Look, if I say "Microsoft is giving away free copies of Windows XP! Just download it off Kazaa.", you would certainly be legally responsible if you believed me.
Agreed.
Now imagine another situation where you download some source code off the net where there is a big comment/* THIS IS RIPPED FROM UNIXWARE */. You don't read the comment, just compile it and stick into production. Are you responsible then?
First, I doubt there is such a comment in the code in question. That being the case, unless I have both Linux code *AND* the SCO original code, how am I going to be able to compare the code to see if it was copied? And if I see similar code, how do I know which was copied from which?
In any case, as an END USER I would say, regardless, NO, I'm not responsible. I've recompiled the kernel, sure. But I really haven't looked at a single line of code in the kernel. I wouldn't know if such a comment existed and I don't think I'm legally required to do a code review of hundreds of thousands of lines of code which are well accepted to be free to the public.
The point is that there's a huge gray area here (depending who, where, what, how much, how long, etc), that some judge is going to have to sort out. So it's far too premature to give end users an automatic free pass.
Sure we have to wait for the ruling to know what the judge would say, but common sense and (I believe) legal theories would suggest that unless the end user had a reason to believe there was copyright violations in Linux and the user reasonably believed that Linux was free (which is not the case with Windows XP) that the buck stops with the person/company that stole the code and made it public. If it exists it should be removed from Linux, but holding end users responsible for this is absurd and I think this will ultimately be how the judge rules.
not only did you get your Honda, you also got the plans for it and you have the ability to produce them yourself and make a profit from delivering them. In that case, I think Ford would be justified in sending you a letter.
Yeah, if I took those plans and went out and made a profit selling it. I think 99.9% of Linux users haven't done that. Maybe RedHat et al could be hit for something since they took the plans, built it, and made a profit distributing it. But that's not what we're talking about here.
he'd do anything and everything to get the resources and land South Korea has. It would, without a doubt, start World War III- that country is so armed to the teeth, and its people so completely, totally brainwashed
WWIII? Yeah right. For a "world war" to transpire you have to have multiple countries fighting for two or more positions. If North Korea invades South Korea you'd have "world war" in the sense that the entire world would join in collectively turning North Korea into a multinational parking lot for air forces of the world.
No-one would be helping the North Koreans so the risk of a "world war" is slight. Well, the French might defend North Korea--not that it really matters.
However, what if no big company is involved? The law will want to make someone responsible... In that case, SCO could well get licence fees from Linux End Users.
Right, but why not the (supposed) idiot programmer who stole code from SCO and stuck it in Linux? If it happened, THAT'S where the law was broken and where justice should be done. If that idiot goes bankrupt, sorry, SCO is out of luck. But to hold Linux End Users financially responsible through license fees for someone elses copyright violation just because the responsible party doesn't have deep enough pockets to make SCO happy is bogus.
Let's say you where a coder at IBM facing a really annoying problem in the Linux kernel. You have access to the relevant SCO code and cut and paste in a bit of code so that you can finish and get home early, thinking surely no one will ever notice. Now 18 month later this whole thing blows up.
I don't understand... if someone did this then why doesn't (or shouldn't?) SCO sue IBM or the coder that did this? Sending letters to users of Linux is like Honda stealing trade secrets from Ford on how to build a certain engine, me buying a Honda, and then getting a letter from Ford letting me know that I may be in violation of something.
It just seems bogus to me. The users of Linux didn't commit a crime. They used what they had every reason to believe was free, GPL software. If that isn't the case then the guilty party is the person that put the offending code in Linux, not all the users (commercial or not) that later used Linux.
At least that's the way it would be in a sane justice system...
I don't doubt that a "larger and larger" share of embedded devices use full-blown CPUs that run an operating system. But if you consider the entire universe of "embedded devices"--which includes things as simple as washing machines, remote controls, telephones, CD players, microwave ovens, caller ID devices, most home security systems, the ECMs in most cars, many time & attendance units, bike speedometer/odometer, even many MP3 players (!), etc.--I think you will find that "embedded systems" which have a full-blown CPU and OS such as the ones we are discussing are still in the vast minority measured by units produced or by value of the units sold.
I put "embedded" in quotes because I think the term "embedded" is used loosely when applied to what amount to full-blown computer systems packaged in something that doesn't look like a computer.
It seems that "embedded" originally meant that some device with computational ability (normally a microcontroller) was *embedded* into the design of the rest of the electronics. It formed an integral part of the design and made the device more intelligent. Now, an "embedded" system running Windows or Linux is no longer *embedded*--it's really more accurate to say that it's a computer that has been packaged in a certain way and is running certain software to perform a specific task.
To me, if a device could essentially be plugged into a monitor and keyboard and operate as a computer or if the software being run on an "embedded" system could pretty much just be dropped onto a PC and run, that isn't embedded to me. That's developing specialized PC applications that use alternative I/O. Big deal.
Just because a computer is small and looks like a phone doesn't make it "embedded." It's just a small computer that looks like a phone.:)
Mcdonalds was serving coffee that was pretty much at the boiling point so that it would stay fresh longer.
It appears they were serving coffee at 185 degrees, which is almost 30 degrees away from boiling and only about 20 degrees hotter than other restauraunts.
Handing a person a styrofoam cup of boiling coffee is kind of fscked up if you ask me
Again, it definitely wasn't boiling. Yes, it was hot. Coffee is like that. You can consult burn specialists and call in experts blah blah blah, but in the end most adults know that coffee is hot and whether it's 165 degrees, 185 degrees, or 212 degrees we all treat it carefully so we don't get burned. No-one in their right mind says "Well, this coffee is 185 degrees and can give me third degree burns, I'd better be careful! Because I assume my coffee is served at 165 degrees which I know only causes first and second degree burns and which I don't have to handle so carefully because I don't care if I receive first or second degree burns."
The fact is everyone knows coffee is hot. Very few people know HOW hot and how much any given coffee or liquid can burn us. SO WE ARE CAREFUL.
McDonald's was ordered to pay $2.7 million dollars (2 days of coffee sales) but, since even the judge knew that was completely rediculous, he later reduced the fine to $480,000. Still a lot of money because someone can't handle their coffee, but at least the rediculous multi-million dollar judgement was thrown out.
Why does everyone insist on claiming that linux has taken over the embedded market?
I work in the embedded market and it is the standard.
I work in the embedded market, too, and me thinks you don't even realize just how big the "embedded" market is.
For your information, *most* embedded systems don't even use an operating system. They are developed based on microcontrollers and the software is designed to solve a specific functional problem, unit cost must be minimized, and operating systems such as Linux, PalmOS, or Windows are definitely not used--the cost of the hardware necessary to run them are too high for mass production where the difference between a 25 cent part and a 50 cent part can mean hundreds of thousands of dollars in profit. Yes, I'm sure there are many "embedded" systems that use these operating systems, but to say ANY of them are the "majority" of embedded systems is far from the truth.
The majority of embedded systems run on OS-less microcontrollers.
To tell you the truth, I think calling Windows, Linux, or PalmOS-based systems "embedded" is to use the term liberally. I know that term is used, but embedded used to be low-level microcontroller stuff. Now "embedded" seems to mean anything that doesn't look like a computer but which has a computer inside. To me, if you're developing for Windows, Linux, or PalmOS you aren't really doing embedded development--your target system just happens to be small and/or appears to be something other than a computer.
I've been using Quicken99 for years and I have no reason to upgrade. Certainly not once a year.
As for TurboTax, I've never used tax prep software. I download fill-in forms from the IRS, fill them out on my PC, and print. I have a nice permanent record of my tax return that won't be obsolete and impossible to load in the future. I don't have to PAY for tax software each year.
Personally, I think if your taxes are too complex to do by hand (i.e. by hand or fill-out forms) you'd probably be best off having a tax preparer anyway. I'm getting to a point where I might have to consider going with a tax preparer, but when I stop doing it by hand my plan is to go to a tax prepaprer, not some software that supposedly does it for me.
There are many things we tolerate being in "little black boxes" whose internal logic we don't fully understand. But my taxes are not something I leave to such little mysterious black boxes.:)
Re:I always wondered...
on
Spam, Milord
·
· Score: 1
but I reckon it's the same spammer trying to increase his visibility.
Only a spammer would think that that was a good thing.:)
Re:Not to be a wet blanket, but...
on
Spam, Milord
·
· Score: 1
it's because he brazenly engaged in identity theft. That just happened to be a tool that he then used to aid his spamming operation.
You're right, but I also think that as lawsuits target spammers for their various illegal activities we'll see that there are fewer people that are able to spam. After all, if this guy was using stolen credit cards and identities in order to spam one must assume that spamming without resorting to such measures is difficult. Why else would he go to the effort and the risk of doing these things unless he perceived it to be the only way to conduct his spam business?
Now I'm not saying that you need to engage in credit card fraud and identity theft to spam, but I think it is somewhat encouraging that some spammers are being forced to go to such lengths to conduct their business. It means we are closing the loops on ways to do it "legally"--and as we do that I think we'll find there are fewer people willing to spam if it requires blatantly illegal acts such as credit card and identity theft.
I've been very tempted to build something like LaBrea to trap spammers. "You can send me that spam... at one character per hour, and I'm not listening."
I did this last year. I modified my Sendmail to analyze incoming messages in real-time. If the source IP was known spam it took about 60 seconds between SMTP replies. Problem is, once you get to the DATA phase which is where the bulk of their transmission is, it's a single-shot with no flow control. I would have loved to have accepted their payload at 1 character every 10 seconds, but unfortunatelly once they issue the "DATA" command it all comes through in a single hit.
Also, if you take too long to SMTP reply to their commands, they hang up and do it again. So instead of dealing with the SMTP conversation and spam once, you deal with the SMTP conversation until they get sick of trying (which sometimes is never, literally).
Here's a hint for you, neither party manages the budgets particularly well at all, they are equally fiscally irresponsible.
Nah... Democrats tend to spend more and more and ask for more taxes to do it. Republicans tend to reduce taxes in the hopes that that will FORCE a reduction in spending.
Of course, reality is otherwise--and a recession, war, and terrorist attacks are what caused the current deficit, not the fact that we have a Republican president.
I assume you don't actually believe the economy would still be humming along, the Twin Towers would still be standing, and there'd be a surplus if Gore had been elected?
BTW--There was no budget surplus under the Clinton administration, that's essentially an urban ledgend the media let him get away with.
Re:does this really require a readme.txt??
on
How to Become A Spammer
·
· Score: 2, Interesting
I wrote it myself based on a Bayesian approach almost entirely on Paul Graham's original "A Plan For Spam." Paul's article claimed 99.5% success rate and, having implemented it almost exactly how he suggested, I'm finding that to be true. Sometimes it dips down to 99.4% and other times it bounces up to 99.7%, but it hovers right around 99.5% or 99.6%.
As of last month, 75% of my mail was spam. This month it appears that has inched up to 81%.
Of course you're right. The spammer has already consumed resources to get the spam to the filter. Once the spam has been delivered there's nothing you can do about that. But you can improve the user experience by not forcing him to sift through it. And this harms the spammer by reducing the number of users that actually SEE the garbage he unloaded--thus reducing their response rate and reducing the incentive to send more spam in the future.
If spammers currently get 1 response in a 1000, if we can use Bayesian (or anything!) to reduce that to 1 response in 200,000 (99.5% effectiveness) *AND* save the user the hassle of deleting it from his inbox, we've made progress at making spam even less profitable. At some point it is no longer attractive.
Re:does this really require a readme.txt??
on
How to Become A Spammer
·
· Score: 3, Informative
Defeating naive bayesian filtering is easy: weight the message with N random words from a dictionary file, where N is calculated to be sufficiently large that it will surely contain at least half as many squeaky clean words as the number of "most interesting" tokens the filter considers.
I don't think it's that easy. Bayesian filtering assumes each user has his or her own corpus of good and bad tokens. Taking dictionary words is not likely to find words that have extremely low Bayesian scores--they are likely to find words that are either previously not in the corpus (Paul Graham and I assign those 0.40) or will find words that are not particularly innocent.
For example, if you look at my corpus right now, the word "CAT" has a 20% chance of being spam, "DOG" has a 56% chance of being spam, "KITCHEN" has a 50% chance of being spam, "THE" a 56% chance of being spam, "RED" a 21% chance of being spam. The point is, you find that you need some truly exceptional CLEAN words (i.e. spam score of 1% or 2%) for a message to NOT be considered spam. If you have a few that rank 99% and your best "dictionary" word comes in at 10%, it's probably still going to be 90%+ overall. In fact, with just 100 good emails and 100 bad emails in the corpus Bayesian will do really good at catching pretty much all spam: the problem is with 100 and 100 you'll get many false positives. A large Bayesian corpus isn't necessary to CATCH spam: a large Bayesian corpus IS necessary to reduce false positives.
So the point is: Dictionary words will seldom be the words that are going to reduce a message's spam score. It's person-specific words, such as "TED" if you know someone named Ted, or "PARIS" if you like to discuss Europe, etc. that's going to get a message through--not a dictionary attack.
Plus even if a dictionary attack happens to get through, it will work only a few times at best: The words used in the dictionary attack will eventually have a spam probability assigned to them that makes the very use of the dictionary attack RAISE the spam score rather than lower it.:) It's really quite slick.:)
I believe Paul Graham is right: This is going to stop current spam big-time. Eventually you'll see really short spams, 1-liners with reference to a website. I'm seeing that already, actually. Messages with a 1-liner that is nothing more than a URL to some incest site. That's where spam is going--and that's going to be even less effective than current spam which will reduce even further the incentive to send spam in the first place. But even those 1-liners will soon be filterable by Bayesian as developers add new characteristics to the Bayesian filter that rank the probability of a message being spam if it consists of nothing but a single URL link, etc.
Don't underestimate Bayesian. I think you'll find it's much harder to get around than you think.
Re:does this really require a readme.txt??
on
How to Become A Spammer
·
· Score: 5, Interesting
First, the human brain is fantastically good at interpretation. It will take such an enormous amount of mangling to make the message unreadable that you'd have to filter out virtually everything.
I'm not forgetting that... But you have to remember it's a sales pitch. The more distorted and mangled the message looks, more people will just completely ignore it. Regardless of whether a message was spam or not, I would not take seriously any message that was sent to me in, essentially, SMS-speak. I certainly wouldn't refinance my home or accept medical advice from an organization that wrote me in that fashion.
Second, and more importantly, the majority of people do not wage a 24 hour war against spam and run a Bayesian spam filter. They just put up with it.
For now, that is true. But as time progresses more and more companies and ISPs will offer filters (perhaps Bayesian, others, or both) to their customers--perhaps defaulting it to "on." I wouldn't count on typical users making an effort to avoid spam, but I would expect more and more comapnies and ISP to do so.
If it was purely Bayesian filter vs spammer, spammer would win hands down.
I disagree, and I wonder if you have done much investigating with Bayesian? I've been working on it for the last 7 months and, believe me, Bayesian is surprisingly effective despite its simplicity. Messages I thought it wouldn't catch ARE caught with no special logic whatsoever.
Three things I would mention and which I advocate, especially as spammers try to outwit Bayesian.
1. Bayesian WILL catch their messages unless they munge their messages, which we must assume they will. They already do and, presumably, they'll do it more in the future. This is simple to address. Once your Bayesian corpus gets sufficiently large the expectation is that a typical valid email will not add a significant number of previously-unseen tokens to the corpus. If you have a corpus of thousands of messages and receive a new message of which 40% (for example) are new tokens, you may want to assume that's a spammer munging because a real mail is not going to have that many "new" tokens.
2. Even if you don't assign a cut-off point as in #1, you just make "characteristics" out of the number of new tokens. For example, if you have a message that contains 50-60% new tokens, that itself becomes a new Bayesian token. Perhaps, over time, Bayesian will find that "messages with 50-60% new tokens have an 80% chance of being spam." So the fact that they munge becomes a damning factor even if the computer can't identify the actual munging.
3. You add new characteristics as in #2. Perhaps another characteristic is "Messages that contain no body except for a URL." Perhaps 85% of those messages are spam, and Bayesian can count that as a damning characteristic. Or, perhaps, messages where over 50% of the body are devoted to URLs have a 90% chance of being spam. All these add new "characteristics" that can be used to calculate a spam probability for Bayesian.
So, the point is, Bayesian itself is very, very capable of solving the spam problem. I'm not saying that we write a Bayesian filter today and it never has to evolve. But now when spammers implement new countermeasures, we just have Bayesian do analysis that looks for those countermeasures and, when found, counts them as another characteristic. The algorithm remains untouched, but we have a growing number of characteristics that Bayesian is scoring--not just tokens (words) in the message, but characteristics OF the message.
Believe me, 7 months of research and development on this has convinced me that Bayesian is going to be the headache to end all headaches for spammers. Will it catch 100% of spam? No (more like 99.5%, actually |grin|). But will it catch enough so that the typical user isn't bothered by spam and to further reduce the response rate of spam to reduce the incentive to send it? Yes, it will.
Yeah... Kind of like there are people in the basement that have nothing better to do than get all upset about people:
1. Mugging them on the street (theft of service).
2. "Brrowing" their cars without permission to rob a bank even though they return them later, so what, difference does it make? (using someone elses mail server to relay spam).
3. Sending threats to politicians using your address as the return address (using some innocent person's email address as the return address for bounced spam).
4. Handing out pornographic magazines to everyone that walks by--10 meters away from an elementary school (sending porn spam when you have no clue whether or not the recepient is even an adult).
The NERVE of some of us getting upset about such silly things.
Re:does this really require a readme.txt??
on
How to Become A Spammer
·
· Score: 3, Interesting
What they (my friends) lack are people willing to pay them for sending out spam (oh, yeah, another thing working aginst their success as spammers is morality).
Exactly. Morality. Any woman can be a hooker, they all have the tools... but that doesn't mean that every woman would be a hooker if they had a paying customer. Likewise, just because someone comes to me and offers $2k to spam 10 million addresses from my connection I'm not going to do it. It's not the lack of a paying customer, it's morality.
Unfortunately, morality is hard to control. There are hookers even where it is supposedly illegal and there will be spam even if its illegal. The solution is not political or legal (other than suing them based on theft of service to drive up costs), but rather technical. While I will not deny spammers have been very innovative in getting around simple filters, there is a limited number of things they can do and still deliver a useful commercial to the intended reader. They already mangle words such as V!^gra, etc. and even so my Bayesian filter gives them a rating of 100%. They're going to have to mangle their message so much to get past ever-improving filters that at some point their messages are going to be so mangled that they will scarcely be readable. At that point, their already astonishingly low response rate will drop even further.
Spam and anti-spam is a war, as they said in the article. But the anti-spam camp will ultimately win because we have the advantage that, in the end, the spammers have to deliver a readable and understandable message. That puts limits on what tricks they can play to get around filters.
somewhat younger generation (say, retiring in 15-25 years) being emplyed in the field till retirement.
In the field? Chances are good. At the same job? I doubt it.
It is obvious that to develop radically new things you have got to have very open-minded attitude and flexible thinking
That really depends on what the "new thing" is. Not all new things require open-mindedness or flexible thinking. Many new things require your experience to be applied in new ways, but that doesn't mean your experience is now obsolete.
So by the time my generation retires, the only thing people like me can count on is maintaining antique legacy stuff
With all due respect, that's entirely absurd. If you lock yourself into a technology, sure, you'll maintain legacy stuff. If you keep up on new technology constantly you'll find that there are very few "radically new things" in this field. Yes, there is constant advances, new concepts, etc. But it's only a "radical new thing" if you've been out of the field for 20 years. If you've been in the field for 20 years and keep up on stuff as it comes out you see a line of logical, incremental advances. So you'll only be maintaining legacy code if you learn VB in 2000 and don't learn anything else for the next 40 years.
Will there be enough work for those 5 people to maintain legacy C# code or linux kernel?
Again, you are basing this on an assumption of obsolence. Just keep up on new technolgies and you won't be doomed to legacy maintenance in the future. It's really not that hard.
Or will technological progress move so fast that their skills would be so obsolete that there will be at most need for just one person?
Again, you assume that schools will start cranking out students that are versed in a new technology that is so damn complex that people over 30 can't grasp it. That's nonsense. If anything, those with a firm understanding of today's technology are more likely to be able to adapt to new technologies than teaching something to brand new students. It has been my experience that it is easier for someone who has a complete understanding of 'C' to learn any given new technology that comes out. A new grab out of college has a hard time applying the THEORY he learned, let alone build new ideas and concepts on top of that.
In all, you have a very fatalistic attitude towards your future in the industry. If you really believe what you're saying I'd get out of the field. I definitely won't be maintaining legacy code in 30 years, but if you are convinced that's what YOU'LL be doing you have a big chance of being right.
A non-filtering ISP gets hit in two places: - storage - bandwidth
You're forgetting a third place that is potentially more critical in terms of profits: customer satisfaction. If their customers are receiving hundreds of spams per day they may very well be tempted to jump ship and go with another provider that either has better anti-spam technology or, at the very least, will give them a new email address to start from scratch.
When running filtering on the system, you generally DO NOT automatically bounce the message.
Agreed. But if you are running a Challenge/Response system and a message comes to a user who is "new" for that user, the C/R system automatically generates a challenge email that it sends back to the sender. That is automatic. And when it's spam a challenge will be sent to the "sender" of every spam, even though many spams don't even have a valid "from" address. So if it sends a challenge to an invalid email address that's when you could get a bounced message.
Instead, you tag it, and pass it on to the end user for them to decide what to do.
That's the way spam FILTERS work, but that's not the way a challenge/response system works--which I believe is what we were originally talking about.
So, you're still getting hit for: - storage
- bandwidth and now you've added on more CPU cycles for the same amount of mail.
Storage is relatively cheap (although not free, I agree). Bandwidth is being consumed by spam anyway whether you filter it or not. If you implement a C/R system you'll end up consuming MORE bandwidth because you'll have to send a C/R email for every spam that comes in. As for CPU cycles, I agree it requires fewer CPU cycles to do nothing about spam (in the short term). But in the long-term doing nothing may cause you to lose customers to ISPs that ARE doing something about it, and will also result in more spam since more spam will get to users which will tend to drive up response rates encouraging more spam. You can't use CPU cycles as a justification for not doing anything. Doing nothing is the worst thing an ISP can do as it relates to customer satisfaction and encouraging even more spam in the future.
but it won't alleviate the main problems they've been seeing, and it will put more load on the servers.
Again, you have to do something about spam to avoid customer dissatisfaction in the short-term and to avoid encouraging more spam in the future. Either of these aspects is going to be much more expensive than the cost of the server load. And if you do nothing and spam volume continues to increase you're going to start reaching server capacity anyway. So you can spend CPU cycles filtering out the spam or you can spend CPU cycles accepting ever-increasing amounts of spam that give your customers an ever-increasing motivation to cease being your customers.
If the servers were anywhere near CPU capacity, they'll need more iron to handle it.
Cost of doing business, I'm afraid. First, if they were near CPU capacity they probably should upgrade their hardware anyway to handle peak load. And, again, I'm not saying that battling spam is free or even cheap. But it's a battle that has to be fought and I believe the best way to do it is with Bayesian, not C/R systems.
The ISP is generally running with virtually nothing, or perhaps is using some realtime blacklist... If they've already got something else in place, then the difference won't be as drastic, but from what I've seen, most ISP's have a bare minimum on their mail servers and that's it.
Well I can't argue with that. If they aren't running anything but sendmail it'll cost them a little more CPU time to do Bayesian, although I think you'd be surprised how little CPU time a well-developed Bayesian system requires.
But, fact of the matter is, those ISPs that haven't deployed any anti-spam solutions yet will probably have to soon. The flood of spam demands it, and their users will demand it more and more as spam continues to increase.
So if an ISP is considering an anti-spam solution there is no reason why Bayesian should be discarded as CPU intensive. In fact, it is one of the fastest, least CPU intensive spam filtering methods available.
then all the user has to do in the first place is to not whitelist the spammer.
A C/R system does not require the user to place the would-be spammer in the whitelist. C/R means that anyone can send the user a message but if the sender is not already whitelisted he is automatically sent a message with a "challenge." If the sender receives the challenge and goes through the automated system, the sender is automatically added to the user whitelist and the message that was already sent is delivered--and subsequent messages will be livered without a challenge (i.e. open door for spam).
Best case scenario is that the sender sends a spam, gets the challenge, responds and the original spam is delivered--and the spammer immediately sends a ton more spam to the user. The user will obviously realize that the newly added address is a spammer and will remove it from the whitelist and add it to the blacklist, but unless he checks his email every minute or two he's going to have a ton of spam by the time he realizes what happens and removes the automatically-added whitelist entry for the spammer.
Tell me how in the world a spammer could effectively manage to trick a single user, much less multiple users into believing they are their friends?
He doesn't. The C/R system does NOT ask you, the receiver, if the sender should be added to your whitelist. C/R is precisely a system that asks the SENDER to PROVE that there is a human on that side. If the spammer spends the several seconds necessary to prove that, he is automatically added to the receiver's whitelist and can send all the garbage he wants UNTIL the receiver realizes the system has been duped and adds the address in question to the BLACKLIST.
1) get past the initial challenge-response step which offers the spammer an image whose content they must identify and replicate to prove they are a human being. there currently is no known automated way of doing this.
Maybe not automated, but if a spammer receives a C/R request and he KNOWS that if he takes 10 seconds to complete the C/R procedure that the spam he sent WILL be received then I suspect there ARE spammers that will do that. They don't want to spend 10 seconds per email now because they know most aren't even delivered--but if spending 10 seconds guarantees the spammer that the email will be placed in the inbox, it could very well be a worthwhile investment.
2) trick the potential future recipient of their email into believing they are friendly to whitelist them.
Please understand that a C/R system does NOT ask the future recipient to add them to the whitelist. By going through the C/R procedure that address is AUTOMATICALLY whitelisted. You don't have to convince the receiver of anything, you just need to convince the C/R system that there is a real human on the spammer side. That opens the door and then the spammer (or his spam buddies) can flood the email address with any number of spams until the receiver realizes that the system has whitelsited a spammer and the user specifically blacklists that user. But that won't stop spammers from doing it again with a different email address.
i challenge you to find a flaw in this system.
See above. I think you misunderstand what a C/R system involves. It does not require any action on behalf of the receiver. If the sender responds to the C/R, his email/spam is delivered until the receiver specifically blacklists that address--but the spammer can just do it again with another address.
The Bayesian system you believe ALSO uses the concept of a holding box, just like the earthlink system does.
Yes, but unlike the C/R/Earthlink system, it will not generate a C/R email for every spam received. Unlike the C/R system, the spammer cannot simply answer a challenge to get his spam into my inbox--he has to send me a message that doesn't have any of the traits of being spam. Simply put, a determined spammer will have an easier time getting throu
Slashdot Mirror
Agreed.
Now imagine another situation where you download some source code off the net where there is a big comment /* THIS IS RIPPED FROM UNIXWARE */. You don't read the comment, just compile it and stick into production. Are you responsible then?
First, I doubt there is such a comment in the code in question. That being the case, unless I have both Linux code *AND* the SCO original code, how am I going to be able to compare the code to see if it was copied? And if I see similar code, how do I know which was copied from which?
In any case, as an END USER I would say, regardless, NO, I'm not responsible. I've recompiled the kernel, sure. But I really haven't looked at a single line of code in the kernel. I wouldn't know if such a comment existed and I don't think I'm legally required to do a code review of hundreds of thousands of lines of code which are well accepted to be free to the public.
The point is that there's a huge gray area here (depending who, where, what, how much, how long, etc), that some judge is going to have to sort out. So it's far too premature to give end users an automatic free pass.
Sure we have to wait for the ruling to know what the judge would say, but common sense and (I believe) legal theories would suggest that unless the end user had a reason to believe there was copyright violations in Linux and the user reasonably believed that Linux was free (which is not the case with Windows XP) that the buck stops with the person/company that stole the code and made it public. If it exists it should be removed from Linux, but holding end users responsible for this is absurd and I think this will ultimately be how the judge rules.
Yeah, if I took those plans and went out and made a profit selling it. I think 99.9% of Linux users haven't done that. Maybe RedHat et al could be hit for something since they took the plans, built it, and made a profit distributing it. But that's not what we're talking about here.
WWIII? Yeah right. For a "world war" to transpire you have to have multiple countries fighting for two or more positions. If North Korea invades South Korea you'd have "world war" in the sense that the entire world would join in collectively turning North Korea into a multinational parking lot for air forces of the world.
No-one would be helping the North Koreans so the risk of a "world war" is slight. Well, the French might defend North Korea--not that it really matters.
Right, but why not the (supposed) idiot programmer who stole code from SCO and stuck it in Linux? If it happened, THAT'S where the law was broken and where justice should be done. If that idiot goes bankrupt, sorry, SCO is out of luck. But to hold Linux End Users financially responsible through license fees for someone elses copyright violation just because the responsible party doesn't have deep enough pockets to make SCO happy is bogus.
I don't understand... if someone did this then why doesn't (or shouldn't?) SCO sue IBM or the coder that did this? Sending letters to users of Linux is like Honda stealing trade secrets from Ford on how to build a certain engine, me buying a Honda, and then getting a letter from Ford letting me know that I may be in violation of something.
It just seems bogus to me. The users of Linux didn't commit a crime. They used what they had every reason to believe was free, GPL software. If that isn't the case then the guilty party is the person that put the offending code in Linux, not all the users (commercial or not) that later used Linux.
At least that's the way it would be in a sane justice system...
I put "embedded" in quotes because I think the term "embedded" is used loosely when applied to what amount to full-blown computer systems packaged in something that doesn't look like a computer.
It seems that "embedded" originally meant that some device with computational ability (normally a microcontroller) was *embedded* into the design of the rest of the electronics. It formed an integral part of the design and made the device more intelligent. Now, an "embedded" system running Windows or Linux is no longer *embedded*--it's really more accurate to say that it's a computer that has been packaged in a certain way and is running certain software to perform a specific task.
To me, if a device could essentially be plugged into a monitor and keyboard and operate as a computer or if the software being run on an "embedded" system could pretty much just be dropped onto a PC and run, that isn't embedded to me. That's developing specialized PC applications that use alternative I/O. Big deal.
Just because a computer is small and looks like a phone doesn't make it "embedded." It's just a small computer that looks like a phone. :)
It appears they were serving coffee at 185 degrees, which is almost 30 degrees away from boiling and only about 20 degrees hotter than other restauraunts.
Handing a person a styrofoam cup of boiling coffee is kind of fscked up if you ask me
Again, it definitely wasn't boiling. Yes, it was hot. Coffee is like that. You can consult burn specialists and call in experts blah blah blah, but in the end most adults know that coffee is hot and whether it's 165 degrees, 185 degrees, or 212 degrees we all treat it carefully so we don't get burned. No-one in their right mind says "Well, this coffee is 185 degrees and can give me third degree burns, I'd better be careful! Because I assume my coffee is served at 165 degrees which I know only causes first and second degree burns and which I don't have to handle so carefully because I don't care if I receive first or second degree burns."
The fact is everyone knows coffee is hot. Very few people know HOW hot and how much any given coffee or liquid can burn us. SO WE ARE CAREFUL.
McDonald's was ordered to pay $2.7 million dollars (2 days of coffee sales) but, since even the judge knew that was completely rediculous, he later reduced the fine to $480,000. Still a lot of money because someone can't handle their coffee, but at least the rediculous multi-million dollar judgement was thrown out.
I work in the embedded market and it is the standard.
I work in the embedded market, too, and me thinks you don't even realize just how big the "embedded" market is.
For your information, *most* embedded systems don't even use an operating system. They are developed based on microcontrollers and the software is designed to solve a specific functional problem, unit cost must be minimized, and operating systems such as Linux, PalmOS, or Windows are definitely not used--the cost of the hardware necessary to run them are too high for mass production where the difference between a 25 cent part and a 50 cent part can mean hundreds of thousands of dollars in profit. Yes, I'm sure there are many "embedded" systems that use these operating systems, but to say ANY of them are the "majority" of embedded systems is far from the truth.
The majority of embedded systems run on OS-less microcontrollers.
To tell you the truth, I think calling Windows, Linux, or PalmOS-based systems "embedded" is to use the term liberally. I know that term is used, but embedded used to be low-level microcontroller stuff. Now "embedded" seems to mean anything that doesn't look like a computer but which has a computer inside. To me, if you're developing for Windows, Linux, or PalmOS you aren't really doing embedded development--your target system just happens to be small and/or appears to be something other than a computer.
As for TurboTax, I've never used tax prep software. I download fill-in forms from the IRS, fill them out on my PC, and print. I have a nice permanent record of my tax return that won't be obsolete and impossible to load in the future. I don't have to PAY for tax software each year.
Personally, I think if your taxes are too complex to do by hand (i.e. by hand or fill-out forms) you'd probably be best off having a tax preparer anyway. I'm getting to a point where I might have to consider going with a tax preparer, but when I stop doing it by hand my plan is to go to a tax prepaprer, not some software that supposedly does it for me.
There are many things we tolerate being in "little black boxes" whose internal logic we don't fully understand. But my taxes are not something I leave to such little mysterious black boxes. :)
Only a spammer would think that that was a good thing. :)
You're right, but I also think that as lawsuits target spammers for their various illegal activities we'll see that there are fewer people that are able to spam. After all, if this guy was using stolen credit cards and identities in order to spam one must assume that spamming without resorting to such measures is difficult. Why else would he go to the effort and the risk of doing these things unless he perceived it to be the only way to conduct his spam business?
Now I'm not saying that you need to engage in credit card fraud and identity theft to spam, but I think it is somewhat encouraging that some spammers are being forced to go to such lengths to conduct their business. It means we are closing the loops on ways to do it "legally"--and as we do that I think we'll find there are fewer people willing to spam if it requires blatantly illegal acts such as credit card and identity theft.
I did this last year. I modified my Sendmail to analyze incoming messages in real-time. If the source IP was known spam it took about 60 seconds between SMTP replies. Problem is, once you get to the DATA phase which is where the bulk of their transmission is, it's a single-shot with no flow control. I would have loved to have accepted their payload at 1 character every 10 seconds, but unfortunatelly once they issue the "DATA" command it all comes through in a single hit.
Also, if you take too long to SMTP reply to their commands, they hang up and do it again. So instead of dealing with the SMTP conversation and spam once, you deal with the SMTP conversation until they get sick of trying (which sometimes is never, literally).
Nah... Democrats tend to spend more and more and ask for more taxes to do it. Republicans tend to reduce taxes in the hopes that that will FORCE a reduction in spending.
Of course, reality is otherwise--and a recession, war, and terrorist attacks are what caused the current deficit, not the fact that we have a Republican president.
I assume you don't actually believe the economy would still be humming along, the Twin Towers would still be standing, and there'd be a surplus if Gore had been elected?
BTW--There was no budget surplus under the Clinton administration, that's essentially an urban ledgend the media let him get away with.
As of last month, 75% of my mail was spam. This month it appears that has inched up to 81%.
If spammers currently get 1 response in a 1000, if we can use Bayesian (or anything!) to reduce that to 1 response in 200,000 (99.5% effectiveness) *AND* save the user the hassle of deleting it from his inbox, we've made progress at making spam even less profitable. At some point it is no longer attractive.
I don't think it's that easy. Bayesian filtering assumes each user has his or her own corpus of good and bad tokens. Taking dictionary words is not likely to find words that have extremely low Bayesian scores--they are likely to find words that are either previously not in the corpus (Paul Graham and I assign those 0.40) or will find words that are not particularly innocent.
For example, if you look at my corpus right now, the word "CAT" has a 20% chance of being spam, "DOG" has a 56% chance of being spam, "KITCHEN" has a 50% chance of being spam, "THE" a 56% chance of being spam, "RED" a 21% chance of being spam. The point is, you find that you need some truly exceptional CLEAN words (i.e. spam score of 1% or 2%) for a message to NOT be considered spam. If you have a few that rank 99% and your best "dictionary" word comes in at 10%, it's probably still going to be 90%+ overall. In fact, with just 100 good emails and 100 bad emails in the corpus Bayesian will do really good at catching pretty much all spam: the problem is with 100 and 100 you'll get many false positives. A large Bayesian corpus isn't necessary to CATCH spam: a large Bayesian corpus IS necessary to reduce false positives.
So the point is: Dictionary words will seldom be the words that are going to reduce a message's spam score. It's person-specific words, such as "TED" if you know someone named Ted, or "PARIS" if you like to discuss Europe, etc. that's going to get a message through--not a dictionary attack.
Plus even if a dictionary attack happens to get through, it will work only a few times at best: The words used in the dictionary attack will eventually have a spam probability assigned to them that makes the very use of the dictionary attack RAISE the spam score rather than lower it. :) It's really quite slick. :)
I believe Paul Graham is right: This is going to stop current spam big-time. Eventually you'll see really short spams, 1-liners with reference to a website. I'm seeing that already, actually. Messages with a 1-liner that is nothing more than a URL to some incest site. That's where spam is going--and that's going to be even less effective than current spam which will reduce even further the incentive to send spam in the first place. But even those 1-liners will soon be filterable by Bayesian as developers add new characteristics to the Bayesian filter that rank the probability of a message being spam if it consists of nothing but a single URL link, etc.
Don't underestimate Bayesian. I think you'll find it's much harder to get around than you think.
I'm not forgetting that... But you have to remember it's a sales pitch. The more distorted and mangled the message looks, more people will just completely ignore it. Regardless of whether a message was spam or not, I would not take seriously any message that was sent to me in, essentially, SMS-speak. I certainly wouldn't refinance my home or accept medical advice from an organization that wrote me in that fashion.
Second, and more importantly, the majority of people do not wage a 24 hour war against spam and run a Bayesian spam filter. They just put up with it.
For now, that is true. But as time progresses more and more companies and ISPs will offer filters (perhaps Bayesian, others, or both) to their customers--perhaps defaulting it to "on." I wouldn't count on typical users making an effort to avoid spam, but I would expect more and more comapnies and ISP to do so.
If it was purely Bayesian filter vs spammer, spammer would win hands down.
I disagree, and I wonder if you have done much investigating with Bayesian? I've been working on it for the last 7 months and, believe me, Bayesian is surprisingly effective despite its simplicity. Messages I thought it wouldn't catch ARE caught with no special logic whatsoever.
Three things I would mention and which I advocate, especially as spammers try to outwit Bayesian.
1. Bayesian WILL catch their messages unless they munge their messages, which we must assume they will. They already do and, presumably, they'll do it more in the future. This is simple to address. Once your Bayesian corpus gets sufficiently large the expectation is that a typical valid email will not add a significant number of previously-unseen tokens to the corpus. If you have a corpus of thousands of messages and receive a new message of which 40% (for example) are new tokens, you may want to assume that's a spammer munging because a real mail is not going to have that many "new" tokens.
2. Even if you don't assign a cut-off point as in #1, you just make "characteristics" out of the number of new tokens. For example, if you have a message that contains 50-60% new tokens, that itself becomes a new Bayesian token. Perhaps, over time, Bayesian will find that "messages with 50-60% new tokens have an 80% chance of being spam." So the fact that they munge becomes a damning factor even if the computer can't identify the actual munging.
3. You add new characteristics as in #2. Perhaps another characteristic is "Messages that contain no body except for a URL." Perhaps 85% of those messages are spam, and Bayesian can count that as a damning characteristic. Or, perhaps, messages where over 50% of the body are devoted to URLs have a 90% chance of being spam. All these add new "characteristics" that can be used to calculate a spam probability for Bayesian.
So, the point is, Bayesian itself is very, very capable of solving the spam problem. I'm not saying that we write a Bayesian filter today and it never has to evolve. But now when spammers implement new countermeasures, we just have Bayesian do analysis that looks for those countermeasures and, when found, counts them as another characteristic. The algorithm remains untouched, but we have a growing number of characteristics that Bayesian is scoring--not just tokens (words) in the message, but characteristics OF the message.
Believe me, 7 months of research and development on this has convinced me that Bayesian is going to be the headache to end all headaches for spammers. Will it catch 100% of spam? No (more like 99.5%, actually |grin|). But will it catch enough so that the typical user isn't bothered by spam and to further reduce the response rate of spam to reduce the incentive to send it? Yes, it will.
And regardless of whether or not the w
1. Mugging them on the street (theft of service).
2. "Brrowing" their cars without permission to rob a bank even though they return them later, so what, difference does it make? (using someone elses mail server to relay spam).
3. Sending threats to politicians using your address as the return address (using some innocent person's email address as the return address for bounced spam).
4. Handing out pornographic magazines to everyone that walks by--10 meters away from an elementary school (sending porn spam when you have no clue whether or not the recepient is even an adult).
The NERVE of some of us getting upset about such silly things.
Exactly. Morality. Any woman can be a hooker, they all have the tools... but that doesn't mean that every woman would be a hooker if they had a paying customer. Likewise, just because someone comes to me and offers $2k to spam 10 million addresses from my connection I'm not going to do it. It's not the lack of a paying customer, it's morality.
Unfortunately, morality is hard to control. There are hookers even where it is supposedly illegal and there will be spam even if its illegal. The solution is not political or legal (other than suing them based on theft of service to drive up costs), but rather technical. While I will not deny spammers have been very innovative in getting around simple filters, there is a limited number of things they can do and still deliver a useful commercial to the intended reader. They already mangle words such as V!^gra, etc. and even so my Bayesian filter gives them a rating of 100%. They're going to have to mangle their message so much to get past ever-improving filters that at some point their messages are going to be so mangled that they will scarcely be readable. At that point, their already astonishingly low response rate will drop even further.
Spam and anti-spam is a war, as they said in the article. But the anti-spam camp will ultimately win because we have the advantage that, in the end, the spammers have to deliver a readable and understandable message. That puts limits on what tricks they can play to get around filters.
In the field? Chances are good. At the same job? I doubt it.
It is obvious that to develop radically new things you have got to have very open-minded attitude and flexible thinking
That really depends on what the "new thing" is. Not all new things require open-mindedness or flexible thinking. Many new things require your experience to be applied in new ways, but that doesn't mean your experience is now obsolete.
So by the time my generation retires, the only thing people like me can count on is maintaining antique legacy stuff
With all due respect, that's entirely absurd. If you lock yourself into a technology, sure, you'll maintain legacy stuff. If you keep up on new technology constantly you'll find that there are very few "radically new things" in this field. Yes, there is constant advances, new concepts, etc. But it's only a "radical new thing" if you've been out of the field for 20 years. If you've been in the field for 20 years and keep up on stuff as it comes out you see a line of logical, incremental advances. So you'll only be maintaining legacy code if you learn VB in 2000 and don't learn anything else for the next 40 years.
Will there be enough work for those 5 people to maintain legacy C# code or linux kernel?
Again, you are basing this on an assumption of obsolence. Just keep up on new technolgies and you won't be doomed to legacy maintenance in the future. It's really not that hard.
Or will technological progress move so fast that their skills would be so obsolete that there will be at most need for just one person?
Again, you assume that schools will start cranking out students that are versed in a new technology that is so damn complex that people over 30 can't grasp it. That's nonsense. If anything, those with a firm understanding of today's technology are more likely to be able to adapt to new technologies than teaching something to brand new students. It has been my experience that it is easier for someone who has a complete understanding of 'C' to learn any given new technology that comes out. A new grab out of college has a hard time applying the THEORY he learned, let alone build new ideas and concepts on top of that.
In all, you have a very fatalistic attitude towards your future in the industry. If you really believe what you're saying I'd get out of the field. I definitely won't be maintaining legacy code in 30 years, but if you are convinced that's what YOU'LL be doing you have a big chance of being right.
Yes, but aren't we all? :)
You're forgetting a third place that is potentially more critical in terms of profits: customer satisfaction. If their customers are receiving hundreds of spams per day they may very well be tempted to jump ship and go with another provider that either has better anti-spam technology or, at the very least, will give them a new email address to start from scratch.
When running filtering on the system, you generally DO NOT automatically bounce the message.
Agreed. But if you are running a Challenge/Response system and a message comes to a user who is "new" for that user, the C/R system automatically generates a challenge email that it sends back to the sender. That is automatic. And when it's spam a challenge will be sent to the "sender" of every spam, even though many spams don't even have a valid "from" address. So if it sends a challenge to an invalid email address that's when you could get a bounced message.
Instead, you tag it, and pass it on to the end user for them to decide what to do.
That's the way spam FILTERS work, but that's not the way a challenge/response system works--which I believe is what we were originally talking about.
So, you're still getting hit for: - storage - bandwidth and now you've added on more CPU cycles for the same amount of mail.
Storage is relatively cheap (although not free, I agree). Bandwidth is being consumed by spam anyway whether you filter it or not. If you implement a C/R system you'll end up consuming MORE bandwidth because you'll have to send a C/R email for every spam that comes in. As for CPU cycles, I agree it requires fewer CPU cycles to do nothing about spam (in the short term). But in the long-term doing nothing may cause you to lose customers to ISPs that ARE doing something about it, and will also result in more spam since more spam will get to users which will tend to drive up response rates encouraging more spam. You can't use CPU cycles as a justification for not doing anything. Doing nothing is the worst thing an ISP can do as it relates to customer satisfaction and encouraging even more spam in the future.
but it won't alleviate the main problems they've been seeing, and it will put more load on the servers.
Again, you have to do something about spam to avoid customer dissatisfaction in the short-term and to avoid encouraging more spam in the future. Either of these aspects is going to be much more expensive than the cost of the server load. And if you do nothing and spam volume continues to increase you're going to start reaching server capacity anyway. So you can spend CPU cycles filtering out the spam or you can spend CPU cycles accepting ever-increasing amounts of spam that give your customers an ever-increasing motivation to cease being your customers.
If the servers were anywhere near CPU capacity, they'll need more iron to handle it.
Cost of doing business, I'm afraid. First, if they were near CPU capacity they probably should upgrade their hardware anyway to handle peak load. And, again, I'm not saying that battling spam is free or even cheap. But it's a battle that has to be fought and I believe the best way to do it is with Bayesian, not C/R systems.
Well I can't argue with that. If they aren't running anything but sendmail it'll cost them a little more CPU time to do Bayesian, although I think you'd be surprised how little CPU time a well-developed Bayesian system requires.
But, fact of the matter is, those ISPs that haven't deployed any anti-spam solutions yet will probably have to soon. The flood of spam demands it, and their users will demand it more and more as spam continues to increase.
So if an ISP is considering an anti-spam solution there is no reason why Bayesian should be discarded as CPU intensive. In fact, it is one of the fastest, least CPU intensive spam filtering methods available.
A C/R system does not require the user to place the would-be spammer in the whitelist. C/R means that anyone can send the user a message but if the sender is not already whitelisted he is automatically sent a message with a "challenge." If the sender receives the challenge and goes through the automated system, the sender is automatically added to the user whitelist and the message that was already sent is delivered--and subsequent messages will be livered without a challenge (i.e. open door for spam).
Best case scenario is that the sender sends a spam, gets the challenge, responds and the original spam is delivered--and the spammer immediately sends a ton more spam to the user. The user will obviously realize that the newly added address is a spammer and will remove it from the whitelist and add it to the blacklist, but unless he checks his email every minute or two he's going to have a ton of spam by the time he realizes what happens and removes the automatically-added whitelist entry for the spammer.
Tell me how in the world a spammer could effectively manage to trick a single user, much less multiple users into believing they are their friends?
He doesn't. The C/R system does NOT ask you, the receiver, if the sender should be added to your whitelist. C/R is precisely a system that asks the SENDER to PROVE that there is a human on that side. If the spammer spends the several seconds necessary to prove that, he is automatically added to the receiver's whitelist and can send all the garbage he wants UNTIL the receiver realizes the system has been duped and adds the address in question to the BLACKLIST.
1) get past the initial challenge-response step which offers the spammer an image whose content they must identify and replicate to prove they are a human being. there currently is no known automated way of doing this.
Maybe not automated, but if a spammer receives a C/R request and he KNOWS that if he takes 10 seconds to complete the C/R procedure that the spam he sent WILL be received then I suspect there ARE spammers that will do that. They don't want to spend 10 seconds per email now because they know most aren't even delivered--but if spending 10 seconds guarantees the spammer that the email will be placed in the inbox, it could very well be a worthwhile investment.
2) trick the potential future recipient of their email into believing they are friendly to whitelist them.
Please understand that a C/R system does NOT ask the future recipient to add them to the whitelist. By going through the C/R procedure that address is AUTOMATICALLY whitelisted. You don't have to convince the receiver of anything, you just need to convince the C/R system that there is a real human on the spammer side. That opens the door and then the spammer (or his spam buddies) can flood the email address with any number of spams until the receiver realizes that the system has whitelsited a spammer and the user specifically blacklists that user. But that won't stop spammers from doing it again with a different email address.
i challenge you to find a flaw in this system.
See above. I think you misunderstand what a C/R system involves. It does not require any action on behalf of the receiver. If the sender responds to the C/R, his email/spam is delivered until the receiver specifically blacklists that address--but the spammer can just do it again with another address.
The Bayesian system you believe ALSO uses the concept of a holding box, just like the earthlink system does.
Yes, but unlike the C/R/Earthlink system, it will not generate a C/R email for every spam received. Unlike the C/R system, the spammer cannot simply answer a challenge to get his spam into my inbox--he has to send me a message that doesn't have any of the traits of being spam. Simply put, a determined spammer will have an easier time getting throu