Banks do need to tighten up their act and have better methods to verify transactions.
However, phishing only works if you have somewhere to host a phishing site. Most ISPs intentionally make it impossible even for a knowledgeable individual to get hold of someone in their IT department - the phone numbers in ARIN records go to a black hole recording; they might call you back in a few weeks, and they might not.
At work, we host the online fundraising site for the American Red Cross, and in the weeks after Hurricane Katrina, a number of phishers were putting up sites to mimic it, mostly on trojaned home PC's on cable modems right here in the USA. One was on Yahoo!
Both I and the ARC security folks spent a ton of time just tracking down someone in IT at the cable providers to get these sites blocked. It's infuriating to track one of these down only not to be able to get it taken off the internet.
The reason ISPs make their tech staff uncontactable is that they would be deluged with quotidian requests from consumers. We need a way for genuinely urgent stuff to make it through the noise.
One possible way to would be for governments to step up and create a real-time service whereby people could report phishing sites to an automated system (maybe the FBI's I3C unit?) that would be able to indentify genuine reports worth investigating (same IP submitted many times) and have a human operator check them; they would need to have a private database of pager numbers for ISP's staff, with a mandatory requirement for ISPs over a certain size to provide them usable contact info.
The I3C does have a web form but it's literally over 100 boxes and reads like a police statement form (they ask what *county* you're in - yes, really) and it gets referred to an agent for investigation during business hours, not exactly what's needed for a quick turnaround.
Compromising Diebold machines seems to be a regular method of swinging elections in Florida ( UC Berkeley )
The white hat community needs to start undermining vulnerable e-voting technologies whenever and wherever possible. Just put a few Democrats into office in the bible belt.
The CEO of Diebold is on record as a dyed in the wool Republican: "Our job is to deliver the election to George W Bush". Problematic for a vendor with so much trust. But once their machines start swinging votes for the other side, they'll soon start adding security.
.... this doesn't seem to add a lot of practical value for an attacker.
A table of MAC address ranges and manufacturers would yield a much more specific data point about the hardware, implying a short list of potential drivers.
I guess it does give you the added info of a potential OS id (Linux / OSX / Windows) but in the typical scenario of a public (unencrypted) wireless system, sniffing application layer data (an HTTP User-Agent header springs to mind) provides a more precise way to get that data.
.... until legal and public pressures force greater accountability to companies for security breaches.
I recently got a disclosure letter (as required by laws like Calfornia SB 1386) from Hotels.com because an employee of their auditors (Ernst and Young) had their laptop stolen from their car, with a ton of credit card numbers, mine included. Most readers here will be able to spot the multiple basic security mistakes that led to this situation, indicating that E&Y doesn't care to even get the most fundamental things right.
The "shaming" benefit of these laws has a small benificial effect, however businesses will not really care about security breaches (and arguably, have a duty to shareholders NOT to spend time and money on the problem) until the law or public opinion changes to the point where such a breach seriously hurts the balance sheet or the stock price, and right now we're a long way from there.
You could share your collection of such letters with your employer, but expect a continued "so what?" response.
.... for taking these "analysts" to task with some facts, and publically. Many companies would have just deferred to presenting it all in a libel lawsuit.
Is click fraud an issue? Certainly.
However, these companies purporting to provide analysis and actually providing nonsense are just as guilty of defrauding the advertisers as the click fraudsters they purport to guard against.
It would be interesting to get more tech specs. Would they even seriously consider running Windows on the main processor?
There is little or no value for an engine ECU like this to run an OS at all, the acme of simplicity in time and safety critcal software is a single hardcoded loop... far less opportunity for bugs and (pun) race conditions.
Perhaps it will simply be a branding thing for MS, c.f. the McLaren "Mercedes" engine of a few years ago which was actually built by Ilmor and only ever entered Germany if there was a race there:-)
My first gut, wet finger in the wind estimate as a thinking human with a technical eduaction is that this thing is total snake oil.
Two issues with your approach:
1. You're forgetting the numbers are from a crazy optimist inventor who believes his own propoganda, is given to quoting unscientific data, and is trying like hell to sell his crap:-)
2. I suspect your 50% duty cycle is way, way overestimated. My gut is that the 10kW is a theoretical peak for the fraction of a second an axle is actually passing over the ramp.
Take a different approach - let's figure out n upper bound on how much energy per car this thing could yield from first principles (reminds me of the Physics Part 1A Tripos at Cambridge, the short "back of the envelope" questions):
Suppose each axle ramps up and falls 0.1m when passing over it, that's roughly equivalent to the whole mass of the car doing so.
An average car in the UK masses 1300kg.
Gravity is 9.81 m/s^2
Total available energy per car is thus 0.1 x 1300 x 9.81 = 1275J
Now, let's figure out how many cars can pass over it in a given unit of time... to a rough approximation, this is constant regardless of speed, unless there is a traffic jam, because the inter-car gap is a roughly constant amount of *time* regardless of traffic speed - recall the mantra "Only a fool breaks the two second rule". Let's take that number....
1275J per car x 0.5 cars/sec = theoretical maximum output ceiling of.... drumroll.... 637W. For my fellow petrolheads, this is 0.85 horsepower:-)
Average over a 168 hour week is going to be less than 1/4 of this, due to variability in traffic -> 150W or so.
Regardless of what timebase the inventor is measuring his 10kW peak over, he admits he is at only 800W on his own scale, or less 8% of what he considers maximum possible efficiency.
Applying that 8% to the above calculated theoretical maximum, we are down to a net average of 12W yeild from this thing, which is less than the heat being given off by the idle kitten sitting on my lap as I type this.
Conclusion - as we expected at first gut, total snake oil:-)
The goal of a business is to maximise its profits - it is an amoral entity. If they think they can make more money with a subscription model, they will switch to it.
When it comes to setting pricing models, customer expectations are just as important as delivering value. A great example is the switch from landlines to cellphones. Landlines involve miles of expensive copper coming to your door, and there's a monthly line rental to amortize the cost of installing and maintaining that infrastructure. With a cellphone, your "line" is nothing more than a row in a database table - they aren't going to run out and deploy a new cell tower because Joe Sixpack bought a handset. Yet, they still have a monthly line rental fee, because people expect one and will pay it.
Speaking from some experience (CS undergrad TA while in grad school)....
A few thoughts:
It's essential to teach some assembly at some point in a CS undergrad - A CS course should give full insight into the workings of a real CPU, and should give as wide a variety as possible.
At Edinburgh the first year CS course included assembly, C, and... wait for it... PostScript. PS sounds wacky but it's the only stack based language widely used on modern computers (APL and Forth have died out).
When I was a CS undergrad we had practical classes in no fewer than 17 languages, covering the range of imperative, declarative, functional and stack based, plus specialist toys like theorem provers and SQL.
The best starting point for a university level course is the good old procedural language - in my day it was Pascal, C++ and Modula-3, these days I'd use Java (and many CS departments do).
Also, when you do get to assembler, I don't think using a real assembler is the best teaching tool - assemblers are intended for developing real low level code, or as back end targets for compilers. For teaching at Edinburgh, we used an X11 based tool called xspim which simulated a MIPS R2000 (we actually ran it on Sun Sparc-II's, not that it matters), and it let you single step and examine registers without the complexity of adding a debugger, and had a window where you could see the registers, CPU pipeline etc. displayed.
For introducing programming concepts to a younger audience I think an interpreted language which will execute command lines, allowing them to experiment while avoiding the edit-compile-run cycle, is very important. Some are better than others; when I was a kid the 8 bit micros (Apple, Commodore, Atari,...) had BASIC interpreters in ROM, and they were mostly OK, though the only one with a really good BASIC language (proper procedures, not GOSUB) was the Acorn BBC.
I don't like Pilot or Comal for teaching (failed experiments of the 1980's) but I think LOGO is a very commendable way to make concepts accessible to the young.
A perhaps unexpected place I was made to learn with an interpreted environment was as an undergrad at Cambridge University, where the first programming language taught is ML which for the CS people who haven't heard of is an implementation of lambda calculus with a sane syntax.
And why are developers dumb enough to release email software which runs executables. Is there really any valid use case for running an executable from within and email attachment without doing a "Save As" first?
If you look at the site, the $319 model (2.4GHz Celeron) has no modem - winmodems start at $20 extra.
I'd say these are definitely aimed at the Windows pirate and Linux hacker markets; the (correct, not main aritle) link goes to an entry page which explicitly states that volume Windows licenses aren't valid, and promotes availability of preinstalled Linux as an option on some models.
Local PC stores (around here in Dell country anyway - Austin TX) offer budget AMD Athlon boxes at $299+tax without Windows, and this looks like the nearest equivalent.
For non-tech business users, Dell has another iteration of those itty bitty desktops at around $500 a shot with a less tight spec (more RAM) and an XP Pro OEM license - the difference in cost is not material to a business, less than the hassle of installing the OS and RAM yourself.
FWIW, Dell pays Microsoft around $29 a box for OEM licenses, not the $189 store price:-)
The review takes pains to point out that AMD-64 binaries are as rare as hens teeth, and for the reviewer's primary audience who are gamers on Windows, and who have to run whatever P4-optimised or Athlon-optimised binaries the games vendors supply, that's pretty much true.
However, for many readers of this august forum, things are a bit more flexible - the only app I run at home that works the CPUs at all hard is digital video processing (transcode / mplayer / mpegenc on Linux), all the binaries for which are of course built from source, thus could potentially be 64-bit if one had AMD-64 hardware and suitable compilers.
Likewise, for the scientific community using Beowulf clusters, who generally run home grown code, this surely has a lot of potential.
Can someone post a summary of the state of the art in terms of AMD-64 binary output from gcc/egcs, and some info on how well it runs with CPU-intensive number crunching like this?
Professionally speaking, all our stuff at work is Java based, and we are looking for price/performance and space/performance ratios - our latest batch of servers (1U pizza boxes with desktop 2 CPU chipsets are the best price/perf compromise) have dual P4's because of the better memory bandwidth of the i7500 dual channel setup compared the dual Athlon chipsets which were stuck at single DDR-266 for the longest time, but if there was a byte compiler which targeted AMD-64 I could see potential for really nice price/performance with the Socket 940 systems, and even just using 32-bit code the higher memory bandwidth would help a lot with Java apps.
Sun was the de facto standard 3 years ago - HP and IBM now are taking big chunks out of this market.
The big PA-RISC / Itanium boxes like superdome kick butt, and HP-UX has now matured into a serious industrial grade large server OS - NT, and (much as I love it for small boxes) Linux both have a way to go in this area.
Given the ease of constructing false identities, I would be surprised if someone doesn't make a good business out of creating an entry on this list which will trip up a victim regularly. Would be a great harassment technique for businesses to use on competitors' CEOs or anyone else who is not a celebrity but needs to fly frequently.
1. Default to no on the "this spam is spam-vertising the following URLs" though admittedly this may be rare; since our clients don't spam I only see false positives on spamverts.
2. Use some kind of collaborative filter - SpamCop must have enough users so that instead of acting on single reports, only escalate complaints if the same email is complained about by 20+ users.
I was just on the phone today witb AOLs postmaster team regarding our whitelist status, and the guy told me that only 1 in 2000 copies or so of our clients' emails delivered there gets tagged with a "this is spam!" button by a user which he regards as very low and very healthy. Bear in mind this is several hundred false spam reports per week.
An industry rule of thumb is that about 1% of people will attempt to unsubscribe something they legitimately opted-in for by reporting it as spam, either intentionally or misguidedly.
I am the CTO at a company that provides hosted internet services, including email. We send around 3m pieces of email a week to our customers (opt-in only) lists. Speaking from the legitimate provider's viewpoint, I have a couple of observations:
1. RBL's don't work - community RBL's are used by relatively few mail systems out there; perhaps 1% of email addresses at most have RBL filtering on them at server or personal level, and the audience of any one RBL is just too small for it to have any value. Yes, using an RBL may stop *you* from receiving (some) spam, and in the short term that's all you care about, but it doesn't stop spam from being of value to the spammer. Just like the drug war, we will only win by making it unporfitable to send spam.
The biggest impact we see from RBL's is fielding individual "false-positive" complaints; we don't allow customers to send spam, so we get very few, but there's always the occasional idiot who signs up for a list and forgets, and who is too proud to click on the unsubscribe link.
What matters for delivery of my cleints' legit mailing lists, and what also a spammer cares about for delivering his spam, is delivery to the big guys - AOL, Yahoo, Hotmail, Earthlink, etc. If you're trying to email Joe Public, those guys have 50%+ of the market. Any successful spammer will have his energies focused on end-running their filters and will give a fig if RBL'ed.
2. IP-based filtering for consumer connections *does* work - ISP's and universities need to block port 25 outbound from consumer connections and desktops / 802.11 respectively. Spammers need a network connection; cut off their main source. This would stop not only transient spammers, but those who hack cable modem users.
AOL's efforts here on behalf of their users are commendable, but blocking these IP's *at source* where the blocker is making an informed decision and has the data to keep the filters accurate, is the way to go; a grassroots effort to inform ISPs about the benefits of this would be valuable.
This would leave spammers who are using business-class connections (where the ISP thus delegates the responsibility to run mail servers) which are much, much fewer in number and thus much easier to police.
Before anyone who runs their own SMTP server on tehir home Linux box cries foul, I should point out thay I do to, and I just have sendmail push everything through my ISP's SMTP relay. Big deal.
3. Money - money is they key to this. Make it uneconomic to spam, and the problem goes away.
I have one solution which I think wouls work well; like RBL's or source-end IP filtering, it suffers from the problem that it requires a large critical mass, so I think legal is the best route: I am speaking in terms of the USA, but this would work in other countries.
- anyone sending (pick a number, say 50k) pieces of email a month or more must register with the national email registry - this will cost $10k per year (this kind of price is essential to keep the spammers out, and it covers the cost of operating it). ISPs and email distributors are required both by law and defacto to sign up to be in business, and to them it's a modest cost.
- the registry will maintain an anti-spam policy and audit registrants against their track record of enforcing it; policy would need to include things like each email having clear unsubscribe info, info on where the address came from, etc.
- there will be a national "do-not-send-opt-out-mailings" list against which email marketers must clean lists which they buy; many countries have had this kind of list for phone and snail mail for quite some time, e.g. UK
- ISPs can then use the registry as a whitelist, and simply block every other IP address. Any business / individual too small to need to register can just forward their email via their upstream provider, who is then on the hook to manage their email behaviour.
Yes, it takes away some freedom to operate ones own email service, but equally I don't ru
Anyone who thinks SpamCop is useful has never run a real web or email service.
We get about 3-4 SpamCop complaints a week forwarded by our hosting provider; many of them are for email our customers didn't even originate (and I mean in the colloquial, not technical sense), but just because one of their URLs is in some third-party spam and someone clicked the "Spam" button SpamCop figures that it's a spam-vert.
The other category of SpamCop reports is people who think SpamCop is their universal unsubscribe tool for legitimate, non-spam lists which they did sign up for.
I have never yet received a complaint from SpamCop which was actually indicative of one of my customers or staff actually spamming. We have very strong anti-spam policies (we send 3m pieces of email a week, and can't afford to be blocked by the major ISPs) and nevertheless I've never seen a SpamCop complaint I needed to take action on.
SpamCop's weakness is that they apparently assume all their users are techies who understood what is and is not spam: it places too much reliance on Joe Blow's powers of descrimination. It also suffers from the patently stupid assumption that any URL in an email reported as spam must de facto belong to the spammer. With SpamCop going around, there's nothing to stop a spammer adding "hey check out http://slashdot.org/" to the bottom of every email and making his spam OSDN's problem.
Another big factor is marketing - most of the audience here has enough interest in software to understand their choices; Joe Blow is as likely to be influenced by a piece of content-free marketing ("You inspire us to write great software" ???) as any rational decision making process.
A third is community support - I don't buy the nonsense that F500 apps are better because there is a big company behind them. There is a vast unfunded army of nephews and neighbours who provide hours of support for their own tools of choice, free of charge; usually this is MS stuff and MS is reaping a huge benefit from it (Office at $399.99 is no good to Aunt Mabel if she doesn't have free support) but sometimes it is OSS too (Linux).
The problem with RBL's which undermines their value is often purely their own fault - overzealousness. SpamCop is definitely the worst here.
We run a moderate sized ASP, we host about 150 web sites for non-profit clients and send about 1.5m emails a week, all explicit sign up and opt-in, no spam of course.
Never a week goes by but we recieve a SpamCop complaint, *not* about the emails we send, but about some email neither us nor our clients have ever seen or had anything to do with, that happens to mention one of their URLs in a tag line. The complaint goes not to the spammer or their ISP, not to the our client or us, but the upstream provider.
SpamCop assumes that if an email is reported as spam, then any owner of any URL it links to is a spammer. This nonsense and flawed logic just wastes everyone's time. Just because some spammer in Taiwan likes Slashdot doesn't mean that Taco boy is a spammer.
Slashdot Mirror
Banks do need to tighten up their act and have better methods to verify transactions.
However, phishing only works if you have somewhere to host a phishing site. Most ISPs intentionally make it impossible even for a knowledgeable individual to get hold of someone in their IT department - the phone numbers in ARIN records go to a black hole recording; they might call you back in a few weeks, and they might not.
At work, we host the online fundraising site for the American Red Cross, and in the weeks after Hurricane Katrina, a number of phishers were putting up sites to mimic it, mostly on trojaned home PC's on cable modems right here in the USA. One was on Yahoo!
Both I and the ARC security folks spent a ton of time just tracking down someone in IT at the cable providers to get these sites blocked. It's infuriating to track one of these down only not to be able to get it taken off the internet.
The reason ISPs make their tech staff uncontactable is that they would be deluged with quotidian requests from consumers. We need a way for genuinely urgent stuff to make it through the noise.
One possible way to would be for governments to step up and create a real-time service whereby people could report phishing sites to an automated system (maybe the FBI's I3C unit?) that would be able to indentify genuine reports worth investigating (same IP submitted many times) and have a human operator check them; they would need to have a private database of pager numbers for ISP's staff, with a mandatory requirement for ISPs over a certain size to provide them usable contact info.
The I3C does have a web form but it's literally over 100 boxes and reads like a police statement form (they ask what *county* you're in - yes, really) and it gets referred to an agent for investigation during business hours, not exactly what's needed for a quick turnaround.
Compromising Diebold machines seems to be a regular method of swinging elections in Florida ( UC Berkeley )
The white hat community needs to start undermining vulnerable e-voting technologies whenever and wherever possible. Just put a few Democrats into office in the bible belt.
The CEO of Diebold is on record as a dyed in the wool Republican: "Our job is to deliver the election to George W Bush". Problematic for a vendor with so much trust. But once their machines start swinging votes for the other side, they'll soon start adding security.
A table of MAC address ranges and manufacturers would yield a much more specific data point about the hardware, implying a short list of potential drivers.
I guess it does give you the added info of a potential OS id (Linux / OSX / Windows) but in the typical scenario of a public (unencrypted) wireless system, sniffing application layer data (an HTTP User-Agent header springs to mind) provides a more precise way to get that data.
.... until legal and public pressures force greater accountability to companies for security breaches.
I recently got a disclosure letter (as required by laws like Calfornia SB 1386) from Hotels.com because an employee of their auditors (Ernst and Young) had their laptop stolen from their car, with a ton of credit card numbers, mine included. Most readers here will be able to spot the multiple basic security mistakes that led to this situation, indicating that E&Y doesn't care to even get the most fundamental things right.
The "shaming" benefit of these laws has a small benificial effect, however businesses will not really care about security breaches (and arguably, have a duty to shareholders NOT to spend time and money on the problem) until the law or public opinion changes to the point where such a breach seriously hurts the balance sheet or the stock price, and right now we're a long way from there.
You could share your collection of such letters with your employer, but expect a continued "so what?" response.
.... for taking these "analysts" to task with some facts, and publically. Many companies would have just deferred to presenting it all in a libel lawsuit.
Is click fraud an issue? Certainly.
However, these companies purporting to provide analysis and actually providing nonsense are just as guilty of defrauding the advertisers as the click fraudsters they purport to guard against.
It would be interesting to get more tech specs. Would they even seriously consider running Windows on the main processor?
... far less opportunity for bugs and (pun) race conditions.
:-)
There is little or no value for an engine ECU like this to run an OS at all, the acme of simplicity in time and safety critcal software is a single hardcoded loop
Perhaps it will simply be a branding thing for MS, c.f. the McLaren "Mercedes" engine of a few years ago which was actually built by Ilmor and only ever entered Germany if there was a race there
My first gut, wet finger in the wind estimate as a thinking human with a technical eduaction is that this thing is total snake oil.
:-)
... to a rough approximation, this is constant regardless of speed, unless there is a traffic jam, because the inter-car gap is a roughly constant amount of *time* regardless of traffic speed - recall the mantra "Only a fool breaks the two second rule". Let's take that number....
.... drumroll .... 637W. For my fellow petrolheads, this is 0.85 horsepower :-)
:-)
Two issues with your approach:
1. You're forgetting the numbers are from a crazy optimist inventor who believes his own propoganda, is given to quoting unscientific data, and is trying like hell to sell his crap
2. I suspect your 50% duty cycle is way, way overestimated. My gut is that the 10kW is a theoretical peak for the fraction of a second an axle is actually passing over the ramp.
Take a different approach - let's figure out n upper bound on how much energy per car this thing could yield from first principles (reminds me of the Physics Part 1A Tripos at Cambridge, the short "back of the envelope" questions):
Suppose each axle ramps up and falls 0.1m when passing over it, that's roughly equivalent to the whole mass of the car doing so.
An average car in the UK masses 1300kg.
Gravity is 9.81 m/s^2
Total available energy per car is thus 0.1 x 1300 x 9.81 = 1275J
Now, let's figure out how many cars can pass over it in a given unit of time
1275J per car x 0.5 cars/sec = theoretical maximum output ceiling of
Average over a 168 hour week is going to be less than 1/4 of this, due to variability in traffic -> 150W or so.
Regardless of what timebase the inventor is measuring his 10kW peak over, he admits he is at only 800W on his own scale, or less 8% of what he considers maximum possible efficiency.
Applying that 8% to the above calculated theoretical maximum, we are down to a net average of 12W yeild from this thing, which is less than the heat being given off by the idle kitten sitting on my lap as I type this.
Conclusion - as we expected at first gut, total snake oil
The goal of a business is to maximise its profits - it is an amoral entity. If they think they can make more money with a subscription model, they will switch to it.
When it comes to setting pricing models, customer expectations are just as important as delivering value. A great example is the switch from landlines to cellphones. Landlines involve miles of expensive copper coming to your door, and there's a monthly line rental to amortize the cost of installing and maintaining that infrastructure. With a cellphone, your "line" is nothing more than a row in a database table - they aren't going to run out and deploy a new cell tower because Joe Sixpack bought a handset. Yet, they still have a monthly line rental fee, because people expect one and will pay it.
The following trojaned PC is hosting a load balancer for a network of phishing sites:
http://65.162.56.73/ [65.162.56.73]
Spam is being sent out sending people to that IP, which in turn redirects to a network of 0wned PCs all across the US.
If you have resources, please DoS port 80 on that box.
The ISP whose network it is on has already been contacted, they are slow to act.
The following trojaned PC is hosting a load balancer for a network of phishing sites:
http://65.162.56.73/ [65.162.56.73]
Spam is being sent out sending people to that IP, which in turn redirects to a selection of trojaned PCs all across the US.
If you have resources, please DoS port 80 for him.
The ISP whose network it is on has already been contacted, but they are being slow to act.
The following trojaned PC is hosting a load balancer for a network of phishing sites:
http://65.162.56.73/
Spam is being sent out sending people to that IP, which in turn redirects to a network of 0wned PCs all across the US.
If you have resources, please DoS port 80 on that box.
Speaking from some experience (CS undergrad TA while in grad school)....
... wait for it ... PostScript. PS sounds wacky but it's the only stack based language widely used on modern computers (APL and Forth have died out).
...) had BASIC interpreters in ROM, and they were mostly OK, though the only one with a really good BASIC language (proper procedures, not GOSUB) was the Acorn BBC.
A few thoughts:
It's essential to teach some assembly at some point in a CS undergrad - A CS course should give full insight into the workings of a real CPU, and should give as wide a variety as possible.
At Edinburgh the first year CS course included assembly, C, and
When I was a CS undergrad we had practical classes in no fewer than 17 languages, covering the range of imperative, declarative, functional and stack based, plus specialist toys like theorem provers and SQL.
The best starting point for a university level course is the good old procedural language - in my day it was Pascal, C++ and Modula-3, these days I'd use Java (and many CS departments do).
Also, when you do get to assembler, I don't think using a real assembler is the best teaching tool - assemblers are intended for developing real low level code, or as back end targets for compilers. For teaching at Edinburgh, we used an X11 based tool called xspim which simulated a MIPS R2000 (we actually ran it on Sun Sparc-II's, not that it matters), and it let you single step and examine registers without the complexity of adding a debugger, and had a window where you could see the registers, CPU pipeline etc. displayed.
For introducing programming concepts to a younger audience I think an interpreted language which will execute command lines, allowing them to experiment while avoiding the edit-compile-run cycle, is very important. Some are better than others; when I was a kid the 8 bit micros (Apple, Commodore, Atari,
I don't like Pilot or Comal for teaching (failed experiments of the 1980's) but I think LOGO is a very commendable way to make concepts accessible to the young.
A perhaps unexpected place I was made to learn with an interpreted environment was as an undergrad at Cambridge University, where the first programming language taught is ML which for the CS people who haven't heard of is an implementation of lambda calculus with a sane syntax.
And why are developers dumb enough to release email software which runs executables. Is there really any valid use case for running an executable from within and email attachment without doing a "Save As" first?
If you look at the site, the $319 model (2.4GHz Celeron) has no modem - winmodems start at $20 extra.
:-)
I'd say these are definitely aimed at the Windows pirate and Linux hacker markets; the (correct, not main aritle) link goes to an entry page which explicitly states that volume Windows licenses aren't valid, and promotes availability of preinstalled Linux as an option on some models.
Local PC stores (around here in Dell country anyway - Austin TX) offer budget AMD Athlon boxes at $299+tax without Windows, and this looks like the nearest equivalent.
For non-tech business users, Dell has another iteration of those itty bitty desktops at around $500 a shot with a less tight spec (more RAM) and an XP Pro OEM license - the difference in cost is not material to a business, less than the hassle of installing the OS and RAM yourself.
FWIW, Dell pays Microsoft around $29 a box for OEM licenses, not the $189 store price
I'm surprised no-one else is bringing this up ....
The review takes pains to point out that AMD-64 binaries are as rare as hens teeth, and for the reviewer's primary audience who are gamers on Windows, and who have to run whatever P4-optimised or Athlon-optimised binaries the games vendors supply, that's pretty much true.
However, for many readers of this august forum, things are a bit more flexible - the only app I run at home that works the CPUs at all hard is digital video processing (transcode / mplayer / mpegenc on Linux), all the binaries for which are of course built from source, thus could potentially be 64-bit if one had AMD-64 hardware and suitable compilers.
Likewise, for the scientific community using Beowulf clusters, who generally run home grown code, this surely has a lot of potential.
Can someone post a summary of the state of the art in terms of AMD-64 binary output from gcc/egcs, and some info on how well it runs with CPU-intensive number crunching like this?
Professionally speaking, all our stuff at work is Java based, and we are looking for price/performance and space/performance ratios - our latest batch of servers (1U pizza boxes with desktop 2 CPU chipsets are the best price/perf compromise) have dual P4's because of the better memory bandwidth of the i7500 dual channel setup compared the dual Athlon chipsets which were stuck at single DDR-266 for the longest time, but if there was a byte compiler which targeted AMD-64 I could see potential for really nice price/performance with the Socket 940 systems, and even just using 32-bit code the higher memory bandwidth would help a lot with Java apps.
Sun was the de facto standard 3 years ago - HP and IBM now are taking big chunks out of this market.
The big PA-RISC / Itanium boxes like superdome kick butt, and HP-UX has now matured into a serious industrial grade large server OS - NT, and (much as I love it for small boxes) Linux both have a way to go in this area.
Given the ease of constructing false identities, I would be surprised if someone doesn't make a good business out of creating an entry on this list which will trip up a victim regularly. Would be a great harassment technique for businesses to use on competitors' CEOs or anyone else who is not a celebrity but needs to fly frequently.
Are you thinking of this story ....
http://www.wikipedia.org/wiki/Flash_Crowd
Improving spamcop:
1. Default to no on the "this spam is spam-vertising the following URLs" though admittedly this may be rare; since our clients don't spam I only see false positives on spamverts.
2. Use some kind of collaborative filter - SpamCop must have enough users so that instead of acting on single reports, only escalate complaints if the same email is complained about by 20+ users.
I was just on the phone today witb AOLs postmaster team regarding our whitelist status, and the guy told me that only 1 in 2000 copies or so of our clients' emails delivered there gets tagged with a "this is spam!" button by a user which he regards as very low and very healthy. Bear in mind this is several hundred false spam reports per week.
An industry rule of thumb is that about 1% of people will attempt to unsubscribe something they legitimately opted-in for by reporting it as spam, either intentionally or misguidedly.
I am the CTO at a company that provides hosted internet services, including email. We send around 3m pieces of email a week to our customers (opt-in only) lists. Speaking from the legitimate provider's viewpoint, I have a couple of observations:
1. RBL's don't work - community RBL's are used by relatively few mail systems out there; perhaps 1% of email addresses at most have RBL filtering on them at server or personal level, and the audience of any one RBL is just too small for it to have any value. Yes, using an RBL may stop *you* from receiving (some) spam, and in the short term that's all you care about, but it doesn't stop spam from being of value to the spammer. Just like the drug war, we will only win by making it unporfitable to send spam.
The biggest impact we see from RBL's is fielding individual "false-positive" complaints; we don't allow customers to send spam, so we get very few, but there's always the occasional idiot who signs up for a list and forgets, and who is too proud to click on the unsubscribe link.
What matters for delivery of my cleints' legit mailing lists, and what also a spammer cares about for delivering his spam, is delivery to the big guys - AOL, Yahoo, Hotmail, Earthlink, etc. If you're trying to email Joe Public, those guys have 50%+ of the market. Any successful spammer will have his energies focused on end-running their filters and will give a fig if RBL'ed.
2. IP-based filtering for consumer connections *does* work - ISP's and universities need to block port 25 outbound from consumer connections and desktops / 802.11 respectively. Spammers need a network connection; cut off their main source. This would stop not only transient spammers, but those who hack cable modem users.
AOL's efforts here on behalf of their users are commendable, but blocking these IP's *at source* where the blocker is making an informed decision and has the data to keep the filters accurate, is the way to go; a grassroots effort to inform ISPs about the benefits of this would be valuable.
This would leave spammers who are using business-class connections (where the ISP thus delegates the responsibility to run mail servers) which are much, much fewer in number and thus much easier to police.
Before anyone who runs their own SMTP server on tehir home Linux box cries foul, I should point out thay I do to, and I just have sendmail push everything through my ISP's SMTP relay. Big deal.
3. Money - money is they key to this. Make it uneconomic to spam, and the problem goes away.
I have one solution which I think wouls work well; like RBL's or source-end IP filtering, it suffers from the problem that it requires a large critical mass, so I think legal is the best route: I am speaking in terms of the USA, but this would work in other countries.
- anyone sending (pick a number, say 50k) pieces of email a month or more must register with the national email registry - this will cost $10k per year (this kind of price is essential to keep the spammers out, and it covers the cost of operating it). ISPs and email distributors are required both by law and defacto to sign up to be in business, and to them it's a modest cost.
- the registry will maintain an anti-spam policy and audit registrants against their track record of enforcing it; policy would need to include things like each email having clear unsubscribe info, info on where the address came from, etc.
- there will be a national "do-not-send-opt-out-mailings" list against which email marketers must clean lists which they buy; many countries have had this kind of list for phone and snail mail for quite some time, e.g. UK
- ISPs can then use the registry as a whitelist, and simply block every other IP address. Any business / individual too small to need to register can just forward their email via their upstream provider, who is then on the hook to manage their email behaviour.
Yes, it takes away some freedom to operate ones own email service, but equally I don't ru
Anyone who thinks SpamCop is useful has never run a real web or email service.
We get about 3-4 SpamCop complaints a week forwarded by our hosting provider; many of them are for email our customers didn't even originate (and I mean in the colloquial, not technical sense), but just because one of their URLs is in some third-party spam and someone clicked the "Spam" button SpamCop figures that it's a spam-vert.
The other category of SpamCop reports is people who think SpamCop is their universal unsubscribe tool for legitimate, non-spam lists which they did sign up for.
I have never yet received a complaint from SpamCop which was actually indicative of one of my customers or staff actually spamming. We have very strong anti-spam policies (we send 3m pieces of email a week, and can't afford to be blocked by the major ISPs) and nevertheless I've never seen a SpamCop complaint I needed to take action on.
SpamCop's weakness is that they apparently assume all their users are techies who understood what is and is not spam: it places too much reliance on Joe Blow's powers of descrimination. It also suffers from the patently stupid assumption that any URL in an email reported as spam must de facto belong to the spammer.
With SpamCop going around, there's nothing to stop a spammer adding "hey check out http://slashdot.org/" to the bottom of every email and making his spam OSDN's problem.
Article about Macintosh apples
Another big factor is marketing - most of the audience here has enough interest in software to understand their choices; Joe Blow is as likely to be influenced by a piece of content-free marketing ("You inspire us to write great software" ???) as any rational decision making process.
A third is community support - I don't buy the nonsense that F500 apps are better because there is a big company behind them. There is a vast unfunded army of nephews and neighbours who provide hours of support for their own tools of choice, free of charge; usually this is MS stuff and MS is reaping a huge benefit from it (Office at $399.99 is no good to Aunt Mabel if she doesn't have free support) but sometimes it is OSS too (Linux).
Q: When did you save it?
:-)
A: Yesterday afternoon
find . -name \*.jpg -mmin +1000 -mmin -1500 -print
I think your solution already exists
The problem with RBL's which undermines their value is often purely their own fault - overzealousness. SpamCop is definitely the worst here.
We run a moderate sized ASP, we host about 150 web sites for non-profit clients and send about 1.5m emails a week, all explicit sign up and opt-in, no spam of course.
Never a week goes by but we recieve a SpamCop complaint, *not* about the emails we send, but about some email neither us nor our clients have ever seen or had anything to do with, that happens to mention one of their URLs in a tag line. The complaint goes not to the spammer or their ISP, not to the our client or us, but the upstream provider.
SpamCop assumes that if an email is reported as spam, then any owner of any URL it links to is a spammer. This nonsense and flawed logic just wastes everyone's time. Just because some spammer in Taiwan likes Slashdot doesn't mean that Taco boy is a spammer.