Okay. a possible solution.. mailserver & 'from' signatures are stored together/related.
for example, an email from someguy@nowhere.net is likely to pass through the same mailserver IP address (like a host smtp.nowhere.net). If the sender and server were stored together then that could be used to confirm the legitimacy of the 'from' address as it passed through the athoritative mail host(s) for a given domain..
perhaps this is a different database entirely, one that maps a given email domain (@yahoo.com) to a given set of mail servers (mail1.yahoo.com, mail2.yahoo.com, etc..) This database might cut down on a bit of spam just by itself as it'll kill all those spams coming from croatia with an american company (@hotmail or @yahoo) from address...
BTW, this is also a way to implement a 'secure' (immune to data-mining) global opt-out list should opt-out lists be provisioned in antispam legislation..
Another option; the 'confirmation' mail goes to the new member of the list, as well as a 'sponsor', which is an existing member of the list. Thus a 'trust' relationship would exist with an existing member of the list.
That would provide you an ability to penalize this behavior as you could blacklist an offending (spamming) member, and follow an audit trail of sponsors back as far as you like to find the original legitimate sponsor.. I suppose this is vulerable to a trust-flooding attack. Perhaps a waiting period (7 days?) after becoming a member before you can become a sponsor??
-- Greg
Here's an idea.
on
I, Spammer
·
· Score: 4, Interesting
Here's a proposal, as it seems like the world is moving closer to 'whitelist' (reject by default) method of spam combatantcy. Perhaps there should be a global whitelist set up, where a user signs up, and must verify their mail address, then the mail address is MD5 hashed and stored in a database. Recipients recieve an email from this sender they simply hash the from address and check to see if the hash exists in the database. If it's present the mail is accepted, if not, rejected. Solves the problem of invalid from addresses always used in spam, as well as solving the problem of preventing data-mining of such a 'whitelist' database by spammers (as it contains only checksums).. And it solves the problem of being able to recieve messages from people you haven't personally explicitly whitelisted; ie. old friends from highschool, aquantances with new email addresses, etc..
Whaddya think?
-- Greg
That's all well and good...
on
Making Change
·
· Score: 1
If the minimum-wage casheers were all computer scientists.. It's challenging enough to figure change on a 5-based system (5,10,25); Try introducing odd-count change... Quickly, how much change (25,10,5) does it take to make $0.80.. Now do the same excersize with 18 and 29 cent pieces!
What you are looking for is 'autofs', which has been used extensively in solaris and linux for years (forever). You can set up an NFS share and then have autofs mount/unmount it on demand. The advantage is that if the share is not in use it's unmounted and the machine will be less vulnerable to hanging if the NFS server goes down. See the AutoFS Howto for more information on setting it up.
Seems like most of the predictions go something like this....
"Hot new technology 'A' will be widely adopted and a multi-billion dollar industry in the next 3-5 years." -- Bob Anonomous, CEO vaporwhere corp, a hot new technology 'A' startup.
One of the most amazing engineering feats of the 20th century is the panama canal, which I recently experienced... as I just transited my sailboat through the canal system from pacific side to atlantic side. You can see the pictures here
I have two procmail rules which work wonders in stopping spam. the first one is a fairly uninventive but nevertheless effective check of a really great RBL. The second is a bit more inventive. By pulling the 'Recieved' headers from the message and comparing the countries the mail was routed through using 'GeoIP' you can make some assumptions about the route. For example. if the sending machine is in the US, relays the mail through Korea, then the mail comes back to the US such an inefficent route can be safely assumed as intended to take advantage of an open SMTP relay... Enjoy!
A few pictures of Woolsthorpe Manor are here. I would propose putting the arials inside, against the windows in the attic (no tour groups go through there I would venture to guess). The 2.4Ghz signals could pass through the glass unimpeded and would not blemish the exteriors of the structures.
The new status quo for search engines seems to be to charge for submission, as many of them now require you to go through a third-party that charges to add your site to the database. The variation of that (ie yahoo) has 'sponsored' sites in each category that appear at the top of the page. A friend runs a site that uses this 'sponsored' system and I'm told those sponsors bid against each other and whoever has the highest bid appears.. kinda like an EBAY for search engines.
Well microsoft will do what it can to have it's new programs and languages adopted. It's apon the univerisities to make the desiscions which keep them impartial institutions for learning. Perhaps the university should consider if the funding donation is enough to compromise their proported impartiality.
Is it me or has missle defense turned into the redheaded stepchild of slashdot? I am really sick of the editorializing, every third article has a dig at missle defense, which is neither news for nerds or stuff that matters. I can get enough editorializing about national defense on CNN or NPR, I don't need to read about Jaimie's lame-ass political agendas too; nor the political agendas from any of the other slashdot crew.
oil rigs are not geeky.
endangered speicies are not geeky.
third world sweatshop workers are not geeky.
and SDI political ranglings are not geeky!
Do you suggest all science be funded by the government, to prevent untrustworthy research from corporations? Do you suggest that government research would provide trustworthy results? I suggest you go read some of the studies on recreational drugs funded by the government to see just how unbiased and uninflucenced by the agenda of the day government funded research can be.
They are free to charge $15 a download if thats what they like, it's within their right in the GPL to charge for it. However they should realize that someone can pay the $15 dollars and download it then set up a mirror and charge $1, or even provide downloads for free. That's also permitted in the GPL. They have to accept that charging for downloads is a double-edged sword and that anyone can just find a path around them to get their software.
As long as they accept this, it's fine with me; the moment they try to stop the second person from offering it for free then I wil have issues.
After all, they may be doing some work, but there was alot of work done for them by others contributing under the GPL; to put restrictions on code that isn't theirs would be a clear violation.
The engineer(s) who came up with this are the kind of people NASA was looking for with it's "Better, Faster, Cheaper" program. I hope NASA finds more engineers like this.
Guess the problem here is that it should have always been up to the end user as to which certificate signing authorities to trust, rather than for software manufacturers to decide for us. At least browsers are getting better, before if they saw a certificate that the browser didn't trust it would reject it outright.
But nowadays if a company becomes untrustworthy through malicious intent or just plain incompetence it's not possible for users to 'un-trust' a certificate authority trusted by the browser/software manufacturers.
There should be a higher degree of control at the end-user as to which CA's are trusted.
If you are a US citizen with a hokey little homepage and you get a 'cease and desist' letter from Zambia because some content of your homepage violates Zambian law how exactly are the Zambians going to come over and use their guns to enforce their law on you?
You took my statement out of context by ignoring the qualifier: 'courts outside their juristiction'
Geolocation software has always been iffy at best; IP addresses are doled out based on network provider, rather then geo-location. The biggest nightmare of all for someone trying to solve this problem is AOL; who uses internal addresses for clients while all requests go through proxies. The biggest internet provider in the world and there's no way to geo-locate it's users.
Geo-location is nearly useful for technical uses; it's less than useless for the enforcement of juristictional directives.
What I don't understand is why more businesses don't just outright ignore courts that have no juristiction over them issuing rulings that are rediculous on their face for anyone with even a cursury knowledge of how the internet is pieced together. I think bowing to rediculous demands now is just going to result in the demands made becoming more outlandish and the application of these demands to smaller organizations who cannot afford to fight them will become more widespread.
I'm not sure the banner advertisement method can be religated to the dustbin as of yet. Yahoo has shown revinues, and even profits for a time using it.
What does bandwith cost? typical ADSL w/ 384 up and some static IP's is around or less than 100/month. Thats three nice dinners out. At a meger $12CPM, you only need 10,000 page views to be self-sufficient.
Sites fall into two categories (with some obvious blurring); they are done for love or money. Sites done for money can close if they don't make it; sites done for love will stay open as long as the creator still has an interest in it and puts money into it (as they would with any other hobby).
Government sponsorship of sites that are not popular enough to pay for themselves is not the right answer. If it's so popular that I wouldn't want to visit what justifies my tax dollars going to pay for it?
Is it me or does it seem like there are many more advertisements disguised as articles. They feature predominantly a re-release of some non-news that's years old by some guy who happens to run a company in the field related to the particular non-news. Seems like I see alot of this from security companies mostly some 'drastic new flaw in IP' and guess what, the CEO featured in the article has a magic panecea he'll sell you to make the non-issue go away. *sigh*
Slashdot Mirror
Crap! I knew there was a snag somewhere..
...
Okay. a possible solution.. mailserver & 'from' signatures are stored together/related.
for example, an email from someguy@nowhere.net is likely to pass through the same mailserver IP address (like a host smtp.nowhere.net). If the sender and server were stored together then that could be used to confirm the legitimacy of the 'from' address as it passed through the athoritative mail host(s) for a given domain..
perhaps this is a different database entirely, one that maps a given email domain (@yahoo.com) to a given set of mail servers (mail1.yahoo.com, mail2.yahoo.com, etc..) This database might cut down on a bit of spam just by itself as it'll kill all those spams coming from croatia with an american company (@hotmail or @yahoo) from address
-- Greg
BTW, this is also a way to implement a 'secure' (immune to data-mining) global opt-out list should opt-out lists be provisioned in antispam legislation..
-- Greg
Right.. Thought about that after I posted it..
Another option; the 'confirmation' mail goes to the new member of the list, as well as a 'sponsor', which is an existing member of the list. Thus a 'trust' relationship would exist with an existing member of the list.
That would provide you an ability to penalize this behavior as you could blacklist an offending (spamming) member, and follow an audit trail of sponsors back as far as you like to find the original legitimate sponsor.. I suppose this is vulerable to a trust-flooding attack. Perhaps a waiting period (7 days?) after becoming a member before you can become a sponsor??
-- Greg
Here's a proposal, as it seems like the world is moving closer to 'whitelist' (reject by default) method of spam combatantcy. Perhaps there should be a global whitelist set up, where a user signs up, and must verify their mail address, then the mail address is MD5 hashed and stored in a database. Recipients recieve an email from this sender they simply hash the from address and check to see if the hash exists in the database. If it's present the mail is accepted, if not, rejected. Solves the problem of invalid from addresses always used in spam, as well as solving the problem of preventing data-mining of such a 'whitelist' database by spammers (as it contains only checksums).. And it solves the problem of being able to recieve messages from people you haven't personally explicitly whitelisted; ie. old friends from highschool, aquantances with new email addresses, etc..
Whaddya think?
-- Greg
If the minimum-wage casheers were all computer scientists.. It's challenging enough to figure change on a 5-based system (5,10,25); Try introducing odd-count change... Quickly, how much change (25,10,5) does it take to make $0.80.. Now do the same excersize with 18 and 29 cent pieces!
-- Greg
What you are looking for is 'autofs', which has been used extensively in solaris and linux for years (forever). You can set up an NFS share and then have autofs mount/unmount it on demand. The advantage is that if the share is not in use it's unmounted and the machine will be less vulnerable to hanging if the NFS server goes down. See the AutoFS Howto for more information on setting it up.
-- Greg
Seems like most of the predictions go something like this....
"Hot new technology 'A' will be widely adopted and a multi-billion dollar industry in the next 3-5 years." -- Bob Anonomous, CEO vaporwhere corp, a hot new technology 'A' startup.
-- Greg
One of the most amazing engineering feats of the 20th century is the panama canal, which I recently experienced... as I just transited my sailboat through the canal system from pacific side to atlantic side. You can see the pictures here
-- Greg
I wrote a set of perl scripts for implementing baesian filters for procmail. The scripts can be downloaded here
Hope y'all find it useful.
-- Greg
I have two procmail rules which work wonders in stopping spam. the first one is a fairly uninventive but nevertheless effective check of a really great RBL. The second is a bit more inventive. By pulling the 'Recieved' headers from the message and comparing the countries the mail was routed through using 'GeoIP' you can make some assumptions about the route. For example. if the sending machine is in the US, relays the mail through Korea, then the mail comes back to the US such an inefficent route can be safely assumed as intended to take advantage of an open SMTP relay... Enjoy!
procmailrc.antispam.txt
-- Greg
A few pictures of Woolsthorpe Manor are here. I would propose putting the arials inside, against the windows in the attic (no tour groups go through there I would venture to guess). The 2.4Ghz signals could pass through the glass unimpeded and would not blemish the exteriors of the structures.
-- Greg
The new status quo for search engines seems to be to charge for submission, as many of them now require you to go through a third-party that charges to add your site to the database. The variation of that (ie yahoo) has 'sponsored' sites in each category that appear at the top of the page. A friend runs a site that uses this 'sponsored' system and I'm told those sponsors bid against each other and whoever has the highest bid appears.. kinda like an EBAY for search engines.
-- Greg
Well microsoft will do what it can to have it's new programs and languages adopted. It's apon the univerisities to make the desiscions which keep them impartial institutions for learning. Perhaps the university should consider if the funding donation is enough to compromise their proported impartiality.
-- Greg
Is it me or has missle defense turned into the redheaded stepchild of slashdot? I am really sick of the editorializing, every third article has a dig at missle defense, which is neither news for nerds or stuff that matters. I can get enough editorializing about national defense on CNN or NPR, I don't need to read about Jaimie's lame-ass political agendas too; nor the political agendas from any of the other slashdot crew.
oil rigs are not geeky.
endangered speicies are not geeky.
third world sweatshop workers are not geeky.
and SDI political ranglings are not geeky!
-- Greg
Do you suggest all science be funded by the government, to prevent untrustworthy research from corporations? Do you suggest that government research would provide trustworthy results? I suggest you go read some of the studies on recreational drugs funded by the government to see just how unbiased and uninflucenced by the agenda of the day government funded research can be.
-- Greg
They are free to charge $15 a download if thats what they like, it's within their right in the GPL to charge for it. However they should realize that someone can pay the $15 dollars and download it then set up a mirror and charge $1, or even provide downloads for free. That's also permitted in the GPL. They have to accept that charging for downloads is a double-edged sword and that anyone can just find a path around them to get their software.
As long as they accept this, it's fine with me; the moment they try to stop the second person from offering it for free then I wil have issues.
After all, they may be doing some work, but there was alot of work done for them by others contributing under the GPL; to put restrictions on code that isn't theirs would be a clear violation.
-- Greg
The engineer(s) who came up with this are the kind of people NASA was looking for with it's "Better, Faster, Cheaper" program. I hope NASA finds more engineers like this.
-- Greg
Guess the problem here is that it should have always been up to the end user as to which certificate signing authorities to trust, rather than for software manufacturers to decide for us. At least browsers are getting better, before if they saw a certificate that the browser didn't trust it would reject it outright.
But nowadays if a company becomes untrustworthy through malicious intent or just plain incompetence it's not possible for users to 'un-trust' a certificate authority trusted by the browser/software manufacturers.
There should be a higher degree of control at the end-user as to which CA's are trusted.
-- Greg
Perhaps you should encourge the slashdot folks to add a spellchecker to the posting system.
Until then, lern to deel wit my afful speling.
-- Greg
If you are a US citizen with a hokey little homepage and you get a 'cease and desist' letter from Zambia because some content of your homepage violates Zambian law how exactly are the Zambians going to come over and use their guns to enforce their law on you?
You took my statement out of context by ignoring the qualifier: 'courts outside their juristiction'
Geolocation software has always been iffy at best; IP addresses are doled out based on network provider, rather then geo-location. The biggest nightmare of all for someone trying to solve this problem is AOL; who uses internal addresses for clients while all requests go through proxies. The biggest internet provider in the world and there's no way to geo-locate it's users.
Geo-location is nearly useful for technical uses; it's less than useless for the enforcement of juristictional directives.
What I don't understand is why more businesses don't just outright ignore courts that have no juristiction over them issuing rulings that are rediculous on their face for anyone with even a cursury knowledge of how the internet is pieced together. I think bowing to rediculous demands now is just going to result in the demands made becoming more outlandish and the application of these demands to smaller organizations who cannot afford to fight them will become more widespread.
-- Greg
Here are some ratecards, from a search for 'banner rate CPM':
Chicago Reader $25CPM
Northwest Builders $28CPM
now-see-hear $20CPM
If you are getting alot less than $12 CPM perhaps you should re-evaluate who you are brokering your banneradds through.
-- Greg
I'm not sure the banner advertisement method can be religated to the dustbin as of yet. Yahoo has shown revinues, and even profits for a time using it.
What does bandwith cost? typical ADSL w/ 384 up and some static IP's is around or less than 100/month. Thats three nice dinners out. At a meger $12CPM, you only need 10,000 page views to be self-sufficient.
Sites fall into two categories (with some obvious blurring); they are done for love or money. Sites done for money can close if they don't make it; sites done for love will stay open as long as the creator still has an interest in it and puts money into it (as they would with any other hobby).
Government sponsorship of sites that are not popular enough to pay for themselves is not the right answer. If it's so popular that I wouldn't want to visit what justifies my tax dollars going to pay for it?
-- Greg
-- Greg
Is it me or does it seem like there are many more advertisements disguised as articles. They feature predominantly a re-release of some non-news that's years old by some guy who happens to run a company in the field related to the particular non-news. Seems like I see alot of this from security companies mostly some 'drastic new flaw in IP' and guess what, the CEO featured in the article has a magic panecea he'll sell you to make the non-issue go away. *sigh*
-- Greg