What a cop-out, dude. With that logic I can assume that everyone is a spammer in the entire universe, but they are just lying about it.
Why do you assume that everyone you disagree with is lying? Sounds like mental laziness to me (I don't feel like arguing facts, so I'll just assume the other guy is lying).
"You just admitted on Slashdot that you believe in opt out"
only if they have opted in to begin with, as stated in my original post (but no, I don't believe in "confirmed opt-in" as being the solution to all email ills).
"that once someone gets forge subscribed to your list that it's their problem to get off your list"
If by "their problem" you mean they have to click "unsubscribe" or reply with "unsubscribe" in the subject, yeah that's right. Just like any other list in the whole world. If you're on it by mistake, tell someone and they'll make sure it's removed.
"that you have no intentions of using legitimate marketing methods."
What I'm doing is perfectly legitimate.
"The more people that know, the better!"
Great! As long as you pass on accurate information and don't misrepresent my views.
"Spammers, and proud of it."
Bartlett Publishing has never even "accidentally" sent bulk email to someone who did not specifically request it. We have had noone complain to us about email abuse, period. Is that how you define a spammer? Someone who noone complains about, except on theoretical (and disputable) grounds? Sounds like a tempest in a teapot to me.
"that reason is because you define "Opt-in" in such a broad way that no legit mailing list server administrator would ever accept."
Nope, it's usually mail server administrators who let us through. The reason we are blocked is not that we are blacklisted but because people have their filters set to reject HTML-heavy email.
"I frequently find that "legit email marketing" like you claim to be form do *NOT* do all of the above."
"As a recipient of spam, I have a pretty good idea who I've given permission to send me email"
You'd be surprised. See my story here. After we finally figured out what email address was actually receiving the message, he finally "recalled" signing up.
"That, in a nutshell, is confirmed opt-in. It is the ONLY legitimate method of bulk E-mail advertising."
BS.
First of all, confirmed opt-in opens itself up to just as much spam as non-confirmed opt-in. You just wind up with a bunch of spam that starts "We have received a submission from someone claiming to be you to join our mailing list, 'Vicodin available at example.com'. In order to verify your email address for the opt-in list 'Vicodin available at example.com', you have to reply to this message.
Second of all, the only practical problem with unconfirmed opt-in is that it's your word against theirs whether or not you really opted in. Oh wait, that's true anyway. The only thing confirmed opt-in gives you is that people who don't know how confirmed opt-in works wind up not being able to get useful emails, and only get crappy spam rather than the emails they want. We've tried confirmed opt-in and the only results are that we have a bunch of people emailing us why they weren't added to our list.
With regular opt-in, we have gone for over a year without a single complaint. I think the redhat-list has more problems.
"If your company is not doing those exact steps, in that exact sequence, you're spamming. Period."
Yes. Period. Because _you_ say so. Obviously, I should always consult you on definitions of any words I use, because you are the only one with correct answers.
"If you are spamming, please tell me which marketing firm you're with so I can place your IP address range(s) into my domain's 'Deny' list for the mail servers."
If you or your users ever receive email that they didn't want, and the issue is not resolved completely to your satisfaction, I encourage you to do this.
Think of it this way. Let's say someone signs you up for a list that you didn't want them to. In the case of confirmed opt-in, they will get one useless extra email. In the case of unconfirmed opt-in, they will get one potentially useful extra email that they only have to reply or click on to get removed. In the case of confirmed opt-in you're wasting bandwidth sending junk (and the spammers are going to spam with the "verification" messages anyway), and in unconfirmed you actually get content. Either way is open to abuse by bad parties, but confirmed opt-in causes problems for some of the computer-challenged.
Anyway, as long as you believe that you and only the people you agree with get to set all standards for definitions, I guess you'll just have to consider me a spammer.
I agree with your definition of spam. I just don't agree that it would be a problem if it was useful. We wouldn't have multiple companies springing up and congress trying to solve the problem if the spam we were being sent was useful.
I agree. I think the best method is to come out with a new protocol, and then write new mailers to classify all mail as "verified" and "unverified" depending on whether it came from SMTP or whatever the new protocol is.
"Unless I tell you "hey, send me email" by default I am BORN as Opted-Out."
Exactly. If you had bothered to read my email (specifically where I said "you had to have opted in directly to have received it to begin with") you would know that this is how we work.
However, somehow you have equated sending email with theft, and I think that's pretty far-fetched. Is my grandmother forwarding me the billionth story after I've told her not to equivalent with her stealing my car? I don't think so.
It's mostly people selling illegal stuff. In a large company, the people wanting to buy the illegal stuff are not in control of the spam filters. Therefore, they try to dodge them to reach their victims (oh, I mean "target market").
Most of our email is actually business-to-business. The only consumer-driven campaigns I can think of that we've done were for sports equipment (about 3,000 people) and a community college announcement (about 2,000 people). Most of the rest are for business-to-business stuff, where the company uses us to send out press releases, product updates, new product announcement, etc. They want it to (a) look really nice and (b) be trackable. One company, in fact, uses it to send out email to their own business units (large companies, interestingly enough, often have to market to themselves).
Yes, we follow all of those rules. However, many spam filters will still filter. For example, some people have their filtering software tuned up so tight that any image-heavy email is blocked.
I've even been called in once to help figure out why someone's personal email was being blocked by anti-spam software. It turns out it's because the person is very emotional and likes to end sentences with "!!!!!!", which the software interpretted as being spam.
"but to lay the burden of proof on the spammer that you did in fact opt-in."
This is silly. Why not just make them take you off when you unsubscribe?
What kind of proof would you require? Records saying you opted in? Gee, that's not hard to fake.
In addition, I've seen a lot of spam moving to the "confirmed opt-in" method of spamming. Many people think that confirmed opt-in is the way to go, but now my inbox is flooded with email like the following:
---
Dear sir,
Thank you for opting in to the "example.com vicodin email list" which allows you to purchase vicodin without a subscription from example.com. However, in order to verify that it was in fact you who opted in, please reply to this email. If you do not reply, your email address will be removed from our database.
---
What you need to do is the same everywhere with any other kind of case - find an eyewitness who can testify that they are adding names that had not opted in. Then go after them.
You're missing the fact that many of the services that people use mass spam for are illegal to begin with. Making the act of spam illegal isn't going to help things, because the businesses are illegal to begin with.
I mean really, would anyone care that much about spam if we stopped getting it from penis pill pushers, vicodin pushers, Nigerian businessmen, and those women who are really horny?
It seems like many people want to take their issues with these illegal businesses out on anyone who sends spam from a company. I have a feeling that all that will come of a lot of this is that, while it will continue to be profitable for Eric's Drug Store to spam me about prescription vicodin, information about that sale of hardware equipment that I might actually buy will be stopped cold in its tracks.
"As for the bit about reporting to their ISP, there's no point in reporting misbehavior to the people who are misbehaving. They know they're breaking the law."
This is BS. I once worked for a company that sent 100,000 emails a month to customers who had requested it. However, there was one guy who was mad at us for sending him email that he requested. In addition, he had forgotten the email address he had signed up under, was too stupid to check the headers, and continued to complain because we wouldn't take him off of our list (because he wouldn't provide us with the email address). He made a big hullabaloo, but after a few weeks he finally figured out that it was to an email address that was three ISP's ago that was still forwarding email.
Imagine how difficult this situation would have been to resolve if he took the same position you do.
In addition, the complaint is not about SpamCop running blacklists. It's about them going to individual ISPs to get these guys cut off.
From what I've read about OIRB so far, I agree that these aren't nice guys, but I think you're painting with too broad a brush, and may make the situation worse.
If we get too many people saying "all commercial email is bad" and it comes down to being either we allow commercial email or we don't, then obviously the commercial side is going to win out, because without commerce the country will sink. If instead we can make it about "we don't like companies who make it difficult to resolve issues" or "we don't like companies who intentionally send unwanted email" then you have a much better case. However, when you start equating intentional and accidental cases of email being sent without permission and viewing them as the same thing, you wind up with problems.
I think the problem is that SpamCop is going to OIRB's ISP and complaining to THEM. They aren't just running a blacklist, and they aren't even going to OIRB first.
Imagine that you sold furniture, and I went to all of your wood suppliers and told them that you were operating illegally and they should stop providing you with wood, but never told you that they were unhappy with your nor give you a chance to fix the situation.
OIRB is not suing SpamCop for blacklists, but for trying to influence ISPs to not carry OIRB.
I'm pretty sure that is against the law, but I'm not a lawyer, so my opinion is worth what you paid for it.
First, I know nothing of OIRB specifically. However, please don't assume that all email marketing companies are spammers. It just isn't true. I work for a company that does email marketing, and our server has had the same IP address for over a year, and all of our emails come from the same domain, with clear opt-out instructions (in addition, you had to have opted in directly to have received it to begin with).
There are some of us companies who actually do send legitimate email where the recipients are trying _to_ receive the message rather than trying to block us. I have personally walked many people through turning down their anti-spam software to make sure our messages get through to their system.
Anyway, I think it would be wise to be sure that we remember that not all commercial marketing email is bad, or else I'll wake up one day and half.com will no longer be sending me email updates about which books I want have come in at the price I specified (which is in fact the most effective form of email marketing).
"I can't believe that anybody needs an advertisement to be made aware of the fact that razor blades and shampoo exist."
They may need an advertisement to know (a) that this brand is carried by this store, so if you want that brand you have to go to that store, (b) which store has it at what prices, and (c) the benefits of their brand over others.
I don't believe that the clear demarcation between "promotional" and "informational" actually exists. All "promotional" information is also "informational". Even if you already know it, it reminds you. I wouldn't know how fun Branson, MO is except that I heard about it on the radio. I think you might be taking exception to the selective display of information, but truthfully all displays of information are selective. I would agree that deceptive displays of information are bad, but I don't think that there actually exists a real gap between "promotional" and "informational".
I have a feeling that a lot of the companies that have been kicked around by Microsoft in the past are using open-source as a tool just to piss off Microsoft. Witness Sun and Novell.
"If you run linux and have a web server, odds are you are running apache"
But which Apache? Apache 1.3? 2.0? Is it patched? Does it include EAPI? Which modules? Locked down or loose by default? What configuration? Apache is kind of a monoculture within Linux, but (a) even within Apache it's quite diverse, (b) it runs as a user-level program, and (c) the Apache folks are VERY security conscious. It would help if we were a bit more diverse here, but really things are coming along. More and more people are running Tomcat and other webservers.
"However, it is still basically one kernel."
Very few remotely-executable exploits have anything to do with the kernel. In fact, the kernel is a very small component, and, as the Debian folks have shown, even that is pretty replaceable.
"So if you get it I may not. It really has nothing to do with the distro other than they decide what programs to include."
That's the point of a distribution - what software to include. In fact, that's what this whole discussion is about - what software to include. Or did you forget that we are discussing software?
"It then comes down to the end user who can install whatever they want."
Not really. Users want a maintainable base. That's what the distributors are for. Being that Linux is free, there can be a proliferation of distributors, but the fact is that the distribution is the base line of a Linux install, except on those people who like to do LFS.
"If we have a kernel virus everyone will get it."
Not really. Most things like viruses and worms actually rely on multiple systems working together in specific ways. If each distribution works a little differently, this will only happen in a small minority of cases.
"Hence more people able to spot/fix problems."
True, this is a great benefit as well. Personally, I take advantage of the fact that I can see the source-level fixes for any patch installed, so I can verify the extent that it could impact me.
"So no OS is immune however, when things are open, people can fix it without having to wait for Microsoft to fix it"
True, too. Also, if distribution A decides to stop support, company B can pick up the slack.
I'm just glad we haven't found any that wrote over flash BIOSes. Do you know how many computers have flash BIOSes, and how many hardware components have flash BIOSes? You could render a computer system AND it's components permanently unusable with the right payload.
Then stick CPUburn on top of that and we'd have a lot of problems.
Notice, though, that it only affected Solaris, not HPUX, AIX, Linux, FreeBSD.
When you break away from the monoculture, you significantly limit the scope of malware. This is one of the reasons why inbreeding is bad. If everyone can be killed by the same disease, a single outbreak will destroy the entire civilization. If, on the other hand, you have a healthy diversity, outbreaks, while being not fun, will not destroy everything.
2) It won't be anywhere nearly equivalent, though, since Linux is not a monoculture. You'll wind up with worms that affect RedHat but not SuSE or Mandrake or vice versa.
Actually, if Linux becomes what it could, you'll have worms that only affect Ted's Distribution for Musicians but not Tony's Special Video Editting Suite or Kevin's Kitchen Sink Distro.
The beauty of Linux is that it turns operating systems into a true marketplace, not just a monoculture. That severely limits the potential impact of any worm or virus.
Slashdot Mirror
What a cop-out, dude. With that logic I can assume that everyone is a spammer in the entire universe, but they are just lying about it.
Why do you assume that everyone you disagree with is lying? Sounds like mental laziness to me (I don't feel like arguing facts, so I'll just assume the other guy is lying).
"You just admitted on Slashdot that you believe in opt out"
only if they have opted in to begin with, as stated in my original post (but no, I don't believe in "confirmed opt-in" as being the solution to all email ills).
"that once someone gets forge subscribed to your list that it's their problem to get off your list"
If by "their problem" you mean they have to click "unsubscribe" or reply with "unsubscribe" in the subject, yeah that's right. Just like any other list in the whole world. If you're on it by mistake, tell someone and they'll make sure it's removed.
"that you have no intentions of using legitimate marketing methods."
What I'm doing is perfectly legitimate.
"The more people that know, the better!"
Great! As long as you pass on accurate information and don't misrepresent my views.
"Spammers, and proud of it."
Bartlett Publishing has never even "accidentally" sent bulk email to someone who did not specifically request it. We have had noone complain to us about email abuse, period. Is that how you define a spammer? Someone who noone complains about, except on theoretical (and disputable) grounds? Sounds like a tempest in a teapot to me.
"What you describe isn't confirmed opt-in; it's just plain old forgery."
Which is no different than what you are describing - plain old forgery.
"It will, however, make it much easier to distinguish the companies tries to do play fair."
I don't see how that's any different from now. "Did I sign up for this list? No? Alright, they suck".
"that reason is because you define "Opt-in" in such a broad way that no legit mailing list server administrator would ever accept."
Nope, it's usually mail server administrators who let us through. The reason we are blocked is not that we are blacklisted but because people have their filters set to reject HTML-heavy email.
"I frequently find that "legit email marketing" like you claim to be form do *NOT* do all of the above."
So what? Since when do you set the rules?
"As a recipient of spam, I have a pretty good idea who I've given permission to send me email"
You'd be surprised. See my story here. After we finally figured out what email address was actually receiving the message, he finally "recalled" signing up.
"That, in a nutshell, is confirmed opt-in. It is the ONLY legitimate method of bulk E-mail advertising."
BS.
First of all, confirmed opt-in opens itself up to just as much spam as non-confirmed opt-in. You just wind up with a bunch of spam that starts "We have received a submission from someone claiming to be you to join our mailing list, 'Vicodin available at example.com'. In order to verify your email address for the opt-in list 'Vicodin available at example.com', you have to reply to this message.
Second of all, the only practical problem with unconfirmed opt-in is that it's your word against theirs whether or not you really opted in. Oh wait, that's true anyway. The only thing confirmed opt-in gives you is that people who don't know how confirmed opt-in works wind up not being able to get useful emails, and only get crappy spam rather than the emails they want. We've tried confirmed opt-in and the only results are that we have a bunch of people emailing us why they weren't added to our list.
With regular opt-in, we have gone for over a year without a single complaint. I think the redhat-list has more problems.
"If your company is not doing those exact steps, in that exact sequence, you're spamming. Period."
Yes. Period. Because _you_ say so. Obviously, I should always consult you on definitions of any words I use, because you are the only one with correct answers.
"If you are spamming, please tell me which marketing firm you're with so I can place your IP address range(s) into my domain's 'Deny' list for the mail servers."
If you or your users ever receive email that they didn't want, and the issue is not resolved completely to your satisfaction, I encourage you to do this.
Think of it this way. Let's say someone signs you up for a list that you didn't want them to. In the case of confirmed opt-in, they will get one useless extra email. In the case of unconfirmed opt-in, they will get one potentially useful extra email that they only have to reply or click on to get removed. In the case of confirmed opt-in you're wasting bandwidth sending junk (and the spammers are going to spam with the "verification" messages anyway), and in unconfirmed you actually get content. Either way is open to abuse by bad parties, but confirmed opt-in causes problems for some of the computer-challenged.
Anyway, as long as you believe that you and only the people you agree with get to set all standards for definitions, I guess you'll just have to consider me a spammer.
I agree with your definition of spam. I just don't agree that it would be a problem if it was useful. We wouldn't have multiple companies springing up and congress trying to solve the problem if the spam we were being sent was useful.
I agree. I think the best method is to come out with a new protocol, and then write new mailers to classify all mail as "verified" and "unverified" depending on whether it came from SMTP or whatever the new protocol is.
"Unless I tell you "hey, send me email" by default I am BORN as Opted-Out."
Exactly. If you had bothered to read my email (specifically where I said "you had to have opted in directly to have received it to begin with") you would know that this is how we work.
However, somehow you have equated sending email with theft, and I think that's pretty far-fetched. Is my grandmother forwarding me the billionth story after I've told her not to equivalent with her stealing my car? I don't think so.
It's mostly people selling illegal stuff. In a large company, the people wanting to buy the illegal stuff are not in control of the spam filters. Therefore, they try to dodge them to reach their victims (oh, I mean "target market").
0.
Most of our email is actually business-to-business. The only consumer-driven campaigns I can think of that we've done were for sports equipment (about 3,000 people) and a community college announcement (about 2,000 people). Most of the rest are for business-to-business stuff, where the company uses us to send out press releases, product updates, new product announcement, etc. They want it to (a) look really nice and (b) be trackable. One company, in fact, uses it to send out email to their own business units (large companies, interestingly enough, often have to market to themselves).
Yes, we follow all of those rules. However, many spam filters will still filter. For example, some people have their filtering software tuned up so tight that any image-heavy email is blocked.
I've even been called in once to help figure out why someone's personal email was being blocked by anti-spam software. It turns out it's because the person is very emotional and likes to end sentences with "!!!!!!", which the software interpretted as being spam.
"but to lay the burden of proof on the spammer that you did in fact opt-in."
This is silly. Why not just make them take you off when you unsubscribe?
What kind of proof would you require? Records saying you opted in? Gee, that's not hard to fake.
In addition, I've seen a lot of spam moving to the "confirmed opt-in" method of spamming. Many people think that confirmed opt-in is the way to go, but now my inbox is flooded with email like the following:
---
Dear sir,
Thank you for opting in to the "example.com vicodin email list" which allows you to purchase vicodin without a subscription from example.com. However, in order to verify that it was in fact you who opted in, please reply to this email. If you do not reply, your email address will be removed from our database.
---
What you need to do is the same everywhere with any other kind of case - find an eyewitness who can testify that they are adding names that had not opted in. Then go after them.
Two things:
1) this suit isn't about blacklists
2) your point about thousands of blacklists is actually true today.
'If the ISP has written into its contract with the spammer "no spamming" and he/she/it spams, then that is totally legal.'
Not necessarily. You forgot to mention that SpamCop didn't go to OIRB in the first place to find out whether or not the claim had any merit.
From what I've read OIRB is not the good guy, but it seems like SpamCop should be handling themselves better, too.
You're missing the fact that many of the services that people use mass spam for are illegal to begin with. Making the act of spam illegal isn't going to help things, because the businesses are illegal to begin with.
I mean really, would anyone care that much about spam if we stopped getting it from penis pill pushers, vicodin pushers, Nigerian businessmen, and those women who are really horny?
It seems like many people want to take their issues with these illegal businesses out on anyone who sends spam from a company. I have a feeling that all that will come of a lot of this is that, while it will continue to be profitable for Eric's Drug Store to spam me about prescription vicodin, information about that sale of hardware equipment that I might actually buy will be stopped cold in its tracks.
"As for the bit about reporting to their ISP, there's no point in reporting misbehavior to the people who are misbehaving. They know they're breaking the law."
This is BS. I once worked for a company that sent 100,000 emails a month to customers who had requested it. However, there was one guy who was mad at us for sending him email that he requested. In addition, he had forgotten the email address he had signed up under, was too stupid to check the headers, and continued to complain because we wouldn't take him off of our list (because he wouldn't provide us with the email address). He made a big hullabaloo, but after a few weeks he finally figured out that it was to an email address that was three ISP's ago that was still forwarding email.
Imagine how difficult this situation would have been to resolve if he took the same position you do.
In addition, the complaint is not about SpamCop running blacklists. It's about them going to individual ISPs to get these guys cut off.
From what I've read about OIRB so far, I agree that these aren't nice guys, but I think you're painting with too broad a brush, and may make the situation worse.
If we get too many people saying "all commercial email is bad" and it comes down to being either we allow commercial email or we don't, then obviously the commercial side is going to win out, because without commerce the country will sink. If instead we can make it about "we don't like companies who make it difficult to resolve issues" or "we don't like companies who intentionally send unwanted email" then you have a much better case. However, when you start equating intentional and accidental cases of email being sent without permission and viewing them as the same thing, you wind up with problems.
I think the problem is that SpamCop is going to OIRB's ISP and complaining to THEM. They aren't just running a blacklist, and they aren't even going to OIRB first.
Imagine that you sold furniture, and I went to all of your wood suppliers and told them that you were operating illegally and they should stop providing you with wood, but never told you that they were unhappy with your nor give you a chance to fix the situation.
OIRB is not suing SpamCop for blacklists, but for trying to influence ISPs to not carry OIRB.
I'm pretty sure that is against the law, but I'm not a lawyer, so my opinion is worth what you paid for it.
First, I know nothing of OIRB specifically. However, please don't assume that all email marketing companies are spammers. It just isn't true. I work for a company that does email marketing, and our server has had the same IP address for over a year, and all of our emails come from the same domain, with clear opt-out instructions (in addition, you had to have opted in directly to have received it to begin with).
There are some of us companies who actually do send legitimate email where the recipients are trying _to_ receive the message rather than trying to block us. I have personally walked many people through turning down their anti-spam software to make sure our messages get through to their system.
Anyway, I think it would be wise to be sure that we remember that not all commercial marketing email is bad, or else I'll wake up one day and half.com will no longer be sending me email updates about which books I want have come in at the price I specified (which is in fact the most effective form of email marketing).
"I can't believe that anybody needs an advertisement to be made aware of the fact that razor blades and shampoo exist."
They may need an advertisement to know (a) that this brand is carried by this store, so if you want that brand you have to go to that store, (b) which store has it at what prices, and (c) the benefits of their brand over others.
I don't believe that the clear demarcation between "promotional" and "informational" actually exists. All "promotional" information is also "informational". Even if you already know it, it reminds you. I wouldn't know how fun Branson, MO is except that I heard about it on the radio. I think you might be taking exception to the selective display of information, but truthfully all displays of information are selective. I would agree that deceptive displays of information are bad, but I don't think that there actually exists a real gap between "promotional" and "informational".
I have a feeling that a lot of the companies that have been kicked around by Microsoft in the past are using open-source as a tool just to piss off Microsoft. Witness Sun and Novell.
"If you run linux and have a web server, odds are you are running apache"
But which Apache? Apache 1.3? 2.0? Is it patched? Does it include EAPI? Which modules? Locked down or loose by default? What configuration? Apache is kind of a monoculture within Linux, but (a) even within Apache it's quite diverse, (b) it runs as a user-level program, and (c) the Apache folks are VERY security conscious. It would help if we were a bit more diverse here, but really things are coming along. More and more people are running Tomcat and other webservers.
"However, it is still basically one kernel."
Very few remotely-executable exploits have anything to do with the kernel. In fact, the kernel is a very small component, and, as the Debian folks have shown, even that is pretty replaceable.
"So if you get it I may not. It really has nothing to do with the distro other than they decide what programs to include."
That's the point of a distribution - what software to include. In fact, that's what this whole discussion is about - what software to include. Or did you forget that we are discussing software?
"It then comes down to the end user who can install whatever they want."
Not really. Users want a maintainable base. That's what the distributors are for. Being that Linux is free, there can be a proliferation of distributors, but the fact is that the distribution is the base line of a Linux install, except on those people who like to do LFS.
"If we have a kernel virus everyone will get it."
Not really. Most things like viruses and worms actually rely on multiple systems working together in specific ways. If each distribution works a little differently, this will only happen in a small minority of cases.
"Hence more people able to spot/fix problems."
True, this is a great benefit as well. Personally, I take advantage of the fact that I can see the source-level fixes for any patch installed, so I can verify the extent that it could impact me.
"So no OS is immune however, when things are open, people can fix it without having to wait for Microsoft to fix it"
True, too. Also, if distribution A decides to stop support, company B can pick up the slack.
I'm just glad we haven't found any that wrote over flash BIOSes. Do you know how many computers have flash BIOSes, and how many hardware components have flash BIOSes? You could render a computer system AND it's components permanently unusable with the right payload.
Then stick CPUburn on top of that and we'd have a lot of problems.
Notice, though, that it only affected Solaris, not HPUX, AIX, Linux, FreeBSD.
When you break away from the monoculture, you significantly limit the scope of malware. This is one of the reasons why inbreeding is bad. If everyone can be killed by the same disease, a single outbreak will destroy the entire civilization. If, on the other hand, you have a healthy diversity, outbreaks, while being not fun, will not destroy everything.
1) Yes there will be more
2) It won't be anywhere nearly equivalent, though, since Linux is not a monoculture. You'll wind up with worms that affect RedHat but not SuSE or Mandrake or vice versa.
Actually, if Linux becomes what it could, you'll have worms that only affect Ted's Distribution for Musicians but not Tony's Special Video Editting Suite or Kevin's Kitchen Sink Distro.
The beauty of Linux is that it turns operating systems into a true marketplace, not just a monoculture. That severely limits the potential impact of any worm or virus.