Some 85% of what DHS considers "critical infrastructure" in the US is owned by the private sector. Are you suggesting that the government take that over?
Are you suggesting that belief in the force of gravity and belief in invisible pink unicorns are both deserving of the same amount of respect?
I make no comment on any particular belief. I could probably point out many "facts" that were once nothing more than theories, and many more current theories that are accepted as fact.
I am merely suggesting that ridiculing those who have different belief systems is wrong, immature and rude... none of which do much to promote your cause - unless your cause is to expand the vitriol, in which case, carry on.
We are going to run out of fossil fuel, within a single-digit number of generations. Are you happy now?
He asked for source & cite... you respond with a non-specific, unbacked assertion. Can't speak to his personal emotional condition, but I'm less than thrilled.
This clearly puts the problem into the "Uh, guys, we should start planning for this now..." category, regardless of whether we're going to run out in 5 years, 50 or 500.
For the sake of continuing this, and letting the above arm-waving slide, there is a huge difference in priority between a 5-year problem and a 500-year problem. To wit: if it's a 5-year problem, we're screwed, because governments can't get the effin' Environmental Impact Report done in that stretch of time. That said, if it's a 500 year problem, I'd say the wide variety of basic research right now is quite a good thing. You see, having all this basic research on a wide variety of topics (TDP, this, improved solar, hydrogen, fusion, fission) is, IMHO, a far better thing than a "movement" mandated selection of a single option. It lets the various options play out against each other, and avoids putting all our hopes on a single unknown. Anyone remember how MTBE was going to save California? Oops.
If it won't affect us, it will affect our children, or our children's children, or our children's children's children. Do you really want to saddle them with such a horrid situation as a sudden return to quasi-Medieval technology due to a virtually complete lack of power?
Sure, I'll be dead. Who cares?
Oh, wait, was that a serious question? 'Cos if so, the only thing I can say is "quasi-Medieval?" Get real. So wind, hydroelectric, solar, nuclear, hell, steam will all have gone where, exactly? And all human ability to run transport on anything but petrol is suddenly what... forgotten? Forbidden? Well crap. I live 30+ miles from work, so I'd best start walking now.
-ZK, who happily can say he's not any sort of *-winger, but is in fact, a moderate who believes in market forces and his Gas/Electric Hybrid Civic (not green, just cheap! and the dash is cool too!)
If you're fortunate enough to have TWO people you trust (or almost trust), you might devise some sort of digital equivalent (this IS Slashdot, right?) of the old "2 halves of a dollar bill" key used in the movies. It would seem like a variant of the RSA scheme would work nicely. Maybe a large number that is the product of two (or as many trusted folk as you have) large primes could be the key to your digital castle...
It's called key splitting or secret sharing. See Schneier, etc etc.
But a motorcycle's front wheel is free-rolling, and the cycle has a lower center of gravity.
True, but a motorcycle has something like 85% of it's braking in the front wheel. Grip the rear brake too hard, you fish a little bit. Grip the front brake too hard, you stand on your nose... It's an... interesting... experience.
Dunno where you got that from. I'm more than willing to actively do things about this (besides posting on/.;). I have examined many counter-measures and I use quite a few of them. Many counter-measures mitigate the effects of spam; none of them are a solution.
I'm beginning to think I might be troll-bait.
I suggested that a partial solution was better than none, where you seem to see anything less than a complete and perfect solution as no solution. You're response as to your willingness to do something doesn't really address that.
explain to me how you get every SMTP server in the world to implement. How about 90% of them? How about 50%? How about anything more than a tiny fraction of a percent?
The same way you get anything new adopted. First you release it as a patch to a few common MTA's. This allows those interested to apply said patches and show proof of concept (or proof of failure, if you choose).
Next you get it standardized. Depending upon the popularity of the first step, this may or may not be challenging... or even necessary.
Next, you talk to developers of other MTA's (or active, interested 3rd parties) and encourage or help them to put support into those MTA's as well.
If the idea is a good one, then eventually (like ESMTP), it will be included in the majority of shipping MTA's... and as the world upgrades to those versions...
In short, the way that most things get done.
Reducing the audience is vastly different than reducing use of bandwidth.
Oh? That sounds like something that could be solved during the research and design phase... for example, if the average spam to / through my user base causes 20K of bandwidth to my server, and I put the challenge / response before accepting the address list or data, and the c/r is 2K in total bandwidth, then I've just reduced the bandwidth by 90%.
In the spirit of full disclosure, I'll acknowledge that this is the point where you should say "but the spammer doesn't use a c/r compliant MTA, and thus you save nothing." However, the transition to or support of c/r doesn't preclude the use of other systems as backups during the transition period. Two such systems which immediately come to mind are whitelists and alternate challenge / response systems that require sender intervention.
When I talk about "contributing to the problem" I mean that half-arsed measures that merely prevent a few people *seeing* the spam is actually an encouragement for spammers to increase the amount they send. Some people say we're already seeing that, but I have no concrete evidence to support that.
You seem a rational person. But rephrasing your contention without providing evidence for it -- and then in the next sentence explicitly stating that you have no concrete evidence to support it -- really doesn't help to convince me.
Yes spam has increased in the last nine months. Can you correlate this (or some percentage of it) to anti-spam measures?
I view the problem as "spam." When I'm feeling more cranky than usual I view the problem as "number of useless bits taking up my WAN bandwidth."
If a solution prevents those bits from reaching my system (and therefore using up my pipe), the situation is improved as compared to the status quo.
Regarding your latest comments:
A "solution" to me is one that makes spammers stop sending.
We agree on this. I'm simply willing to reach that goal in more than one step. You don't seem to be.
... a proposal that shaves a few percent off the spammers' audience (and client-side too, mind, not even at the SMTP level) is no solution at all...
1) Explain why e-postage cannot be added to the MTA. (I'll save us a back-n-forth: ESMTP wasn't part of SMTP either; connection is left as an exercise to the reader)
2) Explain how something that reduces spammer's audience / reduces use of my bandwidth is "no solution at all."
...may even contribute to the escalation of the problem.
Do you have some basis for this, or is it just a strawman argument?
You are seeking a 100% solution. This is noble. However, refusing a n% solution (n < 100) simply because it is not a 100% solution is not noble, but silly. Rome wasn't built in a day.
That said, I abhor the idea of e-postage, and far prefer the "compute this problem" approach.
ANY branch of the physical sciences can only speak within the realm of their experience and available data.
Thank you, my point exactly.
To expect otherwise is to expect them to be psychic. The alternative is for them to say nothing until another 6 billion years pass, and even then, it won't be the same as the first 6 billion years(unless you believe in some kind of stagnant universe theory).
An interesting thought, but not at all my point.
People who can't take what scientists say within the reality from which they speak, ought to simply not read what scientists have to say instead of mocking them and their obsevations.
If you feel I was mocking the scientific method and those who practice it, I apologize for not being more clear. I wasn't. I was mocking those who feel that with a sample of less than %0.000002, they can predict what will happen over the next 6 billion years.
... seriously. SCO is planning to argue that copyright law supercedes the GPL, which is essentially a contract, if I understand this correctly (a license being a contract between the licensor and the licensee, yes?)... so if SCO wins, couldn't it be argued that the ownership of recordings will revert from the labels back to the artists?
True. I actually feel strongly that reporters have far more effective power and control over our society than any number of police would
Cops have to look for evidence. We simply report what other people say or do ("say", being the appropiate word in these stories).
The particular example I choose to state our apparently mutual peeve is just that -- an example. The point I was making was simply that how something is reported can be (and often is) as important as what is reported. As I'm sure you know.
You'd be surprised how little this whole SCO thing sells to the mainstream public. Most readers are not computer experts and have no idea who Bruce Perens or what SCO is.
Oh, I know. I'm a news junkie; I read many, many, many news sources daily. I don't think I've seen more than a blip about SCO in the mainstream, overall. That comment about selling advertising was solely a comment on the larger issue, and had nothing to do with the particular players or events of the SCO case. My apologies for not being clear.... Need... more... caffeine.
I'm a journalist and an open source advocate. And I hate SCO as much as the next slashdotter. But, at the same time, if I were to write a story about this affair I'd also have to listen to SCOs allegations and try to represent them to the best of my ability.
Journalists shouldn't make moral judgements. We should just report the facts and let you make the judgements.
This is the kind of thing that drives me nuts. SCO hasn't presented any facts, only unsubstantiated allegations. Reporting them without pointing that out is biased. The allegations in themselves are only factual in the sense of "it is a fact that SCO made an allegation."
Sadly, that doesn't sell newspapers or advertising space.
BTW: Nothing personal to you at all; you just presented the peeve in a nicely answerable form.
the same type of people who try to get there deposit back on the van they blew up?
So think about it for a minute -- what would it look like if they hadn't tried to get it back?
Trying to get the deposit back, claiming the van was stolen, etc may be ballsy, but it isn't necessarily stupid. To do otherwise would practically be admitting guilt.
As I remember it there's no constitutional guarantee of anonymity, why people keep assuming that if they're on the net they're entitled to that right I don't know.
The short answer is "History and Case Law." But don't take my word for it... peruse some of the info on the following page(s).
One of us isn't communicating here... why do you continue to insist on focusing on the user/Ubi relationship here? I only raised it to make plain that no matter how many times you disparaged the nature of the service sold, it's still a commercial transaction... and I only brought that up to illustrate why I felt you were wrong in advocating that the gaming nature of the service somehow lessened the legal impact of the attack itself.
So. For the moment, if you please: rather than looking exclusively at the service / user issues, would you explain what, if any, you feel to be the liabilities of the perpetrators of the system attacks? I feel they should be punished as any other who attacks a network service.
Are lives at stake? No, I acknowledge that. But then, to leverage your example, lives aren't usually at stake if a credit card is cracked, either.
Finally, though I hesitate to answer in this message for fear that you'll ignore the above...
Should Ubisoft's investigation show negligence, then the right thing for them to do would be to offer credit for lost time to the affected users. They've already announced they would restore the game data back to the last backup (10pm yesterday), which I think is a good start -- from both the users' perspective as well as Ubi's perspective (after all, that minimizes the "lost man-hours", neh?).
Slashdot Mirror
Some 85% of what DHS considers "critical infrastructure" in the US is owned by the private sector. Are you suggesting that the government take that over?
They're not going anywhere. And oh, by the way, didn't see the words "swan song" anywhere in the article. Teaser's probably a bash.
-ZK
link
-ZK
I make no comment on any particular belief. I could probably point out many "facts" that were once nothing more than theories, and many more current theories that are accepted as fact.
I am merely suggesting that ridiculing those who have different belief systems is wrong, immature and rude... none of which do much to promote your cause - unless your cause is to expand the vitriol, in which case, carry on.
-ZK
Grow up.
-ZK
Pity there's no +1 Roger Waters Reference...
-ZK
He asked for source & cite... you respond with a non-specific, unbacked assertion. Can't speak to his personal emotional condition, but I'm less than thrilled.
This clearly puts the problem into the "Uh, guys, we should start planning for this now..." category, regardless of whether we're going to run out in 5 years, 50 or 500.
For the sake of continuing this, and letting the above arm-waving slide, there is a huge difference in priority between a 5-year problem and a 500-year problem. To wit: if it's a 5-year problem, we're screwed, because governments can't get the effin' Environmental Impact Report done in that stretch of time. That said, if it's a 500 year problem, I'd say the wide variety of basic research right now is quite a good thing. You see, having all this basic research on a wide variety of topics (TDP, this, improved solar, hydrogen, fusion, fission) is, IMHO, a far better thing than a "movement" mandated selection of a single option. It lets the various options play out against each other, and avoids putting all our hopes on a single unknown. Anyone remember how MTBE was going to save California? Oops.
If it won't affect us, it will affect our children, or our children's children, or our children's children's children. Do you really want to saddle them with such a horrid situation as a sudden return to quasi-Medieval technology due to a virtually complete lack of power?
Sure, I'll be dead. Who cares?
Oh, wait, was that a serious question? 'Cos if so, the only thing I can say is "quasi-Medieval?" Get real. So wind, hydroelectric, solar, nuclear, hell, steam will all have gone where, exactly? And all human ability to run transport on anything but petrol is suddenly what... forgotten? Forbidden? Well crap. I live 30+ miles from work, so I'd best start walking now.
-ZK, who happily can say he's not any sort of *-winger, but is in fact, a moderate who believes in market forces and his Gas/Electric Hybrid Civic (not green, just cheap! and the dash is cool too!)
It's called key splitting or secret sharing. See Schneier, etc etc.
-ZK
True, but a motorcycle has something like 85% of it's braking in the front wheel. Grip the rear brake too hard, you fish a little bit. Grip the front brake too hard, you stand on your nose... It's an ... interesting... experience.
-ZK
I guess I'm just old... didn't USL attempt this "viral" trick in the UCB case? The whole "if you've seen any Unix code you're contaminated" thing?
-ZK
Sweet, the above rule means I can connect to any tcp port I like, so long as I establish the connection from my own port 25 ...
Yep... now if only it wasn't commented out...
-ZK
I'm beginning to think I might be troll-bait.
I suggested that a partial solution was better than none, where you seem to see anything less than a complete and perfect solution as no solution. You're response as to your willingness to do something doesn't really address that.
explain to me how you get every SMTP server in the world to implement. How about 90% of them? How about 50%? How about anything more than a tiny fraction of a percent?
The same way you get anything new adopted. First you release it as a patch to a few common MTA's. This allows those interested to apply said patches and show proof of concept (or proof of failure, if you choose).
Next you get it standardized. Depending upon the popularity of the first step, this may or may not be challenging... or even necessary.
Next, you talk to developers of other MTA's (or active, interested 3rd parties) and encourage or help them to put support into those MTA's as well.
If the idea is a good one, then eventually (like ESMTP), it will be included in the majority of shipping MTA's... and as the world upgrades to those versions...
In short, the way that most things get done.
Reducing the audience is vastly different than reducing use of bandwidth.
Oh? That sounds like something that could be solved during the research and design phase... for example, if the average spam to / through my user base causes 20K of bandwidth to my server, and I put the challenge / response before accepting the address list or data, and the c/r is 2K in total bandwidth, then I've just reduced the bandwidth by 90%.
In the spirit of full disclosure, I'll acknowledge that this is the point where you should say "but the spammer doesn't use a c/r compliant MTA, and thus you save nothing." However, the transition to or support of c/r doesn't preclude the use of other systems as backups during the transition period. Two such systems which immediately come to mind are whitelists and alternate challenge / response systems that require sender intervention.
When I talk about "contributing to the problem" I mean that half-arsed measures that merely prevent a few people *seeing* the spam is actually an encouragement for spammers to increase the amount they send. Some people say we're already seeing that, but I have no concrete evidence to support that.
You seem a rational person. But rephrasing your contention without providing evidence for it -- and then in the next sentence explicitly stating that you have no concrete evidence to support it -- really doesn't help to convince me.
Yes spam has increased in the last nine months. Can you correlate this (or some percentage of it) to anti-spam measures?
Not sure why I'm bothering any longer...
-ZK
If a solution prevents those bits from reaching my system (and therefore using up my pipe), the situation is improved as compared to the status quo.
Regarding your latest comments:
A "solution" to me is one that makes spammers stop sending.
We agree on this. I'm simply willing to reach that goal in more than one step. You don't seem to be.
1) Explain why e-postage cannot be added to the MTA. (I'll save us a back-n-forth: ESMTP wasn't part of SMTP either; connection is left as an exercise to the reader)
2) Explain how something that reduces spammer's audience / reduces use of my bandwidth is "no solution at all."
Do you have some basis for this, or is it just a strawman argument?
-ZK
That said, I abhor the idea of e-postage, and far prefer the "compute this problem" approach.
-ZK
True, but they had patrons.
-ZK
Thank you, my point exactly.
To expect otherwise is to expect them to be psychic. The alternative is for them to say nothing until another 6 billion years pass, and even then, it won't be the same as the first 6 billion years(unless you believe in some kind of stagnant universe theory).
An interesting thought, but not at all my point.
People who can't take what scientists say within the reality from which they speak, ought to simply not read what scientists have to say instead of mocking them and their obsevations.
If you feel I was mocking the scientific method and those who practice it, I apologize for not being more clear. I wasn't. I was mocking those who feel that with a sample of less than %0.000002, they can predict what will happen over the next 6 billion years.
-ZK
Sheesh. There's a reason the saying goes "lies, damned lies, and statistics."
-ZK
--ZK
True. I actually feel strongly that reporters have far more effective power and control over our society than any number of police would
Cops have to look for evidence. We simply report what other people say or do ("say", being the appropiate word in these stories).
The particular example I choose to state our apparently mutual peeve is just that -- an example. The point I was making was simply that how something is reported can be (and often is) as important as what is reported. As I'm sure you know.
You'd be surprised how little this whole SCO thing sells to the mainstream public. Most readers are not computer experts and have no idea who Bruce Perens or what SCO is.
Oh, I know. I'm a news junkie; I read many, many, many news sources daily. I don't think I've seen more than a blip about SCO in the mainstream, overall. That comment about selling advertising was solely a comment on the larger issue, and had nothing to do with the particular players or events of the SCO case. My apologies for not being clear. ... Need... more... caffeine.
--ZK
This is the kind of thing that drives me nuts. SCO hasn't presented any facts, only unsubstantiated allegations. Reporting them without pointing that out is biased. The allegations in themselves are only factual in the sense of "it is a fact that SCO made an allegation."
Sadly, that doesn't sell newspapers or advertising space.
BTW: Nothing personal to you at all; you just presented the peeve in a nicely answerable form.
-ZK
Try traceroute.
-ZK
So think about it for a minute -- what would it look like if they hadn't tried to get it back?
Trying to get the deposit back, claiming the van was stolen, etc may be ballsy, but it isn't necessarily stupid. To do otherwise would practically be admitting guilt.
-ZK
Nothing's wrong with it, so long as you get on the phone or similar and confirm the validity of the key's fingerprint.
-ZK
The short answer is "History and Case Law." But don't take my word for it... peruse some of the info on the following page(s).
CyberSpace Law Center
-ZK
So. For the moment, if you please: rather than looking exclusively at the service / user issues, would you explain what, if any, you feel to be the liabilities of the perpetrators of the system attacks? I feel they should be punished as any other who attacks a network service.
Are lives at stake? No, I acknowledge that. But then, to leverage your example, lives aren't usually at stake if a credit card is cracked, either.
Finally, though I hesitate to answer in this message for fear that you'll ignore the above...
Should Ubisoft's investigation show negligence, then the right thing for them to do would be to offer credit for lost time to the affected users. They've already announced they would restore the game data back to the last backup (10pm yesterday), which I think is a good start -- from both the users' perspective as well as Ubi's perspective (after all, that minimizes the "lost man-hours", neh?).
-ZK