Spam filtering is not a viable solution for average non-technical users
Spam filtering is actually a bad idea. Spam filtering actually makes life easier for the spammers. I have a
short
note discussing this. Among other things, it says
Attempting content filtering to detect and
junk incoming spam is counter productive. Filtering like that only makes
things easier for spammers. The spammer's ideal email list would
include every email address on the planet with the exception of those who are inclined to take action against spam. The spammer doesn't mind the
vast majority of people who "just hit delete". If automatic filtering means
that those inclined to complain about the spam don't see the spam, then
filtering actually helps the spammer.
I wonder if the increase in the use of filters is related to the increase in spam.
One thing that the BBC site didn't mention was that one
provision (point 5) was to extend the current laws banning speech intended to incite racial hatred to include religious hatred as well. Ahteists feared that that provision could be used against people arguing against religion.
There is a long (and often contentless) thread about this on (cross-posted elsewhere as well) news:uk.philosophy.atheism.
Included in that discussion recently has been a long debate about the UK constitution and the role of the Lords, and particularly the legitimacy of their action.
I haven't (yet) read the full decision, but it seems very
limited to me. If a plaintif can show that a posting (to any forum) has actually done real damage then that renders the the "it's only an Internet forum" argument pointless.
It is also not clear to me how much the issue of whether something is presented as fact or opinion is specific to trade libel.
I would like to ask PKZ a question that I have struggled with. Is it appropriate for governments to engage in electronic snooping at all? Is there an appropriate role for organizations like the NSA? If the answer to the first question is "yes", then why should the object of that snooping be limited to only fools too folish to not use something like PGP?
My own position is confused and contradictory. I see personal communication mechanisms and security a force for good. I think that US interests would actually be served if everyone in Central Asia had the ability to communicate privately and securely with anyone they wish to. I also believe that it is a proper part of the job of governments to spy. I have problems reconciling these views.
someone on comp.infosystems.www.unix suggested in
message
190920010807595210%iain@caradoc.org,
I'm on the verge of saying, "OK, fine - in the name of self-protection,
let's all install scripts that will use the root.exe exploits to shut down the offending worm-infected servers.
I am inclinded to agree. But does anyone have such a script?
Maybe I'm stupid, but from the abstract above, and a quick scan of the patent its constantly referring to the reproduction of material objects.
You didn't scan the text slowly enough. It talks about
reproduction of information in material objects, so copying information to a disk would be covered by that.
No one has yet mentioned exim as the MTA.
It is very widely used in the UK and has outstanding
filtering capabilities (and is a very good, well supported GPLed MTA).
It integrates well with either cyrus or UW-IMAP for
POP/IMAP access. As for webmail stuff, take a look at
the archives of the exim mailing list to see what people
there have used and recommended. A good webmail system will simply be a front end to a good IMAP server, since IMAP does everything that webmail
should do (accept for the HTTP interface).
Notice: Unless you are named "Arnold P. Fasnock",
you may read only the "odd numbered words" (every other word
beginning with the first) of the message above. If you have
violated that, then you hereby owe the sender 10 GBP for each even
numbered word you have read.
While we may also wish seven years internment for
senders of postal junk mail or those who make
unsolicited telephone calls, there is a fundamental
difference between those and spam. With spam,
the recipient (and relay) systems pay the marginal
cost of the spam. With junk mail/calls, the sender pays..
Imagine if the telephone solicitor called you collect. They would clearly deserve serious jail
time.
First of all, I was talking about spam originating
from freeserve or advertising things on the freeserve.
Second: Are you sure that the spam was sent to the
specific address you had set up (but hadn't
used)? If it had been sent to anyuser@domain.freeserve.com, it would show up even if the sender didn't know the name of specific mailboxes.
You also say that you never used it. But did you
browse untrusted sites with javascript enabled and
your browser knowing your those email addresses?
Either way, I would suggest that you take the matter up with freeserve. I'd be extremely surprised if they were selling addresses. Take it up with
them to make sure.
I should also say that I used freeserve from November 1998 through June 2000 (after that I moved to the US) and never had that problem. Other than as a satisfied customer, I have no connection to freeserver, Planet Online or Energis
other than having some minor contact both the person who
designed their email system and the person who
is now in charge of their email system.
In the boycott proposal I wasn't suggesting something like RBLing. UUNet, I was suggesting things like not using MCI-Worldcom as a long distence carrier, etc.
Other ISPs, including
freeserve, the largest in the UK, prevent spam from their
customers and spam advertising their customers.
So I don't believe UUNet's "we're trying but it's
hard" story. They are lying. And it is about time
that we consider a boycott of UUNet's parent, MCI-Worldcom.
As a long time TeX and LaTeX user I tend to agree
with you, but some things in this discussion need
to be clarified.
Others have correctly pointed out that LaTeX
tries for structural markup (as HTML) was originally
intended to do. When you write LaTeX you say what
things mean and deal with how those look
separately.
But LaTeX is inappropriate as an HTML replacement
for a number of reasons:
It produces fixed output. HTML rendering is
supposed to take into account client choices.
(unfortunately too many people try to do
complete visual layout with HTML). TeX
is designed so that no matter what everyone
gets the identical output.
LaTeX's use of macros and macro packages make
it very difficult to parse. This is why
LaTeX to X translators generally suck. The
only thing that can fully and correctly parse
TeX is tex. So the scheme would really only
work if people limited themselves to a fixed
subset of LaTeX.
Now there are some good ways to use LaTeX on the web. First of all, any TeXie interested in that
should look at the book The
LaTeX Web Companion.
Second there is a (not free) browswer plug-in for reading LaTeX, TeXExplorer.
But mostly, there is the simple fact that TeX and LaTeX can produce fully hyperlinked PDF natively.
So if you want something portable, linked, and have full and complete control over what the document looks like, then produce PDF with pdflatex.
OK. I've just re-scanned chapter 2 of Karl
Sigmund's Games of Life, and I've come to the conclusion
that we are both right. I am right in that Conway's
Life was part of a series of work by mathematicians
to create minimal cellular automata which could
encode a Universal Turing Machine (UTM). Also that
Conway was heavily involved in the proof (and
construction!) of a UTM in Life.
But you are right in that Conway was also looking
for the properties you describe.
At any rate, it appears that consturctions of
UTMs in Life have been around for a while.
One was published in 1982 in a book by Berelekamp,
Conway and Guys
Winning Ways for your
Mathematical Plays.
You may, of course, be right. I can't recall enough
details of vague recollections of having read years
ago that Life was designed to be capable of implementing a Turing machine.
A few minutes of looking hasn't turned up proof of
the original intentions either way, but here is a quote from an
article posted in 1991:
Ok. Here's the main question: We all know Life is universal, but has anyone
given a manageable, understandable, _explicit_ construction that proves
universality? The literature I've read (such as _The Recursive Universe_ and
_Winning Ways_) talks about self-replicating machines, which is fascinating in
its own right, but what I have in mind is a bit less ambitious. All I want is
a universal Turing machine with one semi-infinite tape. Less exciting,
perhaps, but at least something for which one could give an explicit
construction that could be easily verified by hand.
So it appears that there have long been proofs that Life could host a universal Turing machine,
but there had been no explicit construction.
This still doesn't answer the question of the purpose of Life. At this point, all I can say is
that from what I vaguely recall reading somewhere,
I am right and you are wrong. But I don't think
a google search on "the purpose of Life" will turn
up the answer.
Anyway, I understand that one of Saint Turing of Computing's original papers written just before or during WWII is *still*
classified.
I've never heard of that. But Turing's Teatise on the Enigma was
declassified a few years ago by the NSA. An
introduction and history of that book is available
at
the Turing site. That same site
has a bibliography, and yet still no mention of
material still classified.
That is not any proof that there still isn't classified material. When someone at the US National Archives sent me a copy of Turing's
Treatise in 1997, that was a surprise. But
while there might still be some undiscovered work
by Turing. I'd be surprised if there is anything
still classified.
We must remember that telephone companies actually like spam.
The more network traffic there is (no matter
what it is) the better for telcos. So, any
ISP owned by a telco will have an interest in
promoting spam.
The only thing that have to do is keep it at a
level where it doesn't stop people from using
email altogether. But untill that limit, as far
as they are concerned the more spam the better.
I was about to change my long distance company
from MCI-WorldCom to ATT last week in an attempt
to boycott telcos that promote spam, but then the ATT spammer deal emerged.
So, I guess it will be Sprint, which seems to have
cleaned up its act.
One thing that comes in is that well-raised children provide benefits to all of society, not just to themselves and their parents.
The reason for supporting day care is similar
to paying taxes for schools even if you are childless. Rasing and providing for children is
not soley the responsibility of those
who chose to have them. It is one of the things
that societies (and not just collections of individuals) are for.
According to some principles, the person who
started this thread is correct. Daycare support
does discriminate against the childless by providing a benefit that will almost entirely go
to others. And it would be wrong to deny that.
Sometimes it can go too far. (I, a parent of a two year old, would
support an extra fee for those taking small children or babies on airplanes to componsate other passengers for the extra discomfort caused.)
In general these are the types of decisions and
balances that need to be worked out in a democracy.
As you say, raising children has its
own rewards. Believe me I know. But I think that it
is probably a mistake to present that choice -
even with your qualification and acknowledgement - as a public good.
I would like to think that you are right, but I fear that you are wrong. Instead we should think
about the support of children in general as a public good.
All the payments and benefits almost never come out even in the end.
Some people end up contributing more, and others end up benefiting more, and some of the benefits go to
future generations. That is part of communal living.
There are four separate issues which are a mistake
to conflate about electoral reform.
Winner take all per state
This feature of the electoral college was
deliberate design to force candidates to
appeal to multiple regions. A candidate who
wins 90% of CA and NY and 40% in the rest
of the country is to be discouraged by the
system. They have to get a plurality in
a substantial number of states, instead of just winning very big in some densely populated areas. The downside is that this (deliberately) goes against "one person one vote"
as it diminishes the votes of individuals in densely populated areas.
Indirect elections via "electors"
This is just an anachronism which serves
no valid purpose today.
Proportional representation (PR)
Any time anyone proposes any kind of electoral
reform, we here the same exmaples (Israeli unstable governments, extremists in power) of
problems with proportional representation. Well,
folks, Not all electoral reform is for PR. See following
Preference voting
There are a variety of preference voting systems. Basically, people mark ballots giving
a ranking of how they like the candidates. First choice, second choice, thrid choice, etc. While
there are a variety of schemes for this sort
of thing (my favorite is Condorcet), they all have the effect of selecting
against candidates who are disliked by the majority. This has the opposite effect
of PR.
Note that introducing PR or Preference Voting
would not require any change to the constitution, and could be done on a state by state basis.
If merely reading MS source code could make
it difficult to prove that you didn't use
what you learned in some GPL'ed thing later, then
shouldn't this work the other way around? That
is, even if code snippets themselves don't make
it from Open Source code to proprietory, maybe
ideas do.
Should someone investigate whether anybody
employed by Microsoft has read GPL'ed code?
Could that bring all of MS source under the GPL?
Am I just talking nonsense?
I suspect that it would be very very difficult to
make a case either way, but one side has more
money to throw at lawyers than others.
There are many good observations in this (and other) posts. As already noted by just about
everybody, logging IP addresses is necessary
for maintenence.
But as Anomalous Ovum says,
During a transaction IP address will always be known. A log file is merely a form of persistent memory that
extends beyond that moment. Therefore the real issue is not whether to log, but how long it is retained.
It is not just how long the information is retained, but how it is used. To make the case
clearer, let's look at an example where
logging can be more Big Brotherish.
I recall setting up
squid web
proxy and cache at a medium sized university
in 1995. Actually at that time, Squid was still
Harvest. Anyway, once my co-admin and I got
everything up beyond our own tests, we set the
clients around the campus to use it. Naturally,
we watched the cache-proxy logs go.
Well, as soon as we saw the URLs that were getting
fetched, we immediately decided that "we shouldn't
be watching this". We had the IP address of the client and we had other ways of finding out
who was logged into that particular workstation.
All of a sudden we had a way of tracking who at
the university was reading what.
Of course we knew beforehand that we would have that information, but it was only after we tail -f the log did we realize how much
of an issue that was.
The first thing that we decided was that if users
were going to fetch lots of images, we wanted the
material cached, instead of getting dozens of seperate requests for the same image. So the cache was doing its job. But we puzzled over
what to do about this very private information we
suddenly had.
At that point in time, use of the cache was voluntary. One could opt-out by resetting default
browser settings. But we wanted as many people
to use the cache as possible.
So we were left with a few options
Anonymize the logs by masking the IP address
that gets logged.
That way, we would know
what was being read, cached or not cached
which is very useful for maintenance, but
have no way to trace the individual user.
Current versions of squid now have that
as a configurable feature. We would have
just patched harvest or post processed the
logs.
Not log at all.
We really needed the information to tune
the proxy. This was not an option we
seriously considered.
Keep things private and lie to everybody
The two of us admins agreed to respect
privacy and not trace individual users and
only read logs when needed (and mostly
using summary stats), but more importantly
we agreed that if some PHB in management
ever asked us whether we could trace who
read what we would lie and say that that
was impossible.
We did the last of those. We never actually were
asked about getting someones viewing habits, so
we never had to tell the lie. There were instances when we persued things in investigating
abuse (say harrassing email posted via hotmail).
But fortunately we never had to reveal how we
traced those. The ToS that everyone signed did
give the Computing Services the right to poke around when investigating such things.
On the whole, I still worry about whether we made
the right choice. It worked out well, but we effectively lied to users (by not letting them know that such information was logged), and would
have lied to management the same way had it come up.
So back to the main point. Logging may be necessary for security and maintanence, but the
real issue is what safe guards are in place against misuse of those logs. Typically, it is only the goodwill of the sysadms.
Slashdot Mirror
I wonder if the increase in the use of filters is related to the increase in spam.
There is a long (and often contentless) thread about this on (cross-posted elsewhere as well) news:uk.philosophy.atheism. Included in that discussion recently has been a long debate about the UK constitution and the role of the Lords, and particularly the legitimacy of their action.
I haven't (yet) read the full decision, but it seems very limited to me. If a plaintif can show that a posting (to any forum) has actually done real damage then that renders the the "it's only an Internet forum" argument pointless.
It is also not clear to me how much the issue of whether something is presented as fact or opinion is specific to trade libel.
My own position is confused and contradictory. I see personal communication mechanisms and security a force for good. I think that US interests would actually be served if everyone in Central Asia had the ability to communicate privately and securely with anyone they wish to. I also believe that it is a proper part of the job of governments to spy. I have problems reconciling these views.
message
190920010807595210%iain@caradoc.org,
I am inclinded to agree. But does anyone have such a script?
You didn't scan the text slowly enough. It talks about reproduction of information in material objects, so copying information to a disk would be covered by that.
It integrates well with either cyrus or UW-IMAP for POP/IMAP access. As for webmail stuff, take a look at the archives of the exim mailing list to see what people there have used and recommended. A good webmail system will simply be a front end to a good IMAP server, since IMAP does everything that webmail should do (accept for the HTTP interface).
On my Stupid Email Disclaimers pages, I quote some others who think that these have no legal force and can only be used to scare people with.
Imagine if the telephone solicitor called you collect. They would clearly deserve serious jail time.
For some limited discussion of this fundamental point see the email blocking policy of Cranfield University
Second: Are you sure that the spam was sent to the specific address you had set up (but hadn't used)? If it had been sent to anyuser@domain.freeserve.com, it would show up even if the sender didn't know the name of specific mailboxes.
You also say that you never used it. But did you browse untrusted sites with javascript enabled and your browser knowing your those email addresses?
Either way, I would suggest that you take the matter up with freeserve. I'd be extremely surprised if they were selling addresses. Take it up with them to make sure.
I should also say that I used freeserve from November 1998 through June 2000 (after that I moved to the US) and never had that problem. Other than as a satisfied customer, I have no connection to freeserver, Planet Online or Energis other than having some minor contact both the person who designed their email system and the person who is now in charge of their email system.
In the boycott proposal I wasn't suggesting something like RBLing. UUNet, I was suggesting things like not using MCI-Worldcom as a long distence carrier, etc.
So I don't believe UUNet's "we're trying but it's hard" story. They are lying. And it is about time that we consider a boycott of UUNet's parent, MCI-Worldcom.
Others have correctly pointed out that LaTeX tries for structural markup (as HTML) was originally intended to do. When you write LaTeX you say what things mean and deal with how those look separately.
But LaTeX is inappropriate as an HTML replacement for a number of reasons:
Now there are some good ways to use LaTeX on the web. First of all, any TeXie interested in that should look at the book The LaTeX Web Companion . Second there is a (not free) browswer plug-in for reading LaTeX, TeXExplorer. But mostly, there is the simple fact that TeX and LaTeX can produce fully hyperlinked PDF natively. So if you want something portable, linked, and have full and complete control over what the document looks like, then produce PDF with pdflatex.
But you are right in that Conway was also looking for the properties you describe.
At any rate, it appears that consturctions of UTMs in Life have been around for a while. One was published in 1982 in a book by Berelekamp, Conway and Guys Winning Ways for your Mathematical Plays .
A few minutes of looking hasn't turned up proof of the original intentions either way, but here is a quote from an article posted in 1991:
So it appears that there have long been proofs that Life could host a universal Turing machine, but there had been no explicit construction.
This still doesn't answer the question of the purpose of Life. At this point, all I can say is that from what I vaguely recall reading somewhere, I am right and you are wrong. But I don't think a google search on "the purpose of Life" will turn up the answer.
I've never heard of that. But Turing's Teatise on the Enigma was declassified a few years ago by the NSA. An introduction and history of that book is available at the Turing site. That same site has a bibliography, and yet still no mention of material still classified.
That is not any proof that there still isn't classified material. When someone at the US National Archives sent me a copy of Turing's Treatise in 1997, that was a surprise. But while there might still be some undiscovered work by Turing. I'd be surprised if there is anything still classified.
So, I don't know if it makes the point that Life was actually designed to be yet another minimal system that could implement any Turing Machine.
The only thing that have to do is keep it at a level where it doesn't stop people from using email altogether. But untill that limit, as far as they are concerned the more spam the better.
I was about to change my long distance company from MCI-WorldCom to ATT last week in an attempt to boycott telcos that promote spam, but then the ATT spammer deal emerged. So, I guess it will be Sprint, which seems to have cleaned up its act.
The reason for supporting day care is similar to paying taxes for schools even if you are childless. Rasing and providing for children is not soley the responsibility of those who chose to have them. It is one of the things that societies (and not just collections of individuals) are for.
According to some principles, the person who started this thread is correct. Daycare support does discriminate against the childless by providing a benefit that will almost entirely go to others. And it would be wrong to deny that.
Sometimes it can go too far. (I, a parent of a two year old, would support an extra fee for those taking small children or babies on airplanes to componsate other passengers for the extra discomfort caused.) In general these are the types of decisions and balances that need to be worked out in a democracy.
As you say, raising children has its own rewards. Believe me I know. But I think that it is probably a mistake to present that choice - even with your qualification and acknowledgement - as a public good. I would like to think that you are right, but I fear that you are wrong. Instead we should think about the support of children in general as a public good.
All the payments and benefits almost never come out even in the end. Some people end up contributing more, and others end up benefiting more, and some of the benefits go to future generations. That is part of communal living.
But, this is exactly why voter registration information is and should be public. Making it public is a major anti-fraud mechanism.
- Winner take all per state
This feature of the electoral college was
deliberate design to force candidates to
appeal to multiple regions. A candidate who
wins 90% of CA and NY and 40% in the rest
of the country is to be discouraged by the
system. They have to get a plurality in
a substantial number of states, instead of just winning very big in some densely populated areas. The downside is that this (deliberately) goes against "one person one vote"
as it diminishes the votes of individuals in densely populated areas.
- Indirect elections via "electors"
This is just an anachronism which serves
no valid purpose today.
- Proportional representation (PR)
Any time anyone proposes any kind of electoral
reform, we here the same exmaples (Israeli unstable governments, extremists in power) of
problems with proportional representation. Well,
folks, Not all electoral reform is for PR. See following
- Preference voting
There are a variety of preference voting systems. Basically, people mark ballots giving
a ranking of how they like the candidates. First choice, second choice, thrid choice, etc. While
there are a variety of schemes for this sort
of thing (my favorite is Condorcet), they all have the effect of selecting
against candidates who are disliked by the majority. This has the opposite effect
of PR.
Note that introducing PR or Preference Voting would not require any change to the constitution, and could be done on a state by state basis.Should someone investigate whether anybody employed by Microsoft has read GPL'ed code? Could that bring all of MS source under the GPL? Am I just talking nonsense?
I suspect that it would be very very difficult to make a case either way, but one side has more money to throw at lawyers than others.
But as Anomalous Ovum says,
It is not just how long the information is retained, but how it is used. To make the case clearer, let's look at an example where logging can be more Big Brotherish.I recall setting up squid web proxy and cache at a medium sized university in 1995. Actually at that time, Squid was still Harvest. Anyway, once my co-admin and I got everything up beyond our own tests, we set the clients around the campus to use it. Naturally, we watched the cache-proxy logs go.
Well, as soon as we saw the URLs that were getting fetched, we immediately decided that "we shouldn't be watching this". We had the IP address of the client and we had other ways of finding out who was logged into that particular workstation. All of a sudden we had a way of tracking who at the university was reading what.
Of course we knew beforehand that we would have that information, but it was only after we tail -f the log did we realize how much of an issue that was.
The first thing that we decided was that if users were going to fetch lots of images, we wanted the material cached, instead of getting dozens of seperate requests for the same image. So the cache was doing its job. But we puzzled over what to do about this very private information we suddenly had.
At that point in time, use of the cache was voluntary. One could opt-out by resetting default browser settings. But we wanted as many people to use the cache as possible.
So we were left with a few options
- Anonymize the logs by masking the IP address
that gets logged.
- Not log at all.
- Keep things private and lie to everybody
We did the last of those. We never actually were asked about getting someones viewing habits, so we never had to tell the lie. There were instances when we persued things in investigating abuse (say harrassing email posted via hotmail). But fortunately we never had to reveal how we traced those. The ToS that everyone signed did give the Computing Services the right to poke around when investigating such things.That way, we would know what was being read, cached or not cached which is very useful for maintenance, but have no way to trace the individual user.
Current versions of squid now have that as a configurable feature. We would have just patched harvest or post processed the logs.
We really needed the information to tune the proxy. This was not an option we seriously considered.
The two of us admins agreed to respect privacy and not trace individual users and only read logs when needed (and mostly using summary stats), but more importantly we agreed that if some PHB in management ever asked us whether we could trace who read what we would lie and say that that was impossible.
On the whole, I still worry about whether we made the right choice. It worked out well, but we effectively lied to users (by not letting them know that such information was logged), and would have lied to management the same way had it come up.
So back to the main point. Logging may be necessary for security and maintanence, but the real issue is what safe guards are in place against misuse of those logs. Typically, it is only the goodwill of the sysadms.