Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
We're not stuck, it's a choice we (and a lot of other organizations) have made because we find great value in the rich functionality provided by the native RPC client/server interface.
Ok, but you'll have to agree that that choice--which was made for certain reasons--limits your options in other aspects; in this case an effective anti-spam solution.
POP3 and IMAP4 really make no provisions for anything other than simple mail message passing.
And that's all they need to do.
When the standards aren't good enough for your needs, you're forced to use something else until the standards catch up.
I would disagree that POP3 or IMAP4 have to "catch up" with any of the proprietary stuff that locks you out of IMAP4 or POP3 solutions. The problem is that Microsoft (and perhaps Lotus, I don't know) decided to implement a new proprietary protocol that doesn't just handle groupware functions (such as, as you say, custom form apps, scheduling, etc.) but also dictates how to handle email--something that was already handled by a standard, well-implemented protocol such as POP3. That makes no sense except from a monopolistic, embrace-and-extend strategy whereby you try to lock people into your own protocol rather than use well-adopted protocols such as POP3. Microsoft did NOT have to roll mail transport into their proprietary protocol. That was well handled under POP3. They could have easily implemented all their groupware features in their new protocol while maintaining mail transport via accepted standards. But, of course, Microsoft went for the proprietary approach which means their customers are now unable to use the myriad POP3 products that exist out there without, apparently, sacrificing groupware functionality. There is no technical need for that.
In any case, I know many individuals and a number of companies are using Microsoft Outlook with our service. I don't know if that means they aren't using all the groupware functionality or if it means that Outlook *IS* capable of using its groupware functionality while still getting its email from POP3--something that if I had developed Outlook I would definitely have designed for.
Actually, I kind of have to assume that Outlook can do this. What about companies that use Outlook for scheduling, etc. in their company but don't have a dedicated mail server? Rather their email sits on their ISP? I would have to assume that Outlook works for these companies--and if it does I don't see why your installation couldn't work with a POP3 solution such as ours... (?).
PS--I'm not trying to convince you to use our service. I'm just trying to understand the capabilities and limitations of Outlook since I, for one, don't use it. I happily used Eudora when I was on Windows and now use Evolution under Linux.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
We primarily use Outlook 2000/XP's proprietary RPC interface to talk with Exchange server, because it has much richer funtionality than even IMAP4.
When using proprietary interfaces you are bound to find your options limited when trying to extend or improve them.
I think you'll find similar problems selling your product into Lotus Notes/Domino shops; these also use proprietary client/server protocols to provide a richer "groupware" experience than "standard" protocols to a wide variety of clients.
Between Exchange and Notes, I'd guess you're missing 90+% of the corporate messaging seats out there (at least in the U.S.)
I'm sure there are plenty of companies that are locked into proprietary solutions. There's nothing we can do about that. Luckily, there are many individuals and quite a few smaller companies that do use open standards so we are not without customers and those individuals and companies that use products that use open standards tend to have many more options for any given solution, be it ours or any of the other many solutions. More options usually means better quality, or at least the ability to find that one of the options is a quality product. That possibility is severely limited with proprietary protocols.
So if you're stuck with proprietary protocols my heart goes out to you.:)
The only solution I see for a "one size fits all" filter is to filter at the SMTP level as mail comes into an organization
That's what we're working on now. Right now our solution is POP3 based and operates on our server. We want to be able to offer it to companies and ISPs to run on their own servers and do it at the SMTP level. We'll just have to see how that goes.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
But I'm becoming more and more convinced that the problem was with the parser of that particular implementation, not the Bayesian approach in general.
Without knowing more I'd tend to agree. I didn't get a 70% effectiveness even during training. I was at 90% the first month and 99%+ ever since. So I'd agree it probably was something non-Bayesian that was the limiting factor in what you've tried.
I haven't found a Bayesian product that even comes withing ten miles of meeting those criteria; in fact, only the only product that comes close is the one we bought. Do youy know of any Bayesian product for Exchange Server? Software that operates at the SMTP or POP3 level won't cut it, because of the variety of devices we deal with.
Well, you asked so I'll do a shameless plug. Click on the link in my sig. Granted, you probably want something that runs on YOUR server, but it seems our offering meets every other requirement you have and we're working on a version that can be used on client servers instead of ours. Not sure why you don't want to operate at the POP3 level. We have customers using Macs, Windows, Linux, and Palm pilots using our service with no problems.
Anyway, nothing is perfect but if I'm going to bet on a filtering technique it'd be Bayesian. It's certainly light-years ahead of the alternatives.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
I would have to argue that your list of most INNOCENT words contains many of the same words as other people. All a spammer needs to do is find the intersection of the lists of innocent words from a cross-section of people.
I would disagree. Some people use email primarily for business--and every business and vocabulary is somewhat different. Others primarily for social or family matters--and everyone has different family or social problems, and knows people with different names.
But you are forgetting something very important: The spammer doesn't only have to get these innocent words in there (assuming he can know them), he has to get his *content* in there. And his content is almost always going to contain words that are definitely spammy for me. If he gets two or three innocent words but also includes 10 words that are considered "spammy" by my particular corpus, his message isn't going to make it through.
And that's really the key. It's not that they can't guess a few common innocent words, it's that they still need to convey their message--and it's awfully hard to do that without using spammy words.
These have proven effective against the naive Bayesian algorithm in POPfile, otherwise why would he mention them?
Did he say they have proven effective, or did he say they are designed (but perhaps fail) to defeat statistical filters? I ask because the effectiveness of my Bayesian filter just keeps going up. I'm up at 99.8% the first 4 days of this month compared to 99.6% for July.
Of course, you have to have a smart Bayesian filter. That means it has to look for more characteristics of spam and treat them as tokens. I.e., don't just do statistical analysis on words. The fact that a message is encoded in Base64 is a pretty good indication of spam, so I consider that a token itself. The fact that a message has 5 spaces in the subject is a pretty good indication of spam, so I also consider that a token. The fact that more than 50% of a message content consists of IMG tags is a pretty good indication of spam, so I consider that a token. The fact that more than, say, 20% of the content of a message is HTML comments is a good indication of spam, so I consider that a token.
So it turns out the spammers trying to get through my Bayesian filter don't just have to avoid using spammy words, they have to avoid most of the tricks they use as spammers. In fact, most of the tricks they use to get past filters are quite easily detected and themselves become good spam indicators.
I'm not saying that spammers won't try to get past statistical filters. Perhaps they can get through some very basic ones. But when you start creating tokens based on ASPECTS of the message rather than just the words of the spam itself it becomes even harder to make it through.
Anymore I sometimes like to look at the spam that my Bayesian filter has caught and try to figure out how in the world it realized it was spam. It's amazing how many times a message that looks innocent but IS spam is correctly caught by Bayesian. Gotta love it.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
2) The messages I've seen use collections random words I believe are very likely to be scored as "innocent". Certainly spammers can set up their own bayesian filters for a bunch of different mailboxes, find the intersection of strings deemed most innocent, and use those as a base for adding random white-on-white text that makes spam look "innocent" to a statistical filter.
Again, I think this is based on a misunderstanding of how Bayesian works.
Yes, spammers can set up their own Bayesian filters and find what words are most spammy. They should definitely try to *avoid* those words. But that is generally not enough. You need to use words that are downright *innocent*. And that's the trick. You might be able to come up with a pretty good database of spammy words just by monitoring spam, but the only way you are going to get my INNOCENT words is if you are somehow able to monitor my mail. If you don't use my innocent words it is going to be difficult to get past my Bayesian filter.
3) Many spam filters do not parse HTML completely or correctly
Hmm, well I won't argue that point. But parsing HTML is not difficult at all so I personally think a user should immediately reject a spam filter that can't handle such a simple function.
nor do they perform OCR on images that contain text.
But they really don't have to. Very few real legitimate emails are going to have images to start with and they aren't going to have text encoded in those images. Basically, the fact that you have embedded or external IMG tags is in itself a good indication of spam--especially if that's pretty much the entire content of the message and is from someone that the Bayesian filter doesn't recognize. Not too many people (other than your common contacts which Bayesian will recognize anyway) are going to be sending you emails full of IMG's.
Of course, this requires that your Bayesian spam filter be able to parse HTML. But, again, I would reject any spam filter that is incapable of such a simple and important function.
That should change in the futute, but what about white-on-white text, or almost white-on-white text that contains the aforementioned innocuous random words?
Again, it's not enough that they be innocuous. They must be downright INNOCENT for the user in question. We're not talking words like "financial" or "the" or "parents." We're talking about words like "David" for someone who talks with or about David. We're talking about "clutches" for someone that is a mechanic, etc.
Do you know where I can get a somewhat complete list of words in the English language? I'd like to send myself an email that contains, say, the 5000 most common words in the English language and see what kind of Bayesian score it gets.
Spammers will evolve, specifically finding ways to defeat Bayseain filters as they become more widespread.
I agree they will try, but I disagree that they will necessarily succeed. It has been a cat and mouse game in the past but when you sit down and really analyze how Bayesian reacts to different messages you will see that, in the long run, the only way spammers will be able to get messages past Bayesian filters is to make their emails look very much like the GOOD email that each user receives. And they have no way of knowing what each users' typical email looks like. My email looks very different from that of a government worker, a mechanic, or that of a porn webmaster.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
Again, not quite. Misspelling words or placing characters and spaces in words (V*I*A*G*R*A) are intended to get around simple filters that, for example, scan the message for the word "VIAGRA". Obviously, those simple filters will fail if the word appears as V*I*A*G*R*A or any other limitless number of permutations of how you can mangle the word.
These approaches do little to get around Bayesian, however. Eventually, the letter "V" alone (i.e. not part of a word) will become a good indicator of spam. Not to mention that the rest of the message is generally written normally and uses words that will be noticed by the Bayesian filter.
So do messages that are mainly links to images on web sites.
This is simply an effort to avoid using any words or terms that any filter, Bayesian or traditional, can act upon. But Bayesian can actually act upon them whereas a traditional filter cannot. For example, in my Bayesian filter I analyze how much of the content of the message is consumed by IMG tags. If it goes beyond a certain threshold then that fact is used as if it were a "word" for the Bayesian filter to score. So all the suddent the fact that the majority of the message content consists of IMG tags becomes a damning indicator of spam.
I'm not saying spammers aren't making an effort to get past filters. Of course they are. They mangle words, they use Base64 and quoted-printable encoding. They use embedded and external images. They do all sorts of things. But the fact remains that all of these approaches are only somewhat useful with traditional filters. None of these approaches significantly help them get past a half-decent Bayesian filter, hence my statement that I have seen any spam that makes a real effort to get past Bayesian filters. None of the approaches used by spammers to-date has any use in getting past Bayesian filters, although they may have varying levels of effectiveness in confusing non-statistical filters.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
I see this all the time. Random strings, random dictionary words, random HTML comments. definitely designed to throw off statistical filters.
Bzz! Wrong answer.
What you are seeing is the same countermeasures they've implemented for some time attempting to defeat the old anti-spam approaches that either compared a given message to a known spam or in some way tried to do some kind of structural analysis on the sentences of the message.
That random garbage you see in the subjects or in the content itself is enough that "This message != Known spam message" so those simplistic checks won't flag it as spam.
Random strings, random dictionary words, and random HTML comments are all tactics that spammers use to try to get passed spam filters. But none of those approaches will help them get past statistical filters.
Random, non-word strings will not effect the score since (using Paul Graham's approach) will be assigned a score of 0.40 each. Since statistical approaches only use the "most important" (either the most innocent or most spammy) words it is virtually impossible that a word assigned a value of 0.40 would even be considered in its Bayesian spam score.
Random dictionary words are much like random strings. It is very unlikely that the random words the spammer chooses to include will happen to be the words that are significantly "innocent" for you. The spammer would need to include random words that are significantly innocent, and that's not going to be words such as "house" or "financial." It's going to be words like "Gregory" if you have a friend named Gregory, microcontroller if you happen to deal a lot with microcontrollers, etc. And even if they happen to get one innocent word in that's not going to be enough if they have 10 or 15 significantly spammy words in the mix, too. Point is, it's virtually impossible for a spammer to get a message past Bayesian filters by using random dictionary words.
HTML comments are just a joke as is encoding spam with Base64 or quoted-printable encoding. Virtually any modern filter, Bayesian or not, can and will completely decode the given message and completely throw out the HTML comments. In fact, my particular Bayesian filter will look at how many HTML comments there are compared to the size of the message itself. Excessive use of HTML comments itself becomes a very significant indicator that a message is spam.
In any case, the point being that none of the approaches you mentioned above are useful at getting around Bayesian filters. Those tactics are being used to get around more primitive filters, not statistical ones. And if the methods you listed are in fact the spammers response to Bayesian filters then we can all relax because the spammers don't understand how Bayesian filtering work and we have won the battle against spam since their statistical countermeasures are ineffective.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
1) It takes a lot of processing power, which is mostly just going to waste on the client side. Performing Bayesian filtering for hundreds of people would require some pretty crazy hardware, I think.
I don't think that's the case. I'll let you know as more people start using the spam-filtering service I've implemented. But so far we've seen no change in CPU usage even though we're doing Bayesian filtering for more and more users every day.
Of course, you have to have a good implementation. My first Bayesian filter was very CPU intesive. But when I improved the efficieny of the implementation it doesn't even register on CPU usage--and, as it turns out, it takes more CPU time to run the keyword filters than the Bayesian filter.
2) Having an individual Bayesian 'profile' on your computer is great, and you can filter things based on what you consider spam.
Why can't you have a Bayesian profile on the server? That's where it belongs. Just because it's on the server doesn't mean it can't be personalized. In my system the profile and Bayesain corpus is all on the server, but it's managed on a user-by-user basis.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 1
Any filter that ignores HTML is useless because many types of HTML are excellent indicators of spam. In fact, the fact that the entire message is HTML is good evidence that it is spam--and a decent Bayesian filter will know that.
I'm not saying that spammers don't adjust their email tactics to avoid filters, but I haven't seen any spam that has made any effort to avoid a *Bayesian* filter.
Re:What's the power curve on that?
on
Replacing SMTP?
·
· Score: 1
Even if you have the (extremely impressive) power curves of Paul Graham's Plan for Spam -- and that was on a very well-trained Bayesian filter written by a coding genious -- it is Not Good Enough when missing a legit email could get you sued for millions.
No filter is perfect, not even humans. For any amount of spam in excess of around 100 spams per day I suspect it is entirely possible--if not probable--that a human going through that much spam is going to delete more legitimate email than Bayesian filters.
You cannot ignore that humans have false positives, too. But unlike humans you can adjust Bayesian to be less aggressive by setting a higher threshold for spam.
Re:Check out Internet Mail 2000
on
Replacing SMTP?
·
· Score: 2, Interesting
Part of the subscription process is that they whitelist the mailing list so it doesn't pay.
Ok, so that requires additional steps. Before the user signs up the user must be made aware of the address from which emails will be sent so that it can be whitelisted BEFORE the verification email is sent. A new business plan for spammers wold be to cruise or spider the net and gather the email addresses of common mailing lists and use that as the "From" when sending spam to increase the probability of using a whitelisted, toll-free address.
If you're talking about whitelisting an email address AND an email server that's fine for tech people but would probably a bit complicated for normal users... and for lazy technies.
Re:Check out Internet Mail 2000
on
Replacing SMTP?
·
· Score: 1
As long as people keep buying from SPAM it will not stop. Beleive it or not some one out there is buying those pen1s enlargements.
I agree. There are stupid people out there, and us smart people can't change that. But if Bayesian was universally implemented, especially where stupid people congregate (Hotmail, Yahoo, etc.) then even the stupid people would see the spam less often which would cause spamming to be less attractive.
Even if no one out there buys anything you will still have the idiots who will buy into these lists.
Only if they know about them. And if Bayesian were universally implemented then fewer stupid people would even read about the availability of the lists so fewer would buy them.
Those that do buy them would generate email that would still be caught by the Bayesian filter. If all we have spam-wise is stupid people getting taken advantage of by buying spam lists we'll be order of magnitudes better than we are today. Unfortunately, people ARE making money today with spam and that's why there's so much of it. If we can turn $100 of spam profit into $1 of spam profit then I think we'll see the vast majority of spam disappear; if a spamhause making $40k per month today can only make $400/month they'll look for another line of work.
I still do not understand why people beleive that they can outsmart everyone. As fast as you add filters some one will pass it throught those same filters and see what gets through.
That's been true in the past. And there might be a few tricks left for the spammers to try. But Bayesian is different than previous filters in that it learns about YOUR email and spam. It's not just looking for keywords or adding up some "spam score" that no-one really knows what it means. It's looking at your past email and past spam and making a statistical judgement as to whether this new message is spam.
The only way for spammers to get around Bayesian is for them to make their spam look exactly like YOUR good email. That's almost impossible, but even if they managed to make their spam look like your good email doesn't mean it's going to look like my good email and certainly isn't going to look like the good email of millions of other users.
The only way a spammer can really get around Bayesian is to have access to your corpus and use a bunch of words that your corpus indicates are "innocent" for you. Spammers don't have access to your corpus (or shouldn't) so it's virtually impossible to get around it.
And, no, contrary to what some people believe you CANNOT get around Bayesian by just inserting some random, non-related paragraph(s) into the message. Unless that random paragraph contains quite a few of my VERY innocent words (i.e. more innocent than the spammy words are spammy) then that paragraph just makes the spam a bit bigger--it doesn't have any effect whatsoever in the probability that it'll get through a Bayesian filter.
We need to be able to identify the sending server, no an IP is NOT an ID. It needs to be part of a TLD, and maybe the registrar need to be held accountable for the content of a registration.
I'd rather keep control on the side of the user and receiver rather than some registrar that will basically have to decide if I'm "authorized" or "trusted" to send email. I think Bayesian is a good approach to the current problem since it doesn't require any radical protocol changes and can be implemented today, whenever the receiver wants to. If we're talking protocol shift, PGP signing should be sufficient--but nothing that requires centrally authorized certificates or anything like that. The last thing we want to do is give control of email to central authorities to get rid of spam.
Re:Check out Internet Mail 2000
on
Replacing SMTP?
·
· Score: 2, Interesting
Ok, let me try to explain again.
I have a technical website where users can subscribe to a nightly mailing list that sends them a single email containing all the messages posted to the forum in the last 24 hours. The users subscribe by signing-up with their email address. A single email is then sent to that user who is then asked to click a link to confirm they want to receive the nightly mailing list.
Now, I've heard people propose that there should be a system whereby an "unknown" email is charged 10 cents (or whatever) unless the receiver subsequently tells the system "Yeah, I wanted that" at which point the 10 cents is effectively refunded and, presumably, all future emails from that source have the charge waived.
The problem is if someone starts signing up random email addresses on my mailing list. Each time the system sends out the single confirmation email I will be dinged 10 cents with the expectation that everyone will "refund" that back to me since they asked for it. But what if someone with a grudge and a lot of extra time goes to my site and starts signing up lots of people--people that have never heard of my site. The "confirmation email" is precisely to protect users from getting on my mailing list without asking for it, but I'm not at risk of having to pay to have that confirmation email delivered.
If such a system were imposed then how would a mailing list be able to send out confirmation emails without the risk of someone maliciously signing up random users just so that I get hit with a bunch of email charges?
Re:Check out Internet Mail 2000
on
Replacing SMTP?
·
· Score: 4, Insightful
Most do a very good job, but the problem is they don't work perfectly. For those of us who use email for work, *one* missed email can cause a lot of trouble and, occasionally, risk of job loss.
I don't risk job loss (since I'm self-employed), but I do risk missed contracts. I use Bayesian. I've had an occasional false positive, mostly during the first couple months when I was building my corpus.
BUT: I'm currently receiving about 140 spams per day. Do you really think I'm going to do any better than Bayesian regarding false positives when I'm mass-deleting 140 messages? I think not. I'm almost positive I'm going to incorrectly delete more good messages than Bayesian's false positive rate when I'm dealing with such a huge number of emails manually.
Plus if your Bayesian system is half-decent you should be able to adjust its sensitivity. On mine 0-49% is almost always good email and 50%-99% is almost always spam. When I look for false positives I look for anything unusually low, such as 65% or so. If you want, just adjust your threshold to 65%. I've never had a valid email with a Bayesian score of, say, 90%.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 2, Interesting
Agreed, it'd be great if you could filter spam without seeing it. But how in the world do you propose to do that? To decide if a message is spam or not either you or your machine has to look at that message and make a decision.
While it'd be great to not have to accept the entire message to determine if it is spam and I'd be the first one to jump on board if there's some way to do it, I just don't see it as being possible. You can't base a filtering decision when you don't have the message to analyze.
That said, Bayesian should be done on the server before the real client downloads it. Sure, it still gets to the server but at least the client doesn't have to waste further time and bandwidth downloading it. Client-side Bayesian is better than nothing, but I would personally never use it. You still have to download hundreds of spam per day. I'd rather the server do that for me and only give me the good stuff.
Re:not the answer - you got that right!
on
Replacing SMTP?
·
· Score: 4, Insightful
Also, to those people saying Bayesian filtering is so great, this doesn't solve my problems. To filter a message on content means I have to accept the damned thing first, and I don't know about anyone else but my inbound traffic costs me money.
Sure, but for most of us the *time* involved in dealing with spam is a greater cost than the bandwidth involved in receiving it. Bayesian does a great job at solving the "waste of time" problem. And, as I said, if everyone used it I believe spam would disappear quite quickly because the response rate would fall too low for even spammers to have an interest.
Blacklisting servers and not accepting connections from them (and accepting the collateral damage) is the only practical option I have.
In the case of a few a spamhauses, sure. But as an effective spam-fighting measure that's a useless approach. You (or someone) has to keep up to date with the latest servers to blacklist (and then whitelist them when they become clean), or you have to deal with an annoying level of false positives that you don't even see. Sure, you can say that that's the price of users dealing with an ISP that is spam-tolerant. But some of us want to do business with those users even if they chose their ISP poorly--or if they don't have any local choice of ISP.
Re:Check out Internet Mail 2000
on
DNSSEC: Good Enough?
·
· Score: 5, Insightful
Maybe ISP's should charge users for each outbound SMTP connection they make? I'd happily pay 10 cents per email I sent if it would reduce the amount of SPAM I received. It would only cost me a couple of bucks a month too at the rate that I send email...
I wish people would stop inviting rate increases or new charges as an answer to spam. It's not the answer. It might be inexpensive for you, but many of us DO send a lot of email and it'd get expensive really quick. You'd get rid of a lot of good and valid email communication along with the spam.
I'm even opposed to the "pay a dime, but I'll give it back if I wanted to hear from you" approach. Those of us running a mailing list would run the risk of having some idiot sign-up a bunch of accounts only to have that person say "No, I didn't want that" and collect the money.
I believe we need a trusted protocol. This might be as simple as having all emails PGP signed and everything else being sent to the bit-bucket (if you want to be aggressive) or only passed through to the user if the unsigned message had an extremely low spam score.
But if everyone were to use Bayesian I swear we wouldn't even have to propose a new protocol, talk about new legislation, etc.
Personally I think it would be wonderful if technology alone could create the silver bullet and kill this annoying problem dead. But sadly as quickly as filters evolve, spammers are constantly looking for ways around them... This is one of the reasons why we need some decent laws on the books so we can either force spammers to cease or prosecute the bastards.
Spam filtering has always been a catch-up game in the past. However, with Bayesian filtering it seems that anti-spammers have deployed a solution proactively rather than reacting to the spammers. And, as of yet, I have yet to see any spam that has implemented any kind of countermeasures to get around Bayesian, and I'm skeptical they will be able to get around it. The few spams that get through to me get through because they happened to to use words very similar to my real email or because it's in a foreign language. No spams have gotten through because the spammer made an effort to get around Bayesian filtering.
Nothing is 100% successful at blocking spam, and I think if 100% is the definition of a "silver bullet" we'll NEVER find it--neither with technology or through legislation. But with current Bayesian filtering catching upwards of 99.5% of spam, that's close enough to a silver bullet for me.
I would personally approve of legislation that makes it clear that theft of services, including the unacceptable use of email services, is actionable. But I don't think legislation that specifically targets spam is going to be useful or enforced, and will probably raise more questions than it answers.
It is not an abuse of the court system to take legal action against someone who is breaking the law. The fact that these kids may be at college doesn't excuse being criminals.
While I agree that these people are breaking the law, I think the RIAA is potentially entering dangerous territory. When they were going after P2P companies people thought it was just annoying and would migrate to a new P2P when one went down. That was a hassle for users but not a direct threat, and it didn't score the RIAA any brownie points with the consumer.
Now, they're going after end-users. While these are arguably the people they *should* go after since they are the ones engaging in the copyright violation, that means the RIAA is going after individuals. Most are probably not rich and, especially students, may be downright poor. Multi-billion-dollar corporations dragging a teenager or college student into court and draining them of their (meager) life savings and/or causing them to declare bankruptcy is NOT going to win the RIAA any sympathy. Even non-geeks know that the record companies overcharge and that CDs are a rip off. Even non-geeks engage in P2P sharing. Seeing the RIAA crush a few file traders that do nothing more than what millions of other Americans could be a PR nightmare for the RIAA. Rather than scaring consumers into buying their product it may very well piss them off and lose them even more sales. Especially with the new public interest in P2P which hides your IP address they risk pissing their consumers off and forcing them to a system that they can't target anyway.
The fact is, most of RIAA's bread and butter comes from sales to teenagers. The RIAA creates a band-of-the-day and cashes in. Most teenagers don't have unlimited money supplies and when you price your CDs at $20 you're pricing yourself out of the market.
File sharing is inevitable, especially with the prices the RIAA is charging. You can either accept it and do your best to make some money anyway, or you can try to fight it and piss of your consumers leading to fewer sales--and file sharing will still happen, now with no way to determine the source.
So it would seem the RIAA can't win. They can't close down the P2P networks and I suspect going after the file traders themselves is going to cause them more harm than good. Why? Because the RIAA is obsolete. Plain and simple. That's why they can't seem to win. Their product is obsolete and these are definitely the last flailing movements of an industry fighting for (and losing) its life.
Hmmm... Well I've downloaded the 3 main ISOs and am downloading the SRPM CDs now. I'm going to do a test install on a disposable computer (or at least a disposable hard drive) before committing.
The problem is that I'm currently on RedHat 7.3 and at this point it seems that quite a bit of stuff doesn't easily compile without installing a gazillion patches and updates. But I'll try before I make the move to version 9.
I haven't seen the new look and feel of KDE, but I would assume that's configurable, isn't it? If I want to go back to the way it was in 7.3 I would assume there's some way to configure it to do so?
FWIW, I've noticed no compatibility issues under Win4Lin. I think they mention there is some graphical issues that is only an issue for those playing games, and USB support is limited to those USB devices that Linux supports. Other than that, it all seems to work. VB, VC++, Word, Excel, Powerpoint, Quicken, QuickBooks, Paint Shop Pro, Goldwave, GIF Construction Set, Internet Explorer, Windows Media Player version 9, Adobe. In fact, I haven't found an app that doesn't work under Win4Lin.
I was running XP "out of the box" on an HP ze1230 notebook. Nothing funky installed, just whatever came on the notebook plus the apps I installed.
As far as I can tell, it is because Win4Lin takes advantage of the native Linux file system. It's not just emulating Windows, it's actually taking advantage of those parts of Linux that are faster than Windows, such as the file system. I didn't write Win4Lin, though, so I can't give you a laundry list of explanations. But Microsoft "code bloat" also comes to mind.
Anyway, dear Anonymous Coward, refrain from calling "bullshit" on that which you obviously have no clue. I am reporting it as it is. I even went so far as to take benchmarks because I couldn't believe it myself. Whether or not you, with your vast technical knowledge, thinks it makes sense or not doesn't matter. When you call "bullshit" on something you are completely uninformed about you just look silly.
Hmmm. I was a Linux fan but a Windows user until XP. Each computer I got came with Windows pre-installed. I eventually converted my desktop station to be a Linux server, using Samba to serve up files and printer to my Windows laptops which I was far more hesitant to mess around with.
When I got a new laptop last August it came pre-installed with XP. Despite everyone's complaints about Win98, I had had good luck with it on my previous 550MHz laptop. Anyway, when I upgraded to a 1.6GHz Athlon and found that VB, Word, and QuickBooks all ran SLOWER than they had run on my 550MHz laptop I decided it was time to make the dive. Not to mention my new XP machine was crashing quite a bit and the WinModem wasn't working even after a few driver upgrade attempts, alternately from HP and from Microsoft itself.
I bought a new laptop HD rather than risk the current XP installation. I installed RedHat 7.3 (because it was the same version as on my desktop server and on my dedicated hosting server). It worked great! Network card detected, USB mouse and keyboard detected. A few tweaks and my WinModem--which HADN'T been working under XP--even worked under Linux. I then went out and spent $80 on Win4Lin so I could still use Windows when absolutely necessary (I still do some VB/VC++ development occasionally). As it turns out, Word, VB, VC++, QuickBooks, Adobe *ALL* run faster under Win4Lin under RedHat 7.3 than they did on the exact same machine running XP. I couldn't believe it.
So... I switched to Linux for stability and security. And as it turns out my Windows applications actually run faster than they did with XP. I ain't looking back and I won't be running a Microsoft OS ever again.
That said, I can't say Linux is perfect. Kate seems to crash when I click the "Open" button so I have to have the "file dialog" window open and open files that way. Kopete (ICQ/MSN/Yahoo/etc. client) works fine but usually crashes when I shut it down, and doesn't support file transfers. So life is not perfect yet--but at least when these programs crash they don't take the whole OS down with it.
Anyway, I'm going to upgrade to RedHat9 so hopefully some of these issues will be handled. Even if they aren't I'll take the Linux problem to the Windows problems any day of the week.
Well, you'll probably only spend a few minutes starting the downloads and a few more minutes burning the CDs.
Looking at it that way, yes, but I wanted to install RedHat9 yesterday morning. I just finished downloading it an hour ago. While I didn't spend 36 hours babysitting the download, I would have really liked to have installed it yesterday morning and would've paid $50 to have been able to do it at that time rather than tonight.
Yeah, Mexico is crazy in a lot of ways, but it's probably better than Ecuador....
Who knows. I've only visited Ecuador. If I remember correctly they dollarized their economy in the last few years which would make it harder for the government there to muck with things. Mexico is pretty screwed up, though. That it does as well as it does is downright incredible. If they had a government that was half as corrupt I swear they could be a real powerhouse.
Slashdot Mirror
Ok, but you'll have to agree that that choice--which was made for certain reasons--limits your options in other aspects; in this case an effective anti-spam solution.
POP3 and IMAP4 really make no provisions for anything other than simple mail message passing.
And that's all they need to do.
When the standards aren't good enough for your needs, you're forced to use something else until the standards catch up.
I would disagree that POP3 or IMAP4 have to "catch up" with any of the proprietary stuff that locks you out of IMAP4 or POP3 solutions. The problem is that Microsoft (and perhaps Lotus, I don't know) decided to implement a new proprietary protocol that doesn't just handle groupware functions (such as, as you say, custom form apps, scheduling, etc.) but also dictates how to handle email--something that was already handled by a standard, well-implemented protocol such as POP3. That makes no sense except from a monopolistic, embrace-and-extend strategy whereby you try to lock people into your own protocol rather than use well-adopted protocols such as POP3. Microsoft did NOT have to roll mail transport into their proprietary protocol. That was well handled under POP3. They could have easily implemented all their groupware features in their new protocol while maintaining mail transport via accepted standards. But, of course, Microsoft went for the proprietary approach which means their customers are now unable to use the myriad POP3 products that exist out there without, apparently, sacrificing groupware functionality. There is no technical need for that.
In any case, I know many individuals and a number of companies are using Microsoft Outlook with our service. I don't know if that means they aren't using all the groupware functionality or if it means that Outlook *IS* capable of using its groupware functionality while still getting its email from POP3--something that if I had developed Outlook I would definitely have designed for.
Actually, I kind of have to assume that Outlook can do this. What about companies that use Outlook for scheduling, etc. in their company but don't have a dedicated mail server? Rather their email sits on their ISP? I would have to assume that Outlook works for these companies--and if it does I don't see why your installation couldn't work with a POP3 solution such as ours... (?).
PS--I'm not trying to convince you to use our service. I'm just trying to understand the capabilities and limitations of Outlook since I, for one, don't use it. I happily used Eudora when I was on Windows and now use Evolution under Linux.
When using proprietary interfaces you are bound to find your options limited when trying to extend or improve them.
I think you'll find similar problems selling your product into Lotus Notes/Domino shops; these also use proprietary client/server protocols to provide a richer "groupware" experience than "standard" protocols to a wide variety of clients. Between Exchange and Notes, I'd guess you're missing 90+% of the corporate messaging seats out there (at least in the U.S.)
I'm sure there are plenty of companies that are locked into proprietary solutions. There's nothing we can do about that. Luckily, there are many individuals and quite a few smaller companies that do use open standards so we are not without customers and those individuals and companies that use products that use open standards tend to have many more options for any given solution, be it ours or any of the other many solutions. More options usually means better quality, or at least the ability to find that one of the options is a quality product. That possibility is severely limited with proprietary protocols.
So if you're stuck with proprietary protocols my heart goes out to you. :)
The only solution I see for a "one size fits all" filter is to filter at the SMTP level as mail comes into an organization
That's what we're working on now. Right now our solution is POP3 based and operates on our server. We want to be able to offer it to companies and ISPs to run on their own servers and do it at the SMTP level. We'll just have to see how that goes.
Without knowing more I'd tend to agree. I didn't get a 70% effectiveness even during training. I was at 90% the first month and 99%+ ever since. So I'd agree it probably was something non-Bayesian that was the limiting factor in what you've tried.
I haven't found a Bayesian product that even comes withing ten miles of meeting those criteria; in fact, only the only product that comes close is the one we bought. Do youy know of any Bayesian product for Exchange Server? Software that operates at the SMTP or POP3 level won't cut it, because of the variety of devices we deal with.
Well, you asked so I'll do a shameless plug. Click on the link in my sig. Granted, you probably want something that runs on YOUR server, but it seems our offering meets every other requirement you have and we're working on a version that can be used on client servers instead of ours. Not sure why you don't want to operate at the POP3 level. We have customers using Macs, Windows, Linux, and Palm pilots using our service with no problems.
Anyway, nothing is perfect but if I'm going to bet on a filtering technique it'd be Bayesian. It's certainly light-years ahead of the alternatives.
I would disagree. Some people use email primarily for business--and every business and vocabulary is somewhat different. Others primarily for social or family matters--and everyone has different family or social problems, and knows people with different names.
But you are forgetting something very important: The spammer doesn't only have to get these innocent words in there (assuming he can know them), he has to get his *content* in there. And his content is almost always going to contain words that are definitely spammy for me. If he gets two or three innocent words but also includes 10 words that are considered "spammy" by my particular corpus, his message isn't going to make it through.
And that's really the key. It's not that they can't guess a few common innocent words, it's that they still need to convey their message--and it's awfully hard to do that without using spammy words.
These have proven effective against the naive Bayesian algorithm in POPfile, otherwise why would he mention them?
Did he say they have proven effective, or did he say they are designed (but perhaps fail) to defeat statistical filters? I ask because the effectiveness of my Bayesian filter just keeps going up. I'm up at 99.8% the first 4 days of this month compared to 99.6% for July.
Of course, you have to have a smart Bayesian filter. That means it has to look for more characteristics of spam and treat them as tokens. I.e., don't just do statistical analysis on words. The fact that a message is encoded in Base64 is a pretty good indication of spam, so I consider that a token itself. The fact that a message has 5 spaces in the subject is a pretty good indication of spam, so I also consider that a token. The fact that more than 50% of a message content consists of IMG tags is a pretty good indication of spam, so I consider that a token. The fact that more than, say, 20% of the content of a message is HTML comments is a good indication of spam, so I consider that a token.
So it turns out the spammers trying to get through my Bayesian filter don't just have to avoid using spammy words, they have to avoid most of the tricks they use as spammers. In fact, most of the tricks they use to get past filters are quite easily detected and themselves become good spam indicators.
I'm not saying that spammers won't try to get past statistical filters. Perhaps they can get through some very basic ones. But when you start creating tokens based on ASPECTS of the message rather than just the words of the spam itself it becomes even harder to make it through.
Anymore I sometimes like to look at the spam that my Bayesian filter has caught and try to figure out how in the world it realized it was spam. It's amazing how many times a message that looks innocent but IS spam is correctly caught by Bayesian. Gotta love it.
Again, I think this is based on a misunderstanding of how Bayesian works.
Yes, spammers can set up their own Bayesian filters and find what words are most spammy. They should definitely try to *avoid* those words. But that is generally not enough. You need to use words that are downright *innocent*. And that's the trick. You might be able to come up with a pretty good database of spammy words just by monitoring spam, but the only way you are going to get my INNOCENT words is if you are somehow able to monitor my mail. If you don't use my innocent words it is going to be difficult to get past my Bayesian filter.
3) Many spam filters do not parse HTML completely or correctly
Hmm, well I won't argue that point. But parsing HTML is not difficult at all so I personally think a user should immediately reject a spam filter that can't handle such a simple function.
nor do they perform OCR on images that contain text.
But they really don't have to. Very few real legitimate emails are going to have images to start with and they aren't going to have text encoded in those images. Basically, the fact that you have embedded or external IMG tags is in itself a good indication of spam--especially if that's pretty much the entire content of the message and is from someone that the Bayesian filter doesn't recognize. Not too many people (other than your common contacts which Bayesian will recognize anyway) are going to be sending you emails full of IMG's.
Of course, this requires that your Bayesian spam filter be able to parse HTML. But, again, I would reject any spam filter that is incapable of such a simple and important function.
That should change in the futute, but what about white-on-white text, or almost white-on-white text that contains the aforementioned innocuous random words?
Again, it's not enough that they be innocuous. They must be downright INNOCENT for the user in question. We're not talking words like "financial" or "the" or "parents." We're talking about words like "David" for someone who talks with or about David. We're talking about "clutches" for someone that is a mechanic, etc.
Do you know where I can get a somewhat complete list of words in the English language? I'd like to send myself an email that contains, say, the 5000 most common words in the English language and see what kind of Bayesian score it gets.
Spammers will evolve, specifically finding ways to defeat Bayseain filters as they become more widespread.
I agree they will try, but I disagree that they will necessarily succeed. It has been a cat and mouse game in the past but when you sit down and really analyze how Bayesian reacts to different messages you will see that, in the long run, the only way spammers will be able to get messages past Bayesian filters is to make their emails look very much like the GOOD email that each user receives. And they have no way of knowing what each users' typical email looks like. My email looks very different from that of a government worker, a mechanic, or that of a porn webmaster.
These approaches do little to get around Bayesian, however. Eventually, the letter "V" alone (i.e. not part of a word) will become a good indicator of spam. Not to mention that the rest of the message is generally written normally and uses words that will be noticed by the Bayesian filter.
So do messages that are mainly links to images on web sites.
This is simply an effort to avoid using any words or terms that any filter, Bayesian or traditional, can act upon. But Bayesian can actually act upon them whereas a traditional filter cannot. For example, in my Bayesian filter I analyze how much of the content of the message is consumed by IMG tags. If it goes beyond a certain threshold then that fact is used as if it were a "word" for the Bayesian filter to score. So all the suddent the fact that the majority of the message content consists of IMG tags becomes a damning indicator of spam.
I'm not saying spammers aren't making an effort to get past filters. Of course they are. They mangle words, they use Base64 and quoted-printable encoding. They use embedded and external images. They do all sorts of things. But the fact remains that all of these approaches are only somewhat useful with traditional filters. None of these approaches significantly help them get past a half-decent Bayesian filter, hence my statement that I have seen any spam that makes a real effort to get past Bayesian filters. None of the approaches used by spammers to-date has any use in getting past Bayesian filters, although they may have varying levels of effectiveness in confusing non-statistical filters.
Bzz! Wrong answer.
What you are seeing is the same countermeasures they've implemented for some time attempting to defeat the old anti-spam approaches that either compared a given message to a known spam or in some way tried to do some kind of structural analysis on the sentences of the message.
That random garbage you see in the subjects or in the content itself is enough that "This message != Known spam message" so those simplistic checks won't flag it as spam.
Random strings, random dictionary words, and random HTML comments are all tactics that spammers use to try to get passed spam filters. But none of those approaches will help them get past statistical filters.
- Random, non-word strings will not effect the score since (using Paul Graham's approach) will be assigned a score of 0.40 each. Since statistical approaches only use the "most important" (either the most innocent or most spammy) words it is virtually impossible that a word assigned a value of 0.40 would even be considered in its Bayesian spam score.
- Random dictionary words are much like random strings. It is very unlikely that the random words the spammer chooses to include will happen to be the words that are significantly "innocent" for you. The spammer would need to include random words that are significantly innocent, and that's not going to be words such as "house" or "financial." It's going to be words like "Gregory" if you have a friend named Gregory, microcontroller if you happen to deal a lot with microcontrollers, etc. And even if they happen to get one innocent word in that's not going to be enough if they have 10 or 15 significantly spammy words in the mix, too. Point is, it's virtually impossible for a spammer to get a message past Bayesian filters by using random dictionary words.
- HTML comments are just a joke as is encoding spam with Base64 or quoted-printable encoding. Virtually any modern filter, Bayesian or not, can and will completely decode the given message and completely throw out the HTML comments. In fact, my particular Bayesian filter will look at how many HTML comments there are compared to the size of the message itself. Excessive use of HTML comments itself becomes a very significant indicator that a message is spam.
In any case, the point being that none of the approaches you mentioned above are useful at getting around Bayesian filters. Those tactics are being used to get around more primitive filters, not statistical ones. And if the methods you listed are in fact the spammers response to Bayesian filters then we can all relax because the spammers don't understand how Bayesian filtering work and we have won the battle against spam since their statistical countermeasures are ineffective.I don't think that's the case. I'll let you know as more people start using the spam-filtering service I've implemented. But so far we've seen no change in CPU usage even though we're doing Bayesian filtering for more and more users every day.
Of course, you have to have a good implementation. My first Bayesian filter was very CPU intesive. But when I improved the efficieny of the implementation it doesn't even register on CPU usage--and, as it turns out, it takes more CPU time to run the keyword filters than the Bayesian filter.
2) Having an individual Bayesian 'profile' on your computer is great, and you can filter things based on what you consider spam.
Why can't you have a Bayesian profile on the server? That's where it belongs. Just because it's on the server doesn't mean it can't be personalized. In my system the profile and Bayesain corpus is all on the server, but it's managed on a user-by-user basis.
I'm not saying that spammers don't adjust their email tactics to avoid filters, but I haven't seen any spam that has made any effort to avoid a *Bayesian* filter.
No filter is perfect, not even humans. For any amount of spam in excess of around 100 spams per day I suspect it is entirely possible--if not probable--that a human going through that much spam is going to delete more legitimate email than Bayesian filters.
You cannot ignore that humans have false positives, too. But unlike humans you can adjust Bayesian to be less aggressive by setting a higher threshold for spam.
Ok, so that requires additional steps. Before the user signs up the user must be made aware of the address from which emails will be sent so that it can be whitelisted BEFORE the verification email is sent. A new business plan for spammers wold be to cruise or spider the net and gather the email addresses of common mailing lists and use that as the "From" when sending spam to increase the probability of using a whitelisted, toll-free address.
If you're talking about whitelisting an email address AND an email server that's fine for tech people but would probably a bit complicated for normal users... and for lazy technies.
I agree. There are stupid people out there, and us smart people can't change that. But if Bayesian was universally implemented, especially where stupid people congregate (Hotmail, Yahoo, etc.) then even the stupid people would see the spam less often which would cause spamming to be less attractive.
Even if no one out there buys anything you will still have the idiots who will buy into these lists.
Only if they know about them. And if Bayesian were universally implemented then fewer stupid people would even read about the availability of the lists so fewer would buy them.
Those that do buy them would generate email that would still be caught by the Bayesian filter. If all we have spam-wise is stupid people getting taken advantage of by buying spam lists we'll be order of magnitudes better than we are today. Unfortunately, people ARE making money today with spam and that's why there's so much of it. If we can turn $100 of spam profit into $1 of spam profit then I think we'll see the vast majority of spam disappear; if a spamhause making $40k per month today can only make $400/month they'll look for another line of work.
I still do not understand why people beleive that they can outsmart everyone. As fast as you add filters some one will pass it throught those same filters and see what gets through.
That's been true in the past. And there might be a few tricks left for the spammers to try. But Bayesian is different than previous filters in that it learns about YOUR email and spam. It's not just looking for keywords or adding up some "spam score" that no-one really knows what it means. It's looking at your past email and past spam and making a statistical judgement as to whether this new message is spam.
The only way for spammers to get around Bayesian is for them to make their spam look exactly like YOUR good email. That's almost impossible, but even if they managed to make their spam look like your good email doesn't mean it's going to look like my good email and certainly isn't going to look like the good email of millions of other users.
The only way a spammer can really get around Bayesian is to have access to your corpus and use a bunch of words that your corpus indicates are "innocent" for you. Spammers don't have access to your corpus (or shouldn't) so it's virtually impossible to get around it.
And, no, contrary to what some people believe you CANNOT get around Bayesian by just inserting some random, non-related paragraph(s) into the message. Unless that random paragraph contains quite a few of my VERY innocent words (i.e. more innocent than the spammy words are spammy) then that paragraph just makes the spam a bit bigger--it doesn't have any effect whatsoever in the probability that it'll get through a Bayesian filter.
We need to be able to identify the sending server, no an IP is NOT an ID. It needs to be part of a TLD, and maybe the registrar need to be held accountable for the content of a registration.
I'd rather keep control on the side of the user and receiver rather than some registrar that will basically have to decide if I'm "authorized" or "trusted" to send email. I think Bayesian is a good approach to the current problem since it doesn't require any radical protocol changes and can be implemented today, whenever the receiver wants to. If we're talking protocol shift, PGP signing should be sufficient--but nothing that requires centrally authorized certificates or anything like that. The last thing we want to do is give control of email to central authorities to get rid of spam.
I have a technical website where users can subscribe to a nightly mailing list that sends them a single email containing all the messages posted to the forum in the last 24 hours. The users subscribe by signing-up with their email address. A single email is then sent to that user who is then asked to click a link to confirm they want to receive the nightly mailing list.
Now, I've heard people propose that there should be a system whereby an "unknown" email is charged 10 cents (or whatever) unless the receiver subsequently tells the system "Yeah, I wanted that" at which point the 10 cents is effectively refunded and, presumably, all future emails from that source have the charge waived.
The problem is if someone starts signing up random email addresses on my mailing list. Each time the system sends out the single confirmation email I will be dinged 10 cents with the expectation that everyone will "refund" that back to me since they asked for it. But what if someone with a grudge and a lot of extra time goes to my site and starts signing up lots of people--people that have never heard of my site. The "confirmation email" is precisely to protect users from getting on my mailing list without asking for it, but I'm not at risk of having to pay to have that confirmation email delivered.
If such a system were imposed then how would a mailing list be able to send out confirmation emails without the risk of someone maliciously signing up random users just so that I get hit with a bunch of email charges?
I don't risk job loss (since I'm self-employed), but I do risk missed contracts. I use Bayesian. I've had an occasional false positive, mostly during the first couple months when I was building my corpus.
BUT: I'm currently receiving about 140 spams per day. Do you really think I'm going to do any better than Bayesian regarding false positives when I'm mass-deleting 140 messages? I think not. I'm almost positive I'm going to incorrectly delete more good messages than Bayesian's false positive rate when I'm dealing with such a huge number of emails manually.
Plus if your Bayesian system is half-decent you should be able to adjust its sensitivity. On mine 0-49% is almost always good email and 50%-99% is almost always spam. When I look for false positives I look for anything unusually low, such as 65% or so. If you want, just adjust your threshold to 65%. I've never had a valid email with a Bayesian score of, say, 90%.
While it'd be great to not have to accept the entire message to determine if it is spam and I'd be the first one to jump on board if there's some way to do it, I just don't see it as being possible. You can't base a filtering decision when you don't have the message to analyze.
That said, Bayesian should be done on the server before the real client downloads it. Sure, it still gets to the server but at least the client doesn't have to waste further time and bandwidth downloading it. Client-side Bayesian is better than nothing, but I would personally never use it. You still have to download hundreds of spam per day. I'd rather the server do that for me and only give me the good stuff.
Sure, but for most of us the *time* involved in dealing with spam is a greater cost than the bandwidth involved in receiving it. Bayesian does a great job at solving the "waste of time" problem. And, as I said, if everyone used it I believe spam would disappear quite quickly because the response rate would fall too low for even spammers to have an interest.
Blacklisting servers and not accepting connections from them (and accepting the collateral damage) is the only practical option I have.
In the case of a few a spamhauses, sure. But as an effective spam-fighting measure that's a useless approach. You (or someone) has to keep up to date with the latest servers to blacklist (and then whitelist them when they become clean), or you have to deal with an annoying level of false positives that you don't even see. Sure, you can say that that's the price of users dealing with an ISP that is spam-tolerant. But some of us want to do business with those users even if they chose their ISP poorly--or if they don't have any local choice of ISP.
I wish people would stop inviting rate increases or new charges as an answer to spam. It's not the answer. It might be inexpensive for you, but many of us DO send a lot of email and it'd get expensive really quick. You'd get rid of a lot of good and valid email communication along with the spam.
I'm even opposed to the "pay a dime, but I'll give it back if I wanted to hear from you" approach. Those of us running a mailing list would run the risk of having some idiot sign-up a bunch of accounts only to have that person say "No, I didn't want that" and collect the money.
I believe we need a trusted protocol. This might be as simple as having all emails PGP signed and everything else being sent to the bit-bucket (if you want to be aggressive) or only passed through to the user if the unsigned message had an extremely low spam score.
But if everyone were to use Bayesian I swear we wouldn't even have to propose a new protocol, talk about new legislation, etc.
*SIGH*
Spam filtering has always been a catch-up game in the past. However, with Bayesian filtering it seems that anti-spammers have deployed a solution proactively rather than reacting to the spammers. And, as of yet, I have yet to see any spam that has implemented any kind of countermeasures to get around Bayesian, and I'm skeptical they will be able to get around it. The few spams that get through to me get through because they happened to to use words very similar to my real email or because it's in a foreign language. No spams have gotten through because the spammer made an effort to get around Bayesian filtering.
Nothing is 100% successful at blocking spam, and I think if 100% is the definition of a "silver bullet" we'll NEVER find it--neither with technology or through legislation. But with current Bayesian filtering catching upwards of 99.5% of spam, that's close enough to a silver bullet for me.
I would personally approve of legislation that makes it clear that theft of services, including the unacceptable use of email services, is actionable. But I don't think legislation that specifically targets spam is going to be useful or enforced, and will probably raise more questions than it answers.
While I agree that these people are breaking the law, I think the RIAA is potentially entering dangerous territory. When they were going after P2P companies people thought it was just annoying and would migrate to a new P2P when one went down. That was a hassle for users but not a direct threat, and it didn't score the RIAA any brownie points with the consumer.
Now, they're going after end-users. While these are arguably the people they *should* go after since they are the ones engaging in the copyright violation, that means the RIAA is going after individuals. Most are probably not rich and, especially students, may be downright poor. Multi-billion-dollar corporations dragging a teenager or college student into court and draining them of their (meager) life savings and/or causing them to declare bankruptcy is NOT going to win the RIAA any sympathy. Even non-geeks know that the record companies overcharge and that CDs are a rip off. Even non-geeks engage in P2P sharing. Seeing the RIAA crush a few file traders that do nothing more than what millions of other Americans could be a PR nightmare for the RIAA. Rather than scaring consumers into buying their product it may very well piss them off and lose them even more sales. Especially with the new public interest in P2P which hides your IP address they risk pissing their consumers off and forcing them to a system that they can't target anyway.
The fact is, most of RIAA's bread and butter comes from sales to teenagers. The RIAA creates a band-of-the-day and cashes in. Most teenagers don't have unlimited money supplies and when you price your CDs at $20 you're pricing yourself out of the market.
File sharing is inevitable, especially with the prices the RIAA is charging. You can either accept it and do your best to make some money anyway, or you can try to fight it and piss of your consumers leading to fewer sales--and file sharing will still happen, now with no way to determine the source.
So it would seem the RIAA can't win. They can't close down the P2P networks and I suspect going after the file traders themselves is going to cause them more harm than good. Why? Because the RIAA is obsolete. Plain and simple. That's why they can't seem to win. Their product is obsolete and these are definitely the last flailing movements of an industry fighting for (and losing) its life.
The problem is that I'm currently on RedHat 7.3 and at this point it seems that quite a bit of stuff doesn't easily compile without installing a gazillion patches and updates. But I'll try before I make the move to version 9.
I haven't seen the new look and feel of KDE, but I would assume that's configurable, isn't it? If I want to go back to the way it was in 7.3 I would assume there's some way to configure it to do so?
You know it's a troll, but when someone calls bullshit and they're full of it you just feel your mouse auto-clicking on the Reply link.
It all works. Try it before you knock it.
As far as I can tell, it is because Win4Lin takes advantage of the native Linux file system. It's not just emulating Windows, it's actually taking advantage of those parts of Linux that are faster than Windows, such as the file system. I didn't write Win4Lin, though, so I can't give you a laundry list of explanations. But Microsoft "code bloat" also comes to mind.
Anyway, dear Anonymous Coward, refrain from calling "bullshit" on that which you obviously have no clue. I am reporting it as it is. I even went so far as to take benchmarks because I couldn't believe it myself. Whether or not you, with your vast technical knowledge, thinks it makes sense or not doesn't matter. When you call "bullshit" on something you are completely uninformed about you just look silly.
When I got a new laptop last August it came pre-installed with XP. Despite everyone's complaints about Win98, I had had good luck with it on my previous 550MHz laptop. Anyway, when I upgraded to a 1.6GHz Athlon and found that VB, Word, and QuickBooks all ran SLOWER than they had run on my 550MHz laptop I decided it was time to make the dive. Not to mention my new XP machine was crashing quite a bit and the WinModem wasn't working even after a few driver upgrade attempts, alternately from HP and from Microsoft itself.
I bought a new laptop HD rather than risk the current XP installation. I installed RedHat 7.3 (because it was the same version as on my desktop server and on my dedicated hosting server). It worked great! Network card detected, USB mouse and keyboard detected. A few tweaks and my WinModem--which HADN'T been working under XP--even worked under Linux. I then went out and spent $80 on Win4Lin so I could still use Windows when absolutely necessary (I still do some VB/VC++ development occasionally). As it turns out, Word, VB, VC++, QuickBooks, Adobe *ALL* run faster under Win4Lin under RedHat 7.3 than they did on the exact same machine running XP. I couldn't believe it.
So... I switched to Linux for stability and security. And as it turns out my Windows applications actually run faster than they did with XP. I ain't looking back and I won't be running a Microsoft OS ever again.
That said, I can't say Linux is perfect. Kate seems to crash when I click the "Open" button so I have to have the "file dialog" window open and open files that way. Kopete (ICQ/MSN/Yahoo/etc. client) works fine but usually crashes when I shut it down, and doesn't support file transfers. So life is not perfect yet--but at least when these programs crash they don't take the whole OS down with it.
Anyway, I'm going to upgrade to RedHat9 so hopefully some of these issues will be handled. Even if they aren't I'll take the Linux problem to the Windows problems any day of the week.
Looking at it that way, yes, but I wanted to install RedHat9 yesterday morning. I just finished downloading it an hour ago. While I didn't spend 36 hours babysitting the download, I would have really liked to have installed it yesterday morning and would've paid $50 to have been able to do it at that time rather than tonight.
Yeah, Mexico is crazy in a lot of ways, but it's probably better than Ecuador....
Who knows. I've only visited Ecuador. If I remember correctly they dollarized their economy in the last few years which would make it harder for the government there to muck with things. Mexico is pretty screwed up, though. That it does as well as it does is downright incredible. If they had a government that was half as corrupt I swear they could be a real powerhouse.