...especially in the offices of our more, erm, elderly congressmen. How do you determine which messages are spam and which messages are Orrin Hatch's real communications about herbal viagra and colon cleansing?;)
I agree. But I must be wrong about something, because ISPs don't seem to be deploying caches. ISPs would seem to have the most to gain from caches, and they are also at a very natural and sensible point for it.
I know there are ISP slashdotters. Any of you guys want to explain why web caches aren't worthwhile?
Cloudmark already pointed out one major stumbling block: potential legal issues regarding content which is "stored" on a machine owned by the ISP. Several years ago in New York, the state AG went after a bunch of ISPs because they carried child erotica newsgroups on their news servers. Mind you, customers of those particular ISPs weren't necessarily doing anything illegal, and it wasn't end-users being targeted. The AG was going to file charges against ISP officials simply for providing access to the material. His reasoning was that the ISPs could be held responsible under the law, because the illegal material resided on hard drives under those providers' direct control. I don't know how it all turned out, I just remember that it was big news in alt.privacy back then, much as the RIAA vs ISPs is big news now.
That's the criminal side of things, now for the other perspective. As more people begin to rely on the internet as a publication medium, more people also begin to expect that it's going to be a real-time medium (for some reasonable value of "real"). After all, that's what the commercials promise about this whole digital communications thing. "I can type an email to my grandma and she gets it instantly!" "I can get up to date traffic alerts on my cell phone and avoid traffic jams!"
Not only is it being sold this way, it's being used this way, more so than you might think. For example, a lot of teachers and instructors - all the way down to the elementary level - post things like the class syllabus, assignments, an outline of the next lecture, etc. online. Financial information, like today's current bank rates, is distributed via the web. Sports scores, stats, and betting odds are online. And we can't forget the ultimate example of time-sensitive information, stock quotes.
The information people want is on the web, and much if not all of this information is constantly changing. Users expect to get the most current, most accurate data when they visit a site, local (browser) cache notwithstanding. They expect the ISP to deliver the content, not to alter it or keep it around until it's arbitrarily considered stale. In a perfect world, web developers would specify no-cache if they didn't want their visitors having problems; in the real world, it doesn't happen.
Consider these scenarios:
A student stays home from school due to illness. He knows it's not a big deal, because his teachers post all of the homework online. He visits his teachers' sites to look up the assignments, but gets last week's copy of the pages instead. The following day, none of the teachers are keen on his excuse that "my ISP's cache server ate my homework."
A telecommuting employee has his new projects posted on a web page each morning by his manager. He checks his "New Projects" list, completes all of the tasks, and calls it a day; not knowing that overnight his ISP had implemented a transparent cache to improve performance. The next morning he checks the list again, and - finding no new work posted - he decides to go fishing. When he gets home, there are 4 angry messages from the boss asking why he hasn't completed today's projects.
Joe Sixpack doesn't usually play the lottery, but while he's paying for gas he decides to buy a ticket for the hell of it. He knows that the winning numbers are posted each night at www.superwinninglottomeganumbers.com. That night he checks the winning numbers (having no idea, of course, that he's actually looking at yesterday's). Not surprised that his ticket didn't win, he pitches it. The next morning in the paper he sees that his number was actually a winner...
I guess what I'm getting at, in a long-winded sort of manner, is that caching is more likely to confuse or frustrate users, or even outright harm them, than it is to help them. Caching should be up to the users.
My guess is that the problem is that Hotmail and other mail providers are apparently stupid enough to accept incoming mail with 300,000,000 recipients in the header. I can't think of any other reason why "rezrov" would get buried in spam almost instantly while "aimfiz69105" never gets any.
The problem is that "rezrov" is a shorter userid than "aimfiz69105," and there's probably a rezrov@ other domains aside from hotmail.com (like aol.com, or yahoo.com). That's probably about it.
The classic dictionary attack - sending mail to ajones@, bjones@, cjones@ - has evolved somewhat. These days, some spammers take every valid @aol.com address and try to mail it @hotmail.com. They take every valid @hotmail.com address and try to mail it @yahoo.com. Reason being, a substantial number of people carry the same username across services. If JimBob4494@aol.com creates a Hotmail account, it's likely to be jimbob4494@hotmail.com. If joeuser555@hotmail.com signs up for Yahoo! Mail, he's likely to create joeuser555@yahoo.com.
So, what's more likely in the case of rezrov {at} hotmail {dot} com is that there's a valid user with the address rezrov@aol.com or rezrov@yahoo.com. So one spammer decided to try that particular user portion @hotmail.com, it didn't bounce, and now you're on tens if not hundreds of lists. Meanwhile, there was never a aimfiz69105@aol.com, or a aimfiz69105@yahoo.com, etc so that address @hotmail doesn't get any spam.
Sucks, eh?
My Hotmail/Yahoo account method has been spamproof so far:
Pull a dollar bill out of your pocket, and use its serial number as your free webmail account username. Guaranteed no spam, ever.
Right now I'm looking at a dollar bill whose serial number is J57097854N (I need to go put it into WheresGeorge:) and that would make a perfect Hotmail or Yahoo account.
>So it doesn't come anywhere near patenting traditional email forwarding.
The procedure you describe is traditional forwarding on some systems. For example, I once had a free GNN account (Global Network Navigator, AOL's "internet connection only" service that went under quickly). When GNN closed house, I was given the option to have everything forwarded to AOL for a period of time. All mail sent to me@gnn.com was forwarded to myotherID@aol.com. All web traffic destined to members.gnn.com/me was forwarded to members.aol.com/myotherID.
So, "forwarding" can indeed mean what this patent applies to. Not forwarding as in "Fwd:" but forwarding as in automatic redirection of email to a different address; just like the USPS calls it "forwarding" when you move and they send your mail to your new home. Not everyone calls it aliasing, and in fact there are many webhosting companies out there right now who offer "email forwarding" which does exactly this.
My thoughts exactly. When I read the article, the only thought that came to mind was "Sklyarov." I'm making popcorn, this might be a great show to watch. I think most of us can agree that the USA needs (or at least really wants) Russia as an ally... It'll be interesting to see how this plays out.
One of the major shortcomings of the USPTO seems to be that there are far too many patent applications for the number of people processing them; thus patents on stupid things, obvious things, and even long time standard industry practice things slip through frequently.
Do you believe that your organization has enough employees to adequately review all patent applications? This includes all of the tasks that you're presumably charged with: examining the patent's relevance to its field, searching for prior art, etc. We don't hear much brou-ha-ha with regards to the European patent system, so presumably you folks are doing something right. I'm curious as to whether "a ton of staff" is the key.
But now, some f*tards as using the AIM system to send out spam-like messages.
Uncheck the "Allow people to find me" and "I am available for chat" boxes in the AIM profile, and you won't get any more spam.
These settings serve absolutely no purpose other than to provide spammers with names via the "Find a Buddy Wizard." (If you're hoping that some lonely hot chick will find you by searching your AIM profile, believe me, it ain't gonna happen;) You can still maintain your AIM profile while keeping these two options unchecked, just hit "Next" a couple times until the profile editing window comes up. That way the people who know you can view your profile, but people who don't know you (99.9% of such people who'd want to IM you are spammers, the other 0.01% are fat chicks) can't figure out your screen name.
I've been using AIM since it was released. I have never, ever received an IM spam on AIM thanks to following these guidelines.
Routing a message from MSN-client to MSN-server to AOL-server to AIM-client is a nontrivial task.
It wouldn't be nontrivial if AOL were to open up their system to the other players. All you have to do is add one more server into the exchange: MSN-client to MSN-server to "OPEN-IM server" to AOL-server to AIM-client. The "OPEN-IM server" could be operated by AOL, or it could be an app run by each existing provider to translate messages to and from AOL/AIM.
The only potential conflict I could see is clashing screen names, but if AOL has already handled this problem with regards to Apple, they could handle it again for MSN and Yahoo. And if AOL can do it, Yahoo can do it for MSN users and AOL users, MSN can do it for Yahoo users and AOL users, etc.
Probably a good observation. I'm not sure about the current status of AOL and Apple's relationship, but they've had very cozy dealings in the past. Apple's defunct online service, eWorld, was actually a modified version of the AOL host and client; and the Apple programmers wrote a few Online Tools for the eWorld software which also worked with the Mac AOL client (Broadcast comes to mind).
Kathy McKiernan, an AOL spokeswoman, said Wednesday that the company thought its resources were better devoted to "alternatives that are available to us now such as the hosted IM relationship with Apple."
Under that arrangement, Apple wrote the software and AOL will handle the message transmissions. AOL developed a way for users on iChat to claim usernames already taken on AOL.
You can bet that Apple paid through the nose for this interoperability. AOL is hoping that others will do the same, again quoth the article,
Instead, AOL will focus on letting companies offer their own instant messaging services if they contract with AOL to run them.
I use AIM, Yahoo Instant Messenger, and ICQ. I have seen MSN messenger. None of the others allow interoperability. Why should AOL make theirs that way if the others aren't following suit?
Because the government ordered them to? IIRC, part of the FTC/FCC agreements which allowed the AOL Time Warner merger to go forward specified that AOL had to open up its IM protocol (and broadband network) and play nice with others. They've allowed Earthlink to operate over Time Warner's cable lines - though arguably that isn't much competition - but they have yet to open up AIM.
You raise some very good points, and I think the NY Times article is more hype than substance (not that this is surprising). The biggest problem I see, though, isn't peoples' personal webpages being archived... It's when their personal information shows up on another website, perhaps even without their knowledge. In a situation like this, robots.txt isn't an option.
Something like this happened to me last year and it was very disturbing to say the least. I applied for a job at a local company and sent my resume to them via snailmail. A couple days later someone called to tell me that the job had already been filled, but they'd keep my resume on file for future consideration. Little did I know that "on file" actually meant "typed into a computer and stuck into our HR database which happens to be accidentally accessible through our public website." And little did I know that the data-entry jockey who typed my printed resume into the computer would leave off a zero when entering the part about "10 years of experience."
I didn't find out about this until several months later, when the hiring manager at another company brought up the discrepancy on the phone. He'd called to schedule an interview, but first he wanted me to explain why another copy of my resume said I only had 1 year of experience. Within a few minutes he'd found and given me the URL. Within an hour, after several phone calls my resume was gone from StupidCo's HR database (and they'd removed the link from the public website). I thought about filing a lawsuit - how many companies had done a "background check," found the other resume, and shitcanned me because they thought I was a liar? - but decided it wasn't worth it.
The lesson I took from this experience was simple. You have to give out your personal information to other people from time to time, for very valid and legitimate reasons; and no matter how privacy-conscious you are, one of those other people can really fuck it up for you. Here's hoping you find out about it sooner than I did.
>Why use a vending machine when a community cooler would work just as well.
Because the day after you set up the community cooler, it's going to be empty, and believe me there won't be any quarters inside.
Been there, done that. At my previous job (non tech related) they brought in a full-sized refrigerator and installed it in the break room. For a few days, the fridge was actually stocked on the company's dime with soda, fruit juices, and even iced coffee. I think they underestimated what people would drink. By the end of the week they'd already announced that they would no longer be stocking it, there was a memo hanging on the fridge door that said they'd spent over $600 in beverages just in the first few days.
So, no biggie, everyone can bring in their own drinks, right? Yeah, right! You show up for work, pop a few Mountain Dews or Frulatte's in the fridge, and by the time you go to grab one they're all gone. Even if you wrote your name on them, someone else would swipe them. Unless you have a very small office where everyone can view the fridge at all times, community coolers/fridges aren't going to work, cause the community is gonna nab your drinks.
The fridge was still there when I left, but nobody really used it. It was more a rite of passage than a utility. New hires would think "hey cool, a fridge" and quickly learn that it was a magic fridge, which made anything you put into it disappear.
Go with a vending machine. If people start stealing out of that, you can prosecute!
Because it's illegal. That's the only reason the RIAA needs in order to go after us, and they keep flaunting it. Why should we need any more reason to go after them?
According to the reference page, the actual exploit is done by sending an HTTP POST request to a vulnerable server. Is it enough to put a restrictive LIMIT POST directive in the.htaccess or httpd.conf file? Or would the server still be vulnerable?
FYI, running on cable in the ever-popular 24/8 and haven't seen anything strange in the access log (yet)
Slashdot Mirror
>I had no idea the Department of Defense had a warez ring...
:)
Of course they do. What else would they need 5 or 6 entire Class A netblocks for?
Be the first passenger on the new shuttle, Discovery Twist!
...especially in the offices of our more, erm, elderly congressmen. How do you determine which messages are spam and which messages are Orrin Hatch's real communications about herbal viagra and colon cleansing? ;)
That's the criminal side of things, now for the other perspective. As more people begin to rely on the internet as a publication medium, more people also begin to expect that it's going to be a real-time medium (for some reasonable value of "real"). After all, that's what the commercials promise about this whole digital communications thing. "I can type an email to my grandma and she gets it instantly!" "I can get up to date traffic alerts on my cell phone and avoid traffic jams!"
Not only is it being sold this way, it's being used this way, more so than you might think. For example, a lot of teachers and instructors - all the way down to the elementary level - post things like the class syllabus, assignments, an outline of the next lecture, etc. online. Financial information, like today's current bank rates, is distributed via the web. Sports scores, stats, and betting odds are online. And we can't forget the ultimate example of time-sensitive information, stock quotes.
The information people want is on the web, and much if not all of this information is constantly changing. Users expect to get the most current, most accurate data when they visit a site, local (browser) cache notwithstanding. They expect the ISP to deliver the content, not to alter it or keep it around until it's arbitrarily considered stale. In a perfect world, web developers would specify no-cache if they didn't want their visitors having problems; in the real world, it doesn't happen.
Consider these scenarios:
A student stays home from school due to illness. He knows it's not a big deal, because his teachers post all of the homework online. He visits his teachers' sites to look up the assignments, but gets last week's copy of the pages instead. The following day, none of the teachers are keen on his excuse that "my ISP's cache server ate my homework."
A telecommuting employee has his new projects posted on a web page each morning by his manager. He checks his "New Projects" list, completes all of the tasks, and calls it a day; not knowing that overnight his ISP had implemented a transparent cache to improve performance. The next morning he checks the list again, and - finding no new work posted - he decides to go fishing. When he gets home, there are 4 angry messages from the boss asking why he hasn't completed today's projects.
Joe Sixpack doesn't usually play the lottery, but while he's paying for gas he decides to buy a ticket for the hell of it. He knows that the winning numbers are posted each night at www.superwinninglottomeganumbers.com. That night he checks the winning numbers (having no idea, of course, that he's actually looking at yesterday's). Not surprised that his ticket didn't win, he pitches it. The next morning in the paper he sees that his number was actually a winner...
I guess what I'm getting at, in a long-winded sort of manner, is that caching is more likely to confuse or frustrate users, or even outright harm them, than it is to help them. Caching should be up to the users.
The classic dictionary attack - sending mail to ajones@, bjones@, cjones@ - has evolved somewhat. These days, some spammers take every valid @aol.com address and try to mail it @hotmail.com. They take every valid @hotmail.com address and try to mail it @yahoo.com. Reason being, a substantial number of people carry the same username across services. If JimBob4494@aol.com creates a Hotmail account, it's likely to be jimbob4494@hotmail.com. If joeuser555@hotmail.com signs up for Yahoo! Mail, he's likely to create joeuser555@yahoo.com.
So, what's more likely in the case of rezrov {at} hotmail {dot} com is that there's a valid user with the address rezrov@aol.com or rezrov@yahoo.com. So one spammer decided to try that particular user portion @hotmail.com, it didn't bounce, and now you're on tens if not hundreds of lists. Meanwhile, there was never a aimfiz69105@aol.com, or a aimfiz69105@yahoo.com, etc so that address @hotmail doesn't get any spam.
Sucks, eh?
My Hotmail/Yahoo account method has been spamproof so far:
Pull a dollar bill out of your pocket, and use its serial number as your free webmail account username. Guaranteed no spam, ever.
Right now I'm looking at a dollar bill whose serial number is J57097854N (I need to go put it into WheresGeorge
>So it doesn't come anywhere near patenting traditional email forwarding.
The procedure you describe is traditional forwarding on some systems. For example, I once had a free GNN account (Global Network Navigator, AOL's "internet connection only" service that went under quickly). When GNN closed house, I was given the option to have everything forwarded to AOL for a period of time. All mail sent to me@gnn.com was forwarded to myotherID@aol.com. All web traffic destined to members.gnn.com/me was forwarded to members.aol.com/myotherID.
So, "forwarding" can indeed mean what this patent applies to. Not forwarding as in "Fwd:" but forwarding as in automatic redirection of email to a different address; just like the USPS calls it "forwarding" when you move and they send your mail to your new home. Not everyone calls it aliasing, and in fact there are many webhosting companies out there right now who offer "email forwarding" which does exactly this.
And yes, this patent sucks.
My thoughts exactly. When I read the article, the only thought that came to mind was "Sklyarov." I'm making popcorn, this might be a great show to watch. I think most of us can agree that the USA needs (or at least really wants) Russia as an ally... It'll be interesting to see how this plays out.
One of the major shortcomings of the USPTO seems to be that there are far too many patent applications for the number of people processing them; thus patents on stupid things, obvious things, and even long time standard industry practice things slip through frequently.
Do you believe that your organization has enough employees to adequately review all patent applications? This includes all of the tasks that you're presumably charged with: examining the patent's relevance to its field, searching for prior art, etc. We don't hear much brou-ha-ha with regards to the European patent system, so presumably you folks are doing something right. I'm curious as to whether "a ton of staff" is the key.
These settings serve absolutely no purpose other than to provide spammers with names via the "Find a Buddy Wizard." (If you're hoping that some lonely hot chick will find you by searching your AIM profile, believe me, it ain't gonna happen
I've been using AIM since it was released. I have never, ever received an IM spam on AIM thanks to following these guidelines.
The only potential conflict I could see is clashing screen names, but if AOL has already handled this problem with regards to Apple, they could handle it again for MSN and Yahoo. And if AOL can do it, Yahoo can do it for MSN users and AOL users, MSN can do it for Yahoo users and AOL users, etc.
Here's a little something... Heh, heh. Now that was O.G.
You raise some very good points, and I think the NY Times article is more hype than substance (not that this is surprising). The biggest problem I see, though, isn't peoples' personal webpages being archived... It's when their personal information shows up on another website, perhaps even without their knowledge. In a situation like this, robots.txt isn't an option.
Something like this happened to me last year and it was very disturbing to say the least. I applied for a job at a local company and sent my resume to them via snailmail. A couple days later someone called to tell me that the job had already been filled, but they'd keep my resume on file for future consideration. Little did I know that "on file" actually meant "typed into a computer and stuck into our HR database which happens to be accidentally accessible through our public website." And little did I know that the data-entry jockey who typed my printed resume into the computer would leave off a zero when entering the part about "10 years of experience."
I didn't find out about this until several months later, when the hiring manager at another company brought up the discrepancy on the phone. He'd called to schedule an interview, but first he wanted me to explain why another copy of my resume said I only had 1 year of experience. Within a few minutes he'd found and given me the URL. Within an hour, after several phone calls my resume was gone from StupidCo's HR database (and they'd removed the link from the public website). I thought about filing a lawsuit - how many companies had done a "background check," found the other resume, and shitcanned me because they thought I was a liar? - but decided it wasn't worth it.
The lesson I took from this experience was simple. You have to give out your personal information to other people from time to time, for very valid and legitimate reasons; and no matter how privacy-conscious you are, one of those other people can really fuck it up for you. Here's hoping you find out about it sooner than I did.
>Why use a vending machine when a community cooler would work just as well.
Because the day after you set up the community cooler, it's going to be empty, and believe me there won't be any quarters inside.
Been there, done that. At my previous job (non tech related) they brought in a full-sized refrigerator and installed it in the break room. For a few days, the fridge was actually stocked on the company's dime with soda, fruit juices, and even iced coffee. I think they underestimated what people would drink. By the end of the week they'd already announced that they would no longer be stocking it, there was a memo hanging on the fridge door that said they'd spent over $600 in beverages just in the first few days.
So, no biggie, everyone can bring in their own drinks, right? Yeah, right! You show up for work, pop a few Mountain Dews or Frulatte's in the fridge, and by the time you go to grab one they're all gone. Even if you wrote your name on them, someone else would swipe them. Unless you have a very small office where everyone can view the fridge at all times, community coolers/fridges aren't going to work, cause the community is gonna nab your drinks.
The fridge was still there when I left, but nobody really used it. It was more a rite of passage than a utility. New hires would think "hey cool, a fridge" and quickly learn that it was a magic fridge, which made anything you put into it disappear.
Go with a vending machine. If people start stealing out of that, you can prosecute!
The photos are decent, alright, but I don't see a single snapshot of Heidi Wall!
;)
"Amazing?" -1, overrated
>How is this wrong?
Because it's illegal. That's the only reason the RIAA needs in order to go after us, and they keep flaunting it. Why should we need any more reason to go after them?
According to the reference page, the actual exploit is done by sending an HTTP POST request to a vulnerable server. Is it enough to put a restrictive LIMIT POST directive in the .htaccess or httpd.conf file? Or would the server still be vulnerable?
/8 and haven't seen anything strange in the access log (yet)
FYI, running on cable in the ever-popular 24
Facial tragedy
Lines and wrinkles succumb to
Botox injections.