This is pretty much useless. Within a week of opening up comments on my blog, I was getting blogspam. I went to war immediately; the first thing I did was to submit all comments to an approval queue. No spam has appeared on my blog since. I noted this fact in an article, and in comments around the comment submission form, and the result of POSTing a comment tells you it's been submitted for approval.
But this did nothing to stop the flood of incoming blogspam.
I blocked, and still block, a few of the repeat offending IPs. But these days, my comment log looks like:
[Thu Jan 20 02:03:39 2005] Rejected spam from 213.121.209.14: carroll [Thu Jan 20 02:18:59 2005] Rejected spam from 61.221.15.131: cleotilde [Thu Jan 20 05:08:55 2005] Rejected spam from 211.57.209.225: tera [Thu Jan 20 05:09:07 2005] Rejected spam from 61.221.15.131: lawanda [Thu Jan 20 05:09:30 2005] Rejected spam from 66.160.17.189: deangelo [Thu Jan 20 05:09:41 2005] Rejected spam from 193.251.169.174: raymonde [Thu Jan 20 05:10:03 2005] Rejected spam from 66.250.69.7: tynisha [Thu Jan 20 05:11:02 2005] Rejected spam from 211.57.209.225: corrie [Thu Jan 20 05:37:47 2005] Rejected spam from 85.64.61.191: Online Poker [Thu Jan 20 08:14:10 2005] Rejected spam from 211.250.80.2: heike
So, blocking by IP is pretty useless. I was in no mood to try word filters or statistical filters or any such, so I simply added a hidden field to each page, based on the time the page was requested and a secret token. When a comment is submitted, it is rejected if the hidden field is not present, or if it is from a time that is too old. This immediately blocked 95% of comment spam.
Some few people were persistent, fetching a page and then posting back to it. So I checked my referrer logs; seems blogs to spam are found by Googling for typical strings, and posting in an expected format. So I made the Subject field mandatory.
I now have a close to 100% spam block rate. Why would I add a "nofollow" tag to my links, when spammers won't stop spamming just because their spam isn't being read (they don't stop now, and their spam isn't even being accepted!) and when real comments would suffer from it?
I keep my Windows box behind a NAT firewall. I don't run IE, and I don't run Outlook. I don't install stuff I downloaded from the Intarweb.
But I tried to watch a movie, and lo! for the first time in two or three years of running Windows XP, I got infected with spyware.
The reason this is such a big deal is because a movie file is just media data. It never occurred to me, and probably never to you, that I should hunt around WMP to find the option to stop it automatically fetching other data.
That there is the crux of it. Why the fuck would I ever consider a/media player/ a likely source of trojan installation? And if I, who has gone to some lengths (though not as far as I could have or should have gone) to protect myself, and knows not to click "Yes," can be caught by this happening silently (no, I never clicked 'Yes' or accepted an option for this to happen by default; WMP installed like this, silently) how the hell is someone less technically inclined supposed to get by?
Worse yet, what else is going to do this sort of thing? Will ZIP files start executing arbitrary code? Will images start requiring 'licenses' too? Should I hunt around the multitude of configuration options in every program I run, in all the odd places and incomprehensible terminology those options can be, trying to stop them doing anything as stupid as this?
No, Microsoft fucked up big by allowing media data to be more than media data.
The fact that I can never entirely get rid of IE doesn't help either, because everything Microsoft and a bunch of other things also use the IE engine. See the WinAmp skin exploit, for example.
Yes, most folks do. That's how it installs by default, and it doesn't tell you otherwise. I'm reasonably clueful about computers, and you know, it never occured to me that I'd need to go find an option so that a media player wouldn't try to be a web browser too.
I mean, wtf? Should I check my text editor's settings to make sure it won't try to load software from the web depending on the contents of the text file? The mind boggles.
I don't use AdBlock carelessly. I will use adblock at the point where an advertisement is getting in my way. If it's full of colour and movement and lookatmelookLOOKFUCKINLOOKBITCH! syndrome, it'll go. If it's unethical for me to block someone's revenue stream, it's just as unethical for that person to thrust their advertising upon me.
Firefox may be relatively obscure, as far as a browser goes, but the ways in which it attempts to be secure are not obscure. The source code is there for all to read. Oh... maybe you meant security through obfuscation?
As long as you're going to be using gene therapy to bring the world's genes into a better state, at least.
The problem with Nazi Germany was that their method for creating a master race was based around simple husbandry - those with genes percieved as inferior are not permitted to breed into the master race.
Of course, having one set of genes would probably make humanity even more vulnerable to super viruses. Oh well.
Any modern browser?
Opera, Safari, the Gecko based browsers, and yes! even Konqueror can all handle XHTML just fine.
Internet Explorer is not a modern browser: it hasn't been updated in years. You know how you chuckle when people say "But what about the Netscape 4 users?" Yeah. IE users are those users now.
How odd. I'm going to focus on XMPP (Jabber) here, since that's the protocol I'm most familiar with these days.
XMPP routes all messages through a server. Just like SMTP. XMPP works with any XMPP client, just like SMPT works with any SMTP client. XMPP spools messages on the server when the client is unavailable, just like SMTP. XMPP is an open, patent free IETF standard, just like SMTP. XMPP works regardless of software/hardware platform, just like modern SMTP.
XMPP immediately delivers messages to the final recipient if possible, unlike SMTP. XMPP has reliable support for foreign languages, unlike SMTP, which still has the odd hiccup with messages that aren't 7-bit ASCII. XMPP is extensible, unlike SMTP. XMPP has controls for high volume and unrequested messages, unlike SMTP.
In short, there is nothing that SMTP offers that XMPP does not already do, yet there is plenty XMPP does now and is capable of doing in the future that SMTP cannot hope to achieve.
You can try emailing me about it if you like, but chances are good your mail will be lost in one of the hundreds of junk mails I get each day. My IM client is sitting there though, junk free.
That's right, you shouldn't run as an administrator, and software that doesn't do administrative tasks shouldn't require you to have administrative privileges.
But that's often not the case.
Because a computer's power is definitely a one dimensional value. Yup, you can measure hard drive size, speed, processor speed, system memory, video card and display quality using a single linear value.
That problem was IPv4 addressing: not just address space exhaustion, which isn't an immediate problem anyway, but also global routing table sizes.
IPv6 is intended from the start to be more aggregatable. If LargeISP1 has one hundred customers using IPv4, that probably means close to one hundred routing table entries. Under IPv6, it is hoped that will be more like one, though in practice it will probably be more.
Smaller routing tables means cheaper and faster routers.
(On top of that, some people are doing silly things with IPv6, like giving multiple addresses to a single mobile phone, which has no need to be globally addressable anyway.)
The "browser" of today is designed to handle a number of simple interactive tasks. Web forms and Flash and JavaScript and so on are all there for one reason: to take the Web from being a set of hyperlinked documents to being a set of zero install cost applications.
Using just a browser, you can participate in a forum, you can play games, you can read email , go shopping or bid in an auction. Are those Web pages, or are those applications delivered via a browser?
Unfortunately, Internet Explorer is holding us all back. It's got us stuck in a technology rut, where existing standards are corrupted and future standards are stillborn. Progress cannot be made, and we're left with the cruft of the last browser war. Web developers want the new features of WebForms 2.0, XHTML, XSLT, and CSS, but have to target the current user base: IE5/6. Users, of course, never see anything but what the web developers produce, and that works fine in IE5/6. It's a lock-in.
So what you're asking here is impossible. The web browser is already an applications platform, and there are already hundreds of thousands of applications targetting that platform. You used one when you posted your comment, but I didn't see you complain, or insist that slashdot isn't a web site. New standards are an evolution, not a revolution. We have Web applications today, but the Web apps of tomorrow could be so very much better, if only Microsoft weren't in the way.
By the time the SPAM has reached your filters, you've already lost. It's already consumed your bandwidth, it's consuming your processing time and storage, and the process of updating, teaching, writing and managing your more and more complex filters is still consuming your time.
The answer is to go for the root of the problem, which is the naive level of trust that SMTP implies. There are a number of attacks on this problem, with SPF looking like a strong contender. Encourage your ISP to enable SPF checking, and block the spam before it's even sent.
It's got an XML declaration and an XHTML doctype, but it's served as text/html
It most assuredly does not validate as XHTML, containing more errors than content!
It has two <head> elements, one embedded in the body.
I'd, er, enumerate the validation errors, but there are 338 errors in the markup.
If they actually did serve it as an XHTML document, the browsers that can handle XHTML would refuse to parse it anyway.
3.5 or so, cost cutting reduces quality
The only thing Wintel has going for it is games. And with World of Warcraft being released for Mac, I think I'd prefer to upgrade my iBook to a TiBook that I can use for other stuff than dump more money into Wintel junk that will fail two days out of warranty.
--
bje
Microsoft does not sell IE. They gain no direct profit from people's use of it, so you have to wonder what their motive is here. Let's assume that "good" and "evil" are subjective and emotive words that have no relevance to this discussion, ok?
If you read Joel Spolsky's API war article, some perspective may be gained. Microsoft wishes only to discourage Web developers from moving away from the IE platform. If developers move away, Microsoft no longer has control over web development, and can no longer keep newtechnologies on the fringe.
This is bad news for a company with plans to move to network applications. If a platform for network applications exists outside of Microsoft's control, it will be much harder to profit from. Thus, Microsoft's interest is served here by retaining that 90%+ browser market share, to prevent the adoption of new technologies not under MS control.
"The most recent update from the UN Weapons Inspection team in Iraq has finally provided concrete evidence of weapons of mass destruction. All across the country, pipe organs and other infrasound weapons have been deployed, ready to transmit their deadly sounds to any nearby American citizens.
When asked to comment, Saddam replied, 'What the fuck?'"
Right from launch, there will be speeder bikes generally available. Sometime(tm) after release, other land vehicles will be added, along with a set of skills specifically for creating and repairing said vehicles.
Right from launch, you will go to a spaceport, book a ticket, hang around in the lounge waiting for your ship to arrive, then walk onto the ship, get a Loading... screen and appear in the spaceport of your destination.
After Some Time Has Passed(tm), the space expansion will be released, which will allow you to purchase your own starships, and fly willy nilly happy slappy all 'round the place. At this time the above system will Go Away in favour of player run transportation, or some such. Details are hazy.
Slashdot Mirror
This is pretty much useless. Within a week of opening up comments on my blog, I was getting blogspam. I went to war immediately; the first thing I did was to submit all comments to an approval queue. No spam has appeared on my blog since. I noted this fact in an article, and in comments around the comment submission form, and the result of POSTing a comment tells you it's been submitted for approval.
But this did nothing to stop the flood of incoming blogspam.
I blocked, and still block, a few of the repeat offending IPs. But these days, my comment log looks like:
[Thu Jan 20 02:03:39 2005] Rejected spam from 213.121.209.14: carroll
[Thu Jan 20 02:18:59 2005] Rejected spam from 61.221.15.131: cleotilde
[Thu Jan 20 05:08:55 2005] Rejected spam from 211.57.209.225: tera
[Thu Jan 20 05:09:07 2005] Rejected spam from 61.221.15.131: lawanda
[Thu Jan 20 05:09:30 2005] Rejected spam from 66.160.17.189: deangelo
[Thu Jan 20 05:09:41 2005] Rejected spam from 193.251.169.174: raymonde
[Thu Jan 20 05:10:03 2005] Rejected spam from 66.250.69.7: tynisha
[Thu Jan 20 05:11:02 2005] Rejected spam from 211.57.209.225: corrie
[Thu Jan 20 05:37:47 2005] Rejected spam from 85.64.61.191: Online Poker
[Thu Jan 20 08:14:10 2005] Rejected spam from 211.250.80.2: heike
So, blocking by IP is pretty useless. I was in no mood to try word filters or statistical filters or any such, so I simply added a hidden field to each page, based on the time the page was requested and a secret token. When a comment is submitted, it is rejected if the hidden field is not present, or if it is from a time that is too old. This immediately blocked 95% of comment spam.
Some few people were persistent, fetching a page and then posting back to it. So I checked my referrer logs; seems blogs to spam are found by Googling for typical strings, and posting in an expected format. So I made the Subject field mandatory.
I now have a close to 100% spam block rate. Why would I add a "nofollow" tag to my links, when spammers won't stop spamming just because their spam isn't being read (they don't stop now, and their spam isn't even being accepted!) and when real comments would suffer from it?
I keep my Windows box behind a NAT firewall. I don't run IE, and I don't run Outlook. I don't install stuff I downloaded from the Intarweb. But I tried to watch a movie, and lo! for the first time in two or three years of running Windows XP, I got infected with spyware. The reason this is such a big deal is because a movie file is just media data. It never occurred to me, and probably never to you, that I should hunt around WMP to find the option to stop it automatically fetching other data. That there is the crux of it. Why the fuck would I ever consider a /media player/ a likely source of trojan installation? And if I, who has gone to some lengths (though not as far as I could have or should have gone) to protect myself, and knows not to click "Yes," can be caught by this happening silently (no, I never clicked 'Yes' or accepted an option for this to happen by default; WMP installed like this, silently) how the hell is someone less technically inclined supposed to get by?
Worse yet, what else is going to do this sort of thing? Will ZIP files start executing arbitrary code? Will images start requiring 'licenses' too? Should I hunt around the multitude of configuration options in every program I run, in all the odd places and incomprehensible terminology those options can be, trying to stop them doing anything as stupid as this?
No, Microsoft fucked up big by allowing media data to be more than media data.
The fact that I can never entirely get rid of IE doesn't help either, because everything Microsoft and a bunch of other things also use the IE engine. See the WinAmp skin exploit, for example.
Yes, most folks do. That's how it installs by default, and it doesn't tell you otherwise. I'm reasonably clueful about computers, and you know, it never occured to me that I'd need to go find an option so that a media player wouldn't try to be a web browser too. I mean, wtf? Should I check my text editor's settings to make sure it won't try to load software from the web depending on the contents of the text file? The mind boggles.
I don't use AdBlock carelessly. I will use adblock at the point where an advertisement is getting in my way. If it's full of colour and movement and lookatmelookLOOKFUCKINLOOKBITCH! syndrome, it'll go. If it's unethical for me to block someone's revenue stream, it's just as unethical for that person to thrust their advertising upon me.
Firefox may be relatively obscure, as far as a browser goes, but the ways in which it attempts to be secure are not obscure. The source code is there for all to read. Oh... maybe you meant security through obfuscation?
As long as you're going to be using gene therapy to bring the world's genes into a better state, at least. The problem with Nazi Germany was that their method for creating a master race was based around simple husbandry - those with genes percieved as inferior are not permitted to breed into the master race. Of course, having one set of genes would probably make humanity even more vulnerable to super viruses. Oh well.
Ok, the following link is best viewed with IE, and you cannot see it without, so you'd better use IE for it, right?
http://www.thisisnotavirushonest.ru/virus.html
Any modern browser? Opera, Safari, the Gecko based browsers, and yes! even Konqueror can all handle XHTML just fine. Internet Explorer is not a modern browser: it hasn't been updated in years. You know how you chuckle when people say "But what about the Netscape 4 users?" Yeah. IE users are those users now.
*starts downloading now*
How odd. I'm going to focus on XMPP (Jabber) here, since that's the protocol I'm most familiar with these days.
XMPP routes all messages through a server. Just like SMTP. XMPP works with any XMPP client, just like SMPT works with any SMTP client. XMPP spools messages on the server when the client is unavailable, just like SMTP. XMPP is an open, patent free IETF standard, just like SMTP. XMPP works regardless of software/hardware platform, just like modern SMTP.
XMPP immediately delivers messages to the final recipient if possible, unlike SMTP. XMPP has reliable support for foreign languages, unlike SMTP, which still has the odd hiccup with messages that aren't 7-bit ASCII. XMPP is extensible, unlike SMTP. XMPP has controls for high volume and unrequested messages, unlike SMTP.
In short, there is nothing that SMTP offers that XMPP does not already do, yet there is plenty XMPP does now and is capable of doing in the future that SMTP cannot hope to achieve.
You can try emailing me about it if you like, but chances are good your mail will be lost in one of the hundreds of junk mails I get each day. My IM client is sitting there though, junk free.
That's right, you shouldn't run as an administrator, and software that doesn't do administrative tasks shouldn't require you to have administrative privileges. But that's often not the case.
Because a computer's power is definitely a one dimensional value. Yup, you can measure hard drive size, speed, processor speed, system memory, video card and display quality using a single linear value.
pfft.
That problem was IPv4 addressing: not just address space exhaustion, which isn't an immediate problem anyway, but also global routing table sizes. IPv6 is intended from the start to be more aggregatable. If LargeISP1 has one hundred customers using IPv4, that probably means close to one hundred routing table entries. Under IPv6, it is hoped that will be more like one, though in practice it will probably be more. Smaller routing tables means cheaper and faster routers. (On top of that, some people are doing silly things with IPv6, like giving multiple addresses to a single mobile phone, which has no need to be globally addressable anyway.)
Or at least, I found it to be told in a slow and uninvolving way.
The "browser" of today is designed to handle a number of simple interactive tasks. Web forms and Flash and JavaScript and so on are all there for one reason: to take the Web from being a set of hyperlinked documents to being a set of zero install cost applications.
Using just a browser, you can participate in a forum, you can play games, you can read email , go shopping or bid in an auction. Are those Web pages, or are those applications delivered via a browser?
Unfortunately, Internet Explorer is holding us all back. It's got us stuck in a technology rut, where existing standards are corrupted and future standards are stillborn. Progress cannot be made, and we're left with the cruft of the last browser war. Web developers want the new features of WebForms 2.0, XHTML, XSLT, and CSS, but have to target the current user base: IE5/6. Users, of course, never see anything but what the web developers produce, and that works fine in IE5/6. It's a lock-in.
So what you're asking here is impossible. The web browser is already an applications platform, and there are already hundreds of thousands of applications targetting that platform. You used one when you posted your comment, but I didn't see you complain, or insist that slashdot isn't a web site. New standards are an evolution, not a revolution. We have Web applications today, but the Web apps of tomorrow could be so very much better, if only Microsoft weren't in the way.
--bje
By the time the SPAM has reached your filters, you've already lost. It's already consumed your bandwidth, it's consuming your processing time and storage, and the process of updating, teaching, writing and managing your more and more complex filters is still consuming your time. The answer is to go for the root of the problem, which is the naive level of trust that SMTP implies. There are a number of attacks on this problem, with SPF looking like a strong contender. Encourage your ISP to enable SPF checking, and block the spam before it's even sent.
- It's got an XML declaration and an XHTML doctype, but it's served as text/html
- It most assuredly does not validate as XHTML, containing more errors than content!
- It has two <head> elements , one embedded in the body.
I'd, er, enumerate the validation errors, but there are 338 errors in the markup. If they actually did serve it as an XHTML document, the browsers that can handle XHTML would refuse to parse it anyway.3.5 or so, cost cutting reduces quality The only thing Wintel has going for it is games. And with World of Warcraft being released for Mac, I think I'd prefer to upgrade my iBook to a TiBook that I can use for other stuff than dump more money into Wintel junk that will fail two days out of warranty. -- bje
And no, IE7 won't be a Transformer.
Microsoft does not sell IE. They gain no direct profit from people's use of it, so you have to wonder what their motive is here. Let's assume that "good" and "evil" are subjective and emotive words that have no relevance to this discussion, ok?
If you read Joel Spolsky's API war article, some perspective may be gained. Microsoft wishes only to discourage Web developers from moving away from the IE platform. If developers move away, Microsoft no longer has control over web development, and can no longer keep new technologies on the fringe.
This is bad news for a company with plans to move to network applications. If a platform for network applications exists outside of Microsoft's control, it will be much harder to profit from. Thus, Microsoft's interest is served here by retaining that 90%+ browser market share, to prevent the adoption of new technologies not under MS control.
"The most recent update from the UN Weapons Inspection team in Iraq has finally provided concrete evidence of weapons of mass destruction. All across the country, pipe organs and other infrasound weapons have been deployed, ready to transmit their deadly sounds to any nearby American citizens.
When asked to comment, Saddam replied, 'What the fuck?'"
Well, that's where it does get interesting.
;)
Right from launch, there will be speeder bikes generally available. Sometime(tm) after release, other land vehicles will be added, along with a set of skills specifically for creating and repairing said vehicles.
Right from launch, you will go to a spaceport, book a ticket, hang around in the lounge waiting for your ship to arrive, then walk onto the ship, get a Loading... screen and appear in the spaceport of your destination.
After Some Time Has Passed(tm), the space expansion will be released, which will allow you to purchase your own starships, and fly willy nilly happy slappy all 'round the place. At this time the above system will Go Away in favour of player run transportation, or some such. Details are hazy.
In short, your fears are groundless
--
ekhben