Sure, but that involves much smarter NATs. STUN is nice because it mostly "just works". Assuming your NAT does stateful UDP packet filtering, it'll just do the right thing.
Would [Skype CEO Zennstrom] make Skype open-source? No - that would make its strong 1024 bit encryption and security vulnerable: "We could do it but only if we re-engineered the way it works and we don't have the time right now."
Shameless self-promotion - check out the shtoom program. It's cross platform (although the Mac support is incomplete, it in theory works, thanks to portaudio[1]), it has user interfaces for command line, Tk, Gtk, Qt, and wxWindows. Audio support is via PortAudio and OSS. It handles most NATs correctly (using STUN).
It also includes 'doug', an application server for writing voice apps. There's a simple voicemail and simple conference server implemented in doug.
It's pretty rough - it's certainly not something you'd give to your mother to use, but hey, it's free software.
It's also entirely in Python.
At the moment, the best bet is to use the svn trunk.
URLs:
Software: http://shtoom.divmod.org/
PyCon paper (also possibly useful for an overview of VoIP): http://www.interlink.com.au/anthony/tech/talks/PyC on2004/
[1] Native Mac support will be finished Soon, I have a mac being shipped to me.
As I mentioned earlier, I found that nuking my database and only training on messages that SB didn't nail as ham or spam (1.0 or 0.0 scores) has made a world of difference. Give it a go.
I've actually observed this problem - the issue is "overtraining", that is training on everything. I recently threw away my training database and now only train on messages that don't score 0.0 or 1.0 ("non-edge" training). This produces a much smaller database, and is far more deadly against the random spam words attempts.
You might want to look at the background page on http://spambayes.sf.net/background.html -- we tried a bunch of these sort of wierd tokenising schemes, and we found that in the end you're better off just leaving it alone. If the spammers want to communicate _something_ to you, they're going to have to use real words, or something like them. After all, getting a spam advertising "Gnargle Froogu Retki Wakka!" might get past the spam filter, but it's not a very good advertisement.
Spambayes is scary-smart sometimes with the header-only scoring. I find that it nails the spams with just a URL almost all the time - viewing the clues, it's always header stuff.
There wasn't anyone there presenting a talk on spambayes, but Barry Warsaw did a bit on it at the end of his talk, covering how spambayes will be integrated into Mailman &c.
A number of other people in the talks mentioned the spambayes work - a few people are planning on using bits of the work (the classifier, in particular)
There's a first pre-release of spambayes available from the website now.
The spambayes project has been doing all sorts of research into scoring and related techniques, and we dumped the Graham technique some time ago. It's got too many wierd magic bits of cruft in it. The current code is using chi2 - it has quite scary scary reliability. Certainly much higher than the Graham technique - see the mailing list archives for details of the testing.
There's a couple of applications available using the code now - a neat plugin for outlook users and a POP3 proxy. Mark Hammond suggested that someone who's up on XPCOM might want to look at plugging the spambayes code into Mozilla using PyXPCOM.
You'd be suprised how much you can dig out of the URLS. The spambayes project has code in there to tokenize the URLs from img type tags, and it's remarkably effective at killing these spams.
Maybe for those of you in the US. There's a whooole lot of people who aren't in Region 1, and they care about this. The number of movies that don't get released outside region 1 is horrific.
Why is this sad? It seems perfectly reasonable to me: company has annoying advertising practices, consumers say "fuck you" and don't buy from them. Hell, if you're not going to buy x10 because of their adverts, tell them so - drop them an email. Maybe then they'll get a clue.
If you read up on the case, many of the accounts were cracked using a very simple cracker - for instance, a lot of the systems had a password of ``passwd''. It doesn't matter what operating system, web system, or whatever, was being used. That's just stupidity.
Internet privacy zones.
How does this let me block images from particular
sites?
- Mozilla is Open Source Zealots aside, why is this better? Have you modified any of the source code? Have you contributed?
Yes, and yes. When you hit a bug you can go hunting - it came in between this and that date, and so check the CVS logs, and then to the individual checkins.
Not just that, but the bug lists and feature lists are nearly all public too - so you can see how a bug is progressing, and see when/if it's likely to be addressed. And if it's not, you can talk to the responsible people and make a case for it to be fixed. This is _absolutely_ _completely_ impossible to do with MS. For all MS's bitching about people releasing security exploits, it still seems to be the only way to actually get them to fix them.
* A way to delete the contents of the URL bar without destroying the contents of my clipboard. Right now, I copy a URL from somewhere else, then click in the URL bar and hit delete, just to have the contents of the URL bar copied to my clipboard.
I find that I can left click in the URL bar, then hit ctrl-U to delete the current contents. Does this not work for you? (linux, gtk build)
I find that building with mondo optimisation makes quite a difference to how fast mozilla "feels". I also turn off mail/news - I don't care, I don't need it:)
Ok, you're asking for examples of data that's being restricted that shouldn't be? How about the moves to block access to data about chemical hazards in communities? (see, e.g. this testimony)
Or the "no, you shouldn't know about security holes in your operating systems" that MS is using the current scare to push?
Trusting people in power to "just do the right thing" without any oversight is incredibly foolish. Even if the current people are as pure as the driven snow, all it takes is one bad guy in a position of authority, and we're screwed.
What nonsense! By following this line of argument, you end up in a world where no-one except the Appropriate People are allowed to know anything. And look at how well that's worked in the past.
Who decides what "proper controls" are? And how do you suggest that anyone checks up on whether these controls are being used or abused? Or do we just give up all rights because someone in Authority told us that it was important?
An informed public is the only defense against tyranny. And tyranny's a far more dangerous thing than a few religious nutters who want to martyr themselves.
If there's $10 of profit in selling each CD, but 1 in 10 CDs sold results in a $1200 damage claim, then they lose money since $100 is less than $1200.
Not just that - if you get sued for a defective product, and it comes out that you knew it was defective, but used logic like this to justify not fixing it, you can get smacked pretty hard with punitive damages.
Re:From the "Reminds me of this classic prose" guy
on
Review: Harry Potter
·
· Score: 1
or are they getting kids to read Harry Potter?
Who cares? Getting them to even consider a book as a source of entertainment is a start.
So we'll see one of two approaches - either ICANN or WIPO will put changes into the contracts dictating how the gTLDs are run saying "you can't say bad things about us", or else WIPO will sue under one of the other arbitration forums available under UDRP. Remember, the challenger gets to select the forum, and they're going to pick the one that's most friendly to them.
Tell them that they should just take it back to the store they got it from and return it as defective. ... and this is how to defeat this idiotic scam. If enough people complain, if enough people take the CDs back to the store and make a noise, things will be changed. If you get some guff about "too bad, you shouldn't try and play it that way" then demand a refund. Don't be rude to the staff (there's no reason to be), but make sure you get a reaction. Make sure the record store knows you're an unhappy camper - eventually this will filter up to the clowns who make the decisions. Visibility is the key thing.
(As an aside, if the RIAA's "There's no such thing as a customer, just a potential pirate" attitude gets wide publicity, they'll find themselves losing the argument.)
I know I wouldn't purchase anything from a company that was found to do this.
Let's face it, one of the few benefits of working on opensource projects is the kudos - if parasitical companies start coming along and ripping projects off in this way, it's going to have a pretty severe impact on the developers of the ripped-off projects.
I don't doubt that there's some smart people involved in ICANN (as well as a bunch of lawyers) but a secretive autocratic organisation like ICANN is _not_ the place to design new protocols (particularly security related ones). The IETF, on the other hand, is the place to do this.
Slashdot Mirror
Sure, but that involves much smarter NATs. STUN is nice because it mostly "just works". Assuming your NAT does stateful UDP packet filtering, it'll just do the right thing.
more here
Shameless self-promotion - check out the shtoom program. It's cross platform (although the Mac support is incomplete, it in theory works, thanks to portaudio[1]), it has user interfaces for command line, Tk, Gtk, Qt, and wxWindows. Audio support is via PortAudio and OSS. It handles most NATs correctly (using STUN).
C on2004/
It also includes 'doug', an application server for writing voice apps. There's a simple voicemail and simple conference server implemented in doug.
It's pretty rough - it's certainly not something you'd give to your mother to use, but hey, it's free software.
It's also entirely in Python.
At the moment, the best bet is to use the svn trunk.
URLs:
Software: http://shtoom.divmod.org/
PyCon paper (also possibly useful for an overview of VoIP): http://www.interlink.com.au/anthony/tech/talks/Py
[1] Native Mac support will be finished Soon, I have a mac being shipped to me.
As I mentioned earlier, I found that nuking my database and only training on messages that SB didn't nail as ham or spam (1.0 or 0.0 scores) has made a world of difference. Give it a go.
I've actually observed this problem - the issue is "overtraining", that is training on everything. I recently threw away my training database and now only train on messages that don't score 0.0 or 1.0 ("non-edge" training). This produces a much smaller database, and is far more deadly against the random spam words attempts.
You might want to look at the background page on http://spambayes.sf.net/background.html -- we tried a bunch of these sort of wierd tokenising schemes, and we found that in the end you're better off just leaving it alone. If the spammers want to communicate _something_ to you, they're going to have to use real words, or something like them. After all, getting a spam advertising "Gnargle Froogu Retki Wakka!" might get past the spam filter, but it's not a very good advertisement.
Spambayes is scary-smart sometimes with the header-only scoring. I find that it nails the spams with just a URL almost all the time - viewing the clues, it's always header stuff.
I find that they just get filtered fine by SB. The bounced spam still contains enough spammy tokens to get correctly filed away.
There wasn't anyone there presenting a talk on spambayes, but Barry Warsaw did a bit on it at the end of his talk, covering how spambayes will be integrated into Mailman &c.
A number of other people in the talks mentioned the spambayes work - a few people are planning on using bits of the work (the classifier, in particular)
There's a first pre-release of spambayes available from the website now.
The spambayes project has been doing all sorts of research into scoring and related techniques, and we dumped the Graham technique some time ago. It's got too many wierd magic bits of cruft in it. The current code is using chi2 - it has quite scary scary reliability. Certainly much higher than the Graham technique - see the mailing list archives for details of the testing.
There's a couple of applications available using the code now - a neat plugin for outlook users and a POP3 proxy. Mark Hammond suggested that someone who's up on XPCOM might want to look at plugging the spambayes code into Mozilla using PyXPCOM.
You'd be suprised how much you can dig out of the URLS. The spambayes project has code in there to tokenize the URLs from img type tags, and it's remarkably effective at killing these spams.
Region encoding? Big whoop.
Maybe for those of you in the US. There's a whooole lot of people who aren't in Region 1, and they care about this. The number of movies that don't get released outside region 1 is horrific.
Why is this sad? It seems perfectly reasonable to me: company has annoying advertising practices, consumers say "fuck you" and don't buy from them. Hell, if you're not going to buy x10 because of their adverts, tell them so - drop them an email. Maybe then they'll get a clue.
If you read up on the case, many of the accounts were cracked using a very simple cracker - for instance, a lot of the systems had a password of ``passwd''. It doesn't matter what operating system, web system, or whatever, was being used. That's just stupidity.
How does this let me block images from particular sites?
- Mozilla is Open Source
Zealots aside, why is this better? Have you modified any of the source code? Have you contributed?
Yes, and yes. When you hit a bug you can go hunting - it came in between this and that date, and so check the CVS logs, and then to the individual checkins.
Not just that, but the bug lists and feature lists are nearly all public too - so you can see how a bug is progressing, and see when/if it's likely to be addressed. And if it's not, you can talk to the responsible people and make a case for it to be fixed. This is _absolutely_ _completely_ impossible to do with MS. For all MS's bitching about people releasing security exploits, it still seems to be the only way to actually get them to fix them.
I find that I can left click in the URL bar, then hit ctrl-U to delete the current contents. Does this not work for you? (linux, gtk build)
From my .mozconfig:
ac_add_options --disable-mailnews
ac_add_options --enable-optimize="-O4 -finline -fno-omit-frame-pointer -march=pentiumpro -mcpu=pentiumpro"
I don't know what build options are used for the milestone builds...
Or the "no, you shouldn't know about security holes in your operating systems" that MS is using the current scare to push?
Trusting people in power to "just do the right thing" without any oversight is incredibly foolish. Even if the current people are as pure as the driven snow, all it takes is one bad guy in a position of authority, and we're screwed.
Who decides what "proper controls" are? And how do you suggest that anyone checks up on whether these controls are being used or abused? Or do we just give up all rights because someone in Authority told us that it was important?
An informed public is the only defense against tyranny. And tyranny's a far more dangerous thing than a few religious nutters who want to martyr themselves.
Not just that - if you get sued for a defective product, and it comes out that you knew it was defective, but used logic like this to justify not fixing it, you can get smacked pretty hard with punitive damages.
Who cares? Getting them to even consider a book as a source of entertainment is a start.
So we'll see one of two approaches - either ICANN or WIPO will put changes into the contracts dictating how the gTLDs are run saying "you can't say bad things about us", or else WIPO will sue under one of the other arbitration forums available under UDRP. Remember, the challenger gets to select the forum, and they're going to pick the one that's most friendly to them.
(As an aside, if the RIAA's "There's no such thing as a customer, just a potential pirate" attitude gets wide publicity, they'll find themselves losing the argument.)
legal, yes. ethical? no.
I know I wouldn't purchase anything from a company that was found to do this.
Let's face it, one of the few benefits of working on opensource projects is the kudos - if parasitical companies start coming along and ripping projects off in this way, it's going to have a pretty severe impact on the developers of the ripped-off projects.
I don't doubt that there's some smart people involved in ICANN (as well as a bunch of lawyers) but a secretive autocratic organisation like ICANN is _not_ the place to design new protocols (particularly security related ones). The IETF, on the other hand, is the place to do this.