A very significant percentage of spam meets two criteria: 1) it already breaks some existing state or federal law and 2) it ultimately desires someone to supply a US-based credit card (Visa or Mastercard).
The problem with all our wonderful anti-spam laws is that they are not being enforced, and probably never will be, except erratically for 1 or 2 really, really bad repeat offenders. So, instead of using laws to take bad people to court, use laws to make law-abiding people quit aiding and abetting spammers.
Thus, the weak underbelly of many spammers is that some minion of MC/VISA is letting them process cc transactions.
Solution: the FTC should allocate 3 lawyers and 3 geeks, and (the easy part) demand the cooperation of MC/VISA. The 3 geeks maintain emailboxes in all 50 states and a batch of email addresses designed to gather spam. They essentially provide the 3 lawyers with "quality" spam, that meets the 2 criteria mentioned above.
The 3 lawyers select spam that has broken a law, follow the spam-requested transaction to the point where it requires a cc transaction, and do it. At that point, there is a CC transaction involving a broken law. The lawyers provide MC/VISA with the information on what merchant processor handled the transaction and what laws were broken. MC/VISA shutdown that account, or simply dings them $20,000 for each offense.
Note that, unlike the FTC, MC/VISA can penalize any customer they choose to without due process (and they have a record of doing so). They definitely do not want to participate in illegally advertised transaction if a spotlight is shown on it.
The need to process credit cards is the weak link in much of the spam business, and it is very hard for them to work around an inability to obtain the services of a merchant credit card account. MC/VISA have tightened up the requirements for getting CC services in the past, and they can certainly do so again.
MC/VISA might even elect to make the process more automated by issuing the lawyers some "special" credit cards. When they see a transaction for any "special" number come through, they immediately shutdown that processor. (But you better make sure those special numbers aren't as easy to steal as all other credit card numbers seem to be!)
3 lawyers plus 3 geeks could make a bigger dent in spam than any collective effort to date has produced.
Conclusion: price depends on your individual shipping and sales tax charges, but Amazon is likely not the best price unless you are buying something else to get free shipping.
Dang, Windows crashed while submitting my detailed price analysis. Summary: due to free shipping Amazon.com has the best price, UNLESS you are in a state where Amazon charges state taxes OR are in a state that charges no (or very low) sales taxes. In that case, the best price is likely (believe it or not) Walmart.com. Check the Walmart shipping charges to be sure.
I used to be all up in that there particular topic. Lessee, if I can remember even the gist nowadays.
The real must-read is the Apache document about why they do lingering closes the way they do (continue reading until no more input from client, and only then shut connection). You need to understand that for sure.
Under some (fairly popular) conditions, the server closing the connection will be the only way the client knows there ain't more data coming (because the server elected to not include a Content-Length header).
The sticky second connections you refer to are likely persistent connections, a hack on top of HTTP 1.0, and an integral part of HTTP 1.1.
If you control the web servers using your router, you might be able to ask them to limit the amount of time they will tolerate such connections being open (the server is free to close them).
Although Amazon and Yahoo may abuse many things, the server, of course does not get to open a connection to your clients, "sticky" or otherwise. If the server page has a lot of graphic crud linked off it, the client browser is perhaps more likely to sit there with a persistent connection to pipeline requests for all of them. Don't recall seeing any IE setting that lets you control how much it abuses persistent connections.
No, actually that depends entirely on what version of telnet you are using and how it is configured. My W2K telnet, for example, transmits a CRLF when I press the Enter key (and also if I press Ctrl-M, making it impossible to transmit a CRCR sequence).
To reframe my question: why do you care whether LFLF is accepted instead of CRLFCRLF? Do you know of some client that transmits the non-standard sequence? I'm in the middle of coding an HTTP server, which is why the existence of such a client would interest me...
Are there actually HTTP clients out there using LFLF instead of CRLFCRLF? Or is this just a convenience to people testing by hand-typing queries via telnet?
I thought it was common knowledge by now that you always check (at least) buy.com for the cheapest price before pointing people to bn.com or amazon.com.
bn.com price: $44.95 buy.com price: 28.31
I have no affiliation with buy.com, except I've saved a lot of money with them.
Didn't spot two of my favorite techniques (although they're probably somewhere in that pile).
Only display mailto: links to paying customers who are logged on. This is not too hard if you already generate all pages dynamically and happen to maintain a database of paying customers. Can be viewed as a reward for logging on.
Detect the nasty bots by placing a juicy link on each page that spam bots can see but humans can't. E.g., an href that surrounds a 1-pixel dot that is the same color as the background.
But I still wish someone would make an Apache mod that lets you devote a single process to tying up a specified number of spambot connections.
Re:[ot] Anybody ever tried developing their own?
on
Writing Documentation
·
· Score: 0, Troll
I just write in a very simple subset of XML,
creating new tags whenever needed. The subset
is simple enough that the C function I use to
parse it is about 120 lines (speed of parsing
is blindingly fast enough to never be an issue).
Once the documents are in XML, then I change
them into whatever I want. I use a custom C
program to turn a bunch of XML files into
input for PDFLaTeX when I want to get a PDF
file. I use XSLT to turn them into HTML.
I use LaTeX to get PS. HTML, PDF, and PostScript
are about the only output formats I care about at
the moment, but I'm betting I'll be able to fairly
easily transform the XML into any other output
format I need in the future.
I played with DocBook, and would be more likely
to use it if I expected other people to maintain
my docs in the future. However, by evolving my
own set of tags, I found it much easier to
remember what does what, and of course to make
the functionality exactly fit my needs.
There is plenty of prior art on the general subject of dynamic patching to intercept functions, though I'm not sure that's of any use to you.
The first patent you listed points to one example, from a magazine I once edited. Dynamically intercepting code was a popular topic around that time. A little poking also turned up Windows/DOS Developer's Journal May 1993 and August 1993, p. 35, where Paul Bonneau offers reusable code for "hooking" Windows functions on the fly.
Not being a lawyer, I naively assume you would want to try to get the aggressor to point out explicitly what aspect of their patent they feel is infringed by your code before doing anything else. Tom's ("Hi Tom!") assertion that the patent "covers the concept of patching the memory management library in a given process." is at the very least an overstatement, since the first patent itself provides prior art examples that patch the memory management library.
Finally, I have to wonder if there's any chance that you could use something like Microsoft's Patch-o-Rama to do the dirty work. That places some of the patching work out of your hands, but if the patent holder's main aim is to be anti-competitive rather than to enforce the actual limits of their patent, then it seems like there's not much to stop them from pressing forward with legal action.
It's a shame that patents are granted for things like this that are clearly techniques and not inventions at all. If this is an invention, then my dog is Edison reincarnate, as she has "invented" all manner of egress from the yard (and should be able to sue other dogs the world 'round).
Slashdot Mirror
A very significant percentage of spam meets two criteria: 1) it already breaks some existing state or federal law and 2) it ultimately desires someone to supply a US-based credit card (Visa or Mastercard).
The problem with all our wonderful anti-spam laws is that they are not being enforced, and probably never will be, except erratically for 1 or 2 really, really bad repeat offenders. So, instead of using laws to take bad people to court, use laws to make law-abiding people quit aiding and abetting spammers.
Thus, the weak underbelly of many spammers is that some minion of MC/VISA is letting them process cc transactions.
Solution: the FTC should allocate 3 lawyers and 3 geeks, and (the easy part) demand the cooperation of MC/VISA. The 3 geeks maintain emailboxes in all 50 states and a batch of email addresses designed to gather spam. They essentially provide the 3 lawyers with "quality" spam, that meets the 2 criteria mentioned above.
The 3 lawyers select spam that has broken a law, follow the spam-requested transaction to the point where it requires a cc transaction, and do it. At that point, there is a CC transaction involving a broken law. The lawyers provide MC/VISA with the information on what merchant processor handled the transaction and what laws were broken. MC/VISA shutdown that account, or simply dings them $20,000 for each offense.
Note that, unlike the FTC, MC/VISA can penalize any customer they choose to without due process (and they have a record of doing so). They definitely do not want to participate in illegally advertised transaction if a spotlight is shown on it.
The need to process credit cards is the weak link in much of the spam business, and it is very hard for them to work around an inability to obtain the services of a merchant credit card account. MC/VISA have tightened up the requirements for getting CC services in the past, and they can certainly do so again.
MC/VISA might even elect to make the process more automated by issuing the lawyers some "special" credit cards. When they see a transaction for any "special" number come through, they immediately shutdown that processor. (But you better make sure those special numbers aren't as easy to steal as all other credit card numbers seem to be!)
3 lawyers plus 3 geeks could make a bigger dent in spam than any collective effort to date has produced.
- $20.99 + shipping www.amazon.com
- $29.99 + shipping www.bn.com
- $18.89 + shipping www.walmart.com
- $17.69 + shipping www.overstock.com
Conclusion: price depends on your individual shipping and sales tax charges, but Amazon is likely not the best price unless you are buying something else to get free shipping.Dang, Windows crashed while submitting my detailed price analysis. Summary: due to free shipping Amazon.com has the best price, UNLESS you are in a state where Amazon charges state taxes OR are in a state that charges no (or very low) sales taxes. In that case, the best price is likely (believe it or not) Walmart.com. Check the Walmart shipping charges to be sure.
www.overstock.com has it cheaper than amazon, even after you pay for the shipping. Dang, wish I could make some affiliate bucks from that!
Once again, bn.com has about the worst price on the web ($39.99). buy.com has it for $26.59:
No, actually that depends entirely on what version of telnet you are using and how it is configured. My W2K telnet, for example, transmits a CRLF when I press the Enter key (and also if I press Ctrl-M, making it impossible to transmit a CRCR sequence).
To reframe my question: why do you care whether LFLF is accepted instead of CRLFCRLF? Do you know of some client that transmits the non-standard sequence? I'm in the middle of coding an HTTP server, which is why the existence of such a client would interest me...
Are there actually HTTP clients out there using LFLF instead of CRLFCRLF? Or is this just a convenience to people testing by hand-typing queries via telnet?
I thought it was common knowledge by now that you always check (at least) buy.com for the cheapest price before pointing people to bn.com or amazon.com.
bn.com price: $44.95
buy.com price: 28.31
I have no affiliation with buy.com, except I've saved a lot of money with them.
Didn't spot two of my favorite techniques (although they're probably somewhere in that pile).
But I still wish someone would make an Apache mod that lets you devote a single process to tying up a specified number of spambot connections.
I just write in a very simple subset of XML, creating new tags whenever needed. The subset is simple enough that the C function I use to parse it is about 120 lines (speed of parsing is blindingly fast enough to never be an issue).
Once the documents are in XML, then I change them into whatever I want. I use a custom C program to turn a bunch of XML files into input for PDFLaTeX when I want to get a PDF file. I use XSLT to turn them into HTML. I use LaTeX to get PS. HTML, PDF, and PostScript are about the only output formats I care about at the moment, but I'm betting I'll be able to fairly easily transform the XML into any other output format I need in the future.
I played with DocBook, and would be more likely to use it if I expected other people to maintain my docs in the future. However, by evolving my own set of tags, I found it much easier to remember what does what, and of course to make the functionality exactly fit my needs.
The first patent you listed points to one example, from a magazine I once edited. Dynamically intercepting code was a popular topic around that time. A little poking also turned up Windows/DOS Developer's Journal May 1993 and August 1993, p. 35, where Paul Bonneau offers reusable code for "hooking" Windows functions on the fly.
Not being a lawyer, I naively assume you would want to try to get the aggressor to point out explicitly what aspect of their patent they feel is infringed by your code before doing anything else. Tom's ("Hi Tom!") assertion that the patent "covers the concept of patching the memory management library in a given process." is at the very least an overstatement, since the first patent itself provides prior art examples that patch the memory management library.
Finally, I have to wonder if there's any chance that you could use something like Microsoft's Patch-o-Rama to do the dirty work. That places some of the patching work out of your hands, but if the patent holder's main aim is to be anti-competitive rather than to enforce the actual limits of their patent, then it seems like there's not much to stop them from pressing forward with legal action.
It's a shame that patents are granted for things like this that are clearly techniques and not inventions at all. If this is an invention, then my dog is Edison reincarnate, as she has "invented" all manner of egress from the yard (and should be able to sue other dogs the world 'round).