Re:Check out Internet Mail 2000
on
Replacing SMTP?
·
· Score: 1
Also it's a lot harder to hide where the email came from. If you don't supply the correct details then the mail can't ever be collected.
On the down-side; it'd let spammers know which addresses are live.. and it'd enable any message sender to know when their message got read and from where, which raises some fairly big privacy issues.
Not only does knoppix correctly configure and use a large amount of current hardware; it'll also detect a much larger amount of hardware that isn't actually supported (winmodems, USB cameras, etc..) and display the details in dmesg.
Under XP, stuff that 'isn't working' for whatever reason just vanishes from the Device Mangler with no clue as to why. And when you plug in a new device, windows tells you it found "A camera" or "A scanner"; linux will actually identify it so you know what drivers to go download.
The numbers are pre-calculated, and long enough that it's not practical to guess a valid one. I covered this on the webpage. Ever tried guessing those prepaid phone codes?
I'm not sure about armed gangs, but I covered the possibility of vote buying already.
Coersion is illegal; the coercer has to contact the victim before polling telling them how to vote, immediately after to see their reciept, and be able to contact them a week later if the 'reciept' turns out to have been a pre-prepared fake. It'd be much easier to just have them fill out an absentee ballot at gunpoint, which is already possible but nobody seems to think of as a 'major' failing of the current system.. and of course the victim knows they were coerced, which is no different from the victim knowing their vote was changed.
I don't pretend this is a 'final' solution to all voting issues; you still need to make sure these votes actually get counted, that there's only as many votes as there were voters, and that all people have a right to vote except for valid and clearly defined exceptions.
Give each person a randomly unique number when they turn up to vote. Have them enter the number with their votes, check that it's valid, and record both.
After the election, make all the votes available. Everyone can check the totals, and anyone who made a note of their number can check that their vote was recorded correctly. If there's any vote tampering going on, everyone who's vote got tamperd with will KNOW, not just suspect, that the election was rigged.
"Let's flood p2p networks with bogus files, making it virtually impossible to find any real music. That'll show those RIAA bastards who're trying to stop us sharing music!!"
Are you really that stupid, or have I just been trolled?
You search for a file, get replies via the net telling you who (by nickname, not IP) has it, and send a request back via the net to download the file, along with your IP and probably bandwidth. At this point you haven't been told the IP of the machine that has the file.
So now the sending machine starts sending you the file as bunches of spoofed UDP packets, with a healthy measure of error-correction built in so you won't need to re-request any missing packets. You still don't know the sending machine's IP.
What I'd like to know is;
I request a file and several people have it. Then I let them all know that my IP address is "grc.com" and that I have practically unlimited bandwidth. Lots of hosts begin sending spoofed UDP packets at grc.com with no valid return address. Repeat until grc.com vanishes under all the traffic..
I hope somewhere in the protocol they verify that the address they're sending stuff to is actually the one making the requests for it.
if you have several hundred/thousand machines which accept a (control message) and in return generate large amounts of traffic to a (target), that is a floodnet. I have no doubt myself that the script kiddies WILL find a way of mapping and using it.
So what you're saying is that it's no longer enough just to have the best lock I can get; I also have to sneak around in disguise everywhere I go..
This is just getting insane. I do not have advertising robots following me home in real life. I do not have advertisers picking my doorlocks, jamming my mailbox full of leaflets hourly, or shouting at me through my windows 24/7 in real life.
No matter what distorted analogy you try to apply, the simple fact is that spam IS OUT OF CONTROL. No more technical solutions. No more arms race. We need some legal remedies. As I see it, there's two possible solutions;
ISP's need to take a stand. Make it clear, black and white, legally bound in cement that Spam is not an acceptable use of their service and that if you send spam you have ALREADY agreed to be shitcanned, pay a cleanup fee, and have your name internationally blacklisted. Once a few ISP's are in sync customers can be given the option of accepting or rejecting mail from the remaining ISPs. If enough people choose to sign up with and accept mail only from spam-hostile ISP's, the remaining ISP's will have to fall in line or die. Note that this also deals with the problem of ISP's set up specifically for the purposes of spamming too. They're left out in the cold.
Or we can pass laws. I don't like this solution. I'd rather the big ISP's act to deal with the problem first.
Adding one little line of code to every one of the myriad of pages on the New York Times website is not a small deal. It's going to involve a lot of paperwork, testing, and coding on the part of a lot of people.
But it's not one line of text on EVERY page. It's one line of text in/robots.txt, a file that is independent of the rest of the site and never even accessed by ordinary browsers.
It's probably simpler for Google to create a registry of "do not cache" pages on their end. And it's more their responsibility, anyway, being the ones who created the cache in the first place.
Google already have exactly such a registry, and they don't even wait for sites to contact them.. Their robots -asks- the site (via the recognised standard '/robots.txt' file) if they object to being indexed and/or cached. Most other search engines look for the same file and handle it the same way.
This is (from my perspective) far better than having to individually register your site with the several hundred search engines that might try to index it..
they don't have to change the whole site; they just need to add ONE LINE of text to ONE plaintext file.
How hard is that?
Re:I have said it before and I will say it again..
on
In Pursuit Of A Spammer
·
· Score: 3, Funny
Let's say I've got the best lock I can get (Spamassassin).. I'm still getting 100 advertisers per day at least testing the doorknob.. most of them bring lockpicks (l0ckpicks...) with them, and about 5 a day manage to pick my lock and sucessfully shove their advertising in my face, even though they can obviously see that I'm trying to avoid it.. and all of them are wearing ski-masks.
Re:I have said it before and I will say it again..
on
In Pursuit Of A Spammer
·
· Score: 2, Funny
and there's nothing like a perfect backup when you are serious about archiving.
Considering that the masters are probably 24 bit at 96khz sampling rate, and undoubtably more than two channels.. I'd have to say both FLAC and the original CD are "nothing like a perfect backup"
what Disney is afraid of is that, as soon as it becomes legal to do so, someone will create a "derivative work" that is contrary to the disney image.
For example, some company would likely take it upon themselves to create R or NC-17 rated cartoons that feature Mickey.
And that is a huge red herring. The character of Mickey Mouse is already protected for as long as Disney continues to use and defend him as their trademark.
As if terrorists would discuss their plans via mobile phones fully knowing that the FSB is listening.
I have a theory about this.
Cellphone encryption isn't end-to-end, it only protects the radio signal between handset and tower, so if the FSB can order it switched off they presumably also have the authority to monitor the unencrypted calls 'on the wire'
And like you say the bombers are DEAD; it's not clear what calls they're expecting to hear.
My theory is that it's all psychological. By switching off encryption during obvious 'crisis times', the FSB give the impression that they CAN'T monitor calls any other way. Future criminals are led to believe the standard encryption is 'safe enough', and don't feel the need to use alternative channels or additional encryption.
The most common objections; that people will falsely claim the vote was rigged (just like large groups of people falsely conspire food contamination claims against resturants in order to collect big payouts.. they DON'T!) or that votes can be bought (Sure; [ lobbying $$ == votes ] anyway, why not just give us the cash directly?! Also vote buying is already blatently illegal so difficult on any significant scale. And there's ways to 'sell' your vote and still get to keep it too, unless the buyer/coercer can contact you both immediately after voting and again weeks later. Which would be very risky for them given that vote-buying is already illegal.
Yeah.. I think I already covered most of these points. More input is always welcome.
XP has a really pathetic amount of software included. If you want anything else (IRC client? ftp server? SSH client/server?) that's a download and not counted as a 'windows vulnerability'.. never mind the number of idiots that get infected via mIRC or Kazaa, that doesn't get counted as a 'windows' vulnerability.
So to be fair you can include vulnerabilities in common windows software as part of the 'windows' count, or don't count vulnerabilities in things like SSH, Sendmail, ftpd, xchat, etc. where Windows doesn't have any 'bundled' equivalent..
Or you could observe that a default 'desktop' redhat install is just a fraction of all the available packages (which still includes tons of apps WindowsXP doesn't give you), and count vulnerabilities for only those packages.
Or you could just check your mailbox and count the number of 'Windows viruses' you've been sent this month versus the number of 'Linux viruses'..
Slashdot Mirror
Try "Apu Nahasapeemapetilon"
Also it's a lot harder to hide where the email came from. If you don't supply the correct details then the mail can't ever be collected.
On the down-side; it'd let spammers know which addresses are live.. and it'd enable any message sender to know when their message got read and from where, which raises some fairly big privacy issues.
Not only does knoppix correctly configure and use a large amount of current hardware; it'll also detect a much larger amount of hardware that isn't actually supported (winmodems, USB cameras, etc..) and display the details in dmesg.
Under XP, stuff that 'isn't working' for whatever reason just vanishes from the Device Mangler with no clue as to why. And when you plug in a new device, windows tells you it found "A camera" or "A scanner"; linux will actually identify it so you know what drivers to go download.
Hardware;
A few screwdrivers, wire cutters, electrical tape, multimeter, spare jumpers, spare screws.
Software;
Norton Systemworks, OpenOffice, knoppix, AdAware, SpyBot, klite, winMX, Mozilla, DixV, java, flash6, putty, WinSCP, RedHat and Mandrake.
I also carry warez copies of 98, XP, 2k and office, but I try and persuade clients to try Free alternatives first.
The numbers are pre-calculated, and long enough that it's not practical to guess a valid one. I covered this on the webpage. Ever tried guessing those prepaid phone codes?
I'm not sure about armed gangs, but I covered the possibility of vote buying already.
Coersion is illegal; the coercer has to contact the victim before polling telling them how to vote, immediately after to see their reciept, and be able to contact them a week later if the 'reciept' turns out to have been a pre-prepared fake. It'd be much easier to just have them fill out an absentee ballot at gunpoint, which is already possible but nobody seems to think of as a 'major' failing of the current system.. and of course the victim knows they were coerced, which is no different from the victim knowing their vote was changed.
I don't pretend this is a 'final' solution to all voting issues; you still need to make sure these votes actually get counted, that there's only as many votes as there were voters, and that all people have a right to vote except for valid and clearly defined exceptions.
My point exactly.
Give each person a randomly unique number when they turn up to vote. Have them enter the number with their votes, check that it's valid, and record both.
After the election, make all the votes available. Everyone can check the totals, and anyone who made a note of their number can check that their vote was recorded correctly. If there's any vote tampering going on, everyone who's vote got tamperd with will KNOW, not just suspect, that the election was rigged.
My full rant on the topic is at href="http://zcat.wired.net.nz/evote/
Duh! Think about it..
"Let's flood p2p networks with bogus files, making it virtually impossible to find any real music. That'll show those RIAA bastards who're trying to stop us sharing music!!"
Are you really that stupid, or have I just been trolled?
ditto;
* 2003-07-17 10:06:36 Doing your prostate a favour (articles,humor) (rejected)
The trolls would have been worth reading too..
"..for which 'da Gov can do very, very bad things to [Microsoft]" .. and IAAL.
You're a lawyer who's been living in a cave for the last five years?
How can you fake your IP address?
Apparently; like this.
You search for a file, get replies via the net telling you who (by nickname, not IP) has it, and send a request back via the net to download the file, along with your IP and probably bandwidth. At this point you haven't been told the IP of the machine that has the file.
So now the sending machine starts sending you the file as bunches of spoofed UDP packets, with a healthy measure of error-correction built in so you won't need to re-request any missing packets. You still don't know the sending machine's IP.
What I'd like to know is;
I request a file and several people have it. Then I let them all know that my IP address is "grc.com" and that I have practically unlimited bandwidth. Lots of hosts begin sending spoofed UDP packets at grc.com with no valid return address.
Repeat until grc.com vanishes under all the traffic..
I hope somewhere in the protocol they verify that the address they're sending stuff to is actually the one making the requests for it.
You think so?
if you have several hundred/thousand machines which accept a (control message) and in return generate large amounts of traffic to a (target), that is a floodnet. I have no doubt myself that the script kiddies WILL find a way of mapping and using it.
I do hope you realise that you're creating a 'zombie DoS net' which future genertions of script kiddies will be very happy to exploit.
I don't think that's the 'solution' I was looking for.
This is just getting insane. I do not have advertising robots following me home in real life. I do not have advertisers picking my doorlocks, jamming my mailbox full of leaflets hourly, or shouting at me through my windows 24/7 in real life.
No matter what distorted analogy you try to apply, the simple fact is that spam IS OUT OF CONTROL. No more technical solutions. No more arms race. We need some legal remedies. As I see it, there's two possible solutions;
Adding one little line of code to every one of the myriad of pages on the New York Times website is not a small deal. It's going to involve a lot of paperwork, testing, and coding on the part of a lot of people.
/robots.txt, a file that is independent of the rest of the site and never even accessed by ordinary browsers.
But it's not one line of text on EVERY page. It's one line of text in
It's probably simpler for Google to create a registry of "do not cache" pages on their end. And it's more their responsibility, anyway, being the ones who created the cache in the first place.
Google already have exactly such a registry, and they don't even wait for sites to contact them.. Their robots -asks- the site (via the recognised standard '/robots.txt' file) if they object to being indexed and/or cached. Most other search engines look for the same file and handle it the same way.
This is (from my perspective) far better than having to individually register your site with the several hundred search engines that might try to index it..
they don't have to change the whole site; they just need to add ONE LINE of text to ONE plaintext file.
How hard is that?
Let's say I've got the best lock I can get (Spamassassin).. I'm still getting 100 advertisers per day at least testing the doorknob.. most of them bring lockpicks (l0ckpicks...) with them, and about 5 a day manage to pick my lock and sucessfully shove their advertising in my face, even though they can obviously see that I'm trying to avoid it.. and all of them are wearing ski-masks.
"..NP.." ? Nitpicking is one word.. :)
and there's nothing like a perfect backup when you are serious about archiving.
Considering that the masters are probably 24 bit at 96khz sampling rate, and undoubtably more than two channels.. I'd have to say both FLAC and the original CD are "nothing like a perfect backup"
what Disney is afraid of is that, as soon as it becomes legal to do so, someone will create a "derivative work" that is contrary to the disney image.
For example, some company would likely take it upon themselves to create R or NC-17 rated cartoons that feature Mickey.
And that is a huge red herring. The character of Mickey Mouse is already protected for as long as Disney continues to use and defend him as their trademark.
As if terrorists would discuss their plans via mobile phones fully knowing that the FSB is listening.
I have a theory about this.
Cellphone encryption isn't end-to-end, it only protects the radio signal between handset and tower, so if the FSB can order it switched off they presumably also have the authority to monitor the unencrypted calls 'on the wire'
And like you say the bombers are DEAD; it's not clear what calls they're expecting to hear.
My theory is that it's all psychological. By switching off encryption during obvious 'crisis times', the FSB give the impression that they CAN'T monitor calls any other way. Future criminals are led to believe the standard encryption is 'safe enough', and don't feel the need to use alternative channels or additional encryption.
I've given this a fair amount of thought, and typed it all up at http://zcat.themall.co.nz/evote/
The most common objections; that people will falsely claim the vote was rigged (just like large groups of people falsely conspire food contamination claims against resturants in order to collect big payouts.. they DON'T!) or that votes can be bought (Sure; [ lobbying $$ == votes ] anyway, why not just give us the cash directly?! Also vote buying is already blatently illegal so difficult on any significant scale. And there's ways to 'sell' your vote and still get to keep it too, unless the buyer/coercer can contact you both immediately after voting and again weeks later. Which would be very risky for them given that vote-buying is already illegal.
Yeah.. I think I already covered most of these points. More input is always welcome.
Ahh.. don't worry about it, I found their homepage already.. :)
You're telling me the Amish don't get spam?
where do I sign up!!!?
knowledge-sharing restrictions.
XP has a really pathetic amount of software included. If you want anything else (IRC client? ftp server? SSH client/server?) that's a download and not counted as a 'windows vulnerability' .. never mind the number of idiots that get infected via mIRC or Kazaa, that doesn't get counted as a 'windows' vulnerability.
So to be fair you can include vulnerabilities in common windows software as part of the 'windows' count, or don't count vulnerabilities in things like SSH, Sendmail, ftpd, xchat, etc. where Windows doesn't have any 'bundled' equivalent..
Or you could observe that a default 'desktop' redhat install is just a fraction of all the available packages (which still includes tons of apps WindowsXP doesn't give you), and count vulnerabilities for only those packages.
Or you could just check your mailbox and count the number of 'Windows viruses' you've been sent this month versus the number of 'Linux viruses'..