Sadly, "some research of your own" is very difficult to do. The environment is very big, and studying it requires a lot of equipment and very complicated mathematics. I'm not qualified to do that research, and neither is 99.999% of the world.
Worse, I'm not even really qualified to listen to both sides of the argument and make my own decision. That would be true even if one side, or both, weren't deliberately skewing the data their way. I'm not saying that they are. I'm saying that without vast effort, I can't tell.
That's why we have representative democracy. I don't have to know this stuff, but I put my faith in some representative to tell. Actually, he can't tell either: neither Bush nor my senator nor my representative is qualified to make these decisions. But each of them has science advisors, and _they_ are qualified, or are at least qualified to judge the researchers.
I wish I had a stronger connection to this: the guy who makes the decision is appointed by a guy who I had a very small part in electing. Or worse, some guy I voted against.
So the people who vote aren't expected to judge the issue. They're expected to judge the character of the politician, and whether he will appoint honest and knowledgable advisors. You can research any issue until you're blue in the face, but the other side will counter with seven people who have more expertise, more qualifications, and more time spent on the issue.
Oh, I wish I had a philosopher-king around to do this stuff. But I don't. And in the meantime, "trust" is going to be an operative word in any decisions that get made. As Winston Churchill said, "Democracy is the worst form of government except for all those others that have been tried."
I will make up my opinion based on as much research as I can do, and I'll vote for a man (or woman) based on that judgment, along with a dozen others. It sucks that I get the same representative for science, labor, privacy, law enforcement, and many other issues, but there you are.
I have GOT to learn to stop oversimplifying in my posts.
What I was talking about was basic game theory and economic theory. I didn't mean to get into psychology, ethics, or politics, all of which have important bearings here.
The point I was making is that it is in people's own best interests to leave other people's property alone, despite the potential short-term gain involved in theft. That's because your theft contributes to an overall level of theft which, when it rises to a certain point, means that you cannot steal enough stuff to make a net profit worth the effort. That explains why theft is not more common, at least in relatively orderly societies.
And it explains why there are a few people who steal rather than work: because the price isn't infinite, a few people find it in their best interests. As long as everybody doesn't work that way it once, everybody survives, albeit less pleasantly for some than it would if some didn't cheat. (Yes, I know that's a hideous understatement given that a mugging is rather substantially less pleasant than not being mugged.)
This is as contrasted to spam, which can be done more or less with impunity at the moment, and the article points out that the economics guarantee spam.
I would dearly love for everyone to respect other people, as you say, but economics suggests that they won't if its not in their own best interests, long-term. Even when it is, as in the case of spammers "shitting where they sleep" (since they may well eventually cause the entire email system to shut down), there are a few who will take the risk.
Guaranteeing 100% compliance, to make everybody respect people, would be lovely, but it's extremely difficult to achieve. I don't know how to, for sure. So the article, and I, rely on economic theory to guess how to proceed to a best-possible world, if not a perfect one.
The point is that the economics essentially guarantee that there will be spam. Economics also guarantee muggings, so we create a legal system to shift the economics.
At this risk of opening up the wrong topic, people didn't loot in Iraq under the Saddam regime. It made no sense; they lived in fear of the reprisal, which was famously horrific. With Saddam gone, things were looted like crazy. Not by everybody, but by enough people.
Not everybody wishes to do the things that are criminal. It is fairly obvious to most people that if everybody respects property rights, everybody prospers. Under that system, a few people can win by cheating, but only a few. If everybody cheats, the system goes away and everybody, including the cheaters, lose.
If cheaters are caught and punished, the system perpetuates. The higher you raise the likely cost of cheating, the fewer cheaters there are.
Unfortunately, it takes only a few spammers (cheaters) to cause a world of hurt to everybody, and I've already heard talk of people giving up on email entirely. So the price of spam must be raised fairly high to reduce the spam itself to a reasonable level.
Reasonable, yes. We could eliminate all muggings by raising the cost very high (say, with the death penalty for muggers). Our sense of fairness and proportionality prevents that, and so we live with a low level of mugging. New York tried a few years ago to decrease crime by increasing the costs, mostly with stricter enforcement of existing laws. It did reduce crime, but there are those who say that we cost ourselves too much.
So the point is that we need to raise the price of spamming in some way to reduce spam to a tolerable level.
Who is it that sees organ-enlarging spam, written in terrible English and cluttered with vast amounts of gibberish, looking a lot like one he got yesterday, and decides to send somebody money? Or even visit the advertised web page? Many of these are so heavily cluttered that you couldn't respond even if you wanted to.
You'd have to be really, really, really stupid. At some point, the stupid-enough-to-respond curve crosses the too-stupid-to-read-email curve and you get nothing at all.
I'm starting to wonder if the spammers really care about most of the messages they send out. Perhaps they're sending out deliberate clutter to confuse your defense mechanisms (like filters) in order that the real messages get through.
Mailing lists come in two forms: discussion lists (everybody talking to everybody else all at once) and information lists (one way announcements). The difference is in who gets to post to the list.
The latter is, I believe, eventually going to be replaced with a pull system like RSS. Mail clients are starting to be written that pull RSS feeds. The protocol ends up looking a lot like POP, where you poll for new messages, and then download the ones you wish to read.
Posting to the list then becomes the problem of the list managers, who generally curate the submissions. Such submissions are generally made via email, and the curators would be just as happy to force somebody to pay for them to read their submission.
The former is the tricky one. These tend not to be curated. The central server makes it easy for people to subscribe and unsubscribe, but if everybody is allowed to post to it, then curation becomes a serious problem.
Because many people are exchanging messages, a better model is usenet, or perhaps discussion boards like slashdot.
Why is it that we don't see more plain spam on Slashdot? The moderation system helps a bit; you'd have to post spam as an AC, and I suspect most people read at +1 or greater. But I read at 0 when I moderate, and I don't see much plain-old dick-lengthening spam there. I really genuinely don't know why. Lameness filters?
She's OK. I don't think one should base one's opinion of an actor on a single film. There's a lot between the actor's performance and you: script, direction, editing, cinematography, music. Even great actors can be made to look really stupid, and actors with no range can look good for a single movie with the right director (Jack Nicholson, anybody?)
I've seen her in many other things. She doesn't have a vast range, but she's competent and pretty and she cries well on cue. She's got good charisma; that is, she is very interesting to watch. Not all pretty women are interesting to look at.
Most importantly, she's "game". She'll take a crack at any language, no matter how badly, and she clearly works hard to make the fights look good.
They must have been very proud of the work she did with the sai on Daredevil, since they worked it into an episode of Alias. Silly, but pretty.
Probably dumb of me to post anything like this to Slashdot, but I'm an actor and a director and I like to think I know about this stuff.
In theory, the fact that this is an election year doesn't matter for the judge. Appeals court judges are appointed for life precisely to put them above politics (which moves the politics to the nomination and approvals side of things).
Popularity can get the law passed, but only the constitution (and the common law) go into whether the judge approves it.
I've got to learn to write complete answers when I speak on Slashdot.
My website is outsourced. I trust real professionals to keep it safe; I'm not an expert in web site security. I see the attacks in the logs, and I observe that they don't get through. Somebody reading my Slashdot posting and deciding to put me in my place is going to hit my web server, not the office network that I manage.
My office network is behind a firewall, but I'm not a security expert. There are plenty of ways through that firewall, I'm sure, but I keep it locked down pretty tight. (No, I'm not going to be talking about the details on Slashdot.)
It's probably been attacked thousands of times at random, but the firewall keeps it out. Because I haven't been the victim of a DOS attack, I don't even really notice the attacks. I'd sure notice a DOS attack, but since there are literally millions of networks like this one, I'm just one more face in the crowd.
So I don't rely on obscurity solely, but thus far the obscurity has meant I've avoided concerted attacks, which would probably be more effective than the rather desultory ones I've seen so far. My server ignores Code Red; my non-Windows firewall keeps out worms. I do my best, but the best security I personally have had against concerted attack is the fact that nobody really cares.
(Funny that I should end up defending obscurity. I actually started this thread with the blanket statement "obscurity doesn't work.")
Sure it could be a target. Obscurity is what keeps it from being a target. Now that I've talked about it on Slashdot I'm probably going to be hosed./quickly checks web site
I should clarify: I was referring to personal computers, which weren't commonly networked at all until 10 years ago. People just wanted software that worked, for the most part, and it was rarely brought to their attention that networking made them extremely vulnerable.
I personally am well aware of security; I wrote my thesis on multilevel compartmentalization back in the 80s. VMS was often applied to systems that did have to worry about security: banks, online transaction processing, etc.
Personal computers, for home and office, rarely received that kind of attention. Even today, most software is rarely written with security in mind. Deliberately networked programs, like operating systems, mailers, and browsers receive the most attention.
But you hear about exploits in music players every so often. I'm sure that with enough effort one could create, say, a Photoshop file that hijacked it. Non-networked applications still don't receive the attention they deserve, from MS or any other vendor, except under those circumstances that absolutely require it.
So no, this didn't appear mysteriously five years ago, but Microsoft wasn't the only one to "prick up its ears" around then. The Macintosh didn't even have memory isolation until three years ago. and today the majority of programmers still code less defensively than they should, because real security takes a hell of a lot of effort.
I didn't mean to imply that open-source is any sort of silver bullet, or even that it's better. My preferences actually run towards redesigning programming languages for additional security. I trust Firebird not because it's open source but because it's more recent, and because I simply find it more pleasant to use than IE.
You are right that securty through obscurity can work. And it can work for a long time. I'm sure the office network I run is terribly vulnerable, but nobody's ever made a concerted effort because there's nothing valuable here. Worse, the software that I write is terribly vulnerable, but it would cost four times as much to make it less vulnerable. It's never been attacked, not because it's hard to get in but simply because you've never heard of it.
But security-through-obscurity won't withstand a long-term concerted attack. The McVeigh execution was a one-time event. If they had broadcasts of every execution, I'm sure they would find a way if obscurity were their only mechanism.
And I _do_ know the layout of many parts of the Pentagon. I've worked there, and so have tens of thousands of other people. The detailed layout isn't considered a secret, exactly; at least, nobody told me that it was.
Security through obscurity never works, but there is something to be said for security through diversity. It works because it lowers the "payoff" of writing worms, perhaps to the point where it's no longer worth the effort.
Without an exhaustive code analysis of Outlook I can't say for certain, but Outlook has a lot of code in it that dates back before malicious worms became a daily occurrence. Because of that, the code seems to have been written with other goals than security in mind.
I don't mean that to insult MS; it's only in the last five years or so that "absolutely MUST be secure" has been a real consideration for any vendor. Look at Windows 95's silly logon procedures. Before that, many features were added that were dangerous but, in Microsoft's opinion, useful. At least it made a spiffy demo to have systems administrators updating every desktop in the office just by sending email.
Firebird, etc. have been written in a rather more paranoid age. I'm certain that there are potentially disastrous bugs in it. In this case I have read the code, and I've found a lot of nice defensive programming, but that doesn't preclude mistakes that the authors, me, and a thousand others might all have missed.
Still, having be written for security from the ground up, with no silly code-executing features and strings all well protected from buffer overruns, I'm putting my faith in the ground-up rewrite that is Firebird/fox to Microsoft's apparently slapdash Outlook/IE combo.
Microsoft appears to be improving its code, not least because of the withering hail of worms thrown at it because it's the market leader and therefore has the biggest payoff. These days worms all seem to depend not on security holes but on user stupidity or user laziness. This particular article is pointing out a worm that propagates through well-known, and supposedly well-patched, techniques. But there are obviously people out there on whom it works.
Eventually, Microsoft will have to fix both user stupidity and user laziness in code. Eventually, any new program you receive is going to have to have a system administrator's explicit authorization to run or install itself for the first time. Even "sandboxed" environments like Java can't prevent a user from running an executable and doing at least limited damage. I suspect that someday, code will simply not be authorized to run at all without more than a mouse click between you and ruin.
Re:I thought I would do this...
on
WB Cancels Angel
·
· Score: 1
I wish somebody had mentioned this to me a few weeks ago.
I had the first two seasons of B5 on DVD. Then I fell ill, and finally had time to watch them, since I wasn't going anywhere.
I watched the first episode.
I watched the second episode.
I watched the first 20 minutes of the third episode.
Then I shut it off and stared at the ceiling instead.
Interesting observation. Though I'd have expected his work to get dimmer after cataract surgery, since with the cataracts he'd have to use brighter pigments to see the canvas in progress.
(I just got out of a cataract exam myself, and I'm reading Slashdot zoomed like crazy because by eyes are dilated.)
I love the part that says, "I'm certainly impressed with its range of coverage, basically representing the dominant means of accelerating internal microprocessor clock speeds." In other words, the industry analyst they went to for a quote says, "Wow, they've patented what everybody is already doing."
You wouldn't be willing to risk a penny on your reply?
The general idea is that if you were willing to pony up even a small sum, it lets out most spammers, who depend on millions of emails because of the trivial response rate they get. But millions of emails times one penny turns into real money, fast.
However, this does involve micropayments, and micropayments are hard.
Preventing forged headers is another excellent technique. I'd like to see if Sender Permitted From helps prevent forged headers. It will, however, take a while. Until each and every one of my friends uses an ISP that has SPF records, I can't blindly reject non-SPFed emails (though I can at least reject invalidly-SPF'ed records. I'd like to get my ISP to reject invalid-SPF emails today.)
In a sense, "contact the user by other means" is a mechanism for making contact more expensive. Email is nearly free; phone calls and letters cost money (and usually more time). The warranty proposed in the article is another version of that cost.
You might also consider signing up for one of the various email-confirmation services. I believe Earthlink uses one. It filters out people without valid return addresses by replying to a new user before it's sent to you, requiring them to confirm that they really sent the email. Far from perfect, but it seems a start.
You've nailed the deal, actually. It's the difference between discrete and continuous differential equations. The standard model of physics is based on continuous DEs, even the quantized stuff. Wolfram is claiming to be able to produce a good model of the universe from discrete DEs.
"God created the natural numbers, and all the rest is the work of man," said Leopold Kronecker. Kronecker was a mathematician. The physicists have always disagreed, and placed their faith in real numbers. Wolfram is taking things back to natural numbers: discrete places in the universe and discrete jumps of time.
Is he right? Is is theory any good? (There is a difference.) I wish I could say, since I haven't been able to give his book more than a cursory scan, so I'm speaking largely from ignorance. It does seem a Big Deal, if it's at all right.
Sadly, "some research of your own" is very difficult to do. The environment is very big, and studying it requires a lot of equipment and very complicated mathematics. I'm not qualified to do that research, and neither is 99.999% of the world.
Worse, I'm not even really qualified to listen to both sides of the argument and make my own decision. That would be true even if one side, or both, weren't deliberately skewing the data their way. I'm not saying that they are. I'm saying that without vast effort, I can't tell.
That's why we have representative democracy. I don't have to know this stuff, but I put my faith in some representative to tell. Actually, he can't tell either: neither Bush nor my senator nor my representative is qualified to make these decisions. But each of them has science advisors, and _they_ are qualified, or are at least qualified to judge the researchers.
I wish I had a stronger connection to this: the guy who makes the decision is appointed by a guy who I had a very small part in electing. Or worse, some guy I voted against.
So the people who vote aren't expected to judge the issue. They're expected to judge the character of the politician, and whether he will appoint honest and knowledgable advisors. You can research any issue until you're blue in the face, but the other side will counter with seven people who have more expertise, more qualifications, and more time spent on the issue.
Oh, I wish I had a philosopher-king around to do this stuff. But I don't. And in the meantime, "trust" is going to be an operative word in any decisions that get made. As Winston Churchill said, "Democracy is the worst form of government except for all those others that have been tried."
I will make up my opinion based on as much research as I can do, and I'll vote for a man (or woman) based on that judgment, along with a dozen others. It sucks that I get the same representative for science, labor, privacy, law enforcement, and many other issues, but there you are.
Red herring. It's just l33t.
I have GOT to learn to stop oversimplifying in my posts.
What I was talking about was basic game theory and economic theory. I didn't mean to get into psychology, ethics, or politics, all of which have important bearings here.
The point I was making is that it is in people's own best interests to leave other people's property alone, despite the potential short-term gain involved in theft. That's because your theft contributes to an overall level of theft which, when it rises to a certain point, means that you cannot steal enough stuff to make a net profit worth the effort. That explains why theft is not more common, at least in relatively orderly societies.
And it explains why there are a few people who steal rather than work: because the price isn't infinite, a few people find it in their best interests. As long as everybody doesn't work that way it once, everybody survives, albeit less pleasantly for some than it would if some didn't cheat. (Yes, I know that's a hideous understatement given that a mugging is rather substantially less pleasant than not being mugged.)
This is as contrasted to spam, which can be done more or less with impunity at the moment, and the article points out that the economics guarantee spam.
I would dearly love for everyone to respect other people, as you say, but economics suggests that they won't if its not in their own best interests, long-term. Even when it is, as in the case of spammers "shitting where they sleep" (since they may well eventually cause the entire email system to shut down), there are a few who will take the risk.
Guaranteeing 100% compliance, to make everybody respect people, would be lovely, but it's extremely difficult to achieve. I don't know how to, for sure. So the article, and I, rely on economic theory to guess how to proceed to a best-possible world, if not a perfect one.
The point is that the economics essentially guarantee that there will be spam. Economics also guarantee muggings, so we create a legal system to shift the economics.
At this risk of opening up the wrong topic, people didn't loot in Iraq under the Saddam regime. It made no sense; they lived in fear of the reprisal, which was famously horrific. With Saddam gone, things were looted like crazy. Not by everybody, but by enough people.
Not everybody wishes to do the things that are criminal. It is fairly obvious to most people that if everybody respects property rights, everybody prospers. Under that system, a few people can win by cheating, but only a few. If everybody cheats, the system goes away and everybody, including the cheaters, lose.
If cheaters are caught and punished, the system perpetuates. The higher you raise the likely cost of cheating, the fewer cheaters there are.
Unfortunately, it takes only a few spammers (cheaters) to cause a world of hurt to everybody, and I've already heard talk of people giving up on email entirely. So the price of spam must be raised fairly high to reduce the spam itself to a reasonable level.
Reasonable, yes. We could eliminate all muggings by raising the cost very high (say, with the death penalty for muggers). Our sense of fairness and proportionality prevents that, and so we live with a low level of mugging. New York tried a few years ago to decrease crime by increasing the costs, mostly with stricter enforcement of existing laws. It did reduce crime, but there are those who say that we cost ourselves too much.
So the point is that we need to raise the price of spamming in some way to reduce spam to a tolerable level.
And yet the economics seem to work anyway.
Who is it that sees organ-enlarging spam, written in terrible English and cluttered with vast amounts of gibberish, looking a lot like one he got yesterday, and decides to send somebody money? Or even visit the advertised web page? Many of these are so heavily cluttered that you couldn't respond even if you wanted to.
You'd have to be really, really, really stupid. At some point, the stupid-enough-to-respond curve crosses the too-stupid-to-read-email curve and you get nothing at all.
I'm starting to wonder if the spammers really care about most of the messages they send out. Perhaps they're sending out deliberate clutter to confuse your defense mechanisms (like filters) in order that the real messages get through.
Mailing lists come in two forms: discussion lists (everybody talking to everybody else all at once) and information lists (one way announcements). The difference is in who gets to post to the list.
The latter is, I believe, eventually going to be replaced with a pull system like RSS. Mail clients are starting to be written that pull RSS feeds. The protocol ends up looking a lot like POP, where you poll for new messages, and then download the ones you wish to read.
Posting to the list then becomes the problem of the list managers, who generally curate the submissions. Such submissions are generally made via email, and the curators would be just as happy to force somebody to pay for them to read their submission.
The former is the tricky one. These tend not to be curated. The central server makes it easy for people to subscribe and unsubscribe, but if everybody is allowed to post to it, then curation becomes a serious problem.
Because many people are exchanging messages, a better model is usenet, or perhaps discussion boards like slashdot.
Why is it that we don't see more plain spam on Slashdot? The moderation system helps a bit; you'd have to post spam as an AC, and I suspect most people read at +1 or greater. But I read at 0 when I moderate, and I don't see much plain-old dick-lengthening spam there. I really genuinely don't know why. Lameness filters?
She's OK. I don't think one should base one's opinion of an actor on a single film. There's a lot between the actor's performance and you: script, direction, editing, cinematography, music. Even great actors can be made to look really stupid, and actors with no range can look good for a single movie with the right director (Jack Nicholson, anybody?)
I've seen her in many other things. She doesn't have a vast range, but she's competent and pretty and she cries well on cue. She's got good charisma; that is, she is very interesting to watch. Not all pretty women are interesting to look at.
Most importantly, she's "game". She'll take a crack at any language, no matter how badly, and she clearly works hard to make the fights look good.
They must have been very proud of the work she did with the sai on Daredevil, since they worked it into an episode of Alias. Silly, but pretty.
Probably dumb of me to post anything like this to Slashdot, but I'm an actor and a director and I like to think I know about this stuff.
In theory, the fact that this is an election year doesn't matter for the judge. Appeals court judges are appointed for life precisely to put them above politics (which moves the politics to the nomination and approvals side of things).
Popularity can get the law passed, but only the constitution (and the common law) go into whether the judge approves it.
In theory.
Will do. Thanks for the suggestion.
I've got to learn to write complete answers when I speak on Slashdot.
My website is outsourced. I trust real professionals to keep it safe; I'm not an expert in web site security. I see the attacks in the logs, and I observe that they don't get through. Somebody reading my Slashdot posting and deciding to put me in my place is going to hit my web server, not the office network that I manage.
My office network is behind a firewall, but I'm not a security expert. There are plenty of ways through that firewall, I'm sure, but I keep it locked down pretty tight. (No, I'm not going to be talking about the details on Slashdot.)
It's probably been attacked thousands of times at random, but the firewall keeps it out. Because I haven't been the victim of a DOS attack, I don't even really notice the attacks. I'd sure notice a DOS attack, but since there are literally millions of networks like this one, I'm just one more face in the crowd.
So I don't rely on obscurity solely, but thus far the obscurity has meant I've avoided concerted attacks, which would probably be more effective than the rather desultory ones I've seen so far. My server ignores Code Red; my non-Windows firewall keeps out worms. I do my best, but the best security I personally have had against concerted attack is the fact that nobody really cares.
(Funny that I should end up defending obscurity. I actually started this thread with the blanket statement "obscurity doesn't work.")
Sure it could be a target. Obscurity is what keeps it from being a target. Now that I've talked about it on Slashdot I'm probably going to be hosed. /quickly checks web site
Well, not yet.
I should clarify: I was referring to personal computers, which weren't commonly networked at all until 10 years ago. People just wanted software that worked, for the most part, and it was rarely brought to their attention that networking made them extremely vulnerable.
I personally am well aware of security; I wrote my thesis on multilevel compartmentalization back in the 80s. VMS was often applied to systems that did have to worry about security: banks, online transaction processing, etc.
Personal computers, for home and office, rarely received that kind of attention. Even today, most software is rarely written with security in mind. Deliberately networked programs, like operating systems, mailers, and browsers receive the most attention.
But you hear about exploits in music players every so often. I'm sure that with enough effort one could create, say, a Photoshop file that hijacked it. Non-networked applications still don't receive the attention they deserve, from MS or any other vendor, except under those circumstances that absolutely require it.
So no, this didn't appear mysteriously five years ago, but Microsoft wasn't the only one to "prick up its ears" around then. The Macintosh didn't even have memory isolation until three years ago. and today the majority of programmers still code less defensively than they should, because real security takes a hell of a lot of effort.
I didn't mean to imply that open-source is any sort of silver bullet, or even that it's better. My preferences actually run towards redesigning programming languages for additional security. I trust Firebird not because it's open source but because it's more recent, and because I simply find it more pleasant to use than IE.
You are right that securty through obscurity can work. And it can work for a long time. I'm sure the office network I run is terribly vulnerable, but nobody's ever made a concerted effort because there's nothing valuable here. Worse, the software that I write is terribly vulnerable, but it would cost four times as much to make it less vulnerable. It's never been attacked, not because it's hard to get in but simply because you've never heard of it.
But security-through-obscurity won't withstand a long-term concerted attack. The McVeigh execution was a one-time event. If they had broadcasts of every execution, I'm sure they would find a way if obscurity were their only mechanism.
And I _do_ know the layout of many parts of the Pentagon. I've worked there, and so have tens of thousands of other people. The detailed layout isn't considered a secret, exactly; at least, nobody told me that it was.
Security through obscurity never works, but there is something to be said for security through diversity. It works because it lowers the "payoff" of writing worms, perhaps to the point where it's no longer worth the effort.
Without an exhaustive code analysis of Outlook I can't say for certain, but Outlook has a lot of code in it that dates back before malicious worms became a daily occurrence. Because of that, the code seems to have been written with other goals than security in mind.
I don't mean that to insult MS; it's only in the last five years or so that "absolutely MUST be secure" has been a real consideration for any vendor. Look at Windows 95's silly logon procedures. Before that, many features were added that were dangerous but, in Microsoft's opinion, useful. At least it made a spiffy demo to have systems administrators updating every desktop in the office just by sending email.
Firebird, etc. have been written in a rather more paranoid age. I'm certain that there are potentially disastrous bugs in it. In this case I have read the code, and I've found a lot of nice defensive programming, but that doesn't preclude mistakes that the authors, me, and a thousand others might all have missed.
Still, having be written for security from the ground up, with no silly code-executing features and strings all well protected from buffer overruns, I'm putting my faith in the ground-up rewrite that is Firebird/fox to Microsoft's apparently slapdash Outlook/IE combo.
Microsoft appears to be improving its code, not least because of the withering hail of worms thrown at it because it's the market leader and therefore has the biggest payoff. These days worms all seem to depend not on security holes but on user stupidity or user laziness. This particular article is pointing out a worm that propagates through well-known, and supposedly well-patched, techniques. But there are obviously people out there on whom it works.
Eventually, Microsoft will have to fix both user stupidity and user laziness in code. Eventually, any new program you receive is going to have to have a system administrator's explicit authorization to run or install itself for the first time. Even "sandboxed" environments like Java can't prevent a user from running an executable and doing at least limited damage. I suspect that someday, code will simply not be authorized to run at all without more than a mouse click between you and ruin.
I wish somebody had mentioned this to me a few weeks ago.
I had the first two seasons of B5 on DVD. Then I fell ill, and finally had time to watch them, since I wasn't going anywhere.
I watched the first episode.
I watched the second episode.
I watched the first 20 minutes of the third episode.
Then I shut it off and stared at the ceiling instead.
I tested a 63-volt battery this way once. It was in the same packaging as a 9 volt lantern battery.
I've done dumber things, but not many. I've survived all of them so far, but that smacks of statistical fluke.
The filing fee is US$2,520.00.
Interesting observation. Though I'd have expected his work to get dimmer after cataract surgery, since with the cataracts he'd have to use brighter pigments to see the canvas in progress.
(I just got out of a cataract exam myself, and I'm reading Slashdot zoomed like crazy because by eyes are dilated.)
No, but I work for a company called Ontology Works, and half the people who hear that ask what kind of cancer we treat.
Especially since our primary office is in a building with many doctor's offices.
I love the part that says, "I'm certainly impressed with its range of coverage, basically representing the dominant means of accelerating internal microprocessor clock speeds." In other words, the industry analyst they went to for a quote says, "Wow, they've patented what everybody is already doing."
Right. It's called "severability". By default the contract is _not_ severable, but severability clauses are a matter of course.
You wouldn't be willing to risk a penny on your reply?
The general idea is that if you were willing to pony up even a small sum, it lets out most spammers, who depend on millions of emails because of the trivial response rate they get. But millions of emails times one penny turns into real money, fast.
However, this does involve micropayments, and micropayments are hard.
Preventing forged headers is another excellent technique. I'd like to see if Sender Permitted From helps prevent forged headers. It will, however, take a while. Until each and every one of my friends uses an ISP that has SPF records, I can't blindly reject non-SPFed emails (though I can at least reject invalidly-SPF'ed records. I'd like to get my ISP to reject invalid-SPF emails today.)
In a sense, "contact the user by other means" is a mechanism for making contact more expensive. Email is nearly free; phone calls and letters cost money (and usually more time). The warranty proposed in the article is another version of that cost.
You might also consider signing up for one of the various email-confirmation services. I believe Earthlink uses one. It filters out people without valid return addresses by replying to a new user before it's sent to you, requiring them to confirm that they really sent the email. Far from perfect, but it seems a start.
You've nailed the deal, actually. It's the difference between discrete and continuous differential equations. The standard model of physics is based on continuous DEs, even the quantized stuff. Wolfram is claiming to be able to produce a good model of the universe from discrete DEs.
"God created the natural numbers, and all the rest is the work of man," said Leopold Kronecker. Kronecker was a mathematician. The physicists have always disagreed, and placed their faith in real numbers. Wolfram is taking things back to natural numbers: discrete places in the universe and discrete jumps of time.
Is he right? Is is theory any good? (There is a difference.) I wish I could say, since I haven't been able to give his book more than a cursory scan, so I'm speaking largely from ignorance. It does seem a Big Deal, if it's at all right.
Suxor, dude. Didn't mean to be an insensitive clod.