I note that their email isn't working, and my email server is up, and get annoyed when I insist that something on their machine is malfunctioning? I'd hate to see how pissed off they get when they go to a mechanic about car trouble..
The article's point of view; User: My car is making a funny noise. Mechanic: Mine's working fine, it must be your problem.
The IT point of view; User: Are cars working today? mine won't start. Mechanic: Mine's working fine, it must be something with your car in particular.
They're encoding the information into TXT records! Ugh, that is a complete hack.
Why not simply create a new record type?
Because creating a new DNS record type isn't a simple as you imply. Old versions of BIND (some of which are still running) actually crash when they encounter an unexpected data type.
Even using existing DNS RR types like SRV is a bit of a sticky wicket.
Now as to why they ignored the suggestion of making the attribute name "SPF" and went instead with "V" I can only attribute that to extreme arrogence. (Or maybe they didn't bother to read RFC 1464, despite it being repeatedly pointed out on the mailing list.)
(x) Users of email will not put up with it Actually if implemented properly (allowing people to configure it) people WILL put up with it..
Some would, some wouldn't. Check other posts to see what some people think of the idea of "restricting their internet service"
(x) Requires immediate total cooperation from everybody at once No. Every user that gets one of these things helps.
Just like every open relay closed cut down on the amount of spam? Lots of ISPs block port 25 completely. Have you noticed a reduction in spam as a result?
(x) Lack of centrally controlling authority for email Huh?
A bit of a strech perhaps, but consider the problem of people who refuse to install one of the things. How do you punish them for that?
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical I think this is practical. Just like a regular firewall is practical. (Might as well make this thing a proper full blown hardware firewall)
I don't. But like many others I have no objection to other people installing them. It's when they insist that I buy one that I consider it a problem.
(x) Countermeasures should not involve sabotage of public networks (x) Countermeasures must work if phased in gradually Pardon?
This is an impediment to the traffic flow (sabatoge) and it won't have any real effect on spam unless it gets enourmously large scale adoption, and even then it's not clear that it will work as theorized. Large scale adoption is necessary just to test the theory.
(x) This is a stupid idea, and you're a stupid company for suggesting it. Yes - very amusing. We're all laughing at your stupidity.
approach to fighting spam. Your idea will not work. Here is why it won't work. One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it (x) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers (x) Requires immediate total cooperation from everybody at once ( ) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it (x) Lack of centrally controlling authority for email (x) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP ( ) Susceptibility of protocols other than SMTP to attack ( ) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches ( ) Extreme profitability of spam ( ) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Extreme stupidity on the part of people who do business with Microsoft ( ) Extreme stupidity on the part of people who do business with Yahoo ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck ( ) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud (x) Countermeasures should not involve sabotage of public networks (x) Countermeasures must work if phased in gradually ( ) Sending email should be free ( ) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work. (x) This is a stupid idea, and you're a stupid company for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burnyour house down!
Copyrights are actually the one form of property that you can reasonably claim: "Nobody would ever have this if I didn't create it." It's a very pure creation that doesn't depend on any prior property of any kind. So, it might actually be reasonable to give infinite ownership to the creator. Probably not a good practical idea, but reasonable people could at least make a good moral argument.
IP is also different from other forms of property in that making a copy does not deprive the hold of the original. Thus a good moral argument can also be made for no ownership.
I seriously doubt that the Beatles will not be credited for creating a song after it's in the public domain. Their "ownership" in that sense will continue indefinitely.
But ideas being a "property" which can not be copied is not a natural state of affairs, it must be enforced. We wouldn't even consider ideas as "property" if it weren't for this enforcement. It's the enforcement that is being limited.
Can you really confidently say that we will be using paper 200 years from now, much less paper forms?
Maybe we'll decide it's better to have computers track all the information for us. Or maybe not. The point is, designing for the future implies that you can predict that future with some reasonable accuracy.
Predicting what tomorrow will be like isn't hard. Predict 10 years ahead we can still be fairly confident. But 200 years? For all we know, computers might be programming themselves by then.
We build disposable software, because computers are still disposable. Not because they can't be built to last, but because they quickly become obsolete.
If Moore's law continues to hold for 40 years, computers will be over a million times more powerful than they are now, the cheapest drive you could buy would hold more than a petabyte, and we'll be saying things like "I remember when a thousand bucks for a terabyte of ram seemed like a good deal, and now I can't even buy a ram stick that small".
Once the breakneck pace of expansion stops (or at least slows to a reasonable rate) then we should look at making software that lasts.
Video compression technology is big business today, but it's probably going to seem like a silly idea in the future.
and of course you can just use fake tlds like nobody@fake.invalid which will always be rejected before the email even leaves the spammer's servers.
.invalid isn't a fake TLD, it's specifically reserved as invalid by RFC 2606. (BIND and other DNS resolvers can reject it without having to check with the root servers)
user@example.com is ok, but that could (in theory) resolve to a real server. nouser@domain.invalid is guaranteed to not go anywhere, for all time. It might however, generate a Delivery Status Notification (bounce).
There are other mail drop domains, like mailsiphon.com. Any mail sent to user@[a-z].mailsiphon.com is silently discarded.
I've been at several companies that reduced employee benefits in one way or another.
Whether it's no more stock options, or no more free broadband, it's always for the same reason; The company is having financial trouble.
It's possible they'll get over their hard times, but it's far more likely that they'll go under. When they do, you want to be ready. You could start looking for a new job right away, but at the very least you should be ready to start looking. Don't make any large purchases, get your resume up to date, take home any personal items...
We're talking about 2 VERY different things. You're talking about design from a communication-of-information standpoint, I'm talking about design from a software standpoint.
You seem to think alpha blending is important because it allows you to easily present things in a particular way. I think it's unimportant because it's not necessary to present things in that way.
Good software and content management design don't require alpha blending, anymore than good ship design requires nails.
Alpha blending is not critical. If you don't have it, you can do without.
Besides, there's exceptionally little you can do with alpha blending that you can't do without it. Pre-blended images might require a little more work to create, but that's a fault of the tools, not browser.
This is thing that really gets me about Moore and his movies, and is the sole reason I won't pay to see them: he's profiting from the death and suffering of others.
The same could be said of Mel Gibson's Passion. There's a tremendous difference between causing death and suffering, and documenting it. These movies don't promote violence, they make a case against it.
That's not completely true. Since I'm not a Linux user, I'm not sure what kind of power a box would require to run something like this, but CRTs are only $100-150. Correct me if I am misspeaking, but I don't think you can buy a tower for anywhere near this price.
Fry's occasionally has ads for a $150 network ready computer, 800 Megahertz "Gigapro", with a 20 Gig hard drive and a copy of Lindows.
Lately they've been advertising a 1400XP Athalon with a 40 gig for $199, which I would claim is "near" $100-$150.
But when you're talking about something this cheap, you really need to price used equipment.
Old keyboards, mice, video cards, and even monitors can be had for the cost of shipping. If you set up a charitible organization that actually had a use for them, you could probably get computers for free too.
I wouldn't be surprised if the real limiting factor was electricity.
The judge doesn't know the technical issues, so he's issued the TRO to keep things static until he can examine everything and issue a ruling.
As far as I can tell, the TRO doesn't require the customer to continue paying for service at the old rate. If so, it doesn't maintain the status quo, it instead forces the defendant to provide a service without compensation.
I heard it, and couldn't imagine how insane you'd have to be to think that selling something to yourself caused anything but a shifting of numbers across a spreadsheet.
How those numbers sit on a spreadsheet can determine how much tax you owe. Computers, for example, can't (normally) be expensed, they have to be depreciated. Sell them to another department for a dollar, and you can realize the loss immediately.
From what I hear, there is a sequence where he goes around asking congressmen if they will distribute literature to other congressmen promoting their children to join the military. As it appears in the film, he gets no takers, and is presented as evidence that the "elite" aren't willing to make their own sacrifices for the war. But in reality, at least one of the congressmen who appears in the film actually said sometime along the lines of "I'd be happy to. Especially for those who voted for the war." But that part was CUT OUT, completely changing and distorting what took place.
I doubt it, but let's assume for the moment that the hearsay is true. If he edited out one of a dozen, that's hardly a "complete distortion" of what took place.
That he was able to find any is still a pretty strong statement about the hypocracy of the elite.
Need I point out that your post is an example of the exact same thing you're saying makes Moore as trustworthy as the government?
Seventy five years ago, if you devised a new engine for a car, your competition could buy one, rip it apart and copy your ideas. So patents made sense.
So without patents, the improved engine would be in new cars immediately. But with patents, we have to wait twenty years before other companies can start making them.
So patents reduce competition, and you're claiming this is a good thing?
The theory of patents is that they do something bad (grant a monopoly) to promote something good (creating inventions).
This reasoning is commonly refered to as "the ends justifying the means".
Instead of a complete disconnect, why not redirect all traffic to a proxy that permits connections only to specific anti-virus and update sites, and directs all other web traffic to a page that says "your machine has been quarantined for {spamming|DDoSing|Whatever}, here's what you need to do to fix it..."
Allow them to reach microsoft update and redhat.com and they're more likely to be able to fix the problem.
The average size of a spam received by my traps in 2004-04 was 5756 bytes. That's from a sample size of 28260. Those 28260 spams came from 15098 unique IPs.
Using that data I conclude; If you saturated a 128Kbps line 24/7, you could send about 200,000 spams a day.
If you wanted to use a zombie network to spam the population once a day, you'd need to infect about 1/200000 of the population, or 0.0005%
Combined, spammers have considerably more than that right now. It's possible, but not likely, that some spammers have more than 0 zombies, but have still infected less than 0.0005% of the population.
IMO, bandwidth is not the limiting factor in zombie spam distribution.
So what happens when a few thousand people change their name to "John Q. Public"? Will people with common names like "John Smith" be required to give a more unique identifier?
Why do the police have the right to identify you anyway, and why should I have to assist them in that task?
Slashdot Mirror
The article's point of view;
User: My car is making a funny noise.
Mechanic: Mine's working fine, it must be your problem.
The IT point of view;
User: Are cars working today? mine won't start.
Mechanic: Mine's working fine, it must be something with your car in particular.
-- less is better.
Because creating a new DNS record type isn't a simple as you imply.
Old versions of BIND (some of which are still running) actually crash when they encounter an unexpected data type.
Even using existing DNS RR types like SRV is a bit of a sticky wicket.
Now as to why they ignored the suggestion of making the attribute name "SPF" and went instead with "V" I can only attribute that to extreme arrogence.
(Or maybe they didn't bother to read RFC 1464, despite it being repeatedly pointed out on the mailing list.)
-- less is better.
Can the pebbles still vote, or has the avalanche has already started?
-- less is better.
Some would, some wouldn't.
Check other posts to see what some people think of the idea of "restricting their internet service"
Just like every open relay closed cut down on the amount of spam?
Lots of ISPs block port 25 completely.
Have you noticed a reduction in spam as a result?
A bit of a strech perhaps, but consider the problem of people who refuse to install one of the things.
How do you punish them for that?
I don't.
But like many others I have no objection to other people installing them.
It's when they insist that I buy one that I consider it a problem.
This is an impediment to the traffic flow (sabatoge) and it won't have any real effect on spam unless it gets enourmously large scale adoption, and even then it's not clear that it will work as theorized.
Large scale adoption is necessary just to test the theory.
Go ahead and laugh, I don't mind.
-- less is better
Your company advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential
employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Extreme stupidity on the part of people who do business with Microsoft
( ) Extreme stupidity on the part of people who do business with Yahoo
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid company for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burnyour house down!
IP is also different from other forms of property in that making a copy does not deprive the hold of the original.
Thus a good moral argument can also be made for no ownership.
I seriously doubt that the Beatles will not be credited for creating a song after it's in the public domain.
Their "ownership" in that sense will continue indefinitely.
But ideas being a "property" which can not be copied is not a natural state of affairs, it must be enforced.
We wouldn't even consider ideas as "property" if it weren't for this enforcement.
It's the enforcement that is being limited.
-- less is better.
Can you really confidently say that we will be using paper 200 years from now, much less paper forms?
Maybe we'll decide it's better to have computers track all the information for us.
Or maybe not.
The point is, designing for the future implies that you can predict that future with some reasonable accuracy.
Predicting what tomorrow will be like isn't hard.
Predict 10 years ahead we can still be fairly confident.
But 200 years?
For all we know, computers might be programming themselves by then.
-- less is better.
We build disposable software, because computers are still disposable.
Not because they can't be built to last, but because they quickly become obsolete.
If Moore's law continues to hold for 40 years, computers will be over a million times more powerful than they are now, the cheapest drive you could buy would hold more than a petabyte, and we'll be saying things like "I remember when a thousand bucks for a terabyte of ram seemed like a good deal, and now I can't even buy a ram stick that small".
Once the breakneck pace of expansion stops (or at least slows to a reasonable rate) then we should look at making software that lasts.
Video compression technology is big business today, but it's probably going to seem like a silly idea in the future.
We don't need buggy whips that last 200 years.
-- less is better.
The obvious response is for companies to demand ownership and/or access to all copywritten material in any product they buy.
The law may change the default behaviour, and in the short term there will be some pain, but in the long run it will just mean more paper work.
-- less is better
(BIND and other DNS resolvers can reject it without having to check with the root servers)
user@example.com is ok, but that could (in theory) resolve to a real server.
nouser@domain.invalid is guaranteed to not go anywhere, for all time.
It might however, generate a Delivery Status Notification (bounce).
There are other mail drop domains, like mailsiphon.com.
Any mail sent to user@[a-z].mailsiphon.com is silently discarded.
-- less is better.
I've been at several companies that reduced employee benefits in one way or another.
Whether it's no more stock options, or no more free broadband, it's always for the same reason;
The company is having financial trouble.
It's possible they'll get over their hard times, but it's far more likely that they'll go under.
When they do, you want to be ready.
You could start looking for a new job right away, but at the very least you should be ready to start looking.
Don't make any large purchases, get your resume up to date, take home any personal items...
-- less is better
You seem to think alpha blending is important because it allows you to easily present things in a particular way.
I think it's unimportant because it's not necessary to present things in that way.
Good software and content management design don't require alpha blending, anymore than good ship design requires nails.
Alpha blending is not critical.
If you don't have it, you can do without.
Besides, there's exceptionally little you can do with alpha blending that you can't do without it.
Pre-blended images might require a little more work to create, but that's a fault of the tools, not browser.
-- less is better.
The quality of a web site is determined more by it's substance than by it's appearance.
Good web site design doesn't even require images.
Alpha blending is not critical.
It's nice, but IMO it's ranks below "spell checker" in the hierarchy of good web site design tools.
-- less is better.
The same could be said of Mel Gibson's Passion.
There's a tremendous difference between causing death and suffering, and documenting it.
These movies don't promote violence, they make a case against it.
-- not a
When it comes to security, what I want to know, from most important to least is;
.sig
How many remote exploits allow privileged access?
How many remote exploits allow non-privileged access?
How many exploits allow privilege escalation?
I'm interested in the other stuff, but a DoS attack, or cross server scripting bug isn't on the same scale.
Neither the article, nor the Secunia web site seems to help answer those three questions for any OS.
-- not a
Fry's occasionally has ads for a $150 network ready computer, 800 Megahertz "Gigapro", with a 20 Gig hard drive and a copy of Lindows.
Lately they've been advertising a 1400XP Athalon with a 40 gig for $199, which I would claim is "near" $100-$150.
But when you're talking about something this cheap, you really need to price used equipment.
Old keyboards, mice, video cards, and even monitors can be had for the cost of shipping.
If you set up a charitible organization that actually had a use for them, you could probably get computers for free too.
I wouldn't be surprised if the real limiting factor was electricity.
-- not a
Anyone know what the actual patent numbers are?
-- not a
As far as I can tell, the TRO doesn't require the customer to continue paying for service at the old rate.
If so, it doesn't maintain the status quo, it instead forces the defendant to provide a service without compensation.
-- not a
How those numbers sit on a spreadsheet can determine how much tax you owe.
Computers, for example, can't (normally) be expensed, they have to be depreciated.
Sell them to another department for a dollar, and you can realize the loss immediately.
This insanity brought to you by the IRS.
I doubt it, but let's assume for the moment that the hearsay is true.
If he edited out one of a dozen, that's hardly a "complete distortion" of what took place.
That he was able to find any is still a pretty strong statement about the hypocracy of the elite.
Need I point out that your post is an example of the exact same thing you're saying makes Moore as trustworthy as the government?
-- not a
So without patents, the improved engine would be in new cars immediately.
But with patents, we have to wait twenty years before other companies can start making them.
So patents reduce competition, and you're claiming this is a good thing?
The theory of patents is that they do something bad (grant a monopoly) to promote something good (creating inventions).
This reasoning is commonly refered to as "the ends justifying the means".
-- not a
Instead of a complete disconnect, why not redirect all traffic to a proxy that permits connections only to specific anti-virus and update sites, and directs all other web traffic to a page that says "your machine has been quarantined for {spamming|DDoSing|Whatever}, here's what you need to do to fix it..."
.sig
Allow them to reach microsoft update and redhat.com and they're more likely to be able to fix the problem.
-- not a
Here's some data for you:
The average size of a spam received by my traps in 2004-04 was 5756 bytes.
That's from a sample size of 28260.
Those 28260 spams came from 15098 unique IPs.
Using that data I conclude;
If you saturated a 128Kbps line 24/7, you could send about 200,000 spams a day.
If you wanted to use a zombie network to spam the population once a day, you'd need to infect about 1/200000 of the population, or 0.0005%
Combined, spammers have considerably more than that right now. It's possible, but not likely, that some spammers have more than 0 zombies, but have still infected less than 0.0005% of the population.
IMO, bandwidth is not the limiting factor in zombie spam distribution.
-- not a
I'd bet that like 97.3% of all statistics, this one was made up on the spot too.
-- not a
So what happens when a few thousand people change their name to "John Q. Public"?
.sig
Will people with common names like "John Smith" be required to give a more unique identifier?
Why do the police have the right to identify you anyway, and why should I have to assist them in that task?
-- this is not a