There was a case a while back (mid-90's?) where the Danish telco was terminating certain international calls at a call centre inside the country. Thus, they didn't have to pay termination fees to the other country's telcos, and kept most of the money for themselves and gave some of it to the scammers. IIRC, there were romance lines advertised late at night in other countries like Germany and Sweden, as well as loto/gambling scams with African and American country codes.
I think the legal parts of this case are still going on, but I can't google up any linkable details (because my dansk is not up to snuff anymore)
This is a pretty common scam in countries where there is no oversight of telco practices.
After reading the details from actual court documents, it looks like a business relationship turned sour. NAC is making Imminent Death of the Internet announcements in NANOG, and/. picked up the meme. Nasty business, that, considering how clued in the NANOG people generally are (as opposed to how flamebating/. trolls are) It looks like NANOG is starting to realize they were trolled by NAC before the facts were known. Thats the nice thing about public records is that anybody can go pick up a copy and inform the world.
What Pegasus/UCI/Jason somebody wants from the court order is a temporary window where NAC will not poison the routes to his old IP addresses for the next two months while he completes his migration. This is NOT a permanent breaking of the ARIN hierarchy, and is allowed, but not required, by ARIN rules for customer migration on a temporary basis.
Damn, and I had a good rant brewing until I RTFAffadavit. But this is/., I should post it anyways and get a +5 informative, instead of languishing here with a -2 accidentally RTFA.
So you take your original HP 128 Meg sodimm card, mail it back to them, get a new one, and a 32Mbyte USB flash memory key with an HP logo on it for the cost of postage.
It pays to be a cheap bastard, but one should be a greedy cheap bastard whenever possible.
the AC I even got the joke backwards. It should have been "Crank your gain to 10 billion Bels. Even better if your amp goes all the way to 11 billion Bels.
To experience the original sound of the big bang in all its glory, turn your volume gain up 11 billion deciBels. Amplifiers that only go to +10 GdB gain just wont cut it for true audiophools.
the AC
Some slight hearing loss may occur. Don't try this at home, go to a friends house.
Looking at this page, and a bunch of their other pages, I think cost was their main concern. They found a 2U box for only GBP29, while the 1U box mentioned in another post by jjshoe runs GBP149. The wireless access bridge "was just laying around".
Most of their projects are of the "cheap and green" variety. They have built pedal powered repeaters, solar powered satellite receivers and the like.
I'm a bit appalled by their lack of engineering knowlege on some of their projects. But I do admire their "slap it together cheap" attitude. They are not building reliable, production level kit, they are tweaking items they found in the spare parts bin and making useful one-off projects.
European elections are in one week. Research the positions and voting records of your currently elected officials, and see what vague promises the contenders have on offer, and make your vote count.
Gets down off soapbox.
If the Commission wants to create a directive requiring all software to have anti-counterfeiting detection code in it, then they have to provide all F/OSS developers with the complete specifications for all the watermarking technologies on the bills. I want to see all the frequencies of the moire patterns, circle spacing, color channel patterns, paper transparency, reflectivity of the holograms. Everything. Maybe even some working sample code. Provided without any restrictions so it can be included in every GNU, GPL, BSD, and other licensing scheme.
Of course, since this directive is being sponsored by a corporation who holds the copyrights on several of the technologies and designs, they will probably require a mandatory licensing scheme for a chunk of self-decrypting black box code. Include it or go to prison.
Climbs back on soap box.
Yeah, time to get out and vote. One week left to ask another round of questions of my MEPs. Go do the same!
3 SMS messages per minute doesn't sound like much. Assuming he didn't change the message each time, after the initial time spent writing the message, its easy to send 10 to 15 per minute to numbers in the phone's address book.
I have clients who run SMS gateway machines, and each phone can send 30 to 50 messages per minute. Of course, this is computer controlled, and they have a chassis with 30 phones and hundreds of SIM cards to spread the charge across many "1000 free texts per month" plans.
Back when SMS messaging was free in Europe, I wrote a crude implementation of IP over SMS. The phones were connected with serial cables to linux boxes. It took some serious tweaking of MTU, TCP timeouts, and a couple of hacked applications (sendmail and telnet) to deal with the bandwidth, latency and small packet size problems. I even managed to perform an NFS mount over SMS. But alas, once the phone companies smelled money, it was all over.
It's a 14.4k modem training sequence. Beeeep-dooop braaap-beeep-beep-bip braaaaaappppppppp scrreeeeeeeeeee(for 25 seconds).
My phone has been banned from every telecom facility in the Benelux. On the downside, every time I hear somebody still using an analog modem I check my phone.
The appearance of a law does nothing until there is enforcement action backing it up.
This is what I've been waiting for, positive action by a law enforcement agency against the worst criminal spammers. The pathetically few lawsuits by US States Attorneys General against a few spammers hasn't made much of a dent in the levels of spam. But I'm convinced that a handful of US based spammers account for 60% or more of all spam today.
When the NY Attorney General, Elliot Spitzer, launched his attack against Opt-in Real Big, that flow dwindled to almost nothing. Since then, Richter has either sold off his spam lists, or just no longer up front admits to being ORB. The spams against some honeypot accounts that for the last year were exclusively getting ORB spam have started getting spam from a dozen different groups recently, all using chinese, comcast or wanadodo hijacked machines. At least for a few months there was a perceptible decrease in some spam.
Knowing the FBI, they will make a few headline grabbing busts, complete with news agencies being tipped off in advance so camera crews will be on hand to film the heavily armed agents swarming a trailer park in south Florida. With any luck, the spammers will make sudden, hostile moves towards something in their waistbands, resulting in a "lethal and appropriate" response from the LEOs. I would pay for a copy of that video.
The FBI may also be using these busts as a way of seizing computers which may hold leads to virus/worm writers who then sell botnets to spammers. The spammers machines may also hold leads to dozens of other criminal activities, which may impact US national security. Even if the spammers lose all their electronics until after the trial, they will still be offline. Especially if their bail conditions include a ban from using any computer or communication device.
The Federal prosecutors will lump dozens or hundreds of charges against the spammers, knowing they will eventually plea-bargain down to a few charges which will get them only a few years in prison. There will be much press coverage, and many other amateur spammers will decide for less risky fields of criminal enterprise. This action will never eliminate all spam, but it will put a big dent in it.
It will be interesting to see what level of participation the spam hunting community provides to the FBI. Although the FBI may go it alone, there are a lot of us with a strong technical background willing to put in some hours to provide forensic evidence which can hold up in court.
This is a nice, clear, well thought out description of the invasiveness we can expect in the next few years due to M$'s monopolistic control of the PC world. I will take your post, polish and embellish as needed during discussions with TPTB, and add some of my own insights. I have heard M$'s own visionaries tell of the new models of "thin clients"(longhorn++) and centralised licensing schemes which bill the user per use for every document view, web page hit, and search result.
I'm keeping a local copy, just in case/. disappears tomorrow:-)
Before starting, make sure your tools can be configured to avoid scans of sensitive equipment during work hours. You should know exactly where each server and router is on your network, and run scans against them during maintenance windows, when a crash will not impact the company and the admins are available to bring the systems back up.
For lesser important servers, scans should be run only once in a great while. For the vast majority of your IP space, where luser PCs lie, then security scans should be run during the time they will most likely be on, which is during normal work hours.
When you can categorize all of the IP space into levels of importance to corporate revenue, then you need to tune your tools to have as little impact as possible on important systems. This means turning off nasty parts of Nessus, and addressing those threats via other means (mandatory patch rollouts, system level reports). You should not be trying to make anything crash, because that is counter to good security practices. A DoS from the security group is just as effective as a DoS from some blackhats.
If the network is large enough, there should be a budget for multiple scanning machines. Since it can take 20 to 40 minutes to politely scan a single machine, you will need to have machines local to each segment of your network and scan in parallel. There are a number of commercial scanners which will consolodate the reports to a central server.
Automated scans against PCs should run during the day. Some automated scans need to run against infrastructure machines, but since those machines are on 24x7, the scans can be run at night. Manually scan important machines when the admins who can fix them are on hand to see and patch any problems found.
Ask Merlyn if this is good advice, I'm sure he'll agree with you.
Every responsible security professional I know has a long, detailed contract detailing every possible test they may carry out, times, locations, and goals. Most make sure that both the CIO and the head of the legal department sign the document in person. The original of the document is then kept off-site, in their possession.
Even when you are a full time employee, make sure the job description on file with the HR department states clearly it is your responsibility to scan networks, systems, and the like. Just a vague description like "system admin" or "engineer" is not enough to keep you out of prison, or from facing a large lawsuit after they fire you for taking down the network.
Being paranoid is not just a good survival technique against mysterious "black-hat" threats from outside, it is absolutely necessary against internal mis-management threats as well. Remember, Dilbert started as a character study of real life management practices in a large telephone company.
That said, I'm now going to write a top level post about how scans should be tailored to the network.
Emails and complaints to their abuse inboxes are completely ineffective. Neither are face to face meetings with wandadoo's legal team. BTDTGTTS. Changing French law to make them liable for failing to disconnect criminals from their network might make them take notice.
They are hiding behind a serious mis-interpretation of some antiquated laws that they cannot interfere with their customer's communications. The equivalent idea in American terms would be Common Carrier status. Not one other ISP in France has such a wrong headed idea. I've talked with their admins, and they all pointed to the legal team for the policy forbidding them from cutting off spammers.
Fortunately, the French government is changing the law, they are working on updating the law* to clearly state that a carrier can punt a customer after receiving complaints about spam, scams, pr0n, or other bad stuff. I have been championing a few articles which would make ISPs both civilly and criminally liable (code civile et code penale) for failing to investigate complaints against their users. The penal code parts may not make it through more readings before the senat, due to pressure from only one French ISP (I'll give you one guess whowho).
The spam coming through wanadoodoo's servers are most likely coming from zombie windoze machines. We can't cut off wankaqueue, because there is such a huge number of francophone lusers on their system. So the only alternative, after sparring with their legal team to allow their few, overworked and completely clueless admins to cut off a few lusers, is to help put really bad laws on the books to punish ISPs.
Not an ideal solution, but fuck, if they weren't so obstinate in their refusal to help with the spam flood, they get what they deserve. All the other ISPs in France actively punt spammers or cut off zombie machines, so its too bad to punish the whole industry with such a broad law. I'm normally against laws like this, but after a couple of years of banging my head against this problem, views change.
the AC
* - there is a public hearing on these amendments this thursday, if any locals care. There are many good articles in this projet, which clearly define who is responsible for content, postings, and forces opt-in on all spam and commercial communications.
I know several Americans who finally gave up, and moved themselves to Europe to start a new life. After Canada, London and Paris are the most popular destinations for economic refugees from the US. The current US system makes it impossible to for victims to buy major items, like houses or cars. Regular tax audits suck out all your energy. It becomes impossible to take a job with an employer who only pays salary via direct deposit when you can never open another bank account. Not having a credit card means you can't do many things like internet shopping.
A few years ago I was talking with some US consular folks at a party, and they have a separate category for ex-pats who had to leave the US because they could no longer lead normal lives after ID theft. They call them "Forced Economic Migrants" or something similar. In France and England, the number is in the tens of thousands. That's just the number of people who bothered to register with the local embassies.
I have an American friend here in Belgium who had his US SSN abused more than 20 years ago. After a few years of fighting with the data reporting agencies, losing his house and all his bank accounts in the process, he gave up and moved here. The case officer at the SS administration told him he would have a better life if he gave up, cashed out, moved to another country and started his life over again. Since millions of people all over the world do this every year, it isn't that difficult, but it does really fsck up your life for a few years. A few years is better than the rest of your life. He claims he is much happier now, in a country with a working health care system and a real appreciation for beer.
His ex-wife tried to move back to the US in 2000, at the height of the boom, more than 15 years with no credit history in the US. But after 6 months of fighting with the credit reporting companies over the old data which is supposed to be deleted after 10 years, she is back here and swears never to go back except to visit family.
Big backbone providers don't generally use home-grown linux routers.
Some do. Not the really big ones, like uunet, but medium sized ones that have grown up using Zebra on Linux or BSD as a route reflector. Just this week, I've seen at least 3 networks (thousands to tens of thousands of customers) get knocked off the internet because someone decided to patch a kernel and reboot the Linux Zebra box. A few hours here and there, but it adds up. When they come back up, there has been a lot of silly and chastising emails about it between other carriers in the RIPE region.
At least my Foundry iron comes back from BGP fsckups in about 10 seconds. The Ciscos take about 2 to 3 minutes. The poor Zebra boxes, once the kernel is working, require 10 to 30 minutes to rebuild their BGP peering sessions. This is why you have some hard coded routes, which normally sit at a low enough priority to be ignored until the routing protocols die.
That is what we want. We want laws they can, and most likely will, break. Then throw them in front of the court facing 200 million counts of breaking this law. Watch the spammer plea bargain a short, 1 or 2 year prison sentence when faced with a possible 700 year sentence.
The U-CAN-SPAM act may have been a watered down compromise, but there is already action being taken against the worst spammers. They might be able to hide their IP address by using trojan nets, but the authorities are finding them by following the money trail, not the electronic trail.
With Asscroft in charge of the New Morality in the U.S., expect to see him going after all those Nasty Pornagraphers the day after this rule goes into effect. You can bet the DoJ already has files ready to go, just waiting for a new rule so they can establish heavier charges. The worst pr0n spammers will end up in jail, and that will be a warning to the others.
Clearly, you are not a first year law student. Clearly you think you know American law (but you don't), and you've never been in a foreign country. Cops can do pretty much what they want, they know the limits of the courts, the limits of what a citizen can do, and what they have managed to get away with before. Its their job, they are the law 8 hours a day, 5 days a week. After a while, they get real good at it.
The cops aren't detaining you, they are holding the instrument of the crime. Don't want to pay? They'll store your vehicle in the municipal impound lot until your trial date. You are free to go, you can wait for a bus to the next major town, then hop a train home. There may be one bus per day, or if you are very lucky, a couple in each direction morning and evening. You can also hitchike.
Driving through rural Spain, where every village has a pair of radar lights on the main road running through town, the Guardia Civile has the payment plan just for you. They'll take most major credit cards, cash, and some gyropost checks. If the town is small enough, or its after hours, the cop is permitted to claim the fine on the spot. If the local town hall or tax assayer's office is open, they'll follow you there and make sure you pay it.
If you pay, you can always come back later and fight it. Depending on how many points you have already lost from your license, it may be worth a fight to keep from losing those points.
Possibly. I'm posting on slashdot on a friday evening when I could be out drinking, so the question is valid.
You ever been to Rome? Yes, and I've driven in Rome. And Paris, Athens, Lisboa, Madrid, Boston, New York, Lagos, and Warsaw. The craziest places in the world to drive. If you pay attention to what the other traffic is doing, you can quickly adapt your driving style to match theirs. Then it just becomes a test of navigating twisty little one-way streets, all similar.
Red lights which turn red when a speeder approaches are used in small towns all over Spain, parts of Italy, and Portugal. I've seen a few in small towns all over the place, including in the U.S. They are not that uncommon.
The reason people stop is that a radar light is a great place for the local police to sit and catch lots of idiots. So if you are speeding into a town, but lower your speed to the limit early enough to not trigger the light, you can cruise through without worry. If you trigger the light, and come to a stop, you might get looked at, but they tend to not bother you. But if you blow through that red light, its a nice double ticket, both speeding and red light jumping. Payable before being allowed to leave the town.
Slashdot Mirror
There was a case a while back (mid-90's?) where the Danish telco was terminating certain international calls at a call centre inside the country. Thus, they didn't have to pay termination fees to the other country's telcos, and kept most of the money for themselves and gave some of it to the scammers. IIRC, there were romance lines advertised late at night in other countries like Germany and Sweden, as well as loto/gambling scams with African and American country codes.
I think the legal parts of this case are still going on, but I can't google up any linkable details (because my dansk is not up to snuff anymore)
This is a pretty common scam in countries where there is no oversight of telco practices.
the AC
After reading the details from actual court documents, it looks like a business relationship turned sour. NAC is making Imminent Death of the Internet announcements in NANOG, and /. picked up the meme. Nasty business, that, considering how clued in the NANOG people generally are (as opposed to how flamebating /. trolls are) It looks like NANOG is starting to realize they were trolled by NAC before the facts were known. Thats the nice thing about public records is that anybody can go pick up a copy and inform the world.
/., I should post it anyways and get a +5 informative, instead of languishing here with a -2 accidentally RTFA.
What Pegasus/UCI/Jason somebody wants from the court order is a temporary window where NAC will not poison the routes to his old IP addresses for the next two months while he completes his migration. This is NOT a permanent breaking of the ARIN hierarchy, and is allowed, but not required, by ARIN rules for customer migration on a temporary basis.
Damn, and I had a good rant brewing until I RTFAffadavit. But this is
the AC
Neh, to be a good, greedy, cheap, bastard, you would wait until you had the replacement RAM and the USB key, and then sold both.
Not that 32Mbyte flash keys are worth much these days, lots of companies at CeBit this year were handing them out.
the AC
So you take your original HP 128 Meg sodimm card, mail it back to them, get a new one, and a 32Mbyte USB flash memory key with an HP logo on it for the cost of postage.
It pays to be a cheap bastard, but one should be a greedy cheap bastard whenever possible.
the AC
Doh! I know this. You are completely correct.
I blame the beer.
the AC
I even got the joke backwards. It should have been "Crank your gain to 10 billion Bels. Even better if your amp goes all the way to 11 billion Bels.
To experience the original sound of the big bang in all its glory, turn your volume gain up 11 billion deciBels. Amplifiers that only go to +10 GdB gain just wont cut it for true audiophools.
the AC
Some slight hearing loss may occur. Don't try this at home, go to a friends house.
Looking at this page, and a bunch of their other pages, I think cost was their main concern. They found a 2U box for only GBP29, while the 1U box mentioned in another post by jjshoe runs GBP149. The wireless access bridge "was just laying around".
Most of their projects are of the "cheap and green" variety. They have built pedal powered repeaters, solar powered satellite receivers and the like.
I'm a bit appalled by their lack of engineering knowlege on some of their projects. But I do admire their "slap it together cheap" attitude. They are not building reliable, production level kit, they are tweaking items they found in the spare parts bin and making useful one-off projects.
the AC
European elections are in one week. Research the positions and voting records of your currently elected officials, and see what vague promises the contenders have on offer, and make your vote count.
Gets down off soapbox.
If the Commission wants to create a directive requiring all software to have anti-counterfeiting detection code in it, then they have to provide all F/OSS developers with the complete specifications for all the watermarking technologies on the bills. I want to see all the frequencies of the moire patterns, circle spacing, color channel patterns, paper transparency, reflectivity of the holograms. Everything. Maybe even some working sample code. Provided without any restrictions so it can be included in every GNU, GPL, BSD, and other licensing scheme.
Of course, since this directive is being sponsored by a corporation who holds the copyrights on several of the technologies and designs, they will probably require a mandatory licensing scheme for a chunk of self-decrypting black box code. Include it or go to prison.
Climbs back on soap box.
Yeah, time to get out and vote. One week left to ask another round of questions of my MEPs. Go do the same!
the AC
3 SMS messages per minute doesn't sound like much. Assuming he didn't change the message each time, after the initial time spent writing the message, its easy to send 10 to 15 per minute to numbers in the phone's address book.
I have clients who run SMS gateway machines, and each phone can send 30 to 50 messages per minute. Of course, this is computer controlled, and they have a chassis with 30 phones and hundreds of SIM cards to spread the charge across many "1000 free texts per month" plans.
Back when SMS messaging was free in Europe, I wrote a crude implementation of IP over SMS. The phones were connected with serial cables to linux boxes. It took some serious tweaking of MTU, TCP timeouts, and a couple of hacked applications (sendmail and telnet) to deal with the bandwidth, latency and small packet size problems. I even managed to perform an NFS mount over SMS. But alas, once the phone companies smelled money, it was all over.
the AC
I made my own ring tone.
It's a 14.4k modem training sequence. Beeeep-dooop braaap-beeep-beep-bip braaaaaappppppppp scrreeeeeeeeeee(for 25 seconds).
My phone has been banned from every telecom facility in the Benelux. On the downside, every time I hear somebody still using an analog modem I check my phone.
the AC
The appearance of a law does nothing until there is enforcement action backing it up.
This is what I've been waiting for, positive action by a law enforcement agency against the worst criminal spammers. The pathetically few lawsuits by US States Attorneys General against a few spammers hasn't made much of a dent in the levels of spam. But I'm convinced that a handful of US based spammers account for 60% or more of all spam today.
When the NY Attorney General, Elliot Spitzer, launched his attack against Opt-in Real Big, that flow dwindled to almost nothing. Since then, Richter has either sold off his spam lists, or just no longer up front admits to being ORB. The spams against some honeypot accounts that for the last year were exclusively getting ORB spam have started getting spam from a dozen different groups recently, all using chinese, comcast or wanadodo hijacked machines. At least for a few months there was a perceptible decrease in some spam.
Knowing the FBI, they will make a few headline grabbing busts, complete with news agencies being tipped off in advance so camera crews will be on hand to film the heavily armed agents swarming a trailer park in south Florida. With any luck, the spammers will make sudden, hostile moves towards something in their waistbands, resulting in a "lethal and appropriate" response from the LEOs. I would pay for a copy of that video.
The FBI may also be using these busts as a way of seizing computers which may hold leads to virus/worm writers who then sell botnets to spammers. The spammers machines may also hold leads to dozens of other criminal activities, which may impact US national security. Even if the spammers lose all their electronics until after the trial, they will still be offline. Especially if their bail conditions include a ban from using any computer or communication device.
The Federal prosecutors will lump dozens or hundreds of charges against the spammers, knowing they will eventually plea-bargain down to a few charges which will get them only a few years in prison. There will be much press coverage, and many other amateur spammers will decide for less risky fields of criminal enterprise. This action will never eliminate all spam, but it will put a big dent in it.
It will be interesting to see what level of participation the spam hunting community provides to the FBI. Although the FBI may go it alone, there are a lot of us with a strong technical background willing to put in some hours to provide forensic evidence which can hold up in court.
the AC
Snarfed, in its entirety, with thanks.
/. disappears tomorrow :-)
This is a nice, clear, well thought out description of the invasiveness we can expect in the next few years due to M$'s monopolistic control of the PC world. I will take your post, polish and embellish as needed during discussions with TPTB, and add some of my own insights. I have heard M$'s own visionaries tell of the new models of "thin clients"(longhorn++) and centralised licensing schemes which bill the user per use for every document view, web page hit, and search result.
I'm keeping a local copy, just in case
the AC
Another saying...
"The only bad publicity is an obituary"
credited to many people in Hollywood over the years.
the AC
I'm beginning to believe it
Know your network!
Before starting, make sure your tools can be configured to avoid scans of sensitive equipment during work hours. You should know exactly where each server and router is on your network, and run scans against them during maintenance windows, when a crash will not impact the company and the admins are available to bring the systems back up.
For lesser important servers, scans should be run only once in a great while. For the vast majority of your IP space, where luser PCs lie, then security scans should be run during the time they will most likely be on, which is during normal work hours.
When you can categorize all of the IP space into levels of importance to corporate revenue, then you need to tune your tools to have as little impact as possible on important systems. This means turning off nasty parts of Nessus, and addressing those threats via other means (mandatory patch rollouts, system level reports). You should not be trying to make anything crash, because that is counter to good security practices. A DoS from the security group is just as effective as a DoS from some blackhats.
If the network is large enough, there should be a budget for multiple scanning machines. Since it can take 20 to 40 minutes to politely scan a single machine, you will need to have machines local to each segment of your network and scan in parallel. There are a number of commercial scanners which will consolodate the reports to a central server.
Automated scans against PCs should run during the day. Some automated scans need to run against infrastructure machines, but since those machines are on 24x7, the scans can be run at night. Manually scan important machines when the admins who can fix them are on hand to see and patch any problems found.
the AC
Ask Merlyn if this is good advice, I'm sure he'll agree with you.
Every responsible security professional I know has a long, detailed contract detailing every possible test they may carry out, times, locations, and goals. Most make sure that both the CIO and the head of the legal department sign the document in person. The original of the document is then kept off-site, in their possession.
Even when you are a full time employee, make sure the job description on file with the HR department states clearly it is your responsibility to scan networks, systems, and the like. Just a vague description like "system admin" or "engineer" is not enough to keep you out of prison, or from facing a large lawsuit after they fire you for taking down the network.
Being paranoid is not just a good survival technique against mysterious "black-hat" threats from outside, it is absolutely necessary against internal mis-management threats as well. Remember, Dilbert started as a character study of real life management practices in a large telephone company.
That said, I'm now going to write a top level post about how scans should be tailored to the network.
the AC
Ok, you owe me a new keyboard. At least the screen wiped clean.
/.
the AC
This one caught me completely by surprise, since there is rarely any really sophisticated humour on
Emails and complaints to their abuse inboxes are completely ineffective. Neither are face to face meetings with wandadoo's legal team. BTDTGTTS. Changing French law to make them liable for failing to disconnect criminals from their network might make them take notice.
They are hiding behind a serious mis-interpretation of some antiquated laws that they cannot interfere with their customer's communications. The equivalent idea in American terms would be Common Carrier status. Not one other ISP in France has such a wrong headed idea. I've talked with their admins, and they all pointed to the legal team for the policy forbidding them from cutting off spammers.
Fortunately, the French government is changing the law, they are working on updating the law* to clearly state that a carrier can punt a customer after receiving complaints about spam, scams, pr0n, or other bad stuff. I have been championing a few articles which would make ISPs both civilly and criminally liable (code civile et code penale) for failing to investigate complaints against their users. The penal code parts may not make it through more readings before the senat, due to pressure from only one French ISP (I'll give you one guess whowho).
The spam coming through wanadoodoo's servers are most likely coming from zombie windoze machines. We can't cut off wankaqueue, because there is such a huge number of francophone lusers on their system. So the only alternative, after sparring with their legal team to allow their few, overworked and completely clueless admins to cut off a few lusers, is to help put really bad laws on the books to punish ISPs.
Not an ideal solution, but fuck, if they weren't so obstinate in their refusal to help with the spam flood, they get what they deserve. All the other ISPs in France actively punt spammers or cut off zombie machines, so its too bad to punish the whole industry with such a broad law. I'm normally against laws like this, but after a couple of years of banging my head against this problem, views change.
the AC
* - there is a public hearing on these amendments this thursday, if any locals care. There are many good articles in this projet, which clearly define who is responsible for content, postings, and forces opt-in on all spam and commercial communications.
Not the French. Even when I yell at them loud enough in *French*, they still don't understand. Best to avoid them altogether :-)
avec toutes mes excuses,
the AC
I know several Americans who finally gave up, and moved themselves to Europe to start a new life. After Canada, London and Paris are the most popular destinations for economic refugees from the US. The current US system makes it impossible to for victims to buy major items, like houses or cars. Regular tax audits suck out all your energy. It becomes impossible to take a job with an employer who only pays salary via direct deposit when you can never open another bank account. Not having a credit card means you can't do many things like internet shopping.
A few years ago I was talking with some US consular folks at a party, and they have a separate category for ex-pats who had to leave the US because they could no longer lead normal lives after ID theft. They call them "Forced Economic Migrants" or something similar. In France and England, the number is in the tens of thousands. That's just the number of people who bothered to register with the local embassies.
I have an American friend here in Belgium who had his US SSN abused more than 20 years ago. After a few years of fighting with the data reporting agencies, losing his house and all his bank accounts in the process, he gave up and moved here. The case officer at the SS administration told him he would have a better life if he gave up, cashed out, moved to another country and started his life over again. Since millions of people all over the world do this every year, it isn't that difficult, but it does really fsck up your life for a few years. A few years is better than the rest of your life. He claims he is much happier now, in a country with a working health care system and a real appreciation for beer.
His ex-wife tried to move back to the US in 2000, at the height of the boom, more than 15 years with no credit history in the US. But after 6 months of fighting with the credit reporting companies over the old data which is supposed to be deleted after 10 years, she is back here and swears never to go back except to visit family.
the AC
Big backbone providers don't generally use home-grown linux routers.
Some do. Not the really big ones, like uunet, but medium sized ones that have grown up using Zebra on Linux or BSD as a route reflector. Just this week, I've seen at least 3 networks (thousands to tens of thousands of customers) get knocked off the internet because someone decided to patch a kernel and reboot the Linux Zebra box. A few hours here and there, but it adds up. When they come back up, there has been a lot of silly and chastising emails about it between other carriers in the RIPE region.
At least my Foundry iron comes back from BGP fsckups in about 10 seconds. The Ciscos take about 2 to 3 minutes. The poor Zebra boxes, once the kernel is working, require 10 to 30 minutes to rebuild their BGP peering sessions. This is why you have some hard coded routes, which normally sit at a low enough priority to be ignored until the routing protocols die.
the AC
I can't see a single spammer complying with this.
That is what we want. We want laws they can, and most likely will, break. Then throw them in front of the court facing 200 million counts of breaking this law. Watch the spammer plea bargain a short, 1 or 2 year prison sentence when faced with a possible 700 year sentence.
The U-CAN-SPAM act may have been a watered down compromise, but there is already action being taken against the worst spammers. They might be able to hide their IP address by using trojan nets, but the authorities are finding them by following the money trail, not the electronic trail.
With Asscroft in charge of the New Morality in the U.S., expect to see him going after all those Nasty Pornagraphers the day after this rule goes into effect. You can bet the DoJ already has files ready to go, just waiting for a new rule so they can establish heavier charges. The worst pr0n spammers will end up in jail, and that will be a warning to the others.
the AC
Any first year law student...
Clearly, you are not a first year law student. Clearly you think you know American law (but you don't), and you've never been in a foreign country. Cops can do pretty much what they want, they know the limits of the courts, the limits of what a citizen can do, and what they have managed to get away with before. Its their job, they are the law 8 hours a day, 5 days a week. After a while, they get real good at it.
The cops aren't detaining you, they are holding the instrument of the crime. Don't want to pay? They'll store your vehicle in the municipal impound lot until your trial date. You are free to go, you can wait for a bus to the next major town, then hop a train home. There may be one bus per day, or if you are very lucky, a couple in each direction morning and evening. You can also hitchike.
Driving through rural Spain, where every village has a pair of radar lights on the main road running through town, the Guardia Civile has the payment plan just for you. They'll take most major credit cards, cash, and some gyropost checks. If the town is small enough, or its after hours, the cop is permitted to claim the fine on the spot. If the local town hall or tax assayer's office is open, they'll follow you there and make sure you pay it.
If you pay, you can always come back later and fight it. Depending on how many points you have already lost from your license, it may be worth a fight to keep from losing those points.
the AC
Are you insane?
Possibly. I'm posting on slashdot on a friday evening when I could be out drinking, so the question is valid.
You ever been to Rome?
Yes, and I've driven in Rome. And Paris, Athens, Lisboa, Madrid, Boston, New York, Lagos, and Warsaw. The craziest places in the world to drive. If you pay attention to what the other traffic is doing, you can quickly adapt your driving style to match theirs. Then it just becomes a test of navigating twisty little one-way streets, all similar.
Red lights which turn red when a speeder approaches are used in small towns all over Spain, parts of Italy, and Portugal. I've seen a few in small towns all over the place, including in the U.S. They are not that uncommon.
The reason people stop is that a radar light is a great place for the local police to sit and catch lots of idiots. So if you are speeding into a town, but lower your speed to the limit early enough to not trigger the light, you can cruise through without worry. If you trigger the light, and come to a stop, you might get looked at, but they tend to not bother you. But if you blow through that red light, its a nice double ticket, both speeding and red light jumping. Payable before being allowed to leave the town.
the AC
I'll be back in Dublin soon, time to drop in to buy Steffen a beer. Or seven. ;-)
the AC
Everyone knows the Gardai Sicini taste just like chicken. ta siad go halainn.
/. filter doesn't like gaeilige accents
(Its an Irish joke, just mod it up)
Bain taitneamh as do bheile
the AC
damned