Professional spammers - the spamhaus operators who send spam on behalf of other people - don't make money because people buy spamvertised products. The make money buy convincing their clients that people buy spamvertised products. The reality is, nobody responds to spam. But the perception is all that matters.
Get-rich-quick scammers are eager to believe that they can make money by spamming - hence the preponderance of spam from such scammers. These scammers, being suckers themselves, are born every minute. Thus, even though everyone ALREADY follows your "advice," the professional spammers are still with us, and will continue to be with us for a very long time.
It's not about what you have to say, it's about how you say it.
I am allowed to say "Buy my artwork." I'm allowed to put that on a web site, tell it to my friends, tell it to random passersby on the street, say it in an on the radio or on TV, etc, etc.
But I'm not allowed to say it while standing on your own at 3am with a bullhorn aimed at your window, nor am I allowed to erect billboards wherever I please to get the message across, nor am I allowed to say it in an email message sent to complete stranger, unless I follow the requirements set forth in the laws of Utah, Ohio, Washington, and other states with laws that regulate this sort of thing.
It's not about free speech. It doesn't run afoul of the first amendment, for the same reason that laws about disturbing the peace do not run afoul of the first amendment. Everyone is still free to say whatever they please - they're just not free to use other peoples' resources to say it.
Spam from china (or anywyere) still usually (IME) advertises a business with a phone number or web site in the US. Spam advertisements only work if there's a way for the recipient to contact the sender so they can do business, so there will almost always be a way to track down the business being advertised.
Then the trick is to show that the business being advertised actually paid for the spamming, and than they weren't framed. You can expect them to deny it.
Unless you're doing work that's inherently two- or three-dimensional (or higher?), the mouse is just a way to get a 'hands on' feel at the expense of actually getting things done. Keystrokes give instant gratification, mouse gestures are tedious.
Those little underscores in the menu items are your friend, as is tab, alt-tab, and all those other magical hotkeys... lots of them are shown in the menus, pay attention to them and you'll be getting stuff done just by thinking about it.:-)
For CAD, web browsing, graphics, modelling, etc, mice are great. For text-centric tasks like writing (code or natural language) or even navigating dialog boxes, why take a hand off the keyboard, find the mouse, drag it, click it, and find how row again, when you can just press a key or two?
But the real question is: how would want to 'configure' their toasters using a GUI?"
The real question is now how, but who.:-)
It's funny though, I went toaster shopping the other day and found an interesting new (new to me...) trend: cancel buttons. No shit. Like lifting the lever to get the toast out early would be quaint.
I'm gonna write 'ESC' on my toaster's cancel button. Much cooler.
Seems to me that they are killing themselves with bad public relations...
You are speaking, of course, about the dorks who launched that DoS attack, thus ensuring that anyone not already familiar with RIAA sees this as a case of a legitimate professional organization persecuted by teenargers who would rather take out their frustrations on the internet than pay for their CDs.
"We need to remember that there is a big difference between being pro-business and being pro-marketplace. Capitalism is all about marketplaces. Capitalism fails if we try to preserve a given business model."
Darwin2k is cool, thanks for the pointer. I've tinkering with some GA stuff lately, but with the weather being so nice these days I'm not getting things done at the rate I was during the winter... I'm hoping to get GA-based motion control working in the next couple months, but only time will tell.
Anyhow, back to the topic at hand....
NAT could definitely muddle the results a bit, but I doubt it would make a huge difference. For a CR-infected box behind a NAT box, one of two things is probably true: either the NAT box forwards incoming port 80 connections to the IIS box (in which case you get "Server: Microsoft-IIS/X.X" in the http response headers), or the NAT box handles port 80 itself.
IIS boxes doing intranet duty behind a NAT firewall that runs Apache could appear as Apache boxes to the outside world, but those IIS boxes are only going to get CRed if attacked by another CR-infected box behind that firewall. I'm sure that probably happens now and then, but I doubt that particular scenario accounts for any significant percentage of the CR attacks we're all logging.
Then again, maybe it's foolish to assume that mostly running IIS as an intranet server behind a NAT box that runs Apache, has also taken steps to prevent the rest of their IIS boxes from getting CRed. But still, even just running IIS behind a NAT box that runs Apache seems like relatively unusual scenario. What percentage of companies out there are smart enough to relegate IIS to intranet duty while running Apache on their public web server?:-)
I got curious about the default.ida hits I was getting my web server one day, so I took a look at the systems at a bunch of the IP address the attacks were coming from. I found mostly unix systems, a couple I couldn't ID (not that I tried much beyond telnetting to ports 25 and 80), and only a couple of Microsoft systems.
This was not an exhaustive search, nor a statistically significant sample group, and dynamic IP allocation muddled the results a bit, but it was enough to make me wonder. How many of the 'code red attacks' these days are really script kitties with unix boxes? My guess is they account for most of them.
Has anyone looked into this for more than the 15-20 minutes I put into it?
I used to play with Lego stuff all the time, but was never satisfied with the motorization. So, I wrote some software that basically lets me make simulations of the ideas I couldn't quite build with Lego. There's a link in my signature...
I'm converted to a whitelist solution as well, and there's no way I'm going back. I wrote a procmail-based whitelist but if I was to do it again I'd probably use TMDA or ASK.
It's nice to not have to filter out spam manually anymore. It's so nice I don't even care about the few people who can't figure out how to get through the whitelist confirmation.
I dunno, but it seems plausible to me. Commercial jet travel is pretty safe. General aviation (little Cessnas) are not so safe. Skydiver planes have a reputation for being the duct-tape-bound VW bugs of the general aviation realm.
Does insulting this guy make you feel better about the fact that the biggest risk you've taken this year was running a yellow light? Are you just bitter because if he pulls it off you'll really look like a couch potato?
Everyone's gonna die someday. Not everyone is gonna really experience life.
I think the worst-case scenario would be considered "death by misadventure" by the law and by his insurer.
I wonder if he's planning on any unmanned missions before he climbs in for a ride. I sure would. If you want to do something right the first time, do it a few times and hide your previous attempts.:-)
I bought my last machine through www.micropro.com. They let you pick all the parts, they build and test, and their prices are pretty reasonable. I'm not sure I would have saved anything buying from mulitple vendors, after the shipping was factored it. I definitely saved myself some time letting them build it.
What surprises me is that the 'exploit' is so pathetic. There's really no need for a pre-existing helper app.
Knocking over MySpiffImageViewer.exe with malformed data that leads to a buffer overflow is not so different from knocking over sendmail or named with malformed data and a buffer overflow. The key difference is that you need to push the JPEG to the victim, and trick them into opening the file, whereas mail and DNS servers sit there waiting for data. Once you get someone else's machine to process your data, a buffer overflow is a buffer overflow, and if you can execute arbitrary code, the machine is yours.
Sendmail et al may run as root, but on a Windows box, everything has 'root' privileges so the possiblities are not so different.
I could say that a friend and I once sold a 3.5" floppy disk for about $1535... but that would be silly. You could also say that we sold a screen saver, and that would almost be reasonable... But what we really sold was ~40 hours of development time. We did meet our client at a restaurant to hand over the disk for a check and a couple plates of pasta, but the "$1500 floppy" analysis is pretty short-sighted.
How many hours did it take to build up the Everquest character? How much did the create pay to play Everquest during the development period? Subtract the EQ bills from the sale price, then divide by the number of hours, and you get an hourly rate for Everquest character development services. I wonder what it works out to?
Windows was an XWindows clone, Direct3D was an OpenGL clone (or should I say a series of clones), and IE was Mosaic clone. Apache has been around since 1995 or so. When was IIS first released?
Next I suppose you'll ask us to believe that Microsoft invented C, and all those other compilers are just rip-offs?
Your "Mozilla" thing is pretty damn funny, given how long IE has been announcing itself as Mozilla (or "Mozilla (compatible)") in the HTTP_USER_AGENT string.
there is a deterrent to contributing to OSS projects, as you say, with the knowledge that your software will be subverted in this way.
What? Do you figure it took this event (and this long) for open source coders to notice the "charge a fee" clause in section 1 of the GPL?
You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
I'll admit I've never contributed something to a Linux distribution, and I've only released one small GPLed project, but still... I don't think the rest of the GPL-lovin' Linux-buildin' community is anywhere near stupid enough to be surprised by UnitedLinux.
UnitedLinux isn't subverting GPLed software in any way. They're supporting some pre-existing standards, and they're selling some non-GPLed tools that (they hope) will make Linux easier for their corporate customers to use. When those customers buy that non-GPLed code, they will also get copies of a bunch of GPLed code (with source of course). Where's the subversion?
Releasing code under the GPL still means what it always has - it means that other people can take your code and do whatever they want with it, so long as they include the source if/when they distribute it. Again, where's the subversion?
I would refuse to allow my work to be included, but I licensed it under the GPL, so I can't.
That should be scored 'insightful,' not just 'funny.'
GPL and per-seat-licensing (PSL?) are mutually exclusive concepts. If code is released under the GPL, it cannot be PSLed except by violating the GPL. If code is released under the GPL, you cannot stop anyone from doing whatever the hell they want with that code, as long as they provide the source which makes PSLing a joke. "OK, here's the software, please pay us $X per seat. Oh, and here's the source and a copy of the license for the source, which clearly states that you can make as many copies as you wish, for free. But please pay us anyway. Thanks."
The United Linux people are free to choose the terms under which they write the software that they create. Since they're using PSL, it's clear that United Linux includes proprietary code.
The bottom line here is that RMS wishes UL didn't include proprietary code. This is not news. His message is directed at the UnitedLinux people, particularly the UL employees who write that proprietary code, and he is asking them to use the GPL. This is not news.
File-based mail storage makes sense on a resource-constrained device, but on a machine with enough CPU and disk to run an RDBMS, the database would be a better plan for many reasons, not least of which is that database developers have already spent countless hours producing efficient storage and retrieval systems so that you won't have to.
Given a schema, it should be pretty straightforward to write an SMTP server to put messages in, and POP3/IMAP/HTTP+CGI servers to pull messages out.
If anyone knows of any existing open-source RDBMS-centric mail systems, I'd love to know where to learn more about them.
Slashdot Mirror
Get-rich-quick scammers are eager to believe that they can make money by spamming - hence the preponderance of spam from such scammers. These scammers, being suckers themselves, are born every minute. Thus, even though everyone ALREADY follows your "advice," the professional spammers are still with us, and will continue to be with us for a very long time.
I am allowed to say "Buy my artwork." I'm allowed to put that on a web site, tell it to my friends, tell it to random passersby on the street, say it in an on the radio or on TV, etc, etc.
But I'm not allowed to say it while standing on your own at 3am with a bullhorn aimed at your window, nor am I allowed to erect billboards wherever I please to get the message across, nor am I allowed to say it in an email message sent to complete stranger, unless I follow the requirements set forth in the laws of Utah, Ohio, Washington, and other states with laws that regulate this sort of thing.
It's not about free speech. It doesn't run afoul of the first amendment, for the same reason that laws about disturbing the peace do not run afoul of the first amendment. Everyone is still free to say whatever they please - they're just not free to use other peoples' resources to say it.
Then the trick is to show that the business being advertised actually paid for the spamming, and than they weren't framed. You can expect them to deny it.
Unless you're doing work that's inherently two- or three-dimensional (or higher?), the mouse is just a way to get a 'hands on' feel at the expense of actually getting things done. Keystrokes give instant gratification, mouse gestures are tedious.
Those little underscores in the menu items are your friend, as is tab, alt-tab, and all those other magical hotkeys... lots of them are shown in the menus, pay attention to them and you'll be getting stuff done just by thinking about it. :-)
For CAD, web browsing, graphics, modelling, etc, mice are great. For text-centric tasks like writing (code or natural language) or even navigating dialog boxes, why take a hand off the keyboard, find the mouse, drag it, click it, and find how row again, when you can just press a key or two?
Mice are highly overrated and highly overused.
The real question is now how, but who. :-)
It's funny though, I went toaster shopping the other day and found an interesting new (new to me...) trend: cancel buttons. No shit. Like lifting the lever to get the toast out early would be quaint.
I'm gonna write 'ESC' on my toaster's cancel button. Much cooler.
You are speaking, of course, about the dorks who launched that DoS attack, thus ensuring that anyone not already familiar with RIAA sees this as a case of a legitimate professional organization persecuted by teenargers who would rather take out their frustrations on the internet than pay for their CDs.
- Bob Frankston
Anyhow, back to the topic at hand....
NAT could definitely muddle the results a bit, but I doubt it would make a huge difference. For a CR-infected box behind a NAT box, one of two things is probably true: either the NAT box forwards incoming port 80 connections to the IIS box (in which case you get "Server: Microsoft-IIS/X.X" in the http response headers), or the NAT box handles port 80 itself.
IIS boxes doing intranet duty behind a NAT firewall that runs Apache could appear as Apache boxes to the outside world, but those IIS boxes are only going to get CRed if attacked by another CR-infected box behind that firewall. I'm sure that probably happens now and then, but I doubt that particular scenario accounts for any significant percentage of the CR attacks we're all logging.
Then again, maybe it's foolish to assume that mostly running IIS as an intranet server behind a NAT box that runs Apache, has also taken steps to prevent the rest of their IIS boxes from getting CRed. But still, even just running IIS behind a NAT box that runs Apache seems like relatively unusual scenario. What percentage of companies out there are smart enough to relegate IIS to intranet duty while running Apache on their public web server? :-)
This was not an exhaustive search, nor a statistically significant sample group, and dynamic IP allocation muddled the results a bit, but it was enough to make me wonder. How many of the 'code red attacks' these days are really script kitties with unix boxes? My guess is they account for most of them.
Has anyone looked into this for more than the 15-20 minutes I put into it?
I used to play with Lego stuff all the time, but was never satisfied with the motorization. So, I wrote some software that basically lets me make simulations of the ideas I couldn't quite build with Lego. There's a link in my signature...
It's nice to not have to filter out spam manually anymore. It's so nice I don't even care about the few people who can't figure out how to get through the whitelist confirmation.
I dunno, but it seems plausible to me. Commercial jet travel is pretty safe. General aviation (little Cessnas) are not so safe. Skydiver planes have a reputation for being the duct-tape-bound VW bugs of the general aviation realm.
Everyone's gonna die someday. Not everyone is gonna really experience life.
I wonder if he's planning on any unmanned missions before he climbs in for a ride. I sure would. If you want to do something right the first time, do it a few times and hide your previous attempts. :-)
YMMV, but I have no regrets.
What surprises me is that the 'exploit' is so pathetic. There's really no need for a pre-existing helper app.
Knocking over MySpiffImageViewer.exe with malformed data that leads to a buffer overflow is not so different from knocking over sendmail or named with malformed data and a buffer overflow. The key difference is that you need to push the JPEG to the victim, and trick them into opening the file, whereas mail and DNS servers sit there waiting for data. Once you get someone else's machine to process your data, a buffer overflow is a buffer overflow, and if you can execute arbitrary code, the machine is yours.
Sendmail et al may run as root, but on a Windows box, everything has 'root' privileges so the possiblities are not so different.
I could say that a friend and I once sold a 3.5" floppy disk for about $1535... but that would be silly. You could also say that we sold a screen saver, and that would almost be reasonable... But what we really sold was ~40 hours of development time. We did meet our client at a restaurant to hand over the disk for a check and a couple plates of pasta, but the "$1500 floppy" analysis is pretty short-sighted.
How many hours did it take to build up the Everquest character? How much did the create pay to play Everquest during the development period? Subtract the EQ bills from the sale price, then divide by the number of hours, and you get an hourly rate for Everquest character development services. I wonder what it works out to?
Me: "How many pairs of shoes do you have? Pants? Shirts? Dresses? Underwear? Rings? Bracelets? Earrings? Neckla..."
Her: "Stop. I get it"
Me: "Cool. Could you hold this for a second?"
Next I suppose you'll ask us to believe that Microsoft invented C, and all those other compilers are just rip-offs?
Your "Mozilla" thing is pretty damn funny, given how long IE has been announcing itself as Mozilla (or "Mozilla (compatible)") in the HTTP_USER_AGENT string.
What? Do you figure it took this event (and this long) for open source coders to notice the "charge a fee" clause in section 1 of the GPL?
You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.
I'll admit I've never contributed something to a Linux distribution, and I've only released one small GPLed project, but still... I don't think the rest of the GPL-lovin' Linux-buildin' community is anywhere near stupid enough to be surprised by UnitedLinux.
UnitedLinux isn't subverting GPLed software in any way. They're supporting some pre-existing standards, and they're selling some non-GPLed tools that (they hope) will make Linux easier for their corporate customers to use. When those customers buy that non-GPLed code, they will also get copies of a bunch of GPLed code (with source of course). Where's the subversion?
Releasing code under the GPL still means what it always has - it means that other people can take your code and do whatever they want with it, so long as they include the source if/when they distribute it. Again, where's the subversion?
How come the 'ideal' home directory is a file?
Somebody mod that up.
That should be scored 'insightful,' not just 'funny.'
GPL and per-seat-licensing (PSL?) are mutually exclusive concepts. If code is released under the GPL, it cannot be PSLed except by violating the GPL. If code is released under the GPL, you cannot stop anyone from doing whatever the hell they want with that code, as long as they provide the source which makes PSLing a joke. "OK, here's the software, please pay us $X per seat. Oh, and here's the source and a copy of the license for the source, which clearly states that you can make as many copies as you wish, for free. But please pay us anyway. Thanks."
The United Linux people are free to choose the terms under which they write the software that they create. Since they're using PSL, it's clear that United Linux includes proprietary code.
The bottom line here is that RMS wishes UL didn't include proprietary code. This is not news. His message is directed at the UnitedLinux people, particularly the UL employees who write that proprietary code, and he is asking them to use the GPL. This is not news.
Where's the news?
File-based mail storage makes sense on a resource-constrained device, but on a machine with enough CPU and disk to run an RDBMS, the database would be a better plan for many reasons, not least of which is that database developers have already spent countless hours producing efficient storage and retrieval systems so that you won't have to.
Given a schema, it should be pretty straightforward to write an SMTP server to put messages in, and POP3/IMAP/HTTP+CGI servers to pull messages out.
If anyone knows of any existing open-source RDBMS-centric mail systems, I'd love to know where to learn more about them.
Hand on the mouse... Yeah, right.