I'm not currently using Bayesian filtering in SpamAssassin at all. I don't want to deal with trying to train my users, and without a pretty crazy level of training, I don't see how Bayesian filtering can properly deal with the crap text that spammers are including in their messages (recently somebody has started using current news article headlines as their subject lines, which is brilliant). If it works for you, that's great, but the combination of other rules I have in place sound like they're about as effective as what you've got (based on how many spams you said get through the filters), so I've chosen not to bother with it for now.
Are any of you people still living with spam? Do we really need another solution? Anyone who's a mail server administrator is living with more spam than you could probably imagine. During a four-week period, across two of the (very small) servers I manage, 38,728 connections were refused because of RBLs. Of the messages that were accepted, 8,102 were assigned a SpamAssassin score above 15 and sent to a system-wide quarantine folder that users never see. Another 13,619 messages were assigned a score between 5 and 15, and sent to a user-accessible quarantine folder for review. I use Rules Du Jour to keep rules from the SpamAssassin Rules Emporium updated daily, and I spend quite a bit of time writing and tweaking my own custom rules to catch spam that everything else misses.
After all of that, I STILL get about 5 per day. Bayesian filtering in my e-mail client usually catches these, but since it occasionally catches false positives, I have to check it anyway.
Nothing wrong with new ideas in the battle, but I thought that for anyone who cared it was already won. No, the battle is already lost. We absolutely cannot keep up with the spammers if all we have are technical solutions. The only real solution is increased law enforcement. In the mean time, we need all the help we can get with technical solutions.
You can't just hit the "reply" button; spammers spoof the return address on their spam to make it look like it came from some random address on their list. As others have mentioned, it's called a "joe-job". If you reply to the spam you get, you'll be sending your replies to just another one of the spammer's innocent victims.
The person actually sending you spam very often doesn't care whether you buy the product being advertised or not. They've sold their spamming services to a paying client, after convincing the client that their "opt-in e-mail marketing campaign" will be effective. If nobody buys anything, the client doesn't make a dime, but the spammer has already been paid, and moves on to the next victim. If people do fall for it, the client may be interested in repeat business, but that's not necessary.
Often when browsing Slashdot, I'll have several tabs open, then go do some work in other browser windows, and eventually make it back to the already-opened Slashdot tabs. Occasionally I get momentarily confused as to which article I'm reading comments for (without looking at the titlebar). So that's why when I saw this comment, what I had in my head was a completely different article about fighting spam.
It occurs to me that registering domains like this that nobody could ever possibly want, then running spam honeypots on them, would be a good way to identify spammers that try to send mail to random domains. Register something that nobody could possibly type by mistake, never publish it anywhere, and see what kind of crap comes in.
nslookup does NOT confirm whether the domain is registered or not. Granted, if it's not registered, you shouldn't get an IP address, but the converse is NOT always true. You're much better off using whois.
Unfortunately, bringing together lots of data will create a correlation, perhaps a strong correlation. But they will not provide the actual proof. Unless they find harder evidence (payment to a spammer, letters to a co-conspirator, a confession from another involved person) there's nothing to convict them on. Good luck, however highly improbable, is not prima facie evidence of a crime. I don't think a judge would let the case come to trial without more evidence. Of course not, but it ought to be enough for "probable cause", which is all you need for that judge to grant you a warrant so you can go collect more evidence. If you find some, THEN you can bring it to trial. If you fail to do so, you apologize for your mistake and move on.
TimeMachine relies on several OS-level technologies that aren't available in Tiger. Spaces probably does too, to a lesser extent. Safari relies on WebKit. Other developers that use these same technologies for their own products would have a much more difficult time keeping track of when they will and will not be available if Apple sold them as add-ons instead of linking them to major OS releases. Even the new version of Mail will be built around some new OS-level features in Leopard that aren't available in previous versions of the OS.
I create separate e-mail addresses at my domain for each company I do business with, and I've had exactly the same experience - I don't get any spam at the addresses I give out to legitimate companies. I do sometimes get added to those companies' mailing lists against my will, but unsubscribing has never failed.
The only exceptions are web sites that have posted my e-mail address on their site. Slashdot, eBay, and Bugzilla all used to do this, and I had to change my e-mail addresses I use with these sites for that reason. Slashdot now (optionally) obfuscates e-mail addresses, eBay now provides a form to contact sellers instead of listing their e-mail addresses, and Bugzilla now uses HTTPS to thwart bots, so I no longer have these problems at all.
I've seen 'unsubscribe' fail so much, it's simply pathetic and criminal. According to the FTC:
...you must include the option to end any commercial messages from the sender.
Any opt-out mechanism you offer must be able to process opt-out requests for at least 30 days after you send your commercial email. When you receive an opt-out request, the law gives you 10 business days to stop sending email to the requestor's email address. You cannot help another entity send email to that address, or have another entity send email on your behalf to that address. Finally, it's illegal for you to sell or transfer the email addresses of people who choose not to receive your email, even in the form of a mailing list, unless you transfer the addresses so another entity can comply with the law.
So yes, if you're seeing unsubscribe fail, then it is criminal. If CAN-SPAM prevents you from suing, that's unfortunate, but this really just backs up my point that the problem with CAN-SPAM is a lack of enforcement.
Even a fresh, Spam-free address is quickly polluted by law-breaking corps like Amazon and Ebay which set (and reset) your "preferences" to their pleasing. Looking through my e-mail for the past year, the only thing I've gotten from eBay that wasn't directly related to a specific auction was a single announcement on January 4th about a rate change. Considering that this is directly related to my doing business with them, I'd say it's not spam. I have gotten a small handful of e-mails from Amazon, but only having to do with the Amazon Associates program, which I signed up for. Sorry, but I just don't have a problem with spam from legitimate businesses. I suspect you're just too lazy to actually bother unsubscribing (although I do agree that they should make their marketing e-mail properly opt-in to begin with).
My roommates just introduced me to Rise of Nations a couple days ago, and it runs fine on Vista RC2. If it didn't work when you tried it, as someone else said, it's probably a driver issue - I can't speak for ATi, but nVidia has been releasing driver updates pretty frequently.
You know, the CAN-SPAM Act is often criticized on Slashdot and elsewhere as being toothless and full of loopholes. People think it's a worthless law, because spammers can easily get around it. I disagree. Let me explain.
First of all, what we really want to avoid is any law that inhibits our right to freedom of speech. It's very easy to write a definition of spam that is overly broad, and applies to legitimate messages as well. Let's assume for the moment that this would be a bad thing. I haven't heard any complaints that CAN-SPAM is flawed in this way.
The complaints are that CAN-SPAM doesn't go far enough. Spammers could simply change their spam to comply with the provisions of the law, and suddenly their unwanted junk is no longer technically "spam" in the eyes of the law. In theory, this may be true, but in practice, it's not happening. The law has been in effect for three years now, and spammers still aren't even bothering to pretend to comply with the law, they're just continuing to blatantly disregard it. This means that just about all the spam I get in my inbox (plus all the spam that I would have gotten in my inbox if I didn't have a whole pile of filters in place to block it) is clearly defined as illegal according to CAN-SPAM.
So why am I still getting all this spam? It's not because CAN-SPAM is a bad law. It's not because the spammers have found a loophole, or have changed their spam so it complies with the law. The problem is enforcement: the FTC and FBI don't have the resources to go after these guys. It's been three years, and they've only gotten one conviction.
Yes, some spammers are based outside the US, and while CAN-SPAM may still apply to them because they're sending spam to Americans, they're outside the jurisdiction of our law enforcement agencies. Several other countries have pledged their support in the International War On Spam(TM), but again, somebody has to actually track down the spammers so they can be arrested, and that's what's not happening.
So what's the solution? It's not to pass more laws making spam more illegal than it already is. The solution is for Congress to earmark funding for spam investigation and prosecution. They won't think of it themselves, so somebody has to tell them to do it. So, write to your Senators and Representatives, and tell them you want to see better enforcement!
Here's a HyperCard stack I created to disable FoolProof, which prevented users from dragging icons in the Finder (and probably did a couple of other things, but that was the main feature I remember).
We're reaching the stage where you can be convicted for what you computer does behind your back. I respectfully disagree. Many people have experienced their computers doing things they never wanted and don't understand, and I think (perhaps overly optimistically) that the courts will be sympathetic if somebody discovers (e.g.) that your computer has been downloading child pornography at 12:30am every night and saving it in your browser cache, if you claim you weren't aware of it and don't know how to make it stop.
Stories like this are good for explaining why everyone really needs to learn enough about how their software works that you can block things like this that can plant evidence on your machine.
Considering how much of the modern Web you'd be shutting yourself out from if you disabled JavaScript, I wouldn't view that as a solution. What are some other lessons you think novice computer users need to learn, that would have prevented this particular problem from arising? Can you clearly explain the reasons to your mother? Have you done so?
Server must be running on a box in someone's bedroom or something, 'cuz it's off line now... And what's with having the domain registered at NetSol? I guess pretentious "security researchers" need their domain registered with equally pretentious domain registrars... Oh yeah, we got some quality hackers, er, I mean "security researchers" here!
Attrition.org has been around since long before multiple.com registrars existed. I still have a domain hosted with Network Solutions myself for the same reason (although they did open up the market for testing with five competing registrars shortly after I registered mine). For awhile I was afraid if I tried to transfer it to a new registrar they'd botch the transfer and I'd end up losing the domain (I've heard of that sort of thing happening, and the rightful owner having no recourse), but now it's mostly laziness.
As for the the server, I don't know where it's hosted now, but I saw it in about 1999. It was the only server in the colo room covered in bumper stickers.
I'm all in favor of taking Apple to task for failing to fix a bunch of bugs, but releasing detailed information to the public without notifying the vendor first is simply irresponsible. The only reason it's being done this way is shameless self-promotion: if Apple fixed all the bugs in advance, then they'd have nothing left to show for their month of Apple bugs, so people wouldn't freak out about it.
In short, their goal isn't really to get these bugs fixed ASAP; their goal is to spread fear and panic. If the bugs get fixed eventually, that's just icing on the cake. The problem with this is that it could cause some real problems for Mac network admins out there, many of whom don't have a lot of extra time to deal with unpatched security holes. If it was just a matter of "sticking it to Apple", that would be one thing, but this will affect a lot of innocent victims.
Yes, I'm a Mac user. No, that isn't why I feel this way; Microsoft should get advance notice too.
Actually, everywhere with exception of the US, using a dryer is considered an option for cold/wet days, not the standard way of drying.
I live in the Pacific Northwest, where cold/wet days are the norm, and sunny dry days are the exception (and this time of year, if it is sunny and dry it's also freezing, which doesn't help much). Our weather is also pretty unpredictable (e.g. Wednesday's forecast currently calls for rain, but by Tuesday evening that may have changed), so what might start out a dry day might end in wet laundry.
I don't cook with gas, but I do have a gas furnace and water heater, and it never occurred to me to look for something like this. Of course I have smoke detectors (one of which goes off every time I take a shower without turning on the fan, about 20 seconds after I open the bathroom door, which is rather annoying, but at least I know it works). Everyone knows you're supposed to have smoke detectors, and check them periodically (although I haven't checked the ones upstairs recently), but I believe this is literally the first time I've ever heard anyone suggest that I should have a gas vapor alarm, nor am I aware of anyone else who has one (which isn't to say I don't know anyone who does, just that I've never noticed it).
The fire department came out (personally, I thought that was overkill)
Doesn't sound like overkill at all to me. If you've got a house full of gas, any normally-harmless spark could potentially trigger an explosion, and if I were your neighbor, I'd want a fire truck parked in front of your house ASAP just in case, so if yours blows up, they might have a chance of saving mine. Also, firefighters are trained as paramedics; if someone has problems due to breathing gas, or if there is an explosion and someone gets burned, they'll be able to help until an ambulance arrives.
Of course, if the firefighters are already busy trying to put out a real fire somewhere, I wouldn't want to pull them away from that just so they can come air out your house, and if another fire starts while they're hanging out at your place I'd want them to go take care of it, but if they've got nothing better to do anyway, it's not overkill.
Just a note: do NOT use bl.spamcop.net to block mail, although using it to add to a SpamAssassin score is good. SpamCop's blacklist is completely automated, and it's easy for innocent IP addresses to get added to it by mistake (they're removed automatically too, of course).
However, I've had GREAT success with zen.spamhaus.org and list.dsbl.org. No false positives here either.
Windows has basically two kinds of windows, application windows (each of which shows up as a button in the taskbar, and you can alt-tab between them) and document windows (which can only exist within an application window, and can usually be manipulated via the application's Window menu, and if I remember correctly, you can ctrl-tab between them). Many apps no longer use document windows at all, and the ones that do usually downplay them, so only power users are even aware of such a thing - for example, if you open two MS Word documents, Word will normally open each of them in a separate application window, with each application window containing one maximized document window.
The problem with this is, since the UI treats each application window the same, and each application is likely to have multiple application windows open (with one document displayed in each), you can't really group documents together, or switch between documents within an application, or switch between applications without regard for how many documents are open within each application. Microsoft tried to work around this problem in Windows XP by grouping application windows shared by the same application together into a single taskbar button, but (if all windows are maximized, as is often the case on Windows) this means you can no longer see what you have open without clicking on something.
In contrast, on Mac OS X, each application has a single shared menubar at the top of the screen, and there are no application windows, only document windows (which aren't constrained inside of anything). You can switch between applications with Cmd-Tab, switch between documents within an application with Cmd-`, temporarily show every document window in the current application side-by-side (and scaled down to fit on the screen if necessary) with F10, hide the current application with Cmd-H (this is a relatively new keyboard shortcut that conflicts with some existing application-defined shortcuts, so doesn't work reliably from the keyboard, but the menu option is always there), hide everything but the current application with Cmd-Opt-H (ditto), or hide the current application as you switch to another one by option-clicking. Closing windows is done by Cmd-W, and quitting the application is Cmd-Q. There's a nifty shortcut if you want to quit several applications - as you switch between applications with Cmd-Tab, press Q while still holding the Cmd key, and it'll quit whichever app was selected, without interrupting your Cmd-Tab switching.
For the FTP issue. You can FTP easily with OSX by using "Connect To Server". Basically pop in your info and it mounts just like a volume on you desktop. You can read/write files etc. Is this not what you mean? I use it all the time to connect to my printer to FTP the files to them.
Yes, this is what he was talking about, except that I've never gotten uploading to work at all, and browsing and downloading doesn't work very well for me. Not to mention that SFTP isn't supported at all.
I heard a rumor that suggests this will all be fixed in 10.5, which would be a very good thing.
Slashdot Mirror
I'm not currently using Bayesian filtering in SpamAssassin at all. I don't want to deal with trying to train my users, and without a pretty crazy level of training, I don't see how Bayesian filtering can properly deal with the crap text that spammers are including in their messages (recently somebody has started using current news article headlines as their subject lines, which is brilliant). If it works for you, that's great, but the combination of other rules I have in place sound like they're about as effective as what you've got (based on how many spams you said get through the filters), so I've chosen not to bother with it for now.
After all of that, I STILL get about 5 per day. Bayesian filtering in my e-mail client usually catches these, but since it occasionally catches false positives, I have to check it anyway. Nothing wrong with new ideas in the battle, but I thought that for anyone who cared it was already won. No, the battle is already lost. We absolutely cannot keep up with the spammers if all we have are technical solutions. The only real solution is increased law enforcement. In the mean time, we need all the help we can get with technical solutions.
You can't just hit the "reply" button; spammers spoof the return address on their spam to make it look like it came from some random address on their list. As others have mentioned, it's called a "joe-job". If you reply to the spam you get, you'll be sending your replies to just another one of the spammer's innocent victims.
Rule #1: Spammers lie.
The person actually sending you spam very often doesn't care whether you buy the product being advertised or not. They've sold their spamming services to a paying client, after convincing the client that their "opt-in e-mail marketing campaign" will be effective. If nobody buys anything, the client doesn't make a dime, but the spammer has already been paid, and moves on to the next victim. If people do fall for it, the client may be interested in repeat business, but that's not necessary.
Often when browsing Slashdot, I'll have several tabs open, then go do some work in other browser windows, and eventually make it back to the already-opened Slashdot tabs. Occasionally I get momentarily confused as to which article I'm reading comments for (without looking at the titlebar). So that's why when I saw this comment, what I had in my head was a completely different article about fighting spam.
It occurs to me that registering domains like this that nobody could ever possibly want, then running spam honeypots on them, would be a good way to identify spammers that try to send mail to random domains. Register something that nobody could possibly type by mistake, never publish it anywhere, and see what kind of crap comes in.
nslookup does NOT confirm whether the domain is registered or not. Granted, if it's not registered, you shouldn't get an IP address, but the converse is NOT always true. You're much better off using whois.
...and wax tubes were the precursor to the internets. Senator? Is that you?TimeMachine relies on several OS-level technologies that aren't available in Tiger. Spaces probably does too, to a lesser extent. Safari relies on WebKit. Other developers that use these same technologies for their own products would have a much more difficult time keeping track of when they will and will not be available if Apple sold them as add-ons instead of linking them to major OS releases. Even the new version of Mail will be built around some new OS-level features in Leopard that aren't available in previous versions of the OS.
I create separate e-mail addresses at my domain for each company I do business with, and I've had exactly the same experience - I don't get any spam at the addresses I give out to legitimate companies. I do sometimes get added to those companies' mailing lists against my will, but unsubscribing has never failed.
The only exceptions are web sites that have posted my e-mail address on their site. Slashdot, eBay, and Bugzilla all used to do this, and I had to change my e-mail addresses I use with these sites for that reason. Slashdot now (optionally) obfuscates e-mail addresses, eBay now provides a form to contact sellers instead of listing their e-mail addresses, and Bugzilla now uses HTTPS to thwart bots, so I no longer have these problems at all.
So yes, if you're seeing unsubscribe fail, then it is criminal. If CAN-SPAM prevents you from suing, that's unfortunate, but this really just backs up my point that the problem with CAN-SPAM is a lack of enforcement. Even a fresh, Spam-free address is quickly polluted by law-breaking corps like Amazon and Ebay which set (and reset) your "preferences" to their pleasing. Looking through my e-mail for the past year, the only thing I've gotten from eBay that wasn't directly related to a specific auction was a single announcement on January 4th about a rate change. Considering that this is directly related to my doing business with them, I'd say it's not spam. I have gotten a small handful of e-mails from Amazon, but only having to do with the Amazon Associates program, which I signed up for. Sorry, but I just don't have a problem with spam from legitimate businesses. I suspect you're just too lazy to actually bother unsubscribing (although I do agree that they should make their marketing e-mail properly opt-in to begin with).
My roommates just introduced me to Rise of Nations a couple days ago, and it runs fine on Vista RC2. If it didn't work when you tried it, as someone else said, it's probably a driver issue - I can't speak for ATi, but nVidia has been releasing driver updates pretty frequently.
You know, the CAN-SPAM Act is often criticized on Slashdot and elsewhere as being toothless and full of loopholes. People think it's a worthless law, because spammers can easily get around it. I disagree. Let me explain.
First of all, what we really want to avoid is any law that inhibits our right to freedom of speech. It's very easy to write a definition of spam that is overly broad, and applies to legitimate messages as well. Let's assume for the moment that this would be a bad thing. I haven't heard any complaints that CAN-SPAM is flawed in this way.
The complaints are that CAN-SPAM doesn't go far enough. Spammers could simply change their spam to comply with the provisions of the law, and suddenly their unwanted junk is no longer technically "spam" in the eyes of the law. In theory, this may be true, but in practice, it's not happening. The law has been in effect for three years now, and spammers still aren't even bothering to pretend to comply with the law, they're just continuing to blatantly disregard it. This means that just about all the spam I get in my inbox (plus all the spam that I would have gotten in my inbox if I didn't have a whole pile of filters in place to block it) is clearly defined as illegal according to CAN-SPAM.
So why am I still getting all this spam? It's not because CAN-SPAM is a bad law. It's not because the spammers have found a loophole, or have changed their spam so it complies with the law. The problem is enforcement: the FTC and FBI don't have the resources to go after these guys. It's been three years, and they've only gotten one conviction.
Yes, some spammers are based outside the US, and while CAN-SPAM may still apply to them because they're sending spam to Americans, they're outside the jurisdiction of our law enforcement agencies. Several other countries have pledged their support in the International War On Spam(TM), but again, somebody has to actually track down the spammers so they can be arrested, and that's what's not happening.
So what's the solution? It's not to pass more laws making spam more illegal than it already is. The solution is for Congress to earmark funding for spam investigation and prosecution. They won't think of it themselves, so somebody has to tell them to do it. So, write to your Senators and Representatives, and tell them you want to see better enforcement!
Now, who's got that list of checkboxes?
Heh, you did that too? ;-)
Here's a HyperCard stack I created to disable FoolProof, which prevented users from dragging icons in the Finder (and probably did a couple of other things, but that was the main feature I remember).
Considering how much of the modern Web you'd be shutting yourself out from if you disabled JavaScript, I wouldn't view that as a solution. What are some other lessons you think novice computer users need to learn, that would have prevented this particular problem from arising? Can you clearly explain the reasons to your mother? Have you done so?
One more thing: who's to say that this was actually him not a prank designed to discredit the guy?
;-)
Because of the squirrels! Didn't you RTFA?
Server must be running on a box in someone's bedroom or something, 'cuz it's off line now... And what's with having the domain registered at NetSol? I guess pretentious "security researchers" need their domain registered with equally pretentious domain registrars... Oh yeah, we got some quality hackers, er, I mean "security researchers" here!
.com registrars existed. I still have a domain hosted with Network Solutions myself for the same reason (although they did open up the market for testing with five competing registrars shortly after I registered mine). For awhile I was afraid if I tried to transfer it to a new registrar they'd botch the transfer and I'd end up losing the domain (I've heard of that sort of thing happening, and the rightful owner having no recourse), but now it's mostly laziness.
Attrition.org has been around since long before multiple
As for the the server, I don't know where it's hosted now, but I saw it in about 1999. It was the only server in the colo room covered in bumper stickers.
You may be thinking of Habeas.
I'm all in favor of taking Apple to task for failing to fix a bunch of bugs, but releasing detailed information to the public without notifying the vendor first is simply irresponsible. The only reason it's being done this way is shameless self-promotion: if Apple fixed all the bugs in advance, then they'd have nothing left to show for their month of Apple bugs, so people wouldn't freak out about it.
In short, their goal isn't really to get these bugs fixed ASAP; their goal is to spread fear and panic. If the bugs get fixed eventually, that's just icing on the cake. The problem with this is that it could cause some real problems for Mac network admins out there, many of whom don't have a lot of extra time to deal with unpatched security holes. If it was just a matter of "sticking it to Apple", that would be one thing, but this will affect a lot of innocent victims.
Yes, I'm a Mac user. No, that isn't why I feel this way; Microsoft should get advance notice too.
Actually, everywhere with exception of the US, using a dryer is considered an option for cold/wet days, not the standard way of drying.
:-)
I live in the Pacific Northwest, where cold/wet days are the norm, and sunny dry days are the exception (and this time of year, if it is sunny and dry it's also freezing, which doesn't help much). Our weather is also pretty unpredictable (e.g. Wednesday's forecast currently calls for rain, but by Tuesday evening that may have changed), so what might start out a dry day might end in wet laundry.
I'll keep running my dryer.
I don't cook with gas, but I do have a gas furnace and water heater, and it never occurred to me to look for something like this. Of course I have smoke detectors (one of which goes off every time I take a shower without turning on the fan, about 20 seconds after I open the bathroom door, which is rather annoying, but at least I know it works). Everyone knows you're supposed to have smoke detectors, and check them periodically (although I haven't checked the ones upstairs recently), but I believe this is literally the first time I've ever heard anyone suggest that I should have a gas vapor alarm, nor am I aware of anyone else who has one (which isn't to say I don't know anyone who does, just that I've never noticed it).
The fire department came out (personally, I thought that was overkill)
Doesn't sound like overkill at all to me. If you've got a house full of gas, any normally-harmless spark could potentially trigger an explosion, and if I were your neighbor, I'd want a fire truck parked in front of your house ASAP just in case, so if yours blows up, they might have a chance of saving mine. Also, firefighters are trained as paramedics; if someone has problems due to breathing gas, or if there is an explosion and someone gets burned, they'll be able to help until an ambulance arrives.
Of course, if the firefighters are already busy trying to put out a real fire somewhere, I wouldn't want to pull them away from that just so they can come air out your house, and if another fire starts while they're hanging out at your place I'd want them to go take care of it, but if they've got nothing better to do anyway, it's not overkill.
Just a note: do NOT use bl.spamcop.net to block mail, although using it to add to a SpamAssassin score is good. SpamCop's blacklist is completely automated, and it's easy for innocent IP addresses to get added to it by mistake (they're removed automatically too, of course).
However, I've had GREAT success with zen.spamhaus.org and list.dsbl.org. No false positives here either.
Windows has basically two kinds of windows, application windows (each of which shows up as a button in the taskbar, and you can alt-tab between them) and document windows (which can only exist within an application window, and can usually be manipulated via the application's Window menu, and if I remember correctly, you can ctrl-tab between them). Many apps no longer use document windows at all, and the ones that do usually downplay them, so only power users are even aware of such a thing - for example, if you open two MS Word documents, Word will normally open each of them in a separate application window, with each application window containing one maximized document window.
The problem with this is, since the UI treats each application window the same, and each application is likely to have multiple application windows open (with one document displayed in each), you can't really group documents together, or switch between documents within an application, or switch between applications without regard for how many documents are open within each application. Microsoft tried to work around this problem in Windows XP by grouping application windows shared by the same application together into a single taskbar button, but (if all windows are maximized, as is often the case on Windows) this means you can no longer see what you have open without clicking on something.
In contrast, on Mac OS X, each application has a single shared menubar at the top of the screen, and there are no application windows, only document windows (which aren't constrained inside of anything). You can switch between applications with Cmd-Tab, switch between documents within an application with Cmd-`, temporarily show every document window in the current application side-by-side (and scaled down to fit on the screen if necessary) with F10, hide the current application with Cmd-H (this is a relatively new keyboard shortcut that conflicts with some existing application-defined shortcuts, so doesn't work reliably from the keyboard, but the menu option is always there), hide everything but the current application with Cmd-Opt-H (ditto), or hide the current application as you switch to another one by option-clicking. Closing windows is done by Cmd-W, and quitting the application is Cmd-Q. There's a nifty shortcut if you want to quit several applications - as you switch between applications with Cmd-Tab, press Q while still holding the Cmd key, and it'll quit whichever app was selected, without interrupting your Cmd-Tab switching.
For the FTP issue. You can FTP easily with OSX by using "Connect To Server". Basically pop in your info and it mounts just like a volume on you desktop. You can read/write files etc. Is this not what you mean? I use it all the time to connect to my printer to FTP the files to them.
Yes, this is what he was talking about, except that I've never gotten uploading to work at all, and browsing and downloading doesn't work very well for me. Not to mention that SFTP isn't supported at all.
I heard a rumor that suggests this will all be fixed in 10.5, which would be a very good thing.