You can't have voting receipts... because that would make it too easy to corrupt the voting process.
If I can't prove my vote was counted correctly, then the process can be corrupted by internal forces. If I can prove my vote was counted correctly, then the process can be corrupted by external forces.
Politicians control most of the internal forces, Police control most of the external ones. Who do you trust more, the politicians, or the police?
Of the two, I much perfer receipts. Yes, anyone who gets my receipt can find out how I voted, but I know who that is. Without the receipt they can just change my vote, and I have no idea who did it, or even that they did.
I don't understand where the bandwidth costs are coming from for an ISP. The cables have been laid down right? How does it cost the ISP more to run them at max?
It doesn't cost the cable company extra if everything you are downloading stays completely within the local network.
But traffic that goes from/to "the internet" runs over pipes that cost them real money. Pricing for "internet" pipes is mysterious, even to many in the business of selling it, but from the ISPs perspective, they probably pay x$ per month for each Mbps of capacity. (typically between $40-$100 these days)
In theory, "internet" bandwidth is very expensive for ISPs, but in practice the price is falling at roughly the same rate as Moore's law.
I suspect personally that this just corporate posturing. After they cap the bandwidth, they will offer "local" service at full speed. They'll position it as a major advantage, even though really it's only a partial step back toward where they were before. And they'll try and charge extra for it.
"In a complete twist to what everybody else is trying to do these days, I need to attract spam to an e-mail address...
Much harder than it seems. A spam trap address can take months or even years to get up to the same levels of spam as other addresses.
Some techniques; Unsubscribe the address. Apart from proving that some spammers actually do harvest from unsubscribes, this method isn't very effective, because some spammers actually do remove you from their lists. (of course, if you only unsubscribe addresses that don't get any spam, it can't get worse.)
Dictionary attacks. If you run a mail server, you will occasionally be attacked. Either pick easy to guess names, or accept any name that fits a rule. It's a good idea to always reject the first name (unless it's already in your lists) since some spammers start with a 'test' name. Also, there will be plenty of names tried, so there's no need to accept a suspiciously high percentage. Choose a simple rule that rejects a fair percentage of the names. For example, accept any name which has a '5b' as the last hex character when hashed. If your server has any extra delays after a bad name, remove them.
Buy expired domains. Some of my best trap addresses are from previously owned domains.
Posting to usenet. I've not had much luck with this.
Posting to mailing lists. This also seems fairly hit or miss.
Posting to websites. Works eventually, but it can take a long time.
Setting them in Ineternet Explorer. Some web sites have javascript that can grab your email address from your browser. (bonus points if you write this up in a proposal)
When you get spam...
Read the web pages. Once you actually get spam, either read it in a browser, or download all the links with wget. Some spammers are paying attention, in particular it seems, the ones who sell addresses to other spammers.
Respond. When you get one of those weird messages like "Are you the same noc-staff I went to school with?" Respond with a simple "sorry, wrong guy."
There is a big difference between micro value payments, and micro cost payments. The inefficiency of all electronic payment system is huge. Bitpass charges between 5 - 15%, and it's one of the best in terms of money taken out of the system.
Do most users exchange executable files? How about just blocking them if they're executable...
Most users don't, but enough do that blocking them by default isn't a good idea.
Much better (though not perfect) is to rename executables, attach a message that explains that the executable was renamed, and why you should be very careful about executing attachments. (Maybe even suggest asking for confirmation from the sender that they intended to send it...)
How about getting an email client that isn't known for it's ability to spread received infected email without the user having to even open the email?
TLS doesn't support multiple domains being hosted on the same IP.
So you either need to add a "fix TLS" step, or use a completely different protocol, or wait for IPv6 (and fix SMTP and TLS to be IPv6 compatibile), or give up on the 5-10% of the smtp servers supporting multiple domains.
Personally, I vote for "use a different protocol".
SPEWS does (not past-tense -- the SPEWS DNSbls are still active and up-to-date and the SPEWS info website is accessable when some crook isn't pingflooding it) disclose that they list spam-support organizations and that they are a list of that and not just "spammers" very clearly in their FAQ. It's not the fault of SPEWS if no one reads the documentation.
SPEWS didn't (past-tense) disclose that they would increase listing size until the upstream did something.
They do now, but look at where it's mentioned.
The implication in the FAQ is still that they only list spammers and spam supporting organizations, but the reality is that they include "people who sign up for service with ISPs that have spammers in them" in the "spam supporting organizations" category. That little gem of information is not obvious from a first reading.
You should hold accountable forced services governments and the like. If people dont like what spews is doing they are free to stop using it, ask there ISP to stop using it or move to an ISP thats not using it.
Yes, but... People aren't free to choose if when they're being feed disinformation.
Boycott organiziers like SPEWS should be accountable for what they "say" via their lists. If, for example, they claim to list only spammers, and ISPs that support spammers, but they also list anyone who owns a rabbit, then they are publishing disinformation. It would be completely unfair to bunny owners, and they should be held accountable for that.
If, on the other hand, they disclose that the list is spammers and bunny owners, then that's fine.
SPEWS didn't just list spammers and spammer support organizations, but they only disclosed that fact in the "fine print" so to speak.
"No, we are still waiting for a peer-reviewed study to be published that shows something other than caloriesIn-caloriesBurned
I'd bet you can't point to a study that shows that eating more calories results in weight gain. (I'm not saying that it doesn't, just that you won't be able to find a study that proves it.)
The average spam is under 10K. 500 spams a day, at 10K each is 5Megabytes per day, or less than 500 bps. That's less than 1% of a 128Kbps line.
1% isn't 0%, but it's hardly enough to require "drastic" measures. I suggest you look at greylisting - that's about 85% effective, near 0 false positives, and it reduces bandwidth more than all but the most draconian DNSBLs.
member when CD's first became available? I can remember saving my change so I could afford some of the first CD's that came onto the market at what.....$15-20? Did the price on those ever come down? No.
One of us must have a very bad memory then, because I remember the uproar when they raised CD prices back to $15, after they had lowered them to $10. They said that they didn't sell any more CDs at the lower price, so there was no point in charging less. Back then they were at least honest about just being in it for the money.
"People don't like installing patches? Well them, we'll force them to install them."
Sheesh - how about examining why people don't do updates and then doing something about that?
Most people I know don't like the updates because MS makes a lot of changes besides just the "critical" security flaw. Every change is a potential bug, and MS's history on that front is abysmal. If the patches really were patches instead of replacements, far more people would install them. It wouldn't hurt if there was an "unpatch" too, and if patches weren't dependant on each other.
In general, you want to be sampling the lowest bit or two of the audio signal, which should be at the level of amplifier noise in the sound hardware. The actual sounds of the room will be irrelevant if the scheme is properly implemented.
In general I want to sample everything I can get my hands on, and run it all through a hash not just the lower bits.
Most of the unguessable information comes from the least significant bits, but the other bits have some entropy, and I want that.
All of you saying there are easier ways to generate random numbers are missing the point. I'm sure if you ask on sci.crypt.random-numbers you'd get a lot of faster, and cheaper answers, or check out this page but how many of them would be cool?
Lavarnd wins hands down in the "Oh my god, why?" department, although the smoke-alarm HRNG is pretty cool too.
Anybody willing to make a bet with me on whether more people will be killed by genetically engineered weapons than are saved by genetically engineered cures during the 21st century?
Depends on how you answer this question: If, because of generic enginering, the population doubles, and because the population is double, twice as many people die each year, Do we count those extra deaths against genetic enginering?
Book piracy is too much of a pain in the ass. Plus, people want to own the book and feel it in their hands.
From the article
Bibliophiles find absurd the idea that people will ever abandon the sensuous pleasures of reading--the smell of the paper, the heft of the book--for dematerialized text on a screen. But record collectors said the exact same thing about the compact disc, complaining about the sterile perfection of digital sound and the disappearance of lavish album sleeves. Since then, a new generation has emerged that is totally comfortable with the idea of music as disembodied, digitally encoded information. Instead of records, the new fetish objects are the sleekly futuristic-looking MP3 players and iPods, which are prized more for their portability, ease of use, and ability to amass vast quantities of sound files than for the actual music coming out of them.
Slashdot Mirror
Cool, but at 5 DPI it's really only useful for billboard sized things.
.sig
-- this is not a
If I can't prove my vote was counted correctly, then the process can be corrupted by internal forces.
If I can prove my vote was counted correctly, then the process can be corrupted by external forces.
Politicians control most of the internal forces,
Police control most of the external ones.
Who do you trust more, the politicians, or the police?
Of the two, I much perfer receipts.
Yes, anyone who gets my receipt can find out how I voted, but I know who that is.
Without the receipt they can just change my vote, and I have no idea who did it, or even that they did.
-- this is not a
It doesn't cost the cable company extra if everything you are downloading stays completely within the local network.
But traffic that goes from/to "the internet" runs over pipes that cost them real money.
Pricing for "internet" pipes is mysterious, even to many in the business of selling it,
but from the ISPs perspective, they probably pay x$ per month for each Mbps of capacity. (typically between $40-$100 these days)
In theory, "internet" bandwidth is very expensive for ISPs, but in practice the price is falling at roughly the same rate as Moore's law.
I suspect personally that this just corporate posturing.
After they cap the bandwidth, they will offer "local" service at full speed.
They'll position it as a major advantage, even though really it's only a partial step back toward where they were before.
And they'll try and charge extra for it.
-- this is not a
Much harder than it seems. A spam trap address can take months or even years to get up to the same levels of spam as other addresses.
Some techniques;
Unsubscribe the address.
Apart from proving that some spammers actually do harvest from unsubscribes, this method isn't very effective, because some spammers actually do remove you from their lists.
(of course, if you only unsubscribe addresses that don't get any spam, it can't get worse.)
Dictionary attacks. If you run a mail server, you will occasionally be attacked. Either pick easy to guess names, or accept any name that fits a rule. It's a good idea to always reject the first name (unless it's already in your lists) since some spammers start with a 'test' name.
Also, there will be plenty of names tried, so there's no need to accept a suspiciously high percentage. Choose a simple rule that rejects a fair percentage of the names.
For example, accept any name which has a '5b' as the last hex character when hashed.
If your server has any extra delays after a bad name, remove them.
Buy expired domains.
Some of my best trap addresses are from previously owned domains.
Posting to usenet.
I've not had much luck with this.
Posting to mailing lists.
This also seems fairly hit or miss.
Posting to websites.
Works eventually, but it can take a long time.
Setting them in Ineternet Explorer.
Some web sites have javascript that can grab your email address from your browser.
(bonus points if you write this up in a proposal)
When you get spam...
Read the web pages. Once you actually get spam, either read it in a browser, or download all the links with wget. Some spammers are paying attention, in particular it seems, the ones who sell addresses to other spammers.
Respond. When you get one of those weird messages like "Are you the same noc-staff I went to school with?" Respond with a simple "sorry, wrong guy."
-- this is not a
Publishing copywritten material without a license is illegal.
.sig
Speeding is illegal and dangerous.
Snorting cocaine is illegal, dangerous, and expensive.
Give that people continue to those things,
is it any surprise that people are still pirating music?
-- this is not a
I think you should make that "remap anything to NXDOMAIN" and default to 64.94.96.0/20
-- this is not a
There is a big difference between micro value payments, and micro cost payments.
.sig
The inefficiency of all electronic payment system is huge.
Bitpass charges between 5 - 15%, and it's one of the best in terms of money taken out of the system.
-- this is not a
Most users don't, but enough do that blocking them by default isn't a good idea.
Much better (though not perfect) is to rename executables,
attach a message that explains that the executable was renamed,
and why you should be very careful about executing attachments.
(Maybe even suggest asking for confirmation from the sender that they intended to send it...)
Amen.
-- this is not a
I can't.
TLS doesn't support multiple domains being hosted on the same IP.
So you either need to add a "fix TLS" step,
or use a completely different protocol,
or wait for IPv6 (and fix SMTP and TLS to be IPv6 compatibile),
or give up on the 5-10% of the smtp servers supporting multiple domains.
Personally, I vote for "use a different protocol".
-- this is not a
Not just close - they meet most of the definitions of "spam" that I've heard;
They're excessive unwanted emails.
They're unsolicited bulk.
They're mass mailings from a stranger.
They're sent without consent.
They're commerical (they're an ad for the anti-virus software that sends them.)
-- this is not a
SPEWS didn't (past-tense) disclose that they would increase listing size until the upstream did something.
They do now, but look at where it's mentioned.
The implication in the FAQ is still that they only list spammers and spam supporting organizations,
but the reality is that they include "people who sign up for service with ISPs that have spammers in them" in the "spam supporting organizations" category.
That little gem of information is not obvious from a first reading.
-- this is not a
58,000 * $500 = 29 million.
That's how big the judgement could have been.
But $250,000 is a lot less likely to garner sympathy for the defendant.
In many ways, it's more damaging than 1 or 20 million would be.
-- this is not a
Yes, but...
People aren't free to choose if when they're being feed disinformation.
Boycott organiziers like SPEWS should be accountable for what they "say" via their lists.
If, for example, they claim to list only spammers, and ISPs that support spammers,
but they also list anyone who owns a rabbit, then they are publishing disinformation.
It would be completely unfair to bunny owners, and they should be held accountable for that.
If, on the other hand, they disclose that the list is spammers and bunny owners, then that's fine.
SPEWS didn't just list spammers and spammer support organizations,
but they only disclosed that fact in the "fine print" so to speak.
-- this is not a
I'd bet you can't point to a study that shows that eating more calories results in weight gain.
(I'm not saying that it doesn't, just that you won't be able to find a study that proves it.)
-- this is not a
I told a friend of mine that scientists had crossed a spider with a goat to make goatsilk,
and he thought I was kidding.
(Nexia might call it "Biosteel" but I think the name goatsilk is better.)
It's cool, but they're having trouble spinning it consistantly,
and so far they haven't made any long strands.
This new "add water" prinicple may lead to a solution.
If so, Nexia Biotechnologies Inc. could start mass producing the stuff right quick.
-- this is not a
The average spam is under 10K.
.sig
500 spams a day, at 10K each is 5Megabytes per day, or less than 500 bps.
That's less than 1% of a 128Kbps line.
1% isn't 0%, but it's hardly enough to require "drastic" measures.
I suggest you look at greylisting - that's about 85% effective, near 0 false positives,
and it reduces bandwidth more than all but the most draconian DNSBLs.
-- this is not a
One of us must have a very bad memory then,
because I remember the uproar when they raised CD prices back to $15, after they had lowered them to $10.
They said that they didn't sell any more CDs at the lower price, so there was no point in charging less.
Back then they were at least honest about just being in it for the money.
-- this is not a
Not that I'm a fan of qmail, but I think most people would classify a DoS vulnerability as a "bug" not a "hole".
I don't think DJB certifies his software as bug free, but then, no on else does either.
If you count DoS as a vulnerability, then all MTAs have "holes".
-- this is not a
"People don't like installing patches? Well them, we'll force them to install them."
.sig
Sheesh - how about examining why people don't do updates and then doing something about that?
Most people I know don't like the updates because MS makes a lot of changes besides just the "critical" security flaw.
Every change is a potential bug, and MS's history on that front is abysmal.
If the patches really were patches instead of replacements, far more people would install them.
It wouldn't hurt if there was an "unpatch" too, and if patches weren't dependant on each other.
-- this is not a
In general I want to sample everything I can get my hands on,
and run it all through a hash not just the lower bits.
Most of the unguessable information comes from the least significant bits,
but the other bits have some entropy, and I want that.
-- this is not a
All of you saying there are easier ways to generate random numbers are missing the point.
.sig
I'm sure if you ask on sci.crypt.random-numbers you'd get a lot of faster, and cheaper answers,
or check out this page but how many of them would be cool?
Lavarnd wins hands down in the "Oh my god, why?" department,
although the smoke-alarm HRNG is pretty cool too.
-- this is not a
Depends on how you answer this question:
If, because of generic enginering, the population doubles,
and because the population is double, twice as many people die each year,
Do we count those extra deaths against genetic enginering?
-- this is not a
Never happen.
But they could use a comment from an opposing source as the headline. For example:
"RMS says latest SCO press release a complete fiction."
-- this is not a
By reading this message you agree to give me $50.
From the article
-- this is not a