From the be-careful-what-you-search-for department:
Search for *anything* on Kazaa, and there are always some files found. However, upon closer inspection, you'll see that they really are hidden pornography URLs, viruses, and other poison payloads, definitely not what you were really looking for.
Do people sit there and start and exit applications continuously?
For those who start up their IDE in the morning and close it down in the evening (or at the end of the week, whatever), then long startup times are just a minor cost of doing business.
For someone like me, however, who is ambivalent about this IDE or that IDE, and whose fingers are too hard-wired for one particular editor to use the brain-damaged editors foisted by most IDEs, startup time IS a big issue. When you are going in and out of tools all day long, it becomes a major annoyance to have to wait for the darned thing to start up.
By sticking to Java the child will tend to learn clean programming design and algorithms, rather than wild pointer debugging tricks.
Wait a minute there, Pardner. There isn't any magic bullet where programming in any particular language makes programming "clean design" or sudden mastery of algoritithms. Believe me, I have personally seen so-called "professional" Java programmers crank out some of the worst designed, poorly implemented piles of $#!+ I have ever come across in almost 20 years of professional development.
Put another way, it is possible to write crap code in any language. Clean programming only comes with education and experience. Language is just a tool that can be for good or ill.
For fear of starting the usual religious flame fest, I won't take on your comment about emacs as the simplest possible environment, other than to say that I coughed and almost had coffee come out of my nose when I read that.
Ever wonder why IM has taken off like it has, you don't get f***ing spammed.
I frequently get spammed on MSN, well actually using Gaim client on Linux with MSN protocol, from pr0n operators trying to get me to click on this webcam or that. Don't know if it's a weakness in the Gaim implementation or some vulnerability on the MSN server side.
Certainly not on the same scale as e-mail, but it does happen.
Add a new protocol where mail stays on the *sending* server until you pop it off with your client. Instead of sending the entire email to your mail server, it just sends the headers.
I don't think that this would work.
I don't know if you use SpamAssassin or not, but in recent months it has become less and less effective, and more spam has been getting through. Why? It's because the spammers have gotten smarter about what they put in the payload - nowadays the spam that gets through to my inbox is usually a minimal HTML e-mail with no text component (i.e. neutralizes SpamAssassin's ability to filter based on key spammer words and phrases). The "sales pitch" is just an <img> tag to the spammer's website. On top of that, most e-mail clients will automatically go retrieve the image from the website automatically, causing your e-mail address to become validated as "live" as a side effect.
So in effect, we effectively already have the situation where just the headers get sent, with only 3 short lines of HTML payload. If we can't filter it out now while we have the body content, how will we be able to filter it when we just have the headers?
Now having said all that, I agree that holding the e-mail on the sender's server is a good idea, but for other reasons. Because most spam nowadays is pretty small (i.e. the payload is smaller than the RFC822 headers even), there isn't really any spam-prevention benefits that can occur on the recipient's side. The only plus I see is that the originating ISP could watch its outbound queue and hopefully be able to detect and shut things down quickly.
Also, it would be nice to not be burdened when the marketing dufus sends out multi-megabyte PowerPoint attachments, but that's a different rant.
Re:I want this.... Really!
on
TiVo For Radio?
·
· Score: 2, Funny
I need to timeshift Stern because the religious right here in Toronto got him canned from the Airwaves.
Maybe I am just dense, but if Stern has been canned from the airwaves in your region, forget time shifting, how would you record it in the first place?
You should be modded as troll, really. If each and every time someone is abusing a system (no matter what) and you want to cure the symphtoms instead of killing source, we will all lose in the end.
Actually, I was surprised to see it modded as funny. I was trying to be informative in a sarcastic way. Anyhow...
But to answer your question, how do you you know the source? If the spammer is connecting through one or more open web proxies - and if you run your own server that's what the endless probing on ports 3128, 8080, and 8000 are for - and all the information is the e-mail headers are faked, then how exactly are you going to know who to lay the smackdown upon? The IP address in your SMTP logs are just the "innocent" web proxy machine, not the spammer. The fact is, many times the machine you think is the spammer is just one that happens to be misconfigured, unbeknownst to its owner (not a good thing, but ).
Of course the sales pitch will have some kind of contact information, but again, its not the spammer, it's the spammer's customer, and they rarely include an e-mail address or a toll-free telephone number. The spammer's customer might be considered a legitimate target, but you still haven't answered the question: who is the spammer? The answer is that you really don't know.
As long as one could identify spammers (numbers are identified, few are getting sued), one should try to sue.
I am curious. How much of your own money would you be willing to spend on lawyers, investigators, etc?
There are already lots of judgements against spammers. However, I have yet to hear about any plaintiff collecting a dime on their judgements.
How big a check are you willing to write to a lawyer to follow your own advice? $100? $1000? $10000? More?
And you still owe us an answer to "How on earth do you 'educate' a spammer?"
Other than using a cow prod or a red hot poker, how on earth do you "educate" a spammer? Send them to Spammer School? Enroll them in self esteem classes? D00d, this is just about the stupidest thing I have heard in in a loooooonnnnnnngggg time.
Perhaps education is the way to go for Slashdot posters...
Sue them if you're richt (read: AOL), complain about them if you're poor (read: everyone else)
Sue them if your rich? Perhaps you can enlighten the techno-elite here how exactly you find a spammer who is sending e-mails with forged headers, connecting through open HTTP proxies? If you're going to sue them, you gotta find 'em first, right?
and be happy if they loose your DSL connection because of you as one guy dig who pissed me of days ago.
Ohhhh great job, kiddie! Sounds like you did a denial of service on some average home user who didn't happen to know that he had an open web proxy server. Whoo hoo! You da man!
I can't send mail directly to AOL from my cable modem anymore. Normally I would just let it slide, but since it was a financial transaction I had to use another server. I'm still debating whether to fix it long term or continue to ignore AOL...
What's your point? For a while now it has been pretty standard fare that the only way to have reliable outbound SMTP traffic is to smarthost it to your ISP's official mail server. There are just too many cable and DSL connections out there that can be hijacked. Also, many ISPs block outbound port 25 traffic, and lots of ISPs require that inbound SMTP traffic come from hosts that have forward and reverse DNS mapping.
What is the possible advantage of not smarthosting to your ISP SMTP server? Seems to me that you will encounter problems with many other ISPs besides AOL, and it can only bring headache...
Make your own record company that sells hour-long, $5 CDs, and have $1 (or more) of each sale go to the artist. No copy protection is really needed, because 99% of people will just buy the CD.
Interesting assertion. Pardon the pun, but I just don't buy your full argument.
I would tend to agree that consumers would be interested in CDs that were lower in cost. I feel pretty confident to say that consumers don't really care all that much about how much of the purchase price goes to the artist.
As for the 99% conjecture, which is certainly optimistic, I would say that the consumers fall into two camps:
Those who would buy CDs anyway
Tech-savvy folks who will continue to use their home/school/work broadband connection to get music for free
The goal is to expand the first group, and lowering prices would work toward that end. But 99%? No way. I highly doubt that those who download copyrighted material, and try to "justify" it by saying that they are only ripping off the evil obsolete music executives ("because artist isn't getting paid anyway"), will not be moved to suddenly paying.
NO! Do bounce the spam! Especially if it's a hotmail or othersuch account.
Let's see if your arguments below support this thesis...
A new method of email adress harvesting come from brute forcing random strings "@hotmail.com". The spammers then take all the emails that didn't bounce and voila: a long list of valid email addresses.
That's a pretty interesting definition of "new". New to you, perhaps.
As for the victims of spammers, I figure that if someone's getting joe-jobbed,
"Joe-jobbed?" Is that the technical term?
they probably stand a decent chance in the courts.
Is that your legal opinion? Have you ever had any legal dealings where you actually have to pay your lawyers up-front at $200 per hour and up? Clearly you have not. While your unsupported contention that "they", whoever that is, probably stand a decent chance in court, why on earth would anyone waste that kind of money and effort to go after, well, not even sure who you'd be going after?
Furthermore, if they take it to some of the newsgroups online that are used to help track down spammers who joe-job people those newsgroups can help make those spammers' lives hell.
There's that technical term again. You must be new in these parts, kid, because your feeble justification for bouncing emails and wasting bandwidth are so clueless that they pretty much fall under their own weight.
Sorry, but you have not made the case for bouncing mails that have forged credentials.
... and best of all, bounce it back to the sender...
For the love of God, don't do that! All of a sudden you stop being part of the solution and become part of the problem.
Repeat after me, spammers lie. The return path to the sender is intentionally set wrong, and because they go through open HTTP proxies, you cannot believe that the IP addresses in the Recieved headers.
Bouncing back e-mail to a non-existant sender just generates needless traffic and load on your victim's server. Yes, you become the bad guy. But, hey, if it makes you feel good, then go ahead and do it.
you're able to delete it, blacklist it...
See comment above about spammers lying. Blacklisting non-existant addresses does not make any sense. What are the chances that the spammer is ever going to fake their future mails with the same faked identity as in the past?
I don't buy that the "printable" version of a page is somehow slower to serve up and to load.
After all, the whole idea of a printable version is to serve up the content without all the blinking, annoying, distracting ads and other crap that adorn most sites.
While the printable version has more text content, it should have a much lower overhead on whatever dynamic content engine is being used to decypher cookies, do database lookups, and serve up the so-called targetted advertisements. All you've got is the header, the content, the footer, and perhaps a link back.
XFree86 project as a more flexable, open, and more modular project, then so be it. I'm all for anything that can improve performance for *NIX GUIs
I don't buy your conclusion. While it is considered a good thing to have a flexible, open, and modular system, it usually comes at the expense of performance.
The highest performing systems are virtually always those which are coded specifically to one point, and not for the whole spectrum.
But to me, the most important part of the whole equation is this: give me WEBSITES that comply to standards as set by w3c.
In other news:
Don Quixote still tilting at windmills
Scientists expect flying pig "any day now."
Snowballs still melting in Hell
The definition of insanity is to continue doing the same thing and expecting a different result. You want all websites to follow standards? You will have better luck herding 100 million cats.
If that were the desired goal, then you are about 10 years too late. It seems to me that the only way to enforce any kind of standard would have been to force web authors to run their HTML code through some kind of compiler, and not let them publish until all errors and warnings were fixed. However, this was clearly never a goal, as evidenced by the fact that HTML was intentionally left "loose," and browsers were quick to overlook or work around broken HTML. Early on, this was seen as a "feature" and partly explains the rapid adoption of the web by techies and non-techies alike.
So in summary: 1) broken markup exists, get over it, and, 2)Wishing #1 away doesn't change #1's validity
'Cause I'd be a-moddin' the parent post up, way up.
I wish info would die, too. Maybe it's just me, but it really annoys the hell out of me when a man page says that the man page is not maintained, and you have to go to the god-awful info to see the full docs. AAAgggghhhhh!!!
The word you're looking for is implicit, not explicit
Actually, no.
The poster to whom I replied was trying to make the point that by putting up an HTTP server that responds to arbitrary GET requests constitutes explicit permission.
To follow this analogy further, are you saying agreeing with the original post, and saying that putting up an HTTP server that responds to arbitrary GET requests constitutes explicit permission? Would the answer change if the resource in question was listed in a robots.txt exclusion file? (i.e. analogus to the do-not-call registry).
Follow that logic, then by having a telephone a diner has granted explicit permission to the telemarketer to interrupt his meal.
Or more related to the point, here are some real-world scenarios:
1. Spammer tries to relay through a machine by looking for well-known CGI. For example, I frequently see requests for/cgi-bin/formail.pl, with the Referer: header set to the name of my domain.
2. Spammer tries to relay through either an HTTP server or HTTP proxy which supports the "CONNECT" method.
Has the owner of the machine explicitly granted spammer permission to (mis-)use his machine, just because a well-known script is present, or because CONNECT is enabled on the wrong side of the internet connection?
Slashdot Mirror
From the be-careful-what-you-search-for department:
Search for *anything* on Kazaa, and there are always some files found. However, upon closer inspection, you'll see that they really are hidden pornography URLs, viruses, and other poison payloads, definitely not what you were really looking for.
For those who start up their IDE in the morning and close it down in the evening (or at the end of the week, whatever), then long startup times are just a minor cost of doing business.
For someone like me, however, who is ambivalent about this IDE or that IDE, and whose fingers are too hard-wired for one particular editor to use the brain-damaged editors foisted by most IDEs, startup time IS a big issue. When you are going in and out of tools all day long, it becomes a major annoyance to have to wait for the darned thing to start up.
Actually, I would just settle for being able to FIND the #!@$%#$ed remote control!
For me, that would be the equivalent of dinner and a movie, not a new home in the Hollywood hills and a new Hummer.
In some parts, it's a religion too.
Wait a minute there, Pardner. There isn't any magic bullet where programming in any particular language makes programming "clean design" or sudden mastery of algoritithms. Believe me, I have personally seen so-called "professional" Java programmers crank out some of the worst designed, poorly implemented piles of $#!+ I have ever come across in almost 20 years of professional development.
Put another way, it is possible to write crap code in any language. Clean programming only comes with education and experience. Language is just a tool that can be for good or ill.
For fear of starting the usual religious flame fest, I won't take on your comment about emacs as the simplest possible environment, other than to say that I coughed and almost had coffee come out of my nose when I read that.
Yes, but what exit is that? <ducking>
I frequently get spammed on MSN, well actually using Gaim client on Linux with MSN protocol, from pr0n operators trying to get me to click on this webcam or that. Don't know if it's a weakness in the Gaim implementation or some vulnerability on the MSN server side.
Certainly not on the same scale as e-mail, but it does happen.
I don't think that this would work.
I don't know if you use SpamAssassin or not, but in recent months it has become less and less effective, and more spam has been getting through. Why? It's because the spammers have gotten smarter about what they put in the payload - nowadays the spam that gets through to my inbox is usually a minimal HTML e-mail with no text component (i.e. neutralizes SpamAssassin's ability to filter based on key spammer words and phrases). The "sales pitch" is just an <img> tag to the spammer's website. On top of that, most e-mail clients will automatically go retrieve the image from the website automatically, causing your e-mail address to become validated as "live" as a side effect.
So in effect, we effectively already have the situation where just the headers get sent, with only 3 short lines of HTML payload. If we can't filter it out now while we have the body content, how will we be able to filter it when we just have the headers?
Now having said all that, I agree that holding the e-mail on the sender's server is a good idea, but for other reasons. Because most spam nowadays is pretty small (i.e. the payload is smaller than the RFC822 headers even), there isn't really any spam-prevention benefits that can occur on the recipient's side. The only plus I see is that the originating ISP could watch its outbound queue and hopefully be able to detect and shut things down quickly.
Also, it would be nice to not be burdened when the marketing dufus sends out multi-megabyte PowerPoint attachments, but that's a different rant.
Maybe I am just dense, but if Stern has been canned from the airwaves in your region, forget time shifting, how would you record it in the first place?
Actually, I was surprised to see it modded as funny. I was trying to be informative in a sarcastic way. Anyhow...
But to answer your question, how do you you know the source? If the spammer is connecting through one or more open web proxies - and if you run your own server that's what the endless probing on ports 3128, 8080, and 8000 are for - and all the information is the e-mail headers are faked, then how exactly are you going to know who to lay the smackdown upon? The IP address in your SMTP logs are just the "innocent" web proxy machine, not the spammer. The fact is, many times the machine you think is the spammer is just one that happens to be misconfigured, unbeknownst to its owner (not a good thing, but ).
Of course the sales pitch will have some kind of contact information, but again, its not the spammer, it's the spammer's customer, and they rarely include an e-mail address or a toll-free telephone number. The spammer's customer might be considered a legitimate target, but you still haven't answered the question: who is the spammer? The answer is that you really don't know.
As long as one could identify spammers (numbers are identified, few are getting sued), one should try to sue.
I am curious. How much of your own money would you be willing to spend on lawyers, investigators, etc?
There are already lots of judgements against spammers. However, I have yet to hear about any plaintiff collecting a dime on their judgements.
How big a check are you willing to write to a lawyer to follow your own advice? $100? $1000? $10000? More?
And you still owe us an answer to "How on earth do you 'educate' a spammer?"
Other than using a cow prod or a red hot poker, how on earth do you "educate" a spammer? Send them to Spammer School? Enroll them in self esteem classes? D00d, this is just about the stupidest thing I have heard in in a loooooonnnnnnngggg time.
Perhaps education is the way to go for Slashdot posters...
Sue them if you're richt (read: AOL), complain about them if you're poor (read: everyone else)
Sue them if your rich? Perhaps you can enlighten the techno-elite here how exactly you find a spammer who is sending e-mails with forged headers, connecting through open HTTP proxies? If you're going to sue them, you gotta find 'em first, right?
and be happy if they loose your DSL connection because of you as one guy dig who pissed me of days ago.
Ohhhh great job, kiddie! Sounds like you did a denial of service on some average home user who didn't happen to know that he had an open web proxy server. Whoo hoo! You da man!
Robit? What's a robit?
What's your point? For a while now it has been pretty standard fare that the only way to have reliable outbound SMTP traffic is to smarthost it to your ISP's official mail server. There are just too many cable and DSL connections out there that can be hijacked. Also, many ISPs block outbound port 25 traffic, and lots of ISPs require that inbound SMTP traffic come from hosts that have forward and reverse DNS mapping.
What is the possible advantage of not smarthosting to your ISP SMTP server? Seems to me that you will encounter problems with many other ISPs besides AOL, and it can only bring headache...
-Steve
Interesting assertion. Pardon the pun, but I just don't buy your full argument.
I would tend to agree that consumers would be interested in CDs that were lower in cost. I feel pretty confident to say that consumers don't really care all that much about how much of the purchase price goes to the artist.
As for the 99% conjecture, which is certainly optimistic, I would say that the consumers fall into two camps:
Those who would buy CDs anyway
Tech-savvy folks who will continue to use their home/school/work broadband connection to get music for free
The goal is to expand the first group, and lowering prices would work toward that end. But 99%? No way. I highly doubt that those who download copyrighted material, and try to "justify" it by saying that they are only ripping off the evil obsolete music executives ("because artist isn't getting paid anyway"), will not be moved to suddenly paying.
Let's see if your arguments below support this thesis...
A new method of email adress harvesting come from brute forcing random strings "@hotmail.com". The spammers then take all the emails that didn't bounce and voila: a long list of valid email addresses.
That's a pretty interesting definition of "new". New to you, perhaps.
As for the victims of spammers, I figure that if someone's getting joe-jobbed,
"Joe-jobbed?" Is that the technical term?
they probably stand a decent chance in the courts.
Is that your legal opinion? Have you ever had any legal dealings where you actually have to pay your lawyers up-front at $200 per hour and up? Clearly you have not. While your unsupported contention that "they", whoever that is, probably stand a decent chance in court, why on earth would anyone waste that kind of money and effort to go after, well, not even sure who you'd be going after?
Furthermore, if they take it to some of the newsgroups online that are used to help track down spammers who joe-job people those newsgroups can help make those spammers' lives hell.
There's that technical term again. You must be new in these parts, kid, because your feeble justification for bouncing emails and wasting bandwidth are so clueless that they pretty much fall under their own weight.
Sorry, but you have not made the case for bouncing mails that have forged credentials.
For the love of God, don't do that! All of a sudden you stop being part of the solution and become part of the problem.
Repeat after me, spammers lie. The return path to the sender is intentionally set wrong, and because they go through open HTTP proxies, you cannot believe that the IP addresses in the Recieved headers.
Bouncing back e-mail to a non-existant sender just generates needless traffic and load on your victim's server. Yes, you become the bad guy. But, hey, if it makes you feel good, then go ahead and do it.
you're able to delete it, blacklist it ...
See comment above about spammers lying. Blacklisting non-existant addresses does not make any sense. What are the chances that the spammer is ever going to fake their future mails with the same faked identity as in the past?
After all, the whole idea of a printable version is to serve up the content without all the blinking, annoying, distracting ads and other crap that adorn most sites.
While the printable version has more text content, it should have a much lower overhead on whatever dynamic content engine is being used to decypher cookies, do database lookups, and serve up the so-called targetted advertisements. All you've got is the header, the content, the footer, and perhaps a link back.
Link to printable version? YES!!!
I don't buy your conclusion. While it is considered a good thing to have a flexible, open, and modular system, it usually comes at the expense of performance.
The highest performing systems are virtually always those which are coded specifically to one point, and not for the whole spectrum.
-Steve
In other news:
- Don Quixote still tilting at windmills
- Scientists expect flying pig "any day now."
- Snowballs still melting in Hell
The definition of insanity is to continue doing the same thing and expecting a different result. You want all websites to follow standards? You will have better luck herding 100 million cats.If that were the desired goal, then you are about 10 years too late. It seems to me that the only way to enforce any kind of standard would have been to force web authors to run their HTML code through some kind of compiler, and not let them publish until all errors and warnings were fixed. However, this was clearly never a goal, as evidenced by the fact that HTML was intentionally left "loose," and browsers were quick to overlook or work around broken HTML. Early on, this was seen as a "feature" and partly explains the rapid adoption of the web by techies and non-techies alike.
So in summary:
1) broken markup exists, get over it, and,
2)Wishing #1 away doesn't change #1's validity
'Cause I'd be a-moddin' the parent post up, way up.
I wish info would die, too. Maybe it's just me, but it really annoys the hell out of me when a man page says that the man page is not maintained, and you have to go to the god-awful info to see the full docs. AAAgggghhhhh!!!
Super Villains switch to Linux (warning: it's Flash)
-Steve (not the Steve from the animation)
Actually, no.
The poster to whom I replied was trying to make the point that by putting up an HTTP server that responds to arbitrary GET requests constitutes explicit permission.
To follow this analogy further, are you saying agreeing with the original post, and saying that putting up an HTTP server that responds to arbitrary GET requests constitutes explicit permission? Would the answer change if the resource in question was listed in a robots.txt exclusion file? (i.e. analogus to the do-not-call registry).
Or more related to the point, here are some real-world scenarios:
1. Spammer tries to relay through a machine by looking for well-known CGI. For example, I frequently see requests for /cgi-bin/formail.pl, with the Referer: header set to the name of my domain.
2. Spammer tries to relay through either an HTTP server or HTTP proxy which supports the "CONNECT" method.
Has the owner of the machine explicitly granted spammer permission to (mis-)use his machine, just because a well-known script is present, or because CONNECT is enabled on the wrong side of the internet connection?
I would respectfully disagree.