You're quite right, my wife would be able to sort out a lot of things.
For ATM cards vs. a bank account -- I've found that this approach is definitely easy when traveling, but you can generally get exchange rates a bit better using a good currency trader (I'm using XE.com to buy euros) than you'll get from your bank or credit card. (That might depend on your bank, but it worked that way for me in France). Quite probably not worth the trouble for you since you aren't there year round.
About medical insurance -- you can probably save money by signing up for expat health insurance... I set up a plan with William Russell that's amazingly cheap compared to US-based health insurance -- you don't need it to cover dental and minor things; like you said, it basically covers the base in case of disaster.
The problem is that IT has been taken over by Business School Product. They have no grasp of science, no feel for aesthetics, they only have feel for next quarters numbers and covering their ass. Absolutely correct. They even have the same haircut, and walk in lockstep (with that funny hop in midstep to allow for the continued ass-covering)! They stop by every 15 minutes to say "you know we're behind schedule on this, right?" and "yeah... I'm gonna have to ask you to come in Sunday, too... mmkay?"
Alas, on the other side of the problem lies the "we only grok technology" developers, who don't understand the business side at all. Yeah, none of them do; it's crazy.
You can tell them the project has a budget, that it's bleeding money for every extra week they spend tinkering with their from-scratch templating language, and they just look at you. They say "yeah, about 3 months" for *every* possible project proposal, then just bitch about you when you try to explain how you the customer isn't paying for 6 extra months. Or some of them say "that'll take 3 years" when you show them the proposal for a simple website.
They want to be paid 6 figures for the "magic" they do, even if they spend all day browsing the free fonts online for the subtitles on your contacts page, and the company website has been returning a 404 for the checkout page for 3 days now. You can lay out the figures for them -- "we earn only an extra $10K a year through the website you're managing for us, and maybe an extra $20K of our other business comes through it... but you want us to hire a DBA to help you out?" -- and they say "yeah -- I don't have time for all that database stuff! oh, and maybe some SEO company can help those numbers of yours.. that's not my problem."
If any single car were trusted by the rest, any jokester could cause chaos on a whim.
On the other hand, with a convoy of friends (perhaps "haha, you opened the sexy_pix.gif___.pif attachment in your MS Outlook Ford Edition" friends)....
Largely, just to do something different. To get out of the US and stop gritting our teeth over the news every day. We don't have kids yet, and my wife's a writer. She had just finished an MFA program in Michigan and our friends were scattering anyway... it was a great opportunity to shift gears.
France was a good candidate for us because French is the only non-English language we both speak well, and living in the UK (speaking English) would have been too expensive. The dollar isn't doing very well against the euro either, but cost of living is fairly low where we are. Well, not gasoline (diesel is cheapest, and that hovers around 1 euro/liter... that's $5/gallon), but I got a '94 diesel Renault Clio that reliably gets 45+ miles/gallon to balance that out.
Oh, and some kind of magic batter technology so it can get the same sort of life that the original Series 3 had... Please -- we are not interested in hearing about your "magic batter".
My dream machine has exactly the hardware, peripherals, network connection, etc. that I would come up with, if I put in the enormous amount of mind-numbingly boring time to track down the indisputable best combination of components (and they all have to be compatible with each other...) for my future usage patterns.
It would run the OS that I would select after having tested perfectly-tuned and personally-configured versions of every OS and variant, plus all possible OS extensions, add-ons, enhancements, etc. that are out there.
It would have all of the software that I would select after exhaustive testing, preinstalled and configured just the way I'd like it, if I spent the time tinkering with all the options and exploring every little subfeature and 3rd party extension.
I'm dead serious. I spec'ed out a new computer a couple of years ago, and I'm enough of a perfectionist that it damn near sucked the life out of me doing all the research. And I love the configuration flexibility of many OSes and development tools, but the sheer effort required to *find* that perfect configuration is horrific.
Yup, it's good to do a bit of plug research before leaving, and order the plug adapters you'll need (and just the adapters are pretty lightweight things).
Fortunately, the power converter isn't necessary for laptops nowadays, or most expected-to-travel electronic devices, like battery chargers, phone chargers, etc.. You just plug them in (with your plug adapter) and they switch automatically. Check on the back of the brick -- if it says "Input: 100/240V AC 50/60 Hz" that means you're good to go.
PC power supplies generally also support both voltages, but be careful if you're moving to another country -- there may be a switch you have to flip before plugging it in. My brother toasted his power supply when he moved to the Netherlands because he forgot the switch.
And the "fast food" is some of the best cuisine in the world, right?
My wife is Malaysian (I'm an American), and she's been talking about the possibility of living back in Malaysia for a period of time. At the moment, it won't work -- I work remotely, but my clients are all in the US, and the 12 or 13 hour time difference would make that pretty much impossible. Being available from 9pm to 5am doesn't sound great to me.
But how was it getting yourself set up there? Visa, renting an apartment, bank account, medical insurance, car, that kind of stuff. Was it tricky? Particularly assuming you didn't speak Malay....
Either work or dont work, stop half-assing it already. Nobody works 24 hours a day. Even if you can't take *any* vacation time (because it's used up, or whatever), once your workday ends, instead of stepping out into, say, a freezing drizzle on the same old dirty city block, you put away the laptop/cellphone/etc. and walk out into the sun, onto the beach, whatever.
But people usually use this as a way to extend a vacation, not avoid one entirely. Let's say you are allowed (or can afford) 5 days vacation this spring. Instead of going someplace cool for a single week (of which 3-4 days is burnt up sitting in airports and being jetlagged), you go for a month. Use the vacation time to start your weekend early Thursday, and do your serious fun during those long weekends. Do the smaller stuff in the mornings or evenings (depending on the time difference from your workplace).
You're still 100% on vacation when you're on vacation -- you just have a lot more control over when that is. This could be vacation you wouldn't even be *able* to take otherwise, because you're midway through a big project. The other approach could be to fly to wherever you want to be a week before your vacation actually starts. Work on the plane, and work (at night, in the pre-dawn hours, etc...) while you get through the jetlag and learn your way around, THEN take your full 5 days vacation from a refreshed, pre-acclimatized starting point.
I took it a step further, actually; I moved last summer to southern France, but am still working for clients in the US. It hasn't all been easy, but overall I'm pretty happy with how it's working out. The internet cafe thing wasn't great -- I did that for a couple of months; it's hard to find good lighting & comfortable chairs & quiet, Skype often doesn't work well over wireless connections, etc.. But now I'm more settled, with a DSL connection and a normal work environment... which is like I had back in the northern US, except in the morning I look out the window and see vineyards in every direction, and I don't have to check in with work until 3pm. (On the downside, I often have to be available in the evenings).
When I do take vacation time, though, (and yes, I do put the computer away), I'm already *in* Europe. I don't have to sit in a plane all day, find a hotel, or argue with the rental car agency. I'm a 40 minute drive from the Mediterranean, a few hours from Barcelona, a bit further in the other direction to Italy, a 30 euro flight from London, etc. etc.. Probably not for everybody (the red tape wasn't fun), but it's working for me.
BTW, if you have the WebDeveloper plugin installed (pretty darn useful) it also lets you disable the referer (in the "Disable" menu). You can also turn of JavaScript temporarily, enable auto-completion when it's disabled, and oh so much more.
What if instead of the remote control taking over, it just alerted flight controllers and turned on a camera in the cockpit? They could make the judgment call. Easy peasy. Isn't that missing the point?
If the flight controllers (ignoring the camera detail for now) can enable the remote control system remotely, then it just takes one small technical flaw, cracked code, etc. for *anyone* to be able to enable the remote control system remotely.
Hence, don't even start up the system unless a physical switch is flipped (or.. I'd personally argue for a button, since we don't want a switch that can be just flipped *off* again by the terrorists).
We might do better with Iran huh? Well Obama wants to go in against him so you might wanna watch out for him if you feel that way. And ya theres always going to be someone that goes against the crowd but at the time the majority was for the war. Everyone who touts *any* politician thinking "all we have to do is put this one in power, then all our problems will be solved" is a fool. The system only works if the rest of us keep an eye on the people in power, and call them on it when they're screwing up.
I wouldn't trust Obama blindly any more than I ever trusted Bush blindly. You have to watch over your government like you have to watch over your nutrition, rather than, e.g., just trusting McDonalds to do what's best for your health. It's the same kind of deal. Their interests are NOT your interests.
It's a little annoying sometimes, but there's no way out of it.
You can always say we shouldn't have done it AFTER the fact. Yes, and when that's the case it's important to say that as soon as possible, and try to fix what you f*cked up. No?
Its where we are now though so stop complaining about it and suck it up. What about "learning from history"? If we admit we screwed up Iraq, we might do dealing better with, say, North Korea and Iran.
The rest of the world might trust us a little more (never mind the Iraqis).
I might also point out that a whole lot of people said we shouldn't do it *before* the fact, using very solid reasoning that was supported at the time and became more and more apparent as time went by. At what point do we say, "hey, we should consider listening to these people"?
I know a plethora of US Marines that went over, alot of whom lost their lives. What they all had in common though was that they believed in what they were/are doing and they aren't sorry about going. This is why I feel so strongly about this -- when we screw things up, good people die. Don't disrespect their lives by saying "it doesn't matter whether the cause was right". Yes, it matters.
FUD or not, I'd still be concerned that the Destroy function could go awry, and might delete files it had no business touching. That could be as simple a bug as failing to check where it's logged to before it starts killing files. No kidding!! I've heard that many programs, upon installation *automatically* generate a program whose sole purpose is to eradicate the main program from your computer. If you ran this diabolical "uninstaller" program by accident, and it just started killing those files in a frenzy... well, you can imagine it would just take a small error to cause a serious catastrophe....
Seriously, the ACTUAL behavior of the program is not dangerous or unreasonable. If you used a pirated key, it wouldn't work, and you'd have to contact the developer for support.
I don't buy Macs because of their superior quality. I buy them becasue Apple computers tend to be comparatively well designed (at least the laptops are), the Apple desktop environment has better ergonomics than Windows (in my opinion, your milage may vary), personally I value the fact that OS.X is Unix based and Apple hardware tends to age better than many (but by no means all) PC computer brands, there are PC brands that do just as well as Apple. ...i.e., you do buy Macs because of their superior quality.
My software is nothing like blue frog. The main difference is that BlueFrog took the same approach, but with adjustments to: * keep it legal (a straight DDoS is not legal, and your users would expose themselves to legal repercussions) * involve human-written scripts to access the spamvertized company's site, so that the response (a complaint) would be successfully delivered in the most effective way possible.
The legal question is essential. You need more than a few hundred (or a few thousand) people using the software, or the impact is negligible and avoidable. And of course if the spammers just manage to get one of your users or YOU heavily fined or jailed for DDoS attacks, that pretty much finishes it.
So BlueFrog was designed on the idea that one spam = one complaint on the spamvertized company's server, often submitted into an order form or something like that to get their attention. Unfortunately for their model, they managed this by having users send all spam to a central server, where they processed it and sent reporting scripts back out to the clients, who would submit the actual complaints. Obviously this presented an attackable weak link. The complaints would include text that told the spammer how to download software to clean *all* bluefrog users from their lists... unfortunately (this was the other, smaller flaw) the spammers could figure out the blue frog users on their lists by doing a simple compare of lists pre & post cleaning. Then harass them directly... though the number of users was high enough that this didn't amount to much in the end.
Personally, I STILL think this is the closest anyone has come to a successful campaign against spam. There's a project set up to create a similar, but distributed, system at http://okopipi.org/ if you are interested in pitching in and solving the remaining issues.
Just please don't create yet another DDoS against spammers tool (there are others out there already, of course) that is blatantly illegal to use and thus cannot be anything more than a mild irritation to spammers.
Also as a monster your intended role ultimately is to be defeated by the player. Why do you want to go into a situation you know is likely to defeat you as your primary purpose? See http://goblinscomic.com/
And, with certification, the people who want ot read the spam can filter it into a seperate folder, and read all they want!
Unfortunately, there is no cure for stupidity. Well, there's education, but there are *always* going to be new users. "There's a sucker born every minute", after all. And as long as they are funding the spammers, the spam will keep coming.
Spammers don't care about getting spam through to you and me. We don't buy anything. But, they do. Why the emphasis on beating Baysian filters (like Spam Assasin uses?) Why the 'real' sounding subject lines designed to fool a HUMAN into opening the email? If they're not getting any money out of you, your wasted time is collateral damage. The emphasis on beating filters is to get around server-side and default-enabled client-side filters. Look at Hotmail, for example -- tons of users, but there's also filtering that's on by default. Spammers have to get around that. The subject lines are to trick the gullible, e.g. to pretend the stock tip/diet pill link/whatever came from an acquaintance. You also see a ton of subject lines that say exactly what they're selling, in a roundabout way -- just to avoid filters, not to trick users. E.g., "Don't be inadequate anymore".
Well, a 'safe' default would be to sort the email by cert status. That way, the user can clearly see that the 'certified inbox' contains mo spam, while the 'uncertified inbox' has lots. No emails are lost, and the user, IF THEY WANT, has reason to convince others to certify. But you can't expect Microsoft to roll out this change while all but a handful of messages are *all* in the "uncertified" box. People will be confused, and think the software is broken.
I'm no programmer. Ask one. I am one; but you don't have to be a programmer to figure out some details. To report spam coming from a certified sender, the button would need to track down the ISP to report to, first of all. How do you figure that out? But once it did, unless the ISPs all implemented a standard means of reporting, that's all it can do.
You seem stuck in the early stages. WHat about later, when it's 50%, 0r 25%? This is my biggest point. If it's useless until we reach some high percentage, it simply won't get started. Companies need some reason to get on board, and paying money now for hopefully reducing spam 5 years down the line generally doesn't cut it.
What about putting out a Open SOurce project that implements this, and letting us 'nonspam targets' use it? Then, as we start bragging to friends about how we get no spam, it can spread to the rest of the people? Or, how about getting Microsoft behind it, so the next update to Outlook/Exchange includes it by default? That'll push it well past the 5% mark. Well, you'd need tons of projects: to patch the major email server software, to implement the ISP's certification management and complaint handling, and to patch the email clients and server-side filters. And again, even you wouldn't be able to reduce your spam with it even if 5% of all legitimate mail were certified (and that's a high number for a starting rollout!).
Check my other comments about how Microsoft *can't* get behind it, because it would harm their software in the short term in the hopes of everyone in the world changing their email server software, all ISPs building a certification process, and everyone with an email server certifying with the ISPs in the long term. And hoping that the spammers don't find a loophole somewhere along the line, which is tough to guarantee.
Look, you don't think the idea will work? Fine. But, why not help make it better, instead of bitching about all the perceived problems? Well, that's what I talked about my first response -- there are other approaches that I think have more promise. I don't think the problems here are solvable; that's why I'm trying to get you to put your time/thought into solving the problems of stronger candidates.
If you want to dig into any of those ideas instead, go for it.
You seem to be just saying the same things back to me as you were saying before. Let me take another approach and come from the top down.
1) People send spam because they get money out of it. As long as the money keeps coming, they will keep sending it.
2) The money comes from people who either want to read the spam because they want cheap rolex knockoffs, larger genitalia, penny stock tips, etc. ane/or people who are technologically ignorant and are easily defrauded.
3) Spammers don't care about getting spam through to you and me. We don't buy anything. They only care about bypassing the server-level filters that ISPs put in place, and any on-by-default filtering that might be in common email clients. Fortunately for them, ISPs and default client filters have to be extremely careful about what they filter out, because customers get pretty worked up about false positives.
4) As for the ISPs, they probably *would* be willing to invest some money/time in a system that could lower the amount of spam they received -- most of their customers don't want it, and the load on their servers costs money -- BUT if the system doesn't accomplish that, they can't reasonably invest in it.
You seem to think that the uncertified emails will automatically be deleted. I specifically made the point thatthe email client would handle the 'certified/uncertified' flag on it's own. UNcertified email can be handled ANY WAY THE USER WANTS. It can be deleted, dropped into a 'spam' folder, flagged, or have nothing done to it.
Yes, I understand that. My point is that the users the spammer is interested in (#2 above) WILL NOT understand certified/uncertified email (particularly not when 95% of valid mail is still uncertified), will not install client filters, will not upgrade their email client unless MS does it for them, etc..
In the above case, the third option mentioned, flagging the email as 'uncertified', would be the best option. Outlook already flags emails as 'important', 'read/unread', etc. This would be one more flag.
The targets for spam are using default settings on the email client that came with the computer. What do you propose Microsoft do, while 95% of legitimate email is uncertified? Remember, these users will not understand that "certified mail is a new concept, so most legitimate mail will be uncertified for now, but in the future this flag may be useful to you".
I obviously don't want spam, but I couldn't filter on this added field when 95% of my valid email is uncertified. Or when 50% of my valid email is uncertified.
Why not? Why not flag the email, as mentioned above? Or subject the uncertified emails to extra-strong spam detection? Or filter then into a seperate 'uncertified inbox' folder? Or use the uncertified status to fire back an automated message explaining that they are uncertified, and explaining what to do to get certified (or to get on your white-list).
These are valid options for people like you and me, who are NOT the intended targets of spam. Even so, in the early stages certification will not be a useful marker for spam filtering.
So... the spam targets (who all have certification UNaware clients) continue to receive spam.
Yup. And when they complain about spam to their friends, their friends will tell them about certification, and they will update to a certification-aware client. What's the problem?
The problem is that this certification-aware client won't help them. It just puts a red flag onto 95% of all of their email.
And the pressure to upgrade email servers for some benefit still isn't there, particularly when you look at overly-busy server admins PLUS servers that don't even *have* proper admins, etc. etc..
If a server does not have a "proper admin", then it probably does not deserve certification.
Spam filtering at the client level doesn't affect spam -- the suckers who the spam targets are NOT configuring filters at home.
They will, if the setup wizard for the email software makes it a required step. So... all we have to do is get Microsoft behind the idea, and poof, the next version of Outlook will include it.
This hits the same problem as filtering on the server. Microsoft might have high hopes and lay down the cash to *develop* the filter, but they cannot turn on any such filter by default until certification saturation, because Grandma won't see Junior's valid (but uncertified) messages, and she won't know why. That would make Outlook Express harder to use and give Microsoft more support calls.
So -- can you imagine an ISP filtering out email at the server level based on certification? No -- because all grandma cares about is getting Junior's emails, and when they stop coming (because his ISP's servers are in the 95% still uncertified) she gets on the phone and starts costing them money...
Read what I wrote:
When email arrives at the recipients server (or this could be done at the client level, as well), the server sees the certification, and connects to the certifying server to get your public key. It attempts to decrypt the header line. If it does it marks the email as 'certified', if it cannot, it marks the email as 'uncertified', and the email client can be programmed to filter messages based on that.
Yes, I know. Again, how does this stop spam reaching its targets? I obviously don't want spam, but I couldn't filter on this added field when 95% of my valid email is uncertified. Or when 50% of my valid email is uncertified. Now look at the non-savvy new computer user. Do you think Microsoft wants to force him to use filtering on this when it will hide half his valid email?
See? If you have a certification-UNaware email client, it receives email completely normally. If you have a certification-aware client, it can (not 'must') filter incoming emails by certification status.
So... the spam targets (who all have certification UNaware clients) continue to receive spam. The tech-savvy have a way to add a fraction of a point to an email's spam score... but they weren't going to buy from the spammer, anyway. And the pressure to upgrade email servers for some benefit still isn't there, particularly when you look at overly-busy server admins PLUS servers that don't even *have* proper admins, etc. etc..
The last link is the upstream access provider. They would need to implement the system and hire the staff for accepting complaints (online? via phone?), filtering out the sabotage from the real complaints, collecting evidence of abuse, dealing with angry ISPs on the phone, establishing/expiring/revoking certification, etc..
You're right, it'll never work. The ISP would need a bunch of people sitting there, in some sort of center, at some sort of desk where they can help people, waiting for calls to come in. The people would have to answer the phone, take information from the customer, start some sort of record of the incident (a 'help desk ticket', if you will), and take certain actions based upon the data they collect.
It'd never happen. Nope. No such 'call center' could ever exist. Stupid idea.
Sarcasm aside, you're still thinking at the high level. Think about a real life implementation. The regular help staff can't handle this with no changes/no new software/no new hardware. Someone needs to write software for and manage the servers that are handling certification distribution. Your system (especially if you want to implement that part about new certifications expiring almost immediately!) must be automated, but also because you're expecting abuse attempts it will need human supervision.
Walk through the process of certificate application, and see what that
I keep seeing variations on this idea, and while it's perfectly sound in the abstract, in practice it simply will not happen.
The problem is that certification is useless until the vast majority of email servers are certified.
I know, you said this isn't true, but I don't think you understand the situation. Spam filtering at the client level doesn't affect spam -- the suckers who the spam targets are NOT configuring filters at home. Yes, the geeks will get their family server in the basement certified in their spare time, and all their friends will send them certified messages. The spammers won't give a damn, because they're perfectly happy if the geeks and antispammers don't read their spam (they don't buy anyway).
So -- can you imagine an ISP filtering out email at the server level based on certification? No -- because all grandma cares about is getting Junior's emails, and when they stop coming (because his ISP's servers are in the 95% still uncertified) she gets on the phone and starts costing them money... and don't forget the time/money they spent implementing the filter, testing it, rolling out with hopefully no glitches/downtime, monitoring it, etc..
They might put a flag in the subject line of uncertified emails... okay, but it shows up in the emails from the bank, from the kids, from work... the complaints roll in. Cash flows out. So filtering is a liability.
But what about their own outgoing mail? Certify? Well, again it'll cost a chunk of time (money) to learn, setup and maintain 24/7/365 with the occasional confused complaint, it'll possibly cost their users some downtime particularly if they screw it up, and it'll gain them *nothing* for now, because no one is filtering yet (see above).
No brainer decision when your staff is already stretched thin.
The last link is the upstream access provider. They would need to implement the system and hire the staff for accepting complaints (online? via phone?), filtering out the sabotage from the real complaints, collecting evidence of abuse, dealing with angry ISPs on the phone, establishing/expiring/revoking certification, etc..
Will they go for it? Again, big cost, big headaches, and no gain until that magical day when everyone is on board.
Seriously, there's a positive push because no one likes spam, and everyone would gain from a plan that would actually curb it... but people need to come up with something that will work on the low level.
The SPF system is one that DOES help incrementally more as implementation spreads. It mitigates joe-jobs and backscatter for all domains with a SPF DNS record, and is trivial for server admins to implement. AND it doesn't cost anything if mail servers reject mail that fails the test: valid email will come from the server listed in the DNS record, OR the server may have no SPF record yet (let it through). Spammers can only spoof addresses without SPF records, since they can't set up their own SPF record -- they'd be easily traceable when they spam, since the domain registrar would have credit card info, etc..
Even at early stages, there's benefit for server admins to filter (removes spam safely from any domain with an SPF record), and there's benefit for adding the SPF record (please, filter out spam that pretends to be from me! my customers don't like it).
It's not perfect... forwarding email and badly created records can cause issues, plus while AOL has implemented basic SPF filtering Microsoft is involved and trying to mix XML into the record format somehow....
Personally I feel the BlueFrog approach is the strongest for non-stock-pump spam... but obviously a decentralized approach is required to avoid Blue Security's fiery downfall. The main problem with this system is that human analysis is required to analyze spam and write scripts for leaving complaints.
How does Notepad2 compare to Notepad Plus? Seriously, I do everything on Linux, but at General Dynamics, all the friggen desktops are Windows, requiring us Geeks to run Cygwin to get the job done - Aaaaaarggghhh... Can Notepad2 copy and paste culumnar (vertical) blocks? They're both built using the scintilla code-editing component, which does support columnar editing (alt-select).
So the government takes money from a citizen, then after a year returns it to him or her. To you, this is not "giving you money back"? Isn't that basically the definition of giving something back? Here's a test. See if *you* can get a stranger to just give you a bunch of money, and tell them you'll repay them the exact dollar amount in a year (so technically less money after inflation). No takers, huh?
There's value in HAVING the money. If the government is holding it, they can use it however they want until refund day (but not paying you a dime in interest). If YOU'RE holding it, you can earn interest on it from your bank, you can invest it, etc..
In the normal situation, if you loan the government money (by buying treasury notes, savings bonds, etc.), they have to pay interest for the use of your money. When you screw up your withholding, they don't.
It's not so simple, even if you want to take the pure amoral "money is the only good" approach.
People are not constants, for one, and different people will react differently.
Getting actual, intelligent feedback can: * impress an intelligent/self-aware candidate, and possibly motivate them to get the requisite lower-level experience, take some classes, do some side projects, etc. to bring themselves up to spec. When they return, they'll be what you were looking for, and they will have that much more invested psychologically in the company/job. OR they will decide this isn't the job for them, and they'll enter another field (no loss to you).
* annoy or anger the unintelligent/non-self-aware candidate, because they don't recognize the utility of the feedback. These candidates will go on to become a drain on your competitors just as you hoped.
Slashdot Mirror
What, are you some kind of luddite? Plus, you'd get caught pretty easily if you just blocked the traffic in the obvious way.
You're quite right, my wife would be able to sort out a lot of things.
For ATM cards vs. a bank account -- I've found that this approach is definitely easy when traveling, but you can generally get exchange rates a bit better using a good currency trader (I'm using XE.com to buy euros) than you'll get from your bank or credit card. (That might depend on your bank, but it worked that way for me in France). Quite probably not worth the trouble for you since you aren't there year round.
About medical insurance -- you can probably save money by signing up for expat health insurance... I set up a plan with William Russell that's amazingly cheap compared to US-based health insurance -- you don't need it to cover dental and minor things; like you said, it basically covers the base in case of disaster.
Thanks for the details!
Alas, on the other side of the problem lies the "we only grok technology" developers, who don't understand the business side at all. Yeah, none of them do; it's crazy.
You can tell them the project has a budget, that it's bleeding money for every extra week they spend tinkering with their from-scratch templating language, and they just look at you. They say "yeah, about 3 months" for *every* possible project proposal, then just bitch about you when you try to explain how you the customer isn't paying for 6 extra months. Or some of them say "that'll take 3 years" when you show them the proposal for a simple website.
They want to be paid 6 figures for the "magic" they do, even if they spend all day browsing the free fonts online for the subtitles on your contacts page, and the company website has been returning a 404 for the checkout page for 3 days now. You can lay out the figures for them -- "we earn only an extra $10K a year through the website you're managing for us, and maybe an extra $20K of our other business comes through it... but you want us to hire a DBA to help you out?" -- and they say "yeah -- I don't have time for all that database stuff! oh, and maybe some SEO company can help those numbers of yours.. that's not my problem."
If only even a few of them were different.
If any single car were trusted by the rest, any jokester could cause chaos on a whim.
On the other hand, with a convoy of friends (perhaps "haha, you opened the sexy_pix.gif___.pif attachment in your MS Outlook Ford Edition" friends)....
Largely, just to do something different. To get out of the US and stop gritting our teeth over the news every day. We don't have kids yet, and my wife's a writer. She had just finished an MFA program in Michigan and our friends were scattering anyway... it was a great opportunity to shift gears.
France was a good candidate for us because French is the only non-English language we both speak well, and living in the UK (speaking English) would have been too expensive. The dollar isn't doing very well against the euro either, but cost of living is fairly low where we are. Well, not gasoline (diesel is cheapest, and that hovers around 1 euro/liter... that's $5/gallon), but I got a '94 diesel Renault Clio that reliably gets 45+ miles/gallon to balance that out.
My dream machine has exactly the hardware, peripherals, network connection, etc. that I would come up with, if I put in the enormous amount of mind-numbingly boring time to track down the indisputable best combination of components (and they all have to be compatible with each other...) for my future usage patterns.
It would run the OS that I would select after having tested perfectly-tuned and personally-configured versions of every OS and variant, plus all possible OS extensions, add-ons, enhancements, etc. that are out there.
It would have all of the software that I would select after exhaustive testing, preinstalled and configured just the way I'd like it, if I spent the time tinkering with all the options and exploring every little subfeature and 3rd party extension.
I'm dead serious. I spec'ed out a new computer a couple of years ago, and I'm enough of a perfectionist that it damn near sucked the life out of me doing all the research. And I love the configuration flexibility of many OSes and development tools, but the sheer effort required to *find* that perfect configuration is horrific.
Yup, it's good to do a bit of plug research before leaving, and order the plug adapters you'll need (and just the adapters are pretty lightweight things).
Fortunately, the power converter isn't necessary for laptops nowadays, or most expected-to-travel electronic devices, like battery chargers, phone chargers, etc.. You just plug them in (with your plug adapter) and they switch automatically. Check on the back of the brick -- if it says "Input: 100/240V AC 50/60 Hz" that means you're good to go.
PC power supplies generally also support both voltages, but be careful if you're moving to another country -- there may be a switch you have to flip before plugging it in. My brother toasted his power supply when he moved to the Netherlands because he forgot the switch.
And the "fast food" is some of the best cuisine in the world, right?
My wife is Malaysian (I'm an American), and she's been talking about the possibility of living back in Malaysia for a period of time. At the moment, it won't work -- I work remotely, but my clients are all in the US, and the 12 or 13 hour time difference would make that pretty much impossible. Being available from 9pm to 5am doesn't sound great to me.
But how was it getting yourself set up there? Visa, renting an apartment, bank account, medical insurance, car, that kind of stuff. Was it tricky? Particularly assuming you didn't speak Malay....
But people usually use this as a way to extend a vacation, not avoid one entirely. Let's say you are allowed (or can afford) 5 days vacation this spring. Instead of going someplace cool for a single week (of which 3-4 days is burnt up sitting in airports and being jetlagged), you go for a month. Use the vacation time to start your weekend early Thursday, and do your serious fun during those long weekends. Do the smaller stuff in the mornings or evenings (depending on the time difference from your workplace).
You're still 100% on vacation when you're on vacation -- you just have a lot more control over when that is. This could be vacation you wouldn't even be *able* to take otherwise, because you're midway through a big project. The other approach could be to fly to wherever you want to be a week before your vacation actually starts. Work on the plane, and work (at night, in the pre-dawn hours, etc...) while you get through the jetlag and learn your way around, THEN take your full 5 days vacation from a refreshed, pre-acclimatized starting point.
I took it a step further, actually; I moved last summer to southern France, but am still working for clients in the US. It hasn't all been easy, but overall I'm pretty happy with how it's working out. The internet cafe thing wasn't great -- I did that for a couple of months; it's hard to find good lighting & comfortable chairs & quiet, Skype often doesn't work well over wireless connections, etc.. But now I'm more settled, with a DSL connection and a normal work environment... which is like I had back in the northern US, except in the morning I look out the window and see vineyards in every direction, and I don't have to check in with work until 3pm. (On the downside, I often have to be available in the evenings).
When I do take vacation time, though, (and yes, I do put the computer away), I'm already *in* Europe. I don't have to sit in a plane all day, find a hotel, or argue with the rental car agency. I'm a 40 minute drive from the Mediterranean, a few hours from Barcelona, a bit further in the other direction to Italy, a 30 euro flight from London, etc. etc.. Probably not for everybody (the red tape wasn't fun), but it's working for me.
BTW, if you have the WebDeveloper plugin installed (pretty darn useful) it also lets you disable the referer (in the "Disable" menu). You can also turn of JavaScript temporarily, enable auto-completion when it's disabled, and oh so much more.
If the flight controllers (ignoring the camera detail for now) can enable the remote control system remotely, then it just takes one small technical flaw, cracked code, etc. for *anyone* to be able to enable the remote control system remotely.
Hence, don't even start up the system unless a physical switch is flipped (or.. I'd personally argue for a button, since we don't want a switch that can be just flipped *off* again by the terrorists).
I wouldn't trust Obama blindly any more than I ever trusted Bush blindly. You have to watch over your government like you have to watch over your nutrition, rather than, e.g., just trusting McDonalds to do what's best for your health. It's the same kind of deal. Their interests are NOT your interests.
It's a little annoying sometimes, but there's no way out of it.
The rest of the world might trust us a little more (never mind the Iraqis).
I might also point out that a whole lot of people said we shouldn't do it *before* the fact, using very solid reasoning that was supported at the time and became more and more apparent as time went by. At what point do we say, "hey, we should consider listening to these people"? I know a plethora of US Marines that went over, alot of whom lost their lives. What they all had in common though was that they believed in what they were/are doing and they aren't sorry about going. This is why I feel so strongly about this -- when we screw things up, good people die. Don't disrespect their lives by saying "it doesn't matter whether the cause was right". Yes, it matters.
Seriously, the ACTUAL behavior of the program is not dangerous or unreasonable. If you used a pirated key, it wouldn't work, and you'd have to contact the developer for support.
The main problem here is that the developer thought scaring people would reduce piracy, but it has blown up in his face into huge, horrible publicity.
* keep it legal (a straight DDoS is not legal, and your users would expose themselves to legal repercussions)
* involve human-written scripts to access the spamvertized company's site, so that the response (a complaint) would be successfully delivered in the most effective way possible.
The legal question is essential. You need more than a few hundred (or a few thousand) people using the software, or the impact is negligible and avoidable. And of course if the spammers just manage to get one of your users or YOU heavily fined or jailed for DDoS attacks, that pretty much finishes it.
So BlueFrog was designed on the idea that one spam = one complaint on the spamvertized company's server, often submitted into an order form or something like that to get their attention. Unfortunately for their model, they managed this by having users send all spam to a central server, where they processed it and sent reporting scripts back out to the clients, who would submit the actual complaints. Obviously this presented an attackable weak link. The complaints would include text that told the spammer how to download software to clean *all* bluefrog users from their lists... unfortunately (this was the other, smaller flaw) the spammers could figure out the blue frog users on their lists by doing a simple compare of lists pre & post cleaning. Then harass them directly... though the number of users was high enough that this didn't amount to much in the end.
Personally, I STILL think this is the closest anyone has come to a successful campaign against spam. There's a project set up to create a similar, but distributed, system at http://okopipi.org/ if you are interested in pitching in and solving the remaining issues.
Just please don't create yet another DDoS against spammers tool (there are others out there already, of course) that is blatantly illegal to use and thus cannot be anything more than a mild irritation to spammers.
It's a tough life.
Unfortunately, there is no cure for stupidity. Well, there's education, but there are *always* going to be new users. "There's a sucker born every minute", after all. And as long as they are funding the spammers, the spam will keep coming. Spammers don't care about getting spam through to you and me. We don't buy anything. But, they do. Why the emphasis on beating Baysian filters (like Spam Assasin uses?) Why the 'real' sounding subject lines designed to fool a HUMAN into opening the email? If they're not getting any money out of you, your wasted time is collateral damage. The emphasis on beating filters is to get around server-side and default-enabled client-side filters. Look at Hotmail, for example -- tons of users, but there's also filtering that's on by default. Spammers have to get around that. The subject lines are to trick the gullible, e.g. to pretend the stock tip/diet pill link/whatever came from an acquaintance. You also see a ton of subject lines that say exactly what they're selling, in a roundabout way -- just to avoid filters, not to trick users. E.g., "Don't be inadequate anymore". Well, a 'safe' default would be to sort the email by cert status. That way, the user can clearly see that the 'certified inbox' contains mo spam, while the 'uncertified inbox' has lots. No emails are lost, and the user, IF THEY WANT, has reason to convince others to certify. But you can't expect Microsoft to roll out this change while all but a handful of messages are *all* in the "uncertified" box. People will be confused, and think the software is broken. I'm no programmer. Ask one. I am one; but you don't have to be a programmer to figure out some details. To report spam coming from a certified sender, the button would need to track down the ISP to report to, first of all. How do you figure that out? But once it did, unless the ISPs all implemented a standard means of reporting, that's all it can do. You seem stuck in the early stages. WHat about later, when it's 50%, 0r 25%? This is my biggest point. If it's useless until we reach some high percentage, it simply won't get started. Companies need some reason to get on board, and paying money now for hopefully reducing spam 5 years down the line generally doesn't cut it. What about putting out a Open SOurce project that implements this, and letting us 'nonspam targets' use it? Then, as we start bragging to friends about how we get no spam, it can spread to the rest of the people?
Or, how about getting Microsoft behind it, so the next update to Outlook/Exchange includes it by default? That'll push it well past the 5% mark. Well, you'd need tons of projects: to patch the major email server software, to implement the ISP's certification management and complaint handling, and to patch the email clients and server-side filters. And again, even you wouldn't be able to reduce your spam with it even if 5% of all legitimate mail were certified (and that's a high number for a starting rollout!).
Check my other comments about how Microsoft *can't* get behind it, because it would harm their software in the short term in the hopes of everyone in the world changing their email server software, all ISPs building a certification process, and everyone with an email server certifying with the ISPs in the long term. And hoping that the spammers don't find a loophole somewhere along the line, which is tough to guarantee. Look, you don't think the idea will work? Fine. But, why not help make it better, instead of bitching about all the perceived problems? Well, that's what I talked about my first response -- there are other approaches that I think have more promise. I don't think the problems here are solvable; that's why I'm trying to get you to put your time/thought into solving the problems of stronger candidates.
If you want to dig into any of those ideas instead, go for it.
1) People send spam because they get money out of it. As long as the money keeps coming, they will keep sending it.
2) The money comes from people who either want to read the spam because they want cheap rolex knockoffs, larger genitalia, penny stock tips, etc. ane/or people who are technologically ignorant and are easily defrauded.
3) Spammers don't care about getting spam through to you and me. We don't buy anything. They only care about bypassing the server-level filters that ISPs put in place, and any on-by-default filtering that might be in common email clients. Fortunately for them, ISPs and default client filters have to be extremely careful about what they filter out, because customers get pretty worked up about false positives.
4) As for the ISPs, they probably *would* be willing to invest some money/time in a system that could lower the amount of spam they received -- most of their customers don't want it, and the load on their servers costs money -- BUT if the system doesn't accomplish that, they can't reasonably invest in it.
You seem to think that the uncertified emails will automatically be deleted. I specifically made the point thatthe email client would handle the 'certified/uncertified' flag on it's own. UNcertified email can be handled ANY WAY THE USER WANTS. It can be deleted, dropped into a 'spam' folder, flagged, or have nothing done to it.
Yes, I understand that. My point is that the users the spammer is interested in (#2 above) WILL NOT understand certified/uncertified email (particularly not when 95% of valid mail is still uncertified), will not install client filters, will not upgrade their email client unless MS does it for them, etc..
In the above case, the third option mentioned, flagging the email as 'uncertified', would be the best option. Outlook already flags emails as 'important', 'read/unread', etc. This would be one more flag.
The targets for spam are using default settings on the email client that came with the computer. What do you propose Microsoft do, while 95% of legitimate email is uncertified? Remember, these users will not understand that "certified mail is a new concept, so most legitimate mail will be uncertified for now, but in the future this flag may be useful to you".
I obviously don't want spam, but I couldn't filter on this added field when 95% of my valid email is uncertified. Or when 50% of my valid email is uncertified.
Why not? Why not flag the email, as mentioned above?
Or subject the uncertified emails to extra-strong spam detection?
Or filter then into a seperate 'uncertified inbox' folder?
Or use the uncertified status to fire back an automated message explaining that they are uncertified, and explaining what to do to get certified (or to get on your white-list).
These are valid options for people like you and me, who are NOT the intended targets of spam. Even so, in the early stages certification will not be a useful marker for spam filtering.
So... the spam targets (who all have certification UNaware clients) continue to receive spam.
Yup. And when they complain about spam to their friends, their friends will tell them about certification, and they will update to a certification-aware client. What's the problem?
The problem is that this certification-aware client won't help them. It just puts a red flag onto 95% of all of their email.
And the pressure to upgrade email servers for some benefit still isn't there, particularly when you look at overly-busy server admins PLUS servers that don't even *have* proper admins, etc. etc..
If a server does not have a "proper admin", then it probably does not deserve certification.
I'm talking about the scores of small busine
Spam filtering at the client level doesn't affect spam -- the suckers who the spam targets are NOT configuring filters at home.
They will, if the setup wizard for the email software makes it a required step. So... all we have to do is get Microsoft behind the idea, and poof, the next version of Outlook will include it.
This hits the same problem as filtering on the server. Microsoft might have high hopes and lay down the cash to *develop* the filter, but they cannot turn on any such filter by default until certification saturation, because Grandma won't see Junior's valid (but uncertified) messages, and she won't know why. That would make Outlook Express harder to use and give Microsoft more support calls.
So -- can you imagine an ISP filtering out email at the server level based on certification? No -- because all grandma cares about is getting Junior's emails, and when they stop coming (because his ISP's servers are in the 95% still uncertified) she gets on the phone and starts costing them money...
Read what I wrote:
When email arrives at the recipients server (or this could be done at the client level, as well), the server sees the certification, and connects to the certifying server to get your public key. It attempts to decrypt the header line. If it does it marks the email as 'certified', if it cannot, it marks the email as 'uncertified', and the email client can be programmed to filter messages based on that.
Yes, I know. Again, how does this stop spam reaching its targets?
I obviously don't want spam, but I couldn't filter on this added field when 95% of my valid email is uncertified. Or when 50% of my valid email is uncertified. Now look at the non-savvy new computer user. Do you think Microsoft wants to force him to use filtering on this when it will hide half his valid email?
See? If you have a certification-UNaware email client, it receives email completely normally. If you have a certification-aware client, it can (not 'must') filter incoming emails by certification status.
So... the spam targets (who all have certification UNaware clients) continue to receive spam. The tech-savvy have a way to add a fraction of a point to an email's spam score... but they weren't going to buy from the spammer, anyway. And the pressure to upgrade email servers for some benefit still isn't there, particularly when you look at overly-busy server admins PLUS servers that don't even *have* proper admins, etc. etc..
The last link is the upstream access provider. They would need to implement the system and hire the staff for accepting complaints (online? via phone?), filtering out the sabotage from the real complaints, collecting evidence of abuse, dealing with angry ISPs on the phone, establishing/expiring/revoking certification, etc..
You're right, it'll never work. The ISP would need a bunch of people sitting there, in some sort of center, at some sort of desk where they can help people, waiting for calls to come in. The people would have to answer the phone, take information from the customer, start some sort of record of the incident (a 'help desk ticket', if you will), and take certain actions based upon the data they collect.
It'd never happen. Nope. No such 'call center' could ever exist. Stupid idea.
Sarcasm aside, you're still thinking at the high level. Think about a real life implementation. The regular help staff can't handle this with no changes/no new software/no new hardware. Someone needs to write software for and manage the servers that are handling certification distribution. Your system (especially if you want to implement that part about new certifications expiring almost immediately!) must be automated, but also because you're expecting abuse attempts it will need human supervision.
Walk through the process of certificate application, and see what that
I keep seeing variations on this idea, and while it's perfectly sound in the abstract, in practice it simply will not happen.
The problem is that certification is useless until the vast majority of email servers are certified.
I know, you said this isn't true, but I don't think you understand the situation. Spam filtering at the client level doesn't affect spam -- the suckers who the spam targets are NOT configuring filters at home. Yes, the geeks will get their family server in the basement certified in their spare time, and all their friends will send them certified messages. The spammers won't give a damn, because they're perfectly happy if the geeks and antispammers don't read their spam (they don't buy anyway).
So -- can you imagine an ISP filtering out email at the server level based on certification? No -- because all grandma cares about is getting Junior's emails, and when they stop coming (because his ISP's servers are in the 95% still uncertified) she gets on the phone and starts costing them money... and don't forget the time/money they spent implementing the filter, testing it, rolling out with hopefully no glitches/downtime, monitoring it, etc..
They might put a flag in the subject line of uncertified emails... okay, but it shows up in the emails from the bank, from the kids, from work... the complaints roll in. Cash flows out. So filtering is a liability.
But what about their own outgoing mail? Certify? Well, again it'll cost a chunk of time (money) to learn, setup and maintain 24/7/365 with the occasional confused complaint, it'll possibly cost their users some downtime particularly if they screw it up, and it'll gain them *nothing* for now, because no one is filtering yet (see above).
No brainer decision when your staff is already stretched thin.
The last link is the upstream access provider. They would need to implement the system and hire the staff for accepting complaints (online? via phone?), filtering out the sabotage from the real complaints, collecting evidence of abuse, dealing with angry ISPs on the phone, establishing/expiring/revoking certification, etc..
Will they go for it? Again, big cost, big headaches, and no gain until that magical day when everyone is on board.
Seriously, there's a positive push because no one likes spam, and everyone would gain from a plan that would actually curb it... but people need to come up with something that will work on the low level.
The SPF system is one that DOES help incrementally more as implementation spreads. It mitigates joe-jobs and backscatter for all domains with a SPF DNS record, and is trivial for server admins to implement. AND it doesn't cost anything if mail servers reject mail that fails the test: valid email will come from the server listed in the DNS record, OR the server may have no SPF record yet (let it through). Spammers can only spoof addresses without SPF records, since they can't set up their own SPF record -- they'd be easily traceable when they spam, since the domain registrar would have credit card info, etc..
Even at early stages, there's benefit for server admins to filter (removes spam safely from any domain with an SPF record), and there's benefit for adding the SPF record (please, filter out spam that pretends to be from me! my customers don't like it).
It's not perfect... forwarding email and badly created records can cause issues, plus while AOL has implemented basic SPF filtering Microsoft is involved and trying to mix XML into the record format somehow....
Personally I feel the BlueFrog approach is the strongest for non-stock-pump spam... but obviously a decentralized approach is required to avoid Blue Security's fiery downfall. The main problem with this system is that human analysis is required to analyze spam and write scripts for leaving complaints.
There's value in HAVING the money. If the government is holding it, they can use it however they want until refund day (but not paying you a dime in interest). If YOU'RE holding it, you can earn interest on it from your bank, you can invest it, etc..
In the normal situation, if you loan the government money (by buying treasury notes, savings bonds, etc.), they have to pay interest for the use of your money. When you screw up your withholding, they don't.
It's not so simple, even if you want to take the pure amoral "money is the only good" approach.
People are not constants, for one, and different people will react differently.
Getting actual, intelligent feedback can:
* impress an intelligent/self-aware candidate, and possibly motivate them to get the requisite lower-level experience, take some classes, do some side projects, etc. to bring themselves up to spec. When they return, they'll be what you were looking for, and they will have that much more invested psychologically in the company/job. OR they will decide this isn't the job for them, and they'll enter another field (no loss to you).
* annoy or anger the unintelligent/non-self-aware candidate, because they don't recognize the utility of the feedback. These candidates will go on to become a drain on your competitors just as you hoped.