Well, they own the DNS root, so in a sense, you're right. However, this is purely based on free will. If you disagree with this, use an alternate root.
All it takes is to change one record in the root DNS servers. It can be done in a few minutes and will propagate in 72 hrs max.
It is a political, or more correctly, a legal rather than a technical problem. ICANN has contractual obligations toward ccTLD operators (including the current.iq operator) and can't just do that without exposing themselves to liabilities.
IANAL, but can't the US DoC and DoJ cooperate to get a quick warrant from a judge, ordering ICANN to transfer the domain to another ccTLD operator? Or ICANN could even manage the.iq domain themselves, until the Iraqi government appoints their own ccTLD?
Yes, I didn't provide evidence, because the only evidence I have is source code from a grey-hat workshop experiment which establishes a stealth P2P virus/worm-based network (in a lab environment) which does exactly that harvesting stuff I was talking about. This self-spreading, self-organizing and self-healing network code must never be released in the wild for reasons you certainly understand.
Coding this is very easy for experienced people with shellcoding, sockets-api and openssl experience. It's not difficult to find programmers with this skill set. I'm sure that the black hat community is using similar networks since many years now.
So, sorry, you'll have to take my word on this or not. It's your call;)
How difficult would it be to hack into bank computers, creating a bank account, have the money transferred, disable the software bug temporarily, divert that money to other accounts that you create on-the-fly? There's a small window of opportunity where that new accounts are not yet bugged. Withdraw money. Then never log back into their servers! Oh, of course, don't do this from your own phone...:)
If you're that good a cracker, you won't have to use plain old extortion though...
The problem with using virusses and worms to harvest addresses is that "the powers that be" will analyze the infection and identify where the addresses are being sent to.
Don't overestimate their investigative prowess. It is actually quite easy to send back the addresses where they can be collected:
Post them on USENET
Put them on spammer's P2P networks (some zombies are great at this)
Hide them in spam itself.
As for the last point: you can add the addresses as plain text in the spam payload, or you can even cryptographically encrypt them and disguise that as bayesian filter fodder.
Whatever method the virus uses, spammers can collect the information in all anonymity and, therefore, impunity.
I am willing to sacrifice Microsoft and Bill Gate's fortune on the alter of advancements of human sociatal evolution, dignity and experiance.
Even if Bill Gates and Microsoft lost their monopoly, that would hardly mean a sacrifice of their fortune!
The interesting thing here is, that Bill and others at MSFT are just as eager as others to get recognition. If they sense that their old business model is obsolecent, they may very well invest in FOSS (!) to better their reputation. IBM, a former monopolist, now funding Linux is the perfect example for what can happen. I wouldn't be too surprised if Bill Gates did the same once he grows up and becomes a mature and responsible member of our society.
The problem is not that you can screen/filter viruses on your side,
it's that your pals won't on their side; and once a virus on your pals'
machine gets your address (from their addressbook or mail folder content),
it will send this address to harvesting servers, which collect all new
addresses. It is then just a matter of time before you start getting tons
of spam too. You didn't disclose your address, but some virus on your
pals' machine did it. You have absolutely no control over this, once your
email leaves your computer and is stored on someone else's more vulnerable machine.
We shouldn't feed the trolls (eh. ACs), but I'll bite anyway, because it's a valid argument.
You also ban all innocent bystanders than send you regular 550: no such user bounces, right? TMDA messages are exactly like bounces if you think of it. They appear automatically generated on purpose. It's a piece of cake to filter them if you dislike 'em. It's not like spam which tries to deceive you.
Now, trying not to be too caustic, backscatter is a fact of life. If you really want to avoid this completely, you have to follow a strict whitelist policy. Some people actually do this, and if you must, go ahead, block all TMDA users. It's your decision to allow/disallow users (legitimate or illegitimate), bots, or spammers to access your network. That's exactly what TMDA is all about: putting the recipient, not the sender, in control.
OTOH, it's up to TMDA's users to decide how they control their own networks. If it helps stem the spam tide (and it does extremely well!), it will be used. Sending innocent bystanders a 550: No such user or a TMDA confirmation message with a list of full headers is qualitatively the same; perhaps even better, because if you belong to some spam busters brigade, you're free to use those headers to RBL the initial offender, dynamic IP zombie or whatever.
Instead of whining about backscatter, fix SMTP or your legislation (or both). In the mean time, C/R systems are the only alternative to content-based filtering. If you combine C/R and C/B systems, you also reduce the amount of TMDA bounces. Permbanning only helps the spammers by intimidating potential TMDA users and slowing down a more widespread adoption of C/R systems (which would also dry up the spam stream substantially). But, as said, you're the recipient, and you're free to do whatever you like. It's your resources. Make good use of them.
You're just plain lucky. It's a fact of life that at least one of your email pals will use Windows, and store your emails in an Outlook or Outlook Express mail folder. Some days later, your pal will catch a worm or virus, and this little spam helper will harvest all those addresses, including your beloved, "protected" addy.
Good question! It depends on the amount of energy the atmosphere absorbs. The more energy the beam transmits, the higher that amount and the atmosphere would heat up (a little), just enough for this effect to be a real problem.
The arguments used against C/R systems in those discussions all boil down to users' inability to use such a system correctly.
Take for instance mailing lists: if you subscribe to such a list, you should, of course, whitelist that list. Moreover, most C/R systems have built-in safeguards so that they won't send a confirmation message to the list. If you, as a list member, reply to a question, you should answer publicly to the list, so that everyone can profit from your knowledge. Such replies will make it through the whitelist, because they come from the list itself. If, OTOH, you decide to write to me privately, well, that's tough. If you value your own reply, you won't object confirming your address anyway before proceeding.
Another point is if I sent you a message out of the blue. Of course, it would be rude if you had to confirm your address just because you've replied to my message. Most C/R systems allow me to set up my MUA in such a way that it either auto-whitelists every e-mail address I send mail to (so they won't have to confirm when they reply), or I can send them time-limited tagged addresses.
The only real problem with C/R systems is when you subscribe to a service, and that services' confirmation messages come from a completely different domain. It is gross from them to do this, but it happens every now and then. So I always check the tail of the pending queue when I didn't get an expected confirmation message from one of those (IMHO deliberately misconfigured) servers.
The last point is that spammers could set up an autoresponder to auto-whitelist themselves. Well, that almost never happens. It would be great if the increased use of C/R systems forced them to do so, because we could then track those spambags and sue them. As long as they cowardly hide behind fake addresses, C/R is (IMHO) the way to go.
If you take all this into account, C/R systems are absolutely GREAT. Used in combination with regular anti-spam configuration in postfix (or sendmail, qmail, exim,...), they are very effective.
These details can be verified in the 'install.log' file in the computer's root directory.
and
This Macrovision technology does NOT install spyware or vaporware of any kind on a users PC. In fact, CDS-200 does not install software applications of ANY KIND on a user's PC. All the copy protection in CDS-200 is hardware based,
So, if everything is hardware protection, why do they touch some "install.log" in the computer's root directory?
"This Macrovision technology does NOT install spyware or vaporwaere..." of course not. We call this mandatory DRM protection over here at EMI; not "spyware."
If energy were more expensive than it is today, you betcha some entrepreneur would start collecting solar power in space and beam it down. And, yes, it will probably be much less expensive than if NASA did it.
Unfortunately, who ever wants to start this project, will have to convice a lot of governments to get a license. Directing a high energy beam towards the ground is risky, and it puts a lot of power in the hands of the corps steering the beam.
A high energy beam can be used as a WMD, and governments hate competition on this sector! Just look how tightly the nuclear energy sector is regulated. A space energy sector would be even more closely supervised!
Now maybe a private company can develop it for 2% of the cost and we'll have cheap, environmentally benign power.
Is that extra power really environmentally benign? IIRC, intercepting solar energy that would have missed the Earth means directing more energy towards our planet. This excess energy would contribute to increase the global temperature. Nobody know exactly by how many 1/10th of degrees, but it will definitely have some kind of impact.
Even if we only diverted solar energy from A to B (with A and B both on the surface), it would have some kind of effect (perhaps more winds from B towards A to compensate for the differential?).
Personally, I'd say: go for it! have a try! but some people and scientists would most likely object.
Misalignment is really a problem, when the energy density increases. Even if the satellites remain perfectly stable, the beam would "dance" around its intended target due to atmospheric turbulances. You would actually need a large area [51] just as security perimeter, for every collector on the surface.
Regular maintenance work within that area is impossible with the beam turned on. You have to defocus the beam or better yet, turn it off completely, every time you need to repair something. That's not so big a problem, but it is inconvenient.
Why not use multiple small satellites, just like the multiple mirrors of a solar energy collecting plant? All can focus together towards a single spot.
You don't necessarily loose all the money if you took precautions
to ship it abroad or spread it through innumerable channels.
And if you were able to save enough money from the prosecuting
agencies, you'll still have enough "friends" who would be more
than happy to be in your vicinity.
nothing is permanent, including my physical address, my phone number or even my name.
Now that makes sense;) It's actually a great idea.
Imagine the repercussions on the legal system if we could switch IDs in real life every now and then! Change your bank account, diplomas, contracts... would be quite difficult. Unless you have a secret unique ID stored on some government computer. Connect to that server, and change your public name anytime you like (after paying a fee?).
Oh, that was too optimistic. You'll have to use some closed-source, drm-protected, proprietary software to access a nice flashy GUI where you can manage your public IDs.
Some crimes are more effective than others. White collar crimes are generally much more profitable, so you don't need to be a repeat offender if you get it right the first time. Sigh.
Slashdot Mirror
Well, they own the DNS root, so in a sense, you're right. However, this is purely based on free will. If you disagree with this, use an alternate root.
Methinks they should get a new domain: .tiq for "transitional iraq"...
Or .qi for Iraq, written from right to left the arabic way. After all, they are iraqi domains.
All it takes is to change one record in the root DNS servers. It can be done in a few minutes and will propagate in 72 hrs max.
It is a political, or more correctly, a legal rather than a technical problem. ICANN has contractual obligations toward ccTLD operators (including the current .iq operator) and can't just do that without exposing themselves to liabilities.
IANAL, but can't the US DoC and DoJ cooperate to get a quick warrant from a judge, ordering ICANN to transfer the domain to another ccTLD operator? Or ICANN could even manage the .iq domain themselves, until the Iraqi government appoints their own ccTLD?
Yes, I didn't provide evidence, because the only evidence I have is source code from a grey-hat workshop experiment which establishes a stealth P2P virus/worm-based network (in a lab environment) which does exactly that harvesting stuff I was talking about. This self-spreading, self-organizing and self-healing network code must never be released in the wild for reasons you certainly understand.
Coding this is very easy for experienced people with shellcoding, sockets-api and openssl experience. It's not difficult to find programmers with this skill set. I'm sure that the black hat community is using similar networks since many years now.
So, sorry, you'll have to take my word on this or not. It's your call ;)
Just wait until your name shows up on some computer-generated list of (probable) suspects.
Oh, since when doesn't posting on /. qualify for suspect status?
How difficult would it be to hack into bank computers, creating a bank account, have the money transferred, disable the software bug temporarily, divert that money to other accounts that you create on-the-fly? There's a small window of opportunity where that new accounts are not yet bugged. Withdraw money. Then never log back into their servers! Oh, of course, don't do this from your own phone... :)
If you're that good a cracker, you won't have to use plain old extortion though...
t doesn't take a smegging horde of PhDs years of research to create the Word file format.
Nor does it take that much to reverse-engineer it.
But they've banned reverse-engineering, didn't they? Argh...
The problem with using virusses and worms to harvest addresses is that "the powers that be" will analyze the infection and identify where the addresses are being sent to.
Don't overestimate their investigative prowess. It is actually quite easy to send back the addresses where they can be collected:
As for the last point: you can add the addresses as plain text in the spam payload, or you can even cryptographically encrypt them and disguise that as bayesian filter fodder.
Whatever method the virus uses, spammers can collect the information in all anonymity and, therefore, impunity.
Some people are doing nothing illegal when downloading stuff for themselves (as long as they don't share it).
What you legally download, someone else uploaded with high personal risk. Stuff doesn't appear magically in P2P networks, ya know?
I am willing to sacrifice Microsoft and Bill Gate's fortune on the alter of advancements of human sociatal evolution, dignity and experiance.
Even if Bill Gates and Microsoft lost their monopoly, that would hardly mean a sacrifice of their fortune!
The interesting thing here is, that Bill and others at MSFT are just as eager as others to get recognition. If they sense that their old business model is obsolecent, they may very well invest in FOSS (!) to better their reputation. IBM, a former monopolist, now funding Linux is the perfect example for what can happen. I wouldn't be too surprised if Bill Gates did the same once he grows up and becomes a mature and responsible member of our society.
The problem is not that you can screen/filter viruses on your side, it's that your pals won't on their side; and once a virus on your pals' machine gets your address (from their addressbook or mail folder content), it will send this address to harvesting servers, which collect all new addresses. It is then just a matter of time before you start getting tons of spam too. You didn't disclose your address, but some virus on your pals' machine did it. You have absolutely no control over this, once your email leaves your computer and is stored on someone else's more vulnerable machine.
I didn't think of that. A cool, 'shiny' idea!
We shouldn't feed the trolls (eh. ACs), but I'll bite anyway, because it's a valid argument.
You also ban all innocent bystanders than send you regular 550: no such user bounces, right? TMDA messages are exactly like bounces if you think of it. They appear automatically generated on purpose. It's a piece of cake to filter them if you dislike 'em. It's not like spam which tries to deceive you.
Now, trying not to be too caustic, backscatter is a fact of life. If you really want to avoid this completely, you have to follow a strict whitelist policy. Some people actually do this, and if you must, go ahead, block all TMDA users. It's your decision to allow/disallow users (legitimate or illegitimate), bots, or spammers to access your network. That's exactly what TMDA is all about: putting the recipient, not the sender, in control.
OTOH, it's up to TMDA's users to decide how they control their own networks. If it helps stem the spam tide (and it does extremely well!), it will be used. Sending innocent bystanders a 550: No such user or a TMDA confirmation message with a list of full headers is qualitatively the same; perhaps even better, because if you belong to some spam busters brigade, you're free to use those headers to RBL the initial offender, dynamic IP zombie or whatever.
Instead of whining about backscatter, fix SMTP or your legislation (or both). In the mean time, C/R systems are the only alternative to content-based filtering. If you combine C/R and C/B systems, you also reduce the amount of TMDA bounces. Permbanning only helps the spammers by intimidating potential TMDA users and slowing down a more widespread adoption of C/R systems (which would also dry up the spam stream substantially). But, as said, you're the recipient, and you're free to do whatever you like. It's your resources. Make good use of them.
You're just plain lucky. It's a fact of life that at least one of your email pals will use Windows, and store your emails in an Outlook or Outlook Express mail folder. Some days later, your pal will catch a worm or virus, and this little spam helper will harvest all those addresses, including your beloved, "protected" addy.
Good question! It depends on the amount of energy the atmosphere absorbs. The more energy the beam transmits, the higher that amount and the atmosphere would heat up (a little), just enough for this effect to be a real problem.
The arguments used against C/R systems in those discussions all boil down to users' inability to use such a system correctly.
Take for instance mailing lists: if you subscribe to such a list, you should, of course, whitelist that list. Moreover, most C/R systems have built-in safeguards so that they won't send a confirmation message to the list. If you, as a list member, reply to a question, you should answer publicly to the list, so that everyone can profit from your knowledge. Such replies will make it through the whitelist, because they come from the list itself. If, OTOH, you decide to write to me privately, well, that's tough. If you value your own reply, you won't object confirming your address anyway before proceeding.
Another point is if I sent you a message out of the blue. Of course, it would be rude if you had to confirm your address just because you've replied to my message. Most C/R systems allow me to set up my MUA in such a way that it either auto-whitelists every e-mail address I send mail to (so they won't have to confirm when they reply), or I can send them time-limited tagged addresses.
The only real problem with C/R systems is when you subscribe to a service, and that services' confirmation messages come from a completely different domain. It is gross from them to do this, but it happens every now and then. So I always check the tail of the pending queue when I didn't get an expected confirmation message from one of those (IMHO deliberately misconfigured) servers.
The last point is that spammers could set up an autoresponder to auto-whitelist themselves. Well, that almost never happens. It would be great if the increased use of C/R systems forced them to do so, because we could then track those spambags and sue them. As long as they cowardly hide behind fake addresses, C/R is (IMHO) the way to go.
If you take all this into account, C/R systems are absolutely GREAT. Used in combination with regular anti-spam configuration in postfix (or sendmail, qmail, exim, ...), they are very effective.
These details can be verified in the 'install.log' file in the computer's root directory.
and
This Macrovision technology does NOT install spyware or vaporware of any kind on a users PC. In fact, CDS-200 does not install software applications of ANY KIND on a user's PC. All the copy protection in CDS-200 is hardware based,
So, if everything is hardware protection, why do they touch some "install.log" in the computer's root directory?
"This Macrovision technology does NOT install spyware or vaporwaere..." of course not. We call this mandatory DRM protection over here at EMI; not "spyware."
If energy were more expensive than it is today, you betcha some entrepreneur would start collecting solar power in space and beam it down. And, yes, it will probably be much less expensive than if NASA did it.
Unfortunately, who ever wants to start this project, will have to convice a lot of governments to get a license. Directing a high energy beam towards the ground is risky, and it puts a lot of power in the hands of the corps steering the beam.
A high energy beam can be used as a WMD, and governments hate competition on this sector! Just look how tightly the nuclear energy sector is regulated. A space energy sector would be even more closely supervised!
Now maybe a private company can develop it for 2% of the cost and we'll have cheap, environmentally benign power.
Is that extra power really environmentally benign? IIRC, intercepting solar energy that would have missed the Earth means directing more energy towards our planet. This excess energy would contribute to increase the global temperature. Nobody know exactly by how many 1/10th of degrees, but it will definitely have some kind of impact.
Even if we only diverted solar energy from A to B (with A and B both on the surface), it would have some kind of effect (perhaps more winds from B towards A to compensate for the differential?).
Personally, I'd say: go for it! have a try! but some people and scientists would most likely object.
Misalignment is really a problem, when the energy density increases. Even if the satellites remain perfectly stable, the beam would "dance" around its intended target due to atmospheric turbulances. You would actually need a large area [51] just as security perimeter, for every collector on the surface.
Regular maintenance work within that area is impossible with the beam turned on. You have to defocus the beam or better yet, turn it off completely, every time you need to repair something. That's not so big a problem, but it is inconvenient.
Why not use multiple small satellites, just like the multiple mirrors of a solar energy collecting plant? All can focus together towards a single spot.
You don't necessarily loose all the money if you took precautions to ship it abroad or spread it through innumerable channels.
And if you were able to save enough money from the prosecuting agencies, you'll still have enough "friends" who would be more than happy to be in your vicinity.
nothing is permanent, including my physical address, my phone number or even my name.
Now that makes sense ;) It's actually a great idea.
Imagine the repercussions on the legal system if we could switch IDs in real life every now and then! Change your bank account, diplomas, contracts... would be quite difficult. Unless you have a secret unique ID stored on some government computer. Connect to that server, and change your public name anytime you like (after paying a fee?).
Oh, that was too optimistic. You'll have to use some closed-source, drm-protected, proprietary software to access a nice flashy GUI where you can manage your public IDs.
:-)
Pluto or Goofy?
Some crimes are more effective than others. White collar crimes are generally much more profitable, so you don't need to be a repeat offender if you get it right the first time. Sigh.