That's like a teenager lieing to their parents about what *really* happened to their parents car they borrowed last night. Did I forget to mention the father was a mechanic? Ha!
Honest Dad, I didn't forget to put oil in it (as the father drains the pristinely-clean golden-colored oil from the locked up engine)...
Honest Dad, I had a blow-out (as the father examines the tire with a 4 inch puncture would that shows the core pushed inside the tire)...
But they did give their citizens the ability to fight it in court, just like Washington, Kansas, Virgina, and many others. Uncle Sam is taking away our right to private action with this bill. The FTC doesn't have time to sue on behalf of a single user for a single infraction of the law like we, the citizens, would. The FTC will only bring a minuscule number of suits when compared to what we the citizens can and are bringing against spammers. That makes this bill such a horrible joke. It's saying to the state's that they aren't capable of passing effective anti-spam legislation. It's saying the the citizens of those states that their elected state officials can't do the job so we, the feds, are going to do it for them.
I have a question. Does anyone know for certain if this will pre-empt existing laws in the various states that are more restrictive than this farse that Uncle Sam is pushing through? For example my state has had an anti-spam law for 2.5 years now and I want to use it. Can I still sue a spammer for violating Kansas's anti-spam law? I'm thinking that I can because I read once that this law would pre-empt laws that aren't already on the books (like a new California law IIRC). Can anyone say for sure though. I know I'd like to know and I'm sure others do too.
What a horrible way to create the death of email. I mean that literally. Users DO NOT respond to these assine confirm-you-identity requests. Hell they don't even respond to our requests from our Helpdesk to clean out their over-quota home directories before we do it for them. TMDA is not a solution for anyone other than those people that don't want to get email. I mean that literally. TMDA also can't handle auto-acks from unknown addresses. For example Newegg and Amazon email invoices to you after a purchase and also email you shipping info. Neither Newegg or Amazon can respond to mail sent back to the From address because it's a list bot and set to bounce. TMDA can't handle this. The user will have to be able to add that address in advance. Just imagine what it would be like calling Amazon to ask them for the address that they'll use to email you. I bet that would baffle their CSRs. The same can be said for mailing lists that the user actually subscribes to (or agrees to be subscribed to). If they expect the world to conform to their whim and ack their auto-request then they have another thing coming. They are intentionally making email even less of a reliable medium than it already is. Personally I blacklist all people I find using TMDA. There is nothing worse than posting to NANOG or some other mailing list and getting 3 TMDA responses from people you've never heard of. Most of them don't quote the message that generated the TMDA request. You're left to wonder 'is this some new spammer trick to get my email address?'. I see it happening in the near future IMHO. Don't use TMDA and the rest of the Internet won't have to blacklist you.
I've done that a lot when I purchased something and had it shipped to work while billing me at my home. I hadn't thought about ever doing that with a company providing a service like AC or my landline. Interesting. I wonder what Farm Bureau might think of it. LOL I don't have a need to try it now but I'll have to keep that in mind in case I ever do.
Yeah, that's a downside. I don't mind actually getting my bill though. I really don't know how a company would handle sending a bill to your bank instead of your home address. It's not like you're changing your own address to that of your bank's, yet as far as the company that's billing you is concerned maybe you are. Hmmm... Makes me wonder.
I've been a member at the minimum for a year or maybe two now. I figure when I have a better financial foothold I'll donate more. Every little bit helps though.
I have to agree. Here's where I stand: I support what the ACLU *is* doing but I also wish they were doing more, specifically supporting the 2nd Amendment. Still, I feel that even though they don't do much with the 2nd, they still do a lot of good with all the others. There are few institutions out there actively doing something to protect our civil liberties, let along being fairly successful at it. I think we should all support the ACLU for what it is doing, even though we also wish they did more. That's my viewpoint in a nutshell.
5. Use step 4 and if the problem persists and is not secondary to a rogue program/daemon get a 3.5 ft (approx. 1 meter) length of sucker rod* and have a chat with the user in question.
Sucker rod def. -- 3/4, 7/8 or 1in. hardened steel rod, male threaded on each end. Primary use in the oil industry in Western North Dakota and other locations to pump 'suck' oil from oil wells. Secondary uses are for the construction of cattle feed lots and for dealing with the occasional recalcitrant or belligerent individual.
I've tried to Ask Slashdot this question 3 or 4 times in the past handful of years and my submission was never accepted.
I really need this type of system. By far the single largest amount of clutter in my home has always been bills, other USPS mail that I need to keep (like mail from my 403B advisor), and recipients for a wide assortment of purchases. I've been looking for ths type of system for years. What I really want to be able to do is sit down in the evening with my bills in hand, pull up a software app that lets me choose which predefined company the document is for, toss it on my scanner and have all the settings correct from the get go, and automatically archive the images in the appropriate directories/database. I don't think I need OCR to be frank. I don't see a need for it, at least for my needs. I'd keep my archive in definitely since it's only a little drive space now. I'd write it to CDR once a month or less and drop it off in my bank's free safety deposit vault. Then I could afford to trash the mountains of paperwork that plague every corner of my home. I really need this.
I envision a simple web or application frontend that lets me pull up my bill by company and month (or entry day). Full text search might be nice but I think I could get by without it easy enough.
I'd like to also answer the first poster's question:
"How often do you really need to look at old bills?"
This truly depends on each person's situation. I do consulting work on the side so I have my own personal business. I file expenses under my Schedule C. I can declare all sorts of things to be expenses, including a percentage of my monthly utilities. I've always been told by those people with businesses that you should keep all business-related records for 15 years, just in case you get audited. If you get audited and can't account for ever penny then you're seriously screwed. I don't know what the rules are at the IRS about how many years back you can be audited. For all I know they might not even have rules. Just to be safe I'll keep my stuff indefinitely. I don't mind a GB of data a year if it covers my ass come tax time. Hard drives are cheap after all.:-)
I do this with my Bank of America account, for free. They even have provisions for receiving e-bills for companies that support it and automagically paying your bills for you. Nice. I've been thoroughly impressed with their web services in the month or so I've been a customer. I have the My Access account. They make $$ by charging you if you took up the time of one of their tellers too often. I can visit a bank teller something like 3 times per bill cycle. Customer service visits don't count. Basically the only time you get billed is when you make a deposit in person instead of via an ATM, withdraw $$ in person rather than at an ATM, or transfer $$ in person rather than on the phone or at an ATM. I've been impressed and I'm not easy to impress when it comes to banking.
Do you realize that oral sex is illegal in the majority of the jurisdictions? Ditto for sodomy. Did you realize that in many jurisdictions you could be convicted of a sex crime if you simply moon someone? Unbelievable isn't it.
I agree. Do you know how easily it is to become a "sex offender"? All you have to do is get caught mooning someone. I'm not kidding. Indecent exposure (a misdemeanor) will get you added to a sex offender list in many jurisdictions. How many of us here have mooned someone at some point and time? Come on now, don't be shy. All of those kids on the Texas, Florida, and California beaches during Spring Break could find themselves on a Sex Offenders list for the public exposure acts they commit. I would give you some links to follow if I was on my own computer. Since I'm not you'll just have to dig around for the articles yourself. That's one of the problems with these types of lists. Many times you don't even have to commit a felony or any sort of violent act. A simple misdemeanor like indecent will do most of the time.
This also makes one wonder what good it does for one to "serve their time" and reform in prison. If we need to put a person on a list of sex offenders once that person is released then did incarceration not work? Why is it that only sex offenders are publicly displayed on a list? Why aren't murderers put on such a list? That's even more serious of a crime in my book. Why is it a reformed murderer can move in next door without me knowing their past and yet the whole world would know it if a reformed sex offender moved in next door? That hardly seems just to me. Does it seem just to all of you?
IMHO this guy is show-boating. It is not unreasonable for an operating system company to take a non-critical but serious bug and spend 1.5 months developing and testing a fix. How many times have we seen a vendor rush to fix something only to seriously break things by not testing the fix thoroughly? Do we really want them to break something else? This isn't a minor piece of software like an FTP server where a security hole can be fixed in a morning, tested in an afternoon, and release the next day. I contend that even a piece of software as complex as Sendmail can be fixed and tested in a small amount of time and is really a minor piece of the puzzle when you're talking about an entire operating system.
This exploit means nothing to very little the average user simply because no remote services are enabled by default. I'm using a 10.2.8 box right this minute and I had to enable Remote Login and Personal File Sharing.
I really don't know where to start talking when it comes to the idiocy of releasing an exploit, not just a proof of concept, prior to the vendor releasing a fix. Apple wasn't dragging their heels. The whole timeframe is under 1.5 months. It is certainly not unreasonable to expect their programmers to spend time working on a bug fix. Hell the development cycle alone is more than a month if not two. So they didn't make the November 3 date. That's less than a month from the date the bug was reported. That's no surprise. I'd hate to rush a fix out that fast too. So the 10.3 Security Update and 10.3.1 Security Updates didn't fix it. Does he not realize that they were in the pipeline for testing back at the beginning of October? They aren't going to insert another code change in the middle of testing.
IMHO this guy is show-boating, grand-standing, and showing that he has unreasonable expectations. The security vulnerability isn't that great. It's a hole, yes. It's not nearly as serious as a security hole in IE in which ALL IE installations are affected by "default." I think this guy should seriously be flogged for releasing an exploit at the same time as the advisory. That's just plain ridiculous. IMHO that alone speaks wonders about this guy. It's idiotic acts like this that seriously make me wonder about full disclosure. Anyhow, I've said my piece. Move along.
What this would effectively do is let the legislative branch of our government immunize the recording industry from the judiciary branch of our government. The 3 branches exist for a reason and IMHO it would be unconstitutional for one branch to prevent another branch from doing their job.
Had I known that the editing process created much of the problem I'd have gone a bit easier on him. However I looked back through some of his articles before I sent it. Very few paid any homage to any open source projects. Almost every article he wrote revolved around commercial solutions. For some reason he really seems to like canned solutions over open-source ones. Perhaps his background has something to do with it. He's written two Netware books in the past. I really don't think you can get any more canned than that. I'm looking forward to a followup article from Mr. Harbaugh that might protray open source solutions in a more fair light.
I received a reply from the author, Logan Harbaugh, a little while ago. It would seem that I'm not the only person that stood up in support of SA. Apparently there was a reason he used an ancient version of SA. It would seem that the reason was supposed to be in the article but that the editing staff stripped it out prior to being published. Here is Mr. Harbaugh's reply:
Date: Tue, 25 Nov 2003 11:40:33 -0800
From: Logan Harbaugh
Subject: RE: In regards to your article titled "Commercial solutions win, spam loses"
To all concerned, I apologize for the apparent maligning of SpamAssassin in my recent article
in InfoWorld. In my original article, I stated that I used the 2.44 release of SpamAssassin
for two reasons - because it was the version shipping with the latest release of Red Hat 9
and because it would illustrate how much the state of the art has changed in the last year or
two. This explanation was condensed in the finished article by copy editors, which is beyond
my control. This will be covered in the letters to the editor section of InfoWorld so the
rest of the world will know that I did not deliberately use an old version of SA to show it
in a bad light against commercial products. I plan to review the current version in an
upcoming article, and I am sure that it will perform better.
Regarding some of the other comments that have been made in the many emails I've received
defending SpamAssassin, some of you have said that SA is not hard to install, taking no more
than an hour or two to download, install, configure and begin using. That is consistent with
the 10 times longer number I used, because the other installation and configuration times
were all around 5-10 minutes. You have said that an experienced Linux administrator doesn't
find SA difficult to install or configure, and that additional functionality such as
user-accessible white lists can be added, either through additional open source software or
by writing scripts or programming to extend the functionality of SA. That's true, but not
really relevant, unless there is a distribution that contains all of those features.
You have also said that I should have taken into account the fact that it doesn't cost
anything before making statements about it being harder to install, configure and manage than
the commercial products. SA does cost - but in an administrator's time rather than money,
which I did say in the article.
The same is true of support - while you may get faster or better support through this group
than you get with commercial software, there's no guarantee that you'll get any support at
all - and most organizations will find that hard to live with.
So, when I review the latest version of SA, you can expect performance to be better, but I
will still look closely at installation, administration, updates, maintenance, reporting,
granularity of management, and end-user features for SA, just as I will for any other
anti-spam packages I review.
Again, my apologies for creating a story that distressed so many of you. I do try to create
balanced reviews that reflect the pros and cons of all the products reviewed.
Thanks,
Logan G. Harbaugh
Thank you to Mr. Harbaugh for replying. His second paragraph still indicates that he doesn't realize that the current release of SA has all the features he said were missing. I look forward to this being corrected in a future article. I didn't go into much of a free vs commercial debate in my reply; however it seems that some folks did. I also didn't touch on the support issue. Frankly I find that support really isn't needed as long as the admin is compotent. I was involved in a discussion yesterday with a company I consult with. The topic of the discussion was which Linux distro we should use in the future now that RH is going towards an entreprise distribution and support contracts. Many seemed to believe that we should have technical support for whatever distro we chos
This guy's article was a joke. Not only did he use an ancient version (in the spam world) of SpamAssassin but he either flat out lied in his article or was too lazy to seek out the truth. Hard to configure? Can't find docs? Doesn't support A B C D or E? If this guy had spent 5 minutes of his precious time doing to research on SA he wouldn't have made these flagrant lies. I don't get these people. I really don't. I CCd the Editor-in-Chief at InfoWorld, Mr. Steve Fox, as well.
Mr. Harbaugh,
This letter is in response to your InfoWorld article titled "Commercial solutions win, spam loses." In that article you portray all commercial spam solutions as winners and you portray the only open-source spam solution you reviewed as a dismal failure. I must say that as a professional in the anti-spam field I'm am truly disappointed by your incomplete and inaccurate assessment.
You start the article off quite well. Your introduction regarding two of the possible types of spam filtering is in terms that the average reader can understand. The introduction is also technically accurate, although it doesn't mention the other ways to filter spam.
You quickly take an opportunity to kick dirt on SpamAssassin by claiming it filters a fraction of the amount of spam all the commercial solutions filter. You hint at something during that statement when you said that SpamAssassin's "age showed in my tests," yet you fail to actually make it apparent to the user what the real truth is. I must ask, why did you choose to compare such an ancient version of SpamAssassin to the current versions of the four commercial products? Version 2.44 is over 9 months old. Spam filtering techniques are constantly evolving to filter a continually changing target. Comparing a 9.5 month old copy of SpamAssassin to the current version of BrightMail is like comparing a 1990 Chevy Silverado to a brand-new 2004 model. As an author and professional in the IT industry writing a column for InfoWorld, one of your goals is accuracy and fairness in reporting, is it not?
You make numerous false statements regarding SpamAssassin in your article:
1) "All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves... SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users."
This is simply not true. SpamAssassin allows its users to add whitelist or blacklist entries to the personal preferences. It also allows its users to control the scoring for each individual ruleset with SpamAssassin's arsenal. Even the ancient version of SpamAssassin you chose to use had that simple feature. SpamAssassin also has the ability to automatically whitelist senders.
2) "Delegation of specific administrative functions is possible with all the products except SpamAssassin..."
This too is not true. As I said in response to number 1, SpamAssassin allows its users to control the scoring for each individual ruleset. This gives them the ability to disable certain rules, lessen the scores of others, and increase the scores of rules they wish had more weight. For example a user could disable the MAPS RBL DNS blacklist checks, whitelist joe@mydomain.tld, blacklist annoying-spammer@spamdomain.biz, and increase the score of the rule ALL_CAP_PORN to 2. The users can also create their own rulesets. SpamAssassin gives its users a high level of control over their spam filtering.
3) "Finally, in addition to stopping spam, all four commercial products provide content-filtering features, allowing the administrator to block incoming or outgoing e-mail that contains proprietary data, audio or video files, executables, sexually explicit words, or racial slurs. They also provide protection against DoS attacks and directory harvesting attacks."
This one baffled me at first. I'm honestly not sure why you want to compare features that have nothing to do with filtering spam. Filtering racial slurs from an email is
Yes and no. I believe Joe Sixpack *would* care *if* he actually heard about these issues and comprehended what they meant. The problem is the media never ever talks about this. Joe Sixpack doesn't have a chance to hear about it unless it's on the local 6 o'clock news. That's their best bet at hearing about these problems.
...to say I live in Kansas. 3 of the 4 representatives from Kansas voted for this bill. My vote will never be represented in this damned state. I should seriously consider moving. It's time to renew my ACLU membership again I see.
Slashdot Mirror
That's the worst part of the YOU-CAN-SPAM Act. It supercedes all related state laws. It's in the text, but I don't have a link handy.
...for doing something that they won't legally be able to do in just 2 weeks.
Honest Dad, I didn't forget to put oil in it (as the father drains the pristinely-clean golden-colored oil from the locked up engine)...
Honest Dad, I had a blow-out (as the father examines the tire with a 4 inch puncture would that shows the core pushed inside the tire)...
Can you say busted?
But they did give their citizens the ability to fight it in court, just like Washington, Kansas, Virgina, and many others. Uncle Sam is taking away our right to private action with this bill. The FTC doesn't have time to sue on behalf of a single user for a single infraction of the law like we, the citizens, would. The FTC will only bring a minuscule number of suits when compared to what we the citizens can and are bringing against spammers. That makes this bill such a horrible joke. It's saying to the state's that they aren't capable of passing effective anti-spam legislation. It's saying the the citizens of those states that their elected state officials can't do the job so we, the feds, are going to do it for them.
I have a question. Does anyone know for certain if this will pre-empt existing laws in the various states that are more restrictive than this farse that Uncle Sam is pushing through? For example my state has had an anti-spam law for 2.5 years now and I want to use it. Can I still sue a spammer for violating Kansas's anti-spam law? I'm thinking that I can because I read once that this law would pre-empt laws that aren't already on the books (like a new California law IIRC). Can anyone say for sure though. I know I'd like to know and I'm sure others do too.
What a horrible way to create the death of email. I mean that literally. Users DO NOT respond to these assine confirm-you-identity requests. Hell they don't even respond to our requests from our Helpdesk to clean out their over-quota home directories before we do it for them. TMDA is not a solution for anyone other than those people that don't want to get email. I mean that literally. TMDA also can't handle auto-acks from unknown addresses. For example Newegg and Amazon email invoices to you after a purchase and also email you shipping info. Neither Newegg or Amazon can respond to mail sent back to the From address because it's a list bot and set to bounce. TMDA can't handle this. The user will have to be able to add that address in advance. Just imagine what it would be like calling Amazon to ask them for the address that they'll use to email you. I bet that would baffle their CSRs. The same can be said for mailing lists that the user actually subscribes to (or agrees to be subscribed to). If they expect the world to conform to their whim and ack their auto-request then they have another thing coming. They are intentionally making email even less of a reliable medium than it already is. Personally I blacklist all people I find using TMDA. There is nothing worse than posting to NANOG or some other mailing list and getting 3 TMDA responses from people you've never heard of. Most of them don't quote the message that generated the TMDA request. You're left to wonder 'is this some new spammer trick to get my email address?'. I see it happening in the near future IMHO. Don't use TMDA and the rest of the Internet won't have to blacklist you.
I've done that a lot when I purchased something and had it shipped to work while billing me at my home. I hadn't thought about ever doing that with a company providing a service like AC or my landline. Interesting. I wonder what Farm Bureau might think of it. LOL I don't have a need to try it now but I'll have to keep that in mind in case I ever do.
Yeah, that's a downside. I don't mind actually getting my bill though. I really don't know how a company would handle sending a bill to your bank instead of your home address. It's not like you're changing your own address to that of your bank's, yet as far as the company that's billing you is concerned maybe you are. Hmmm... Makes me wonder.
I've been a member at the minimum for a year or maybe two now. I figure when I have a better financial foothold I'll donate more. Every little bit helps though.
I have to agree. Here's where I stand: I support what the ACLU *is* doing but I also wish they were doing more, specifically supporting the 2nd Amendment. Still, I feel that even though they don't do much with the 2nd, they still do a lot of good with all the others. There are few institutions out there actively doing something to protect our civil liberties, let along being fairly successful at it. I think we should all support the ACLU for what it is doing, even though we also wish they did more. That's my viewpoint in a nutshell.
man 8 syslogd
under the heading:
SECURITY THREATS
5. Use step 4 and if the problem persists and is not secondary to a rogue program/daemon get a 3.5 ft (approx. 1 meter) length of sucker rod* and have a chat with the user in question.
Sucker rod def. -- 3/4, 7/8 or 1in. hardened steel rod, male threaded on each end. Primary use in the oil industry in Western North Dakota and other locations to pump 'suck' oil from oil wells. Secondary uses are for the construction of cattle feed lots and for dealing with the occasional recalcitrant or belligerent individual.
I really need this type of system. By far the single largest amount of clutter in my home has always been bills, other USPS mail that I need to keep (like mail from my 403B advisor), and recipients for a wide assortment of purchases. I've been looking for ths type of system for years. What I really want to be able to do is sit down in the evening with my bills in hand, pull up a software app that lets me choose which predefined company the document is for, toss it on my scanner and have all the settings correct from the get go, and automatically archive the images in the appropriate directories/database. I don't think I need OCR to be frank. I don't see a need for it, at least for my needs. I'd keep my archive in definitely since it's only a little drive space now. I'd write it to CDR once a month or less and drop it off in my bank's free safety deposit vault. Then I could afford to trash the mountains of paperwork that plague every corner of my home. I really need this.
I envision a simple web or application frontend that lets me pull up my bill by company and month (or entry day). Full text search might be nice but I think I could get by without it easy enough.
I'd like to also answer the first poster's question:
"How often do you really need to look at old bills?"
This truly depends on each person's situation. I do consulting work on the side so I have my own personal business. I file expenses under my Schedule C. I can declare all sorts of things to be expenses, including a percentage of my monthly utilities. I've always been told by those people with businesses that you should keep all business-related records for 15 years, just in case you get audited. If you get audited and can't account for ever penny then you're seriously screwed. I don't know what the rules are at the IRS about how many years back you can be audited. For all I know they might not even have rules. Just to be safe I'll keep my stuff indefinitely. I don't mind a GB of data a year if it covers my ass come tax time. Hard drives are cheap after all. :-)
I do this with my Bank of America account, for free. They even have provisions for receiving e-bills for companies that support it and automagically paying your bills for you. Nice. I've been thoroughly impressed with their web services in the month or so I've been a customer. I have the My Access account. They make $$ by charging you if you took up the time of one of their tellers too often. I can visit a bank teller something like 3 times per bill cycle. Customer service visits don't count. Basically the only time you get billed is when you make a deposit in person instead of via an ATM, withdraw $$ in person rather than at an ATM, or transfer $$ in person rather than on the phone or at an ATM. I've been impressed and I'm not easy to impress when it comes to banking.
Do you realize that oral sex is illegal in the majority of the jurisdictions? Ditto for sodomy. Did you realize that in many jurisdictions you could be convicted of a sex crime if you simply moon someone? Unbelievable isn't it.
This also makes one wonder what good it does for one to "serve their time" and reform in prison. If we need to put a person on a list of sex offenders once that person is released then did incarceration not work? Why is it that only sex offenders are publicly displayed on a list? Why aren't murderers put on such a list? That's even more serious of a crime in my book. Why is it a reformed murderer can move in next door without me knowing their past and yet the whole world would know it if a reformed sex offender moved in next door? That hardly seems just to me. Does it seem just to all of you?
This exploit means nothing to very little the average user simply because no remote services are enabled by default. I'm using a 10.2.8 box right this minute and I had to enable Remote Login and Personal File Sharing.
I really don't know where to start talking when it comes to the idiocy of releasing an exploit, not just a proof of concept, prior to the vendor releasing a fix. Apple wasn't dragging their heels. The whole timeframe is under 1.5 months. It is certainly not unreasonable to expect their programmers to spend time working on a bug fix. Hell the development cycle alone is more than a month if not two. So they didn't make the November 3 date. That's less than a month from the date the bug was reported. That's no surprise. I'd hate to rush a fix out that fast too. So the 10.3 Security Update and 10.3.1 Security Updates didn't fix it. Does he not realize that they were in the pipeline for testing back at the beginning of October? They aren't going to insert another code change in the middle of testing.
IMHO this guy is show-boating, grand-standing, and showing that he has unreasonable expectations. The security vulnerability isn't that great. It's a hole, yes. It's not nearly as serious as a security hole in IE in which ALL IE installations are affected by "default." I think this guy should seriously be flogged for releasing an exploit at the same time as the advisory. That's just plain ridiculous. IMHO that alone speaks wonders about this guy. It's idiotic acts like this that seriously make me wonder about full disclosure. Anyhow, I've said my piece. Move along.
Yes. The only question is what exactly are the behaving like?
What this would effectively do is let the legislative branch of our government immunize the recording industry from the judiciary branch of our government. The 3 branches exist for a reason and IMHO it would be unconstitutional for one branch to prevent another branch from doing their job.
Had I known that the editing process created much of the problem I'd have gone a bit easier on him. However I looked back through some of his articles before I sent it. Very few paid any homage to any open source projects. Almost every article he wrote revolved around commercial solutions. For some reason he really seems to like canned solutions over open-source ones. Perhaps his background has something to do with it. He's written two Netware books in the past. I really don't think you can get any more canned than that. I'm looking forward to a followup article from Mr. Harbaugh that might protray open source solutions in a more fair light.
Thank you to Mr. Harbaugh for replying. His second paragraph still indicates that he doesn't realize that the current release of SA has all the features he said were missing. I look forward to this being corrected in a future article. I didn't go into much of a free vs commercial debate in my reply; however it seems that some folks did. I also didn't touch on the support issue. Frankly I find that support really isn't needed as long as the admin is compotent. I was involved in a discussion yesterday with a company I consult with. The topic of the discussion was which Linux distro we should use in the future now that RH is going towards an entreprise distribution and support contracts. Many seemed to believe that we should have technical support for whatever distro we chos
This guy's article was a joke. Not only did he use an ancient version (in the spam world) of SpamAssassin but he either flat out lied in his article or was too lazy to seek out the truth. Hard to configure? Can't find docs? Doesn't support A B C D or E? If this guy had spent 5 minutes of his precious time doing to research on SA he wouldn't have made these flagrant lies. I don't get these people. I really don't. I CCd the Editor-in-Chief at InfoWorld, Mr. Steve Fox, as well.
Mr. Harbaugh,
This letter is in response to your InfoWorld article titled "Commercial solutions win, spam loses." In that article you portray all commercial spam solutions as winners and you portray the only open-source spam solution you reviewed as a dismal failure. I must say that as a professional in the anti-spam field I'm am truly disappointed by your incomplete and inaccurate assessment.
You start the article off quite well. Your introduction regarding two of the possible types of spam filtering is in terms that the average reader can understand. The introduction is also technically accurate, although it doesn't mention the other ways to filter spam.
You quickly take an opportunity to kick dirt on SpamAssassin by claiming it filters a fraction of the amount of spam all the commercial solutions filter. You hint at something during that statement when you said that SpamAssassin's "age showed in my tests," yet you fail to actually make it apparent to the user what the real truth is. I must ask, why did you choose to compare such an ancient version of SpamAssassin to the current versions of the four commercial products? Version 2.44 is over 9 months old. Spam filtering techniques are constantly evolving to filter a continually changing target. Comparing a 9.5 month old copy of SpamAssassin to the current version of BrightMail is like comparing a 1990 Chevy Silverado to a brand-new 2004 model. As an author and professional in the IT industry writing a column for InfoWorld, one of your goals is accuracy and fairness in reporting, is it not?
You make numerous false statements regarding SpamAssassin in your article:
1) "All the products except Brightmail and SpamAssassin allow end-users to add senders to the domain whitelist themselves... SpamAssassin allows only the administrator to add to the whitelist, with no direct access for users."
This is simply not true. SpamAssassin allows its users to add whitelist or blacklist entries to the personal preferences. It also allows its users to control the scoring for each individual ruleset with SpamAssassin's arsenal. Even the ancient version of SpamAssassin you chose to use had that simple feature. SpamAssassin also has the ability to automatically whitelist senders.
2) "Delegation of specific administrative functions is possible with all the products except SpamAssassin..."
This too is not true. As I said in response to number 1, SpamAssassin allows its users to control the scoring for each individual ruleset. This gives them the ability to disable certain rules, lessen the scores of others, and increase the scores of rules they wish had more weight. For example a user could disable the MAPS RBL DNS blacklist checks, whitelist joe@mydomain.tld, blacklist annoying-spammer@spamdomain.biz, and increase the score of the rule ALL_CAP_PORN to 2. The users can also create their own rulesets. SpamAssassin gives its users a high level of control over their spam filtering.
3) "Finally, in addition to stopping spam, all four commercial products provide content-filtering features, allowing the administrator to block incoming or outgoing e-mail that contains proprietary data, audio or video files, executables, sexually explicit words, or racial slurs. They also provide protection against DoS attacks and directory harvesting attacks."
This one baffled me at first. I'm honestly not sure why you want to compare features that have nothing to do with filtering spam. Filtering racial slurs from an email is
Man, we're both screwed. We should move to Austrailia or something ASAP. :-(
Yes and no. I believe Joe Sixpack *would* care *if* he actually heard about these issues and comprehended what they meant. The problem is the media never ever talks about this. Joe Sixpack doesn't have a chance to hear about it unless it's on the local 6 o'clock news. That's their best bet at hearing about these problems.
...to say I live in Kansas. 3 of the 4 representatives from Kansas voted for this bill. My vote will never be represented in this damned state. I should seriously consider moving. It's time to renew my ACLU membership again I see.
That's what I use for my mass of oddball cables. Works good enough for my needs.