Remember what an RFC is
on
Ogg Now An RFC
·
· Score: 5, Informative
An RFC is a "Request For Comment", a technical specification document put forward by anybody. As wikipedia puts it, "Few RFCs are standards but all Internet standards are recorded in RFCs."
So what am I getting at is, realize that this hasn't been adopted as some Internet standard overnight. But it's very positive for the project to have such a well defined standards document in a familiar format!
No. Spam is about the lack of consent, not content. Consent is the authorisation the recipient gives to the sender to send them an email. Without that authorisation, bulk email is unsolicited and is spam.
I've heard this before, but I'm not sure if it's the right technical angle. For my work (academic and business) it's essential that people I have never heard of before be able to contact me. Where is the consent in these cases? There's no consent, but it's still not spam.
I don't think that the consent issue can lead to a viable system that extends what we already use. The consent issue can be used as a basis for law and I think that's what you may have meant. I would like to see laws in place that would make unsolicited bulk mailings illegal on the basis that they're unsolicited (without consent)... but as an SMTP extension, I think an authorization based system is doomed to failure.
Mod parent up. The article makes it sound like SPEWS is deceitful and underground -- it's not, and the whois contact info is legit. It's too bad the original article misconstrued the result of their failed whois query.
I've observed many exchanges between SPEWS staff and people complaining, and found the SPEWS people to be quite reasonable. They try their best to make their listing accurate.
I don't like the idea of blacklisting IP netblocks, and here's why: when you see spam coming from any given host, it's rarely the netblock that's the problem, rather it's always the spam content that's the problem!
If you understand that point then you can see why all the collateral damage occurs unnecessarily. You're shooting down the wrong target. We're doing it now because it's easier (blackhole IP, bandwidth saved) but the consequence is too great to ignore: we're fracturing Internet-wide communication more and more every day!
We should focus instead on content-based spam filtering, and share that knowledge to improve efficiency. Accuracy skyrockets and collateral damage virtually disappears! You can use intelligent software like spamprobe to classify mail as spam, for instance. There's also the Distributed Checksum Clearinghouse, which lets mail servers around the world determine what's spam based on collective mail data.
A million mail servers sharing with each other what they know about the appearance of this week's spam would be killer. I'd love to see that.
My concerns aren't privacy, I'm more worried about letting the average person run basically run this system. This smacks of 1930s/40s Germany, where you were asked to basically spy on your neighbor.
The new spy-on-your-neighbor line is already up and running (started in January 2002). Read up on TIPS... I love how it's under the "USA Freedom Corps"... oh, the delicious Orwellian irony.
Speaking of which, browse through this essay on Orwell's 1984 to spot some familiar themes.
It's people like you that cause me to lose any faith in the human race. What complete and utter stupidity! And they let you out into the world? We're fucked.
You sound pretty bitter there. Take it easy, go listen to some music and chill.:)
The parent post isn't really funny, it's actually a serious issue. Depending on how DRM is implemented, you may not be able to easily back up and restore the music from CD. Because under these models you don't have the right to freely copy the data that makes up that music.
Personally, that pisses me off because under my model I control the data that's stored on my computer.
If you only need to print in black and white, you will likely be much better off with a laser printer anyway (i.e. better, faster, cheaper!). I did a quick calculation on my DeskJet 6xx series ink cartridge versus an HP LaserJet 1200 toner unit. The ink cartridge capacity is disappointing.
Pretty much all laser printers result in a lower cost per page than inkjet. Do a calculation with how many pages you print a year, and you may find that the laser pays for itself very quickly.
Anti-spam activists go to a lot of trouble to help locate and identify people and groups responsible for flooding the net with spam (or who provide spamware to misinformed laypeople). These same good-doers are often sought out by spammers, sued by groups of them, have their privacy invaded (release of home phone, address) in effort to scare them into shutting up.
I am not kidding here. Take a look at some of the projects that scare the hell out of professional spammers:
spamhaus keeps an exhaustive list of major spam operations.
SPEWS lists areas of the Internet that have frequently be used for spamming, including detailed evidence files and histories of ISPs that turn a blind eye to spam.
Spamware vendor list has a listing of sites that sell spamming software -- without which we would have little or no spam.
I guess even Microsoft is realizing that for administration purposes, it's not beneficial to hide all settings deep within pretty GUI tabs and dialogs.
Good luck with that experiment, Microsoft. But there's much more to a solid OS than a simply a lack of GUI:)
You mean to say that you and your spouse have never wanted to "get it on", but the kids are full of energy and it's only 10 minutes from bedtime?
Geez guys, thanks for the replies... if that's your worries, this is what sleepovers, camping trips with friends and school trips are for:) Thanks for the clarification.
I don't understand what's the deal with this. In my family we don't talk of ditching kids, we talk of helping kids become strong, useful members of society.
If the kids are such a problem, it's because you made them a problem. Or do you not raise your own kids?
In a lot of countries (Japan comes to mind) children and their education are highly valued. Young people are respected and grow up respecting the rest of their family. As a result, they take care of their parents when they get older and everyone doesn't selfishly "ditch each other".
New email registries will decrease spam? Set up by online marketers? No, sorry, I don't buy that at all. Remember what their interests are. The problem at hand is... most spammers don't care about creating inconveniences. They are like greedy undisciplined children, and won't stop spamming unless they are forced to (by law, vigilante retaliation, etc.)
To say something constructive now. There are two neat server side spam filtering projects I really like because neither uses IP-based blacklists (blacklists can bring a lot of collateral damage and require frequent judgement calls).
Spamprobe can be run from.procmailrc and uses a Bayesian scoring type of approach. It's a user-level solution which requires some training, but once it's accurate it's quite amazing. Currently it's missing only 3% of my incoming spam.
The Distributed Checksum Clearinghouse also runs server side and uses fuzzy checksums to identify mail that is being received by a suspiciously large number of mail hosts around the world. A brilliant idea which works better than you may think. I have never seen a false positive with this system, and it misses about 1/4 of incoming spam. Effectiveness will improve as more hosts join the distributed checksum system!
If they do start to implement such eavesdropping facilities, I imagine that a lot of people might switch to routers powered by open source (such as Linux, BSD) so they can really know what's under the hood. Remember that a low end Pentium running Linux can easily route 10/100 Mbps.
That being said, Cisco knows that companies that used to buy from them will still probably buy from them. So this can't be a huge risk to their company. But the 'new features' would firmly embed government eavesdropping facilities in major ISPs, banks, large companies, schools, universities, etc.
I don't mean to be insulting, but many managers are twits, and no matter what kind of wonderful software they have access to they still have to use their own brains to interpret, understand, and apply the data presented.
I take university courses in management, and am repeatedly awestruck by the sheer stupidity of some of my peers. Many of them graduate and go on to become rather useless business people.
Do you know why a problem like this becomes such a worldwide crisis instead of just an annoying glitch? It's the same reason an IIS bug results in most of the world's networks grinding to a congested halt: everyone is using the same software.
But there are alternatives. WordPerfect Office 11 was released yesterday (interesting, eh?). And if you want something free, why not use OpenOffice.org 1.0.3 released earlier this month. It works great; I use it for everything. I haven't used Corel's product since office 9 but I used to really love it, especially the "reveal codes" feature.
The only area in which OpenOffice lacks is ease of installation for multiple users on a windows machine (use: setup/net)
I'm as much a linux fan as any other geek, hell I rely it on for my home, business, and university servers.
But anyone who has run a linux server as a true multiuser system (i.e. with other people users, who have standard userlike weaknesses) has discovered that the linux kernel isn't as robust as say the BSD kernel. It's easy to bring a linux system to its knees with malicious or even accidental user scripts that fork bomb etc.
Slightly different angle now, but check out this developer's response to the latest ptrace vulnerability: "it's a local root hole, and there are still tons of those left
out there to squash". And once those are squashed, there are lots of EZ denial of service glitches to correct too.
I would love to see the linux kernel made more robust, like the BSD kernel. Now, whether or not Novell are the people to do it, I don't know. Personally I think that linux is still better than any Microsoft or Novell "enterprise grade" solution.
I seriously doubt large companies have the ability, or the interest, in making any operating system truly robust. But "we" can do it I'm sure, because we know what we really want.
Seriously, what makes us think that we even have the capacity to understand the universe, or whatever, in its entirety? Just because we know math? Holy crap. I've spent the past 5 years studying math & engineering and have some pretty good knowledge in quantum theory, and sometimes (i.e. NOW), and I get the pretty strong feeling that someone is just playing with numbers and equations.
Why can't we just do what we're best at... eating berries & stuff, sleeping, running around whacking rabbits, fscking a whole lot, etc. It can be a pretty good system.
Silly ph1ux, you can't use CIDR and class together. The purpose of CIDR is to provide more network granularity than the octet-centric 'class' based approach - see this little guide on subnetting and CIDR Blocks.
Slashdot Mirror
An RFC is a "Request For Comment", a technical specification document put forward by anybody. As wikipedia puts it, "Few RFCs are standards but all Internet standards are recorded in RFCs."
So what am I getting at is, realize that this hasn't been adopted as some Internet standard overnight. But it's very positive for the project to have such a well defined standards document in a familiar format!
I don't think that the consent issue can lead to a viable system that extends what we already use. The consent issue can be used as a basis for law and I think that's what you may have meant. I would like to see laws in place that would make unsolicited bulk mailings illegal on the basis that they're unsolicited (without consent)... but as an SMTP extension, I think an authorization based system is doomed to failure.
Mod parent up. The article makes it sound like SPEWS is deceitful and underground -- it's not, and the whois contact info is legit. It's too bad the original article misconstrued the result of their failed whois query.
I've observed many exchanges between SPEWS staff and people complaining, and found the SPEWS people to be quite reasonable. They try their best to make their listing accurate.
I don't like the idea of blacklisting IP netblocks, and here's why: when you see spam coming from any given host, it's rarely the netblock that's the problem, rather it's always the spam content that's the problem!
If you understand that point then you can see why all the collateral damage occurs unnecessarily. You're shooting down the wrong target. We're doing it now because it's easier (blackhole IP, bandwidth saved) but the consequence is too great to ignore: we're fracturing Internet-wide communication more and more every day!
We should focus instead on content-based spam filtering, and share that knowledge to improve efficiency. Accuracy skyrockets and collateral damage virtually disappears! You can use intelligent software like spamprobe to classify mail as spam, for instance. There's also the Distributed Checksum Clearinghouse, which lets mail servers around the world determine what's spam based on collective mail data.
A million mail servers sharing with each other what they know about the appearance of this week's spam would be killer. I'd love to see that.
Speaking of which, browse through this essay on Orwell's 1984 to spot some familiar themes.
The parent post isn't really funny, it's actually a serious issue. Depending on how DRM is implemented, you may not be able to easily back up and restore the music from CD. Because under these models you don't have the right to freely copy the data that makes up that music.
Personally, that pisses me off because under my model I control the data that's stored on my computer.
If you only need to print in black and white, you will likely be much better off with a laser printer anyway (i.e. better, faster, cheaper!). I did a quick calculation on my DeskJet 6xx series ink cartridge versus an HP LaserJet 1200 toner unit. The ink cartridge capacity is disappointing.
laserjet: $100 / 3000 pages = $0.03 / page
hp inkjet: $40 / 650 pages = $0.06 / page
Pretty much all laser printers result in a lower cost per page than inkjet. Do a calculation with how many pages you print a year, and you may find that the laser pays for itself very quickly.
Anti-spam activists go to a lot of trouble to help locate and identify people and groups responsible for flooding the net with spam (or who provide spamware to misinformed laypeople). These same good-doers are often sought out by spammers, sued by groups of them, have their privacy invaded (release of home phone, address) in effort to scare them into shutting up.
I am not kidding here. Take a look at some of the projects that scare the hell out of professional spammers:
spamhaus keeps an exhaustive list of major spam operations.
SPEWS lists areas of the Internet that have frequently be used for spamming, including detailed evidence files and histories of ISPs that turn a blind eye to spam.
Spamware vendor list has a listing of sites that sell spamming software -- without which we would have little or no spam.
I guess even Microsoft is realizing that for administration purposes, it's not beneficial to hide all settings deep within pretty GUI tabs and dialogs.
:)
Good luck with that experiment, Microsoft. But there's much more to a solid OS than a simply a lack of GUI
If the kids are such a problem, it's because you made them a problem. Or do you not raise your own kids?
In a lot of countries (Japan comes to mind) children and their education are highly valued. Young people are respected and grow up respecting the rest of their family. As a result, they take care of their parents when they get older and everyone doesn't selfishly "ditch each other".
New email registries will decrease spam? Set up by online marketers? No, sorry, I don't buy that at all. Remember what their interests are. The problem at hand is... most spammers don't care about creating inconveniences. They are like greedy undisciplined children, and won't stop spamming unless they are forced to (by law, vigilante retaliation, etc.)
.procmailrc and uses a Bayesian scoring type of approach. It's a user-level solution which requires some training, but once it's accurate it's quite amazing. Currently it's missing only 3% of my incoming spam.
To say something constructive now. There are two neat server side spam filtering projects I really like because neither uses IP-based blacklists (blacklists can bring a lot of collateral damage and require frequent judgement calls).
Spamprobe can be run from
The Distributed Checksum Clearinghouse also runs server side and uses fuzzy checksums to identify mail that is being received by a suspiciously large number of mail hosts around the world. A brilliant idea which works better than you may think. I have never seen a false positive with this system, and it misses about 1/4 of incoming spam. Effectiveness will improve as more hosts join the distributed checksum system!
If they do start to implement such eavesdropping facilities, I imagine that a lot of people might switch to routers powered by open source (such as Linux, BSD) so they can really know what's under the hood. Remember that a low end Pentium running Linux can easily route 10/100 Mbps.
That being said, Cisco knows that companies that used to buy from them will still probably buy from them. So this can't be a huge risk to their company. But the 'new features' would firmly embed government eavesdropping facilities in major ISPs, banks, large companies, schools, universities, etc.
Back in Jan '00 it was at $60 - now it's about $25...
That would make it "a good time to buy".
Google has been going through its deep crawl the past 6 days.
:)
Oh, ok... the numbers I was seeing did seem weird
It seems that google is actually crawling my site a lot more than grub is. Over the past 6 days:
$ grep -c Googlebot access_log
827
$ grep -c grub-client access_log
153
Luckily, the average slashdot reader is pretty smart. I'm sure this 'news' registered pretty high on most peoples' B.S. meters.
I don't mean to be insulting, but many managers are twits, and no matter what kind of wonderful software they have access to they still have to use their own brains to interpret, understand, and apply the data presented.
;)
I take university courses in management, and am repeatedly awestruck by the sheer stupidity of some of my peers. Many of them graduate and go on to become rather useless business people.
Always remember, Incompetent People Rarely Know They Are
Do you know why a problem like this becomes such a worldwide crisis instead of just an annoying glitch? It's the same reason an IIS bug results in most of the world's networks grinding to a congested halt: everyone is using the same software.
/net)
But there are alternatives. WordPerfect Office 11 was released yesterday (interesting, eh?). And if you want something free, why not use OpenOffice.org 1.0.3 released earlier this month. It works great; I use it for everything. I haven't used Corel's product since office 9 but I used to really love it, especially the "reveal codes" feature.
The only area in which OpenOffice lacks is ease of installation for multiple users on a windows machine (use: setup
I'm as much a linux fan as any other geek, hell I rely it on for my home, business, and university servers.
But anyone who has run a linux server as a true multiuser system (i.e. with other people users, who have standard userlike weaknesses) has discovered that the linux kernel isn't as robust as say the BSD kernel. It's easy to bring a linux system to its knees with malicious or even accidental user scripts that fork bomb etc.
Slightly different angle now, but check out this developer's response to the latest ptrace vulnerability: "it's a local root hole, and there are still tons of those left out there to squash". And once those are squashed, there are lots of EZ denial of service glitches to correct too.
I would love to see the linux kernel made more robust, like the BSD kernel. Now, whether or not Novell are the people to do it, I don't know. Personally I think that linux is still better than any Microsoft or Novell "enterprise grade" solution.
I seriously doubt large companies have the ability, or the interest, in making any operating system truly robust. But "we" can do it I'm sure, because we know what we really want.
Seriously, what makes us think that we even have the capacity to understand the universe, or whatever, in its entirety? Just because we know math? Holy crap. I've spent the past 5 years studying math & engineering and have some pretty good knowledge in quantum theory, and sometimes (i.e. NOW), and I get the pretty strong feeling that someone is just playing with numbers and equations.
Why can't we just do what we're best at... eating berries & stuff, sleeping, running around whacking rabbits, fscking a whole lot, etc. It can be a pretty good system.
Silly ph1ux, you can't use CIDR and class together. The purpose of CIDR is to provide more network granularity than the octet-centric 'class' based approach - see this little guide on subnetting and CIDR Blocks.