So what I want to know is whether anyone is actually creating patches for whatever version of Linux was current when Windows 98 was released in 97. Yes I know it's theoretically possible to do so, but cut me a friggin break. Nobody actually does.
What percentage of the spam you get comes from "legitimate" direct markets like the ones disparaged in this/. story? I doubt that 1% of my spam comes from them. 99% of the spam will continue to come in violating the provisions of this law because to honor them would make them easy to filter. So the law is not a sop to marketers, it just won't make much of a difference.
I basically agree with you, except that backup to hard disks doesn't get you offsite backup, unless you use removables and buy a lot of them. Expensive, although it would be fast.
>>we need to use a technological solution that allows easy, open, and transferable trusted participation in the network - maybe for once an application where a web-of-trust would actually function
If it's easy and open it will be abused by spammers. In fact, as others have pointed out, just because a server is on the whitelist doesn't mean that all other mail is on a blacklist. I dealt with this recently in a column. There might also be a blacklist, but all other mail should go into a queue from which it is given greater scrutiny and aggressive filtering. By whitelisting the servers of those with important relationships with the company they greatly decrease the possibility of false positives on any of that mail.
The classification is about providing monetary or other material support to the site which the government considers to be a front for Kach/Kahane Chai, which are actual terrorist organizations. These groups, by the way, are flat-out banned in Israel if I'm not mistaken. The press is much freer there than in any other country of the region, but it's not like they have a 1st amendment.
I actually met Kahane about 25 or 30 years ago during his JDL (Jewish Defense League, an only slightly less objectionable organization) days. The man was a dangerous racist/fascist with very little support here or in Israel. I don't think it's mentioned in the articles, but Kahane was shot dead by an Arab in NYC, I believe in the early 80's.
I consider myself to be a small-"l" libertarian, not as extreme about it as when I was younger, but I don't understand the reluctance to bring the state in on this problem. It's thoroughly in line with libertarian philosophy.
What does a libertarian say is the role of the state? To protect the people from force or fraud.
What do you call a message that has a fake From: address, fake headers, a subject line that says "Increase your Penis Size 2 to 4 Inches me@mydomain.com ubbnvp6443853 rtoh" and even has a fake Unsubscribe link?
It's called fraud. Nearly all spam engages in some sort of fraud and much of it is pure fraud. If you tried to buy what they're selling you'd get absolutely nothing in return.
I'm not so sure about the efficacy of bringing the state into this; it could be that law will be ineffective in dealing with such a problem, but I do know that much of what spammers do is immoral and fraudulent and should be illegal.
The prospect of any meaningful punishment will deter basically honest people (like I'll assume you are), but at the extremes I don't think differences in sentences have anything to do with deterrence. Nobody commits murder because they'll only get life in prison, as opposed to the death penalty.
But deterrance isn't the only reason for sentencing. Some people just deserve to rot in jail. And perhaps a stiffer sentence will deter their next crime. That I can believe.
Microsoft's corporate drive to maximize an automated, convenient user-level experience is hard to do - some would say un-doable except at the cost of serious internal complexity. That complexity must necessarily peak wherever the ratio of required convenience to available skill peaks, viz., in the massive periphery of the computing infrastructure. Software complexity is difficult to measure but software quality control experts often describe software complexity as proportional to the square of code volume. One need look no further than Microsoft's own figures: On rate of growth, Windows NT code volume rose 35% per year (implying that its complexity rose 80%/year) while Internet Explorer code volume rose 220%/year (implying that its complexity rose 380%/year). Consensus estimates of accumulated code volume peg Microsoft operating systems at 4-6x competitor systems and hence at 15-35x competitor systems in the complexity-based costs in quality. Microsoft's accumulated code volume and rate of code volume growth are indisputably industry outliers that concentrate complexity in the periphery of the computing infrastructure. Because it is the complexity that drives the creation of security flaws, the default assumption must be that Microsoft's products would have 15-35x as many flaws as the other operating systems.
First, the footnote to this paragraph says nothing about where this square of code volume stuff comes from, and there is a later reference to Lehman & Belady at IBM, but anyway...
I have a hard time taking this at face value. What is the rate of code growth in competitors? I thought all of Mozilla is new code from the last few years; that's pretty rapid. Maybe they're comparing it to Lynx.
Overall the report makes lots of specific claims about Microsoft and declares them to be bad, few or no specific comparisons to the competition, and it's written in part by Microsoft's competitors.
You're referring to a flaw that was patched 2.5 years ago. What kind of moron is running a version of Outlook without this patch? That would be you I guess.
Any benchmark that shows interpreted or bytecode languages to be on par or better than compiled languages must be understating the optimizations possible with compiled languages.
My latest column deals with this too. I got a lot of e-mail in response from ISPs talking about how it would be difficult/expensive to implement and that it would violate customer privacy. One said it would be a HIPAA violation. My own ISP (Speakeasy.net) virus-scans all e-mail that goes through their servers; is that a HIPAA violation? A lot of them are also scared of losing customers after offending them by blocking their outbound port 25 access, but does an ISP really want business from someone infected with Sobig?
It is true that since Sobig uses its own SMTP server the ISP would have to do the monitoring via a port 25 monitor. I'm not completely sure how difficult/expensive this would be to implement on a large scale, but there's an opportunity for someone who comes up with a cheap solution. I suppose it could be part of a general IDS, but it needs to be something price-accessible to an ISP.
Larry Seltzer Security Editor, eWEEK.com http://security.eweek.com/
Slashdot Mirror
And the latest 2.4 kernel is 2003-11-28, so 2.3 definitely looks abandoned.
So it was patched almost 10 months ago? Sounds pretty moribund to me.
So what I want to know is whether anyone is actually creating patches for whatever version of Linux was current when Windows 98 was released in 97. Yes I know it's theoretically possible to do so, but cut me a friggin break. Nobody actually does.
What percentage of the spam you get comes from "legitimate" direct markets like the ones disparaged in this /. story? I doubt that 1% of my spam comes from them. 99% of the spam will continue to come in violating the provisions of this law because to honor them would make them easy to filter. So the law is not a sop to marketers, it just won't make much of a difference.
I have big problems with the radio that the CIA implanted in my brain.
I basically agree with you, except that backup to hard disks doesn't get you offsite backup, unless you use removables and buy a lot of them. Expensive, although it would be fast.
South Korea was saved, but like Kuwait, it was more the US than the UN that did it.
You're right. The /. writer-upper added that themselves for reasons only they know.
>>we need to use a technological solution that allows easy, open, and transferable trusted participation in the network - maybe for once an application where a web-of-trust would actually function
If it's easy and open it will be abused by spammers. In fact, as others have pointed out, just because a server is on the whitelist doesn't mean that all other mail is on a blacklist. I dealt with this recently in a column. There might also be a blacklist, but all other mail should go into a queue from which it is given greater scrutiny and aggressive filtering. By whitelisting the servers of those with important relationships with the company they greatly decrease the possibility of false positives on any of that mail.
The classification is about providing monetary or other material support to the site which the government considers to be a front for Kach/Kahane Chai, which are actual terrorist organizations. These groups, by the way, are flat-out banned in Israel if I'm not mistaken. The press is much freer there than in any other country of the region, but it's not like they have a 1st amendment.
I actually met Kahane about 25 or 30 years ago during his JDL (Jewish Defense League, an only slightly less objectionable organization) days. The man was a dangerous racist/fascist with very little support here or in Israel. I don't think it's mentioned in the articles, but Kahane was shot dead by an Arab in NYC, I believe in the early 80's.
Actually, they're considering issuing some new $2 bills as of a few months ago. The back has the signing of the declaration of independence.
They do seem to have moved the old 20's and up out of the system expeditiously. I haven't seen an old 20 in a long time.
Y'all should take a gander at the Viola home page, and the Viola author's take on the Eolas-Microsoft suit.
They must not teach these in high school. You can read about them when you get to college
I consider myself to be a small-"l" libertarian, not as extreme about it as when I was younger, but I don't understand the reluctance to bring the state in on this problem. It's thoroughly in line with libertarian philosophy.
What does a libertarian say is the role of the state? To protect the people from force or fraud.
What do you call a message that has a fake From: address, fake headers, a subject line that says "Increase your Penis Size 2 to 4 Inches me@mydomain.com ubbnvp6443853 rtoh" and even has a fake Unsubscribe link?
It's called fraud. Nearly all spam engages in some sort of fraud and much of it is pure fraud. If you tried to buy what they're selling you'd get absolutely nothing in return.
I'm not so sure about the efficacy of bringing the state into this; it could be that law will be ineffective in dealing with such a problem, but I do know that much of what spammers do is immoral and fraudulent and should be illegal.
The prospect of any meaningful punishment will deter basically honest people (like I'll assume you are), but at the extremes I don't think differences in sentences have anything to do with deterrence. Nobody commits murder because they'll only get life in prison, as opposed to the death penalty.
But deterrance isn't the only reason for sentencing. Some people just deserve to rot in jail. And perhaps a stiffer sentence will deter their next crime. That I can believe.
Windows NT code volume rose 35% per year (implying that its complexity rose 80%/year) while Internet Explorer code volume rose 220%/year (implying that its complexity rose 380%/year). Consensus estimates of accumulated code volume peg Microsoft operating systems at 4-6x competitor systems and hence at 15-35x competitor systems in the complexity-based costs in quality. Microsoft's accumulated code volume and rate of code volume growth are indisputably industry outliers that concentrate complexity in the periphery of the computing infrastructure. Because it is the complexity that drives the creation of security flaws, the default assumption must be that Microsoft's products would have 15-35x as many flaws as the other operating systems.
First, the footnote to this paragraph says nothing about where this square of code volume stuff comes from, and there is a later reference to Lehman & Belady at IBM, but anyway...
I have a hard time taking this at face value. What is the rate of code growth in competitors? I thought all of Mozilla is new code from the last few years; that's pretty rapid. Maybe they're comparing it to Lynx.
Overall the report makes lots of specific claims about Microsoft and declares them to be bad, few or no specific comparisons to the competition, and it's written in part by Microsoft's competitors.
False headers in that law means false From: address or misleading subject line, and almost all spam uses one and/or the other.
Interesting that it supports Win98SE, since Microsoft itself doesn't support that OS anymore.
Like I said, 2.5 years. Somebody here isn't doing their job and blaming their problems on Microsoft.
You're referring to a flaw that was patched 2.5 years ago. What kind of moron is running a version of Outlook without this patch? That would be you I guess.
Any benchmark that shows interpreted or bytecode languages to be on par or better than compiled languages must be understating the optimizations possible with compiled languages.
I think you don't understand. There's no need to block your ports unless you're spreading a worm or something similar.
My latest column deals with this too. I got a lot of e-mail in response from ISPs talking about how it would be difficult/expensive to implement and that it would violate customer privacy. One said it would be a HIPAA violation. My own ISP (Speakeasy.net) virus-scans all e-mail that goes through their servers; is that a HIPAA violation? A lot of them are also scared of losing customers after offending them by blocking their outbound port 25 access, but does an ISP really want business from someone infected with Sobig?
It is true that since Sobig uses its own SMTP server the ISP would have to do the monitoring via a port 25 monitor. I'm not completely sure how difficult/expensive this would be to implement on a large scale, but there's an opportunity for someone who comes up with a cheap solution. I suppose it could be part of a general IDS, but it needs to be something price-accessible to an ISP.
Larry Seltzer
Security Editor, eWEEK.com
http://security.eweek.com/
$12.5K for that? How was he harmed? He had tools to point it elsewhere.