it is not reasonable to go after end-users who obtained the code in a legal manner from a source that they had a reasonable expectation to provide legal code.
Even if the end-user could in theory be guilty of copyright infringement, I don't think the user can be held responsible until SCO tells us all what sections of code are infringing. So far we just have idle threats with no evidence. If SCO were to let everyone know the supposedly infringing code I think we'd all take action to make sure we weren't using it. The fact that SCO doesn't tell anyone forces end-users to continue to infringe because we haven't been told what they think is infringing.
Basically, we can't do anything until we are sued by SCO. That's bogus.
The point is that even if the GPL is valid the end user is still responsible for any infringement.
I doubt that will be found to be the case if this goes to court. I think the infringement was committed by the people/persons/company that took code from SCO and put it in Linux (if it indeed happened). Those are the ones SCO needs to go after. Going after end users is like going after Honda owners because they own cars that happen to contain designs that Honda stole from Toyota.
So SCO says the GPL is invalid and won't stand up in court... but they use it as the basis to justify suing end users and hold them responsible for (supposedly) someone else inserting questionable code in the kernel? So which is it? Is GPL valid or not. Some of their claims depend on GPL being valid and others depend on it being invalid.
Oh, and the new Prius hybrid? 0-60 in 10 seconds. Not bad for a soccermommobile.
Still uses gas, 52mpg. Granted, less gas than most cars... But we've been able to do 50+ mpg internal combustion for a decade. Heck this owner reported getting 55mpg out of his 1993 Geo Metro! And that's normal internal combustion without any fancy hybrid environmental buzzwords. So I don't see the "hybrid" is really getting us a whole lot.
Also, if you look at international gross, ID4 actually grossed more than all the Star Wars pictures except for Phantom Menace. How such a stupid movie gets the third highest gross of all time is beyond me. The only thing that bothers me more is that the #2 film is apparently Harry Potter. That's just annoying.