Just when was it that "visiting random sites" or "opening random attachments" became sufficient explanations for a system going kablooie? "Well, Joe, you surfed www.turnips.net and you know it's a bad site! What were you thinking?" "Oh, my bad. Next time I'll consult the list of 'safe' sites before I go someplace unfamiliar."
We're not going to hold a software company responsible for selling a product that risks the data on your system by leaving itself vulnerable to normal user actions? What next, advisories that you shouldn't drive north because cold weather might make the wheels fall off your car at speeds in excess of 40 mph?
If I surf to a site, or open a random attachment in a viewer, and my system dies as a result, that software is defective by design. Any company that tells me I can't do either of these things with their products is admitting that they are knowingly selling defective software.
Really, though, it's the users who shell out significant coin buying products that are known to be defective that needs to change. If users won't hold a vendor accountable for their miserably defective garbage by not buying it, I guess the user community deserves all the pain that bad decisions cause. At least they could be rephrasing their complaints as "I bought a piece of crap and it exploded when I used it. I made a stupid decision." rather than "I surfed this site and my PC blew up. Bad site! Bad, bad site!"
A few here complain that their support is being "dropped", and the/. crowd comes up with alternatives ranging from progeny support, to switching to any of eight or ten other distros, to looking at three or four BSD distros, to keeping RH9 and doing manual updates. I don't like to see pain, but if this is what pain is these days then life has gotten ENORMOUSLY better.
Back when the choices were "Mac Classic" and Win95, had we heard that one of these was getting EOL'd, there would have been real pain. After just a few years, the debate isn't about how you're going to have to start using a typewriter or something, but how you're possibly going to make a good decision given the actual hundred or so choices available.
Would you have thought this possible in 1995? Your choice for the most part then was staying with WFWG or making the leap to Win95, although the choices we have now were beginning to come on-line then.
So RH ends, Fedora moves forward, and there are more reasonable choices available than most of us would have time to evaluate well. It's like the end of Tandy CP/M, only a hundred times better!
I'm a HUGE fan of UC and I've talked to the developer frequently. I run it regularly. I think a lot more people should than do now. Web Form Flooder and Unsolicited Commando both do a good job of making the data they submit hard to diffentiate from normal traffic. Web Form Flooder can be configured to submit slowly or as fast as it can. In a lot of ways they're pretty similar.
The main difference is that with Unsolicited Commando you are executing "attack orders" that are issued from a central site. That is a great facility, as they do the work of identifying real spammers and it prevents abuse. Web Form Flooder allows the user to specify a target, which requires more personal responsibility but allows you to take more immediate action against a spammer that hits you. Web Form Flooder is still in beta and has a few quirks that are being worked on, but UC is pretty stable.
These two efforts are cross-pollinating each other to a degree. Web Form Flooder is GPL and may be influencing UC somewhat (It did at least cause a platform-independent version to be released) and formflood has used some of the ideas from UC. UC's client source code is released publicly, but the server side isn't. UC actually inspired formflood, since there wasn't a UC version that was Linux-friendly until only recently. The homepage for formflood has a link to UC.
The result is that there are multiple tools out there, both which are excellent, and handle the issue in slightly different ways. Should spammers find a way to protect against one, the other might still be effective while the other makes changes. With different algorithms used to generate random data, it's harder to identify bogus data. The more tools out there that do this, probably the better off we are.
For those sites that make money from collecting information from spam victims, there is a way to fight back: check out Web Form Flooder at http://formflood.sourceforge.net
It's still beta, but I'm unaware of any other tools that allow you to strike back at a spammer. With it you can crapflood a spammer's database, and possibly render it economically useless. So if you're pissed at the hundredth mortgage quote solicitation, fire it up and get just a little bit of revenge.
I've got wifi, and it's cheap and easy to set up. A roll-my-own linux router completes the picture and provides security that isn't available or isn't well done in the wifi hardware. So far, so good.
I bridge to neighbors, and that works fine. In the end, the wifi is just slightly more expensive than running UTP to the neighbors, but it's more convenient. But connectivity to users isn't the problem. The problem is routing that traffic to the internet.
Ignore for a moment this very dumb idea of routing shared connections through someone's personal ISP account. This means home users are going to have to start setting up T1's and better. That one-time expense for a Wifi AP is dwarfed by the $500 monthly expense of a T1. How about an OC-3 at what, about $10,000 a month? Gonna share free access on a gigabit connection? I doubt it. Cringely's whole premise is based on stealing the most expensive part of the system instead of paying for it, and that hardly makes for a wise "business model".
I can see a couple of alternatives down the road on this:
1. People set up their own independent wifi/wired networks, and ISPs eventually offer to connect to these networks at a reduced rate, or perhaps even pay for the priviledge of a connection. Rather unlikely.
2. Prices for commercial-grade internet connections come down to the point where small groups of people can set up their own systems, and maybe they'll offer free or reduced wifi access. Possible?
3. Broadband becomes becomes so cheap that few would bother stealing it, possibly through deregulation. Everyone has a wifi AP integrated in their broadband access hardware and runs a hotspot. I doubt it.
4. Some new technology makes 802.11x obsolete, and provides better and cheaper wireless voice/data. This problem disappears. This seems likely to me.
I work in an IT company, and the breadth of skills within the staff is an astonishing array that no human could ever master that I've encountered. It might be nice to have a manager who can code JSPs, write C code, do.NET, manager database installs, data replication, testing, database performance and tuning as well as being expert on everything from PalmOS to Solaris, but I'd rather just settle for a good motivator who can set goals, take good care of his people, listen well and then make good decisions.
Tech skills and leadership abilities are two separate realms where congruency is wonderful but vanishingly rare. A good leader is good enough, and those aren't that easy to find.
Microsoft simply has better marketing than many Linux companies, which is why they will continue to dominate the industry, unless Linux kicks up its advertising campaign and targets the big guys.
So precisely why would it be an important goal to have Microsoft kicked out of it's dominant position to be replaced by Linux? Would it make linux any better? I loathe MS myself in a lot of ways, but market share is hardly a strong reason to adopt an operating environment.
As I see it, this will create a set of companies that follow marketing blather and hamstring themselves competitively, and another set that will use what works and works most efficiently and thus be more competitive. Since I know linux, I'll be well positioned to be a part of the group of companies that have an advantage over those that buy MS TCO arguments.
My gripe is about cheap networking equipment, like broadband routers and 802.11 equipment. While it generally works, it's buggy, vulnerable, often proprietary and it ends up giving users a false sense of security that can bite them in the end. I bought a bunch of this stuff and made some startling discoveries.
I'd heard that Belkin and to a lesser degree Linksys wasn't all that hot, and grabbed a netgear router and access point instead. The router ended up causing a DDOS attack on the University of Wisconsin NTP server, and an nmap scan showed a lot of fairly serious vulnerabilities. So did the AP. My Linksys 802.11-to-ethernet bridge works, but itself is rather vulnerable to attack. In the end, I had to make my own linux-based router to handle the firewall and network services that these cheap products failed to provide in a robust and secure manner.
Now I'm fairly geeky, and I can handle putting in some decent homebrew equipment (although I'd rather not shoulder the expense when this stuff was supposed to do this for me), but the average user is slapping in a bunch of equipment expecting it's going to protect his equipment when it can only do so by luck. Woe be to the average joe who installs his new 802.11 broadband router he got for christmas that ends up being an even greater present to his marginally more technically competent neighbors.
It feels like the Microsoft model of convenience at the expense of reliability and security has been adopted by D-Link, Netgear and Linksys to name a few. Plug it in and pray, and only the techincally superior can manage to actually secure it. It leaves us with an installed base of rather powerful networking equipment that is unsecured, vulnerable and just itching to be hijacked by anyone who cares to try. Over the next few years we're going to start seeing reports of home users getting compromised and causing major problems on the internet.
Before the stuff hits the landfill it's a far greater problem than after, as the impact of hijacked home and small office networks starts wreaking havoc on home users and everyone connected to them via broadband. If normal users can't make use of their PCs because everything everywhere is a hostile threat they can't defend themselves from, the utility of the internet becomes vanishingly small.
Until CAN_SPAM goes into effect, Virginia (where AOL is based) has one of the more agressive anti-spam laws in the country and AOL should have referred all this to the VA Attorney General for prosecution. When CAN-SPAM happens, though, I suppose this option will go away. So of this multitude, how many of these instances are going to be prosecuted while there's still time, if there is still time?
Perhaps it just demonstrates how ineffective laws are around this issue. One, the feds decide to nullify a rather decent law with their CAN-SPAM abortion, and two, the laws in VA that could have been used aren't employed. Wasn't it worth it to drop criminal complaints on the 100 or so worst offenders?
I'd have been happier if there was a PS. on that story that AOL had referred the lot for criminal prosecution. But I suppose it's a little hard to bring Chinese and Brazilian spammers to justice in Virginia or in the US. Maybe we could get DOD to serve warrants and do the extraditions...
1 Unleash vigilante justice on spammers One activist has proposed filters that launch distributed denial-of-service attacks back at spammers. Great. Just make sure we have the right addresses first.
Finally, after all these years, someone at Wired thinks I'm nifty. I feel so much better now. Well, maybe not.
Project Web Form Flooder at http://formflood.sourceforge.net
And I can't solve this either, but I've decided to get off my ass and do something that might just possibly make it just a little harder for spammers to earn a profit. It feels a lot better than bitching, although bitching is certainly justified.
Visit project web form flooder at http://formflood.sourceforge.com and you can hit back the spammers that annoy you. Or check out Unsolicited Commando at http://www.astrobastards.net/uc and hit back spammers in general. Or do both, but for cripes sake, do something other than reelect representatives that think that CAN-SPAM is going to help at all!
As impressed as I am with your description of how well the political system in Norway works, I just can't fathom a system where prosecutors are able to appeal a "not guilty" verdict in a criminal court. After you're aquitted, are prosecutors able to attack you again and again until they get a verdict they like?
Maybe it's the US that's becoming more like Norway. If you're aquitted in a criminal trial here, prosecutors will throw civil litigation at you for denying someone's "civil rights" for the same issue involved in the criminal trial they lost. In the end, if the state has it out for you, they'll eventually screw you, and they'll find some extra-constitutional way to make it happen.
Maybe it's a good thing DVD-Jon wasn't subjected to our current version of civil liberties after all.
What I'd like to know is if for some really unusual reason MS decided to roll this patch into IE and the patch had been released under GPL, would IE them become GPL/open source?
Maybe it's just wishful thinking, although I doubt the open source community would really be interested in IE even if it became GPL. It would require way too much work to bring that up to speed. Not worth it when there's a horde of better GPL browsers out there.
In your home desktop, you should notice a bit better performace with your desktop since there's some new locking mechanisms, better threading and of course support for additional hardware/ALSA changes, etc..
Your cluster is going to ROCK, though, with kernel async I/O, better management of large memory, greater SMP scalability, hyperthreading and a bunch of other things. Databases are going to see huge improvements.
You've got to understand the situation. The Navy-Marine Corps Internet project and BTBest (at least for the MSC) TCP/IP commo suite got thrown at these ships without a lot of regard to the technical resources required to manage the whole ball of wax. Each of these ships has a rack of MS Windows boxes managing LAN, commo, logistics and everything else, and they have some Chief managing the equipment who is decidedly not a network engineer. On top of that he's got to play DBA for Sybase and Oracle databases, manage numerous applications, and deal with backup and disaster management. It's too much to realistically ask a guy who's background is a lot more "sailor" than "LAN/Database/application server adminstrator. At least not while we're paying senior enlisted guys what we are.
These technicial-draftees are extraordinarily busy. They're asked to manage really complex systems that are not terribly reliable. MS Exchange and Win2k require good people to keep them going, but throw database replication systems and the rest of their suite on top, and they spend more of their time crying for help to shoreside contractors than getting things fixed. That their MS Exchange server got penetrated is hardly a surprise given the number of fires these guys are regularly trying to keep under control.
If they can get professional DBA's and Network Engineers on each ship and this happens, then I'd raise hell. But there aren't a whole lot of MSCEs and DBAs that want to go on 9 month sea deployments of 16-hour days with the starting salary of an E-3, which I guess is about $800/month. In the meantime, scream at Lockheed Martin, the contractor for the Navy-Marine Corps Internet (NMCI) project, which has hosed up more than they have fixed. NMCI dictates identical configurations across all systems, which makes it really likely that the vulnerability we see here exists virtually everywhere in the Navy. Lockheed designed it this way, and got paid an enormous pile of cash to do so.
If my bank spent the fees they collected from me trying to price out the cost of leaping lords and laying swans and whatnot, I'd want to take a dump right in the middle of their lobby as I walked out after closing my accounts. Is this how they justify their myriad fees? "We need to charge an extra $.50 per ATM transaction and money order so we can tell you how expensive it is to rent or purchase leaping lords..."
Yeah, I really want to give my business to these wackjobs. But I suppose employing accountants to figure this data out helps the economy in some small way...
You don't just have to sit there and be pissed. You can fight back. Check out Project Web Form Flooder at http://formflood.sourceforge.net . When someone wants you to visit their website and complete a mortage quote form or something like that, you can visit it, say about 800 times a minute and submit the most interesting random data they've ever seen!
The actual story is that in the mid-90's Microsoft bought the source code and rights to Sybase SQL Server 4.9.2 from Sybase, and then sued Sybase claiming that the name "SQL Server" was part of the package that they paid for. Sybase settled the case and relinquished the "SQL Server" name re-branding their OLTP RDBMS "Adaptive Server Enterprise".
Now MS has overwhelmed Sybase with a derivation of it's own technology that has MS's special additional bugs included for a nominal price, largey because they know how to market and Sybase regularly fails to market it's products effectively.
If someone abets the sale of a product or service that is demonstrably fraudulent, a harsh penalty is clearly warranted. If someone attempts to conduct a business using fraudulent and deceptive means, a harsh penalty is certainly in order. If someone steals property or services from another (routing email through hacked mail relays) that theft should be strongly prosecuted. This is not a case of an innocent business trying to market themselves, this is the act of an ongoing criminal enterprise trying to steal, yes steal, money from unsuspecting citizens.
Fight spammers. Go to http://formflood.sourceforge.net and fight back!
Here's your Jihad: Web Form Flooder (http://formflood.sourceforge.net).
It won't solve every problem, but any spammer that relies on victim's entries to his database in order to profit will have his database salted. It might even be a small annoyance to other sites by pounding on credit card submission forms with invalid data.
It's not government that will ever resolve this, it's the populace, as envisioned by Jefferson, Marx and every other revolutionary, which just might get sick of the BS and fight back in overwhelming numbers. That is if they're not getting OD'd on soma gas.
I'd rather not take it, even if I'm not sure how effective this way of fighting back is.
Your "arguments" are unpersuasive, although I'll accept the "Nice try, dude, but I don't think it will work." comment. When a spammer sends me an email inviting me to visit his site, I don't usually get a qualification of how many times or with what technology I'm allowed to do that. Kinda shoots the laws/police argument.
If you have anything better, I'd welcome criticism I can make use of.
At this point, "nice try" is a good start. Total and complete victory is something I can be patient for...
It's their DATA that's valuable. The data that unsuspecting knuckleheads willingly provide is what they make their money from. Flood their data with garbage so they can't tell the real from the bogus and their entire database becomes effectively useless.
OK, so the spammer uses a hosting service that doesn't suspect the real nature of the site? Bullshit. If you host "getit4less.biz" and think it's lily-white, you're smoking crack. These hosting companies know full well what they're enabling, and they should rightly bear part of the burden of withstanding assaults.
For those that are truly unsuspecting, getting hit with a reasonable clue-bat is a good thing.
Slashdot Mirror
We're not going to hold a software company responsible for selling a product that risks the data on your system by leaving itself vulnerable to normal user actions? What next, advisories that you shouldn't drive north because cold weather might make the wheels fall off your car at speeds in excess of 40 mph?
If I surf to a site, or open a random attachment in a viewer, and my system dies as a result, that software is defective by design. Any company that tells me I can't do either of these things with their products is admitting that they are knowingly selling defective software.
Really, though, it's the users who shell out significant coin buying products that are known to be defective that needs to change. If users won't hold a vendor accountable for their miserably defective garbage by not buying it, I guess the user community deserves all the pain that bad decisions cause. At least they could be rephrasing their complaints as "I bought a piece of crap and it exploded when I used it. I made a stupid decision." rather than "I surfed this site and my PC blew up. Bad site! Bad, bad site!"
Back when the choices were "Mac Classic" and Win95, had we heard that one of these was getting EOL'd, there would have been real pain. After just a few years, the debate isn't about how you're going to have to start using a typewriter or something, but how you're possibly going to make a good decision given the actual hundred or so choices available.
Would you have thought this possible in 1995? Your choice for the most part then was staying with WFWG or making the leap to Win95, although the choices we have now were beginning to come on-line then.
So RH ends, Fedora moves forward, and there are more reasonable choices available than most of us would have time to evaluate well. It's like the end of Tandy CP/M, only a hundred times better!
Qwitcher Bitchin.
The main difference is that with Unsolicited Commando you are executing "attack orders" that are issued from a central site. That is a great facility, as they do the work of identifying real spammers and it prevents abuse. Web Form Flooder allows the user to specify a target, which requires more personal responsibility but allows you to take more immediate action against a spammer that hits you. Web Form Flooder is still in beta and has a few quirks that are being worked on, but UC is pretty stable.
These two efforts are cross-pollinating each other to a degree. Web Form Flooder is GPL and may be influencing UC somewhat (It did at least cause a platform-independent version to be released) and formflood has used some of the ideas from UC. UC's client source code is released publicly, but the server side isn't. UC actually inspired formflood, since there wasn't a UC version that was Linux-friendly until only recently. The homepage for formflood has a link to UC.
The result is that there are multiple tools out there, both which are excellent, and handle the issue in slightly different ways. Should spammers find a way to protect against one, the other might still be effective while the other makes changes. With different algorithms used to generate random data, it's harder to identify bogus data. The more tools out there that do this, probably the better off we are.
It's still beta, but I'm unaware of any other tools that allow you to strike back at a spammer. With it you can crapflood a spammer's database, and possibly render it economically useless. So if you're pissed at the hundredth mortgage quote solicitation, fire it up and get just a little bit of revenge.
I bridge to neighbors, and that works fine. In the end, the wifi is just slightly more expensive than running UTP to the neighbors, but it's more convenient. But connectivity to users isn't the problem. The problem is routing that traffic to the internet.
Ignore for a moment this very dumb idea of routing shared connections through someone's personal ISP account. This means home users are going to have to start setting up T1's and better. That one-time expense for a Wifi AP is dwarfed by the $500 monthly expense of a T1. How about an OC-3 at what, about $10,000 a month? Gonna share free access on a gigabit connection? I doubt it. Cringely's whole premise is based on stealing the most expensive part of the system instead of paying for it, and that hardly makes for a wise "business model".
I can see a couple of alternatives down the road on this:
1. People set up their own independent wifi/wired networks, and ISPs eventually offer to connect to these networks at a reduced rate, or perhaps even pay for the priviledge of a connection. Rather unlikely.
2. Prices for commercial-grade internet connections come down to the point where small groups of people can set up their own systems, and maybe they'll offer free or reduced wifi access. Possible?
3. Broadband becomes becomes so cheap that few would bother stealing it, possibly through deregulation. Everyone has a wifi AP integrated in their broadband access hardware and runs a hotspot. I doubt it.
4. Some new technology makes 802.11x obsolete, and provides better and cheaper wireless voice/data. This problem disappears. This seems likely to me.
Tech skills and leadership abilities are two separate realms where congruency is wonderful but vanishingly rare. A good leader is good enough, and those aren't that easy to find.
So precisely why would it be an important goal to have Microsoft kicked out of it's dominant position to be replaced by Linux? Would it make linux any better? I loathe MS myself in a lot of ways, but market share is hardly a strong reason to adopt an operating environment.
As I see it, this will create a set of companies that follow marketing blather and hamstring themselves competitively, and another set that will use what works and works most efficiently and thus be more competitive. Since I know linux, I'll be well positioned to be a part of the group of companies that have an advantage over those that buy MS TCO arguments.
In a word, Profit!
I'd heard that Belkin and to a lesser degree Linksys wasn't all that hot, and grabbed a netgear router and access point instead. The router ended up causing a DDOS attack on the University of Wisconsin NTP server, and an nmap scan showed a lot of fairly serious vulnerabilities. So did the AP. My Linksys 802.11-to-ethernet bridge works, but itself is rather vulnerable to attack. In the end, I had to make my own linux-based router to handle the firewall and network services that these cheap products failed to provide in a robust and secure manner.
Now I'm fairly geeky, and I can handle putting in some decent homebrew equipment (although I'd rather not shoulder the expense when this stuff was supposed to do this for me), but the average user is slapping in a bunch of equipment expecting it's going to protect his equipment when it can only do so by luck. Woe be to the average joe who installs his new 802.11 broadband router he got for christmas that ends up being an even greater present to his marginally more technically competent neighbors.
It feels like the Microsoft model of convenience at the expense of reliability and security has been adopted by D-Link, Netgear and Linksys to name a few. Plug it in and pray, and only the techincally superior can manage to actually secure it. It leaves us with an installed base of rather powerful networking equipment that is unsecured, vulnerable and just itching to be hijacked by anyone who cares to try. Over the next few years we're going to start seeing reports of home users getting compromised and causing major problems on the internet.
Before the stuff hits the landfill it's a far greater problem than after, as the impact of hijacked home and small office networks starts wreaking havoc on home users and everyone connected to them via broadband. If normal users can't make use of their PCs because everything everywhere is a hostile threat they can't defend themselves from, the utility of the internet becomes vanishingly small.
Perhaps it just demonstrates how ineffective laws are around this issue. One, the feds decide to nullify a rather decent law with their CAN-SPAM abortion, and two, the laws in VA that could have been used aren't employed. Wasn't it worth it to drop criminal complaints on the 100 or so worst offenders?
I'd have been happier if there was a PS. on that story that AOL had referred the lot for criminal prosecution. But I suppose it's a little hard to bring Chinese and Brazilian spammers to justice in Virginia or in the US. Maybe we could get DOD to serve warrants and do the extraditions...
Finally, after all these years, someone at Wired thinks I'm nifty. I feel so much better now. Well, maybe not.
Project Web Form Flooder at http://formflood.sourceforge.net
Visit project web form flooder at http://formflood.sourceforge.com and you can hit back the spammers that annoy you. Or check out Unsolicited Commando at http://www.astrobastards.net/uc and hit back spammers in general. Or do both, but for cripes sake, do something other than reelect representatives that think that CAN-SPAM is going to help at all!
Maybe it's the US that's becoming more like Norway. If you're aquitted in a criminal trial here, prosecutors will throw civil litigation at you for denying someone's "civil rights" for the same issue involved in the criminal trial they lost. In the end, if the state has it out for you, they'll eventually screw you, and they'll find some extra-constitutional way to make it happen.
Maybe it's a good thing DVD-Jon wasn't subjected to our current version of civil liberties after all.
Maybe it's just wishful thinking, although I doubt the open source community would really be interested in IE even if it became GPL. It would require way too much work to bring that up to speed. Not worth it when there's a horde of better GPL browsers out there.
Your cluster is going to ROCK, though, with kernel async I/O, better management of large memory, greater SMP scalability, hyperthreading and a bunch of other things. Databases are going to see huge improvements.
You WILL be pleased. I promise.
These technicial-draftees are extraordinarily busy. They're asked to manage really complex systems that are not terribly reliable. MS Exchange and Win2k require good people to keep them going, but throw database replication systems and the rest of their suite on top, and they spend more of their time crying for help to shoreside contractors than getting things fixed. That their MS Exchange server got penetrated is hardly a surprise given the number of fires these guys are regularly trying to keep under control.
If they can get professional DBA's and Network Engineers on each ship and this happens, then I'd raise hell. But there aren't a whole lot of MSCEs and DBAs that want to go on 9 month sea deployments of 16-hour days with the starting salary of an E-3, which I guess is about $800/month. In the meantime, scream at Lockheed Martin, the contractor for the Navy-Marine Corps Internet (NMCI) project, which has hosed up more than they have fixed. NMCI dictates identical configurations across all systems, which makes it really likely that the vulnerability we see here exists virtually everywhere in the Navy. Lockheed designed it this way, and got paid an enormous pile of cash to do so.
Maybe they owe us a refund?
Yeah, I really want to give my business to these wackjobs. But I suppose employing accountants to figure this data out helps the economy in some small way...
You don't just have to sit there and be pissed. You can fight back. Check out Project Web Form Flooder at http://formflood.sourceforge.net . When someone wants you to visit their website and complete a mortage quote form or something like that, you can visit it, say about 800 times a minute and submit the most interesting random data they've ever seen!
Now MS has overwhelmed Sybase with a derivation of it's own technology that has MS's special additional bugs included for a nominal price, largey because they know how to market and Sybase regularly fails to market it's products effectively.
If someone abets the sale of a product or service that is demonstrably fraudulent, a harsh penalty is clearly warranted. If someone attempts to conduct a business using fraudulent and deceptive means, a harsh penalty is certainly in order. If someone steals property or services from another (routing email through hacked mail relays) that theft should be strongly prosecuted. This is not a case of an innocent business trying to market themselves, this is the act of an ongoing criminal enterprise trying to steal, yes steal, money from unsuspecting citizens.
Fight spammers. Go to http://formflood.sourceforge.net and fight back!
It won't solve every problem, but any spammer that relies on victim's entries to his database in order to profit will have his database salted. It might even be a small annoyance to other sites by pounding on credit card submission forms with invalid data.
It's not government that will ever resolve this, it's the populace, as envisioned by Jefferson, Marx and every other revolutionary, which just might get sick of the BS and fight back in overwhelming numbers. That is if they're not getting OD'd on soma gas.
I'd rather not take it, even if I'm not sure how effective this way of fighting back is.
If you have anything better, I'd welcome criticism I can make use of.
At this point, "nice try" is a good start. Total and complete victory is something I can be patient for...
I'll accept that, especially if there's an offer to help included!
It's their DATA that's valuable. The data that unsuspecting knuckleheads willingly provide is what they make their money from. Flood their data with garbage so they can't tell the real from the bogus and their entire database becomes effectively useless.
For those that are truly unsuspecting, getting hit with a reasonable clue-bat is a good thing.
Project Web Form Flooder may be of some interest to you.