This might be getting off-topic, but while CPD might be a nice tool, wouldn't a better plagiarism detector look for really similar code rather than identical chunks?
I don't see any comments referring to all the Law & Order episodes in which a crook is tripped up by their metrocard. EZPass is just one domain in which our privacy is at risk. Is this necessarily a bad thing, if for instance mass transportation info were available only under subpoena? Another question....
It's possible to do this on a voluntary basis. For instance, I heard of a car rental agency that gave a big discount if you'd use a GPS that would alert them to excessive speeding. Coercion or good business? I could imagine a setup where insurance companies give people money off if they go along with this, and many might be willing to make that tradeoff.
I just received the 12/03 issue of the USENIX;login: member newsletter, and it has a writeup on this paper, plus many other articles in a special issue on security.
Unfortunately, it doesn't go online for about a month, and even then, you'll need a member password to view it online, but I imagine enough/. readers have access to;login: to make it worthwhile to point this out.
Heh. Well, regardless of an overall readership count, I think if I were a spammer, I'd periodically visit sites like/. to look at the "spam" category and see what's what. It might not be the only place I'd be looking for news, but it'd be one of them.
I'm surprised that, as far as I can tell from reading the MSNBC article and the comments so far, the only mention of Quicken is this one, in a fairly negative light.
One of the tips I was sure they'd include would be to change Keep a watchful eye on your monthly statement, as well as your balance, and report any problems to your bank. to recommend that people sign up for electronic access (Quicken or web access) so they see the crooks' transactions within a day or two.
As the article mentioned, some people have enough money that they actually don't recognize the drop in the balance as significant, but they'll sure notice when their ATM card was used 10 times at 8 ATMs in 2 days:)
I'm not actually sure that what they're talking about is a digital signature, or at least not a signature of the message. I don't get the impression they are sending a function of the message content, but instead guaranteeing the bona fides of the sender. Perhaps there's actually a way to do this without a new encryption for each message: send a certificate that says IP address a.b.c.d is known to belong to host ABCD and that host is believed not to condone spam. Others can't reuse it from a different IP address since the 2-way communication would break.
I wonder if the God-like powers of the DMCA, or similar legislation, will let the cable companies subpoena Slashdot info to find all the anonymous cowards who've admitted to cable theft?
For spammers sending lots of messages, that generates lots of alerts for everyone nearby, and stops the flow at the first non-spam server.
If server spammer.com sends mail to user@yahoo.com that is spam, it can potentially go straight from spammer to yahoo, as far as the mail headers go. Sure, lots of routers see the mail at the IP level, but that's not known to yahoo when it gets the mail. All it does is send a complaint to spammer, which drops it on the floor.
So in this case, yahoo is the first non-spam server, and it now has to know that it shouldn't take mail from spammer.com. Guess what: big ISPs already do just that, with or without the notification upstream.
Granted, there are other ways in which spam gets around, and an alerting mechanism might help cut off those sources. But such a mechanism would IMHO complement authentication mechanisms, not replace them with a simpler approach as you have suggested.
O'course, there have to be flaws with it, but no one has pointed them out to me yet.
I'm glad you're humble about it -- let me be the first to try:)
I think the idea of propagating abuse notifications is great, in theory. I'm wondering how it works in practice. There's nothing that says a sending host has to route mail via various intermediaries -- the spammer can simply inject a message via a willing ISP that aids and abets the spammers. You send a notification to that ISP, and it drops it on the floor. So you need a way to track which ISPs you want to accept mail from in the first place, blacklist certain senders, and so on --- all of which is already being done.
I'm sure there are flaws with my flaws, and I'm sure you'll point them out:).
As I understand it, the proposal requires public-key encryption for every email sent, done by the sender at the time of sending. (If the "private key" -- something encrypted with the private key -- could be computed once and reused in every message, it could be copied and replayed by a forger.) This can dramatically raise the overhead associated with sending mail. Perhaps that overhead is reasonable, perhaps not.
Bala Krishnamurthy at AT&T Labs has given a number of talks recently, including to the IETF, on a spam disincentive program he calls SHRED. My understanding is that it uses offline cryptographic computation to amortize this overhead and distribute it to parties willing and able to devote the computational resources.
In any case, the tag line for this article had it right, standardizing this will be hard and heavy-hitters like Yahoo will need to take the lead. But a key problem is getting the new system to interoperate with the old.
Obviously they must mean something besides the traditional notion of "private key" when they say "a private key is sent in the header, and the public key is used to decrypt it".
They mean something is encrypted with the sender's private key, not that the key itself is sent.
I believe that in this case, it was an apartment complex where the filter was to be installed in a central, locked location. When they came back to do other work, they knew from their customer DB to check for this sort of piracy, and the rest is history.
I tried to google appropriate keywords to find the article that was passed around at work a few years ago as a cautionary tale, but it eludes me. Anyone?
That's ok because I went to Radio Shack, bought a splitter, and now I get free cable TV.:-)
Now I hope you're the one who's joking. The cable companies take this really seriously. In fact, there was a story a few years ago about someone who got a cable modem, was told they'd cut off his feed so that even with a splitter he wouldn't be able to watch TV, but then the cableCo failed to do so. He later was arrested for removing the block, since they assumed it had in fact been there in the first place and then noticed it wasn't.
Unfortunately, it's clear that while most employees will be responsible, at least in some environments, there are always the exceptions. I imagine that the threat of monitoring, as long as it's known to have teeth, is sufficient to keep down the abuse. Simply having a motd that reminds people they're subject to monitoring may not do it.
Kind of like the RIAA suing grandmothers and 13-year-olds in an attempt to get everyone else to realize they might just get sued too. Whether a porn surfer at work, or a "music pirate," it changes the threshold for some people to change their behavior. Others won't give a damn.
A better solution to turning off preview panes, IMHO, would be to make preview panes dumber (no images, receipts, etc, but still showing text... kind of like what McAfee Spamkiller does.
Actually, Mozilla lets me toggle the preview pane, as does my new client of choice, thunderbird. But even after installing a plugin that's supposed to let me turn it on and off with a click, that seems a no-op, and I have to do it manually. Since I frown on preview for mail but find it very useful for news (only internal to my company and therefore safe), I keep going back and forth.
I use Cablevision's Optimum Online at home. The performance ain't bad, but the price is anything
but optimal. It started at $30/month, increased to $40 after a few months, and then to $45. This is in keeping with the full menu of
Cablevision services, since with my digital cable package, for a few TVs, I pay over $120/month.
My employer subsidizes up to $30/month for online access, so the cable internet cost isn't as painful as it otherwise would be. But the idea
that price wars with the CLECs would drive cable internet prices down seems ludicrous, at least in this market (NJ).
Heck, considering that when I moved to my current house (end of 1998), Cablevision promised broadband within 6 months, and kept making that promise
every few months for 2 years, I was grateful to have broadband in the first place! And that's what they must count on. Competition from
another cable company, if not Verizon, would be nice. But the market tanked just as a competitor was considering jumping in.
Re:Did we collectively forget Pricewatch?
on
AOL's $299 PC
·
· Score: 1
So....[$303+($8*12mths)=] $399 worth of "internet experience" for $699.
I believe you misread me and/or the original post. The post said AOL claimed the computer was worth $699, and I was agreeing with what you (and many others) eventually said, that this was overrated.
You are saying the computer and ISP are worth $399 [nice research -- mod parent up:)]; the original post claimed it would cost $585.80 -- more than $399 but less than $699.
Perhaps my response is a nit, as we're in complete agreement that what they make out to be a nice deal is anything but that. I was only saying that one can't completely discount the value of the ISP. And while I haven't used AOL myself in a decade, I do imagine there's some added benefits (spam filters and such) that might not be quite so good at the $8-per-month ISP.
Or maybe not.
been there and done that
on
AOL's $299 PC
·
· Score: 5, Insightful
This doesn't seem new or noteworthy. Such deals have been around for years. for intstance, googling appropriate terms took me to an article from 1999 about this sort of thing.
Also, the numbers for how much this computer is worth don't factor the right things in. Anyone who'd go for this deal needs some sort of ISP to begin with, and the $23.90/month may be higher than other ISPs, but does give the customer something of value beyond the PC. On the other hand, is that really a $699 computer?
Two responses to this. First, I was merely quoting the slashdot article that described Planetlab that way in the first place. But second, I don't think it's so far off, or at least is as accurate as your description. The distributed apps are primarily to manage network protocols that would run on a "virtual internet" rather than the real thing, to try things out before they make it to the real world. In fact, it provides a grid-like application infrastructure that makes it capable of running arbitrary applications, I suppose, but at least its initial intent was to emulate the Internet, AFAIK.
Slashdot Mirror
Onion routing is a general concept, of which that page is one example. Look at crowds for another example.
Ah, I misunderstood, thanks. I assumed that one would care more about "stolen" code than about a decision to reuse a basic block.
This might be getting off-topic, but while CPD might be a nice tool, wouldn't a better plagiarism detector look for really similar code rather than identical chunks?
... though from the top-level technical pages, the author(s) seem to think the idea is novel. Can someone explain how this compares to onion routing?
I don't see any comments referring to all the Law & Order episodes in which a crook is tripped up by their metrocard. EZPass is just one domain in which our privacy is at risk. Is this necessarily a bad thing, if for instance mass transportation info were available only under subpoena? Another question....
It's possible to do this on a voluntary basis. For instance, I heard of a car rental agency that gave a big discount if you'd use a GPS that would alert them to excessive speeding. Coercion or good business? I could imagine a setup where insurance companies give people money off if they go along with this, and many might be willing to make that tradeoff.
Unfortunately, it doesn't go online for about a month, and even then, you'll need a member password to view it online, but I imagine enough /. readers have access to ;login: to make it worthwhile to point this out.
Heh. Well, regardless of an overall readership count, I think if I were a spammer, I'd periodically visit sites like /. to look at the "spam" category and see what's what. It might not be the only place I'd be looking for news, but it'd be one of them.
Oh, you mean like when they read about it on Slashdot?
One of the tips I was sure they'd include would be to change Keep a watchful eye on your monthly statement, as well as your balance, and report any problems to your bank. to recommend that people sign up for electronic access (Quicken or web access) so they see the crooks' transactions within a day or two.
As the article mentioned, some people have enough money that they actually don't recognize the drop in the balance as significant, but they'll sure notice when their ATM card was used 10 times at 8 ATMs in 2 days :)
I'm not actually sure that what they're talking about is a digital signature, or at least not a signature of the message. I don't get the impression they are sending a function of the message content, but instead guaranteeing the bona fides of the sender. Perhaps there's actually a way to do this without a new encryption for each message: send a certificate that says IP address a.b.c.d is known to belong to host ABCD and that host is believed not to condone spam. Others can't reuse it from a different IP address since the 2-way communication would break.
Yes, we're in agreement: you need a (small) public-key operation for every message.
I wonder if the God-like powers of the DMCA, or similar legislation, will let the cable companies subpoena Slashdot info to find all the anonymous cowards who've admitted to cable theft?
If server spammer.com sends mail to user@yahoo.com that is spam, it can potentially go straight from spammer to yahoo, as far as the mail headers go. Sure, lots of routers see the mail at the IP level, but that's not known to yahoo when it gets the mail. All it does is send a complaint to spammer, which drops it on the floor.
So in this case, yahoo is the first non-spam server, and it now has to know that it shouldn't take mail from spammer.com. Guess what: big ISPs already do just that, with or without the notification upstream.
Granted, there are other ways in which spam gets around, and an alerting mechanism might help cut off those sources. But such a mechanism would IMHO complement authentication mechanisms, not replace them with a simpler approach as you have suggested.
I'm glad you're humble about it -- let me be the first to try :)
I think the idea of propagating abuse notifications is great, in theory. I'm wondering how it works in practice. There's nothing that says a sending host has to route mail via various intermediaries -- the spammer can simply inject a message via a willing ISP that aids and abets the spammers. You send a notification to that ISP, and it drops it on the floor. So you need a way to track which ISPs you want to accept mail from in the first place, blacklist certain senders, and so on --- all of which is already being done.
I'm sure there are flaws with my flaws, and I'm sure you'll point them out :).
Bala Krishnamurthy at AT&T Labs has given a number of talks recently, including to the IETF, on a spam disincentive program he calls SHRED. My understanding is that it uses offline cryptographic computation to amortize this overhead and distribute it to parties willing and able to devote the computational resources.
In any case, the tag line for this article had it right, standardizing this will be hard and heavy-hitters like Yahoo will need to take the lead. But a key problem is getting the new system to interoperate with the old.
They mean something is encrypted with the sender's private key, not that the key itself is sent.
I tried to google appropriate keywords to find the article that was passed around at work a few years ago as a cautionary tale, but it eludes me. Anyone?
Now I hope you're the one who's joking. The cable companies take this really seriously. In fact, there was a story a few years ago about someone who got a cable modem, was told they'd cut off his feed so that even with a splitter he wouldn't be able to watch TV, but then the cableCo failed to do so. He later was arrested for removing the block, since they assumed it had in fact been there in the first place and then noticed it wasn't.
Kind of like the RIAA suing grandmothers and 13-year-olds in an attempt to get everyone else to realize they might just get sued too. Whether a porn surfer at work, or a "music pirate," it changes the threshold for some people to change their behavior. Others won't give a damn.
Actually, Mozilla lets me toggle the preview pane, as does my new client of choice, thunderbird. But even after installing a plugin that's supposed to let me turn it on and off with a click, that seems a no-op, and I have to do it manually. Since I frown on preview for mail but find it very useful for news (only internal to my company and therefore safe), I keep going back and forth.
Why even worry about it?
My employer subsidizes up to $30/month for online access, so the cable internet cost isn't as painful as it otherwise would be. But the idea that price wars with the CLECs would drive cable internet prices down seems ludicrous, at least in this market (NJ).
Heck, considering that when I moved to my current house (end of 1998), Cablevision promised broadband within 6 months, and kept making that promise every few months for 2 years, I was grateful to have broadband in the first place! And that's what they must count on. Competition from another cable company, if not Verizon, would be nice. But the market tanked just as a competitor was considering jumping in.
I believe you misread me and/or the original post. The post said AOL claimed the computer was worth $699, and I was agreeing with what you (and many others) eventually said, that this was overrated.
You are saying the computer and ISP are worth $399 [nice research -- mod parent up :)]; the original post claimed it would cost $585.80 -- more than $399 but less than $699.
Perhaps my response is a nit, as we're in complete agreement that what they make out to be a nice deal is anything but that. I was only saying that one can't completely discount the value of the ISP. And while I haven't used AOL myself in a decade, I do imagine there's some added benefits (spam filters and such) that might not be quite so good at the $8-per-month ISP.
Or maybe not.
Also, the numbers for how much this computer is worth don't factor the right things in. Anyone who'd go for this deal needs some sort of ISP to begin with, and the $23.90/month may be higher than other ISPs, but does give the customer something of value beyond the PC. On the other hand, is that really a $699 computer?
Two responses to this. First, I was merely quoting the slashdot article that described Planetlab that way in the first place. But second, I don't think it's so far off, or at least is as accurate as your description. The distributed apps are primarily to manage network protocols that would run on a "virtual internet" rather than the real thing, to try things out before they make it to the real world. In fact, it provides a grid-like application infrastructure that makes it capable of running arbitrary applications, I suppose, but at least its initial intent was to emulate the Internet, AFAIK.