He wants to put on programs. You can't (legally) do that with Brew. Also you can't get the GPS information on the VX6000 anyway. Just as proof, go ahead and put a hello world program on your VX6000.
If you don't go the PDA route (ie Palm or PocketPC based phones) then get one with J2ME. You will have to stay far far away from Verizon and their Brew/Get-It-Now nonsense. This page goes into details about Brew, J2ME and the restrictions of the various carriers.
I used to be young and naive and also thought that.wav was just uncompressed PCM audio. Well, Microsoft actually embraced and extended the RIFF format, called it wav, and the actual data can be in 11 different formats (mp2, mp3, ac3, 4 flavours of PCM, 2 flavours of ADPCM, and WMA V1 and V2). (See wav.c in the ffmpeg source code for more).
I used to wonder why Microsoft games used the wav format when something else would be more efficient, and now I now. The good news is that ffmpeg can convert it into something usable.
What's wrong with making a good compiler that writes directly to machine code?
Because that doesn't give you best performance. Machine code represents an exact processor implementation. Tradeoffs have to be made with backwards compatibility (eg Redhat is compiled for Pentium), expected cache sizes (optimising size vs performance), processor specifcs (Itanium has 4 instructions per bundle, Sparc has one instruction after branch) etc.
While it is true that you could compile for an exact machine, it is a horrible way of trying to ship stuff to other people, and it does require recompilation if anything changes. (The former is why Redhat pretty much picks base Pentium - if they didn't they would need 5 or so variants of each package just in the Intel/AMD space. Granted they do supply a few variants of some packages, but not everything, and Gentoo people can confirm that doing everything does help).
Using IL lets the system optimise for the exact system you are running at the point of invocation. It can even make choices not available at compile time. For example if memory is under pressure it can optimise for space rather than performance.
It also allows for way more aggressive optimisation based on what the program actually does. While whole program optimisation is becoming available now (generally implemented by considering all source as one unit at link time), that still doesn't address libraries. At runtime bits of the standard libraries (eg UI, networking) can be more optimally integrated the running program.
Machine code also holds back improvements. For example they could have made an x86 processor with double the number of registers years ago. If programs were using IL, a small change in the OS kernel and suddenly everything is running faster.
Needless to say, using IL aggresively is not new. To see it taken to the logical conclusion, look into the AS/400 (or whatever letter of the alphabet IBM calls it this week). I highly recommend Inside the AS/400 by Frank Soltis.
The UNIX ones are the runtime library. The only system call is exec. There is a greater distinction between library vs kernel in UNIX. Windows is a different area completely due to things sort of being kernel and library (eg the GUI) as well as the different subsystems, and the not truly documented actual kernel interface.
Other areas are also noteworthy. Providing you pick the right function, automatically launching a document works nicely. You can't actually do that in UNIX. There are a smattering of mime type files and random APIs in each windowing environment (KDE & Gnome), mail readers, news readers etc. IMHO there is no excuse for that!
OTOH things are again inconsistent on Windows. For example I use a help authoring tool. I can invoke it from the command line and ask it to do a complete build and then exit. Amongst other things it invokes the Microsoft Help Compiler. However the help authoring tool then exits. There is no way from the start command to wait on a process and all of its children.
On UNIX, the default would be to wait for the process and all its children. However child processes could detach themselves, and they would have the best knowledge if that is applicable.
The Windows API designed decided to do EVERYTHING in one call. If they add new features in the future, then there will need to be yet another variant of the call. (As someone who has lived through Win286 to XP, this has been both predictable and the API design inflexible).
The UNIX approach was to make simple calls, and yes, it does amount to the same thing. You can make up 14 system calls (to set up "security", current directories, handle inheritance etc), and if you leave any out, you get sensible defaults.
The difference is the UNIX api designers went for simplicity and elegance. The Windows API designer went for a one shot function does all, and if new features appear in the future, you have to make a new API call. The UNIX api for making a new process has not changing since 1970 because it was simple and elegant. The Windows ones constantly change with new Windows features.
I will certainly grant you that exec* look like a mess, but in reality it is actually all one function with different calling conventions. There is actually only one system call. We certainly won't start on calling conventions:-)
This doesn't mean that you can't have bad design, good design, simplicity, elegance etc on any platform. My general point was just that Microsoft tends to overcome stuff by brute force. Make more APIs, make more versions of them. The UNIX tendency has been for elegance and simplicity. Neither is perfect.
What I see is that Windows APIs etc are done through sheer brute force. There are so damn many of them, and they don't particularly make much sense as a whole, but given enough programmers you can implement and use them. Due to the way they are done, usually other components then have to reimplement them in yet another different way to get slightly different behaviour.
The UNIX world tends to place far more emphasis on elegance and simplicity.
UNIX was written by two people. Windows was written by hundreds (later becoming thousands). The UNIX windowing system was 4 people, Windows was thousands. Look at how many Windows APIs have to take cbSize parameters, and have Ex versions.
Unix's fork() and exec() take only the parameters to specify the program. The equivalent Windows API takes 14 parameters.
Both will do the job, and as an end user I don't care how hard it was for the programmer. But as a programmer I follow the examples around me, and UNIX is full of good ones.
There are also problems of scale. If I have a product and want to include some GPL software, and even if that software makes up 0.00001% of my product, the whole thing has to go under the GPL.
Here is an example. Say you had a nice huge product, but you wanted to use the config file parsing code from Samba, you can only do so by making your entire project GPL. (You could try and cheat, use multiple binaries etc but I am ignoring that for this point). That is why the GPL is seen as viral.
Some people who GPL their stuff are fully aware of this, and that is what they want. The "price" of using their GPL code, no matter how small a part of your product, is it all goes GPL.
The LGPL is supposed to go some way towards solving this, but is somewhat frowned on (read its introduction), and is generally advocated as useful for trying to get "market share".
Personally I have no issue with the above stuff. If you wrote the code, you choose how to license it. However I like my code being available to the widest audience possible, and I certainly don't feel that if it makes up a fraction of another product that I should constrain that product.
I really like the wxWindows license as a compromise. Effectively the source is GPL and the binaries are free of all restrictions.
Does anyone have a list of companies doing this sort of thing? I am a daemontools user. I buy all my games. I got sick and tired of switching CDs. I got annoyed having to buy new copies when old CDs got scratched.
Given how many PC and console games there are out there, and how much time I have, I think I will just avoid these companies.
Other than very closed systems with very good guarantees, there is only one good use for biometrics and that is identification (NOT authentication). Think that instead of typing in your username, you scan something. Stealing that information is about as useful as stealing your username. You still need a seperate authentication step. The social security number nonsense is a good example of confusing identity with authentication. There are several companies out there who think that anyone who can recite the last 4 digits of my SSN must be me.
Would you be happy carrying no id cards, credit cards, library cards, employee cards etc but instead everywhere type in a pin or similar secret?
Check out what CodeWeavers post on their site. Read both The Real Dirt and their EULA. It makes quite clear what you get (tangible and intangible), how well the product works, and the EULA isn't even evil and even has some humor in it.
The binding on Linux is to GTK which is close enough to Gnome. They are currently working on the GTK2 binding which is mostly complete. I suspect that a runtime switch to GTK or KDE as appropriate would be WAY too hard to implement. Hopefully the freedesktop.org people together with the combined talents of the best GNOME and KDE hackers now at Novell will help make toolkits like wxWindows even easier, and always look normal to a user.
Technically the wxWindows license is LGPL with exceptions. The exceptions make people like me happy (*), while still keeping the source under strict GPL.
There is one significant problem that still affects wxWindows and that is that many Linux based PDAs use Qtopia which is based on QT and the QT license. This makes it difficult to do wxWindows for the Zaurus etc.
(*) My code is under an open source license, just not the GPL. Consequently I wouldn't be able to use GPL stuff although I would be able to use LGPL stuff
Most companies do. You usually have internal PR people as well, but the professional PR companies have the various media contacts and acceditations, have the ability to get stuff put on the news services etc.
How about tales of XP crashing? If you plug in a GPS outputting its location on the serial interface (NMEA), via a real serial cable or a USB to serial connection, then XP crashes (blue screen, reboot etc).
It took me a while to figure out the problem. I finally worked out that it thinks the data stream is a serial mouse and dutifully interprets it that way for a few seconds before bringing down the whole machine!
Funnily enough I emailed their sales during the RH8.0 timeframe. I explained that I already had the CDs (downloaded from a mirror) and would just like to pay them for the software. The only thing they had on their web site was a boxed set they would have to send to me which I didn't want or need. Their answer was, sorry we have no way of accepting your money.
what's to stop it from being re-activated with a new carrier
The technical measure is that there is a lock code in the phone known as MSL (master subsidy lock). The business reason behind this is that the phones are subsidised. You pay an up front fee for the phone, but that is nowhere near the actual cost of the phone. The provider then recovers the rest of the cost over the lifetime of your contract.
To get device portability, you would have to start paying the real costs of the device. These are in the hundreds of dollars, and most people won't be prepared to pay them.
The carriers are certainly in a mess when it comes to devices. There is little choice, and little progress. (For example the largest carrier Verizon doesn't have a single phone that does BlueTooth).
If you think there is an opportunity here, start your own business selling unsubsidised phones!
You assume spammers will immediately sacrifice their profit motivations and use their spammer powers to joe job random people and punish all their enemies.
Err, no. My point was that they could do BOTH at the same time in the same message. Their goal would be to hurt their enemies, and to discredit/disable anti-spam systems. A few lawsuits from victims of a DDoS would help them greatly as well.
but their primary intesert is P*R*O*F*I*T!!!!!!!!....... But unfortunately filtering and RBLing will never do anything about the problem. It keeps you from seeing the spam, but it is still there.
If AOL, MSN and other ISPs that covered the vast majority of users blocked access to potential spammer sites while they are being investigated, how would the spammers profit?
Funnily enough I also have 14 spams. The majority claim to add many inches. One is entirely links to images, so I have no idea what it is advertising.
I believe in doing stuff and use both SpamAssassin and RBLs. I used to report stuff that got through via spamcop as well until they were hit by DDoS.
The article is about doing proactive stuff. Fighting back. That sort of thing. The solutions need to be social, technical, legal, educational and moral. Combined they will help curb the problem. Nothing will get rid of it completely.
But you do need to be careful. DDoS causes problems for 3rd parties who have nothing to do with the problem. For example if people in Britain participated in a DDoS against a spammer in Alabama, it would also flood the Britain to USA link which was in no way responsible for the spammer. And what if a mistake was made? What if the ISP was duped (in the same way some eBay people do of building up a good reputation for months and then suddenly ripping off a bunch of people).
I find it even more bizarre you complain about being collateral damage from RBLs yet are happy to go out and proactively cause damage to others. All RBLs do is deny you access to someone else. You didn't have a right to access to them anyway. Now it was certainly unintended that good guys were affected, but at least it can be worked on.
YOu never offer solutions, you just tell us to turn the cheek
I offered an excellent one. If there were RBLs that could be used to prevent outgoing access that would help a lot. The collateral damage would be considerably less as well. For example if a site was listed in lots of spam, it would be added. Anyone then trying to access the site from ISPs who subscribed to that list would fail. Spammer gets zero customers. If AOL operated like this, it would make it pointless to spam AOL users.
Although collateral damage would happen, the worst is that legit sites will be unreachable for however long it to review and get them off the RBL (which would probably be a few hours). Spammers are unlikely to complain about being on the list.
Just like SMTP RBLs, there would be multiple suppliers who would have different attributes for speed, agressiveness, appeals procedure etc. Each site that subscribes to them picks whichever they feel best matches their own wishes.
The solutions are easily implemented: load the text html only and check for banned objects, etc. If it passes the check, then retaliatory action can and will be taken
You have got to be kidding! If every mail server downloaded the text html only in order to check, that would already be a DDoS. And how exactly do you check for "banned objects"? Are you going to ban all web pages that include Javascript? CSS? Images? Forms? Remember that any checking tools would be open source (otherwise people wouldn't run them or constibute to them). The spammers will see what you are checking and how you are doing it.
And once you take retaliatory action, are you going to pay for any mistakes? Would your answer be the same if you were the victim?
Look up "Joe Jobs" to see the grief spammers already cause by framing other people. I can assure you that they would love to be able to set millions of computers on their enemies and competitors.
Humans make sure no joe jobs slip into the system, and only authentic spammers are targetted
If you have found infallible humans, please let us all know about the great discovery! The spammers aren't stupid. They will make it harder to figure out if their site is a spam site. They could deliver legit content for 50% of views. So half the humans think the site is fine and half don't. It would take real humans quite a while to investigate a site. And aren't you going to give the ISP time to take action?
Basically with taking vigilante justice like this, how much "collateral damage" are you prepared to accept? What will happen if a mistake is made? What if the ISP was fooled and has cancelled the accounts, but the DDOS happens anyway. What if you were the victim of a mistake?
The site is going to be most useful to the spammer for its first 24-48 hours of existence while the spams get delivered. After that the usefulness decreases. The vigilante justice would have to act really quick in order to have an effect. How will you ensure there are no mistakes?
Far better measures are taking action like the current RBLs. They deny service to others. If someone tries to contact your mail server, you can decide to allow them access or not. You can extend this to the web by disallowing outgoing connections to spammer sites. That will deny them their "customers" just as effectively. And if someone is mistakenly on the list, they can always try and get taken off it. The collateral damage is far less. Each site also gets to choose which RBLs they subscribe to hence being in control of their own polcies.
The point you are missing is a bad guy can frame you. For example some viagra peddler could put your URL, CNN and theirs in a spam. You will then be a victim of a "retro attack" (as well as CNN and theirs). However they will be in a far better position to deal with it than you will be. And as a I pointed out in another comment it isn't easy detecting if a site is innocent or belongs to a spammer, and it is a lot easier for a spammer to take countermeasures.
All the schemes are easily overcome by a spammer. And it is still easy for them to pick on innocent bystanders. For innocent people, all they have to do is include their URLs in a spam message. Thousands of individual servers checking an innocent person's server even if they decide it is harmless will still be a DDOS against a good guy.
So here are several ways a spammer can get around everything that is proposed:
Include several links in the spam message. For example point at the BBC and CNN as containing relevant content about whatever product you are spamming. (You can use CSS to hide the text behind images or pull other stunts to help obscure it)
Include links to your "enemies". Put them last since the automated tools will spider them, but users read sequentially. Again they can be obscured, but they will hurt whoever is on the end of those sites.
Always give legitimate content back the first time your web server is connected to from an IP address. You could even put a timer in it that redirects to the real spam page after 30 seconds. Are the crawlers going wait? Will a human spam checker realise it is a spammer site.
Put up legitimate content when you think a spam fighter is looking at your site. If the spam fighters are building good guy and bad guy databases, you could try to ensure they always see good content. You could figure out some of their ip addresses, you could be more cautious if the user has a Linux based browser, you could use a popup since more technical people are likely to have popup blockers.
Make extensive use of javascript to make it hard for programs to automatically fill out your forms. You can do the same with ActiveX controls, flash, java and various other tricks.
It is way easier to do this stuff playing defense. Using RBLs etc when someone tries to get access to your mail server works pretty well. Worst case you deny legitimate email, and the only one hurt is you.
When going on the offensive, you are trying to hurt others. How much collateral damage is ok? One poster in this thread posted their web site. If a spammer included that URL in several billion spams and you had hundreds of thousands of hits against you, how would you feel? How would you feel if your site was listed as a bad guy site? How would you feel if your system had done something automated as an offensive action against another site (eg trying to fill out name and address forms with bogus information) and it turned out that site was mistakenly listed as a bad guy site?
And if you think it is easy classifying sites, try these two: jennifer and jamie (answers at Metafilter: jennifer and jamie).
automatically crawls any links listed in the spam, it would bring their web servers to their knees
It doesn't distinguish between good guys and bad guys. In fact none of the "automatic" schemes mentioned do. Say the spammers decide they hate Paul, they can very easily deliver several spams pointing to his web site/email address/phone number. Remember that the cost of sending extra emails by a spammer is pretty much zero.
This British citizen lives in the US and has never been back. I'll be very impressed if they manage to issue anything for me. And I was born and lived in 3rd world countries most of my life so all attempts at tightening up birth certificates etc issued in the UK won't achieve anything.
And of course all the tourists plus citizens of other European countries working in Britain (as allowed by EC rules) won't have them either.
So if someone is supposed to check your biometric id and you say you don't have one, how can they check that is true? Well, if they knew who you are then they could verify that you don't have one. And how do the know who you are? How about a different form of id? Well, the bad guys will just go ahead and forge that.
In general almost all the forms of id fail in the above way, unless you close your borders. There isn't any need for all this new waste of money. If *existing* laws and regulations had been enforced then things like September the 11th wouldn't have happened, or with far fewer hijackers.
Slashdot Mirror
He wants to put on programs. You can't (legally) do that with Brew. Also you can't get the GPS information on the VX6000 anyway. Just as proof, go ahead and put a hello world program on your VX6000.
If you don't go the PDA route (ie Palm or PocketPC based phones) then get one with J2ME. You will have to stay far far away from Verizon and their Brew/Get-It-Now nonsense. This page goes into details about Brew, J2ME and the restrictions of the various carriers.
I used to be young and naive and also thought that .wav was just uncompressed PCM audio. Well, Microsoft actually embraced and extended the RIFF format, called it wav, and the actual data can be in 11 different formats (mp2, mp3, ac3, 4 flavours of PCM, 2 flavours of ADPCM, and WMA V1 and V2). (See wav.c in the ffmpeg source code for more).
I used to wonder why Microsoft games used the wav format when something else would be more efficient, and now I now. The good news is that ffmpeg can convert it into something usable.
Err, you can get VirtualPC for Windows as well. As I can assure you that only XP comes with those hideous maximize/close etc buttons.
Because that doesn't give you best performance. Machine code represents an exact processor implementation. Tradeoffs have to be made with backwards compatibility (eg Redhat is compiled for Pentium), expected cache sizes (optimising size vs performance), processor specifcs (Itanium has 4 instructions per bundle, Sparc has one instruction after branch) etc.
While it is true that you could compile for an exact machine, it is a horrible way of trying to ship stuff to other people, and it does require recompilation if anything changes. (The former is why Redhat pretty much picks base Pentium - if they didn't they would need 5 or so variants of each package just in the Intel/AMD space. Granted they do supply a few variants of some packages, but not everything, and Gentoo people can confirm that doing everything does help).
Using IL lets the system optimise for the exact system you are running at the point of invocation. It can even make choices not available at compile time. For example if memory is under pressure it can optimise for space rather than performance.
It also allows for way more aggressive optimisation based on what the program actually does. While whole program optimisation is becoming available now (generally implemented by considering all source as one unit at link time), that still doesn't address libraries. At runtime bits of the standard libraries (eg UI, networking) can be more optimally integrated the running program.
Machine code also holds back improvements. For example they could have made an x86 processor with double the number of registers years ago. If programs were using IL, a small change in the OS kernel and suddenly everything is running faster.
Needless to say, using IL aggresively is not new. To see it taken to the logical conclusion, look into the AS/400 (or whatever letter of the alphabet IBM calls it this week). I highly recommend Inside the AS/400 by Frank Soltis.
The UNIX ones are the runtime library. The only system call is exec. There is a greater distinction between library vs kernel in UNIX. Windows is a different area completely due to things sort of being kernel and library (eg the GUI) as well as the different subsystems, and the not truly documented actual kernel interface.
Other areas are also noteworthy. Providing you pick the right function, automatically launching a document works nicely. You can't actually do that in UNIX. There are a smattering of mime type files and random APIs in each windowing environment (KDE & Gnome), mail readers, news readers etc. IMHO there is no excuse for that!
OTOH things are again inconsistent on Windows. For example I use a help authoring tool. I can invoke it from the command line and ask it to do a complete build and then exit. Amongst other things it invokes the Microsoft Help Compiler. However the help authoring tool then exits. There is no way from the start command to wait on a process and all of its children.
On UNIX, the default would be to wait for the process and all its children. However child processes could detach themselves, and they would have the best knowledge if that is applicable.
The Windows API designed decided to do EVERYTHING in one call. If they add new features in the future, then there will need to be yet another variant of the call. (As someone who has lived through Win286 to XP, this has been both predictable and the API design inflexible).
:-)
The UNIX approach was to make simple calls, and yes, it does amount to the same thing. You can make up 14 system calls (to set up "security", current directories, handle inheritance etc), and if you leave any out, you get sensible defaults.
The difference is the UNIX api designers went for simplicity and elegance. The Windows API designer went for a one shot function does all, and if new features appear in the future, you have to make a new API call. The UNIX api for making a new process has not changing since 1970 because it was simple and elegant. The Windows ones constantly change with new Windows features.
I will certainly grant you that exec* look like a mess, but in reality it is actually all one function with different calling conventions. There is actually only one system call. We certainly won't start on calling conventions
This doesn't mean that you can't have bad design, good design, simplicity, elegance etc on any platform. My general point was just that Microsoft tends to overcome stuff by brute force. Make more APIs, make more versions of them. The UNIX tendency has been for elegance and simplicity. Neither is perfect.
What I see is that Windows APIs etc are done through sheer brute force. There are so damn many of them, and they don't particularly make much sense as a whole, but given enough programmers you can implement and use them. Due to the way they are done, usually other components then have to reimplement them in yet another different way to get slightly different behaviour.
The UNIX world tends to place far more emphasis on elegance and simplicity.
UNIX was written by two people. Windows was written by hundreds (later becoming thousands). The UNIX windowing system was 4 people, Windows was thousands. Look at how many Windows APIs have to take cbSize parameters, and have Ex versions.
Unix's fork() and exec() take only the parameters to specify the program. The equivalent Windows API takes 14 parameters.
Both will do the job, and as an end user I don't care how hard it was for the programmer. But as a programmer I follow the examples around me, and UNIX is full of good ones.
There are also problems of scale. If I have a product and want to include some GPL software, and even if that software makes up 0.00001% of my product, the whole thing has to go under the GPL.
Here is an example. Say you had a nice huge product, but you wanted to use the config file parsing code from Samba, you can only do so by making your entire project GPL. (You could try and cheat, use multiple binaries etc but I am ignoring that for this point). That is why the
GPL is seen as viral.
Some people who GPL their stuff are fully aware of this, and that is what they want. The "price" of using their GPL code, no matter how small a part of your product, is it all goes GPL.
The LGPL is supposed to go some way towards solving this, but is somewhat frowned on (read its introduction), and is generally advocated as useful for trying to get "market share".
Personally I have no issue with the above stuff. If you wrote the code, you choose how to license it. However I like my code being available to the widest audience possible, and I certainly don't feel that if it makes up a fraction of another product that I should constrain that product.
I really like the wxWindows license as a compromise. Effectively the source is GPL and the binaries are free of all restrictions.
I also daemon tools on my laptop when I travel. I really don't want to drag the original cds around and potentially lose them.
Does anyone have a list of companies doing this sort of thing? I am a daemontools user. I buy all my games. I got sick and tired of switching CDs. I got annoyed having to buy new copies when old CDs got scratched.
...
Given how many PC and console games there are out there, and how much time I have, I think I will just avoid these companies.
But I need a list of who to avoid
Other than very closed systems with very good guarantees, there is only one good use for biometrics and that is identification (NOT authentication). Think that instead of typing in your username, you scan something. Stealing that information is about as useful as stealing your username. You still need a seperate authentication step. The social security number nonsense is a good example of confusing identity with authentication. There are several companies out there who think that anyone who can recite the last 4 digits of my SSN must be me.
Would you be happy carrying no id cards, credit cards, library cards, employee cards etc but instead everywhere type in a pin or similar secret?
Check out what CodeWeavers post on their site. Read both The Real Dirt and their EULA. It makes quite clear what you get (tangible and intangible), how well the product works, and the EULA isn't even evil and even has some humor in it.
The binding on Linux is to GTK which is close enough to Gnome. They are currently working on the GTK2 binding which is mostly complete. I suspect that a runtime switch to GTK or KDE as appropriate would be WAY too hard to implement. Hopefully the freedesktop.org people together with the combined talents of the best GNOME and KDE hackers now at Novell will help make toolkits like wxWindows even easier, and always look normal to a user.
Technically the wxWindows license is LGPL with exceptions. The exceptions make people like me happy (*), while still keeping the source under strict GPL.
There is one significant problem that still affects wxWindows and that is that many Linux based PDAs use Qtopia which is based on QT and the QT license. This makes it difficult to do wxWindows for the Zaurus etc.
(*) My code is under an open source license, just not the GPL. Consequently I wouldn't be able to use GPL stuff although I would be able to use LGPL stuff
Most companies do. You usually have internal PR people as well, but the professional PR companies have the various media contacts and acceditations, have the ability to get stuff put on the news services etc.
How about tales of XP crashing? If you plug in a GPS outputting its location on the serial interface (NMEA), via a real serial cable or a USB to serial connection, then XP crashes (blue screen, reboot etc).
It took me a while to figure out the problem. I finally worked out that it thinks the data stream is a serial mouse and dutifully interprets it that way for a few seconds before bringing down the whole machine!
Funnily enough I emailed their sales during the RH8.0 timeframe. I explained that I already had the CDs (downloaded from a mirror) and would just like to pay them for the software. The only thing they had on their web site was a boxed set they would have to send to me which I didn't want or need. Their answer was, sorry we have no way of accepting your money.
The technical measure is that there is a lock code in the phone known as MSL (master subsidy lock). The business reason behind this is that the phones are subsidised. You pay an up front fee for the phone, but that is nowhere near the actual cost of the phone. The provider then recovers the rest of the cost over the lifetime of your contract.
To get device portability, you would have to start paying the real costs of the device. These are in the hundreds of dollars, and most people won't be prepared to pay them.
The carriers are certainly in a mess when it comes to devices. There is little choice, and little progress. (For example the largest carrier Verizon doesn't have a single phone that does BlueTooth).
If you think there is an opportunity here, start your own business selling unsubsidised phones!
Err, no. My point was that they could do BOTH at the same time in the same message. Their goal would be to hurt their enemies, and to discredit/disable anti-spam systems. A few lawsuits from victims of a DDoS would help them greatly as well.
If AOL, MSN and other ISPs that covered the vast majority of users blocked access to potential spammer sites while they are being investigated, how would the spammers profit?
Funnily enough I also have 14 spams. The majority claim to add many inches. One is entirely links to images, so I have no idea what it is advertising.
I believe in doing stuff and use both SpamAssassin and RBLs. I used to report stuff that got through via spamcop as well until they were hit by DDoS.
The article is about doing proactive stuff. Fighting back. That sort of thing. The solutions need to be social, technical, legal, educational and moral. Combined they will help curb the problem. Nothing will get rid of it completely.
But you do need to be careful. DDoS causes problems for 3rd parties who have nothing to do with the problem. For example if people in Britain participated in a DDoS against a spammer in Alabama, it would also flood the Britain to USA link which was in no way responsible for the spammer. And what if a mistake was made? What if the ISP was duped (in the same way some eBay people do of building up a good reputation for months and then suddenly ripping off a bunch of people).
I find it even more bizarre you complain about being collateral damage from RBLs yet are happy to go out and proactively cause damage to others. All RBLs do is deny you access to someone else. You didn't have a right to access to them anyway. Now it was certainly unintended that good guys were affected, but at least it can be worked on.
I offered an excellent one. If there were RBLs that could be used to prevent outgoing access that would help a lot. The collateral damage would be considerably less as well. For example if a site was listed in lots of spam, it would be added. Anyone then trying to access the site from ISPs who subscribed to that list would fail. Spammer gets zero customers. If AOL operated like this, it would make it pointless to spam AOL users.
Although collateral damage would happen, the worst is that legit sites will be unreachable for however long it to review and get them off the RBL (which would probably be a few hours). Spammers are unlikely to complain about being on the list.
Just like SMTP RBLs, there would be multiple suppliers who would have different attributes for speed, agressiveness, appeals procedure etc. Each site that subscribes to them picks whichever they feel best matches their own wishes.
You have got to be kidding! If every mail server downloaded the text html only in order to check, that would already be a DDoS. And how exactly do you check for "banned objects"? Are you going to ban all web pages that include Javascript? CSS? Images? Forms? Remember that any checking tools would be open source (otherwise people wouldn't run them or constibute to them). The spammers will see what you are checking and how you are doing it.
And once you take retaliatory action, are you going to pay for any mistakes? Would your answer be the same if you were the victim?
Look up "Joe Jobs" to see the grief spammers already cause by framing other people. I can assure you that they would love to be able to set millions of computers on their enemies and competitors.
If you have found infallible humans, please let us all know about the great discovery! The spammers aren't stupid. They will make it harder to figure out if their site is a spam site. They could deliver legit content for 50% of views. So half the humans think the site is fine and half don't. It would take real humans quite a while to investigate a site. And aren't you going to give the ISP time to take action?
Basically with taking vigilante justice like this, how much "collateral damage" are you prepared to accept? What will happen if a mistake is made? What if the ISP was fooled and has cancelled the accounts, but the DDOS happens anyway. What if you were the victim of a mistake?
The site is going to be most useful to the spammer for its first 24-48 hours of existence while the spams get delivered. After that the usefulness decreases. The vigilante justice would have to act really quick in order to have an effect. How will you ensure there are no mistakes?
Far better measures are taking action like the current RBLs. They deny service to others. If someone tries to contact your mail server, you can decide to allow them access or not. You can extend this to the web by disallowing outgoing connections to spammer sites. That will deny them their "customers" just as effectively. And if someone is mistakenly on the list, they can always try and get taken off it. The collateral damage is far less. Each site also gets to choose which RBLs they subscribe to hence being in control of their own polcies.
The point you are missing is a bad guy can frame you. For example some viagra peddler could put your URL, CNN and theirs in a spam. You will then be a victim of a "retro attack" (as well as CNN and theirs). However they will be in a far better position to deal with it than you will be. And as a I pointed out in another comment it isn't easy detecting if a site is innocent or belongs to a spammer, and it is a lot easier for a spammer to take countermeasures.
All the schemes are easily overcome by a spammer. And it is still easy for them to pick on innocent bystanders. For innocent people, all they have to do is include their URLs in a spam message. Thousands of individual servers checking an innocent person's server even if they decide it is harmless will still be a DDOS against a good guy.
So here are several ways a spammer can get around everything that is proposed:
It is way easier to do this stuff playing defense. Using RBLs etc when someone tries to get access to your mail server works pretty well. Worst case you deny legitimate email, and the only one hurt is you.
When going on the offensive, you are trying to hurt others. How much collateral damage is ok? One poster in this thread posted their web site. If a spammer included that URL in several billion spams and you had hundreds of thousands of hits against you, how would you feel? How would you feel if your site was listed as a bad guy site? How would you feel if your system had done something automated as an offensive action against another site (eg trying to fill out name and address forms with bogus information) and it turned out that site was mistakenly listed as a bad guy site?
And if you think it is easy classifying sites, try these two: jennifer and jamie (answers at Metafilter: jennifer and jamie).
It doesn't distinguish between good guys and bad guys. In fact none of the "automatic" schemes mentioned do. Say the spammers decide they hate Paul, they can very easily deliver several spams pointing to his web site/email address/phone number. Remember that the cost of sending extra emails by a spammer is pretty much zero.
The spammers are already picking on the anti-spam people.
So how will your auto-responders etc tell the difference between bad guys and good guys?
This British citizen lives in the US and has never been back. I'll be very impressed if they manage to issue anything for me. And I was born and lived in 3rd world countries most of my life so all attempts at tightening up birth certificates etc issued in the UK won't achieve anything.
And of course all the tourists plus citizens of other European countries working in Britain (as allowed by EC rules) won't have them either.
So if someone is supposed to check your biometric id and you say you don't have one, how can they check that is true? Well, if they knew who you are then they could verify that you don't have one. And how do the know who you are? How about a different form of id? Well, the bad guys will just go ahead and forge that.
In general almost all the forms of id fail in the above way, unless you close your borders. There isn't any need for all this new waste of money. If *existing* laws and regulations had been enforced then things like September the 11th wouldn't have happened, or with far fewer hijackers.