Hiring a band to perform at a party and then not paying them is an example of "theft of services."
Theft of other people's work is theft.
Taking the master tapes from a studio session is "theft of other people's work." Making a copy of that tape is copyright infringement.
You know it is.
What I know is that copyright infringement, while it is a crime, is not the crime of theft:
theft
\Theft\, n. [OE. thefte, AS. [thorn]i['e]f[eth]e, [thorn][=y]f[eth]e, [thorn]e['o]f[eth]e. See Thief.] 1. (Law) The act of stealing; specifically, the felonious taking and removing of personal property, with an intent to deprive the rightful owner of the same; larceny.
If someone makes an illegal copy of a piece of music, it is not done "with an intent to deprive the rightful owner" of the music.
Suppose you created a painting on which you got a copyright. Would you prefer that someone steal the original from you or make illicit copies of it? The former is theft and the latter is copyright infringement. The two crimes have very different impacts on the victim -- which is why copyright infringement is classified as a different crime than theft.
Maybe its just me, but I would have rather given him money to FIGHT the RIAA in court.
I would, too, but that's not an option here.
Nobody wants to give him money to give to the RIAA.
Actually, many people do. I'd much rather see a bunch of people each toss in a buck or two than see the RIAA be successful in their efforts to financially destroy a college student.
By the way, I need some complex Linux system admin and configuration work done, as well as some custom drivers. Will you be so kind as to do the work for free?
No. But if I wrote commercial drivers and you copied them without permission, then you would have committed copyright infringement, not theft.
Or perhaps you would like me to offer to pay you and then stuff a hot fire poker up your ass as I stiff you for the work?
It sounds like you have some barely repressed sexual urges that you need to work through.
By making an exact dupe of my car (your example) you are stealing my ideas without compensation.
You designed and built your own car? I just bought mine.
If I inovate some product, create some music, I deserve compensation for it.
I never said otherwise, but there is a big difference between copyright infringement and theft. The former may be depriving the creator (or some faceless corporation that bought the rights) of revenue while the latter is depriving someone of their posession by taking it from them. The reason that I say "may be" is that people are willing to download a song for free that they would never buy. Thus, there is copyright infringement -- but no injury.
I take it you aren't in any sort of creative position - an artist, composer, sculptor, researcher, writer, programmer?
Incorrect. I am a software engineer with 20+ years of professional experience.
It's not stealing, it's copyright infringement, but it still is a crime.
I never said that copyright infringement was not a crime. I questioned that the accusation that the Jesse Jordan "stole" something.
However, he was certainly still responsible for the files he had on his computer that he had not paid for.
Whether there were such files or not, I do not know. I don't know if he had MP3 files of CDs that he owned or whether he had any music files at all. All I know is that the RIAA brought suit and he settled without admitting guilt.
Steal someone elses property, get sued. That does not qualify as a screwing, it qualifies as justice.
If he stole someone else's property, then who was deprived of the property? Would you consider it theft if someone made an exact duplicate of your car?
And how is it "justice" for him to have to choose between paying $12,000 or spending money he didn't have to hire high-powered lawyers to go up against the RIAA?
Finally, who the f**k are you to pass judgement on him? He was not found guilty in a court of law and did not admit guilt when he settled the matter so how did you determine that he "[stole] someone elses[sic] property"? I have a great idea for where he could get the $12,000: He could sue you for defamation.
Of course, your argument is irrelevent since he was sued for creating a search engine that others used to find music. The music did not reside on his server nor did it pass through his computer. Had you read the article (or had someone capable of doing so read it to you), you would have known that.
Quality is important but not critical, so long as it's close to the original. Very low labor cost/time and simple operation. are important. Is there an easy way to do this?"
No. There is no way that you can copy 650 hours of VHS video simply, inexpensively, and with little labor. It's going to be time-consuming, expensive, and labor-intensive.
That said, making more VHS copies seems like a poor idea as they, too, will degrade and machines to play them will cease to be available long before 20 years is up (remember Beta, 8-track, U-matic, and Elcassette?)
You need to get them into the digital domain and, once there, moving them from format to format is relatively easy.
He currently has a link on his website on which people can click to donate money via Paypal.*
I know that some Slashdot readers really can't afford to donate, but many can. With Slashdot claiming over 200,000 unique visitors per day, it would only take a small percentage of people to completely defray the costs of his settlement.
If the RIAA sues a college student and drains his college savings, then they have won. If the Internet community chips in to cover the costs of the settlement, the RIAA has lost. The RIAA probably spent far more than $12,000 bringing the suit, incurred negative publicity, and will not have substantially harmed the victim of their lawsuit if Internet users pay the settlement. Not only that, the RIAA will see that there is a community poised to support its members and next time, maybe the funds will pay for legal defense rather than a settlement.
* Please, no replies with your thoughts on PayPal, donation accounting, etc. This is someone who has been screwed by the RIAA and the legal system and if you don't want to donate, then don't. But please do not try to discourage others from donating.
The demo was only 10 minutes long! And there's a 10 minute non-skipable video at the beginning at that!
No kidding. I didn't download 150+meg game demo from a slow server so that I could watch mediocre computer animation. It doesn't take many viewings of that before it gets real old.
Hint: FPS games are for people who like action. If I want to watch animation, I can rent it at Blockbuster.
There are plenty of taxes like this. Who pays after a major riot or terrorist attack? Who pays for prisons and executions? Who pays welfare to Enron employees?
You are mistaking the allocation of general taxes with a specific tax levied against someone because it is expected that they are more likely to commit a crime. It would be like levying a tax on white tank-top T-shirts and giving the money to women who are victims of spousal abuse.
If the cartridges are sitting around that long then the printer is already useless, purely because of the fact that its owner is just not using it.
I have had laser printers for years, starting with the HP Laserjet IIP. There is no way that I would ever have an inkjet printer as my primary printer. The print quality, (actual) speed, and cost-per-page all make inkjet an idiotic choice compared to a laser printer. (Yeah, flame away, but it's true.)
But many people with laser printers would also like an inkjet printer for the infrequent page that needs to be in color. So they might go a month or more between printouts with that printer and the ink could easily last a very long time were it not for schemes like the one described in this article. But this article shows precisely why I don't have an inkjet printer: The manufacturers either sabotage their printers (ala HP) or make cartridges and print-heads that clog-up if they aren't used on an almost daily basis (the latter being the reason why I dumped my Canon BJC 5100 at a thrift store).
I think that all any reasonable person wants is to be able to buy an inkjet printer and have it print when he needs it, not have the cartridges commit suicide in between the times when they use the printer.
Thank you. I am proud to be "one who is zealous; one who engages warmly in any cause, and pursues his object with earnestness and ardor" as Webster's Revised Unabridged Dictionary defines "zealot."
They are used to getting around obstacles, and -- I hate to say it -- in that respect they're MUCH closer than you to the ideal of the internet as it once was. This article is ALL ABOUT that next step, how blind can you be?
This article has been about how they are still using the same old open-port-25-hole and stealing from other Internet users. They haven't found some clever new way to get their spam delivered. It's all still going through port 25 via SMTP just like it always has. All they are doing is making their own open relays.
I'm really looking forward to widely implemented ip-level encryption. Maybe when port numbers are hidden from routers, the whole port blocking crap will stop looking like a viable way.
It's not "crap" and it is a viable means of combatting the spam problem. If port blocking was not effective, there would not be so many large ISPs using it to stem the flow of spam.
I don't like port blocking on any service and I only reluctantly support it for dial-ups on outbound port 25. I have been pretty vocal when ISPs block incoming 80 (HTTP) and 21 (FTP) just to prevent their customers from running servers on their so-called "unlimited Internet access." But, in the short term, I don't see any other reasonable alternative to port 25 blocks. Every Proxy-Guzu server that's behind a port 25 block is not sending spam. Every time that a port 25 block stops some spammer from relay-raping some server it's saved a lot of people from a lot of cost, aggravation, and time. Whether you or I like port blocking, it's effective in combatting the spam problem right now.
My fear about reinventing SMTP is that the result will, inavariably, involve some kind of authentication credentials. I can easily envision some kind of system where anyone running a mailserver has to pay Verisign or some other Certificate Authority for a cryptographic certificate. Anyone wanting to e-mail anonymously will be out of luck. Anyone who does not want to pay for an ID will be out of luck. You think I'm elitist, try running an SSL web server. You practically can't run an e-commerce site without paying big bucks every year for a certificate. That's where I'm afraid e-mail might be headed.
I reread some of my earlier posts in this thread and I apologize for slinging insults rather than sticking to the point. I'm not going to play a who-started-it game with the insults. I engaged in it and was wrong to do so. Sorry.
I just don't want you to sabotage the net I *already* *have*.
Too bad. Dial-up access to port 25 is leading to a tremendous quantity of spam -- regardless of your claims to the contrary. I know that it is: I have the server logs and IP look-ups to prove it.
Don't like my solution? Then propose another solution. How about one-year, non-refundable contracts for dial-up? That way, the spammer is out for twelve times as much money if he gets booted. But then I suppose you don't like that either. You would rather just whine about wanting to pay $10 at a time and have all ports open at all times regardless of the costs and risks to everyone else on the Internet.
because you can't think of a way which doesn't rely on a few priests guarding the manna of true ip connectivity and treating the majority of internet users like unworthy beggars.
The "majority of internet users" on residential dial-up don't connect to SMTP servers other than the one provided by their ISP. Quit acting like a port 25 block is such a major imposition on the average dial-up user. It's not. Mindspring/Earthlink, MSN, AT&T, Verizon, Bellsouth, and other major players block outbound port 25 and it's a damned good thing that they do or the spam problem would be even worse than it already is. The the people who sell spamming software hate port 25 blocking, so it's obviously affecting their business.
Let's block the rest and reserve the real internet for the gurus who don't know that instead of setting up a meaningless IDENT-server, you can just as well send the proper ICMP message to servers which still use this bogus authentification scheme.
If this is typical of the messages you post, it's no wonder that you post anonymously.
Short version: You don't understand IDENT or how widely it is used on the Internet (not a surprise given your use of dial-up). I don't have time to whine to every sysadmin in the world that runs a server that requests information from IDENT. It's easier and smarter to run an IDENT server than to firewall packets on port 113 since many servers (FTP, IRC, SMTP) will have fewer delays when they get an answer for IDENT than when they get an RST.
I meant spam directly from dialup to the recipient's MX, not through an open relay.
Proxy-Guzu uses its own SMTP engine to directly contact the spam recipient's SMTP server to deliver the spam. It does not go through either an open relay or the MX host assigned to the infected machine.
A normal mail server that's an open relay would have Received: headers with the spammer's source IP, and there's still a chance you could get their dialup account killed.
My time is worth something. I already spend many hours every week fighting the spam problem. If the computer infected with the spam proxy was on a dial-up ISP that blocked outbound port 25, they could not connect to my mail server. I would not have to interpret headers and write spam complaint e-mails. That would be a good thing.
I assume that jaywalking and people getting run over by cars when they cross a red light are different problems too?
No, but that's a poor analogy to this situation since neither carelessness or accidents are involved in implementing an outbound port 25 block. Again, forcing you to use your ISP's SMTP server does not force you to use an address within their domain. There are dial-up ISPs that already block outbound port 25 and do not force you to use an e-mail address within their domain. You are beating a dead horse.
You're the one who advocates crippling the net.
Not the net, just your dial-up residential access to it. The benefit to you of having outbound port 25 open does not outweigh the risk and cost of spam to the rest of us.
You seem to be happy about having to pay for a business account just to use the internet.
As I said before, you're probably the type who pays for a coach ticket and then gets pissed off that because you don't get a first class meal. Well, get over it. Residential dial-up accounts are widely used by spammers as throwaway accounts for spam runs. PCs infected with the spamming proxy that we're discussing here are often hooked up to residential dial-up Internet accounts.
Maybe we should only allow cars which cost more than the 85 percentile to use the highways during rush hour.
Yet another ill-conceived analogy. I would be willing to bet that over 99% of dial-up Internet customers exclusively use the SMTP server provided by their ISP. Thus, blocking outbound port 25 would inconvenience maybe 1% of the users. That's insignificant if it reduces spam.
PS: IDENT server? You've got to be kidding... Explains your elitism though.
If you knew much about the Internet (which you clearly don't), you would know that many SMTP servers do an IDENT query. If you don't have an IDENT server, they wait until they time-out, adding a lengthy delay to e-mail delivery and leaving the session open longer.
Yes, it is a different problem. Making you use your ISP's SMTP server is not the same as making you use an e-mail address on their system.
I'm not interested in your predictions about what ISPs will do in the future. In fact, I believe that you are simply wrong and can point to dial-up ISPs that block port 25 and don't care what your From/Reply-To address is when you use their SMTP servers.
If you're happy with paying extra for every standard port and being babysitted, get AOL.
I'm the one paying for commercial broadband Internet access and running a mail server, web server, FTP server, IDENT server, and VPN while you're whining about your residential dial-up. It sounds like you're a lot closer to an AOL customer than I am.
Making you happy with your cheap dial-up service is not nearly as important as reducing spam.
Again, they wouldn't have to pump out as many mails as they can push through the pipe. It's a distributed system.
You're talking theory and I'm talking reality. The existing programs rely on the infected machines having port 25 access. Take that away, and the programs stop working.
And after all, don't forget that blocking outbound port 25 is one of those ideas which only work if almost everybody implements them.
That's as stupid as saying "it's okay to run an open relay because you can't stop everyone from running them."
If half of the ISPs blocked outbound port 25, then only half of the infected machines would be sending spam. And spammers would have fewer ISPs from which they could get throwaway accounts for spamming.
Encryption is easy - KMail+GNUPG makes it easier to encrypt email than not to bother selectivly.
Only if you are running Linux. I do not. Nor do my clients. If I send them something encrypted, then they can't read it. I appreciate the suggestion, but it's a non-starter.
You should already be signing all of your mail (especially a quote!) anyway.
Why? The people at the client sites can call me if they are not sure mail is from me. Besides, most of them would not know how to verify a cryptographic signature anyway. No one has any great desire to forge e-mail from me -- quotes or otherwise. Do people often forge e-mail to your clients to make it look like it came from you?
In addition to this if you are going to encrypt anything you need to encrypt everything (or as much as is possible) as that way the stuff that you do send encrypted will not attract undue attention.
If you use strong encryption, you don't need to worry about how much attention it attracts, do you?
It does not have to, but if the provider so desires, it does.
Okay, so that's a different problem and not the one we are discussing. Simply forcing a dial-up user to go through their ISP's SMTP server does not force the user to use an e-mail address in that domain.
It doesn't have to. If the machine can send normal mail, then the trojan/worm can send mail too.
Untrue. The trojan horse spam programs directly connect to the recipients' SMTP servers to deliver the messages. They do not go through the SMTP server of the infected machine's ISP. Why? Because many ISPs monitor their servers for abnormal traffic volumes to catch spammers. The programs would be automatically shut down in minutes on many ISPs.
They rarely spam directly from dialups because it's slow.
Untrue -- and I run the domain anti-spam.org, so I know a bit about the problem. By using the BCC mechanism, they are able to find an open relay, send the message once and BCC a hundred or more recipients. The open relay SMTP server then sends a copy of the message to each BCC recipient. Thus, the spammers get bandwidth multiplication.
It's a very good reason to block email from dynamic DSL and cable modem IPs.
Blocking outbound port 25 means that providers can lock their users into using their provider specific addresses
Untrue. The SMTP server used to send the mail does not determine your address. I could send mail from my server and have a From: or Reply-To: address on yahoo.com. If they limited your access on port 110 so that you could only access their POP3 server, then what you are claiming would be true.
Take this and the important realization that spam will be sent distributedly through hacked/infected systems and there can only be one conclusion: blocking ports is stupid
Okay, your hacked/infected system is connected to a dial-up ISP that blocks port 25: How will it connect to mail servers all over the world to deliver the spam with port 25 blocked?
It's not the concept of blocking ports that is stupid...
Dialup users seem to become second class internet citizens.
You are. That's what happens when you go for $9.95/month residential, dial-up Internet access. You're probably also pissed off that you can't get a First Class meal when you fly in Coach. Want to be a first class Internet citizen? Then pay for it like I do: buy business-class access.
What's the obsession with blocking ports?
In case you hadn't noticed, spammers choose dial-up ISPs with all-ports-open for their spamming runs. When the access gets shut off, they are out $9.95. They are much less likely to do that with DSL or cable because there are very few providers (exactly one at my location) and the service is not $9.95/month.
Secure YOUR systems and stop telling others what they're supposed to do with theirs.
Get bent. My system is secure and spammers still send me crap. Running a secure SMTP server hasn't made a dent in the amount of spam I receive. The problem is asshole dial-up ISPs that leave port 25 open and act as a conduit for much of the spam on the Internet. There is no practical way for my mail server to to know if the system that sent the EHLO is a legit mail server or some low-life spammer using a dial-up account (yeah, I know about the dial-up blacklists and they are incomplete and inaccurate).
If you are sending confidential email unencrypted then you deserve everything you get.
I've got years of experience in the computer field, much of it in coputer security, and I understand the concept of having security that is appropriate for the information being protected. Sending a confidential price quote to a client is not the same as processing a VISA transaction or transferring data related to national security. I would rather that client A did not see client B's price quote, but it's not a tragedy if it happens. Putting it on client A's server is simply stupid, though.
If you are running a network, it behooves you to filter outgoing port 25.
Why? So that I can't test to see if the spam I received came from an open relay? So that I am forced to answer confidential e-mail from client A through client Y's SMTP server when I am at client's Y's site?
I agree that port 25 should be, by default, locked down on residential dial-up accounts (which spammers use as throwaway accounts), but don't lock it down everywhere. It breaks too many things.
Only allow initial mail submission by authorized and authenticated clients, and only allow such subissions on a port other than 25.
At the HELO/EHLO, an SMTP server doesn't know if the mail coming into it is "an initial mail submission" or just a message destined for an address served by that user.
If you set up an SMTP server on a non-standard port, then no one's mail gets there. AOL is not going to talk to your server on port 20025.
What happens when lots of mail servers are available on non-standard ports? Suddenly your port 25 block does not work any longer. Then the spammers will look for open relays on non-standard ports. You know that there will be a lot of them because there will be the "security through obscurity" crowd who believes that, because their SMTP server is running on port 31172, they can safely leave it open.
You're headed in the right direction, but leave port 25 alone. My SMTP server is configured to require identification and authentication to send e-mail outside of my domain. All mail servers should be configured that way. This crap of allowing anyone to send e-mail without a username and password is ridiculous.
So what you're saying is that the computer shouldn't respond to a command giving to it? You use the word "stupidly" as if the computer can think; until quantum mechanics/physics and energy become everyday run of the mill topics saying something like "because the computer stupidly executed a destructive typo" is a silly statement.
How hard can it be? MS-DOS has done this kind of thing for over a decade:
C:> del *.* Are you sure (Y/N)?
Unix stupidly defaults to a "don't ask no matter what" mentality. It will delete every file on the OS with one command and not so much as even ask if you are sure.
Right that's why "rm -i" exist. "Request confirmation before attempting to remove each file, regardless of the file's permissions, or whether or not the standard input device is a terminal. The -i option overrides any previous -f options."
That sounds really great. I want to delete hundreds of files in a directory and I have a choice of the default delete-everything-without-asking or ask-me-for-each-file. What if I want to delete 553 log files with the name *log and I accidentally hit [Carriage Return] rather than the "L" key?
With power comes responsibility, that's just the way life is.
Bull****! It's an operating system, not the launch codes for nuclear missiles. An OS should be written so that it has reasonable safeguards. How is rm * so much more "powerful" than del *.*? It's not. The only difference is that the former will delete everything without even asking while the latter has some minimal safeguards built in.
The original poster was 100% correct. Get over it and move on.
Slashdot Mirror
Hiring a band to perform at a party and then not paying them is an example of "theft of services."
Theft of other people's work is theft.
Taking the master tapes from a studio session is "theft of other people's work." Making a copy of that tape is copyright infringement.
You know it is.
What I know is that copyright infringement, while it is a crime, is not the crime of theft: If someone makes an illegal copy of a piece of music, it is not done "with an intent to deprive the rightful owner" of the music.
Suppose you created a painting on which you got a copyright. Would you prefer that someone steal the original from you or make illicit copies of it? The former is theft and the latter is copyright infringement. The two crimes have very different impacts on the victim -- which is why copyright infringement is classified as a different crime than theft.
Maybe its just me, but I would have rather given him money to FIGHT the RIAA in court.
I would, too, but that's not an option here.
Nobody wants to give him money to give to the RIAA.
Actually, many people do. I'd much rather see a bunch of people each toss in a buck or two than see the RIAA be successful in their efforts to financially destroy a college student.
Actually I have access to a number of U-Matic decks; and where I'm finishing up my internship
I have access to Beta decks, too, but it doesn't mean that they are widely available to the general public or that Beta is a viable archiving format.
By the way, I need some complex Linux system admin and configuration work done, as well as some custom drivers. Will you be so kind as to do the work for free?
No. But if I wrote commercial drivers and you copied them without permission, then you would have committed copyright infringement, not theft.
Or perhaps you would like me to offer to pay you and then stuff a hot fire poker up your ass as I stiff you for the work?
It sounds like you have some barely repressed sexual urges that you need to work through.
By making an exact dupe of my car (your example) you are stealing my ideas without compensation.
You designed and built your own car? I just bought mine.
If I inovate some product, create some music, I deserve compensation for it.
I never said otherwise, but there is a big difference between copyright infringement and theft. The former may be depriving the creator (or some faceless corporation that bought the rights) of revenue while the latter is depriving someone of their posession by taking it from them. The reason that I say "may be" is that people are willing to download a song for free that they would never buy. Thus, there is copyright infringement -- but no injury.
I take it you aren't in any sort of creative position - an artist, composer, sculptor, researcher, writer, programmer?
Incorrect. I am a software engineer with 20+ years of professional experience.
It's not stealing, it's copyright infringement, but it still is a crime.
I never said that copyright infringement was not a crime. I questioned that the accusation that the Jesse Jordan "stole" something.
However, he was certainly still responsible for the files he had on his computer that he had not paid for.
Whether there were such files or not, I do not know. I don't know if he had MP3 files of CDs that he owned or whether he had any music files at all. All I know is that the RIAA brought suit and he settled without admitting guilt.
Steal someone elses property, get sued. That does not qualify as a screwing, it qualifies as justice.
If he stole someone else's property, then who was deprived of the property? Would you consider it theft if someone made an exact duplicate of your car?
And how is it "justice" for him to have to choose between paying $12,000 or spending money he didn't have to hire high-powered lawyers to go up against the RIAA?
Finally, who the f**k are you to pass judgement on him? He was not found guilty in a court of law and did not admit guilt when he settled the matter so how did you determine that he "[stole] someone elses[sic] property"? I have a great idea for where he could get the $12,000: He could sue you for defamation.
Of course, your argument is irrelevent since he was sued for creating a search engine that others used to find music. The music did not reside on his server nor did it pass through his computer. Had you read the article (or had someone capable of doing so read it to you), you would have known that.
Now please get off of your high horse.
Quality is important but not critical, so long as it's close to the original. Very low labor cost/time and simple operation. are important. Is there an easy way to do this?"
No. There is no way that you can copy 650 hours of VHS video simply, inexpensively, and with little labor. It's going to be time-consuming, expensive, and labor-intensive.
That said, making more VHS copies seems like a poor idea as they, too, will degrade and machines to play them will cease to be available long before 20 years is up (remember Beta, 8-track, U-matic, and Elcassette?)
You need to get them into the digital domain and, once there, moving them from format to format is relatively easy.
He currently has a link on his website on which people can click to donate money via Paypal.*
I know that some Slashdot readers really can't afford to donate, but many can. With Slashdot claiming over 200,000 unique visitors per day, it would only take a small percentage of people to completely defray the costs of his settlement.
If the RIAA sues a college student and drains his college savings, then they have won. If the Internet community chips in to cover the costs of the settlement, the RIAA has lost. The RIAA probably spent far more than $12,000 bringing the suit, incurred negative publicity, and will not have substantially harmed the victim of their lawsuit if Internet users pay the settlement. Not only that, the RIAA will see that there is a community poised to support its members and next time, maybe the funds will pay for legal defense rather than a settlement.
* Please, no replies with your thoughts on PayPal, donation accounting, etc. This is someone who has been screwed by the RIAA and the legal system and if you don't want to donate, then don't. But please do not try to discourage others from donating.
The demo was only 10 minutes long! And there's a 10 minute non-skipable video at the beginning at that!
No kidding. I didn't download 150+meg game demo from a slow server so that I could watch mediocre computer animation. It doesn't take many viewings of that before it gets real old.
Hint: FPS games are for people who like action. If I want to watch animation, I can rent it at Blockbuster.
There are plenty of taxes like this. Who pays after a major riot or terrorist attack? Who pays for prisons and executions? Who pays welfare to Enron employees?
You are mistaking the allocation of general taxes with a specific tax levied against someone because it is expected that they are more likely to commit a crime. It would be like levying a tax on white tank-top T-shirts and giving the money to women who are victims of spousal abuse.
If the cartridges are sitting around that long then the printer is already useless, purely because of the fact that its owner is just not using it.
I have had laser printers for years, starting with the HP Laserjet IIP. There is no way that I would ever have an inkjet printer as my primary printer. The print quality, (actual) speed, and cost-per-page all make inkjet an idiotic choice compared to a laser printer. (Yeah, flame away, but it's true.)
But many people with laser printers would also like an inkjet printer for the infrequent page that needs to be in color. So they might go a month or more between printouts with that printer and the ink could easily last a very long time were it not for schemes like the one described in this article. But this article shows precisely why I don't have an inkjet printer: The manufacturers either sabotage their printers (ala HP) or make cartridges and print-heads that clog-up if they aren't used on an almost daily basis (the latter being the reason why I dumped my Canon BJC 5100 at a thrift store).
I think that all any reasonable person wants is to be able to buy an inkjet printer and have it print when he needs it, not have the cartridges commit suicide in between the times when they use the printer.
You're the definition of "anti-spam zealot".
Thank you. I am proud to be "one who is zealous; one who engages warmly in any cause, and pursues his object with earnestness and ardor" as Webster's Revised Unabridged Dictionary defines "zealot."
They are used to getting around obstacles, and -- I hate to say it -- in that respect they're MUCH closer than you to the ideal of the internet as it once was. This article is ALL ABOUT that next step, how blind can you be?
This article has been about how they are still using the same old open-port-25-hole and stealing from other Internet users. They haven't found some clever new way to get their spam delivered. It's all still going through port 25 via SMTP just like it always has. All they are doing is making their own open relays.
I'm really looking forward to widely implemented ip-level encryption. Maybe when port numbers are hidden from routers, the whole port blocking crap will stop looking like a viable way.
It's not "crap" and it is a viable means of combatting the spam problem. If port blocking was not effective, there would not be so many large ISPs using it to stem the flow of spam.
I don't like port blocking on any service and I only reluctantly support it for dial-ups on outbound port 25. I have been pretty vocal when ISPs block incoming 80 (HTTP) and 21 (FTP) just to prevent their customers from running servers on their so-called "unlimited Internet access." But, in the short term, I don't see any other reasonable alternative to port 25 blocks. Every Proxy-Guzu server that's behind a port 25 block is not sending spam. Every time that a port 25 block stops some spammer from relay-raping some server it's saved a lot of people from a lot of cost, aggravation, and time. Whether you or I like port blocking, it's effective in combatting the spam problem right now.
My fear about reinventing SMTP is that the result will, inavariably, involve some kind of authentication credentials. I can easily envision some kind of system where anyone running a mailserver has to pay Verisign or some other Certificate Authority for a cryptographic certificate. Anyone wanting to e-mail anonymously will be out of luck. Anyone who does not want to pay for an ID will be out of luck. You think I'm elitist, try running an SSL web server. You practically can't run an e-commerce site without paying big bucks every year for a certificate. That's where I'm afraid e-mail might be headed.
I reread some of my earlier posts in this thread and I apologize for slinging insults rather than sticking to the point. I'm not going to play a who-started-it game with the insults. I engaged in it and was wrong to do so. Sorry.
I just don't want you to sabotage the net I *already* *have*.
Too bad. Dial-up access to port 25 is leading to a tremendous quantity of spam -- regardless of your claims to the contrary. I know that it is: I have the server logs and IP look-ups to prove it.
Don't like my solution? Then propose another solution. How about one-year, non-refundable contracts for dial-up? That way, the spammer is out for twelve times as much money if he gets booted. But then I suppose you don't like that either. You would rather just whine about wanting to pay $10 at a time and have all ports open at all times regardless of the costs and risks to everyone else on the Internet.
because you can't think of a way which doesn't rely on a few priests guarding the manna of true ip connectivity and treating the majority of internet users like unworthy beggars.
The "majority of internet users" on residential dial-up don't connect to SMTP servers other than the one provided by their ISP. Quit acting like a port 25 block is such a major imposition on the average dial-up user. It's not. Mindspring/Earthlink, MSN, AT&T, Verizon, Bellsouth, and other major players block outbound port 25 and it's a damned good thing that they do or the spam problem would be even worse than it already is. The the people who sell spamming software hate port 25 blocking, so it's obviously affecting their business.
Let's block the rest and reserve the real internet for the gurus who don't know that instead of setting up a meaningless IDENT-server, you can just as well send the proper ICMP message to servers which still use this bogus authentification scheme.
If this is typical of the messages you post, it's no wonder that you post anonymously.
Short version: You don't understand IDENT or how widely it is used on the Internet (not a surprise given your use of dial-up). I don't have time to whine to every sysadmin in the world that runs a server that requests information from IDENT. It's easier and smarter to run an IDENT server than to firewall packets on port 113 since many servers (FTP, IRC, SMTP) will have fewer delays when they get an answer for IDENT than when they get an RST.
I meant spam directly from dialup to the recipient's MX, not through an open relay.
Proxy-Guzu uses its own SMTP engine to directly contact the spam recipient's SMTP server to deliver the spam. It does not go through either an open relay or the MX host assigned to the infected machine.
A normal mail server that's an open relay would have Received: headers with the spammer's source IP, and there's still a chance you could get their dialup account killed.
My time is worth something. I already spend many hours every week fighting the spam problem. If the computer infected with the spam proxy was on a dial-up ISP that blocked outbound port 25, they could not connect to my mail server. I would not have to interpret headers and write spam complaint e-mails. That would be a good thing.
I assume that jaywalking and people getting run over by cars when they cross a red light are different problems too?
No, but that's a poor analogy to this situation since neither carelessness or accidents are involved in implementing an outbound port 25 block. Again, forcing you to use your ISP's SMTP server does not force you to use an address within their domain. There are dial-up ISPs that already block outbound port 25 and do not force you to use an e-mail address within their domain. You are beating a dead horse.
You're the one who advocates crippling the net.
Not the net, just your dial-up residential access to it. The benefit to you of having outbound port 25 open does not outweigh the risk and cost of spam to the rest of us.
You seem to be happy about having to pay for a business account just to use the internet.
As I said before, you're probably the type who pays for a coach ticket and then gets pissed off that because you don't get a first class meal. Well, get over it. Residential dial-up accounts are widely used by spammers as throwaway accounts for spam runs. PCs infected with the spamming proxy that we're discussing here are often hooked up to residential dial-up Internet accounts.
Maybe we should only allow cars which cost more than the 85 percentile to use the highways during rush hour.
Yet another ill-conceived analogy. I would be willing to bet that over 99% of dial-up Internet customers exclusively use the SMTP server provided by their ISP. Thus, blocking outbound port 25 would inconvenience maybe 1% of the users. That's insignificant if it reduces spam.
PS: IDENT server? You've got to be kidding... Explains your elitism though.
If you knew much about the Internet (which you clearly don't), you would know that many SMTP servers do an IDENT query. If you don't have an IDENT server, they wait until they time-out, adding a lengthy delay to e-mail delivery and leaving the session open longer.
No, it's not.
Yes, it is a different problem. Making you use your ISP's SMTP server is not the same as making you use an e-mail address on their system.
I'm not interested in your predictions about what ISPs will do in the future. In fact, I believe that you are simply wrong and can point to dial-up ISPs that block port 25 and don't care what your From/Reply-To address is when you use their SMTP servers.
If you're happy with paying extra for every standard port and being babysitted, get AOL.
I'm the one paying for commercial broadband Internet access and running a mail server, web server, FTP server, IDENT server, and VPN while you're whining about your residential dial-up. It sounds like you're a lot closer to an AOL customer than I am.
Making you happy with your cheap dial-up service is not nearly as important as reducing spam.
Again, they wouldn't have to pump out as many mails as they can push through the pipe. It's a distributed system.
You're talking theory and I'm talking reality. The existing programs rely on the infected machines having port 25 access. Take that away, and the programs stop working.
And after all, don't forget that blocking outbound port 25 is one of those ideas which only work if almost everybody implements them.
That's as stupid as saying "it's okay to run an open relay because you can't stop everyone from running them."
If half of the ISPs blocked outbound port 25, then only half of the infected machines would be sending spam. And spammers would have fewer ISPs from which they could get throwaway accounts for spamming.
Encryption is easy - KMail+GNUPG makes it easier to encrypt email than not to bother selectivly.
Only if you are running Linux. I do not. Nor do my clients. If I send them something encrypted, then they can't read it. I appreciate the suggestion, but it's a non-starter.
You should already be signing all of your mail (especially a quote!) anyway.
Why? The people at the client sites can call me if they are not sure mail is from me. Besides, most of them would not know how to verify a cryptographic signature anyway. No one has any great desire to forge e-mail from me -- quotes or otherwise. Do people often forge e-mail to your clients to make it look like it came from you?
In addition to this if you are going to encrypt anything you need to encrypt everything (or as much as is possible) as that way the stuff that you do send encrypted will not attract undue attention.
If you use strong encryption, you don't need to worry about how much attention it attracts, do you?
It does not have to, but if the provider so desires, it does.
Okay, so that's a different problem and not the one we are discussing. Simply forcing a dial-up user to go through their ISP's SMTP server does not force the user to use an e-mail address in that domain.
It doesn't have to. If the machine can send normal mail, then the trojan/worm can send mail too.
Untrue. The trojan horse spam programs directly connect to the recipients' SMTP servers to deliver the messages. They do not go through the SMTP server of the infected machine's ISP. Why? Because many ISPs monitor their servers for abnormal traffic volumes to catch spammers. The programs would be automatically shut down in minutes on many ISPs.
They rarely spam directly from dialups because it's slow.
Untrue -- and I run the domain anti-spam.org, so I know a bit about the problem. By using the BCC mechanism, they are able to find an open relay, send the message once and BCC a hundred or more recipients. The open relay SMTP server then sends a copy of the message to each BCC recipient. Thus, the spammers get bandwidth multiplication.
It's a very good reason to block email from dynamic DSL and cable modem IPs.
Now you're grasping at straws.
Blocking outbound port 25 means that providers can lock their users into using their provider specific addresses
Untrue. The SMTP server used to send the mail does not determine your address. I could send mail from my server and have a From: or Reply-To: address on yahoo.com. If they limited your access on port 110 so that you could only access their POP3 server, then what you are claiming would be true.
Take this and the important realization that spam will be sent distributedly through hacked/infected systems and there can only be one conclusion: blocking ports is stupid
Okay, your hacked/infected system is connected to a dial-up ISP that blocks port 25: How will it connect to mail servers all over the world to deliver the spam with port 25 blocked?
It's not the concept of blocking ports that is stupid...
Dialup users seem to become second class internet citizens.
You are. That's what happens when you go for $9.95/month residential, dial-up Internet access. You're probably also pissed off that you can't get a First Class meal when you fly in Coach. Want to be a first class Internet citizen? Then pay for it like I do: buy business-class access.
What's the obsession with blocking ports?
In case you hadn't noticed, spammers choose dial-up ISPs with all-ports-open for their spamming runs. When the access gets shut off, they are out $9.95. They are much less likely to do that with DSL or cable because there are very few providers (exactly one at my location) and the service is not $9.95/month.
Secure YOUR systems and stop telling others what they're supposed to do with theirs.
Get bent. My system is secure and spammers still send me crap. Running a secure SMTP server hasn't made a dent in the amount of spam I receive. The problem is asshole dial-up ISPs that leave port 25 open and act as a conduit for much of the spam on the Internet. There is no practical way for my mail server to to know if the system that sent the EHLO is a legit mail server or some low-life spammer using a dial-up account (yeah, I know about the dial-up blacklists and they are incomplete and inaccurate).
If you are sending confidential email unencrypted then you deserve everything you get.
I've got years of experience in the computer field, much of it in coputer security, and I understand the concept of having security that is appropriate for the information being protected. Sending a confidential price quote to a client is not the same as processing a VISA transaction or transferring data related to national security. I would rather that client A did not see client B's price quote, but it's not a tragedy if it happens. Putting it on client A's server is simply stupid, though.
"Confidential" is not the same as "Top Secret."
If you are running a network, it behooves you to filter outgoing port 25.
Why? So that I can't test to see if the spam I received came from an open relay? So that I am forced to answer confidential e-mail from client A through client Y's SMTP server when I am at client's Y's site?
I agree that port 25 should be, by default, locked down on residential dial-up accounts (which spammers use as throwaway accounts), but don't lock it down everywhere. It breaks too many things.
Only allow initial mail submission by authorized and authenticated clients, and only allow such subissions on a port other than 25.
At the HELO/EHLO, an SMTP server doesn't know if the mail coming into it is "an initial mail submission" or just a message destined for an address served by that user.
If you set up an SMTP server on a non-standard port, then no one's mail gets there. AOL is not going to talk to your server on port 20025.
What happens when lots of mail servers are available on non-standard ports? Suddenly your port 25 block does not work any longer. Then the spammers will look for open relays on non-standard ports. You know that there will be a lot of them because there will be the "security through obscurity" crowd who believes that, because their SMTP server is running on port 31172, they can safely leave it open.
You're headed in the right direction, but leave port 25 alone. My SMTP server is configured to require identification and authentication to send e-mail outside of my domain. All mail servers should be configured that way. This crap of allowing anyone to send e-mail without a username and password is ridiculous.
So what you're saying is that the computer shouldn't respond to a command giving to it? You use the word "stupidly" as if the computer can think; until quantum mechanics/physics and energy become everyday run of the mill topics saying something like "because the computer stupidly executed a destructive typo" is a silly statement.
How hard can it be? MS-DOS has done this kind of thing for over a decade:
C:> del *.*
Are you sure (Y/N)?
Unix stupidly defaults to a "don't ask no matter what" mentality. It will delete every file on the OS with one command and not so much as even ask if you are sure.
Right that's why "rm -i" exist. "Request confirmation before attempting to remove each file, regardless of the file's permissions, or whether or not the standard input device is a terminal. The -i option overrides any previous -f options."
That sounds really great. I want to delete hundreds of files in a directory and I have a choice of the default delete-everything-without-asking or ask-me-for-each-file. What if I want to delete 553 log files with the name *log and I accidentally hit [Carriage Return] rather than the "L" key?
With power comes responsibility, that's just the way life is.
Bull****! It's an operating system, not the launch codes for nuclear missiles. An OS should be written so that it has reasonable safeguards. How is rm * so much more "powerful" than del *.*? It's not. The only difference is that the former will delete everything without even asking while the latter has some minimal safeguards built in.
The original poster was 100% correct. Get over it and move on.