They are typically sold, but not for very *much* profit, for two reasons. First, they have to compete with non-recycled paper, which is at least as cheap to manufacture as recycled paper. (This is very different from glass or aluminum, which are cheaper to make from the recyclables than from raw materials.) Second, recycled paper is not usable for all purposes, so the demand is limited; at some times and in some places, the supply has exceeded the demand to such an extent that recycled paper *has* been thrown into a landfill. Although that isn't what usually happens, it does drive down the prices of recycled paper.
Now, you might think otherwise if you try to buy (say) stationery made from recycled paper and find out that it costs more than the non-recycled variety, but that's the ecconomy of scale talking (same reason a VT510 (dumb terminal) costs more than a cheap PC).
There's very little money in recycled paper. If your recycle place pays you for your recyclable paper, it's probably subsidized. This is not true of certain other recyclable materials (notably glass and certain metals).
Finally, this is the situation in the US, but the ecconomics may[1] be somewhat different in nations with significantly less land per capita (I'm thinking of Japan especially -- lots of people using lots of paper, not much land), because of the higher cost of maintaining the forests where the pulpwood is grown, if it is significantly more expensive to own land. I'm also not sure about the ecconomics of importing the pulpwood (or the paper).
[1] or may not; I don't know for sure.
Re:does this really require a readme.txt??
on
How to Become A Spammer
·
· Score: 2, Insightful
Defeating naive bayesian filtering is easy: weight the message with N random words from a dictionary file, where N is calculated to be sufficiently large that it will surely contain at least half as many squeaky clean words as the number of "most interesting" tokens the filter considers. Further note that these words do not have to get in the way of the message: they can be stuck anyplace the filter will see them, even if the user will probably not see them there. (Think: X-Die-Filter-Die headers, sig blocks, MIME separators, HTML comments, to the right of a hundred spaces, and so on and so forth.)
Of course, we can make bayesian filters less naive by having them consider context of tokens, but that consumes more system resources, and then the spammers can drag out the Markov chains. And we know there are miscreants who know how to write Markov chain generators, because hipcrime has been using them for years to get past the net.admin.net-abuse.* robocancel-moderation and pull assorted maladjusted and juvenile stunts. And detecting Markov chains is probably AI complete, or at least significantly difficult.
Regardless of what the spammers do, bayesian filters (if made less naive than the current ones) can *probably* continue to work when trained on a large bulk of well-sorted mail from a single user's account and used to sort that same user's mail, but I don't think they will ever be a hassle-free drop-in solution for the masses. Without good data on the nature of a specific user's mail (i.e., data the spammers (hopefully) don't have), they're too easy to defeat. Markov chains are not even especially new technology, and while the idea is clever, much more advanced autogeneration is possible... *generating* human language text is *way* easier than parsing it, which makes the filtering game ultimately a losing battle for mail clients -- unless intelligent user input (selection) goes into training the filter for *each* person's mail, which gives you a leg up on the spammer who doesn't have your data.
> Obtaining a valid list of e-mail addresses is not very easy, > you either need to invest money or you need to figure out how > to harvest e-mails from the web/usenet.
That part's trivial. You'll get 50% invalid addresses, but so what?
Step 3 is easier than you think: at this time, you don't have to fool the filters of the 0.05% who use even moderately complex filters[1]; all you have to do is get past the things that are deployed ISP-wide, like psmtp.com's filtering service. (This is trivial to get past: write three spams at random, and two of them will get past. No cleverness required.)
If you have to get past word blacklists, then you also need to use a thesaurus (or 1337 sp33k), but word blacklists are relatively uncommon, because they get too many false positives. Really, all you have to do is get past the filters that ISPs deploy, not the ones individuals install. Remember, if you have to send twice as many messages to get the same response, it doesn't cost you that much more. (This is what makes spam so problematic. *Almost* makes me want the estamps thing to succeed.)
The hard part is convincing businesses that have money (and are therefore presumably profitable) that they can gain more than they lose by investing in your services. I assume you send all the businesses in the universe adverts for your services and hope 0.001% of them bite. I would like to think that more than 99.9% of them know better, but... I know better. Fortunately each spammer has to compete with all the others for limited business, so the number of spammers who can make money spamming is finite. Praises be.
As for point 4, finding a spam-friendly ISP is a real pain; it's much easier to run port scans and find open relays, then test them to see which ones *don't* do a reverse lookup of your IP.
Then you send to the open relay from a custom MTA that you run on a dynamic IP in such a way that it randomly generates From and Received headers and such for each message, thus making it a real pain for the recipient to track down where the spam *originated*. Finding out where it came from to your ISP is easy, but that's an open relay in the APNIC block whose IP is not reverse-lookupable (virtually *nothing* in APNIC supplies PTR records), and so tracking down the owner of the relay is hard, and they don't speak your language, and they don't give a rodent's posterior about your spam problem. For extra bonus points, get a hosting deal in Asia and run your MTA there, so that tracing you back to your ISP in the US is basically impossible, and if we *do* figure out who runs the MTA in Asia, we'll assume it's an open relay, provided you insert the usual forged Received headers. Yes, I've spent way too much time looking at mail headers.
So in conclusion, the main thing preventing a lot of people such as myself from becomming spammers is that we hate spam. That, and it's so obviously *wrong*.
[1] e.g., people like me, who trained a naive bayesian mail
classification system (ifile) on a collection of tens of
thousands of well-categorised messages in 3 dozen distinct
categories, including several distinct spam categories.
But actually, with a modicum of cleverness, a naive bayesian
system can be easily defeated. As soon as I read how the
algorithm works, I realised inside ten minutes how they can
defeat it. Consequently, they can figure it out too; if
enough people start using such systems they'll do that, and
we'll have to get more clever with our mail classification
systems, taking context into account for tokens, at which
point they'll drag out the Markov chain generators, which
will be *hell* to try to filter against. At that point it
might be easiest to hire somebody in the third world (where
the ecconomy is suc
I prefer odd/even: even numbers to the north and east, odd numbers to the south and west. (Or vice versa; as long as you're consistent, it doesn't matter which way is which.)
Extra bonus points if the first digit of a three-digit house number tells you which cross street it's near. Thus, 318 Eleventh Avenue would be on an Avenue (which means it runs east/west), on the north side of the avenue, somewhere between 3rd Street and 5th Street, probably closer to 3rd Street. Because Eleven is odd, you'd know that the avenue is on the south side of town, and because 3 is odd you'd know that the house is on the west side. 387 Eleventh Avenue would be on the same block but across the avenue (on the south side since 387 is odd) and further west, closer to 5th than to 3rd.
This would take a small amount of getting used to, but after three months you'd be able to go directly to any address, even if you'd never heard of or seen the specific street before.
If you have to put a north-south street in between 3rd Street and 5th Street, you call it 3rd Ct, and if you have to put in an east-west one between Eleventh Avenue and Thirteenth Avenue, you call it Eleventh Alley (or somesuch). Notice that the north-south ones (3rd St, 3rd Ct, 5th St, 5th Ct) use the ordinal notation with digits, and the east-west ones are spelled out, because "Avenue" is longer than "St".
The interesting other option is to use a polar setup, where you state the position along the street first and then the street, as with conventional addresses. So, "I live at 4172 Yards, 245 Degrees" means you live 4172 yards from the center of town along a street that runs straight out of town at that angle; similarly, "I work at 16.8 degrees, 2000 Yards" would mean your job was on one of the concentric-circle streets (which happens to be 2000 Yards from the center of town) and about 16.8 degrees from the due-east street (Which you probably call 360 rather than 0 to avoid freaking out-of-towners who don't want to see a 0 address).
</sane> Or, we could do away with all this "address" nonsense and just use precise latitude and longitude and altitude for everything... Picture UPS man with GPS unit, trying to deliver a package: "these coordinates must be in the basement of that building. Now, where's the door..."
> the airplanes are designed to withstand a lightning strike
Hmmm, yes. I don't think I want to see a HERF designed to give a stronger jolt than lightning, and I'm *certain* I don't want to pay the electric bill.
> > But the firm aims to have memories on the market within a year > A lot shorter than ten years, hopefully. Though I'm skeptical > we'll see them commercially available within a year...
It goes something like this...
May 2004: dev team member admits to management that a little
more tweaking is required, but it should be ready by fall.
Team member who breaks this news to management may or may
not be fired, depending on the weather. Jun 2004: Slashdot runs a story on the delay. Aug 2004: Slashdot runs a story on the delay. Feb 2005: dev team proudly announces to management that it
is now indeed ready for production. Mar 2005: Slashdot runs a story and we all get excited. Apr 2005: plans are laid for actual production, and an assembly
line is booked for starting in August. Slashdot runs a
story on this and we all get excited. Oct 2005: first units ship, in theory, but mere mortals do
not see them. But there's a review, and slashdot posts a
story that links to it and gets us all excited. Nov 2007: first motherboard ships that is compatible with the
memory units. And it's less than a thousand bucks. (Of
course, the memory is much more expensive than that...) Feb 2008: Software vendors start announcing compatibility.
Slashdot runs a story for each of them. Dec 2009: mere mortals can afford it, if they make good money.
There's a review on Ars Technica that explains the theory of
how it works and features benchmark graphs that reveal it
might improve system performance if memory is your bottleneck,
but that you definitely have to consider disk I/O also in the
overall picture. Dec 2011: normal people like you and I can maybe get our hand
on a complete working system for around a thousand bucks. Dec 2012: the next big thing hits, and prices drop. Jun 2013: you can pick up a used system on ebay for $200. May 2015: the stuff's a glut on the market. You try to sell
a complete system on ebay with no reserve and it doesn't
even sell. You end up letting it go for the cost of
shipping so you don't have to worry about recycling it.
Water makes a *great* dust filter. The Rainbow line of vacuum cleaners runs their output through a water pan, and the result is a *lot* less dust (if you sweep at all regularly). Now, those things run a fair penny more than the $500 you were looking at, but you can probably take advantage of the same principle for well under $500. You need two things: a system for rotating the room's air so that any given bit of air makes it to your filter system periodically, and a filter system that takes the air and forces it down into a bucket of water. You do have to change the water, but that's easier and much cheaper than changing a traditional filter. (In theory you could rig something up to automatically change the water, but probably not inside of your $500 budget.) You can tell that stuff is being removed from the air because the water turns black.
On the T1 at work I get 40ms ping times to www.yahoo.com (California) or about 33 to www.bright.net (which is in Ohio, where I am, but on a different network), 18 to Ohio State University. Of course, I get 7ms ping times to anything on OPLIN's network (i.e., any public library in Ohio -- well, the ones that answer pings), but that's not fair, because those pings only go through four or five hops.
The people who claim 5ms ping times are presumably similarly connected: they have the same ISP as the server, or something along those lines.
Now, at home I'm lucky to get 200ms ping times to anything, but that's dialup.
> the guys in the city may be cheap to wire up, but the guys out in > the burbs cost a small fortune(and there's fewer of 'em.)
No, that's just it: there are not fewer of them, or at least not substantially fewer. For every big[1] city, there are several hundred[2] small-to-medium communities. The average population of these small-to-medium communities is around five or ten thousand persons[2] each[3]. Some are larger, some are smaller. Some are near the big cities (suburbs) and many are not. None of them have the impressive numbers of people like the big cities. But when you add them all up, it comes to a lot[2] of people. Then there are the people who live five minutes' drive outside the city limits... a typical non-suburban small community of ten thousand people has a couple thousand[2] more of those people living around it. (This is less a factor for suburbs, because they are mostly surrounded by other municipalities.) And then there are the twenty-some percent[4] of the population who live in rural areas. When we get wired broadband to _them_, we'll have set a new standard for what it means to be a first-world nation. (Currently, mere phone lines to every house will just about satisfy the communications infrastructure requirements.)
Now, some states (California) are more urban, but then some (Indiana) are more rural. Anyway, my point is that we tend to think of "most" people living in the big cities, but while most people do live in a municipality, a great many of them live in ones we would not generally consider to be quite urban.
[1] Say, a million or more. Some people would draw the line
a bit lower, but I had to pick a size to talk about. Is
a city of a hundred thousand people really "urban"? Can
people in cities that size all get cheap broadband?
[2] Statistics courtesy of Jonadab's Flagrant Guesstimation.
[3] It depends what you count. If you count every community with
a name, there are more like a thousand of them per big[1]
city, but it brings the average population way down. If you
only count actual municipalities, there are some n in the low
hundreds per big city, but the population is a bit higher.
[4] Almost one-third in Ohio, which is about average; it's much
higher in some states, and much lower in others. However,
the states with the lower percentages of rural population
have the higher populations, so the overall percentage is
somewhat less than what you get if you average the numbers
from each state.
It's probably pretty easy in a lot of cases to social engineer root access, but you don't do it by calling up the sysadmin.
Most sysadmins are sufficiently paranoid that, if you called them on the phone and asked them for the root password for the server, they'd instantly go on the alert. The extremely paranoid ones would say anything ("Umm, I'm sure I have that written down here somewhere...") to keep you on the line while they pull your number off of caller ID and run it through an online phonebook service (Reference USA or the equivalent) for an address. Then they'd change all the passwords and log all logins for at least a week.
The more confident and/or busy sysadmins would tell you that they can't give out the root password. Very few sysadmins would just give it to you. But there are other ways to get root access...
1. Social engineer the sysadmin's non-IT boss. I suspect this
is probably the easiest way. I know my boss (a librarian,
with roughly no IT background) has all the passwords for
our main server. I don't know how likely she would be to
give them out over the phone, but I know _exactly_ how
likely you would be to get them out of *me* over the phone,
and so she'd be a better bet. (Fortunately, remote login
in our case uses a password rotation, so the regular password
for local access won't work unless you're on-site.)
2. Slip in at night, use physical access to compromise the
sysadmin's workstation (e.g., by booting in single-user
mode), and install a keyboard logger that reports its
results by obscuring them in a way you can easily reverse
and posting them to alt.test or serving them out via http
on some unused port.
3. Get a user password and use a privilege escalation attack.
here
is a screenshot showing the three fonts. The mono font looks
pretty good as boldface in gnome-terminal. I could live with this
as a replacement for Andale Mono. The serif font I basically don't
care about, because I normally have very little use for serif fonts,
but it's certainly better than Times New Roman, albeit arguably not
as nice in some ways as Georgia. Like I said, it's really hard for
me to say, because I'm just not a fan of serifs in general.
The sans font is not as good IMO as Verdana or Adobe helvetica.
First it was Mozilla. Then it was Netscape. Then it was Navigator. Then it was Communicator, which contained Navigator and was produced by Netscape. Then it was Mozilla again. Then it was SeaMonkey. Then it was Mozilla again. Then they decided to split it up into Phoenix, Minotaur, and so forth. Then they renamed them to Firebird, Thunderbird, and who knows what. Now the name Firebird is in dispute... *ENOUGH*. No more name changes. Just call it "the Mozilla.org browser", "the Mozilla.org mailreader", and so on, and that'll be fine.
> Of course a cybercafe may well be a worst-case scenario: all you > need is for all ten clients to leave an animated gif pop-up on > their screen and you have a serious redraw issue.
Configure them to only play through looping animations once. In Mozilla, that's under Edit->Preferences->Privacy&Security->Images
Indeed. If they'd just thrown the information onto usenet in the first place, no lawyer action would have had any effect at all. The problem is, people[1] who find security flaws don't generally *want* to post them to usenet: they want to work with the vendor and the security community to get the problems _fixed_.
So here's the question: will these sorts of responses from vendors force the security community into just giving up on all pretenses of working with the vendor and just leaking everything to the general public immediately upon discovery? That would be bad for all concerned, but it might be better than being lawyered to death. It's pretty easy to arrange to get something posted to usenet with a reasonable degree of anonymity, and there's absolutely no way to suppress anything that has been posted to a big-8 or alt group, short of destroying the whole planet. But I don't think I trust the security of a product whose vendor is sufficiently uncooperative as to motivate a discoverer[1] of a vulnerability to do things that way.
Maybe people who discover such vulnerabilities should discreetly communicate everything they know to some third party overseas first before doing anything else...? But you still have the problem that if you try to work with the vendor they know who you are and can laywer you, and you can be held responsible for communicating the information to the third party.
Ah... but what if the original discoverer remained anonymous and communicated to someone _else_ who would try to work with the vendor, and if that failed the original discoverer or some third party he communicates with could release the information to the security community (and, in the process, the general public)? This would be harder for the discoverer, who would have to anonymously contact a trusted third party in the first place whom he would have to trust to make a good-faith attempt to work with the vendor. But if the vendor tried to laywer the non-anonymous person, they'd run into "I just found out from this here anonymous email and was trying to work with you; this leak must have been perpetrated by the evil person who circumvented your effective measure in the first place, probably the same dude who sent this email, which seems to have come to me from an evil open relay in southeast Asia, one of the same ones the spammers use to send me special offers for reduced-price copies of your products, which they're probably pirating. Gosh, you should really go after those open relays, they're all kinds of trouble."
[1] Security people, I mean. I'm not talking about blackhats.
I think he meant qubit, which is pronounced the same as cubit but spelled with a qu because that stands for quantum. I'm a little fuzzy on some of the quantum stuff, but to the best of my understanding a qubit may change its value if you examine it, or something like that. Except I'm pretty sure I don't entirely understand, because if that were the case they surely would have called them heisenbits. So it must be something else. Anyway, if you arrange a whole bunch of qubits right you're supposed to be able to build a computer that can do in O(1) time what currently takes O(n) time.
Morphology? In computer languages? Name an instance. The closest thing I've seen to that are the sigils in Perl (where %foo can become $foo when you access an individual value and @foo when you access a slice), and even that is going away in Perl6. Besides, that's not really even morphology so much as inflection. Real morphology would be if spellings of words mutated not based on meaning but on the adjascent words, or if attaching an affix could cause changes in the spelling of the rest of the word. This happens quite a bit in natural language, but I don't know of a single case of it in any computer language.
Actually, I'm now trying to imagine what that would be like... and I think I'm getting the willies.
> What other languages can use one word to make an entire sentence ?
Klingon, for one. And I'm not talking about repeating the word; one single word can just about literally be the whole sentence. Actually, almost any inflected language can do this with simple sentences, to a greater or lesser extent. It's way easier to say one-word sentences in Hebrew than in English, for example.
The really unique thing about English is not the grammar so much as the expansive vocabulary. There are other word-order languages, but no other has a lexicon the size of the OED -- and periodically I unearth words that aren't _in_ the OED. (I ought to start keeping a list, but to date I haven't bothered.) Real words, mind you, not street slang. And they aren't all new words, either; occasionally you can find fairly old words (as the age of English words go, that is) that were missed out.
Oh, yes, Forth is *so* much like natural language...
forth love? if honk then
Compare this to a language designed by a linguist...
honk() if $you->love(Perl);
Okay, too much punctuation. But in Perl6 the stupid arrow notation is going away and the parens will become optional (I think) depending on the routine's prototype, so maybe when Perl6 comes out that could be...
honk if $you.love Perl;
Getting better. Maybe in a hundred years we'll have Perl7, and then it can look like this:
> The most interesting part of this is the reason Merril Lynch gave > as to why they posted patches back. They wanted to have a seat at > the development table and did not want to have to maintain a fork > of the product forever. Certainly not a RMS view of OSS, but one > that makes more sense (and dollars) in the long run.
RMS, notwitstanding the undebatably significant contributions he has made, is full of bologna in regard to this issue. Here's why...
It's called bitrot, and it's been a known phenomenon for a long time, but the speed at which some OSS projects develop (the big ones, e.g., the Linux kernel and Mozilla) makes it a major issue. Keeping just a small handful of patches for an active project current (even as many as three or four patches in some cases) could just about be a full-time job. So you Don't Do That. You create them one at a time and get them committed to CVS, and once they're in (and don't break the tree) they become to a large extent Somebody Else's Problem. Everybody else who was working on their own patches now has to fix their patches to work with *your* stuff, because *your* stuff is in the tree. Your workload drops off, and you move on to the next thing you want to get done. Think of it as a race: two people are working on patches that touch the same code. Whoever commits first doesn't have to deal with the other guy's changes. They guy who gets his stuff in second has to merge the changes. More, the guy who gets his stuff in tenth has to merge nine sets of changes, and the guy who never commits his stuff has to spend the rest of his career merging changes until he gives up in dispair and declares that the company must standardise on one version of the software for the rest of time. In the long run, the price of not committing your changes is that you either never get upgrades, or you have to give up your changes.
Now, this assumes that you make changes in the first place. People who are content to use the software in its out-of-the-box state derive less benefit from open source (though they still get the improvements other people make, they don't get to put in their own stuff for their own special needs). But if it's worth your time to fix up the software to meet your needs better, then it's worth contributing it back.
So, as I said, RMS is full of it. We don't need the GPL to get people to contribute back their changes. If the software is of sufficient usefulness that a lot of people are using it and making improvements for their own use, bitrot will punish anyone who doesn't contribute their changes back. The license lets us also sic lawyers on them, but that's not necessary; if they have enough resources to maintain a fork, they'll find a way to do that anyway, or cruft up something from scratch. Most outfits can't afford to maintain a fork of an active project.
Now, a small and relatively static project is another matter, but I would argue that if it's not important to enough people to attract very many improvements, then it doesn't matter very much whether it's open or not.
The GPL has had some positive effects, but these can mainly be measured in terms of the confidence that its terms give to people who otherwise might have been afraid that their code will be taken over and made proprietary by some third party. In practice, this won't happen to an active project. When Apple based their OS on existing components, they kept the open components open, even though some of those components are licensed under a BSD license which does not require it. Why? Those components are actively developed, and Apple doesn't feel like spending ten or fifteen full-time developers maintaining a bunch of forks. Duh. (Yes, they also like having goodwill, but that additional motivation is icing on the cake.) If your code is something sufficiently useful to creat
Go to xulplanet and get thyself the Preferences Toolbar. Install it, and restart Mozilla/Netscape/Phoenix/whatever. There's now a checkbox on your toolbar called "Colors". Uncheck it, and you get the colours you chose for any pages you load. Check it again, and you get the page colours for any pages you load. (It doesn't go back and change the pages that are already displayed, because that caused an annoying delay. If you do want to change a page you already have up you can reload.)
If you hit the "Customize" button on the toolbar you can also turn on the checkbox for "System Colors", which causes the browser to use the colours you chose in your OS control panel, instead of the ones you chose in your browser prefs. (Either setting of this is overridden by page colours, if you have the Colors checkbox turned on and the page specifies its own colours.)
This should work with any browser that supports XUL 1.0. It's known to work with Mozilla, Netscape, Phoenix, Beonix. I don't know whether it's been tested with Chameleon/Camino.
Oh, and you also get checkboxes for other useful things like Javascript and Popups, plus a nifty user-agent spoofing facility and buttons to clear your cache and stuff. The prefbar rocks.
> Perhaps the browser developers could let you control plugins > on a site-by-site basis
There's a bug filed for this in bugzilla. It'll happen eventually. There's also a bug filed to get the stop button to terminate all the plugins (and animations).
In the days of Netscape 4, I disabled Javascript because the web was unusable otherwise. These days I have Javascript enabled but turn off certain behaviors (unrequested windows, changing the browser chrome, moving, raising, or lowering windows). When we can do the same thing with plugins, maybe I'll be willing to have Flash installed.
They are typically sold, but not for very *much* profit, for two
reasons. First, they have to compete with non-recycled paper, which
is at least as cheap to manufacture as recycled paper. (This is
very different from glass or aluminum, which are cheaper to make
from the recyclables than from raw materials.) Second, recycled
paper is not usable for all purposes, so the demand is limited; at
some times and in some places, the supply has exceeded the demand to
such an extent that recycled paper *has* been thrown into a landfill.
Although that isn't what usually happens, it does drive down the
prices of recycled paper.
Now, you might think otherwise if you try to buy (say) stationery
made from recycled paper and find out that it costs more than the
non-recycled variety, but that's the ecconomy of scale talking
(same reason a VT510 (dumb terminal) costs more than a cheap PC).
There's very little money in recycled paper. If your recycle place
pays you for your recyclable paper, it's probably subsidized. This
is not true of certain other recyclable materials (notably glass and
certain metals).
Finally, this is the situation in the US, but the ecconomics may[1]
be somewhat different in nations with significantly less land per
capita (I'm thinking of Japan especially -- lots of people using
lots of paper, not much land), because of the higher cost of
maintaining the forests where the pulpwood is grown, if it is
significantly more expensive to own land. I'm also not sure
about the ecconomics of importing the pulpwood (or the paper).
[1] or may not; I don't know for sure.
Defeating naive bayesian filtering is easy: weight the message
with N random words from a dictionary file, where N is calculated
to be sufficiently large that it will surely contain at least half
as many squeaky clean words as the number of "most interesting"
tokens the filter considers. Further note that these words do
not have to get in the way of the message: they can be stuck
anyplace the filter will see them, even if the user will probably
not see them there. (Think: X-Die-Filter-Die headers, sig blocks,
MIME separators, HTML comments, to the right of a hundred spaces,
and so on and so forth.)
Of course, we can make bayesian filters less naive by having them
consider context of tokens, but that consumes more system resources,
and then the spammers can drag out the Markov chains. And we know
there are miscreants who know how to write Markov chain generators,
because hipcrime has been using them for years to get past the
net.admin.net-abuse.* robocancel-moderation and pull assorted
maladjusted and juvenile stunts. And detecting Markov chains is
probably AI complete, or at least significantly difficult.
Regardless of what the spammers do, bayesian filters (if made less
naive than the current ones) can *probably* continue to work when
trained on a large bulk of well-sorted mail from a single user's
account and used to sort that same user's mail, but I don't think
they will ever be a hassle-free drop-in solution for the masses.
Without good data on the nature of a specific user's mail (i.e.,
data the spammers (hopefully) don't have), they're too easy to
defeat. Markov chains are not even especially new technology, and
while the idea is clever, much more advanced autogeneration is
possible... *generating* human language text is *way* easier
than parsing it, which makes the filtering game ultimately a
losing battle for mail clients -- unless intelligent user input
(selection) goes into training the filter for *each* person's mail,
which gives you a leg up on the spammer who doesn't have your data.
> Obtaining a valid list of e-mail addresses is not very easy,
> you either need to invest money or you need to figure out how
> to harvest e-mails from the web/usenet.
That part's trivial. You'll get 50% invalid addresses, but so what?
Step 3 is easier than you think: at this time, you don't have to
fool the filters of the 0.05% who use even moderately complex
filters[1]; all you have to do is get past the things that are
deployed ISP-wide, like psmtp.com's filtering service. (This is
trivial to get past: write three spams at random, and two of them
will get past. No cleverness required.)
If you have to get past word blacklists, then you also need to use
a thesaurus (or 1337 sp33k), but word blacklists are relatively
uncommon, because they get too many false positives. Really, all
you have to do is get past the filters that ISPs deploy, not the
ones individuals install. Remember, if you have to send twice as
many messages to get the same response, it doesn't cost you that
much more. (This is what makes spam so problematic. *Almost*
makes me want the estamps thing to succeed.)
The hard part is convincing businesses that have money (and are
therefore presumably profitable) that they can gain more than
they lose by investing in your services. I assume you send all
the businesses in the universe adverts for your services and hope
0.001% of them bite. I would like to think that more than 99.9%
of them know better, but... I know better. Fortunately each
spammer has to compete with all the others for limited business,
so the number of spammers who can make money spamming is finite.
Praises be.
As for point 4, finding a spam-friendly ISP is a real pain; it's
much easier to run port scans and find open relays, then test
them to see which ones *don't* do a reverse lookup of your IP.
Then you send to the open relay from a custom MTA that you run
on a dynamic IP in such a way that it randomly generates From
and Received headers and such for each message, thus making it
a real pain for the recipient to track down where the spam
*originated*. Finding out where it came from to your ISP is
easy, but that's an open relay in the APNIC block whose IP is
not reverse-lookupable (virtually *nothing* in APNIC supplies
PTR records), and so tracking down the owner of the relay is
hard, and they don't speak your language, and they don't give
a rodent's posterior about your spam problem. For extra bonus
points, get a hosting deal in Asia and run your MTA there, so
that tracing you back to your ISP in the US is basically
impossible, and if we *do* figure out who runs the MTA in Asia,
we'll assume it's an open relay, provided you insert the usual
forged Received headers. Yes, I've spent way too much time
looking at mail headers.
So in conclusion, the main thing preventing a lot of people such
as myself from becomming spammers is that we hate spam. That, and
it's so obviously *wrong*.
[1] e.g., people like me, who trained a naive bayesian mail
classification system (ifile) on a collection of tens of
thousands of well-categorised messages in 3 dozen distinct
categories, including several distinct spam categories.
But actually, with a modicum of cleverness, a naive bayesian
system can be easily defeated. As soon as I read how the
algorithm works, I realised inside ten minutes how they can
defeat it. Consequently, they can figure it out too; if
enough people start using such systems they'll do that, and
we'll have to get more clever with our mail classification
systems, taking context into account for tokens, at which
point they'll drag out the Markov chain generators, which
will be *hell* to try to filter against. At that point it
might be easiest to hire somebody in the third world (where
the ecconomy is suc
I prefer odd/even: even numbers to the north and east, odd numbers
to the south and west. (Or vice versa; as long as you're consistent,
it doesn't matter which way is which.)
Extra bonus points if the first digit of a three-digit house number
tells you which cross street it's near. Thus, 318 Eleventh Avenue
would be on an Avenue (which means it runs east/west), on the north
side of the avenue, somewhere between 3rd Street and 5th Street,
probably closer to 3rd Street. Because Eleven is odd, you'd know
that the avenue is on the south side of town, and because 3 is odd
you'd know that the house is on the west side. 387 Eleventh Avenue
would be on the same block but across the avenue (on the south side
since 387 is odd) and further west, closer to 5th than to 3rd.
This would take a small amount of getting used to, but after three
months you'd be able to go directly to any address, even if you'd
never heard of or seen the specific street before.
If you have to put a north-south street in between 3rd Street and
5th Street, you call it 3rd Ct, and if you have to put in an
east-west one between Eleventh Avenue and Thirteenth Avenue, you
call it Eleventh Alley (or somesuch). Notice that the north-south
ones (3rd St, 3rd Ct, 5th St, 5th Ct) use the ordinal notation
with digits, and the east-west ones are spelled out, because
"Avenue" is longer than "St".
The interesting other option is to use a polar setup, where you
state the position along the street first and then the street, as
with conventional addresses. So, "I live at 4172 Yards, 245
Degrees" means you live 4172 yards from the center of town along
a street that runs straight out of town at that angle; similarly,
"I work at 16.8 degrees, 2000 Yards" would mean your job was on
one of the concentric-circle streets (which happens to be 2000
Yards from the center of town) and about 16.8 degrees from the
due-east street (Which you probably call 360 rather than 0 to
avoid freaking out-of-towners who don't want to see a 0 address).
</sane>
Or, we could do away with all this "address" nonsense and just
use precise latitude and longitude and altitude for everything...
Picture UPS man with GPS unit, trying to deliver a package:
"these coordinates must be in the basement of that building.
Now, where's the door..."
> the airplanes are designed to withstand a lightning strike
Hmmm, yes. I don't think I want to see a HERF designed to give
a stronger jolt than lightning, and I'm *certain* I don't want to
pay the electric bill.
> > But the firm aims to have memories on the market within a year
> A lot shorter than ten years, hopefully. Though I'm skeptical
> we'll see them commercially available within a year...
It goes something like this...
May 2004: dev team member admits to management that a little
more tweaking is required, but it should be ready by fall.
Team member who breaks this news to management may or may
not be fired, depending on the weather.
Jun 2004: Slashdot runs a story on the delay.
Aug 2004: Slashdot runs a story on the delay.
Feb 2005: dev team proudly announces to management that it
is now indeed ready for production.
Mar 2005: Slashdot runs a story and we all get excited.
Apr 2005: plans are laid for actual production, and an assembly
line is booked for starting in August. Slashdot runs a
story on this and we all get excited.
Oct 2005: first units ship, in theory, but mere mortals do
not see them. But there's a review, and slashdot posts a
story that links to it and gets us all excited.
Nov 2007: first motherboard ships that is compatible with the
memory units. And it's less than a thousand bucks. (Of
course, the memory is much more expensive than that...)
Feb 2008: Software vendors start announcing compatibility.
Slashdot runs a story for each of them.
Dec 2009: mere mortals can afford it, if they make good money.
There's a review on Ars Technica that explains the theory of
how it works and features benchmark graphs that reveal it
might improve system performance if memory is your bottleneck,
but that you definitely have to consider disk I/O also in the
overall picture.
Dec 2011: normal people like you and I can maybe get our hand
on a complete working system for around a thousand bucks.
Dec 2012: the next big thing hits, and prices drop.
Jun 2013: you can pick up a used system on ebay for $200.
May 2015: the stuff's a glut on the market. You try to sell
a complete system on ebay with no reserve and it doesn't
even sell. You end up letting it go for the cost of
shipping so you don't have to worry about recycling it.
Couple of things to check:
1. Are you talking about 135 TCP or 135 UDP? I don't happen to
know which one it should be.
2. Could the stuff be coming from inside the firewall?
When Yahoo and Google switch over to IPv6, we'll know it's time.
Diplomacy (the Avalon Hill game) would also work really well.
We play it now with typically three days per turn. See for
example www.diplom.org
Water makes a *great* dust filter. The Rainbow line of vacuum
cleaners runs their output through a water pan, and the result
is a *lot* less dust (if you sweep at all regularly). Now, those
things run a fair penny more than the $500 you were looking at,
but you can probably take advantage of the same principle for
well under $500. You need two things: a system for rotating
the room's air so that any given bit of air makes it to your
filter system periodically, and a filter system that takes the
air and forces it down into a bucket of water. You do have to
change the water, but that's easier and much cheaper than changing
a traditional filter. (In theory you could rig something up to
automatically change the water, but probably not inside of your
$500 budget.) You can tell that stuff is being removed from the
air because the water turns black.
40ms is pretty good, actually.
On the T1 at work I get 40ms ping times to www.yahoo.com (California)
or about 33 to www.bright.net (which is in Ohio, where I am, but on
a different network), 18 to Ohio State University. Of course, I get
7ms ping times to anything on OPLIN's network (i.e., any public
library in Ohio -- well, the ones that answer pings), but that's
not fair, because those pings only go through four or five hops.
The people who claim 5ms ping times are presumably similarly
connected: they have the same ISP as the server, or something
along those lines.
Now, at home I'm lucky to get 200ms ping times to anything, but
that's dialup.
> the guys in the city may be cheap to wire up, but the guys out in
> the burbs cost a small fortune(and there's fewer of 'em.)
No, that's just it: there are not fewer of them, or at least not
substantially fewer. For every big[1] city, there are several
hundred[2] small-to-medium communities. The average population
of these small-to-medium communities is around five or ten thousand
persons[2] each[3]. Some are larger, some are smaller. Some are
near the big cities (suburbs) and many are not. None of them have
the impressive numbers of people like the big cities. But when you
add them all up, it comes to a lot[2] of people. Then there are
the people who live five minutes' drive outside the city limits...
a typical non-suburban small community of ten thousand people has
a couple thousand[2] more of those people living around it. (This
is less a factor for suburbs, because they are mostly surrounded by
other municipalities.) And then there are the twenty-some
percent[4] of the population who live in rural areas. When we
get wired broadband to _them_, we'll have set a new standard for
what it means to be a first-world nation. (Currently, mere phone
lines to every house will just about satisfy the communications
infrastructure requirements.)
Now, some states (California) are more urban, but then some
(Indiana) are more rural. Anyway, my point is that we tend to
think of "most" people living in the big cities, but while most
people do live in a municipality, a great many of them live in
ones we would not generally consider to be quite urban.
[1] Say, a million or more. Some people would draw the line
a bit lower, but I had to pick a size to talk about. Is
a city of a hundred thousand people really "urban"? Can
people in cities that size all get cheap broadband?
[2] Statistics courtesy of Jonadab's Flagrant Guesstimation.
[3] It depends what you count. If you count every community with
a name, there are more like a thousand of them per big[1]
city, but it brings the average population way down. If you
only count actual municipalities, there are some n in the low
hundreds per big city, but the population is a bit higher.
[4] Almost one-third in Ohio, which is about average; it's much
higher in some states, and much lower in others. However,
the states with the lower percentages of rural population
have the higher populations, so the overall percentage is
somewhat less than what you get if you average the numbers
from each state.
It's probably pretty easy in a lot of cases to social engineer
root access, but you don't do it by calling up the sysadmin.
Most sysadmins are sufficiently paranoid that, if you called them on
the phone and asked them for the root password for the server, they'd
instantly go on the alert. The extremely paranoid ones would say
anything ("Umm, I'm sure I have that written down here somewhere...")
to keep you on the line while they pull your number off of caller
ID and run it through an online phonebook service (Reference USA
or the equivalent) for an address. Then they'd change all the
passwords and log all logins for at least a week.
The more confident and/or busy sysadmins would tell you that they
can't give out the root password. Very few sysadmins would just
give it to you. But there are other ways to get root access...
1. Social engineer the sysadmin's non-IT boss. I suspect this
is probably the easiest way. I know my boss (a librarian,
with roughly no IT background) has all the passwords for
our main server. I don't know how likely she would be to
give them out over the phone, but I know _exactly_ how
likely you would be to get them out of *me* over the phone,
and so she'd be a better bet. (Fortunately, remote login
in our case uses a password rotation, so the regular password
for local access won't work unless you're on-site.)
2. Slip in at night, use physical access to compromise the
sysadmin's workstation (e.g., by booting in single-user
mode), and install a keyboard logger that reports its
results by obscuring them in a way you can easily reverse
and posting them to alt.test or serving them out via http
on some unused port.
3. Get a user password and use a privilege escalation attack.
here is a screenshot showing the three fonts. The mono font looks pretty good as boldface in gnome-terminal. I could live with this as a replacement for Andale Mono. The serif font I basically don't care about, because I normally have very little use for serif fonts, but it's certainly better than Times New Roman, albeit arguably not as nice in some ways as Georgia. Like I said, it's really hard for me to say, because I'm just not a fan of serifs in general. The sans font is not as good IMO as Verdana or Adobe helvetica.
First it was Mozilla. Then it was Netscape. Then it was Navigator.
Then it was Communicator, which contained Navigator and was produced
by Netscape. Then it was Mozilla again. Then it was SeaMonkey.
Then it was Mozilla again. Then they decided to split it up into
Phoenix, Minotaur, and so forth. Then they renamed them to Firebird,
Thunderbird, and who knows what. Now the name Firebird is in
dispute... *ENOUGH*. No more name changes. Just call it "the
Mozilla.org browser", "the Mozilla.org mailreader", and so on, and
that'll be fine.
> Of course a cybercafe may well be a worst-case scenario: all you
> need is for all ten clients to leave an animated gif pop-up on
> their screen and you have a serious redraw issue.
Configure them to only play through looping animations once. In
Mozilla, that's under Edit->Preferences->Privacy&Security->Images
It's not the processor; it's the amount of RAM.
And yeah, when Win3.1 was current, PCs had approximately no RAM,
so current versions of KDE would have sucked in the uttermost.
Indeed. If they'd just thrown the information onto usenet in the
first place, no lawyer action would have had any effect at all.
The problem is, people[1] who find security flaws don't generally
*want* to post them to usenet: they want to work with the vendor
and the security community to get the problems _fixed_.
So here's the question: will these sorts of responses from vendors
force the security community into just giving up on all pretenses
of working with the vendor and just leaking everything to the
general public immediately upon discovery? That would be bad for
all concerned, but it might be better than being lawyered to death.
It's pretty easy to arrange to get something posted to usenet
with a reasonable degree of anonymity, and there's absolutely no
way to suppress anything that has been posted to a big-8 or alt
group, short of destroying the whole planet. But I don't think
I trust the security of a product whose vendor is sufficiently
uncooperative as to motivate a discoverer[1] of a vulnerability
to do things that way.
Maybe people who discover such vulnerabilities should discreetly
communicate everything they know to some third party overseas
first before doing anything else...? But you still have the
problem that if you try to work with the vendor they know who
you are and can laywer you, and you can be held responsible for
communicating the information to the third party.
Ah... but what if the original discoverer remained anonymous
and communicated to someone _else_ who would try to work with
the vendor, and if that failed the original discoverer or some
third party he communicates with could release the information
to the security community (and, in the process, the general
public)? This would be harder for the discoverer, who would
have to anonymously contact a trusted third party in the first
place whom he would have to trust to make a good-faith attempt
to work with the vendor. But if the vendor tried to laywer
the non-anonymous person, they'd run into "I just found out
from this here anonymous email and was trying to work with
you; this leak must have been perpetrated by the evil person
who circumvented your effective measure in the first place,
probably the same dude who sent this email, which seems to
have come to me from an evil open relay in southeast Asia,
one of the same ones the spammers use to send me special
offers for reduced-price copies of your products, which they're
probably pirating. Gosh, you should really go after those
open relays, they're all kinds of trouble."
[1] Security people, I mean. I'm not talking about blackhats.
I think he meant qubit, which is pronounced the same as cubit but
spelled with a qu because that stands for quantum. I'm a little
fuzzy on some of the quantum stuff, but to the best of my
understanding a qubit may change its value if you examine it, or
something like that. Except I'm pretty sure I don't entirely
understand, because if that were the case they surely would have
called them heisenbits. So it must be something else. Anyway,
if you arrange a whole bunch of qubits right you're supposed to
be able to build a computer that can do in O(1) time what
currently takes O(n) time.
Morphology? In computer languages? Name an instance. The closest
thing I've seen to that are the sigils in Perl (where %foo can
become $foo when you access an individual value and @foo when you
access a slice), and even that is going away in Perl6. Besides,
that's not really even morphology so much as inflection. Real
morphology would be if spellings of words mutated not based
on meaning but on the adjascent words, or if attaching an affix could
cause changes in the spelling of the rest of the word. This happens
quite a bit in natural language, but I don't know of a single case
of it in any computer language.
Actually, I'm now trying to imagine what that would be like...
and I think I'm getting the willies.
> What other languages can use one word to make an entire sentence ?
Klingon, for one. And I'm not talking about repeating the word;
one single word can just about literally be the whole sentence.
Actually, almost any inflected language can do this with simple
sentences, to a greater or lesser extent. It's way easier to
say one-word sentences in Hebrew than in English, for example.
The really unique thing about English is not the grammar so much
as the expansive vocabulary. There are other word-order languages,
but no other has a lexicon the size of the OED -- and periodically
I unearth words that aren't _in_ the OED. (I ought to start
keeping a list, but to date I haven't bothered.) Real words,
mind you, not street slang. And they aren't all new words,
either; occasionally you can find fairly old words (as the age
of English words go, that is) that were missed out.
> Forth can be used a little bit like that
Oh, yes, Forth is *so* much like natural language...
forth love? if honk then
Compare this to a language designed by a linguist...
honk() if $you->love(Perl);
Okay, too much punctuation. But in Perl6 the stupid arrow
notation is going away and the parens will become optional
(I think) depending on the routine's prototype, so maybe
when Perl6 comes out that could be...
honk if $you.love Perl;
Getting better. Maybe in a hundred years we'll have Perl7,
and then it can look like this:
Honk if you love Perl.
> The most interesting part of this is the reason Merril Lynch gave
> as to why they posted patches back. They wanted to have a seat at
> the development table and did not want to have to maintain a fork
> of the product forever. Certainly not a RMS view of OSS, but one
> that makes more sense (and dollars) in the long run.
RMS, notwitstanding the undebatably significant contributions he
has made, is full of bologna in regard to this issue. Here's why...
It's called bitrot, and it's been a known phenomenon for a long time,
but the speed at which some OSS projects develop (the big ones, e.g.,
the Linux kernel and Mozilla) makes it a major issue. Keeping just
a small handful of patches for an active project current (even as
many as three or four patches in some cases) could just about be a
full-time job. So you Don't Do That. You create them one at a time
and get them committed to CVS, and once they're in (and don't break
the tree) they become to a large extent Somebody Else's Problem.
Everybody else who was working on their own patches now has to fix
their patches to work with *your* stuff, because *your* stuff is
in the tree. Your workload drops off, and you move on to the next
thing you want to get done. Think of it as a race: two people are
working on patches that touch the same code. Whoever commits first
doesn't have to deal with the other guy's changes. They guy who
gets his stuff in second has to merge the changes. More, the guy
who gets his stuff in tenth has to merge nine sets of changes, and
the guy who never commits his stuff has to spend the rest of his
career merging changes until he gives up in dispair and declares
that the company must standardise on one version of the software
for the rest of time. In the long run, the price of not committing
your changes is that you either never get upgrades, or you have to
give up your changes.
Now, this assumes that you make changes in the first place. People
who are content to use the software in its out-of-the-box state
derive less benefit from open source (though they still get the
improvements other people make, they don't get to put in their
own stuff for their own special needs). But if it's worth your
time to fix up the software to meet your needs better, then it's
worth contributing it back.
So, as I said, RMS is full of it. We don't need the GPL to get
people to contribute back their changes. If the software is of
sufficient usefulness that a lot of people are using it and
making improvements for their own use, bitrot will punish anyone
who doesn't contribute their changes back. The license lets us
also sic lawyers on them, but that's not necessary; if they have
enough resources to maintain a fork, they'll find a way to do
that anyway, or cruft up something from scratch. Most outfits
can't afford to maintain a fork of an active project.
Now, a small and relatively static project is another matter,
but I would argue that if it's not important to enough people
to attract very many improvements, then it doesn't matter very
much whether it's open or not.
The GPL has had some positive effects, but these can mainly be
measured in terms of the confidence that its terms give to people
who otherwise might have been afraid that their code will be
taken over and made proprietary by some third party. In practice,
this won't happen to an active project. When Apple based their
OS on existing components, they kept the open components open,
even though some of those components are licensed under a BSD
license which does not require it. Why? Those components are
actively developed, and Apple doesn't feel like spending ten or
fifteen full-time developers maintaining a bunch of forks. Duh.
(Yes, they also like having goodwill, but that additional
motivation is icing on the cake.) If your code is something
sufficiently useful to creat
> I've setup blue on my PC and thats what I want
Go to xulplanet and get thyself the Preferences Toolbar. Install
it, and restart Mozilla/Netscape/Phoenix/whatever. There's now
a checkbox on your toolbar called "Colors". Uncheck it, and you
get the colours you chose for any pages you load. Check it again,
and you get the page colours for any pages you load. (It doesn't
go back and change the pages that are already displayed, because
that caused an annoying delay. If you do want to change a page
you already have up you can reload.)
If you hit the "Customize" button on the toolbar you can also
turn on the checkbox for "System Colors", which causes the browser
to use the colours you chose in your OS control panel, instead of
the ones you chose in your browser prefs. (Either setting of
this is overridden by page colours, if you have the Colors
checkbox turned on and the page specifies its own colours.)
This should work with any browser that supports XUL 1.0. It's
known to work with Mozilla, Netscape, Phoenix, Beonix. I don't
know whether it's been tested with Chameleon/Camino.
Oh, and you also get checkboxes for other useful things like
Javascript and Popups, plus a nifty user-agent spoofing facility
and buttons to clear your cache and stuff. The prefbar rocks.
> Perhaps the browser developers could let you control plugins
> on a site-by-site basis
There's a bug filed for this in bugzilla. It'll happen eventually.
There's also a bug filed to get the stop button to terminate all
the plugins (and animations).
In the days of Netscape 4, I disabled Javascript because the web
was unusable otherwise. These days I have Javascript enabled but
turn off certain behaviors (unrequested windows, changing the
browser chrome, moving, raising, or lowering windows). When we
can do the same thing with plugins, maybe I'll be willing to have
Flash installed.