Re:Holy Shit!
on
Spam Bits
·
· Score: 2, Insightful
You can make that much money being a spammer?
I know you're joking, but others look at the figures and think to themselves that they could be rich spammers too. Here's my advice:
Don't try making a career out of sending spam. You're not going to be a big-shot spammer; you're going to be employeed as a big spammer's bitch to do the dirty work that would otherwise get the big-shot spammer thrown in jail or hunted down and harassed by an angry anti-spam activist.
For 99.999% of wanna-be-spammers, there is no profit to be made. They lose their Internet accounts, become the targets of some very angry people. Some anti-spammers will stalk you, show up at your house with a gun, or otherwise make sure that they make your life miserable. Even if you don't face this vigilante justice, you may get in trouble for system intrusion or fraud (a criminal offense). Remember that you can't send spam without breaking rules; almost all spamming involves at least theft of resources.
Don't get used by big-time spammers. Don't sign up to do their dirty work for them; you will take the fall, and come out with nothing except hurt.
The advisory was released Feb. 18, so this has all been public knowledge for over two weeks. This USENET post shows the vulnerability and upcoming exploit was known about, and slashdot is just plain late on this one.
You have had two weeks to patch your systems. I know slackware's advisory was sent right after the vulnerability became public knowledge.
Ogg won't be popular until the developers get off their asses and put a big link on their front page that says "Install Ogg for Windows!".
Winamp is a heluva bigger web site and is the media player of choice for anyone who knows anything about music. Winamp has supported ogg for quite some time now (in the full download). Most Winamp users can play ogg right now
Again, the simple solution to broken music is to NOT BUY IT. The people in RIAA are real smart. As soon as no one buys their crapware, they'll quit trying to shove it up our a$$.
Exactly! Don't buy RIAA music. Download your shit online, use filesharing applications with bandwidth-limiting enabled so you are harder to detect. Change the default port numbers. Use obscure file sharing apps. Set up a node on freenet. Complain to your ISP and threaten to leave if they poo-poo P2P use. Teach others how to use file sharing properly. Avoid using file sharing at school, university, or work. Support BitTorrent by leaving your client running well after you're done downloading. Don't leave your filesharing apps unattended 24 hours a day. Keep your host free of viruses. Keep your music collections clean of tainted files or corrupt downloads.
We're slowly killing the big record labels... keep up the good work. I'm not being sarcastic, I really want to see these evil bastards go poor.
UUNet should give known spammers on their network their own IP range
Are you kidding me? UUNet should boot known spammers from their network. Sheesh. ISPs get bad reputations precisely because they do what you describe (tolerate spammers and try to manage around them).
I work for a biotech that saved 75% of our initial budget by acquiring medical laboratory supplies from six other biotechs that went bankrupt in recent months
Six others? OMG, and that didn't in the least suggest to you that maybe you're in the wrong kind of business?
I'm sure all geeks are getting pissed off at the increasing port blocking imposed by ISPs (IMHO they're not really providing 'Internet' service if they're filtering your packets at the TCP level). I want a service that provides me with real IP connectivity. This means I can send and receive any packets I want -- why not throw this in with the 'Naked' service and advertise it as real Internet
Having such a powerful statistical spam filter is definitely a luxury. I have no difficulty believing the accuracy values presented here. I have had experience with spamprobe, CRM114, bogofilter, spambayes, and spamassassin and all of these do an amazing job to the point where spam no longer exists (for you).
Which leads to me plug a little project called WPBL that uses exactly these types of statistical spam filters to spot spam sources in a distributed fashion. Each project member uploads hourly the IPs they see relaying spam and non-spam, where the 'decision' is made by these extremely reliable filters. This effectively converts your regular mail account into an intelligent spam-trap that feeds a central blocklist.
The more members we get, the better we can identify active spam sources around the world. This information is then used by some sites for quite large-scale blocking. Since you're doing all this filtering processing anyway, why not also share "what you learn" (the IPs that are spamming you)?
Yeah right! And where are you going to go? To Canada? Yeah right, as if it's that easy for skilled workers! You think those gunless, granola-eating, sickeningly-tolerant communist terrorists (your politicians' words) are going to accept you with open arms?
They probably will actually, they're kinda weird like that.
If you want some real futurism and mind-numbing conceptual sci-fi novels, try reading Philip K Dick.
I'm actually a fan of both Gibson and Philip K. Dick... check out The Three Stigmata of Palmer Eldrich, this is a wild book and you don't hear too much about it.
I've been using a 75 GXP in daily use since I bought it, and have been monitoring its S.M.A.R.T. conditions... no failures yet. It's lasted me longer than other drives:) Though I know this doesn't mean much, after all we're talking failure rates off a production line.
I wonder if any of the leaked source code includes the MS crypto system. If so, this could be very bad news for Microsoft seeing how people have already discovered a slew of critical vulnerabilities but are biting their tongues to wait for MS to fix the flaws. Now you have a bunch of crackers running their debuggers on actual source code... they are going to craft and use exploits before they're public knowledge or officially fixed.
They'll probably stuff the diamond star into a warehouse complex somewhere in Texas, force slaves to chisel off small amounts of it to create the perception of "rareness", and artificially drive up the price to screw ignorant consumers.
Here's something I did to help visually monitor my CPU temperature (and it doesn't require any software). You could extend it to monitor the temperature of any part that tends to overheat.
Grab yourself a basic comparator such as the LM339 and a temperature sensor such as the LM135. Make a circuit that compares the temperature sensor's voltage to a pre-defined threshold, and lights the LED if the temperature rises too much. The 'Typical Application' section of each datasheet pretty much shows you exactly how to wire up the parts.
You can put this circuit in your computer's case (run it off a spare +5 voltage connector) and use a spare LED you find, like the Turbo light;)
Can anyone do is a favour and list some other applications that might be affected... for example, other Windows mail clients or web browsers that use SSL?
BTW, my SSL mail client (jbmail) is not affected since it uses OpenSSL.
Oh, come on. Once it's going through a known good computer, it's easy to deal with assuming the sysadmins are competent.
You're right about that. However, the ISPs you're asking me to trust are the same ISPs that never answer their abuse@ account roles, who host spammers for years, and who don't implement even the most basic virus filtering on their servers.
Aunt Bertha switches on her 2 GHz supercomputer, and hooks up to the Internet with a connection speed that would have rivaled an ISP in the early 1990's. She sees a pretty icon in her inbox, so she points and clicks, unleashing some spammer's latest mass-mailing creation. By the time Bertha goes and gets a triscut, she has already spammed a million Internet neighbours.
Anyone else see why the Internet is full of crap? And if you think it's as easy to control as "blocking port 25"... ha ha. You wish! The worm only has to send mail via the ISP's outgoing mail server (remember... the one you reminded me "I should be using")
So no, controlling this spam/virus menace isn't quite that easy. Whatever method you use to legitimately send mail, the worms will follow that same method.
I'm speaking from a Canadian viewpoint, and am unfamiliar with professional practices in other places such as the US.
It seems to me that the work should have been outsourced to an actual Engineer, i.e. someone who has acquired a degree in engineering and who practices as a Professional Engineer (e.g. electrical or computer engineer). The reason being that an Engineer, like other professionals (doctors, laywers) has a particular duty to the public which is enforced under tort law, and additionally governed by a regional body responsible for engineering practices in the area.
Where I live, computer scientist != engineer. If a professional were to make a blunder such as the one described here, they would likely be disciplined by the professional body (not to mention the legal system, for negligence under tort law). The point: hire a professional, it's worth it.
Uh, no. The Swiss government is rather notorious for its enforced censorship (including Internet) and thorough surveillance/monitoring of its own citizens. Check out this site, though the English poor.
I thought this was very interesting when I saw the article. I started learning computer programming with assembly language in the 1980's. In my case, I was too cheap to purchase any proper language (like C etc.) so I settled with playing around with DOS's DEBUG (this is an interactive assembler). I gained an understanding in x86 assembly fundamentals which along the way taught me plenty about interrupts, timing, device and memory use of course the fundamentals of CPUs.
Though to many people this seemed to be a weird way to learn, I was very happy with it and it was nice and challenging to code entire applications in assembly language. My freeware is still posted, actually:)
Since then I've learned C++, Java, etc. but I've really settled on C. It makes the most sense to me from a power and efficiency point of view, since I'm mainly concerned with applications where performance is critical.
Why do solutions always have to cost money or put control is some company's hands? I call bullshit. So here, people, are your solutions to spam:
User-level: spamprobe, bogofilter,
spamassassin and spambayes are all very effective statistical filters with bayesian components. Train them well and you will see next to 0 spam, with just about no false positives. I dare say these will filter mail better than a human could do visually.
Those statistical filters aren't scalable. Running a large ISP is more your thing? Then install DCC at your site and enable greylisting on top of it. This will catch nearly all your spam, and false positives are rather rare.
All this software is free and actively developed. There, I've just saved you from spam. Where's my 200 USD consulting fee?
You make it sound like the cost of processing 500,000 emails in a 24 hour period is next to nothing.
No I don't. I gave an example of both a user-side filter (spamprobe) as well as a statistical filter that's fit for large scale use - DCC (Distributed Checksum Clearinghouse), currently used by my University to provide filtering for next to 100,000 email accounts. See my OP for URL.
Slashdot Mirror
Don't try making a career out of sending spam. You're not going to be a big-shot spammer; you're going to be employeed as a big spammer's bitch to do the dirty work that would otherwise get the big-shot spammer thrown in jail or hunted down and harassed by an angry anti-spam activist.
For 99.999% of wanna-be-spammers, there is no profit to be made. They lose their Internet accounts, become the targets of some very angry people. Some anti-spammers will stalk you, show up at your house with a gun, or otherwise make sure that they make your life miserable. Even if you don't face this vigilante justice, you may get in trouble for system intrusion or fraud (a criminal offense). Remember that you can't send spam without breaking rules; almost all spamming involves at least theft of resources.
Don't get used by big-time spammers. Don't sign up to do their dirty work for them; you will take the fall, and come out with nothing except hurt.
The advisory was released Feb. 18, so this has all been public knowledge for over two weeks. This USENET post shows the vulnerability and upcoming exploit was known about, and slashdot is just plain late on this one.
You have had two weeks to patch your systems. I know slackware's advisory was sent right after the vulnerability became public knowledge.
Exactly! Don't buy RIAA music. Download your shit online, use filesharing applications with bandwidth-limiting enabled so you are harder to detect. Change the default port numbers. Use obscure file sharing apps. Set up a node on freenet. Complain to your ISP and threaten to leave if they poo-poo P2P use. Teach others how to use file sharing properly. Avoid using file sharing at school, university, or work. Support BitTorrent by leaving your client running well after you're done downloading. Don't leave your filesharing apps unattended 24 hours a day. Keep your host free of viruses. Keep your music collections clean of tainted files or corrupt downloads.
We're slowly killing the big record labels... keep up the good work. I'm not being sarcastic, I really want to see these evil bastards go poor.
I'm sure all geeks are getting pissed off at the increasing port blocking imposed by ISPs (IMHO they're not really providing 'Internet' service if they're filtering your packets at the TCP level). I want a service that provides me with real IP connectivity. This means I can send and receive any packets I want -- why not throw this in with the 'Naked' service and advertise it as real Internet
Having such a powerful statistical spam filter is definitely a luxury. I have no difficulty believing the accuracy values presented here. I have had experience with spamprobe, CRM114, bogofilter, spambayes, and spamassassin and all of these do an amazing job to the point where spam no longer exists (for you).
Which leads to me plug a little project called WPBL that uses exactly these types of statistical spam filters to spot spam sources in a distributed fashion. Each project member uploads hourly the IPs they see relaying spam and non-spam, where the 'decision' is made by these extremely reliable filters. This effectively converts your regular mail account into an intelligent spam-trap that feeds a central blocklist.
The more members we get, the better we can identify active spam sources around the world. This information is then used by some sites for quite large-scale blocking. Since you're doing all this filtering processing anyway, why not also share "what you learn" (the IPs that are spamming you)?
If this grabs your interest, read up on the reporting scripts or alternatively, the open WPBL data upload protocol if you want to code your own report generator. Bandwidth usage is minimal.
They probably will actually, they're kinda weird like that.
- slashdot@users.pc9.org
I've been using a 75 GXP in daily use since I bought it, and have been monitoring its S.M.A.R.T. conditions... no failures yet. It's lasted me longer than other drives :) Though I know this doesn't mean much, after all we're talking failure rates off a production line.
I wonder if any of the leaked source code includes the MS crypto system. If so, this could be very bad news for Microsoft seeing how people have already discovered a slew of critical vulnerabilities but are biting their tongues to wait for MS to fix the flaws. Now you have a bunch of crackers running their debuggers on actual source code... they are going to craft and use exploits before they're public knowledge or officially fixed.
They'll probably stuff the diamond star into a warehouse complex somewhere in Texas, force slaves to chisel off small amounts of it to create the perception of "rareness", and artificially drive up the price to screw ignorant consumers.
Here's something I did to help visually monitor my CPU temperature (and it doesn't require any software). You could extend it to monitor the temperature of any part that tends to overheat.
Grab yourself a basic comparator such as the LM339 and a temperature sensor such as the LM135. Make a circuit that compares the temperature sensor's voltage to a pre-defined threshold, and lights the LED if the temperature rises too much. The 'Typical Application' section of each datasheet pretty much shows you exactly how to wire up the parts.
You can put this circuit in your computer's case (run it off a spare +5 voltage connector) and use a spare LED you find, like the Turbo light ;)
Can anyone do is a favour and list some other applications that might be affected... for example, other Windows mail clients or web browsers that use SSL?
BTW, my SSL mail client (jbmail) is not affected since it uses OpenSSL.
Aunt Bertha switches on her 2 GHz supercomputer, and hooks up to the Internet with a connection speed that would have rivaled an ISP in the early 1990's. She sees a pretty icon in her inbox, so she points and clicks, unleashing some spammer's latest mass-mailing creation. By the time Bertha goes and gets a triscut, she has already spammed a million Internet neighbours.
Anyone else see why the Internet is full of crap? And if you think it's as easy to control as "blocking port 25" ... ha ha. You wish! The worm only has to send mail via the ISP's outgoing mail server (remember... the one you reminded me "I should be using")
So no, controlling this spam/virus menace isn't quite that easy. Whatever method you use to legitimately send mail, the worms will follow that same method.
I'm speaking from a Canadian viewpoint, and am unfamiliar with professional practices in other places such as the US.
It seems to me that the work should have been outsourced to an actual Engineer, i.e. someone who has acquired a degree in engineering and who practices as a Professional Engineer (e.g. electrical or computer engineer). The reason being that an Engineer, like other professionals (doctors, laywers) has a particular duty to the public which is enforced under tort law, and additionally governed by a regional body responsible for engineering practices in the area.
Where I live, computer scientist != engineer. If a professional were to make a blunder such as the one described here, they would likely be disciplined by the professional body (not to mention the legal system, for negligence under tort law). The point: hire a professional, it's worth it.
Oh yeah?? Well B4 09 BA 09 01 CD 21 CD 20 66 75 24!!!!
sigh i need to get laidI thought this was very interesting when I saw the article. I started learning computer programming with assembly language in the 1980's. In my case, I was too cheap to purchase any proper language (like C etc.) so I settled with playing around with DOS's DEBUG (this is an interactive assembler). I gained an understanding in x86 assembly fundamentals which along the way taught me plenty about interrupts, timing, device and memory use of course the fundamentals of CPUs.
:)
Though to many people this seemed to be a weird way to learn, I was very happy with it and it was nice and challenging to code entire applications in assembly language. My freeware is still posted, actually
Since then I've learned C++, Java, etc. but I've really settled on C. It makes the most sense to me from a power and efficiency point of view, since I'm mainly concerned with applications where performance is critical.
Why do solutions always have to cost money or put control is some company's hands? I call bullshit. So here, people, are your solutions to spam:
User-level: spamprobe, bogofilter, spamassassin and spambayes are all very effective statistical filters with bayesian components. Train them well and you will see next to 0 spam, with just about no false positives. I dare say these will filter mail better than a human could do visually.
Those statistical filters aren't scalable. Running a large ISP is more your thing? Then install DCC at your site and enable greylisting on top of it. This will catch nearly all your spam, and false positives are rather rare.
All this software is free and actively developed. There, I've just saved you from spam. Where's my 200 USD consulting fee?