Slashdot Mirror


User: SanityInAnarchy

SanityInAnarchy's activity in the archive.

Stories
0
Comments
12,413
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 12,413

  1. Re:Definition. on New Opt-Out Clause Makes CAN-SPAM Worse · · Score: 1

    Wrong. This is not about you being able to prove that you signed up, it's about the sender being able to prove that you signed up. Read that again, now with emphasis:

    just require me to cryptographically sign a message for them. Then, if there's ever a question, the mailing list can produce my signature.

    Do you think bandwidth and equipment of e-mail providers and ISPs are free? I think tarpitting solves that problem.

    But yeah, the bandwidth has got to be essentially free -- if they're providing 100 mbits to most of their customers, they've got to have a lot of spare capacity just sitting around.

    Do you think handling the remaining spam (and if it's only the proverbial "2 mails per day" for you) and false positives is free? I don't get false positives. 2 spams in my inbox, maybe, and ten in my "unsure" box -- that one occasionally has false positives. And hundreds (thousands?) in my "spam" box, no false positives.

    Sorting through 12 emails, mostly by skimming subject lines, and done by a user, is pretty much free. Takes, what, 30 seconds?
  2. Re:Call Screening - Whitelist on Spit Will Be Worse Than Spam · · Score: 1

    There's a difference, I think, between "never call" and "have never called once, ever."

  3. Re:#1 question on Spit Will Be Worse Than Spam · · Score: 1

    Do you think that people who hack other people's computers to send spam would not be willing to hack other people's phone IDs and use their minutes? No, but I think that people would keep their computers (or VOIP phones) clean if they found that it was costing them money -- and getting them banned from their friends' phones.
  4. Re:Call Screening - Whitelist on Spit Will Be Worse Than Spam · · Score: 1

    Well, I was just calling to tell you the shed in your backyard is on fire, but if that is going to be your attitude, you can burn in hell. So wait -- you're my neighbor, and you have my phone number, but you've never called it till my shed is on fire?
  5. Re:Call Screening on Spit Will Be Worse Than Spam · · Score: 1

    If that starts happening, cellular providers/voicemail providers can simply let you vote to have that number blocked. Works for POTS. Won't work at all for real VOIP -- that "number" would be an IP address, one of thousands in a botnet.
  6. Re:#1 question on Spit Will Be Worse Than Spam · · Score: 4, Insightful

    If the spammers/spitters pay for the minutes, it's not a problem? Are you sure? I got 1,981 spams last night If the spitters pay for the minutes, you won't get 1,981 of them.
  7. Re:#1 question on Spit Will Be Worse Than Spam · · Score: 2

    VOIP spam is only worse than telemarketing because there's more of it. That, and because legislation wouldn't do shit to stop it.

    With telemarketing, I can put my self on the national do-not-call registry, and I can tell individual telemarketers to take me off their list. And because there's a real call center, there's almost certainly an actual corporation that I can track down.

    With VOIP spam, all the same rules that make normal spam unaffected by legislation still apply. There's enough more of it that I can't just hang up. So there would likely be just as much VOIP spam as email spam -- but you can't really set up a filter on VOIP spam, either, or at least, not a content-based filter.
  8. Reminds me of an old security issue... on Safari "Carpet Bomb" Attack Code Released · · Score: 1

    On Linux, $PATH generally only includes system directories, like /bin, /sbin, etc -- places only root can write to. Occasionally, it will add ~/bin, which the user can write to -- but which no sane browser would download to by default.

    In the Windows command prompt -- and I bet this behavior is inherited from DOS -- the current directory is included in the path. I'm pretty sure it's implicitly included -- that is, no way to disable it by editing %PATH%.

    My understanding is, the main reason PATH works this way is to make it always safe to be in a working directory. That is, "cd foo; ls" should always be safe. If you have '.' in the PATH, it's not safe to do this in a directory writable by people you don't trust -- they could always create a file named 'ls' which you would then run.

    This just seems like a variation of the same -- it might make sense to look for DLLs in the directory containing the EXE, but I don't think it makes sense to look for DLLs in the current working directory.

  9. Re:Best Solution on Safari "Carpet Bomb" Attack Code Released · · Score: 1

    Then why isn't Windows doing it itself? Regardless of browser used. Because an OS has no concept of a "download". All Windows knows is that some program (probably called safari.exe) is pulling bits in from the Internet, and writing them to disk. For all it knows, this is a logfile, or a cached certificate, or anything.

    It doesn't seem like Safari would turn off such a feature... No, it just didn't turn the feature on.
  10. Re:Half-wrong... on Explaining the Dearth of Console MMOGs · · Score: 1

    He (still) hasn't learned to touch type-- 100% hunt'n'peck. I learned dvorak with gtypist. There's a few others free, and probably some commercial ones for roughly $20 or so.

    Top it off with him saying that the screen is too big, and that he can't see everything (health, map, avatar, enemy) all at once. I don't know if WoW has a windowed mode out of the box, but it shouldn't be too hard to pull off.

    Not that this was a bad solution:

    So he invested in a 22" widescreen monitor instead, and we have the computer dual-weilding the displays so that he can WoW on the monitor, and at other times we can watch a movie on the screen Nice.

    Worth mentioning: You can get monitors with HDMI inputs, or cheap HDMI->DVI adapters. For older systems, well, my monitor has an RCA input. So while I do think that the couch would work for most people, in situations like yours, you could always do the converse.
  11. Re:whitelist on New Opt-Out Clause Makes CAN-SPAM Worse · · Score: 1

    On a side note: I get tired of people bragging about the efficiency of their spam-filters. The situation is not acceptable no matter how good we get at hiding the problem.

    I'm sorry, maybe I wasn't clear. Spam is not a problem for me. If spam is a problem for anyone else, they are doing something wrong.

    Spam constantly wastes a huge amount of technical and mental ressources worldwide

    Again: It wastes close to zero technical resources, and close to zero mental resources, when I don't count trying to explain the brutal simplicity of my approach to others. It's not even mine -- pretty standard Bogofilter implementation. Add a tarpit, and it wouldn't even waste bandwidth -- but then, I never had a problem with spam wasting bandwidth on 1 mbit DSL, so it's completely off my radar at 100 mbit fiber.

    I have outlined an open, spam-proof system here:

    Since I can't reply there, I'm replying here:

    Your post advocates a

    (X) technical ( ) legislative ( ) market-based ( ) vigilante

    approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

    ( ) Spammers can easily use it to harvest email addresses
    (X) Mailing lists and other legitimate email uses would be affected
    ( ) No one will be able to find the guy or collect the money
    ( ) It is defenseless against brute force attacks
    (X) It will stop spam for two weeks and then we'll be stuck with it
    (X) Users of email will not put up with it
    (X) Microsoft will not put up with it
    ( ) The police will not put up with it
    ( ) Requires too much cooperation from spammers
    (X) Requires immediate total cooperation from everybody at once
    (X) Many email users cannot afford to lose business or alienate potential employers
    ( ) Spammers don't care about invalid addresses in their lists
    ( ) Anyone could anonymously destroy anyone else's career or business

    Specifically, your plan fails to account for

    ( ) Laws expressly prohibiting it
    ( ) Lack of centrally controlling authority for email
    ( ) Open relays in foreign countries
    ( ) Ease of searching tiny alphanumeric address space of all email addresses
    ( ) Asshats
    ( ) Jurisdictional problems
    ( ) Unpopularity of weird new taxes
    ( ) Public reluctance to accept weird new forms of money
    (X) Huge existing software investment in SMTP
    ( ) Susceptibility of protocols other than SMTP to attack
    (X) Willingness of users to install OS patches received by email
    ( ) Armies of worm riddled broadband-connected Windows boxes
    ( ) Eternal arms race involved in all filtering approaches
    ( ) Extreme profitability of spam
    (X) Joe jobs and/or identity theft
    ( ) Technically illiterate politicians
    ( ) Extreme stupidity on the part of people who do business with spammers
    ( ) Dishonesty on the part of spammers themselves
    ( ) Bandwidth costs that are unaffected by client filtering
    (X) Outlook

    and the following philosophical objections may also apply:

    (X) Ideas similar to yours are easy to come up with, yet none have ever
    been shown practical
    ( ) Any scheme based on opt-out is unacceptable
    ( ) SMTP headers should not be the subject of legislation
    ( ) Blacklists suck
    (X) Whitelists suck
    ( ) We should be able to talk about Viagra without being censored
    ( ) Countermeasures should not involve wire fraud or credit card fraud
    ( ) Countermeasures should not involve sabotage of public networks
    (X) Countermeasures must work if phased in gradually
    ( ) Sending email should be free
    ( ) Why should we have to trust you and your servers?
    ( ) Incompatiblity with open source or open source licenses
    ( ) Feel-good measures do nothing to solve the problem
    ( ) Temporary/one-time email addresses are cumbersome
    ( ) I don't want the government

  12. Re:Definition. on New Opt-Out Clause Makes CAN-SPAM Worse · · Score: 1

    Well, scratch the "bulk" then. Spam is any mail that I didn't request and don't want to get. That about sums it up -- what one person wants is very different than what someone else wants. That makes it at least as difficult to legislate as porn.

    There'd be a trivial way to legislate spam: A central opt-in list, maintained by a central authority. And a single point of failure. I could tick multiple boxes on that wonderful form...

    Don't make me subscribe to your newsletter on your servers, make me subscribe on that central server. Requires total immediate cooperation from everyone all at once.

    So everybody who cares can verify that I requested to receive mail from spammer@viagra.ru - or not. That can be done without a central authority -- just require me to cryptographically sign a message from them. Then, if there's ever a question, the mailing list can produce the signature.

    Remember, only a handful of people is responsible for most of the spam in your inbox. Actually, no one is. Spam pretty much never makes it to my inbox. Filtering really can be that good.

    And if you think "a million dollars could be spent better elsewhere" then just consider how much the spam overhead costs our economy in lost productivity and "spam-fighting overhead"... You know, it costs me almost zero time per day to deal with spam, and took maybe $100 worth of my time to add a spamfilter to my server -- that's a conservative estimate. So I think the "cost to our economy" is because of a stupid expenditure of money which could be better spent elsewhere -- and while the million dollars you're proposing might help, it's still a waste of money vs the very simple solution of having email providers add decent filters.
  13. Re:Profit? Crime has not paid. on EU Calls For Use of Open Standards · · Score: 1

    It's come to the stage that commercial competition with microsoft in markets they dominate simply isn't viable. And yet, somehow, Apple continues to sell computers loaded with OS X -- and their market share is increasing.
  14. Re:Insightful Troll. on EU Calls For Use of Open Standards · · Score: 1

    Well, I wouldn't expect my own technical expertise to somehow filter back to my grandmother, who is halfway across the country at the moment. So no, I don't think grandchildren would've helped.

    That said, my grandmother is pretty damned cool. Other than the whitewater rafting (at 75!), she does use email -- more than the phone, most likely, as her hearing is mostly gone. So she's already more tech savvy than Ted Stevens.

  15. Naive question... on AoC Bug Penalizes Female Characters? · · Score: 1

    Aren't there advantages both ways?

    For example: Men probably have more upper body strength, and more muscle period because of testosterone. Women have a lower center of gravity, and an easy target (balls) with which to completely disable the man.

    I don't really know, as I'm not enough into martial arts -- just guessing.

  16. Re:Seems rather futile.. on Using Distributed Computing To Thwart Ransomware · · Score: 2, Interesting

    Reminds me of a story. It's a classic inspirational story, of a storm that washes up a bunch of starfish -- or maybe they're seahorses, or jellyfish, depending on who's telling the story. So there's all these starfish dying on the beach... A kid is walking along the beach, picking them up, one by one, and tossing them back into the ocean. A man watches him do this, and after awhile, walks up and says "You know you're not going to make a difference, right?"

    The kid picks up another starfish, tosses it into the ocean... "I just did to that one."

    Yes, it'd very quickly become pointless in that next time, they'd use a 2048-bit or 4096-bit key, and they'd change it more often. But for the people who've lost data to this thing already, it's never futile if this can get it back.

  17. Re:Seems rather futile.. on Using Distributed Computing To Thwart Ransomware · · Score: 1
    How were you modded insightful?

    As for it being a trick to crack a root signing key, would they not have to have the private key to encrypt with to start? No. Go read.

    Short translation: All they need is the public key, which is right there in the certificate. The whole point is that you encrypt with the public key, and only the private key can decrypt. So yes, it could easily be, well, any key to which they have the public key, and want to obtain the private key.
  18. Re:Other way around on Using Distributed Computing To Thwart Ransomware · · Score: 1

    So this is a problem, but at least you should still be able to run some sort of cleaning script on those backups.

  19. Re:whitelist on New Opt-Out Clause Makes CAN-SPAM Worse · · Score: 1

    You apparently don't have to handle mail to 'postmaster' or 'admin'. I pretty much do.

    It gets pretty hard to let the real email through. Any examples of the more tough false positives?
  20. Re:Insightful Troll. on EU Calls For Use of Open Standards · · Score: 2, Interesting

    Well, how would you describe it (in layman's terms)? Well, I'm frightened by the though that I would have to describe it to Congress in layman's terms -- that implies that they don't already know.

    More importantly, it wasn't just the "series of tubes" comment -- you really need to go find an audio clip, and a transcript, and listen to it. He clearly has no fucking clue what he's talking about.

    Here, let me elaborate:

    Ten movies streaming across that, that Internet, and what happens to your own personal Internet? Personal Internet? Mmmkay... Letting that one slide.

    I just the other day got... an Internet was sent by my staff at 10 o'clock in the morning on Friday, I got it yesterday [Tuesday]. Only four days!

    Why? Because it got tangled up with all these things going on the Internet commercially. Ok, I don't care how much YouTube or BitTorrent is slowing stuff down. I'm assuming for the moment that he's talking about email. And that simply cannot happen -- far more likely, it was a problem with the email server in question. And again -- not likely overload, but some actual, temporary error.

    the Internet is not something that you just dump something on. It's not a big truck. It's a series of tubes. Note the fact that there's no "like" here. He didn't say that the Internet is like a series of tubes. He said that it is -- and it really seems like his level of understanding is exactly that. One wonders if he has a concept of the actual copper and fiber-optic that makes up the real Internet.

    And if you don't understand, those tubes can be filled and if they are filled, when you put your message in, it gets in line and it's going to be delayed Again with the complete, utter lack of understanding.=

    Say it was just bandwidth.

    What TCP connection is going to go for four days without any traffic? Or take that long to send an email, with minimal traffic?

    Never mind that he seems to be assuming the email was a single packet, sitting in a single buffer behind a bunch of video packets, waiting to be sent along the...

    But that's giving him too much credit.

    It's not about the series of tubes. It's about the fact that Ted Stevens has no fucking clue what the Internet is -- and that he thinks he needs to explain it to the rest of the Senate. And the very, very scary possibility that he's right about that last part.
  21. Re:Definition. on New Opt-Out Clause Makes CAN-SPAM Worse · · Score: 1

    That's the greater net neutrality, which seems to kill all QoS. Not true. Users can still do QoS on their own routers, and ISPs can do QoS if you specifically request it (but not in any way which affects other customers, unless those other customers are connecting to you.)

    That's my own proposed definition.

    I'd settle for the lesser: "ISPs should transfer all packets to where they are addressed, with no preference given to one destination over another". What defines a source and a destination? Unless you're talking about an individual packet with a source IP and a destination IP, in which case, they'd throttle incoming connections.

    Shit like Comcast's blocking should be handled through fraud, false advertising and impersonating network hosts, not really network neutrality. None of this would be required for shaping to reduce torrent traffic to pretty much zero. When I was in college, it was pretty noticeable -- turn protocol encryption off, and you get BitTrickle at 5k. Turn it back on, and you might get 500k.

    Net neutrality does address the fraud issue, though, in that it makes it difficult to oversell bandwidth -- because if you were to do so on a neutral pipe, P2P users would annihilate all casual browsing in a matter of minutes.

    And that is really where this debate is coming from. Actual customers argue against net neutrality because they are afraid of that P2P flood crushing their Google and YouTube. If the ISPs weren't overselling bandwidth by so much, it wouldn't happen anyway, even on a neutral network -- so we would all agree that neutrality is a good idea, in full.

    And by the way, as far as I can tell, I'm on such a network. I get 100 mbit fiber to the home (in Rural Iowa!) and I can use pretty much all of it, pretty much all the time. (Cost is $60/mo, no installation.) So this absolutely is possible.

    Outright killing connections owned by other network hosts by injecting false RST packets should be a federal crime though. The net result is the same. Comcast-endorsed usages, like, say, YouTube, are allowed through. Others, like BitTorrent, are made completely impractical, no matter what purpose they are being used for.
  22. Re:Definition. on New Opt-Out Clause Makes CAN-SPAM Worse · · Score: 1

    Both legally and morally they come down to "was lethal force required or justified, or was there another option you could have used". Which is pretty much what I meant by "self-defense". Sorry I wasn't clear -- and thanks for spelling that out.

    You could also blur the 'war' one quiet a lot too-- gang wars certainly aren't official enough to count, but where do you draw the line? Easy: Take the above. In a war, lethal force is pretty much necessary.

    with any definition comes corner cases and gray area. Absolutely. In fact, as long as we speak English and not Lojban, most definitions are going to have semantic problems, too.

    The concern here, though, is whether net neutrality legislation could be twisted and subverted into meaning the opposite of its intent -- whether it could legitimize what the ISPs are doing. My point is that in a couple hundred years, it hasn't happened to the legal concept of Freedom of Speech -- so it is possible to create such legislation.

    Oh, and it's irrelevant anyway. Even if it's a doomed effort, the alternative is to basically let the ISPs continue to do what they're doing. At least if we try to legislate it, there's a chance it will stop them, or slow them down.
  23. Re:Definition. on New Opt-Out Clause Makes CAN-SPAM Worse · · Score: 2, Insightful

    Are you so sure that it hasn't been twisted? Because it's used now to protect a /lot/ more than it says it protects. -1, Factually incorrect. Borrowing the other poster's phrasing, it pretty much exactly says "Congress shall make no law abridging the freedom of speech."

    Say what you will about historical context, but I very much doubt you can twist it (or untwist it, as you say?) to mean anything other than "The people can say whatever the fuck they want." Because that is pretty close to what it literally says.
  24. Re:Simple answer: on Three ISPs Agree To Block Child Porn · · Score: 1

    I could just decide that heat is a boolean and that there's nothing between hot and cold. Heat may be a gradient -- but absolute zero is a boolean.

    You can no longer compare Britain, the US, Saudi Arabia and Nigeria, say. They all score False and the conversation ends. You can talk about some freedom of speech, or freedom of some speech. My point was that there is a very large gap between "some freedom of speech" and "censorship is impossible."
  25. Re:Half-wrong... on Explaining the Dearth of Console MMOGs · · Score: 1

    For that expense you can port to Mac or Linux easily. Done right from the beginning, you can port to Mac or Linux easily anyway.

    No businessman is going to make a decision of starting a project that is going to have to be ported to a new platform before even releasing Without sarcasm, I'm guessing businessmen aren't driving Duke Nukem Forever.

    Notice also: This exact thing happened to Halo. It was originally going to be PC/Mac/Linux -- Mac, at least, because Bungie had always done Mac stuff -- and became an Xbox exclusive.

    In GoldenEye, both players were in the same map. In an MMO there is a chance that they'll be in completely different areas Keep in mind, same map doesn't necessarily mean at all close to each other. Also, with a dynamically loaded game, "same map" doesn't necessarily mean anything.

    Likewise, barring cordless headphones, you'll be sharing sound too. Why bar cordless headphones? And I don't think that either of these are particularly relevant -- you could always force the players to stay within a certain radius of each other. Remember, it's supposed to be about playing together.

    And it's easier to develop for x86+windows+OpenGL/DirectX than for multiple consoles or generations of consoles. Really? I would have thought the other way around -- especially given OpenGL is ported to a few consoles, too.

    Maybe the next generation will include...headphones/microphone The last generation of the Xbox gave you a headset with Xbox Live, required to play online games. Most games used voice as the default method of communication -- even where there was an onscreen keyboard, people would voice chat, send voicemail, etc.

    voice recognition What does that have to do with any of the above?