How long do you reckon it'll be before somebody releases an e-mail worm that connects to a filesharing network, downloads a list of files, downloads the files on it, and shares them?
Your missing the point of security through obscurity. Taking your argument, you can reduce any security system to security by obscurity, even ones that rely on physical objects (if you know exactly how a physical object appears, you can duplicate it).
Security by obscurity, as usually defined, is reliance on a method of security that, if an attacker knew which method (generally one of a rather limited set of possibilities) you were using, would not be secure.
So, having the method "username + password" wouldn't help an attacker very much.
No, the purpose of the GPL is to provide everyone with access to the code and allow them to use it in their own GPL programs.
All contributors to Linux still own the sections that they contributed. Some projects are run differently, for instance the FSF owns the code to all of the official gnu projects, because they ask contributors to assign copyright to them.
The ownership is important if you later want to change the license, for example by granting somebody permission to do something that isn't usually allowed by the GPL (e.g. distribute a modified version that isn't under the GPL).
If ownership of the code is restricted to a few well-known people this can be done, in the case of the linux kernel it couldn't, because if any contributor couldn't be contacted/refused (there'll be quite a few, I suspect), then their code would have to be removed. If it were important it would then have to be replaced.
I'm sorry, it isn't either novel or non-trivial. I've been using this technique since 1997, when I read it as a recommended technique in a book on CGI programming that had been published years before.
It is obvious. In fact, it's about the easiest way of solving the problem of a CGI script that produces an image, let alone cache-busting.
50x their existing disc space for email [...] I'm assuming that, because they have some apparent requirement that all mail gets delivered, that they cannot effectively enforce email quotas that would result in non-delivery of email.
You haven't really thought it through, have you? They're required to deliver all mail, yes? That includes the junk. The best they could do previously was deliver the junk elsewhere. So, they're not going to need any additional disk space.
Maybe you are living in a country where privacy laws are no longer enacted, but I prefer to have rather strict privacy laws over having someone spy on me.
My company receives about 3,000 e-mails per week, of which 2,600 or so are junk.
I recently installed a simple bayesian junk filter + whitelist on this, and it is catching about 2,500 of those 2,600 junk messages. Last week there were two false positives; the week before there were none. 99% of the false positives have come through mailing lists that add loads of shite to the bottom about how to unsubscribe. In the 2 months we've been using this filter, we have not had a single business-critical message filtered.
Previously we used a spam-assasin style points system, which I would spend about an hour a week fine tuning. We were letting through about twice as much junk, filtering about 5 times as many legitimate messages.
The message - try a bayesian filter (yes I know s.a. has a bayesian filter built in now, but IMO the other stuff it does just confuses the issue). Set up an IMAP folder for everyone to dump the junk that they receive into, one to put their false positives into, and one for their filtered messages to be delivered to. Instruct them clearly about what to do with them. Re-train every other week. You'll get much better results than you're getting now, by the sounds of it.
1. As somebody else has pointed out, the figure is actually 33%. 2. Almost all low-bandwidth connections use some form of adaptive compression that's likely to reduce this overhead to 10% or less.
Much better way: reject viruses in the SMTP transaction. The SMTP client is then responsible for notifying the sender. If that client is a virus or worm, it will do nothing; no one is bothered. If it's a false positive, the sender will get the bounce. Reliable, unobstrusive.
If you want to filter email politely, you must follow these rules. People who don't cause the rest of us constant headaches. The worst thing is that they don't even realize it.
All very interesting. However the vast majority of people don't run an SMTP server, but filter their e-mail on delivery (e.g. after a POP3 download), so cannot follow this suggestion. Sorry.
Yes, but the purpose behind the use is considered. For example, if the use is for the purposes of academic research, or criticism, then a copyright work can be used in ways that would otherwise not be allowed.
(I know, I know, don't feed the trolls, but when they're rated +5 funny, I can't help it).
Cellphones are tech devices and must be considered cool. Pop music is automatically uncool. When the two are blended... slashdot doesn't know what to mod it.
Cellphones automatically cool? What planet are you living on? "Pop music" automatically uncool? Depends on who you are, I guess, but for most of us -- no.
The problem is... whoever came up with the idea of using music for a phone's ringtone needs to be shot. Music is designed as something that you want to listen to. People who right it are using millenia of accumulated techniques to try to ensure that when you start listening to it, you don't want to stop. And then some idiot answers the phone...
No! Q wasn't "just a plot device". Q was the character that brought about possibly the most amusing writing ST has ever seen (with the exception of "The Trouble with Tribbles").
And if you can't laugh at Star Trek, what's the point?
I wrote an implementation of a Unistroke decoder back in that late nineties. Its a nice alphabet, a little faster to use than Graffiti, although much harder to learn. Graffiti could be seen as a compromise development on it, which I guess is what this was all about.
Unless Palm have their own patents on it, I guess so.
The Xerox patent was on "unistrokes", a system that was _very_ similar to Graffiti, but is a little simpler to implement, faster to use, and harder to learn.
Unistroke uses only three types of stroke, a straight line, a curve through 90 degrees and a curve that crosses back over itself, which makes the recognition much easier than graffiti. The system was designed to be quick to use: common sequences of letters alternate in direction, so that you have to reposition your pen less frequently. The drawback is that these two factors mean that a lot of the strokes are non-obvious, bearing little or no relationship to the letter they encode.
Xerox spent a fortune on R&D in the early eighties. A huge volume of the ideas behind modern computing came out of their Palo Alto Research Center. The problem was, the place was managed by researchers, who didn't have the vision on how to commercialise the products. So the actual engineers started quitting and building their own companies to produce the stuff they'd designed.
Are you afraid to get onto a plane because somebody might have slipped a gun into your bag and claim you were trying to hijack it? It's about as likely to be a problem.
This tap was authorised by a judge, presumably because there was _already_ compelling evidence against the man, just not enough to get a conviction.
How do we prevent child pornography, how do we report it? I would suggest that plugins be provided to automatically scan for these items and forward significant results to the FBI or the ISP that the user is coming from. At the very least we have a moral responsibility to create software that prevents child pornographers from proliferating on the Internet.
And how do you propose we do this? All right, a few years ago it might have been vaguely feasible to stick a keyword-scanner plugin that automatically reported anything that looked dodgy, but these days about 50% of the legitimate content (that is, people trying to promote perfectly legal porn sites, just about the only completely legal purpose file sharing networks are regularly put to) has strings of keywords added to the end that don't have anything to do with the content. There are tens of thousands of files out there with either "lolita", "underage sex", "1[23456]yo", "schoolgirl", or some other keyword that might once have meant something, but a very high proportion of these aren't what the keywords suggest, and the filename tends to make this clear. I remember coming across a whole bunch of files that were labeled "not underage porn".
Until we have working AI that can analyse the content of the files and come to at least a 99% accurate conclusion, there is nothing that can be done on a technical level, as far as I can see.
How long do you reckon it'll be before somebody releases an e-mail worm that connects to a filesharing network, downloads a list of files, downloads the files on it, and shares them?
They get the IP, and then they sue the person who signed up for the ISP account associated with it.
If that wasn't who was doing the downloading, well, touch luck really. You'll have to see them in court, if you can afford it.
They don't sue downloaders. They only sue people who are 'offering to upload'.
That way they avoid this entire murky area.
You're missing the reason "because passwords can be cracked by brute force, but this generally takes some time to achieve".
less than you'd spend for dinner at a nice restaurant
Err, right. The writer of that sentence was confusing "nice" with "unnecessarily flash".
Your missing the point of security through obscurity. Taking your argument, you can reduce any security system to security by obscurity, even ones that rely on physical objects (if you know exactly how a physical object appears, you can duplicate it).
Security by obscurity, as usually defined, is reliance on a method of security that, if an attacker knew which method (generally one of a rather limited set of possibilities) you were using, would not be secure.
So, having the method "username + password" wouldn't help an attacker very much.
for the s7ate of And its long term [goat.cx]
Right. The link text makes no sense, and the link points to the wrong site. Even the goatse.cx trolls are going downhill these days.
No, the purpose of the GPL is to provide everyone with access to the code and allow them to use it in their own GPL programs.
All contributors to Linux still own the sections that they contributed. Some projects are run differently, for instance the FSF owns the code to all of the official gnu projects, because they ask contributors to assign copyright to them.
The ownership is important if you later want to change the license, for example by granting somebody permission to do something that isn't usually allowed by the GPL (e.g. distribute a modified version that isn't under the GPL).
If ownership of the code is restricted to a few well-known people this can be done, in the case of the linux kernel it couldn't, because if any contributor couldn't be contacted/refused (there'll be quite a few, I suspect), then their code would have to be removed. If it were important it would then have to be replaced.
I'm sorry, it isn't either novel or non-trivial. I've been using this technique since 1997, when I read it as a recommended technique in a book on CGI programming that had been published years before.
It is obvious. In fact, it's about the easiest way of solving the problem of a CGI script that produces an image, let alone cache-busting.
What's next? "My computer has 512k of level 1 catch"?!?
Makes sense. Its there to catch the references to your main memory before they have to go out there...
50x their existing disc space for email
[...]
I'm assuming that, because they have some apparent requirement that all mail gets delivered, that they cannot effectively enforce email quotas that would result in non-delivery of email.
You haven't really thought it through, have you? They're required to deliver all mail, yes? That includes the junk. The best they could do previously was deliver the junk elsewhere. So, they're not going to need any additional disk space.
Maybe you are living in a country where privacy laws are no longer enacted, but I prefer to have rather strict privacy laws over having someone spy on me.
WTF does this have to do with privacy?
OK, some stats:
My company receives about 3,000 e-mails per week, of which 2,600 or so are junk.
I recently installed a simple bayesian junk filter + whitelist on this, and it is catching about 2,500 of those 2,600 junk messages. Last week there were two false positives; the week before there were none. 99% of the false positives have come through mailing lists that add loads of shite to the bottom about how to unsubscribe. In the 2 months we've been using this filter, we have not had a single business-critical message filtered.
Previously we used a spam-assasin style points system, which I would spend about an hour a week fine tuning. We were letting through about twice as much junk, filtering about 5 times as many legitimate messages.
The message - try a bayesian filter (yes I know s.a. has a bayesian filter built in now, but IMO the other stuff it does just confuses the issue). Set up an IMAP folder for everyone to dump the junk that they receive into, one to put their false positives into, and one for their filtered messages to be delivered to. Instruct them clearly about what to do with them. Re-train every other week. You'll get much better results than you're getting now, by the sounds of it.
Just a couple of nitpicks:
Your article says "base64 bloats files 50%".
1. As somebody else has pointed out, the figure is actually 33%.
2. Almost all low-bandwidth connections use some form of adaptive compression that's likely to reduce this overhead to 10% or less.
Much better way: reject viruses in the SMTP transaction. The SMTP client is then responsible for notifying the sender. If that client is a virus or worm, it will do nothing; no one is bothered. If it's a false positive, the sender will get the bounce. Reliable, unobstrusive.
If you want to filter email politely, you must follow these rules. People who don't cause the rest of us constant headaches. The worst thing is that they don't even realize it.
All very interesting. However the vast majority of people don't run an SMTP server, but filter their e-mail on delivery (e.g. after a POP3 download), so cannot follow this suggestion. Sorry.
Fair use applies to all people.
Yes, but the purpose behind the use is considered. For example, if the use is for the purposes of academic research, or criticism, then a copyright work can be used in ways that would otherwise not be allowed.
(I know, I know, don't feed the trolls, but when they're rated +5 funny, I can't help it).
Cellphones are tech devices and must be considered cool. Pop music is automatically uncool. When the two are blended... slashdot doesn't know what to mod it.
Cellphones automatically cool? What planet are you living on?
"Pop music" automatically uncool? Depends on who you are, I guess, but for most of us -- no.
The problem is... whoever came up with the idea of using music for a phone's ringtone needs to be shot. Music is designed as something that you want to listen to. People who right it are using millenia of accumulated techniques to try to ensure that when you start listening to it, you don't want to stop. And then some idiot answers the phone...
No! Q wasn't "just a plot device". Q was the character that brought about possibly the most amusing writing ST has ever seen (with the exception of "The Trouble with Tribbles").
And if you can't laugh at Star Trek, what's the point?
I wrote an implementation of a Unistroke decoder back in that late nineties. Its a nice alphabet, a little faster to use than Graffiti, although much harder to learn. Graffiti could be seen as a compromise development on it, which I guess is what this was all about.
Unless Palm have their own patents on it, I guess so.
The Xerox patent was on "unistrokes", a system that was _very_ similar to Graffiti, but is a little simpler to implement, faster to use, and harder to learn.
Unistroke uses only three types of stroke, a straight line, a curve through 90 degrees and a curve that crosses back over itself, which makes the recognition much easier than graffiti. The system was designed to be quick to use: common sequences of letters alternate in direction, so that you have to reposition your pen less frequently. The drawback is that these two factors mean that a lot of the strokes are non-obvious, bearing little or no relationship to the letter they encode.
Xerox spent a fortune on R&D in the early eighties. A huge volume of the ideas behind modern computing came out of their Palo Alto Research Center. The problem was, the place was managed by researchers, who didn't have the vision on how to commercialise the products. So the actual engineers started quitting and building their own companies to produce the stuff they'd designed.
... it predicts when you're going to be the most tired. And it asks:
"At what time of day do you feel at your best?"
OK, if you know when you feel your best, don't you think its likely you already know when you're worst?
In the UK, I believe it would be illegal to offer them by mail order. You would have to go to a pharmacist's shop to get them.
Are you afraid to get onto a plane because somebody might have slipped a gun into your bag and claim you were trying to hijack it? It's about as likely to be a problem.
This tap was authorised by a judge, presumably because there was _already_ compelling evidence against the man, just not enough to get a conviction.
Forgot to comment on this in my previous reply.
How do we prevent child pornography, how do we report it? I would suggest that plugins be provided to automatically scan for these items and forward significant results to the FBI or the ISP that the user is coming from. At the very least we have a moral responsibility to create software that prevents child pornographers from proliferating on the Internet.
And how do you propose we do this? All right, a few years ago it might have been vaguely feasible to stick a keyword-scanner plugin that automatically reported anything that looked dodgy, but these days about 50% of the legitimate content (that is, people trying to promote perfectly legal porn sites, just about the only completely legal purpose file sharing networks are regularly put to) has strings of keywords added to the end that don't have anything to do with the content. There are tens of thousands of files out there with either "lolita", "underage sex", "1[23456]yo", "schoolgirl", or some other keyword that might once have meant something, but a very high proportion of these aren't what the keywords suggest, and the filename tends to make this clear. I remember coming across a whole bunch of files that were labeled "not underage porn".
Until we have working AI that can analyse the content of the files and come to at least a 99% accurate conclusion, there is nothing that can be done on a technical level, as far as I can see.
Sorry.