Dead-engine landings are routinely taught in basic flight training and it's relatively easy to do in a single engine aircraft. Safe landings are a high probability with a skilled pilot and a runway in sight.
It's damn hard and low-probability in a commercial airliner. There are a couple of successes (Google "Gimli Glider" for a 767 dead-stick landing in Manitoba; there aren't many more examples).
Apple has a bug reporting system and an email for security issues. Use them, not the forums...
Apple forums are for users helping users. No gripes or sour grapes allowed. No drum beating. Any post sounding like such will be deleted. Has angered some real contributors.
I think the statistical idea here is really quite interesting. It is well known in statistics that looking at problems AND non-problems (instead of the problem cases alone), you learn more about how to discriminate problem-causing situations in the future. There is a classic case based on the data available prior to the Challenger Space Shuttle launch.
I have a couple of questions... The article and Steve's response talk about senders, messages, and recipients. If the messages from a sender have gone more to high spam recipients than to low spam recipients, then future messages from that sender are more likely to be spam. Fine so far.
A recipient is easy to identify... It's an email address.
But what is a sender? Maybe it's an IP address? Even then, is it the IP of injection? Or the IP that connected to our MX? A sender is certainly not a "From:" address since these are mostly forged and varying. The real world of spam is even more clouded... Most SPAM senders utilize multiple streams: lots of points of injection into AOL/Yahoo/GMail or lots of direct-to-MX from bots in a net. How to identify a "Sender" on whom we can measure a statistic and make a forecast for filtering? What is the "Sender" we are talking about?
And, what is a message? If it's literally one message with a long cc: list, then it's easy... When a sender sends a msg that goes more to high spam recipients than to low spam recipients, it means we should suspect that sender in future filtering. But, most spam isn't sent that way. Random variations are sent through multiple points of injection to the spectrum of recipients. Sometimes, we can make a checksum or Bayesian score that will collect the varying instances of a "message" for analysis. More often, it will look like lots of different messages, and you lose the ability to analyze across recipients.
I suspect Steve is identifying a sender as an IP connecting to our sever. Maybe a "message" is all the traffic in a short period from that IP.
I like the statistics.
I'm worried about the practical questions in our world of forged senders, forged "Received:" lines, random message variation, and botnets. What is a sender? What is a message?
I took a three old laptop batteries to my local Radio Shack where they advertise free recycling for your old rechargeable batteries.
The guy behind the counter said, "That's fine, but if you really care about recycling, just know that if you leave them here, they'll go into the trash. I've never seen the battery recycle bin go anywhere else." I was astounded. I thanked him for his honesty and kept the batteries.
What's your experience with free recycling of batteries and the like at Radio Shack or other retailers?
...then drag-n-drop items right through the goofy-3d-zooming-thingy... Not quite... You find the the file you want on one of the backups, then click a "Restore" button. You cannot drag and drop from the backups.
All in all, it is nifty, automatic, and relatively painless. Still waiting to discover the quirks... Bound to be a few in something this new and complex.
I have many positive experiences with PayPal transactions. It really does make normal payments easier.
What I object to is the way they back you into a corner and force your choice.
Here's a specific example. eBay wants sellers to accept PayPal. Fine. Once you sell something, the buyer is invited to pay with a credit card. Still fine. Then PayPal writes the seller saying, "Your buyer wants to use a credit card. This will cost you 2.5% for this transaction and ALL FUTURE transactions for your account. Do you want to accept the payment? YES... or NO..." (..and, by the way, you cannot easily open another account.)
That's a trap! To me, this is underhanded. The kind of company you continue to use, but you keep stewing about how to get back at them.
From hotel rooms: I do use the hotel LAN with my laptop. I immediately create a SSH tunnel to my own server and handle mail through the tunnel. I surf the web on my laptop. I will enter name, userid, password on familiar sites with SSL protecting the connection from my laptop to the known server.
At public computers: I assume that the machine has a keystroke logger. Never enter anything remotely sensitive on such machines. Never login to anything from a public computer.
Now, I often want to print a boarding pass or a document of mine. Here's my routine: Print to PDF on my laptop, upload the PDF from my laptop to my own web server with sftp. Name these a.pdf,, b.pdf, etc. The web server is set up so no one can get a file list for any directory. On the public machine, point the browser to www.mydomain.com/a.pdf and print. Later, from my laptop I'll login and delete the files.
Most airlines let you get a boarding pass with conf number and name, no login required. The confirmation number is like a one-time password. Someone was thinking.
Use the links to get the indexes... In the by-title list in the B's is a whole series Book Review: (title). I believe most of the books are plain old published books. For anyone interested in the history of this stuff, it's interesting to see what books got enough attention to get reviewed here. I think it could be a very interesting reading list! Of course, we've all read David Kahn's The Codebreakers, right?
The Airport slot in an Apple Laptop uses only Apple Airport cards, and these won't work in a PC-Card slot.
But, other vendors' PC-Card products work fine in Mac laptops; there is no white list at boot time, as discussed in the original article.
In particular, I use non-apple 802.11 cards of a couple of different types/vendors. I use IOXPERTS driver with an SMC removable antenna card and Apple's own drivers for a different WiFi card.
As I sat in the MIT Spam conference, I had an overwhelming sense of waste. As Barry Shein said last year, "Look at the great minds here working to stop penis enlargement promos!"
I believe there is SPAM because email is essentially free. The SPAMmer can send millions of messages for $ nil and doesn't have to care about the response rate. Ordinary advertising grates on us a bit, but not as much as SPAM. Why? Ordinary advertising costs money and HAS to be a little bit interesting.
How do we think about the right costs for things on the internet. I believe we have a mental model that the "best" strategies are the ones that drive the costs to zero. But, if you look at email, you can see what happens when the cost is zero.
We would all be better off if it cost a penny to send an email message. Or, if Esther Dyson's micropayments scheme were to become universal (sender pays, reader receives a micro payment for each msg). SPAMmers would NOT send a millions of SPAMs at $0.001 per msg.
I think the idea of free WiFi is dangerous. Think about the kinds of abuses that would be encouraged.
Another scary thought: Look what's happening to the cost of telephone calls, including international calls...
Zero is not the price we want. Zero cost -> abuse.
-- Sally
p.s. Caveat... Even if email costs $0.001/msg, frauds and phishing would still be problems. And, there would still be a market for bot-nets for other nasty schemes (DDOS, etc.).
Kappa wrote, "I'm from Russia and it's getting harder and harder to reach out for my colleagues and friends throughout the world. Mails just mysteriously disappear..."
A good friend from the Netherlands has exactly the same problem.
This is a real problem for the people in such countries who do want to be good global citizens.
You could sign on with a legit provider in one of the "good" countries and work through an SSH tunnel to that server. Then there will be no headers with problematic IPs. Hope this helps. I understand hard currency might make this expensive.
You wrote, "Spam, as an advertising vehicle, is dying out."
Yes, it's dying for legit businesses. That's another of the costs of SPAM. I don't mind marketing messages from legit messages so much. Promotional emails from identifyable businesses with legit web sites and domain registrations. If I don't want their mail, I write them politely. I really hope our spam solutions still enable legit businesses to send promotional email. I want to do so at times, and I don't want my mail to trigger anger, SpamCop complaints, etc. (It's not SPAM, honest!)
But, SPAM is going strong for shady businesses, sex, porn, fraud, and phishing. No identifyable sender, domain registered in the last ten days, etc. These I send to SpamCop.
And, at the same time, any mail system operator HAS to filter today.
The biggest cost of SPAM is not the wasted time on the delete key. The biggest cost of SPAM is the loss of reliability of email.
We used to be able to depend on email getting through. Now, I'm afraid that good email practice is to reply "Yes, I received your mail..." to any significant piece of email. What a waste!
The article shows the location of the computers which send spam to legit mail servers.
In this day where most spam is sent from zombied PCs, of course the US leads... Lots of computers here, lots of always-on broadband connections... and what's the ability of our users compared to the rest of the world? US computer owners include a lot who only know how to plug in and turn on.
The number two country is Korea... Again, lots of computers and even higher penetration by broadband.
Where are the web servers for the spamvertized sites? From the spam I see here, the bulletproof hosting seems to be in China and eastern Europe.
Where are the merchants who advertize with spammers? And, where are the spammers themselves? I'll bet the US leads in this as well.
FWIW, it is pretty interesting to read the "Manual" at that site. It's a complete packaged solution for sending SPAM through zombie-proxies, they provide a proxy network in the price, extensive use of randomization, base64 encoding options, etc. The manual is well-done.
It is very, very clear in the manual that SPAM uses hijacked consumer PCs.
It's a complete packaged solution that lets small-fry spammers use some of the tricks of the big-bad-boys. It's an indicator of that part of the current state-of-the-art that someone has packaged as a solution. It also shows that spamming is enough of an established, stable business for someone to invest to do this.
I think we should take the manual and show it to politicals and anyone else who might believe that spammers are semi-responsible.
I block any ip which sends me spam/virus and which has two or more groups of digits in the reverse-DNS result (or which has no reverse-DNS entry). This is an attempt to block consumer IPs after their first spam. I block these for a month, then if they come back, I block them for a year.
This a my home-brew solution. Anyone have better approaches?
-- Sally
Challenge/Response won't work with mailing lists.
on
Spam Bits
·
· Score: 1
Mailing lists have served us well for many years.
I don't think challenge/response can work with mailing lists.
When designing an action, think about what would happen if everyone did it. This is an old standard, but a good one. For mailing lists, it would be a nightmare if everyone started using challenge/response.
When you're thinking about SPAM solutions, and other mail admin matters, remember mailing lists...
- If you use challenge/response, exempt mailing list mail. Figure out how to do it.
- Don't send bounces to the list address. Or the "From:" address. Use "Sender:" to route bounces to the list owner.
- Create your "I'm away until.." msg with the vacation program or think it through to exempt mailing list mail.
Slashdot Mirror
No, you don't understand either.
Dead-engine landings are routinely taught in basic flight training and it's relatively easy to do in a single engine aircraft. Safe landings are a high probability with a skilled pilot and a runway in sight.
It's damn hard and low-probability in a commercial airliner. There are a couple of successes (Google "Gimli Glider" for a 767 dead-stick landing in Manitoba; there aren't many more examples).
Apple forums are for users helping users. No gripes or sour grapes allowed. No drum beating. Any post sounding like such will be deleted. Has angered some real contributors.
-- Sally
I think the statistical idea here is really quite interesting. It is well known in statistics that looking at problems AND non-problems (instead of the problem cases alone), you learn more about how to discriminate problem-causing situations in the future. There is a classic case based on the data available prior to the Challenger Space Shuttle launch.
I have a couple of questions... The article and Steve's response talk about senders, messages, and recipients. If the messages from a sender have gone more to high spam recipients than to low spam recipients, then future messages from that sender are more likely to be spam. Fine so far.
A recipient is easy to identify... It's an email address.
But what is a sender? Maybe it's an IP address? Even then, is it the IP of injection? Or the IP that connected to our MX? A sender is certainly not a "From:" address since these are mostly forged and varying. The real world of spam is even more clouded... Most SPAM senders utilize multiple streams: lots of points of injection into AOL/Yahoo/GMail or lots of direct-to-MX from bots in a net. How to identify a "Sender" on whom we can measure a statistic and make a forecast for filtering? What is the "Sender" we are talking about?
And, what is a message? If it's literally one message with a long cc: list, then it's easy... When a sender sends a msg that goes more to high spam recipients than to low spam recipients, it means we should suspect that sender in future filtering. But, most spam isn't sent that way. Random variations are sent through multiple points of injection to the spectrum of recipients. Sometimes, we can make a checksum or Bayesian score that will collect the varying instances of a "message" for analysis. More often, it will look like lots of different messages, and you lose the ability to analyze across recipients.
I suspect Steve is identifying a sender as an IP connecting to our sever. Maybe a "message" is all the traffic in a short period from that IP.
I like the statistics.
I'm worried about the practical questions in our world of forged senders, forged "Received:" lines, random message variation, and botnets. What is a sender? What is a message?
I took a three old laptop batteries to my local Radio Shack where they advertise free recycling for your old rechargeable batteries.
The guy behind the counter said, "That's fine, but if you really care about recycling, just know that if you leave them here, they'll go into the trash. I've never seen the battery recycle bin go anywhere else." I was astounded. I thanked him for his honesty and kept the batteries.
What's your experience with free recycling of batteries and the like at Radio Shack or other retailers?
...then drag-n-drop items right through the goofy-3d-zooming-thingy... Not quite... You find the the file you want on one of the backups, then click a "Restore" button. You cannot drag and drop from the backups.All in all, it is nifty, automatic, and relatively painless. Still waiting to discover the quirks... Bound to be a few in something this new and complex.
I have many positive experiences with PayPal transactions. It really does make normal payments easier.
What I object to is the way they back you into a corner and force your choice.
Here's a specific example. eBay wants sellers to accept PayPal. Fine. Once you sell something, the buyer is invited to pay with a credit card. Still fine. Then PayPal writes the seller saying, "Your buyer wants to use a credit card. This will cost you 2.5% for this transaction and ALL FUTURE transactions for your account. Do you want to accept the payment? YES... or NO..." (..and, by the way, you cannot easily open another account.)
That's a trap! To me, this is underhanded. The kind of company you continue to use, but you keep stewing about how to get back at them.
-- Sally
From hotel rooms: I do use the hotel LAN with my laptop. I immediately create a SSH tunnel to my own server and handle mail through the tunnel. I surf the web on my laptop. I will enter name, userid, password on familiar sites with SSL protecting the connection from my laptop to the known server.
At public computers: I assume that the machine has a keystroke logger. Never enter anything remotely sensitive on such machines. Never login to anything from a public computer.
Now, I often want to print a boarding pass or a document of mine. Here's my routine: Print to PDF on my laptop, upload the PDF from my laptop to my own web server with sftp. Name these a.pdf,, b.pdf, etc. The web server is set up so no one can get a file list for any directory. On the public machine, point the browser to www.mydomain.com/a.pdf and print. Later, from my laptop I'll login and delete the files.
Most airlines let you get a boarding pass with conf number and name, no login required. The confirmation number is like a one-time password. Someone was thinking.
-- Sally
Use the links to get the indexes... In the by-title list in the B's is a whole series Book Review: (title). I believe most of the books are plain old published books. For anyone interested in the history of this stuff, it's interesting to see what books got enough attention to get reviewed here. I think it could be a very interesting reading list! Of course, we've all read David Kahn's The Codebreakers, right?
The Airport slot in an Apple Laptop uses only Apple Airport cards, and these won't work in a PC-Card slot.
But, other vendors' PC-Card products work fine in Mac laptops; there is no white list at boot time, as discussed in the original article.
In particular, I use non-apple 802.11 cards of a couple of different types/vendors. I use IOXPERTS driver with an SMC removable antenna card and Apple's own drivers for a different WiFi card.
-- Sally
Can you do conference calls? Three-way calling. Is there a conferencing bridge for any VOIP approach?
-- Sally
As I sat in the MIT Spam conference, I had an overwhelming sense of waste. As Barry Shein said last year, "Look at the great minds here working to stop penis enlargement promos!"
I believe there is SPAM because email is essentially free. The SPAMmer can send millions of messages for $ nil and doesn't have to care about the response rate. Ordinary advertising grates on us a bit, but not as much as SPAM. Why? Ordinary advertising costs money and HAS to be a little bit interesting.
How do we think about the right costs for things on the internet. I believe we have a mental model that the "best" strategies are the ones that drive the costs to zero. But, if you look at email, you can see what happens when the cost is zero.
We would all be better off if it cost a penny to send an email message. Or, if Esther Dyson's micropayments scheme were to become universal (sender pays, reader receives a micro payment for each msg). SPAMmers would NOT send a millions of SPAMs at $0.001 per msg.
I think the idea of free WiFi is dangerous. Think about the kinds of abuses that would be encouraged.
Another scary thought: Look what's happening to the cost of telephone calls, including international calls...
Zero is not the price we want. Zero cost -> abuse.
-- Sally
p.s. Caveat... Even if email costs $0.001/msg, frauds and phishing would still be problems. And, there would still be a market for bot-nets for other nasty schemes (DDOS, etc.).
Kappa wrote, "I'm from Russia and it's getting harder and harder to reach out for my colleagues and friends throughout the world. Mails just mysteriously disappear..."
A good friend from the Netherlands has exactly the same problem.
This is a real problem for the people in such countries who do want to be good global citizens.
You could sign on with a legit provider in one of the "good" countries and work through an SSH tunnel to that server. Then there will be no headers with problematic IPs. Hope this helps. I understand hard currency might make this expensive.
-- Sally
It was posted right here on SlashDot a few weeks ago.
I attended. Pretty academic but interesting.
-- Sally
You wrote, "Spam, as an advertising vehicle, is dying out."
Yes, it's dying for legit businesses. That's another of the costs of SPAM. I don't mind marketing messages from legit messages so much. Promotional emails from identifyable businesses with legit web sites and domain registrations. If I don't want their mail, I write them politely. I really hope our spam solutions still enable legit businesses to send promotional email. I want to do so at times, and I don't want my mail to trigger anger, SpamCop complaints, etc. (It's not SPAM, honest!)
But, SPAM is going strong for shady businesses, sex, porn, fraud, and phishing. No identifyable sender, domain registered in the last ten days, etc. These I send to SpamCop.
-- Sally
Of course there are problems in the filters. Duh!
And, at the same time, any mail system operator HAS to filter today.
The biggest cost of SPAM is not the wasted time on the delete key. The biggest cost of SPAM is the loss of reliability of email.
We used to be able to depend on email getting through. Now, I'm afraid that good email practice is to reply "Yes, I received your mail..." to any significant piece of email. What a waste!
-- Sally
It was not a prof. It was the Harvard President, Larry Summers.
Said he was trying to be provocative at a research conference.
I was going to write, "We should consider the hypothesis that Ivy League males are just rock-dumb when it comes to cultural sensitivities."
But, then Summers issued a better sounding apology.
The meta-parent really IS funny!
-- Sally
Looks cool, but ...
I don't see any protective padding at the edges where it's needed.
-- Sally
The article shows the location of the computers which send spam to legit mail servers.
In this day where most spam is sent from zombied PCs, of course the US leads... Lots of computers here, lots of always-on broadband connections... and what's the ability of our users compared to the rest of the world? US computer owners include a lot who only know how to plug in and turn on.
The number two country is Korea... Again, lots of computers and even higher penetration by broadband.
Where are the web servers for the spamvertized sites? From the spam I see here, the bulletproof hosting seems to be in China and eastern Europe.
Where are the merchants who advertize with spammers? And, where are the spammers themselves? I'll bet the US leads in this as well.
-- Sally
http://www.send-safe.com is up, not down.
/.'d it for a while last night.
Maybe we
FWIW, it is pretty interesting to read the "Manual" at that site. It's a complete packaged solution for sending SPAM through zombie-proxies, they provide a proxy network in the price, extensive use of randomization, base64 encoding options, etc. The manual is well-done.
It is very, very clear in the manual that SPAM uses hijacked consumer PCs.
It's a complete packaged solution that lets small-fry spammers use some of the tricks of the big-bad-boys. It's an indicator of that part of the current state-of-the-art that someone has packaged as a solution. It also shows that spamming is enough of an established, stable business for someone to invest to do this.
I think we should take the manual and show it to politicals and anyone else who might believe that spammers are semi-responsible.
-- Sally
I'm using Word 5.1a most of the time today. Tables, margins, styles all work better than in Word v.X IMHO.
One key is to find the Microsoft translators so you can open documents created in more recent versions of Word.
The only limitation that affects me is modern graphic formats are not supported; for these I have to have Word v.X
On the other hand, PowerPoint has improved a lot; I bought Office v.X to get the new PowerPoint.
-- Sally
jchawk wrote "two simple blocks (client.comcast.net and client2.comcast.net)..."
Actually, the dynamic comcast ips I see in spam are a variety of forms; here are some recent examples showing IP and RDNS result:
69.140.240.157 -- pcp04321469pcs.nrockv01.md.comcast.net.
68.51.242.18 -- pcp03850408pcs.ctftmy01.fl.comcast.net.
68.61.102.89 -- pcp02690159pcs.roylok01.mi.comcast.net.
24.7.120.70 -- c-24-7-120-70.client.comcast.net.
24.14.139.61 -- c-24-14-139-61.client.comcast.net.
I block any ip which sends me spam/virus and which has two or more groups of digits in the reverse-DNS result (or which has no reverse-DNS entry). This is an attempt to block consumer IPs after their first spam. I block these for a month, then if they come back, I block them for a year.
This a my home-brew solution. Anyone have better approaches?
-- Sally
Mailing lists have served us well for many years.
I don't think challenge/response can work with mailing lists.
When designing an action, think about what would happen if everyone did it. This is an old standard, but a good one. For mailing lists, it would be a nightmare if everyone started using challenge/response.
When you're thinking about SPAM solutions, and other mail admin matters, remember mailing lists...
- If you use challenge/response, exempt mailing list mail. Figure out how to do it.
- Don't send bounces to the list address. Or the "From:" address. Use "Sender:" to route bounces to the list owner.
- Create your "I'm away until.." msg with the vacation program or think it through to exempt mailing list mail.
-=- Sally