Airlines can have a monopoly on a certain route, ie. Hawaiian and Aloha airlines are the only airlines that fly interisland in Hawaii (src). Also, airlines used to be a government granted monopoly (src), but have since been deregulated, to a point.
In the end, if you had $100M dollars and wanted to start an airline that didn't check IDs, could you?
I am a Citbank customer, and this is the response they sent me for a recent report.
To: "??? ???"
Subject: RE: the e-mail spoof you reported From: "emailspoof" Date: Sun, 18 Jul 2004 23:17:27 -0400
Thank you for reporting this incident.
If you've replied to a suspicious e-mail, and provided personal or sensitive information about your account - please call 1-800-374-9700 immediately.
ABOUT THIS MESSAGE Please do not reply to this Customer Service e-mail. For account-specific inquiries, kindly call 1-800-374-9700 or visit www.citibankonline.com.
this suggests that the best encryption would be a combination of a one-time pad, bad grammar, and random, touretic additions.
'we hulad caced the joint later earlier, and but then but realized what there was but no security, so it seemed hap fabby like fabby a goood time to taake teh money und run.'
I believe APC has a guarantee for this sort of thing. If you call them up, and send in the damaged equipment, they have one of the senior engineers look at the equipment to determine what happened. Then they either pay you the value of your equipment, or they tell you what you are doing wrong.
I am related to someone who used to work at APC, so call first to make sure they still do this.
The exhaustive set of originals is going to be on the order of 2^(8*(bytes_in_lossless_jpeg - bytes_in_lossy_jpeg)). This is going to be many orders of magnitude greater than the number of electrons in the universe times the number of measurable cycles of time. Meaning, the only way it can possibly be done is with quantum computers or some other revolutionary advance in computing.
The loss is not reversible. Therefore, you would have to guess each bit that was discarded. So, for each bit of information discarded, your number of possible originals would double. Considering how many bits smaller a lossy jpg is than a lossless jpg, this is a lot of possible originals. And they would all look nearly identical.
Actually, it can fairly easily be proven that popular cryptographic hash functions are NOT collision free.
Let's say the hash algo produces a 256 bit hash. That's 2^256 possible combinations. Let's say we hash 2^256+1 items using our algo. We are guaranteed at least one hash collision.
Of course, doing this would take an extremely long time (ie. long past our lifetimes), or a revolutionary advance in computing (ie. quantum computing).
The language of Regulation E and its commentary specifically require that compliance with the error resolution procedures in 205.11 must put the customer back in the same position as he/she would have been in had the transaction in question not occurred. That means refunding any and all fees or service charges, or anything else that were caused by the transaction or that would not have posted if the transaction didn't happen. And crediting of interest, if interest is paid on the account. And, if the transaction resulted in a dip into the customer's OD line, a reversal of any fee or interest paid by the customer there. This assumes, of course, the bank is either doing a provisional credit or a final credit. If provisional, and you decide later that the transaction posted properly (denying the claim), you can undo all that you did.
(of course, IANAL, and I may *easily* be misunderstanding things.)
Have you considered making a proxy type version of the site?
Basically, the downloads a program. They run the program, and go to the website at http://localhost:some_random_port. The program then retrieves the data from Odeon's site and redisplays it in your format. You do not invclude any of Odeon's trademarks in the program, not as included images, nothing. You simply download them out of Odeon's site, and redisplay them in a user friendly manner.
OR this may just be too much work for not enough reward, and people would still need to trust your proxy code.
Another alternative is to publish on Freenet. Anyone could do this, and as a matter of fact, you probably shouldn't do this yourself.
I read an interesting article somewhere about why that occurs. And it seems that people learn to differentiate other people based on certain attributes of their faces, be it their cheekbones, their forehead, their noses, etc., and other attributes become less significant in differentiation. So, if you want to recognize people better, spend a little extra time looking at all of the individual attributes of their faces, and they won't "all look alike" anymore.
Crossfire of course! The graphics are a bit simple, but it's got nearly as much depth as nethack, and it's a MMORPG. Gameplay is a bit similar to gauntlet, but with CRPG elements.
Number 1 and number 3 are the issues he's trying to solve. I think it's intractable, but that's my opinion.
As for number 2, make it part of a ruleset (like SpamAssassin), and it can be adopted gradually. For fun, here's the whole form:
(in short, all potential implementation problems that are difficult in and of themselves. The worst being identity theft via worm or virus. But, if he got a perfect solution to his problem, it could solve spam problems right quick.) ---- Your post advocates a
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses ( ) Mailing lists and other legitimate email uses would be affected ( ) No one will be able to find the guy or collect the money ( ) It is defenseless against brute force attacks ( ) It will stop spam for two weeks and then we'll be stuck with it (x) Users of email will not put up with it ( ) Microsoft will not put up with it ( ) The police will not put up with it ( ) Requires too much cooperation from spammers ( ) Requires immediate total cooperation from everybody at once (x) Many email users cannot afford to lose business or alienate potential employers ( ) Spammers don't care about invalid addresses in their lists ( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it ( ) Lack of centrally controlling authority for email ( ) Open relays in foreign countries ( ) Ease of searching tiny alphanumeric address space of all email addresses ( ) Asshats ( ) Jurisdictional problems ( ) Unpopularity of weird new taxes ( ) Public reluctance to accept weird new forms of money ( ) Huge existing software investment in SMTP (x) Susceptibility of protocols other than SMTP to attack (x) Willingness of users to install OS patches received by email ( ) Armies of worm riddled broadband-connected Windows boxes ( ) Eternal arms race involved in all filtering approaches (x) Extreme profitability of spam (x) Joe jobs and/or identity theft ( ) Technically illiterate politicians ( ) Extreme stupidity on the part of people who do business with spammers ( ) Dishonesty on the part of spammers themselves ( ) Bandwidth costs that are unaffected by client filtering ( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical ( ) Any scheme based on opt-out is unacceptable ( ) SMTP headers should not be the subject of legislation ( ) Blacklists suck (x) Whitelists suck ( ) We should be able to talk about Viagra without being censored ( ) Countermeasures should not involve wire fraud or credit card fraud ( ) Countermeasures should not involve sabotage of public networks ( ) Countermeasures must work if phased in gradually ( ) Sending email should be free (x) Why should we have to trust you and your servers? ( ) Incompatiblity with open source or open source licenses ( ) Feel-good measures do nothing to solve the problem ( ) Temporary/one-time email addresses are cumbersome ( ) I don't want the government reading my email ( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work. ( ) This is a stupid idea, and you're a stupid person for suggesting it. ( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Except it won't. The arithmatic is a little tricky, and I don't know it off the top of my head. Suffice it to say, (maxint 0) && (minint 0). (They redefined greater than and less than.)
"netstat -n -a | more" will tell you what ports are in use. This is a simple preliminary check. It will give you an idea of what to look for.
Fport is a great little tool that will tell you what processes are listening on what ports. It's many times better than netstat. This will likely give most trojans. Look for ports you don't recognize, and programs you don't recognize. Keep in mind that fport lists outgoing connections as well as incoming ones, and doesn't differentiate. Any ports or programs you don't recognize, google it and figure out what it is, how it got there, etc.
Next, check the standard startup locations. HKLM/Software/Microsoft/Windows/CurrentVersion/Run * and the same under HCU/Software/Microsoft/Windows/CurrentVersion/Run* are the most popular places trojans are placed.
Also, look for hidden directories, and large files. You may be hosting an FTP Warez dump. Look for *.nfo;*.rar;*.ace;*.0*;*gamez*;*appz* and anything else you can think of.
Unfortunately, I don't know of any Md5 sum tools or anything for windows.
Finally, rebuild, if you can. Rebuild from current data, and known good code. Don't trust code on the compromised machine. Best practice for recovering from a compromise type stuff. That really should be your first, last, and only step, but I doubt you'll be allowed, considering that your boss isn't taking security seriously.
"The sendmail.conf file looks like someone banging there head against the keyboard, after working with it for a while, I can see why." (Attribution forgotten, if anyone knows, please tell me.)
Computer programming requires a very intuitive grasp of boolean logic (Discrete math), symbolic logic (Algebra) and set theory (Discrete math again). Also, a good short to mid term memory is more important than intelligence. For many people, programming is a state of mind.
For example, the speed of a bubble sort is O(n^2). A trivial bubble sort has to iterate over a list for every element in that list. So, assuming n items in the list, the bubble sort needs to go through the list n times, each time going through the list (in a nested loop) n times. Giving you a speed of n*n, or n^2. Anyway, a merge sort is O(n*log(n)), but it requires 2n memory, whereas a bubble sort is done in n memory. So, which would be better for your application?
Network administration usually also requires a bit of math.
For example, the IP addresses 10.1.1.1 and 10.1.5.8 are in the subnet 255.255.248.0. To do this, I converted both IPs to binary, and found the most significant 0, and then 0'ed out all of the bits below that. Then I converted back to decimal.
(I simplified the examples, because explaining subnets or sorting is beyond the scope of this post.)
In short, I rarely do basic math, but some of the more advanced stuff is critical. I would suggest grabbing a copy of a programming language, and attempting to modify a simple program to do something else, to see if you have what it takes to be a programmer.
I'd suggest Perl, but that's my opinion, and opinions about languages vary greatly. Perl is one of the more natural languages, and may be more forgiving for you. Then again, it may cause more problems because you're not explicit enough in telling it what you want, in which case try Python.
Slashdot Mirror
Airlines can have a monopoly on a certain route, ie. Hawaiian and Aloha airlines are the only airlines that fly interisland in Hawaii (src). Also, airlines used to be a government granted monopoly (src), but have since been deregulated, to a point.
In the end, if you had $100M dollars and wanted to start an airline that didn't check IDs, could you?
Except that the airlines are monopolies. They operate under stricter standards than the rest of us.
this suggests that the best encryption would be a combination of a one-time pad, bad grammar, and random, touretic additions.
'we hulad caced the joint later earlier, and but then but realized what there was but no security, so it seemed hap fabby like fabby a goood time to taake teh money und run.'
So that explains those emails from Nigeria!
Support the EFF by installing spyware!
By hacking the DLL
You've obviously never done a stint in tech support.
wanders off muttering about stupid users
That exploit seems obvious. Wonder if it would work.
I believe APC has a guarantee for this sort of thing. If you call them up, and send in the damaged equipment, they have one of the senior engineers look at the equipment to determine what happened. Then they either pay you the value of your equipment, or they tell you what you are doing wrong.
I am related to someone who used to work at APC, so call first to make sure they still do this.
The exhaustive set of originals is going to be on the order of 2^(8*(bytes_in_lossless_jpeg - bytes_in_lossy_jpeg)). This is going to be many orders of magnitude greater than the number of electrons in the universe times the number of measurable cycles of time. Meaning, the only way it can possibly be done is with quantum computers or some other revolutionary advance in computing.
The loss is not reversible. Therefore, you would have to guess each bit that was discarded. So, for each bit of information discarded, your number of possible originals would double. Considering how many bits smaller a lossy jpg is than a lossless jpg, this is a lot of possible originals. And they would all look nearly identical.
Actually, it can fairly easily be proven that popular cryptographic hash functions are NOT collision free.
Let's say the hash algo produces a 256 bit hash. That's 2^256 possible combinations. Let's say we hash 2^256+1 items using our algo. We are guaranteed at least one hash collision.
Of course, doing this would take an extremely long time (ie. long past our lifetimes), or a revolutionary advance in computing (ie. quantum computing).
[x] No Karma Bonus, because this is off topic
http://www.bankersonline.com/ubbthreads/showflat.
(of course, IANAL, and I may *easily* be misunderstanding things.)
Have you considered making a proxy type version of the site?
Basically, the downloads a program. They run the program, and go to the website at http://localhost:some_random_port. The program then retrieves the data from Odeon's site and redisplays it in your format. You do not invclude any of Odeon's trademarks in the program, not as included images, nothing. You simply download them out of Odeon's site, and redisplay them in a user friendly manner.
OR this may just be too much work for not enough reward, and people would still need to trust your proxy code.
Another alternative is to publish on Freenet. Anyone could do this, and as a matter of fact, you probably shouldn't do this yourself.
I read an interesting article somewhere about why that occurs. And it seems that people learn to differentiate other people based on certain attributes of their faces, be it their cheekbones, their forehead, their noses, etc., and other attributes become less significant in differentiation. So, if you want to recognize people better, spend a little extra time looking at all of the individual attributes of their faces, and they won't "all look alike" anymore.
Crossfire of course! The graphics are a bit simple, but it's got nearly as much depth as nethack, and it's a MMORPG. Gameplay is a bit similar to gauntlet, but with CRPG elements.
local root exploit + remote non-root exploit = remote root exploit
Not always, but often enough to count.
Number 1 and number 3 are the issues he's trying to solve. I think it's intractable, but that's my opinion.
As for number 2, make it part of a ruleset (like SpamAssassin), and it can be adopted gradually. For fun, here's the whole form:
(in short, all potential implementation problems that are difficult in and of themselves. The worst being identity theft via worm or virus. But, if he got a perfect solution to his problem, it could solve spam problems right quick.)
----
Your post advocates a
(x) technical ( ) legislative ( ) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
(x) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
(x) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!
Nice idea, Michael, but why would I want this?
What problem does it solve?
Email.
No more spam.
If you can verify that each message comes from a specific person, you can filter out the known spammers and get on with your life.
If you're creative, you can come up with more problems for this solution fairly easily.
Except it won't. The arithmatic is a little tricky, and I don't know it off the top of my head. Suffice it to say, (maxint 0) && (minint 0). (They redefined greater than and less than.)
On Windows,...
n ** are the most popular places trojans are placed.
"netstat -n -a | more" will tell you what ports are in use. This is a simple preliminary check. It will give you an idea of what to look for.
Fport is a great little tool that will tell you what processes are listening on what ports. It's many times better than netstat. This will likely give most trojans. Look for ports you don't recognize, and programs you don't recognize. Keep in mind that fport lists outgoing connections as well as incoming ones, and doesn't differentiate. Any ports or programs you don't recognize, google it and figure out what it is, how it got there, etc.
Next, check the standard startup locations. HKLM/Software/Microsoft/Windows/CurrentVersion/Ru
and the same under HCU/Software/Microsoft/Windows/CurrentVersion/Run
Also, look for hidden directories, and large files. You may be hosting an FTP Warez dump. Look for *.nfo;*.rar;*.ace;*.0*;*gamez*;*appz* and anything else you can think of.
Unfortunately, I don't know of any Md5 sum tools or anything for windows.
Finally, rebuild, if you can. Rebuild from current data, and known good code. Don't trust code on the compromised machine. Best practice for recovering from a compromise type stuff. That really should be your first, last, and only step, but I doubt you'll be allowed, considering that your boss isn't taking security seriously.
"The sendmail.conf file looks like someone banging there head against the keyboard, after working with it for a while, I can see why."
(Attribution forgotten, if anyone knows, please tell me.)
I would, but I don't have a 5 1/4" floppy drive for the key disk anymore, after my little brother stuck a CD-ROM in it, and ripped the head off.
I have something like that on Moz:
http://diggler.mozdev.org/
Clicking the little X button clears the URL bar, while the dropdown button gives you a nice, easy way to navigate up directories.
Computer programming requires a very intuitive grasp of boolean logic (Discrete math), symbolic logic (Algebra) and set theory (Discrete math again). Also, a good short to mid term memory is more important than intelligence. For many people, programming is a state of mind.
For example, the speed of a bubble sort is O(n^2). A trivial bubble sort has to iterate over a list for every element in that list. So, assuming n items in the list, the bubble sort needs to go through the list n times, each time going through the list (in a nested loop) n times. Giving you a speed of n*n, or n^2. Anyway, a merge sort is O(n*log(n)), but it requires 2n memory, whereas a bubble sort is done in n memory. So, which would be better for your application?
Network administration usually also requires a bit of math.
For example, the IP addresses 10.1.1.1 and 10.1.5.8 are in the subnet 255.255.248.0. To do this, I converted both IPs to binary, and found the most significant 0, and then 0'ed out all of the bits below that. Then I converted back to decimal.
(I simplified the examples, because explaining subnets or sorting is beyond the scope of this post.)
In short, I rarely do basic math, but some of the more advanced stuff is critical. I would suggest grabbing a copy of a programming language, and attempting to modify a simple program to do something else, to see if you have what it takes to be a programmer.
I'd suggest Perl, but that's my opinion, and opinions about languages vary greatly. Perl is one of the more natural languages, and may be more forgiving for you. Then again, it may cause more problems because you're not explicit enough in telling it what you want, in which case try Python.
Good luck.