In a perfect world, good parents wouldn't need to rely upon a full or partial "solution" but would instead raise their kids to be able to distinguish between right and wrong, appropriate and inappropriate.
Do we live in a perfect world? No. But bad parenting is an extremely subjective term. Is it bad parenting if the kid gets perfect grades in school, doesn't look at adult content, and doesn't get in trouble with any laws or rules, but lived as a hermit for his entire life and can not interract in our society? Is it bad parenting if a kid gets average grades in school, browses the occasional adult site, and gets in trouble at school for pulling a stupid prank every now and then, but knows how to act in public and how to work with others?
Sure those are opposite ends of the spectrum, but I know parents whose kids fit both catagories. It all depends on how you define a "good" or "bad" parent. A real-life example: I know a family where the parents are staunch opponents of sex-ed classes in schools. They homeschooled their kids because of it and the subject was never brought up. Whose kids were all forced to go get married within a few months of moving out from home due to having illegitimate children on the way? Yep, you guessed it.
You will never be able to protect bad parents from themselvs (or more accurately protect their children.) Make something idiot-proof, and a better idiot will come along shortly.
I can appreciate that. I used to feel the same way as you, that filtering and protected addresses were enough. I've been using that method for about 4 years now, and the volume of spam I receive keeps climbing. Sure I can change an address and drop some of it off, but it is only a matter of time before another takes its place.
Is it an arms race? Probably, but I'd rather die fighting for the cause than continue to be a victim of the collateral damage. Each person has their tolerance level, and mine has been crossed. I hope that yours never is. If it were my choice, we'd all start using X.509 or PGP signatures on e-mail and automatically reject all non-signed or non-encrypted messages. The needed processor cycles would be enough to slow spam down to a crawl. Obviously mail lists, etc, would need to be whitelisted.
Even if you don't want to actively participate in Bluesecurity by forwarding messages your filters miss, consider automatically forwarding all of your filtered messages. That way you are helping the cause but not taking any more of your time other than the initial setup.
What part of their methods do you not agree with? All they are doing is automating what you could do on your own. For each spam message you send them, they analyze it and set up a script to make ONE opt-out request on the spammer's website (where they are selling their product) and ONE message each to some and/or all of the upchain ISPs, government agencies that have jurisdiction over the crime, etc. They then forward that script to your BlueFrog client running on your system. If you are the only person that got that spam message, that one message is all that is sent to the spammer and the appropriate authorities.
Now if the spammer sends that message to 1000 BlueSecurity members, they will get 1000 messages generated and sent, one from each of the users they spammed. If they send it to 5000 users, well you get the idea. The more Blue people they spam, the more opt-out requests they get. One for one.
You have a right to do it by yourself, tracking filling out forms on the spammer's ordering site, forwarding a copy to the ISP of the originating IP and/or mail server, forwarding it to the FDA if it is a drug relates spam, etc. How long will that take you? You could easily spend a few hours a day or more doing that.
Enter BlueSecurity stage right. They hire staff to track down the senders of that spam message you just received, just like you would have done. The difference is they take that information and distribute it to everybody else they know received that spam as well.
The thing is, these spammers should understand they have absolutely 0% of a chance of selling that item to any of the members of the Blue community. Why are they bothering to do this when it has no chance whatsoever of giving them even a single cent of profit? They should be happy to have the chance to clean their leads list. I've done telephone sales in the past (calling existing members about renewals) and I was happy to remove people who didn't want to be called from the list. For every person I removed from the list, it meant one less guaranteed no-sale next time the membership list cycled. In the long run I made more sales, and actually helped more people save money (it was cheaper to renew via phone than via the normal process) on a product they wanted.
I understand the calling I was doing is completely different than the spamming in this topic, but the end result is the same. The more guaranteed "no" leads you remove, the higher you sales percentage will be, and the more profits in the long run.
I had heard about Blue before this mess, but never got around to checking into their methods and signing up. Now that I see they are effective, and feel comfortable on how their network and client works (I also thought they DDoS'd the sites until I looked into it,) I have signed up. Now I'm waiting for their system to become fully functionable again so I can verify my account and start kicking spammer tail!
> You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down.. > > Just remove yourself from BlueSecurity, and make it easier on you.
Anyone else see the problem here? You must remove your address, but you can't since we are DDOSing the server.
The thing I don't get, what good do these spammers think this will do? For one, anyone signed up on this service are the exact addresses they want to weed out of their lists anyway, as they will NEVER buy anything from a spam they receive. All efforts to remove the users from the service will be wasted effort. Do they think that people will start reading and buying from spam if they are forced off of the spam removal service? If anything, it is in their best interest to remove users from their lists and use the CPU cycles and bandwidth of their zombie net to attack more vulnerable e-mails.
Second, they are advertising this service now to more people who were either not aware or hadn't signed up due to questions of effectiveness. Now that they are stating in public that the service works well enough that they are going to try and fight back, they just confirmed the signups of the fence-sitters.
Third, they are now making this personal to many people. When it is random spam that is sent out, it is easy to just ignore it and forget it. Now that they are specifically attacking people, more and more geeks are going to start attempting to track them down and give them what they deserve (either via legal action or good-old-fashioned vigilante justice.) They are no longer the anoying fly at your picnic, they are now the mountain lion that has been killing neighborhood pets.
I'd heard of BlueSecurity before, but hadn't looked into it much. I'm now going to look closely at it and probably sign up.
Um... I don't know where your bandwidth figures are coming from, but you have gone overboard with the requirements for VoIP. Non-compressed (g711u) voice requires roughly 90K, each direction, per active call. With 500K of bandwidth, you have ample room for 5 calls. Move to a compressed codec such as GSM or iLBC, you can handle even more calls.
Where residential users run into issues with their "500K" connection is due to it being asymmetric, meaning they have more download than upload bandwidth. For example, my cable connection is 3MB down, 300K up. If you don't take into account the threshhold capping my provider does if I use my bandwidth for much time at all, I can easily handle 3 simultaneous calls. Back when I had a 500K down/150K up connection (and before I implemented QoS,) I could only fit one, and it would sometimes die out if I was doing anything else on the 'Net at the same time. If I wasn't trying to move any other data across my connection it was excellent.
But being you are the expert and all, I'm sure you already knew all of that. And is the WiMac one of Apple's new offerings? I haven't heard of that technology yet.
Who is with me in asking for an amendment limiting all laws to one topic, 200 words or less, and only can pass with a signature of the President and a signature of a random person with a 3rd grade education who agrees that even they understand the law?
You've got to be kidding, right? We don't really want to give that much power to one person...
Are you using Misterhouse to control everything or do you use something different? I only ask as I have a bunch of X10 modules and have been contemplating setting up something similar to your scenario.
As was said previously, the signature on the back of the card is not ID, it is indicating you agree to the cardholder terms. It is VISA/Amex/MC/whoknowswhichcompany that requires the store to check the signature before accepting the card. Guess what, if the card isn't signed, the store doesn't have reasonable proof that you agreed to pay the credit bill, and would have a hard time fighting a chargeback.
I went into the US Post Office a couple of years back with a "Please See Photo ID" signature. They would not accept it until I signed it as well. I now sign my card, and list please see photo ID. Most stores ask even though they are not required to, and I always thank them for asking when they do.
It may be store policy for some people to check the signature as an ID step, but it is not a legal requirement, or a requirement made by the credit card company. If you aren't sure, call your credit card company or credit union and ask them specifically. If you get someone who actually knows and isn't going off the "my neighbor told me to do this" line, they will tell you that it may help in some stores, but not all, and offers very little protection.
Yes. If I listen to that 2 minutes of ads to get the free 10 minutes of long distance, those ads are saving me $.10 to $.20. Cheap long distance is anywhere between $.01 and $.02 per minute. Multiply that by 10 minutes...
I'm not talking about paying to listen to the ad, that would be flat out crazy.:-)
I do remember those. One such service called Freeway was great. Listen to an ad for 15 seconds, you got a minute free. I'd listen to 10 ads (a little over 2 minutes) then talk for free for 10. At first, there was a good variety of ads, and I actually purchased some goods and services based off of them. Towards the end though right before they shut down, the ads were always the same and none of them were anywhere near relevant to my demographics.
The only gripe I had was the risk of listening to that many ads, then getting an answering machine where you use less than a minute of time. Since it wouldn't store your "credit" or let you make another call without starting over, you were out those 9 ads for nothing.
Of course those were back when long distance was approximately $.20 per minute unless you used enough to get discounts. These days, the company would have to offer 10 minutes per 15 second ad or something similar to make the incentive worthwhile. When I could listen to ads for 2 minutes and save $2, I was all for it. But at todays rates, that same 2 minutes of ads would only save $.10 to $.20.
You are not understanding how Smartcard based PKI works. The smart card isn't a flash drive with a serial number on it. It is a full crypto engine and a microprocessor.
When you do a transaction with a smart card, the card is sent a string to encrypt using its private key. The card then requests your PIN in order to access the private key. Once it gets your pin, it encrypts the data and sends only the encrypted data back out.
To make it simple, the following examples assume the public keys have alredy been appropriately exchanged and loaded, as would be the case when a bank issues a card to a customer.
Apply this to a bank's online portal. The site needs authorization to login, so it sends a authentication code to your computer. Your computer hands that code to your smart card, with instructions to encrypt it. The card then requests the pin number from the user. The user enters in their pin, which enables the card to encrypt the data. The smartcard then sends the encrypted data back to the computer which sends it to the bank. The bank receives the data and decrypts it, using the public key associated with your card. Since it has confirmation that you encrypted it based on the public/private key pair, it authenticates you.
The thing to remember is with smart cards, the private key and your PIN NEVER leaves the card. A person can have data encrypted by your card, as a MitM would have, and could even have your PIN, but if they don't have your physical card, they can't do anything with it.
They can replay that authentication packet they recorded all they want, but since the bank uses a different authentication code every time a login is requested, the bank will know that your card did not perform the authentication and reject it.
Do some research on Publick Key Infrastructure. Your argument would be valid if the info the smart card was sending was static. However, since all encryption is done on the card itself without ever exposing your keys, your example does not apply to this situation.
One place you can learn about PKI is at http://www.cacert.org/ which is a community driven SSL certificate authority, similar to Thawte and Verisign. You can get both client and server certificates at no charge, and there are code examples on how to set up SSL logins to your website. PKI will work without a smart card, but without a smart card someone could potentially steal your private key without you knowing it. A smart card prevents that as you will know it is gone and can have it revoked.
I hope this helps clear things up for you, please feel free to contact me if you have questions.
I currently have a DishNetwork DVR (one of the older ones without the monthly fee, a 508 to be exact) and I love the 30 second skip button. Sometimes ads are interesting or funny. The 30 second skip button usually lets me see a small blip and it catches my attention. Then I'll use the 10 second back button, and watch the ad. Myth's Auto Skip feature would eliminate this, but I'm sure ads will still make it through once in a while.
These days advertisers need to use their creativity. As more and more people use DVRs of one form or another, less people are going to sit through the entire thing and watch unless the ad itself presents some entertainment value. Advertisers need to find a way to catch peoples attention enough that they will stop and actually watch the ad when they do see a clip of it.
On a somewhat related note, the "anchor" on a tech show I like to watch was talking about the "crummy" time slot his show has, 8:00 AM. He was talking about how he would rather have a prime-time slot. For me anyway, I'm glad it has a non-prime slot, as it allows me to record it on my DVR. If it had a prime slot, it would probably conflict with something else I'd rather watch over it. This way I can still record the prime-time shows I like to watch, and record this one as well.
I think it will be an interesting trend to see what happens with prime-time shows as DVRs become more popular. Some networks show their shows prime-time, then repeat them at various non-prime slots afterwards. I love it when they do this, because it gives me more flexibility in my TV viewing schedule. I don't watch a ton of shows, but I do want to be able to see the ones I do like to watch.
Are you using Asterisk? If so, would you mind posting your dialplan and associated config information? I have a Nextel phone with free incoming and have thought about doing something similar.
The other method I thought of for doing this is a WAP page that I can load on my phone's web browser with a simple form. Type in the number, the cell phone rings and then the call is placed to the remote party. This would prevent your "have to dial a number before you make your outbound call" annoyance.
Maybe that was 10 years ago when Nextel was more of a cross-over from the radio service into cell phones, but their rates are nowhere near that now. I wonder if they were talking about Boost, which is the pre-paid spin-off of Nextel, the pricing sounds more in line if that is the case. I find it very hard to believe that a fleet (and government no less) would pay more than individuals. Or maybe those are the rates that they get billed at, then a big discount is chopped off at the end of the bill and the end user never sees it. Either way I'm raising the brown flag over that one.
I have one of their "Free Incoming" plans, with 400 peak outgoing minutes, and free direct connect. I used my phone over 1200 minutes last month, and between the incoming calls, free nights and weekend outgoing, and direct connect, I only used 250 of my alotted minutes. Try that with any of the other carriers, it just won't happen unless you work nights and sleep all day. Under my old AT&T plan (before the Cingular merger) I would have had an overage of well over $200 if I used the phone the way I do now.
Everybody has gripes about certain carriers. My wife and I tried Verizon, and they were the worst provider I've ever used. Worst coverage, and even worse customer service. We ended up just letting the phones sit idle for 3 months to ride out the contract after we switched to Nextel. On the other hand I know others that swear by Verizon and would never switch unless they went out of business.
I've heard people in my area rave about Sprint's features and such, the only complaint is the coverage once you get away from the downtown areas. Since I have service with Nextel in more areas locally than I had with AT&T and Verizon, I'm thinking the merger should help both Sprint and Nextel if they use their heads.
Excellent point. If even the less-than-secure WEP encryption is enabled, then one must circumvent the encryption in order to use the service. At that point is when the line is crossed.
If there is no encryption enabled, then I think the best analogy I saw above was a web server on port 80. If I connect and it serves me with a page, then I can assume authorization to use it. If it serves me with an authorization request, then I have no authorization to use it further. Pretty cut and dried. If I decide to access it anyway by breaking the authorization, then the law is broken.
Access points should be considered the same way. If I attempt to connect and it allows it, and serves an IP, then I should be able to assume I am authorized to use it. If I am asked for a key (or any other kind of authentication) then I should assume authorization is not given. If I decide to access it anyway by breaking the authorization, then the law is broken.
I hate the fact that people buy technology they don't understand, and try to use it as if they do. They bring them up on conflicting channels with their neighbors. They don't enable security. They don't firewall them off from the rest of their network. They don't even bother to change admin passwords! Then when something goes wrong, they expect everyone else to do something so they don't have to.
I think they need to get rid of unlicensed spectrum and make everyone pass a test similar to an amateur radio licence in order to use the band. Rather than have a technical test such as frequencies, make the exam manufacturer/retailer specific and focus on the need-to-knows of the device being purchased. For example, if you are buying an AP, then you need to show you both understand how to secure it (and the risks if you choose not to) as well as how to mitigate any interference you may cause when installing. Have the test be a free (or like $1-5) and be good for life for that type/class of product. For those of us who work on a broad range of products, have a "general PC technician" type of test so we don't have to test every time we want to buy something new. Perhaps that test should have some common sense and logic rather than device specific rules.
I was actually looking into that last night. I'm a fellow Idahoan (Caldwell) myself. From my calculations, a 4KW system would take over 100 years to pay for itself in energy savings at our rates.
The biggest advantage to PV systems in our area seems to be redundancy. Have the PVs charge a bank of batteries, and send the remaining juice to the house/grid. Of course at the cost, it may be cheaper in the long run just to charge from the grid as well.
One alternative fuel source that I am interested in is BioDiesel. With the abundance of farm products and wastes we have in this area, we could (and should be) a lot farther along on the renewable energy front.
Shoot me an e-mail if you like, it could be interesting chatting about our local options.
Jeremy
P.S. I work for a company that used to be a part of yours.:-)
I think not having a phone capable of 911 service would be a "real reason" for not being able to assist. My monthly phone bill (minus long-distance) costs slightly over $10 since I've switched to VoIP. My old landline used to cost me over $30 per month, again not including long distance, and I have more features that I can use than I did before. Lack of E911 services is worth the $240 per year for me, especially considering my wife and I keep cell phones that are no longer activated both upstairs and down. And yes, they are always charged.
I don't deny that if it were purely a cost factor, it should be implemented. In fact, my old POTS provider itemized out the E911 fee at $1 per month. I would gladly pay that difference if I could get the service on my VoIP line. It doesn't only benefit me, but it would be an additional saftey net for my neighbors and visitors as well. Unfortunately it is not a cost factor at all.
As others have pointed out in other threads in this story, the biggest hurdle is technological. The E911 system works as well as it does because when a call comes in the copper pair used to carry that call is tied to a specific physical location. That location is then displayed on the screen of the call-taker, so they can have emergency crews on the way before they even find out the full emergency.
With my VoIP line, there is technically no physical location to tie my call to. I can be making the call from my ATA here in the house. Or I can be using a softphone on my PC at work. I can be using a WiFi phone at a McDonalds a thousand miles away from my house. Since geographic tracing of IP addresses is all but reliable (I generally use a VPN when I am not at home, and calls still get routed out my home IP) there is no way to give accurate data to the E911 dispatch center.
What I have done on my phone is configured it so that when (if) 911 is dialed, the call is routed to my local sheriff's office dispatch center. Everybody in my household and who visits often knows that they will have to give the address to the call taker if they have an emergency. When I am traveling away from my home, I know not to dial 911 on my phone.
As I said before, the problem is that Jane Soapwatcher doesn't take the time to read through the documentation provided prior to signing up for the service. They read the advertisements that say they can take their ATA with them when they travel and can plug in their phone in a hotel room and get their calls. They try to dial 911 and you know the rest of the story.
Personally I think the providers should actively NOT support 911 because of the limitations, not implement pseudo support. When the user dials they should get a greeting to the effect of "This phone line does not support 911 services. Please use another phone or press 1 now to be connected to directory services to search for the local sheriff's office number." That way when Jane Soapwatcher tries to call, she won't waste time trying to dial 3 times not understanding why the call won't go through as the original person in TFA did.
To sum it up, I have valid reasons for saying the providers should not be forced into something the technology doesn't support. And by the way, if you are hurt and ask me for help, I will do whatever is in my power to assist. I'm not "just an egotistical asshole," I sometimes like to play Devil's Advocate as well.
I know people who don't even have a phone of any kind in their house. Are you saying *you* shouldn't be denied the ability to call 911 because they are a cheapskate? I hope not.
I have no expectation of being able to use his phone in an emergency. By your reasoning, everyone should be forced to carry a phone line capable of dialing 911. Whether or not you want to call someone a cheapskate is not relevant. You should have no assumption of saftey if you are not at a location where you have control over the type of phone line. If you are in need of emergency services, you have no *right* to use my phone line to call. It is my courtesy and generosity that allows you to do so. If my phone line doesn't support 911 (and it doesn't, I use strictly VoIP myself) why should that responsibility be placed on me?
The whole point of this regulation is that this lady bought a service, and agreed to its terms stating that she had no real 911 access. She did not understand it, or thought she would never need it. She took a risk, and now is trying to place the responsibility onto someone else. She made the choice to drop her landline and become the "cheapskate" and now the rest of us are being made to suffer for her actions.
There are several people offering a bounty on a Skype channel for Asterisk, but as of yet nothing is available.
As far as other directories, there are several out there. Free World Dialup is one run by Jeff Pulver, http://www.fwdnet.net is the address for that one. There is also IAXTel, which is mainly used to test IAX functionality.
The cool thing about FWD is it uses standard SIP and/or IAX peering, so any SIP compatible device can be used. This means soft phones, hardware IP phones, gateway routers, WiFi phones, all will work as long as they use SIP. You aren't limited to using only Asterisk PBXs to connect.
There are several others out there, but I don't use them and don't recall what they are off hand. If you have a friend who has an Asterisk box, you can also configure to directly peer with each other rather than using a directory service like FWD.
Feel free to give me a call on FWD if you want to try it. 43506 is my number. It rings through on my home phones via my Asterisk box, and will go to a voice mail box if I am not there. Please mind the time though, I am in Mountain time, and am generally available from 4:00 PM to about 9:30 PM my time, weekends are hit and miss through out normal daytime hours.
You won't be able to use Skype, as they do not have an open protocol, and there is no way to connect to it via Asterisk.
You can use Nufone (http://www.nufone.net) at $0.019 per minute (cheaper than SkypeOut anyway) to accomplish the same thing.
Other than that, it shouldn't be that hard to do, and the other person that replied has it set up already.
Jeremy
Re:Silly question about Asterisk@home
on
Build Your Own PBX
·
· Score: 1
One of the biggest WAF points for me is the cost. I built my system out of spare parts, a knock-off X100P card from eBay, and a Sipura SPA1000 provided by my ITSP.
You see, my local telco charges basically $20 per month for unlimited long distance, in addition to the regular $30 or so for a basic line with a couple of basic features. My ITSP charges me $10 per month for unlimited inbound and in-state outbound calling, plus tons more features than our old company does.
Since I am generally beta-testing somebody's service at any given time, we effectively have free long distance. My wife loves it, as she can call all of her out-of-state friends and it doesn't bring our phone bill up over the $10 per month.
Once I run out of companies to beta test for, I can switch to a $20 per month plan at my ITSP and have unlimited long distance to all 50 states. That would still save us $30 per month over what our land line provider offered.
Sure there were some occasional quirks that needed to be worked out, but they are few and far between. I was showing my wife something she could do with the phone the other day, and she even made the comment, "I used to hate this and think it was a waste of time and money, but I'm really glad you have this working now."
Asterisk is Linux only (I believe there is a windows port out there) so you don't have to worry about that. Figure about $100 for a card to interface the analog telephone with Asterisk. You can also get a FXS to SIP interface (Sipura makes one) but I don't recall the price off hand.
Your Asterisk setup should be on a relatively dedicated system (Mine is also my home web server) not on your desktop machine.
Your question is like asking "I have a computer and a modem. I plugged it in, why can't I see the Internet?" Vonage is a ITSP (Internet Telephony Service Provider) just like Earthlink of your cable/DSL company is your Internet Service Provider.
With Vonage, you still have to have SIP equipment in order to use the service. On the other side of the coin, you can have SIP equipment (such as this PBX software plus a SIP phone/adapter) but you still have to have a service provider.
There are service providers such as Free World Dialup (http://www.fwdnet.net) that will let you call other users of the service at no charge, but you won't be able to interface in with the POTS network.
One of the greatest things the average user can do with this software (I use Asterisk at home) is set it up to route your calls either via a service provider for a POTS connection (I use Broadvoice) or to FWD if the person you are calling is also an FWD user. That way you can get a cheaper calling plan with your POTS provider, and use strictly the Internet for people on long distance.
That is just a scratch on the surface of the power available with VoIP. Pulver (the person behind FWD) also has a service that lets users share each others' POTS lines when they are not in use. That could be a good alternative to you if you want to set up Asterisk with a $15 modem in it.
That happens with MMORPGs. When I played Everquest, and City of Heroes for a while, I played with friends. When I registered my characters, I made sure I was on the same server they were. If Sony came in and wanted me to change servers, I would do whatever all of my friends decided to do. If they wanted to stay, that is what I would do too. If they wanted to move, then I would move. I don't play MMORPGs to randomly look for people to play with, and I don't imagine many people do.
Slashdot Mirror
In a perfect world, good parents wouldn't need to rely upon a full or partial "solution" but would instead raise their kids to be able to distinguish between right and wrong, appropriate and inappropriate.
Do we live in a perfect world? No. But bad parenting is an extremely subjective term. Is it bad parenting if the kid gets perfect grades in school, doesn't look at adult content, and doesn't get in trouble with any laws or rules, but lived as a hermit for his entire life and can not interract in our society? Is it bad parenting if a kid gets average grades in school, browses the occasional adult site, and gets in trouble at school for pulling a stupid prank every now and then, but knows how to act in public and how to work with others?
Sure those are opposite ends of the spectrum, but I know parents whose kids fit both catagories. It all depends on how you define a "good" or "bad" parent. A real-life example: I know a family where the parents are staunch opponents of sex-ed classes in schools. They homeschooled their kids because of it and the subject was never brought up. Whose kids were all forced to go get married within a few months of moving out from home due to having illegitimate children on the way? Yep, you guessed it.
You will never be able to protect bad parents from themselvs (or more accurately protect their children.) Make something idiot-proof, and a better idiot will come along shortly.
Jeremy
P.S. Yes, I am a parent of 2.
I can appreciate that. I used to feel the same way as you, that filtering and protected addresses were enough. I've been using that method for about 4 years now, and the volume of spam I receive keeps climbing. Sure I can change an address and drop some of it off, but it is only a matter of time before another takes its place.
Is it an arms race? Probably, but I'd rather die fighting for the cause than continue to be a victim of the collateral damage. Each person has their tolerance level, and mine has been crossed. I hope that yours never is. If it were my choice, we'd all start using X.509 or PGP signatures on e-mail and automatically reject all non-signed or non-encrypted messages. The needed processor cycles would be enough to slow spam down to a crawl. Obviously mail lists, etc, would need to be whitelisted.
Even if you don't want to actively participate in Bluesecurity by forwarding messages your filters miss, consider automatically forwarding all of your filtered messages. That way you are helping the cause but not taking any more of your time other than the initial setup.
Jeremy
What part of their methods do you not agree with? All they are doing is automating what you could do on your own. For each spam message you send them, they analyze it and set up a script to make ONE opt-out request on the spammer's website (where they are selling their product) and ONE message each to some and/or all of the upchain ISPs, government agencies that have jurisdiction over the crime, etc. They then forward that script to your BlueFrog client running on your system. If you are the only person that got that spam message, that one message is all that is sent to the spammer and the appropriate authorities.
Now if the spammer sends that message to 1000 BlueSecurity members, they will get 1000 messages generated and sent, one from each of the users they spammed. If they send it to 5000 users, well you get the idea. The more Blue people they spam, the more opt-out requests they get. One for one.
You have a right to do it by yourself, tracking filling out forms on the spammer's ordering site, forwarding a copy to the ISP of the originating IP and/or mail server, forwarding it to the FDA if it is a drug relates spam, etc. How long will that take you? You could easily spend a few hours a day or more doing that.
Enter BlueSecurity stage right. They hire staff to track down the senders of that spam message you just received, just like you would have done. The difference is they take that information and distribute it to everybody else they know received that spam as well.
The thing is, these spammers should understand they have absolutely 0% of a chance of selling that item to any of the members of the Blue community. Why are they bothering to do this when it has no chance whatsoever of giving them even a single cent of profit? They should be happy to have the chance to clean their leads list. I've done telephone sales in the past (calling existing members about renewals) and I was happy to remove people who didn't want to be called from the list. For every person I removed from the list, it meant one less guaranteed no-sale next time the membership list cycled. In the long run I made more sales, and actually helped more people save money (it was cheaper to renew via phone than via the normal process) on a product they wanted.
I understand the calling I was doing is completely different than the spamming in this topic, but the end result is the same. The more guaranteed "no" leads you remove, the higher you sales percentage will be, and the more profits in the long run.
I had heard about Blue before this mess, but never got around to checking into their methods and signing up. Now that I see they are effective, and feel comfortable on how their network and client works (I also thought they DDoS'd the sites until I looked into it,) I have signed up. Now I'm waiting for their system to become fully functionable again so I can verify my account and start kicking spammer tail!
Jeremy
> You might also notice, that the BlueSecurity site(http://www.bluesecurity.com) is down..
>
> Just remove yourself from BlueSecurity, and make it easier on you.
Anyone else see the problem here? You must remove your address, but you can't since we are DDOSing the server.
The thing I don't get, what good do these spammers think this will do? For one, anyone signed up on this service are the exact addresses they want to weed out of their lists anyway, as they will NEVER buy anything from a spam they receive. All efforts to remove the users from the service will be wasted effort. Do they think that people will start reading and buying from spam if they are forced off of the spam removal service? If anything, it is in their best interest to remove users from their lists and use the CPU cycles and bandwidth of their zombie net to attack more vulnerable e-mails.
Second, they are advertising this service now to more people who were either not aware or hadn't signed up due to questions of effectiveness. Now that they are stating in public that the service works well enough that they are going to try and fight back, they just confirmed the signups of the fence-sitters.
Third, they are now making this personal to many people. When it is random spam that is sent out, it is easy to just ignore it and forget it. Now that they are specifically attacking people, more and more geeks are going to start attempting to track them down and give them what they deserve (either via legal action or good-old-fashioned vigilante justice.) They are no longer the anoying fly at your picnic, they are now the mountain lion that has been killing neighborhood pets.
I'd heard of BlueSecurity before, but hadn't looked into it much. I'm now going to look closely at it and probably sign up.
Jeremy
Um... I don't know where your bandwidth figures are coming from, but you have gone overboard with the requirements for VoIP. Non-compressed (g711u) voice requires roughly 90K, each direction, per active call. With 500K of bandwidth, you have ample room for 5 calls. Move to a compressed codec such as GSM or iLBC, you can handle even more calls.
Where residential users run into issues with their "500K" connection is due to it being asymmetric, meaning they have more download than upload bandwidth. For example, my cable connection is 3MB down, 300K up. If you don't take into account the threshhold capping my provider does if I use my bandwidth for much time at all, I can easily handle 3 simultaneous calls. Back when I had a 500K down/150K up connection (and before I implemented QoS,) I could only fit one, and it would sometimes die out if I was doing anything else on the 'Net at the same time. If I wasn't trying to move any other data across my connection it was excellent.
But being you are the expert and all, I'm sure you already knew all of that. And is the WiMac one of Apple's new offerings? I haven't heard of that technology yet.
Who is with me in asking for an amendment limiting all laws to one topic, 200 words or less, and only can pass with a signature of the President and a signature of a random person with a 3rd grade education who agrees that even they understand the law?
You've got to be kidding, right? We don't really want to give that much power to one person...
Are you using Misterhouse to control everything or do you use something different? I only ask as I have a bunch of X10 modules and have been contemplating setting up something similar to your scenario.
Jeremy
That is interesting, and wrong. Period.
As was said previously, the signature on the back of the card is not ID, it is indicating you agree to the cardholder terms. It is VISA/Amex/MC/whoknowswhichcompany that requires the store to check the signature before accepting the card. Guess what, if the card isn't signed, the store doesn't have reasonable proof that you agreed to pay the credit bill, and would have a hard time fighting a chargeback.
I went into the US Post Office a couple of years back with a "Please See Photo ID" signature. They would not accept it until I signed it as well. I now sign my card, and list please see photo ID. Most stores ask even though they are not required to, and I always thank them for asking when they do.
It may be store policy for some people to check the signature as an ID step, but it is not a legal requirement, or a requirement made by the credit card company. If you aren't sure, call your credit card company or credit union and ask them specifically. If you get someone who actually knows and isn't going off the "my neighbor told me to do this" line, they will tell you that it may help in some stores, but not all, and offers very little protection.
Jeremy
Yes. If I listen to that 2 minutes of ads to get the free 10 minutes of long distance, those ads are saving me $.10 to $.20. Cheap long distance is anywhere between $.01 and $.02 per minute. Multiply that by 10 minutes...
:-)
I'm not talking about paying to listen to the ad, that would be flat out crazy.
Jeremy
I do remember those. One such service called Freeway was great. Listen to an ad for 15 seconds, you got a minute free. I'd listen to 10 ads (a little over 2 minutes) then talk for free for 10. At first, there was a good variety of ads, and I actually purchased some goods and services based off of them. Towards the end though right before they shut down, the ads were always the same and none of them were anywhere near relevant to my demographics.
The only gripe I had was the risk of listening to that many ads, then getting an answering machine where you use less than a minute of time. Since it wouldn't store your "credit" or let you make another call without starting over, you were out those 9 ads for nothing.
Of course those were back when long distance was approximately $.20 per minute unless you used enough to get discounts. These days, the company would have to offer 10 minutes per 15 second ad or something similar to make the incentive worthwhile. When I could listen to ads for 2 minutes and save $2, I was all for it. But at todays rates, that same 2 minutes of ads would only save $.10 to $.20.
Jeremy
You are not understanding how Smartcard based PKI works. The smart card isn't a flash drive with a serial number on it. It is a full crypto engine and a microprocessor.
When you do a transaction with a smart card, the card is sent a string to encrypt using its private key. The card then requests your PIN in order to access the private key. Once it gets your pin, it encrypts the data and sends only the encrypted data back out.
To make it simple, the following examples assume the public keys have alredy been appropriately exchanged and loaded, as would be the case when a bank issues a card to a customer.
Apply this to a bank's online portal. The site needs authorization to login, so it sends a authentication code to your computer. Your computer hands that code to your smart card, with instructions to encrypt it. The card then requests the pin number from the user. The user enters in their pin, which enables the card to encrypt the data. The smartcard then sends the encrypted data back to the computer which sends it to the bank. The bank receives the data and decrypts it, using the public key associated with your card. Since it has confirmation that you encrypted it based on the public/private key pair, it authenticates you.
The thing to remember is with smart cards, the private key and your PIN NEVER leaves the card. A person can have data encrypted by your card, as a MitM would have, and could even have your PIN, but if they don't have your physical card, they can't do anything with it.
They can replay that authentication packet they recorded all they want, but since the bank uses a different authentication code every time a login is requested, the bank will know that your card did not perform the authentication and reject it.
Do some research on Publick Key Infrastructure. Your argument would be valid if the info the smart card was sending was static. However, since all encryption is done on the card itself without ever exposing your keys, your example does not apply to this situation.
One place you can learn about PKI is at http://www.cacert.org/ which is a community driven SSL certificate authority, similar to Thawte and Verisign. You can get both client and server certificates at no charge, and there are code examples on how to set up SSL logins to your website. PKI will work without a smart card, but without a smart card someone could potentially steal your private key without you knowing it. A smart card prevents that as you will know it is gone and can have it revoked.
I hope this helps clear things up for you, please feel free to contact me if you have questions.
Jeremy
I currently have a DishNetwork DVR (one of the older ones without the monthly fee, a 508 to be exact) and I love the 30 second skip button. Sometimes ads are interesting or funny. The 30 second skip button usually lets me see a small blip and it catches my attention. Then I'll use the 10 second back button, and watch the ad. Myth's Auto Skip feature would eliminate this, but I'm sure ads will still make it through once in a while.
These days advertisers need to use their creativity. As more and more people use DVRs of one form or another, less people are going to sit through the entire thing and watch unless the ad itself presents some entertainment value. Advertisers need to find a way to catch peoples attention enough that they will stop and actually watch the ad when they do see a clip of it.
On a somewhat related note, the "anchor" on a tech show I like to watch was talking about the "crummy" time slot his show has, 8:00 AM. He was talking about how he would rather have a prime-time slot. For me anyway, I'm glad it has a non-prime slot, as it allows me to record it on my DVR. If it had a prime slot, it would probably conflict with something else I'd rather watch over it. This way I can still record the prime-time shows I like to watch, and record this one as well.
I think it will be an interesting trend to see what happens with prime-time shows as DVRs become more popular. Some networks show their shows prime-time, then repeat them at various non-prime slots afterwards. I love it when they do this, because it gives me more flexibility in my TV viewing schedule. I don't watch a ton of shows, but I do want to be able to see the ones I do like to watch.
Jeremy
Thank you very much. I'll try to get the WAP page functionality working and I'll let you know if I get it to work decently.
Jeremy
Are you using Asterisk? If so, would you mind posting your dialplan and associated config information? I have a Nextel phone with free incoming and have thought about doing something similar.
The other method I thought of for doing this is a WAP page that I can load on my phone's web browser with a simple form. Type in the number, the cell phone rings and then the call is placed to the remote party. This would prevent your "have to dial a number before you make your outbound call" annoyance.
Jeremy
Maybe that was 10 years ago when Nextel was more of a cross-over from the radio service into cell phones, but their rates are nowhere near that now. I wonder if they were talking about Boost, which is the pre-paid spin-off of Nextel, the pricing sounds more in line if that is the case. I find it very hard to believe that a fleet (and government no less) would pay more than individuals. Or maybe those are the rates that they get billed at, then a big discount is chopped off at the end of the bill and the end user never sees it. Either way I'm raising the brown flag over that one.
I have one of their "Free Incoming" plans, with 400 peak outgoing minutes, and free direct connect. I used my phone over 1200 minutes last month, and between the incoming calls, free nights and weekend outgoing, and direct connect, I only used 250 of my alotted minutes. Try that with any of the other carriers, it just won't happen unless you work nights and sleep all day. Under my old AT&T plan (before the Cingular merger) I would have had an overage of well over $200 if I used the phone the way I do now.
Everybody has gripes about certain carriers. My wife and I tried Verizon, and they were the worst provider I've ever used. Worst coverage, and even worse customer service. We ended up just letting the phones sit idle for 3 months to ride out the contract after we switched to Nextel. On the other hand I know others that swear by Verizon and would never switch unless they went out of business.
I've heard people in my area rave about Sprint's features and such, the only complaint is the coverage once you get away from the downtown areas. Since I have service with Nextel in more areas locally than I had with AT&T and Verizon, I'm thinking the merger should help both Sprint and Nextel if they use their heads.
Excellent point. If even the less-than-secure WEP encryption is enabled, then one must circumvent the encryption in order to use the service. At that point is when the line is crossed.
:-)
If there is no encryption enabled, then I think the best analogy I saw above was a web server on port 80. If I connect and it serves me with a page, then I can assume authorization to use it. If it serves me with an authorization request, then I have no authorization to use it further. Pretty cut and dried. If I decide to access it anyway by breaking the authorization, then the law is broken.
Access points should be considered the same way. If I attempt to connect and it allows it, and serves an IP, then I should be able to assume I am authorized to use it. If I am asked for a key (or any other kind of authentication) then I should assume authorization is not given. If I decide to access it anyway by breaking the authorization, then the law is broken.
I hate the fact that people buy technology they don't understand, and try to use it as if they do. They bring them up on conflicting channels with their neighbors. They don't enable security. They don't firewall them off from the rest of their network. They don't even bother to change admin passwords! Then when something goes wrong, they expect everyone else to do something so they don't have to.
I think they need to get rid of unlicensed spectrum and make everyone pass a test similar to an amateur radio licence in order to use the band. Rather than have a technical test such as frequencies, make the exam manufacturer/retailer specific and focus on the need-to-knows of the device being purchased. For example, if you are buying an AP, then you need to show you both understand how to secure it (and the risks if you choose not to) as well as how to mitigate any interference you may cause when installing. Have the test be a free (or like $1-5) and be good for life for that type/class of product. For those of us who work on a broad range of products, have a "general PC technician" type of test so we don't have to test every time we want to buy something new. Perhaps that test should have some common sense and logic rather than device specific rules.
But I know that would never fly.
Jeremy
I was actually looking into that last night. I'm a fellow Idahoan (Caldwell) myself. From my calculations, a 4KW system would take over 100 years to pay for itself in energy savings at our rates.
:-)
The biggest advantage to PV systems in our area seems to be redundancy. Have the PVs charge a bank of batteries, and send the remaining juice to the house/grid. Of course at the cost, it may be cheaper in the long run just to charge from the grid as well.
One alternative fuel source that I am interested in is BioDiesel. With the abundance of farm products and wastes we have in this area, we could (and should be) a lot farther along on the renewable energy front.
Shoot me an e-mail if you like, it could be interesting chatting about our local options.
Jeremy
P.S. I work for a company that used to be a part of yours.
I think not having a phone capable of 911 service would be a "real reason" for not being able to assist. My monthly phone bill (minus long-distance) costs slightly over $10 since I've switched to VoIP. My old landline used to cost me over $30 per month, again not including long distance, and I have more features that I can use than I did before. Lack of E911 services is worth the $240 per year for me, especially considering my wife and I keep cell phones that are no longer activated both upstairs and down. And yes, they are always charged.
I don't deny that if it were purely a cost factor, it should be implemented. In fact, my old POTS provider itemized out the E911 fee at $1 per month. I would gladly pay that difference if I could get the service on my VoIP line. It doesn't only benefit me, but it would be an additional saftey net for my neighbors and visitors as well. Unfortunately it is not a cost factor at all.
As others have pointed out in other threads in this story, the biggest hurdle is technological. The E911 system works as well as it does because when a call comes in the copper pair used to carry that call is tied to a specific physical location. That location is then displayed on the screen of the call-taker, so they can have emergency crews on the way before they even find out the full emergency.
With my VoIP line, there is technically no physical location to tie my call to. I can be making the call from my ATA here in the house. Or I can be using a softphone on my PC at work. I can be using a WiFi phone at a McDonalds a thousand miles away from my house. Since geographic tracing of IP addresses is all but reliable (I generally use a VPN when I am not at home, and calls still get routed out my home IP) there is no way to give accurate data to the E911 dispatch center.
What I have done on my phone is configured it so that when (if) 911 is dialed, the call is routed to my local sheriff's office dispatch center. Everybody in my household and who visits often knows that they will have to give the address to the call taker if they have an emergency. When I am traveling away from my home, I know not to dial 911 on my phone.
As I said before, the problem is that Jane Soapwatcher doesn't take the time to read through the documentation provided prior to signing up for the service. They read the advertisements that say they can take their ATA with them when they travel and can plug in their phone in a hotel room and get their calls. They try to dial 911 and you know the rest of the story.
Personally I think the providers should actively NOT support 911 because of the limitations, not implement pseudo support. When the user dials they should get a greeting to the effect of "This phone line does not support 911 services. Please use another phone or press 1 now to be connected to directory services to search for the local sheriff's office number." That way when Jane Soapwatcher tries to call, she won't waste time trying to dial 3 times not understanding why the call won't go through as the original person in TFA did.
To sum it up, I have valid reasons for saying the providers should not be forced into something the technology doesn't support. And by the way, if you are hurt and ask me for help, I will do whatever is in my power to assist. I'm not "just an egotistical asshole," I sometimes like to play Devil's Advocate as well.
Jeremy
I know people who don't even have a phone of any kind in their house. Are you saying *you* shouldn't be denied the ability to call 911 because they are a cheapskate? I hope not.
I have no expectation of being able to use his phone in an emergency. By your reasoning, everyone should be forced to carry a phone line capable of dialing 911. Whether or not you want to call someone a cheapskate is not relevant. You should have no assumption of saftey if you are not at a location where you have control over the type of phone line. If you are in need of emergency services, you have no *right* to use my phone line to call. It is my courtesy and generosity that allows you to do so. If my phone line doesn't support 911 (and it doesn't, I use strictly VoIP myself) why should that responsibility be placed on me?
The whole point of this regulation is that this lady bought a service, and agreed to its terms stating that she had no real 911 access. She did not understand it, or thought she would never need it. She took a risk, and now is trying to place the responsibility onto someone else. She made the choice to drop her landline and become the "cheapskate" and now the rest of us are being made to suffer for her actions.
There are several people offering a bounty on a Skype channel for Asterisk, but as of yet nothing is available.
As far as other directories, there are several out there. Free World Dialup is one run by Jeff Pulver, http://www.fwdnet.net is the address for that one. There is also IAXTel, which is mainly used to test IAX functionality.
The cool thing about FWD is it uses standard SIP and/or IAX peering, so any SIP compatible device can be used. This means soft phones, hardware IP phones, gateway routers, WiFi phones, all will work as long as they use SIP. You aren't limited to using only Asterisk PBXs to connect.
There are several others out there, but I don't use them and don't recall what they are off hand. If you have a friend who has an Asterisk box, you can also configure to directly peer with each other rather than using a directory service like FWD.
Feel free to give me a call on FWD if you want to try it. 43506 is my number. It rings through on my home phones via my Asterisk box, and will go to a voice mail box if I am not there. Please mind the time though, I am in Mountain time, and am generally available from 4:00 PM to about 9:30 PM my time, weekends are hit and miss through out normal daytime hours.
You won't be able to use Skype, as they do not have an open protocol, and there is no way to connect to it via Asterisk.
You can use Nufone (http://www.nufone.net) at $0.019 per minute (cheaper than SkypeOut anyway) to accomplish the same thing.
Other than that, it shouldn't be that hard to do, and the other person that replied has it set up already.
Jeremy
One of the biggest WAF points for me is the cost. I built my system out of spare parts, a knock-off X100P card from eBay, and a Sipura SPA1000 provided by my ITSP.
You see, my local telco charges basically $20 per month for unlimited long distance, in addition to the regular $30 or so for a basic line with a couple of basic features. My ITSP charges me $10 per month for unlimited inbound and in-state outbound calling, plus tons more features than our old company does.
Since I am generally beta-testing somebody's service at any given time, we effectively have free long distance. My wife loves it, as she can call all of her out-of-state friends and it doesn't bring our phone bill up over the $10 per month.
Once I run out of companies to beta test for, I can switch to a $20 per month plan at my ITSP and have unlimited long distance to all 50 states. That would still save us $30 per month over what our land line provider offered.
Sure there were some occasional quirks that needed to be worked out, but they are few and far between. I was showing my wife something she could do with the phone the other day, and she even made the comment, "I used to hate this and think it was a waste of time and money, but I'm really glad you have this working now."
Jeremy
Asterisk is Linux only (I believe there is a windows port out there) so you don't have to worry about that. Figure about $100 for a card to interface the analog telephone with Asterisk. You can also get a FXS to SIP interface (Sipura makes one) but I don't recall the price off hand.
Your Asterisk setup should be on a relatively dedicated system (Mine is also my home web server) not on your desktop machine.
For more info, see http://www.voip-info.org
Good luck!
Jeremy
Your question is like asking "I have a computer and a modem. I plugged it in, why can't I see the Internet?" Vonage is a ITSP (Internet Telephony Service Provider) just like Earthlink of your cable/DSL company is your Internet Service Provider.
With Vonage, you still have to have SIP equipment in order to use the service. On the other side of the coin, you can have SIP equipment (such as this PBX software plus a SIP phone/adapter) but you still have to have a service provider.
There are service providers such as Free World Dialup (http://www.fwdnet.net) that will let you call other users of the service at no charge, but you won't be able to interface in with the POTS network.
One of the greatest things the average user can do with this software (I use Asterisk at home) is set it up to route your calls either via a service provider for a POTS connection (I use Broadvoice) or to FWD if the person you are calling is also an FWD user. That way you can get a cheaper calling plan with your POTS provider, and use strictly the Internet for people on long distance.
That is just a scratch on the surface of the power available with VoIP. Pulver (the person behind FWD) also has a service that lets users share each others' POTS lines when they are not in use. That could be a good alternative to you if you want to set up Asterisk with a $15 modem in it.
Hope this helps clarify things!
Jeremy
That happens with MMORPGs. When I played Everquest, and City of Heroes for a while, I played with friends. When I registered my characters, I made sure I was on the same server they were. If Sony came in and wanted me to change servers, I would do whatever all of my friends decided to do. If they wanted to stay, that is what I would do too. If they wanted to move, then I would move. I don't play MMORPGs to randomly look for people to play with, and I don't imagine many people do.
Jeremy