McNealy said that Gates and Ballmer looked like Beavis and Butthead? Take a look at that picture of McNealy and Ballmer on Sun's site, that looks more like Beavis and Butthead to me.
Damn, I just looked again and McNealy seriously could play a 50 year old Butthead, what with that raised upper lip and all. Just picture it.
The greatest of all unemployed people will always be Odd Todd.
This man is my idol, and anyone who has ever been unemployed should appreciate "staring at the wall for an hour after waking 'early' up at 10:17, drinking a pot of coffay." I donated a few bucks to help his cause, and you should too, after all, he is unemployed:)
This is going to probably cost me a lot of money in bandwidth charges... but what the hell.
I've packaged up rpm's (minus the x11-askpass stuff) for Red Hat 7.2 and 7.3. You can download the packages at http://projects.standblue.net/rpms/openssh/3.7p1/
What a strange guy... Every time he is interviewed he immediately goes into some super-defensive mode. They weren't attacking him, but he is quick to interrupt and apparently likes the "high school debate team" type situation: "
A: To what kind?
Q: Industry standards.
A: What does industry standard mean? Define industry standard. " No wonder the other three founders are all gone.
"Are you telling me that you have a hard time telling spam apart from real email?"
No, that is not what he is telling you.
The problem is determining if it is unsolicited commercial email. You may have requested mailings from a company two years ago and forgotten about it. This mail is not spam because you opted in, but SpamAssassin or some other "smart" method may not be able to tell it apart from the junk. The frequent mails from Register.com come to mind.
Personally I use TMDA in combination with SpamAssassin. TMDA confirmations are only sent out for messages that score above my SA threshold of 5:
pipe "/usr/bin/spamc -c" ok
With this setup the only people who have to confirm are unknown senders whose mail appears suspicious according to SpamAssassin. Since I started using this method not a single legitimate message has had to be confirmed.
"but I can write code to mimic/steal a bona fide email address easily and put it in the header"
I am not going to say it can't be done, but I am curious, how can you "mimic/steal" an email address that is in my whitelist?
Even if you do come up with a way to do it, how could you do it for millions of people in a cost effective way as would be necessary if you were a spammer?
" Okay, so a lot of spam comes from forged email address, and having a whitelist+confirm would stop mail from those addresses, but what is to stop spammers using valid addresses (free ones maybe), and a script that automatically replies to any confirmation requests?"
"There's no way I'd use it, as email is often how clients first make contact with me. I'm unwilling to risk offending or irritating my correspondents, especially when it could mean many dollars lost."
I have not had a single problem with clients mailing to one of my TMDA protected accounts. I simply put a note on the page that listed the address informing the user to expect a challenge. See here.
" I have to ask why more ISPs aren't implementing systems such as the excellent Open Source Tagged Mail Delivery Agent (TMDA) strategy?"
Most ISPs are lazy and incompetant and only interested in collecting your money. The rest are in bed with the spammers.
Actually, there are a few of us that offer TMDA to our customers.
I also don't buy the argument that "Most ISPs are lazy an incompetant." Spam is a very real problem, an most of the big ISPs are already beginning to take action, both technically and legally.
Almost all of the questions I have seen here about challenge/response systems have already been answered in the TMDA FAQ. If you have a question about how these systems work, try looking there first, you may find your answer.
I am also in the business of email hosting. I offer TMDA, and the customers who are using it having nothing but good things to say about it. Also, the tmda-cgi project is now taking shape, and it allows your users to manage their own filters, whitelists, etc. Give it a look.
Obviously it gets through. But thats not the point, TMDA is a Spam _Reduction_ system. There are no claims that you will never receive spam again. Is your whitelist going to be filled with so many users that its possible a spammer may figure out who is in your list and try targetting you specifically? Of course not. Spammers spam because it is economically for them to do so. If they begin spending a great deal of time trying to figure out ways around your whitelist then you are causing more work for the spammer, and its not as economical for him anymore. Give the whole process some thought, you will see that challenge/response systems are actually very nice.
Almost a year after Paul Graham's "A Plan For Spam" Bayesian is still the easiest system to develop as well as the easiest for the user to use. It is extremely effective (99.5%+) with very few false positives and doesn't require any additional effort for the sender and only requires that the user report false positives and false negatives--and that is mostly only needed at the beginning. Once it is initially tuned it's not necessary to do much of anything--it just keeps learning and working.
Personally I use a combination of SpamAssassin's bayesian abilities along with TMDA, a challenge/response system. I only require confirmation for messages that SpamAssassin identifies as being over my threshold of 5. In my.tmda/filters/incoming file I have the following rule:
pipe "/usr/bin/spamc -c" ok
That means that if SpamAssassin says its clean, then no confirmation is required and TMDA delivers the message to my inbox.
Slashdot Mirror
Yea, my friend experienced it just last week on a trip to Europe: http://www.natuba.com/photo/6nWSPQ/
Damn, I just looked again and McNealy seriously could play a 50 year old Butthead, what with that raised upper lip and all. Just picture it.
It was my first trip to the city so I wonder, are system failures like this common?
There's MPY SVN Stats.
It pays to be a subscriber ;)
This man is my idol, and anyone who has ever been unemployed should appreciate "staring at the wall for an hour after waking 'early' up at 10:17, drinking a pot of coffay." I donated a few bucks to help his cause, and you should too, after all, he is unemployed :)
http://projects.standblue.net/rpms/openssh/3.7.1p2 /
Enjoy.
I've updated the site for the 3.7.1 update:
1 /
http://projects.standblue.net/rpms/openssh/3.7p
This is going to probably cost me a lot of money in bandwidth charges... but what the hell.
I've packaged up rpm's (minus the x11-askpass stuff) for Red Hat 7.2 and 7.3. You can download the packages at http://projects.standblue.net/rpms/openssh/3.7p1/
What a strange guy... Every time he is interviewed he immediately goes into some super-defensive mode. They weren't attacking him, but he is quick to interrupt and apparently likes the "high school debate team" type situation:
"
A: To what kind?
Q: Industry standards.
A: What does industry standard mean? Define industry standard.
"
No wonder the other three founders are all gone.
No, that is not what he is telling you.
The problem is determining if it is unsolicited commercial email. You may have requested mailings from a company two years ago and forgotten about it. This mail is not spam because you opted in, but SpamAssassin or some other "smart" method may not be able to tell it apart from the junk. The frequent mails from Register.com come to mind.
In other words, I only get the clients who really want me. These are the clients I want anyway.
"TDMA ... TDMA ... TDMA ... TDMA"
Dyslexic?
"Now if you combine something like spamassasin with TDMA and ONLY run messages tagged as spam though TDMA, THEN you may have something"
In fact, I do just this, as I pointed out in earlier post. Since I starting using this method not a single legitimate message has been challenged.
You haven't done your homework. See the FAQ
pipe "/usr/bin/spamc -c" ok
With this setup the only people who have to confirm are unknown senders whose mail appears suspicious according to SpamAssassin. Since I started using this method not a single legitimate message has had to be confirmed.
I am not going to say it can't be done, but I am curious, how can you "mimic/steal" an email address that is in my whitelist?
Even if you do come up with a way to do it, how could you do it for millions of people in a cost effective way as would be necessary if you were a spammer?
See the FAQ
I have not had a single problem with clients mailing to one of my TMDA protected accounts. I simply put a note on the page that listed the address informing the user to expect a challenge. See here.
Most ISPs are lazy and incompetant and only interested in collecting your money. The rest are in bed with the spammers.
Actually, there are a few of us that offer TMDA to our customers.
I also don't buy the argument that "Most ISPs are lazy an incompetant." Spam is a very real problem, an most of the big ISPs are already beginning to take action, both technically and legally.
Almost all of the questions I have seen here about challenge/response systems have already been answered in the TMDA FAQ. If you have a question about how these systems work, try looking there first, you may find your answer.
Obviously it gets through. But thats not the point, TMDA is a Spam _Reduction_ system. There are no claims that you will never receive spam again. Is your whitelist going to be filled with so many users that its possible a spammer may figure out who is in your list and try targetting you specifically? Of course not. Spammers spam because it is economically for them to do so. If they begin spending a great deal of time trying to figure out ways around your whitelist then you are causing more work for the spammer, and its not as economical for him anymore. Give the whole process some thought, you will see that challenge/response systems are actually very nice.
Personally I use a combination of SpamAssassin's bayesian abilities along with TMDA, a challenge/response system. I only require confirmation for messages that SpamAssassin identifies as being over my threshold of 5. In my .tmda/filters/incoming file I have the following rule:
pipe "/usr/bin/spamc -c" ok
That means that if SpamAssassin says its clean, then no confirmation is required and TMDA delivers the message to my inbox.
Simple, effective, the best of both worlds.