(Just because Clark Kent can't endanger Lois Lane by being with her and revealing he is Superman, doesn't make Spider-Man a rip-off, does it?)
I can't even believe I'm arguing this point, but the crucial difference is that (at least at first) Lois wants nothing to do whatsoever with Clark, she only has eyes for Superman.
I thought in the comic that MJ knew Spiderman's secret identity all along -- IIRC, she flirted with both of them, knowing full well they were the same guy, but Peter of course had no clue. She also flirted with Flash, Henry and so on.
On the other hand, Spiderman flirted with Black Cat and a host of other women as well. The whole comic was all about the college promiscuity. I'm actually a little surprised that the movies don't capture that aspect about Peter, that once he goes to college his love life gets extremely complicated. I guess Hollywood always has to go for the "one true love" aspect. On the other hand they did a great job of portraying MJ as somebody who doesn't know what she really wants and dates a lot of different people.
...this is what I do instead of fixing databases at work...
Instead of having one mail server for your home or organization, you have two. Except one is secretly useless. It just blackholes everything that's sent to it.
You buy another domain and list the blackhole as the MX record for the new domain.
You sign up for a bunch of email marketing lists using addresses from the blackhole domain.
Everything that gets sent to the blackhole server is by definition spam.
The blackhole server also runs DNS. You set your real mail server's RBL DNS to point to the blackhole server.
Every time the blackhole server accepts a connection on port 25, the blackhole server immediately drops the connection (so no wasted bandwidth) and updates DNS with the originator's IP address.
You now have your own local blacklist, you don't have to trust somebody elses. Keep a log, if somebody bitches about it you can say "Well, somebody sent spam to my blackhole server on this date at this time from your IP. Suffer".
You'd have to combine it with a whitelist to let Yahoo and Hotmail and so on through, but you'd still kill a lot of spam.
It does seem likely that the same person or group is behind the attacks, given that the targets are all so similar.
But who in their right mind would attack a nonprofit that produces free software? I mean, the attackers are probably using open source/free software tools to launch the attacks, you'd think they wouldn't bite the hand that feeds them.
My current favorite theory is that this is what Microsoft is using their Linux lab for.;)
I find it a little funny that we're all debating this on an ad-supported site.
Yes, advertisements are annoying, but without them I don't know that we'd be able to watch shows like Star Trek (or insert your favorite sci-fi show here). Shows with special effects or almost any cartoon carry high costs and something needs to be done to pay for it.
Mind you, I've never seen a professional TV studio budget, so maybe their revenues are greatly inflated after all. But I do produce a public access cable television show so I know that even the lowest of the low budget series still carry huge costs. I'd never be able to produce my own show without the tax-payer funded public access studio.
On the other hand, I'm all for buying TV on DVD (Season 5 of Buffy soon! woot). And at those prices studios should be able to afford to make high-budget shows.
Also the/. folks didn't seem to complain when everybody started using Mozilla to block their ads. Hey editors, have you seen a decline in revenue?
Most of the spam I receive doesn't ask me to reply to purchase anything. They simply direct me to a web site of some sort. This eliminates mass-email replies as a possibility. If they use web forms, they can easily tell legitimate orders from phony ones by verifying the credit card numbers, phone numbers, addresses, etc.
So you just use apparently valid credit card numbers, phone numbers and addresses. They can't tell a valid credit card number until it's sent to the bank, it's trivial to reverse engineer a CC number that will pass the trivial verification tests.
I do not believe there is a way to validate phone numbers other than to check that the area code/exchange is valid. Use the White House's. Or if you're civic-minded, use one of the published numbers of a genuine spam king. Or if you're like me and can get away with it, give them your organization's phone number but an invalid extension, which they can't possibly check. Better yet, give them your organization's FAX number.
The addresses are probably being validated through the US Postal service's database, which is available online. Just be sure to pick an address that physically exists but where no mail can be sent. There are many rural areas that need a real physical address that's distinct from where the people actually get their mail, which is a PO box at the nearest post office.
I'm tired of spam and I am fully prepared to be more evil than they are.
How about setting up a website that lists all the 1-800/866/etc. numbers from spam E-mails. Then everyone who wanted to could call and drag them along as long as possible to run the bill up. Probably wouldn't take too long before their phone costs ate up all their profits and more.
Please, think evil. I know you can do better than that. At least try.
What we do is, every time we get a spam with an 800 number, we use our modems to FAX that number...
Or, at least, the corporate desktop, at least in environments where one doesn't necessarily want one's users installing all kinds of crap on their PCs.
Secretaries, for instance, can probably live quite well with OpenOffice, one of the nicer scheduling tool (Ximian maybe, never used it). And if all the users in my organization who just needed that setup actually had that setup, my job as administrator would be so much simpler.
</whine>
There's also "If voting ever changed anything it would be against the law" which is featured in The Illuminatus! Trilogy by Robert Anton Wilson and Robert Shea, published in the 70's I believe.
The sig quote was probably quoting one of these texts.
Hasn't/. already solved this problem? Mod the spams down along with the trolls...Plus then your blog gets to be the center of all kinds of "I was modded unfairly!!! Losers" drama. Triple the online fun!
Not that anyone will see this buried under the thousands of other comments, but:
I don't believe in God. I didn't believe in God as a teenager. We recited the Pledge every morning at my high school. I simply left out the words "under God". It's that easy:
One nation,
[Pause pause]
With liberty and justice for all.
That let me express the ideals I do believe in, without expressing those I don't. Some of the homeroom teachers would give me wierd looks, but nothing ever came of it.
There were kids who refused to recite the pledge at all -- they were often targeted by the teachers for being unAmerican or whatever, there would be loud arguments, sometimes the kids would get punished for it.
Which I still think is dumb, patriotism isn't true patriotism if it's compulsory.
But kids can currently recite the pledge without the religious overtones, or they can include them if they want. I just don't see the controversy.
I'm also a huge fan of the Treo 300 -- does everything I need, only one device in my pocket. I agree completely about the flip screen -- it looks dumb when I'm talking to somebody without my headset, but the screen will last forever. I set up the four little buttons at the bottom of the Treo to launch applications that can be used with the screen down, it's very handy.
Plus I actually LIKE that the Treo 300 is as big as a regular Palm. The keyboard is usable by adults, and the screen's big enough to see everything without squinting.
The only thing the 600 model has that I desire is the expansion slot...
How difficult is it to only download those kernel modules I actually want to compile? As time goes on and new stuff keeps getting added to the kernel the source just gets out of hand. Someone should set up a little webby clicky thing that's like "make menuconfig" but then assembles a tarball only containing your precise configuration and those modules you've selected.
Just a thought.
Oh well. It was a nice thought while it lasted. Thanks for the info.:)
I think I'm now of the opinion that spam needs to be handled in the legal arena -- if the majority of spam is coming from hijacked PCs, then that's criminal activity and should be so punished.
Is there a reason why SMTP daemons can't simply reject ALL mail that originated at an open relay?
When the daemon received an incoming mail connection, it could connect to the IP at the other end, using the SMTP port, and try to use it to send mail to itself -- if it works, then the originating server is an open relay, and no mail would be accepted from it. The information could be cached somewhere so this expensive check wouldn't need to happen every time. The cache could be updated every 9 days or so in case the relay is closed.
What negative consequences would there be from this approach that I haven't thought of? It seems like it would force people to close their relays if they wanted mail to work, even those hard-to-track-down pacific islander sysadmins.
You know, with charts and graphs and your corporate logo on them. The charts and graphs are populated from a database somewhere. Suitable for your board report.
I bring it up because my organization paid Crystal reports $10,000 to be able to do this. If I could have written a little perl script that connects to the database and emits an OpenOffice doc, then I could have saved the organization ten thousand dollars, and saved myself a world of pain. (The only thing more evil than Crystal Reports is crystal meth.)
You might be wondering why I wouldn't just use HTML and some library that automatically creates chart PNG images -- the reason is we have to email the report to our board members because they're demanding like that. So we use Crystal to generate pretty PDFs with all the charts. We also let the board members log into our system to generate their own reports via the web, which they can then email to the group.
So having an XML-based document format for this would be wonderful, especially if OpenOffice would provide a command-line utility for converting from OO format to PDF.
Actually it was "Danny the Street", who is by far my all time favorite character from anything I've ever read. I was so sad when Grant wrote him off the book...
My favorite bit was that Danny was a transvestite street, because he had all sorts of lady's lingerie and perfume shops on him and so on. I mean, wasn't it ridiculous enough to have a sentient city block as a character?
Also, I'm a big big fan of Grant's work on the X-Men, he has completely transformed the series into something rich and strange.
Phone calls are paid per-incident, or in groups. Its something like $245 an incident or something.
Microsoft offers a
Premier level of support, which is not paid per incident. I was led to believe by microsoft's site that the 1-800-936-3200 number is specifically for Premier customers. I can't confirm that since it's been down all week.
Even if you had patched all your systems, and you wanted to call tech support because, say, one of your boxes only got the registry key for the patch and you had no way of knowing that, tough luck, their support hotline is down because everyone's calling it.
This is of course assuming you're paying them tens of thousands of dollars per year for a support contract.
This isn't news. There's no new info in the eetimes article, and that page at RedHat never contained information about the fund itself. The "Open Source Now" page is just an advocacy group apparently devoted to spotting laws that would prevent adoption of open source in government etc.
This seems different (though related) to the "Open Source Now Fund", which would specifically target legal threats against Linux and related things, like the FSF does for GNU.
I haven't been able to find any info on how to contribute to the fund. I spoke with many Red Hat people at Linux World about it, and they didn't know. I sent an email to opensourcenow@redhat.com, and they never replied. I've also been talking with Red Hat salesmen for the past week or two trying to put together a proposal, and they don't know either.
Slashdot Mirror
Well, Lois does a great enough job putting herself in danger anyway just to be with her beloved Superman...Everyone in that triangle is psychotic. :)
I can't even believe I'm arguing this point, but the crucial difference is that (at least at first) Lois wants nothing to do whatsoever with Clark, she only has eyes for Superman.
I thought in the comic that MJ knew Spiderman's secret identity all along -- IIRC, she flirted with both of them, knowing full well they were the same guy, but Peter of course had no clue. She also flirted with Flash, Henry and so on.
On the other hand, Spiderman flirted with Black Cat and a host of other women as well. The whole comic was all about the college promiscuity. I'm actually a little surprised that the movies don't capture that aspect about Peter, that once he goes to college his love life gets extremely complicated. I guess Hollywood always has to go for the "one true love" aspect. On the other hand they did a great job of portraying MJ as somebody who doesn't know what she really wants and dates a lot of different people.
Somebody else think of something that will work please. :)
Instead of having one mail server for your home or organization, you have two. Except one is secretly useless. It just blackholes everything that's sent to it.
You buy another domain and list the blackhole as the MX record for the new domain.
You sign up for a bunch of email marketing lists using addresses from the blackhole domain.
Everything that gets sent to the blackhole server is by definition spam.
The blackhole server also runs DNS. You set your real mail server's RBL DNS to point to the blackhole server.
Every time the blackhole server accepts a connection on port 25, the blackhole server immediately drops the connection (so no wasted bandwidth) and updates DNS with the originator's IP address.
You now have your own local blacklist, you don't have to trust somebody elses. Keep a log, if somebody bitches about it you can say "Well, somebody sent spam to my blackhole server on this date at this time from your IP. Suffer".
You'd have to combine it with a whitelist to let Yahoo and Hotmail and so on through, but you'd still kill a lot of spam.
Thoughts?
But who in their right mind would attack a nonprofit that produces free software? I mean, the attackers are probably using open source/free software tools to launch the attacks, you'd think they wouldn't bite the hand that feeds them.
My current favorite theory is that this is what Microsoft is using their Linux lab for. ;)
Yes, advertisements are annoying, but without them I don't know that we'd be able to watch shows like Star Trek (or insert your favorite sci-fi show here). Shows with special effects or almost any cartoon carry high costs and something needs to be done to pay for it.
Mind you, I've never seen a professional TV studio budget, so maybe their revenues are greatly inflated after all. But I do produce a public access cable television show so I know that even the lowest of the low budget series still carry huge costs. I'd never be able to produce my own show without the tax-payer funded public access studio.
On the other hand, I'm all for buying TV on DVD (Season 5 of Buffy soon! woot). And at those prices studios should be able to afford to make high-budget shows.
Also the /. folks didn't seem to complain when everybody started using Mozilla to block their ads. Hey editors, have you seen a decline in revenue?
So you just use apparently valid credit card numbers, phone numbers and addresses. They can't tell a valid credit card number until it's sent to the bank, it's trivial to reverse engineer a CC number that will pass the trivial verification tests.
I do not believe there is a way to validate phone numbers other than to check that the area code/exchange is valid. Use the White House's. Or if you're civic-minded, use one of the published numbers of a genuine spam king. Or if you're like me and can get away with it, give them your organization's phone number but an invalid extension, which they can't possibly check. Better yet, give them your organization's FAX number.
The addresses are probably being validated through the US Postal service's database, which is available online. Just be sure to pick an address that physically exists but where no mail can be sent. There are many rural areas that need a real physical address that's distinct from where the people actually get their mail, which is a PO box at the nearest post office.
I'm tired of spam and I am fully prepared to be more evil than they are.
BTW, IANAL and do not follow this advice. :)
Please, think evil. I know you can do better than that. At least try.
What we do is, every time we get a spam with an 800 number, we use our modems to FAX that number...
Secretaries, for instance, can probably live quite well with OpenOffice, one of the nicer scheduling tool (Ximian maybe, never used it). And if all the users in my organization who just needed that setup actually had that setup, my job as administrator would be so much simpler. </whine>
The sig quote was probably quoting one of these texts.
Hasn't /. already solved this problem? Mod the spams down along with the trolls...Plus then your blog gets to be the center of all kinds of "I was modded unfairly!!! Losers" drama. Triple the online fun!
I don't believe in God. I didn't believe in God as a teenager. We recited the Pledge every morning at my high school. I simply left out the words "under God". It's that easy:
That let me express the ideals I do believe in, without expressing those I don't. Some of the homeroom teachers would give me wierd looks, but nothing ever came of it.
There were kids who refused to recite the pledge at all -- they were often targeted by the teachers for being unAmerican or whatever, there would be loud arguments, sometimes the kids would get punished for it.
Which I still think is dumb, patriotism isn't true patriotism if it's compulsory.
But kids can currently recite the pledge without the religious overtones, or they can include them if they want. I just don't see the controversy.
...for spelling "ridiculous" correctly.
Plus I actually LIKE that the Treo 300 is as big as a regular Palm. The keyboard is usable by adults, and the screen's big enough to see everything without squinting.
The only thing the 600 model has that I desire is the expansion slot...
How difficult is it to only download those kernel modules I actually want to compile? As time goes on and new stuff keeps getting added to the kernel the source just gets out of hand. Someone should set up a little webby clicky thing that's like "make menuconfig" but then assembles a tarball only containing your precise configuration and those modules you've selected. Just a thought.
I think I'm now of the opinion that spam needs to be handled in the legal arena -- if the majority of spam is coming from hijacked PCs, then that's criminal activity and should be so punished.
When the daemon received an incoming mail connection, it could connect to the IP at the other end, using the SMTP port, and try to use it to send mail to itself -- if it works, then the originating server is an open relay, and no mail would be accepted from it. The information could be cached somewhere so this expensive check wouldn't need to happen every time. The cache could be updated every 9 days or so in case the relay is closed.
What negative consequences would there be from this approach that I haven't thought of? It seems like it would force people to close their relays if they wanted mail to work, even those hard-to-track-down pacific islander sysadmins.
(Joke light blinking, happy gentoo user here.)
I bring it up because my organization paid Crystal reports $10,000 to be able to do this. If I could have written a little perl script that connects to the database and emits an OpenOffice doc, then I could have saved the organization ten thousand dollars, and saved myself a world of pain. (The only thing more evil than Crystal Reports is crystal meth.)
You might be wondering why I wouldn't just use HTML and some library that automatically creates chart PNG images -- the reason is we have to email the report to our board members because they're demanding like that. So we use Crystal to generate pretty PDFs with all the charts. We also let the board members log into our system to generate their own reports via the web, which they can then email to the group.
So having an XML-based document format for this would be wonderful, especially if OpenOffice would provide a command-line utility for converting from OO format to PDF.
Actually it was "Danny the Street", who is by far my all time favorite character from anything I've ever read. I was so sad when Grant wrote him off the book... My favorite bit was that Danny was a transvestite street, because he had all sorts of lady's lingerie and perfume shops on him and so on. I mean, wasn't it ridiculous enough to have a sentient city block as a character? Also, I'm a big big fan of Grant's work on the X-Men, he has completely transformed the series into something rich and strange.
Microsoft offers a Premier level of support, which is not paid per incident. I was led to believe by microsoft's site that the 1-800-936-3200 number is specifically for Premier customers. I can't confirm that since it's been down all week.
Well, yes and no. It's amusing that microsoft's site went down last night. What's more amusing is that their phone system has been down all week.
Even if you had patched all your systems, and you wanted to call tech support because, say, one of your boxes only got the registry key for the patch and you had no way of knowing that, tough luck, their support hotline is down because everyone's calling it.
This is of course assuming you're paying them tens of thousands of dollars per year for a support contract.
Whoops, forgot to credit the most excellent GROKLAW, which is where I stole the Rosen link.
Position paper from an attorney over at OSI.
This seems different (though related) to the "Open Source Now Fund", which would specifically target legal threats against Linux and related things, like the FSF does for GNU.
I haven't been able to find any info on how to contribute to the fund. I spoke with many Red Hat people at Linux World about it, and they didn't know. I sent an email to opensourcenow@redhat.com, and they never replied. I've also been talking with Red Hat salesmen for the past week or two trying to put together a proposal, and they don't know either.
What's the hold up Red Hat? TAKE MY MONEY DAMMIT.