Slashdot Mirror


User: Tackhead

Tackhead's activity in the archive.

Stories
0
Comments
6,382
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,382

  1. Evolution in Action on Los Alamos Security Infiltrated By Reporter · · Score: 5, Funny
    > Around facilities like the biology lab, where anthrax and other biotoxins have been handled, no sentries stand guard at all. Nor is there any kind of fence to keep the curious and the malicious away -- not even a piece of string.

    There is absolutely nothing to prevent anyone from just walking in and, *sniffle*, exploring and *wheeze*, doing whatever they *cough, hack, choke*, gawddamn, I feel like crap today. Better go have a lie down before I write the rest of this article. *glurgle*

  2. Re:Creeping fascism on Secret Irish Data Repository Uncovered · · Score: 1
    > I don't quite agree with this. I think that most people want _security_ - the ability to control their own lives. They instinctively understand, however, that to have security, they must have enough power to fend off influences which might take that control away from them.

    You're half right.

    Yes, they want security, loosely defined as control over their own lives.

    No, they do not believe that security is obtained by "having enough power to fend off influences that might take that control away from them."

    Instead, they believe that security is obtained by GIVING OTHERS THE POWER to fend off said nasty things FOR THEM. And no, this isn't a liberal-versus-conservative thing.

    Liberals: "Only the police and the military should have guns". That is, you don't have a right to kick bad-guy-ass. Bad-guy-ass-kicking is the privilege of your betters, who graciously provide your security.

    Coservatives: "We must eliminate privacy to eliminate terrorism." You don't have a right to privacy. Privacy is the privilege of your betters, who graciously provide your security.

    Stop thinking of yourself as a human being with rights. Start thinking of yourself as a sheep, who exists only to be sheared.

    The healthy sheep are permitted to graze on whatever grass they can find, because they produce plenty of wool while alive (sheared at 50% income taxes), and meat when slaughetered (inheritance taxes).

    The scrawny sheep are given better pastures (welfare and social benefits) in which to graze, because they greatly outnumber the healthy sheep, and produce the will of the herd (the 50% of the population that pays 5% of the taxes - elects the politicians that collect the other 95%).

    Lest you (or the shepherds!) think I'm trying to diss the shepherding system, I'm not. I'm a sheep. I'm proud of it.

    Freedom is overrated. As a sheep, I may be no more free today than I was 5000 years ago, but my standard of living has greatly improved. The alternative is to go back to the days when there were no shepherds. Scrabbling around mountaintops for 30 years trying not to be eaten by wolves sucked. Under the sheperds, I get antibiotics and can live to 60 or 70, eat better grass, fresher water, and there's a Bovendo Game-Cube in my pen. It's a fair cop.

  3. Re:"Legitimate Spam" on Ask ISP Owner Barry Shein About the Spam Wars · · Score: 1
    > I have determined that he is 100% correct and legal is his methods. He does not buy databases, people opt into his directly. Yet, he has been kicked off of three networks (MAJOR PROVIDERS) because of this.

    Well, if what you say is true, there's always Verio or Level3 :)

  4. Re:TR0LL TU3SDAY! STINKY STICKY ANUS! on Psychologist Consoles Data Loss Victims · · Score: 1
    > Wow, I think you've got that special sensitive touch when dealing with people. You'd make an excellent addition to Kelly and the team down at DriveSavers.
    >
    > 'My hard disk is fragged.'
    > 'And this matters to me how?'
    >
    > Either that or writing children's novels.

    Worked for Edward Gorey, didn't it?

    The BOFHlycrumb Tinies:

    A is for Apple, who's goin' out of biz,
    B is for Bytes, gone up in a fizz,
    C is your Call to a tech support hack,
    D is your Data, it ain't comin' back.
    E is for Email, Outleak's .VBS risk,
    F is for Fsck, what you do to a disk,
    G is for Gorey, more fun than goatse.cx,
    H is for Hacker, what will he code next?
    I is for iMac, that fruit-colored beast,
    J is for Jackoff, when fscking does cease.
    K is for Kazaa and the file-sharing wars,
    L is for Linux, that's GNU/Lin of course,
    M is for Magnets that kill your pr0n dead,
    N is for Nutella, it goes on your bread.
    O is for Owned, use a zero, you n00b!
    P is for Pr0n, with zeroes and b00bs.
    Q is for Quicktime, a video hack,
    R is for RAM, add more or go slack.
    S is for Slashdot, with its hot grits and more,
    T is for Troll, which still beats Karma Whore.
    U is for USB storage device,
    V is for Virtual sex with your mice.
    W is for Warez, piled high on the shelf,
    X is for X Window System, none else,
    Y is for YOU WILL BACK UP FROM NOW ON,
    Z is for Zapped, 'cuz your data's still gone.

  5. Re:It is valid. on Michigander Beats Spammer With "Junk Fax" Law · · Score: 4, Insightful
    > The definition of a fax machine under the TCPA does cover a computer with faxmodem and printer. There are many lawyers who argue that it is not intended to be used that way and the courts will not support it. I have been unable to find any binding case (ruled on by an appeals court) in the country that has said a computer with faxmodem and printer does not qualify as a fax machine.

    IANAL.

    How about a computer, a dialup modem, fetchmail or other POP client, and a cron job that regularly fetches mail and pipes the newly-fetched mail to lpr?

    That also sounds like it would qualify as equipment (computer, modem, printer) which has the capacity transcribe text or images from an electronic signal (noise to/from the modem) received over a regular telephone line (which is why I specified dialup) onto paper (which is why I specified lpr and a printer).

    For a better case, burn a Linux distro onto a CDROM, and turn an old PC/modem/printer as an embedded system. "Well, some of us like to print our email. I don't like to check my email. When I come home from a hard day at the office, all my email is printed out in the output tray of the printer, where I can easily read it."

    That sounds nuts to us, but I can think of several non-technical people who actually do treat their email that way -- "Email? That's like interoffice memos! Yeah, my secretary prints it all out, sorts 'em, and puts 'em in the inbox on my desk. By 10:00 am, I'm done dictating answers to my secretary, and I give her the tape so she can type up my replies on her computer thingy and send them out!"

    Heck, if you end up taking this to court, your judge may in fact be one of those people. But then again, IANAL :)

  6. Re:"Legitimate Spam" on Ask ISP Owner Barry Shein About the Spam Wars · · Score: 1
    > What I am referring to fits WITHIN your scope of rules... people often forget that they opt in, or that they opted into a list which clearly and in plain english states their info will be shared..... regardless of how YOU feel about this it is legitimate, legal, and entirely professional.

    If what you say is true, then your process should be:

    1) Query your database for the opt-in request.
    2) Query your database for the opt-in confirmation.

    (If you're really doing a closed-loop confirmation process, you do have such a database, right? :)

    3) Send an email to the user saying "Our database shows that someone claiming to be foo@bar attempted to subscribe you to this list on $DATE_1, from IP address aa.bb.cc.dd. This was confirmed when someone with the email address foo@bar confirmed that subscription by replying from IP address ee.ff.gg.hh on $DATE_2. (if confirmed by email, just include a copy of the confirmatory email with full headers) If you think someone has compromised your account and signed you up against your will, this information may help you track them down."

    > Your analogy to rape is certainly not even a legitimate analogy, rape destroys people's lives, email does not.

    The analogy was about who gets to determine whnat constitutes consent. If rape is alleged, the rapist's word is insufficient. If spam is alleged, the spammer's word is insufficient. Nevertheless, I apologize to any whom I offended.

    > It's not a corporation's fault that end-users are forgetful or do not ready everything they sign into. Otherwise I would be speeding all the time and just telling the judge "Oh, I'm sorry I didn't see the sign" or "I forgot there were speed limits!"

    Actually, that's a much better analogy than my rape analogy.

    Problem is, it's usually the spammer claiming they didn't know they were spamming. "Honest, Judge! The guy who sold me the list told me everyone had opted in!" (Or in your case, "Honest, user, you must have opted in without knowing it, because my spamming customer swears he's telling the truth that he only does s00per-d00per permission-based buzzword-compliant opt-in legitimut email murketing!!!1!!"

  7. Re:Where do you draw the line? on Ask ISP Owner Barry Shein About the Spam Wars · · Score: 1
    > So, here is my question: How do you, at the ISP level, differentiate between legitimate email marketing and Spam?

    Mods - mod this guy up.

    Best practices count.

    > Most of the emails we sent out we're from internal, registered customers of the company. I would call these 'opt-in' emarketing messages that ranged from pitches to buy new or upgrade products, customer satisfaction surveys and automated replies for visiting a website and signing up.

    It comes down to whether the advertiser can actually document that the recipient of the email opted in.

    That means closed-loop.

    1) I send email to foo@bar saying "I want to be on your list".
    2) foo@bar sends email saying "User Tackhead, at IP address aa.bb.cc.dd, at 12:12 PST, entered your email address to the foo@bar list. To confirm subscription reply to this message with Subject $RANDOM, or click on the URL to http://[your_server]/cgi-bin?$RANDOM.
    3) I confirm receipt of the mail in #2 by replying or clicking the URL.
    4) Only now have I "opted in" or "subscribed" to the list.

    Anything less is spam.

    If your customer wants to send out a series of emails to folks, and you start getting abuse reports, you must demand of your customer the right to query their database of opt-in information from step 2 and confirmations from step 3. This should be in the contract when they sign up.

    You must not merely forward the complaint to them, saying "Did user XYZ subscribe?", because if they're spammers, they'll merely lie - and either send you bogus data for the "subscription", or tell you that they've removed XYZ from the list; that is, listwashing.

    If you forward complaints to the spammers, you're helping the spammer continue the abuse. Not just the abuse of your network, but of the user who submitted the spam complaint. This is (unfortunately) standard practice at many less-than-reputable shops, and often results in DOS attacks, or "joe jobs" (forgeries) being made in the name of the complainer. That is, if you forward complaints to the spammer, the spammer often uses those complaints in order to harass the complainant.

    Finally - actually walk through the 4-step confirmation process with your prospective customer. It used to be called "opt-in", then spammers redefined what they were doing to be "opt-in". So we called it "confirmed opt-in", and of course, spammers redefined what they were doing to be "confirmed opt-in". So we called it "closed-loop confirmation" or "double opt-in", and spammers... well, you get the picture.

    Don't rely on buzzwords - ask the prospective customer precisely what they mean when they say "opt in" or whatever buzzword they use for where they get their lists. Anything less than the above-mentioned best practice, is spam. Don't sully your reputation by doing business with 'em.

  8. Re:Best weapon for the war on spam! on Ask ISP Owner Barry Shein About the Spam Wars · · Score: 1
    > I believe that a bigger hammer [biggerhammer.net] is all that's needed to win the spam wars.
    > Who's with me?

    Sure. But why not a bigger bigger hammer, though.

  9. Re:"Legitimate Spam" on Ask ISP Owner Barry Shein About the Spam Wars · · Score: 1
    > How do you protect those companies who are using legal means of targeted email marketing? I see many people who believe that they are receiving spam when they have either knowingly or unknowingly opted into these lists, which makes it perfectly legal.

    How do you protect those aggressive males who are using legal means of targeted sexual advance? Here at the emergency ward, I see many people who believe that they have been raped when they have either knowingly or unknowingly consented to having sex, which makes it perfectly legal.

    Clue for the clueless:

    If what you're doing doesn't involve your users:

    1) opting in to your list by sending an email or filling out a web form
    2) you sending them a confirmatory email showing the date, time, and IP address used in step 1), along with a reply code unique to that confirmatory email,
    3) the user then acknowledging receipt of the confirmatory email in step 2) by means of replying or visiting a special URL in the email, before
    4) only users who complete Step 3 are "opted in"

    ...then what you are doing is "spam", and you can either stop doing it, or you can go fuck yourself.

    My server. My rules.

  10. Re:Why ask Barry? on Ask ISP Owner Barry Shein About the Spam Wars · · Score: 1
    > Kill them. Seriously, knee cap them and let them die from the blood loss, and maybe arrange for enough telemarketers to flood their house with calls that they can't possibly get an open line to 911.

    Yes sir, I know you're in a lot of pain, and I know you're bleeding profusely, but surely you can take a minute to hear about this vacation to Disneyworld you've just won!

    [click]

    Hi, I'm calling back - yes, I heard you the first time you screamed that you were trying to dial 911 - look, sir, if you don't really want these exciting offers, all you have to do is ask to be placed on our do-not-call list. The request should only take 24 hours to process...

  11. Re:Kill 'em all.... on Ask ISP Owner Barry Shein About the Spam Wars · · Score: 1
    > I think the real questions are: Would you cut them up into little pieces? Play in their guts? Eat them (Spam being pretty good food and all)? And finally, do you think there's a court who would convict you?

    Actually, the courts would easily convict someone who murdered a spammer.

    The jury would have to be composed of people who had never used the Internet. Anyone who had used the Internet would be ineligible to serve on such a jury.

    For instance, if asked (under oath) whether or not I could make a fair assessment of the facts in such a trial, I'd say something like "Sure, I can! I know how to read headers and ISP logs, and determine on the basis of the evidence whether the dead guy was a spammer. If I'm convinced beyond a reasonable doubt that the dead guy was a spammer, I'll vote not to convict the shooter, because I sincerely believe the law prohibiting homicide should be nullified in cases where the 'victim' of the homicide was a spammer."

    (I might even be able to avoid jumping up and down and drooling while making this statement!)

    The judge would say "Son, I and everyone who uses the Internet sympathizes with ya, but that's not quite what the law means when it asks you if you can fairly judge this case", and would be forced to dismiss me from the pool of jurors.

  12. Re:Middle aged?!! on Microsoft At Middle Age · · Score: 1
    > Hell, they're still running around like a two-year-old, grabbing everything and yelling "MINE!"

    Yeah, but two years old is middle-aged, at least in software years :)

  13. Re:ill computation on Intel: No Rush to 64-bit Desktop · · Score: 1
    > Sing to the tune of the Beastie Boys "Ill communication": Like In-tel, we got the ill compu-tation

    "'Cause you can't, you won't, and you don't stop!
    AMD come and rock the sure shot!"

  14. Re:Advice for my 12 year old self on Advice You Would Give to Your 12 Year-Old Self? · · Score: 1
    > > Now I gotta go back in time again and tell my 14-year-old self not use the Enron proceeds to buy airline stocks.
    >
    > No, no, no! Don't *buy* airline stocks-- sell them short, and do it on or before September 10, 2001.

    ~wavylines~ The weather's fine in Guantanamo Bay. They even let some of us use Slashdot now! ~wavylines~

  15. Re:Game Theory? on Game Theory at 190mph · · Score: 1
    > It is often used in attempts to explain political behavior. However, Rational Choice often comes under fire as a mode of operation because of how complex these formal models tend to be. To explain a half page diagram and a good narrative, they will utilize a few pages of greek letters and mathematical formulas in a way to predict human behavior.

    ...and then voted for the guy with the better hair, or the girl with the bigger tits.

  16. Re:Say what? on More on Columbia · · Score: 0, Flamebait
    > Because NASA *knew* about the foam collision from day one, and they had more than a *week* to analyze the event, and they *concluded* that it had no effect on the safe operation of the shuttle. If foam is the cause of the disintegration, then 7 people died because NASA's analysis was wrong. How's that for public image?

    s/7 people/7 more people/g

    You forgot about the last time NASA's "analysis" killed 7 astronauts and destroyed a $2B orbiter. "O-Rings? Suuuuuuure, they'll hold up when frozen solid! Ignore what our engineers have said about it because we've delayed this launch too long, we've gotta launch the damn thing or we'll start looking bad! Columbia, go with throttle-up!"

    NASA: Needs Another Seven Astronauts - because if what appears to have happened with Columbia is indeed the case, they haven't learned a fucking thing since 1986.

  17. New ad campaign! on Citibank Tries to Hush ATM Crypto Vulnerability · · Score: 1
    > If Citibank sez that their systems are secure. Tell 'em to prove it.

    I sense a new ad campaign in the offing.

    You are not your per-card withdrawal limit.
    You know things more important than your PIN.
    You are worth more than your bank balance.

    Live richly.
    Citi.
  18. Re:Advice to self circa 1981 on Advice You Would Give to Your 12 Year-Old Self? · · Score: 1
    > Here's my (2003) advice to myself (1979):

    Spend more time in the arcades. By the time you're old enough to drive, the games will start to suck.

  19. Re:Advice for my 12 year old self on Advice You Would Give to Your 12 Year-Old Self? · · Score: 5, Funny
    > Oh, and buy Cisco stock in 1998 and sell it in Jan 2000.
    >Period.

    I tried that and I'm still broke.

    So I went back and told my 13-year-old self it was OK to put the Cisco proceeds into something called "Enron", but that he had to sell the Enron in 2001.

    And I'm still broke.

    Now I gotta go back in time again and tell my 14-year-old self not use the Enron proceeds to buy airline stocks.

    I tell ya, ever since Goldman Sachs left the brokerage business and went into temporal mechanics, my life's been a living hell!

  20. Re:Even if it was encrypted.. on U of Wyoming Fingerprinting All P2P Traffic · · Score: 1
    > Eg, I say to file server: hi, here is my key, use it for encrypting.
    > file server: thanks for your key! here is my key, use it likewise.

    I believe you misspelled something. Here's the corrected version:

    file server run by RIAA: thanks for your key! here is my key, use it likewise. I encrypted the file you asked for with your public key and then sent it to you. Presence of the plaintext of that file on your machine will serve as proof that you are the owner of the only key in the universe that could possibly have decrypted it!

    (It is most gratifying that your enthusiasm for our encrypted files continues unabated, and so we would like to assure you that the subpoena currently being served to your ISP is part of a special service we extend to most of our enthusiastic clients, and that the fully-armed tactical team currently converging with your location is of course merely a courtesy detail. We look forward to your custom in future lives... Thank you.)

  21. Re:Privacy on U of Wyoming Fingerprinting All P2P Traffic · · Score: 3, Interesting
    > Network traffic can contain some very personal information. AFAIK I have never signed anything that would let my isp monitor ALL my traffic continuously. Most service contracts suggest that the may be some montioring to ensure network performance, but it would be pretty damn easy to prove that this was not what they we doing if they were continuously monitoring my traffic for an extended period of time.

    Funny, ensuring network performance is kinda what university monitoring of traffic is about, isn't it? How do you think QoS or packet-shaping works?

    The interesting question was when someone pointed out that it's not your network unless you laid the fiber yourself. I think there'll be some very interesting cases in the next few years with regards to setting up wireless access points. A wireless mesh network, in which 100, 1000, or 10,000 users allow their boxen to be used as access points, is indeed one in which the users "own the pipe".

    At 100 users, odds are that "someone else" owns the pipe where stuff eventually goes through. (Like your University owning the pipes through which much of your dorm's P2P traffic eventually goes.)

    At 10,000 users, that's not necessarily so. A mesh network composed of 10,000 Freenet nodes scattered throughout a city might be able to cache Titney Spears' "OopsYouGotFuckedbyRIAAAgain.mp3" within itself -- and thus the "pipes" through which the MP3z flow are indeed owned by the users doing the flowing.

    Both cases are clearly copyright infringement - but the latter case would be much more interesting from a legal perspective - RIAA has the right to ask the University to sniff its traffic, but do they have the right to sniff your traffic?

    (The Feds, of course, suffer from no such restriction, but that's because we've given them the authority to enforce the law and laid down rules that govern when/what/who they can sniff. But unlike the Feds, RIAA has no more authority to sniff than you or I do. Fuck 'em :-)

  22. Re:Eh? on U of Wyoming Fingerprinting All P2P Traffic · · Score: 2, Funny
    > Knowing the search parameters and the returned file name(from the person's search) would probably be enough for troublemaking.

    Didn't someone already do this - put up a website with "My Node's Most Embarassing Gnutella Queries" that their node had received?

    192.168.0.1 - [rDNS] - goat pr0n
    192.168.0.1 - [rDNS] - goatse pr0n
    192.168.0.1 - [rDNS] - n00d g0at

    (Fun project - See BOFH write a fake Gnutella server that, when certain keywords are tripped, returns a sample HTML file that attempts to load an IMG SRC pointing to "www.fbi.gov/[luser's/search/terms].jpg". See BOFH run fake server in background. See BOFH laugh :)

  23. Re:Accurate blocking on Pennsylvania Court Forces ISPs to Block Porn Sites · · Score: 1
    > IMHO, most of the standard /. objectors are the sort of ppl I mentioned in #3 earlier... ppl I tend to have little regard for ;)

    Grok. A better use of being able to distribute the list of naughty-hashes to the public would be for webmasters or colo providers to screen what URLs they're serving.

    A better way to do that would be to ignore URLs, and for the Fed to regularly distribute a set of MD5 hashes of known-naughty content. Web hosting firms and aspiring pr0n website builders (ObSlashdot: and CowboyNeal!) could vet their hosted content (and his priv8 pr0n stash!) and either report to the authorities, terminate service, (or get better taste in pr0n!) as they saw fit.

  24. Re:Accurate blocking on Pennsylvania Court Forces ISPs to Block Porn Sites · · Score: 1
    Thanks. I just wondered whether generating a hash for every URL might be too much of a bottleneck. (Saying "just hash every URL and compare against a list of known-bad hashes!" is easier than having to actually think about whether it scales to the levels an ISP would need. :)

    As for #1 and #3 - totally agreed. I was trying to demonstrate the possibility of a solution that would both meet the requirements of the court order and for which the standard Slashdot objections (namely, variations on "D00d, I'm for blocking this crap, but not if it means my ISP has to watch everything legal that I do!") wouldn't apply.

  25. Re:Loss of IP addresses or just domain names? on Pennsylvania Court Forces ISPs to Block Porn Sites · · Score: 1
    > No ISP world wide will knowingly host CP, they will lose connect from their upstream providers.

    Now if only we could get those same ISPs to think the same way about spammers and spamware, what a wonderful world this would be!