This is definitely a bad idea, for a whole lot of reasons.
Firstly, as other posters have mentioned, this is illegal in most nations. Let's not stoop down to the criminal level.
Secondly, in conjunction with the first point, why should we all collectively bend down to play dirty to beat the spammers? Shouldn't we spend our energy and effort on something less destructive and low-brow? I honestly believe that someone (or someones) will eventually come up with a system to more or less replace the current email standard with equal user-friendliness (at least to the end-user, which ends up being the driving force, but user-friendly at the admin level would be great too) but also with built-in security mechanisms that make spamming unprofitable while keeping regular usage cheap.
Whether this system emerges from the current examples of hash-cash or somewhere else, I would say it is our best chance to stop the problem without stooping to criminality with what is basically a path-work solution.
And yes, I am aware that all systems have vulnerabilities, but to just throw up our hands in despair and say, "But the spammers will get into the new system eventually!" is to give up. We shouldn't just sit idly by and collectively play poor-me; we should be thinking of some new system and how to seamlessly get it into place (yes, Virginia, there'll be a time lag, it took about 25 years for email to become mainstream). Then, whenever the spammers figure out a way in (I'm hoping for never), we'll already have had time to think about, research, and develop a further system.
Let's apply a little brain-power to the problem instead of using what is essentially crude and criminalistic tactics. I, for one, am fully willing to devote my time and knowledge to solving the problem. --- You can use any kind of HTML formatting that Slashdot accepts. Generated by SlashdotRndSig via GreaseMonkey
Definitely on the Nifty List
on
Mapping Google News
·
· Score: 2, Interesting
This is by far one of the most interesting uses of data-mining I've seen in while. Neat to see what are the hotspots, as far as news goes, in the world.
The guys at Buzztracker desrve a cookie (edible variety).
Ayuh, no book makes it to my bookshelf without first having been read. Although by the time this thing comes out (2007-ish IIRC), I may need more shelving.
Nifty, but mainly from the whole CS angle. And it seems a bit more approachable that the third book was, although some of that has to do with the fact that I was relatively unschooled when I first read them.
Your point is well taken, thought about it shortly after posting (effing hang-over) in terms of layering protocols on top of each other.
I was thinking more on the lines of what another grand-child post pointed out of moving the sensitive data back beyond several layers of indirection that must be satisfied before things move on and more access is allowed. Such that you must present pass-code A to layer A, pass-code B to layer B, and so forth, each using a different pass-code system at each layer, detecting break-in attempts vigorously at each layer. Then one could devise some kind of scheme to re-organize the system upon the detection of a break-in at any level (switching pass-schemes or pass-keys or something of that nature) and also some scheme to rigorously track down the cracker for legal purposes.
A good safe is designed in layers, so that to get in, you have to break through each layer. And the more layers, the more time it takes. Safe-makers know no safe is completely secure, and all safes are crackable.
Time is the enemy of anyone looking to commit theft/robbery, whether that person is working physically or digitally. So the longer it takes the more secure the system it is.
While we defeinitely know security by obfuscation is stupid in terms of computer security, safety by layers makes sense.
If there were several layers of encryption (asymmetrical and symmetrical), compromising the system takes more time, and if one layer fails, the game isn't over just yet.
Admittedly secure traffic would be much slower than unsecured traffic, the benefits of this kind of layered approach would be more than worth it for data that needs to be as secure is possible.
I dunno, I never have liked to tie myself to one language or another. Maybe it's the CS major, but I find that all languages have things in common, and that I can quickly become proficient in each.
Sure I have my favorite languages, but I treat each language I come across equally; hell, I tolerated and become proficient in Scheme of all things. This way, if the flavor of the day goes away, I can simply pick up a book on the new flavor, figure out how it does business, and get to work.
Good principles and techniques transcend language boundaries.
At work, we use TikiWiki, but we have a lot of users and lots of files moving in and out, articles and such. I also use TikiWiki to talk between my family.
The only trick is that it can take a while to install (I watched our poor Gentoo web-server grind away for a long time compiling and installing MySQL, Apache with the mods, and the updated mail client). However, there is a lot of documentation on customization and use.
Although, if you're not looking for the blogs and the multi-user thing, try something else.
I would dig up the discussion about CMS's from a few months ago, but I can't seem to find it handily here.
You've never done distributed computing work, have you?
On average, the 1000 zombies will have an average CPU equivalent to a P4. Add to that network latency and all the work that has to go into coordination, and the equivalent CPU power goes down.
So if a spammer had 1000 zombies, he'd get at best a 1000 hours of work in 1 hour, and on average maybe a 100. To send a million emails, even under the best conditions and using the two or three second hash-compute time, he would need approximately 555-833 hours.
Okay, do a little math. Spammers want to spam millions of addresses. So, even with a theoretically large network of zombies (say a thousand for one spammmer), the zombies can compute an equivalent 1000 hours of work in an hour. That's 1000 emails. The spammer would need to get his zombies to do 1000 hours of work to send a million emails. Eventually, the excessive work being doen on these zombies would get someone's attention and they would either be cut from the network or reclaimed from zombie status.
I don't know about you, but I RTFA, and once you and your friends have done a little grunt work once, you no longer need to do grunt-work.
Also, if I read correctly, the hashes may only take a few minutes per address, even on the minute scale, it is too economically expensive for spammers to send email.
More or less, spammers would need the equivalent super-computer on the scale of the Columbia installation or the Earth Simulator to effectively continue spamming.
Slashdot Mirror
This is definitely a bad idea, for a whole lot of reasons.
Firstly, as other posters have mentioned, this is illegal in most nations. Let's not stoop down to the criminal level.
Secondly, in conjunction with the first point, why should we all collectively bend down to play dirty to beat the spammers? Shouldn't we spend our energy and effort on something less destructive and low-brow? I honestly believe that someone (or someones) will eventually come up with a system to more or less replace the current email standard with equal user-friendliness (at least to the end-user, which ends up being the driving force, but user-friendly at the admin level would be great too) but also with built-in security mechanisms that make spamming unprofitable while keeping regular usage cheap.
Whether this system emerges from the current examples of hash-cash or somewhere else, I would say it is our best chance to stop the problem without stooping to criminality with what is basically a path-work solution.
And yes, I am aware that all systems have vulnerabilities, but to just throw up our hands in despair and say, "But the spammers will get into the new system eventually!" is to give up. We shouldn't just sit idly by and collectively play poor-me; we should be thinking of some new system and how to seamlessly get it into place (yes, Virginia, there'll be a time lag, it took about 25 years for email to become mainstream). Then, whenever the spammers figure out a way in (I'm hoping for never), we'll already have had time to think about, research, and develop a further system.
Let's apply a little brain-power to the problem instead of using what is essentially crude and criminalistic tactics. I, for one, am fully willing to devote my time and knowledge to solving the problem.
---
You can use any kind of HTML formatting that Slashdot accepts.
Generated by SlashdotRndSig via GreaseMonkey
This is by far one of the most interesting uses of data-mining I've seen in while. Neat to see what are the hotspots, as far as news goes, in the world.
The guys at Buzztracker desrve a cookie (edible variety).
Ayuh, no book makes it to my bookshelf without first having been read. Although by the time this thing comes out (2007-ish IIRC), I may need more shelving.
Nifty, but mainly from the whole CS angle. And it seems a bit more approachable that the third book was, although some of that has to do with the fact that I was relatively unschooled when I first read them.
It'll be a pleasure to add it to my bookshelf.
Your point is well taken, thought about it shortly after posting (effing hang-over) in terms of layering protocols on top of each other.
I was thinking more on the lines of what another grand-child post pointed out of moving the sensitive data back beyond several layers of indirection that must be satisfied before things move on and more access is allowed. Such that you must present pass-code A to layer A, pass-code B to layer B, and so forth, each using a different pass-code system at each layer, detecting break-in attempts vigorously at each layer. Then one could devise some kind of scheme to re-organize the system upon the detection of a break-in at any level (switching pass-schemes or pass-keys or something of that nature) and also some scheme to rigorously track down the cracker for legal purposes.
I think his comparison is on to something here.
A good safe is designed in layers, so that to get in, you have to break through each layer. And the more layers, the more time it takes. Safe-makers know no safe is completely secure, and all safes are crackable.
Time is the enemy of anyone looking to commit theft/robbery, whether that person is working physically or digitally. So the longer it takes the more secure the system it is.
While we defeinitely know security by obfuscation is stupid in terms of computer security, safety by layers makes sense.
If there were several layers of encryption (asymmetrical and symmetrical), compromising the system takes more time, and if one layer fails, the game isn't over just yet.
Admittedly secure traffic would be much slower than unsecured traffic, the benefits of this kind of layered approach would be more than worth it for data that needs to be as secure is possible.
I dunno, I never have liked to tie myself to one language or another. Maybe it's the CS major, but I find that all languages have things in common, and that I can quickly become proficient in each.
Sure I have my favorite languages, but I treat each language I come across equally; hell, I tolerated and become proficient in Scheme of all things. This way, if the flavor of the day goes away, I can simply pick up a book on the new flavor, figure out how it does business, and get to work.
Good principles and techniques transcend language boundaries.
At work, we use TikiWiki, but we have a lot of users and lots of files moving in and out, articles and such. I also use TikiWiki to talk between my family.
The only trick is that it can take a while to install (I watched our poor Gentoo web-server grind away for a long time compiling and installing MySQL, Apache with the mods, and the updated mail client). However, there is a lot of documentation on customization and use.
Although, if you're not looking for the blogs and the multi-user thing, try something else.
I would dig up the discussion about CMS's from a few months ago, but I can't seem to find it handily here.
You've never done distributed computing work, have you?
On average, the 1000 zombies will have an average CPU equivalent to a P4. Add to that network latency and all the work that has to go into coordination, and the equivalent CPU power goes down.
So if a spammer had 1000 zombies, he'd get at best a 1000 hours of work in 1 hour, and on average maybe a 100. To send a million emails, even under the best conditions and using the two or three second hash-compute time, he would need approximately 555-833 hours.
Okay, do a little math. Spammers want to spam millions of addresses. So, even with a theoretically large network of zombies (say a thousand for one spammmer), the zombies can compute an equivalent 1000 hours of work in an hour. That's 1000 emails. The spammer would need to get his zombies to do 1000 hours of work to send a million emails. Eventually, the excessive work being doen on these zombies would get someone's attention and they would either be cut from the network or reclaimed from zombie status.
I don't know about you, but I RTFA, and once you and your friends have done a little grunt work once, you no longer need to do grunt-work.
Also, if I read correctly, the hashes may only take a few minutes per address, even on the minute scale, it is too economically expensive for spammers to send email.
More or less, spammers would need the equivalent super-computer on the scale of the Columbia installation or the Earth Simulator to effectively continue spamming.
Do what UF recommends, change all the passwords and don't tell anyone.