No its not possible to have more than one sim identity active at the same time.
I'm curious if you can explain why this is -- it seems like it would be so useful. E.G., when traveling, to have a home number and a local number both able to recive calls at the same time.
What, it HAS to use linux and ssh to be for geeks?
What if it merely uses a constilation of low Earth orbit satilites to set the time? (One of those watches does just that. There are other cheaper (and less battery-draining) watches that syncronize via shortwave.)
But then, none of this is new or anything. Most of it isn't even new in a wrist-top formfactor. Yawn. (And what's with the Stanley thing with the ruler glued to the side? Is that a joke? Wouldn't a laser range-finder fit better into a watch?)
Lots of people seem to assume that if something is popular, then they (or someone) ought to be making money on it. But it's the exception when that happens, not the rule. Humans have been hanging out and talking with friends for thousands of years. It's wildly popular, yet money needn't change hands for it to happen. Most blogs and IMs are extentions of this. Sometimes someone makes a buck on a banner ad, like a cafe owner makes a buck when friends catch up over coffee, but the bulk of the value is in the social exchange, and the buck is just rent on the venue.
I don't understand why providers don't see the profit potential of multicast.
If there's a source "out there" and you have multiple customers that want data from that source, then you:
Charge each customer for the bandwidth they consume at the normal rate.
Are charged at the normal rate -- but only once -- by you upstream
Profit! (Note lack of ????)
Really, this should be easy, but it's not happening. Maybe it's just a chicken-and-egg thing with applications and infastructure. Maybe nobody's figured out how to market this, so users will understand and demand it. Too bad. Multicast worked fine on 9/11.
It's more than not running executables from email (Although that certainly helps!) In the last year or so:
Network operators have blocked outbound port 25 for large chuncks of the net -- protecting the net from their infectable, directly networked machines.
Mail admins have installed virus filters on most legitimate MTAs that touch the internet.
End users have figured out that they really do need virus protection. Even if they "just" use their computer for browsing and email.
Microsoft got lots of their users on Windowsupdate.
Legislators have passed some laws. Eg, making it a felony to use zombies for sending spam. (The virus writters might be hard to catch, but the spammers that buy/rent zombies are much easier, and they are the source of the money.)
All of these help a little bit, and there's a network effect with some of them. For example, mail admins a year ago had trouble installing virus filters because there were so many viruses loading down their servers. Now with other mailservers dropping the viruses quicker, it's easier to add the filters. There's also a network effect for the virus/worm writers. If its harder for them to get new zombies (and many of the zombies can't be used for spam), there's less profit motive to write the viruses to get the zombies.
I keep my definitive list on my palm, and dial with bluetooth -- that is, push the number onto the phone.
I've thought about getting a BT headset, and then (purely for geek factor) make phonecalls without removing my phone from my pocket. Once while traveling, I got an SMS, and read it from my palm while my phone was in my backpack, in the trunk of the car I was riding in. So... I basically see my phone becoming a protocol translator with a bulkier-than-palm battery.
Another comment:
Spamassassin (2.x)'s GA is kindof a pain to train [1] -- it takes a big corpus of spam & ham, and it has to be representative spam & ham, and the spam has to be recent. Then, it takes a lot of computation to run the GA. (This, as I understand it, is why SA 2.x can never really have rules that get updated like virus filters.)
This means that sites using SA must either use yesterday's rules to try to filter today's spam, or use rules that aren't ballanced (and may corrilate with each other more than they corrilate with spam/ham-iness.)
I suspect that an ANN would be even more hard to train (in terms of corpus requirements and processing), wouldn't it? And you can't just add a hidden node for some pattern you see in spam that gets through.
[1] I'm just stating an obveravation here -- I don't mean to complain. I very much appreciate the work that the SA team has done and is doing, and look forward to the release of 3.0.
[2] NRFN
If a list of user@domain is too dangerous (and a hash of each address might be nearly as bad), then a list of domains that opt-out of spam would seem safe enough. A law-abiding spammer (Heh!) can check that list, and any spam recived by domains on that list is clearly illegal. The list is, however, no help to spammers who want to cheat (no more help than a copy of the.com,.org and.net DNS zones, anyway). A domain list also has the advantage of being quite a bit smaller. (aol.com vs one addresses for each of their customers)
<hat form=foil material=tin>
But maybe somebody -- like the DMA -- doesn't want that.
</hat>
If money is stolen from a bank account, it is the bank that looses the money. (The account holder has a hasle factor, though.) The banks pay for security (including education of users.) The point of good security is to reduce the losses due to theft/fraud. Banks don't need to eliminate these losses -- just reduce them enough so they don't eat up profits too much. How much they spend to reduce theft/fraud is simply a buisiness decission for the bank.
If I speculate about the causes of the differences (from country to country) of bank security, I think about the following:
Maybe American users are dumber than other peoples of the world. (I prefer to think we're about the same. But maybe I'm dumb.)
Maybe in places other than the USA, it's the depositor that takes the loss. That means the depositor would want the bank to spend more of its money to provide better security. (BUT that really means that USA banks are providing more secure service, even though they use worse security. How odd!)
Maybe there's more theft and fraud in places where there's better security. That might be because of differing severity of punishment for non-violent crimes.
Maybe the USA rolled out ATMs and credit card readers earlier than some other places, and we're now stuck with what works good enough. Places that rolled out readers and machines later did so with newer, better technology.
With port 25 open, there is a profit motive for spammers to buy these zombie networks from virus-writers. If port 25 is closed, that hurts the spammers directly, and it makes it a lot harder to make money from writing and spreading viruses. (It's one thing to have to patch against script children, but it's quite different if there are professionals trying to take over large numbers of systems.)
There are two groups of users that are bitten by blocking port 25:
One group is, as you mention, people who run their own mail servers. They need access to port 25, to contact any host on the internet. As you suggest, these can and should be whitelisted. (I don't think it should even cost $20, but if Comcast can make $20, they will.)
The other group is people who want to use a mail server other than the one provided by their connectivity provider. (Yes, there are lots of good reasons to do this.) Of course, these users can and should be expected to authenticate to the server to which they are sending. So... let them use smtps or submit. (Most MTAs allow one or the other of those.)
If spam is a computer security problem, then it is the Security Policy for email (not protocols or anything else) that is at fault.
The Security Policy for email was once "Anyone on the internet may append to my mailbox." This worked reasonably well when the Internet was hard to get onto and misbehaving on the network could get you or your site kicked off. Now that services like finger and publicly availible directories are becoming rare -- people are turning this into "Anyone who knows my email address may append to my mailbox." This essentially makes email addresses a plaintext password that one gives out to all of one's friends, and hopes they won't leak it to a spammer. (This actually works for some people. Others get deluged in spam because their friends pass on forwards or infect themselves with viruses.)
What people really want is closer to "People who aren't jerks may append to my mailbox, as long as the content of what they wish to append is not spam." -- But this requires that a list of "jerks" be kept, and senders authenticated to make sure that they're not on the list of jerks. (Note that one cannot authenticate an anonymous sender, so that part is really impossible. Even if the sender can authenticate the message to their domain, well, domains are cheap; spammers will just use a different one for each run of spam.) This also requires a content check to see if a message is "spam." I haven't proven it, but I belive this is equivelent to a turing test. At the very least, a spammer can still send a million messages to an address, and a filter that catches only 5 nines' spam will deliver ten bad messages. (Fortuneatly, spammers aren't smart/desperate enough for this -- yet.)
So, if spam is a computer security problem, then email as we know it is doomed. On the other hand, if spam is a social problem, a criminal problem, or something else, then maybe we have a chance.
I think that spam is a combination of several problems, and we can reduce it to "acceptable" levels with a combination of measures. Filters and blacklists help. Throwing the worst of the spammers in jail would help. Cleaning up zombie networks helps a lot. Filtering port 25 out from groups of machines likely to be compromised helps (but at some cost).
Okay, so drop 4000-8000 gallons at a time. I think it takes something like 3 miniutes for a 747 to do 180 degree turn. That would probably enough time for the ground crews to radio "You missed a spot" and where. Even if the pilot missed it a second time, there's still water/retardant left to finish the job, and all in less time than the second Canadair load. That assumes they start at the same time, but another advantage of the 747 is that it can fly 600mph, so it can cross a (western) state in half an hour. If a stich in time saves nine, how much is saved by a few thousand gallons when a fire is still small?
If there's a problem with this, I think it has to be that a 747 is a lot more expensive to fly. (In crew/fuel/ground support.) Evergreen seems to think they can make up for this by putting out the fires quicker, but I'm not convinced.
A protocol that can connect different social sub-networks. Even if the information exchanged between two services was limited to the intersection of their individual schema, the greater network would still be traversable (Assuming all of the networks support at least a list of "friends.")
Problems with this idea include cross-site authentication (If I want information pertaining to multiple sites, but have them appear as the same person in the global network), and various forms of spam. Of course, there are lots of people who _want_ some seperation in their various on-line personas. (Eg, dating versus professional contacts.)
Yeah, I know... I'm posting this way late so probably nobody will read it. Oh, well.
Please pardon the slightly off-topic post, but I have a question (and this is ask/.)
Has anyone else noticed that Mcafee hasn't been putting out def's very reliably lately? Their website claims they protect from latest viruses, but uvscan (their command-line unix client) doesn't find them, and their ftp site sometimes goes a few days without being updated.
Norton seems to have updates more often than once per hour.
I'm curious if this is a new thing (I hadn't noticed this before), or this has been going on a while. Also, do others have observations of frequency & latency of virus definitions? (Review sites seem to only test completness of catching thousands of historical viruses...)
No, hashcash (and simular schemes) breaks points 1 and 5. Large emailing lists would not be able to work, but spammers can and will steal resources (zombies) to compute their hashes.
The biggest problem that they all break the simple model that makes email work. Users can pass an "email address" by any means (inband or out of band) they want, and then they can exchange messages. Any kind of payment system will require a security relationship between the email-exchanging parties. Security realationships are expensive, and tend to scale as O(N^2).
Increasing the cost (CPU or money) would still let "rich" spammers spam, but would shut down mailing lists, and make a big extra barrier for people to freely email each other. (And no, whitelisting the mailing lists won't work -- because the spammers would just forge mail from those mailing lists.) Getting rid of the "poor" spammers would be nice (no more herbal viagra...) but would encorage big companies to spam (and they would claim that this is legitimate.) Consider this, as well: much spam these days is delivered by zombies -- is it really costing the spammer anything if his network of zombies has to do a little more CPU intensive work?
If you require a micropayment with each email, that means you either have an extra step to take with each email (insert smartcard, type pin, or whatever) or your MUA does that for you. The previous is enough difficulty to kick many non-technical users off the 'net. The later would imply that malmalware or a social engineer can steal all your email money.
There are lots of ways to help reduce spam (currenly more than 50% of email is spam.) Filters help a lot, and the ASRG is working on new barriers to spammers. If CAN-SPAM were enforced, it would make a large dent in the amount of spam (and make the rest easier to filter.) I think that has to be the magic bullet for spam, if there is going to be one. Filters and other barriers may slow spammers down, but if there is no penalty for trying, they'll keep coming until they find a way to circumvent the filters, the payment schemes, etc. The magic bullet canot be filtering alone -- I'm pretty sure that well-written spam would require a turing test to distinguish from ordinary email.
First, I think everyone knows that the "death penalty" is entirely hyperbole.
That said, there are about 2.5Gs in an 80-year human lifetime. Ralsky boasts of something like 70 million spams per day. If it takes a human being 1 second to delete a spam, that's one human lifetime wasted per 36 days of spamming. Okay, filters help a lot -- but those filters also cost people-time to create. Aside from that, even if only 5% gets through to a human, he's wasted 1 whole human lifetime in 2 years.
So, what would be a compensory penalty? The 80 years (more than the rest of his life) at community service would be a start. But that doesn't account for all the cleanup of the zombies he relayed through, nor the ISP resources (mailbox space and bandwidth). It also doesn't compensate the public for the loss in usefulness of email.
In Ralsky's case, he cannot possibly afford to compensate for what he's done. But there is more to justice than compensation and punishment. Justice also requires Mercy.
He's 57 years old now. He can collect social security in five years. Let him. (In the mean time, he can sell his big house and move into a small appartment thats easier to afford. Maybe Sanford Wallace is looking for a roomie?) But after he has to start tagging his spam, it'll be so easy to filter that nobody will pay him to send it. I cannot imagine anyone hiring him to work. So, he'll fade into obscurity, and justice will be served by his repentance and remorse.
Except, he's a spammer, so he'll more likely break the can-spam law, and do those next five years in prison (I assume, based on his open admission to news reporters that he uses zombies, that there will be some wiretaps in place by Jan 2 at the latest.) When he gets out, he has the same choice to make all over again.
I read the NatSci article (Yes, I know...) and it looks like this is just a wi-fi device that knows where it is, to be used to track things that its attached to.
The techweb article seems to imply that something would locate any wi-fi device, which would be nice for tracking down wireless misbehavior.
If the end of the trailer saying that the robot was "Three Laws Safe" wasn't a giveaway (to anyone who's read any Asimov) then I don't know what would be.
I suppose the RotK audiance is more likely to have read Asimov than typical movie going crowds, so I would guess that other trailers will be more direct.
Slashdot Mirror
I'm curious if you can explain why this is -- it seems like it would be so useful. E.G., when traveling, to have a home number and a local number both able to recive calls at the same time.
What if it merely uses a constilation of low Earth orbit satilites to set the time? (One of those watches does just that. There are other cheaper (and less battery-draining) watches that syncronize via shortwave.)
But then, none of this is new or anything. Most of it isn't even new in a wrist-top formfactor. Yawn. (And what's with the Stanley thing with the ruler glued to the side? Is that a joke? Wouldn't a laser range-finder fit better into a watch?)
Lots of people seem to assume that if something is popular, then they (or someone) ought to be making money on it. But it's the exception when that happens, not the rule. Humans have been hanging out and talking with friends for thousands of years. It's wildly popular, yet money needn't change hands for it to happen. Most blogs and IMs are extentions of this. Sometimes someone makes a buck on a banner ad, like a cafe owner makes a buck when friends catch up over coffee, but the bulk of the value is in the social exchange, and the buck is just rent on the venue.
samzenpus doesn't even have a home page. Maybe they just hired a night-editor?
Good post! I knew I couldn't be the only one thinking this.
If there's a source "out there" and you have multiple customers that want data from that source, then you:
- Charge each customer for the bandwidth they consume at the normal rate.
- Are charged at the normal rate -- but only once -- by you upstream
- Profit! (Note lack of ????)
Really, this should be easy, but it's not happening. Maybe it's just a chicken-and-egg thing with applications and infastructure. Maybe nobody's figured out how to market this, so users will understand and demand it. Too bad. Multicast worked fine on 9/11.- Network operators have blocked outbound port 25 for large chuncks of the net -- protecting the net from their infectable, directly networked machines.
- Mail admins have installed virus filters on most legitimate MTAs that touch the internet.
- End users have figured out that they really do need virus protection. Even if they "just" use their computer for browsing and email.
- Microsoft got lots of their users on Windowsupdate.
- Legislators have passed some laws. Eg, making it a felony to use zombies for sending spam. (The virus writters might be hard to catch, but the spammers that buy/rent zombies are much easier, and they are the source of the money.)
All of these help a little bit, and there's a network effect with some of them. For example, mail admins a year ago had trouble installing virus filters because there were so many viruses loading down their servers. Now with other mailservers dropping the viruses quicker, it's easier to add the filters. There's also a network effect for the virus/worm writers. If its harder for them to get new zombies (and many of the zombies can't be used for spam), there's less profit motive to write the viruses to get the zombies.And this just after Bruce Schnier posted a link to a how-to for destroying the Earth, which includes blackholes and von Neumann machines as methods.
I just logged in with no change at all in the login process. Did google change something back, or are we getting upset by vapors?
I've thought about getting a BT headset, and then (purely for geek factor) make phonecalls without removing my phone from my pocket. Once while traveling, I got an SMS, and read it from my palm while my phone was in my backpack, in the trunk of the car I was riding in. So... I basically see my phone becoming a protocol translator with a bulkier-than-palm battery.
Another comment: Spamassassin (2.x)'s GA is kindof a pain to train [1] -- it takes a big corpus of spam & ham, and it has to be representative spam & ham, and the spam has to be recent. Then, it takes a lot of computation to run the GA. (This, as I understand it, is why SA 2.x can never really have rules that get updated like virus filters.) This means that sites using SA must either use yesterday's rules to try to filter today's spam, or use rules that aren't ballanced (and may corrilate with each other more than they corrilate with spam/ham-iness.) I suspect that an ANN would be even more hard to train (in terms of corpus requirements and processing), wouldn't it? And you can't just add a hidden node for some pattern you see in spam that gets through. [1] I'm just stating an obveravation here -- I don't mean to complain. I very much appreciate the work that the SA team has done and is doing, and look forward to the release of 3.0. [2] NRFN
<hat form=foil material=tin> But maybe somebody -- like the DMA -- doesn't want that. </hat>
If I speculate about the causes of the differences (from country to country) of bank security, I think about the following:
With port 25 open, there is a profit motive for spammers to buy these zombie networks from virus-writers. If port 25 is closed, that hurts the spammers directly, and it makes it a lot harder to make money from writing and spreading viruses. (It's one thing to have to patch against script children, but it's quite different if there are professionals trying to take over large numbers of systems.)
One group is, as you mention, people who run their own mail servers. They need access to port 25, to contact any host on the internet. As you suggest, these can and should be whitelisted. (I don't think it should even cost $20, but if Comcast can make $20, they will.)
The other group is people who want to use a mail server other than the one provided by their connectivity provider. (Yes, there are lots of good reasons to do this.) Of course, these users can and should be expected to authenticate to the server to which they are sending. So... let them use smtps or submit. (Most MTAs allow one or the other of those.)
The Security Policy for email was once "Anyone on the internet may append to my mailbox." This worked reasonably well when the Internet was hard to get onto and misbehaving on the network could get you or your site kicked off. Now that services like finger and publicly availible directories are becoming rare -- people are turning this into "Anyone who knows my email address may append to my mailbox." This essentially makes email addresses a plaintext password that one gives out to all of one's friends, and hopes they won't leak it to a spammer. (This actually works for some people. Others get deluged in spam because their friends pass on forwards or infect themselves with viruses.)
What people really want is closer to "People who aren't jerks may append to my mailbox, as long as the content of what they wish to append is not spam." -- But this requires that a list of "jerks" be kept, and senders authenticated to make sure that they're not on the list of jerks. (Note that one cannot authenticate an anonymous sender, so that part is really impossible. Even if the sender can authenticate the message to their domain, well, domains are cheap; spammers will just use a different one for each run of spam.) This also requires a content check to see if a message is "spam." I haven't proven it, but I belive this is equivelent to a turing test. At the very least, a spammer can still send a million messages to an address, and a filter that catches only 5 nines' spam will deliver ten bad messages. (Fortuneatly, spammers aren't smart/desperate enough for this -- yet.)
So, if spam is a computer security problem, then email as we know it is doomed. On the other hand, if spam is a social problem, a criminal problem, or something else, then maybe we have a chance.
I think that spam is a combination of several problems, and we can reduce it to "acceptable" levels with a combination of measures. Filters and blacklists help. Throwing the worst of the spammers in jail would help. Cleaning up zombie networks helps a lot. Filtering port 25 out from groups of machines likely to be compromised helps (but at some cost).
If there's a problem with this, I think it has to be that a 747 is a lot more expensive to fly. (In crew/fuel/ground support.) Evergreen seems to think they can make up for this by putting out the fires quicker, but I'm not convinced.
Problems with this idea include cross-site authentication (If I want information pertaining to multiple sites, but have them appear as the same person in the global network), and various forms of spam. Of course, there are lots of people who _want_ some seperation in their various on-line personas. (Eg, dating versus professional contacts.)
Yeah, I know... I'm posting this way late so probably nobody will read it. Oh, well.
Has anyone else noticed that Mcafee hasn't been putting out def's very reliably lately? Their website claims they protect from latest viruses, but uvscan (their command-line unix client) doesn't find them, and their ftp site sometimes goes a few days without being updated.
Norton seems to have updates more often than once per hour.
I'm curious if this is a new thing (I hadn't noticed this before), or this has been going on a while. Also, do others have observations of frequency & latency of virus definitions? (Review sites seem to only test completness of catching thousands of historical viruses...)
No, hashcash (and simular schemes) breaks points 1 and 5. Large emailing lists would not be able to work, but spammers can and will steal resources (zombies) to compute their hashes.
The biggest problem that they all break the simple model that makes email work. Users can pass an "email address" by any means (inband or out of band) they want, and then they can exchange messages. Any kind of payment system will require a security relationship between the email-exchanging parties. Security realationships are expensive, and tend to scale as O(N^2).
Increasing the cost (CPU or money) would still let "rich" spammers spam, but would shut down mailing lists, and make a big extra barrier for people to freely email each other. (And no, whitelisting the mailing lists won't work -- because the spammers would just forge mail from those mailing lists.) Getting rid of the "poor" spammers would be nice (no more herbal viagra...) but would encorage big companies to spam (and they would claim that this is legitimate.) Consider this, as well: much spam these days is delivered by zombies -- is it really costing the spammer anything if his network of zombies has to do a little more CPU intensive work?
If you require a micropayment with each email, that means you either have an extra step to take with each email (insert smartcard, type pin, or whatever) or your MUA does that for you. The previous is enough difficulty to kick many non-technical users off the 'net. The later would imply that malmalware or a social engineer can steal all your email money.
There are lots of ways to help reduce spam (currenly more than 50% of email is spam.) Filters help a lot, and the ASRG is working on new barriers to spammers. If CAN-SPAM were enforced, it would make a large dent in the amount of spam (and make the rest easier to filter.) I think that has to be the magic bullet for spam, if there is going to be one. Filters and other barriers may slow spammers down, but if there is no penalty for trying, they'll keep coming until they find a way to circumvent the filters, the payment schemes, etc. The magic bullet canot be filtering alone -- I'm pretty sure that well-written spam would require a turing test to distinguish from ordinary email.
That said, there are about 2.5Gs in an 80-year human lifetime. Ralsky boasts of something like 70 million spams per day. If it takes a human being 1 second to delete a spam, that's one human lifetime wasted per 36 days of spamming. Okay, filters help a lot -- but those filters also cost people-time to create. Aside from that, even if only 5% gets through to a human, he's wasted 1 whole human lifetime in 2 years.
So, what would be a compensory penalty? The 80 years (more than the rest of his life) at community service would be a start. But that doesn't account for all the cleanup of the zombies he relayed through, nor the ISP resources (mailbox space and bandwidth). It also doesn't compensate the public for the loss in usefulness of email.
In Ralsky's case, he cannot possibly afford to compensate for what he's done. But there is more to justice than compensation and punishment. Justice also requires Mercy.
He's 57 years old now. He can collect social security in five years. Let him. (In the mean time, he can sell his big house and move into a small appartment thats easier to afford. Maybe Sanford Wallace is looking for a roomie?) But after he has to start tagging his spam, it'll be so easy to filter that nobody will pay him to send it. I cannot imagine anyone hiring him to work. So, he'll fade into obscurity, and justice will be served by his repentance and remorse.
Except, he's a spammer, so he'll more likely break the can-spam law, and do those next five years in prison (I assume, based on his open admission to news reporters that he uses zombies, that there will be some wiretaps in place by Jan 2 at the latest.) When he gets out, he has the same choice to make all over again.
The techweb article seems to imply that something would locate any wi-fi device, which would be nice for tracking down wireless misbehavior.
Did I miss something?
I suppose the RotK audiance is more likely to have read Asimov than typical movie going crowds, so I would guess that other trailers will be more direct.
You don't need root to send email.