'should be able to' is not the same as 'are able to'.. just thought I should mention it..
GP is definitely right, if you dispute something and take it to court, the judge should look at the content, not at wether he thinks you are a nutcase or such.
Okay, but I'm fairly sure they're not paying $.02 per email.
Probably, but it depends. Usually they pay people for the amount of time the computer is used, not for the number of mails.
The principle that would make this work is that there is a proportional cost for sending emails. That's when it stops making economic sense.
As both me and another poster already pointed out, it doesn't stop junk mail in your physical mailbox, despite the cost per mail being a bit more then $0.02 there, so I see no reason why it will put an end to spam.
Also, why should people who run for example a mailinglist be charged yet another time for what is often a public service?
If you make it expensive enough to actually do something about spam, it will be too expensive for normal use by many people as well.
How about putting into your contract with your customers that engaging in activities that gets them onto well known public email blacklists are defined as spamming, and if they do so, they will have to resolve the issue with the blacklist, or are otherwise in violation of the 'no-spaming' clause of the contract?
That would work if it wasn't for some well known blacklists being inacurate and impossible to deal with. Listing the ones which are 'reliable' will not work either because that changes more often then I am willing to change contracts with customers.
If it is a $10/month customer I'm sure that in virtually all cases breaking the contract is cheaper then dealing with the mess. For customers who pay a lot more then that, it really pays to do a bit of background research into that customer before accepting them.
I don't quite understand. 1 million emails will cost $20,000, so they would have to make +$20,000 for it to make sense to use that marketing channel. It doesn't matter who they pay, the ISP or the computer owner, or if they send all emails from one computer or from several.
Matter of fact is that there are spammers paying users for being able to use their computers right now, which strongly suggests that it is economically viable to do this, eventho there are ways to spam without such payment right now.
While it was indeed true that we were hosting a server for this person, Spamhaus had a) blocked an address range larger than the IP addresses involved with this spammer, and b) would not offer any proof that the spammer had been using the server we host for him to involve in any spamming activities.
It is extremely difficult to make it onto the ROKSO list. It requires multiple incidents, and Spamhous is not unclear at all about what it takes to get on there.
By allowing people on the ROKSO list to rent a server from you, you are helping them running their business, regardless of if that actual server is used for spamming or not. Spamhouse is of the opinion that if you make money by helping such people, that you deserve action being taken against you, and that indeed includes blocking more then the specific server, at least after a while.
Having a range blocked is the consequence of escalation. It is usually not the initial action they take when you end up doing hosting for someone involved in spamming
When we contacted them, they refused to unblock this range unless we suspended the account of this spammer (again without providing any proof of activities conducted from our network that would breach our TOS), even though they acknowledged that the range they were blocking involved innocent customers. For us to suspend him at the request of Spamhaus would have been US breaking our contract with him, as there was no indication that he had violated our AUP (which DOES prohibit involvement with spam).
Again, you don't get onto ROKSO for no reason. spamhous documents their ROKSO entries quite well usually, so 'involvement in spam' is quite likely here, and you can quite review why a certain person ended up on that list.
And yes, I have worked for an ISP in the same position as you are in. The choice we had was between:
Review the documentation and decide that the price for breaking the contract was much lower then the price for supporting spam
Don't do anything untill they escalate (effectively just delaying the issue)
Don't do anything at all
Both financial and moral obligations made the first option the best by far, and getting of the list was quite easy after this.
Yes, what we need is a $0.2 tax on each email sent. As soon as bulk emailing has cost/benefit implications, spam is gone.
This sounds reasonable and yet it has been shown wrong for a long time:
It is economically viable for spammers to pay people for using their machines for sending spam, and this is something that is happening every day. As long as the price is not somewhat substantial, it won't do much about spam, and when the price is substantial enough it will also hinder normal email.
That it does not work should also be evident from all the junkmail arriving in your snailmailbox, which costs money as well,
But then, so long as you don't redistribute the GPL grants you permission to do whatever you like anyway, so whether or not you've accepted it is moot.
Not exactly. It only grants you those permissions if you accept it. You are correct in the sense that the GPL does not get you any additional obligations as long as you do not distribute anything.
This also makes that it is extremely unlikely that anyone is ever going to sue anyone over this, and may even help a fair use defence.
It is not 'moot' however because allowing this is the basic idea that brought us the GPL (being allowed to do whatever you want with the software including modifying it)
Subject to sections 107 through 122, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following:
(1) to reproduce the copyrighted work in copies or phonorecords;
(2) to prepare derivative works based upon the copyrighted work;
(3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending;
So, preparing derivative works is an exclusive right of the copyright holder.
You can modify and derive from it all you want and still ignore the license. It's only if you decide to distribute those modifications that the GPL is relevant. But.. INAL.
And I believe you are wrong because copyright law stops you from modifying and deriving from. The GPL however permits it. Consequentely, without accepting the GPL, copyright law applies and you are not allowed to modify or derive.
but the code signing device underneath. They did not exist back then, at least not as off-the-shelf components available for civilian designs.
The code signing is only really needed if you want to allow for replacable firmware. If you write your code to a rom and cover the board with epoxy, it already becomes very hard to tamper with. Flash rom wasn't as available as it is now, in fact, it was invented in the late 80s, so not at all available when those machines were designed,.
I'm pretty sure that Microsoft keeps its own needs in mind when designing and implementing the API for their security model. I'm also pretty sure they don't care that much about the needs of their competition.
Having unlimited access to kernel resources does make the job of software that is supposed to inspect the system for suspect behavior a bit easier, definitely. It also means that those who make such software can do so in ways other then Microsoft considered 'appropriate' or in ways that Microsoft simply didn't think of, and didn't provide an API for.
My bet is that they'll end up with a certification program for such software.. Can't push them out of the market, so lets at least make a bit of money from their sales...
What Microsoft does in an xbox360 is not relevant to what a small engineering company would have done over 20 years ago.
That is of course correct.
However, back in the 80s I was involved with some pirate radio station. In order to make our transmitters tamper and weather proof and reduce acustic resonance, we'd usually cover them in epoxy, which was a well known idea already back then.
Microsoft's responsibility should be to provide an operating system that isolates the kernel from the user to the extent that no application run by an unpriviledged user could ever compromise anything other than that user's files. If they succeed, then the AV vendors have no need to get into the kernel.
Problem is that all software contains bugs, so actually making this perfect is impossible.
Hence, there will still be a need to look in kernel space to see if everything there is really ok.
Surely the AV companies had to know that MS would eventually be pulling a netscape on them.
Thats definitely part of why they are making this fuzz.
The company has to grow, and that market is a great opportunity for them. That being said, Microsoft being in the anti-virus market itself seems like some form of collusion. Imagine if the car manufacturers were also the owners of all the gas companies.
Well, in the current situation it would most likely be illegal for them to do this.
My thinking was that even if it were possible that an OS were totally secure (agreed that's of diminuative probablility) then the current crop of combatants would still find some way to argue, including the EU.
Agreed there.
I've felt the effect of failures in too many degree-removed apps (McAfee, Norton, etc.) to blindly trust them as it seems do you.
I have seen enough issues to not trust anyone blindly in this, not 'even' Microsoft. Please don't jump to conclusions..
I'm in the camp that should Microsoft choose to take this onto themselves in-toto then -this time- they should be given the chance.
Well, they screwed up for decades, and by that created an entire subindustry. Now they went and bought a solution themselves, and as a result they should be allowed to exclude their competition? Sure, if not for the fact that they still have an effective monopoly (that does only require enough market share to be able to dictate conditions, it does NOT in any way require 100% market share), and have abused that repeatedly in the past, and in this case would abuse it again. When you are in their position, you are not allowed to use your monopoly in one market to gain a monopoly in another market.
Once there are multiple vendors with comparable market share this will change, but untill then, they are indeed not allowed to do such things.
But, since they have made that decision to the contrary, I see benefits overall. Open is better than Closed in any case.
Open by design would be a lot better then closed by design. I am not sure if open due to almost having fucked up again is such a good thing however...
Protecting the kernel and its resources is really a good idea. When you do so, it is also a very good idea to make a system that can grant priveleges to the kernel and its resources when needed, and which has a variety of ways to determine if the software is authorized. Designing this properly is no easy task, and changing policy this late in the development cycle is not unlikely to turn into a real problem.
Vista could be remedially-exempt (eg. totally secure)
Totally secure does not exist. It is a theoretical impossibility.
Being able to use different tools from different vendors to analyse the current state of a machine is simply vital for being able to keep the machine secure. Why? because none of those tools will be perfect, and there will always be issues that are found by one but not the other tool.
That trust is severely misplaced. Third-party companies can only play catch-up and do so from the disadvantage of external access to the system.
That is true only in theory when it comes to Microsoft.
One can for example make the same argument about the MS tool for finding malicious software. Granted, their tool is decent, but not the best one around, not by far even, despite their 'intimate knowledge' of their own system.
Matter of fact is that despite unpublished APIs, attempts at completely breaking competing software and such, MS seldom makes something that is significantly better then their competition, and usually it is them playing catchup when it comes to security related software
Given their history with security, it is entirely correct to say that untill they have actually proven themselves competent in this over a somewhat longer term, 3rd party solutions are to be trusted over their solution.
IBM indeed qualifies for being a 28 years old living in his aunts basement..
So do the companies I work for of course..
At any rate, as part of my job I do forensics and cleanup of compromised machines, Windows, Linux and many Unix variations... Linux (and in general Unix) machines are typically a desirable target for those involved in denial of service attacks, distribution of illegal files and so on, usually because they are used as a server and have a lot of bandwidth.
I telnet directly to web servers to reply in forums...
Well, all jokes aside, I do indeed telnet into smtp, pop3, nntp and http servers at times for testing and debugging.. It is often somewhat amusing to observe how people respond when they see me doing that (ranging from 'is it that simple??' to complete amazement and awe)
This might be hard to follow, but a substantial group of people never ever heard about them, never saw their ads, and generally have no clue. I was actually one of those. Why? because they do not advertise where I live (it would be illegal for them most likely also, and not just because they are a scam).
You know.. a large number of people (like over 90%) does not live in the USA and simply never heard of them... Slashdot is American? sure, but many of its readers are not... so sorry for spoiling your joke by being informative...
We get blamed for the things we do, the things we don't do, the things other people do that we didn't prevent, the things other people don't do that we didn't encourage...
All of those can be mistakes, and mistakes happen. You are misunderstanding why people have a problem with the current attitude of the USA.
Boy, life is tough in the most important country in the history of the world.
You see, this is the real problem.
Currently, the USA is the most powerfull country on the face of the planet. That in itself does not make it the most important country at this moment, let alone in history. Get rid of this arrogant and absurd notion, and your problem is gone.
Slashdot Mirror
In itself? sure, but not after first claiming that he didn't see it..
'should be able to' is not the same as 'are able to'.. just thought I should mention it..
GP is definitely right, if you dispute something and take it to court, the judge should look at the content, not at wether he thinks you are a nutcase or such.
Okay, but I'm fairly sure they're not paying $.02 per email.
Probably, but it depends. Usually they pay people for the amount of time the computer is used, not for the number of mails.
The principle that would make this work is that there is a proportional cost for sending emails. That's when it stops making economic sense.
As both me and another poster already pointed out, it doesn't stop junk mail in your physical mailbox, despite the cost per mail being a bit more then $0.02 there, so I see no reason why it will put an end to spam.
Also, why should people who run for example a mailinglist be charged yet another time for what is often a public service?
If you make it expensive enough to actually do something about spam, it will be too expensive for normal use by many people as well.
How about putting into your contract with your customers that engaging in activities that gets them onto well known public email blacklists are defined as spamming, and if they do so, they will have to resolve the issue with the blacklist, or are otherwise in violation of the 'no-spaming' clause of the contract?
That would work if it wasn't for some well known blacklists being inacurate and impossible to deal with. Listing the ones which are 'reliable' will not work either because that changes more often then I am willing to change contracts with customers.
If it is a $10/month customer I'm sure that in virtually all cases breaking the contract is cheaper then dealing with the mess. For customers who pay a lot more then that, it really pays to do a bit of background research into that customer before accepting them.
I don't quite understand. 1 million emails will cost $20,000, so they would have to make +$20,000 for it to make sense to use that marketing channel. It doesn't matter who they pay, the ISP or the computer owner, or if they send all emails from one computer or from several.
Matter of fact is that there are spammers paying users for being able to use their computers right now, which strongly suggests that it is economically viable to do this, eventho there are ways to spam without such payment right now.
When we contacted them, they refused to unblock this range unless we suspended the account of this spammer (again without providing any proof of activities conducted from our network that would breach our TOS), even though they acknowledged that the range they were blocking involved innocent customers. For us to suspend him at the request of Spamhaus would have been US breaking our contract with him, as there was no indication that he had violated our AUP (which DOES prohibit involvement with spam).
Again, you don't get onto ROKSO for no reason. spamhous documents their ROKSO entries quite well usually, so 'involvement in spam' is quite likely here, and you can quite review why a certain person ended up on that list.
And yes, I have worked for an ISP in the same position as you are in. The choice we had was between:
Both financial and moral obligations made the first option the best by far, and getting of the list was quite easy after this.
Yes, what we need is a $0.2 tax on each email sent. As soon as bulk emailing has cost/benefit implications, spam is gone.
This sounds reasonable and yet it has been shown wrong for a long time:
It is economically viable for spammers to pay people for using their machines for sending spam, and this is something that is happening every day. As long as the price is not somewhat substantial, it won't do much about spam, and when the price is substantial enough it will also hinder normal email.
That it does not work should also be evident from all the junkmail arriving in your snailmailbox, which costs money as well,
But then, so long as you don't redistribute the GPL grants you permission to do whatever you like anyway, so whether or not you've accepted it is moot.
Not exactly. It only grants you those permissions if you accept it. You are correct in the sense that the GPL does not get you any additional obligations as long as you do not distribute anything.
This also makes that it is extremely unlikely that anyone is ever going to sue anyone over this, and may even help a fair use defence.
It is not 'moot' however because allowing this is the basic idea that brought us the GPL (being allowed to do whatever you want with the software including modifying it)
Please check for example http://www.copyright.gov/title17/92chap1.html#106
106. Exclusive rights in copyrighted works36
Subject to sections 107 through 122, the owner of copyright under this title has the exclusive rights to do and to authorize any of the following:
(1) to reproduce the copyrighted work in copies or phonorecords;
(2) to prepare derivative works based upon the copyrighted work;
(3) to distribute copies or phonorecords of the copyrighted work to the public by sale or other transfer of ownership, or by rental, lease, or lending;
So, preparing derivative works is an exclusive right of the copyright holder.
You can modify and derive from it all you want and still ignore the license.
It's only if you decide to distribute those modifications that the GPL is relevant.
But.. INAL.
And I believe you are wrong because copyright law stops you from modifying and deriving from. The GPL however permits it. Consequentely, without accepting the GPL, copyright law applies and you are not allowed to modify or derive.
You can't just 'ignore' the GPL, can you?
As long as you don't modify or derive from or distribute the software, yes you can quite ignore it.
but the code signing device underneath. They did not exist back then, at least not as off-the-shelf components available for civilian designs.
The code signing is only really needed if you want to allow for replacable firmware. If you write your code to a rom and cover the board with epoxy, it already becomes very hard to tamper with. Flash rom wasn't as available as it is now, in fact, it was invented in the late 80s, so not at all available when those machines were designed,.
I'm pretty sure that Microsoft keeps its own needs in mind when designing and implementing the API for their security model. I'm also pretty sure they don't care that much about the needs of their competition.
Having unlimited access to kernel resources does make the job of software that is supposed to inspect the system for suspect behavior a bit easier, definitely. It also means that those who make such software can do so in ways other then Microsoft considered 'appropriate' or in ways that Microsoft simply didn't think of, and didn't provide an API for.
My bet is that they'll end up with a certification program for such software.. Can't push them out of the market, so lets at least make a bit of money from their sales...
What Microsoft does in an xbox360 is not relevant to what a small engineering company would have done over 20 years ago.
That is of course correct.
However, back in the 80s I was involved with some pirate radio station. In order to make our transmitters tamper and weather proof and reduce acustic resonance, we'd usually cover them in epoxy, which was a well known idea already back then.
Microsoft's responsibility should be to provide an operating system that isolates the kernel from the user to the extent that no application run by an unpriviledged user could ever compromise anything other than that user's files. If they succeed, then the AV vendors have no need to get into the kernel.
Problem is that all software contains bugs, so actually making this perfect is impossible.
Hence, there will still be a need to look in kernel space to see if everything there is really ok.
Surely the AV companies had to know that MS would eventually be pulling a netscape on them.
Thats definitely part of why they are making this fuzz.
The company has to grow, and that market is a great opportunity for them. That being said, Microsoft being in the anti-virus market itself seems like some form of collusion. Imagine if the car manufacturers were also the owners of all the gas companies.
Well, in the current situation it would most likely be illegal for them to do this.
My thinking was that even if it were possible that an OS were totally secure (agreed that's of diminuative probablility) then the current crop of combatants would still find some way to argue, including the EU.
Agreed there.
I've felt the effect of failures in too many degree-removed apps (McAfee, Norton, etc.) to blindly trust them as it seems do you.
I have seen enough issues to not trust anyone blindly in this, not 'even' Microsoft. Please don't jump to conclusions..
I'm in the camp that should Microsoft choose to take this onto themselves in-toto then -this time- they should be given the chance.
Well, they screwed up for decades, and by that created an entire subindustry. Now they went and bought a solution themselves, and as a result they should be allowed to exclude their competition? Sure, if not for the fact that they still have an effective monopoly (that does only require enough market share to be able to dictate conditions, it does NOT in any way require 100% market share), and have abused that repeatedly in the past, and in this case would abuse it again. When you are in their position, you are not allowed to use your monopoly in one market to gain a monopoly in another market.
Once there are multiple vendors with comparable market share this will change, but untill then, they are indeed not allowed to do such things.
But, since they have made that decision to the contrary, I see benefits overall. Open is better than Closed in any case.
Open by design would be a lot better then closed by design. I am not sure if open due to almost having fucked up again is such a good thing however...
Protecting the kernel and its resources is really a good idea. When you do so, it is also a very good idea to make a system that can grant priveleges to the kernel and its resources when needed, and which has a variety of ways to determine if the software is authorized. Designing this properly is no easy task, and changing policy this late in the development cycle is not unlikely to turn into a real problem.
Oh, I forgot one thing:
Vista could be remedially-exempt (eg. totally secure)
Totally secure does not exist. It is a theoretical impossibility.
Being able to use different tools from different vendors to analyse the current state of a machine is simply vital for being able to keep the machine secure. Why? because none of those tools will be perfect, and there will always be issues that are found by one but not the other tool.
That trust is severely misplaced. Third-party companies can only play catch-up and do so from the disadvantage of external access to the system.
That is true only in theory when it comes to Microsoft.
One can for example make the same argument about the MS tool for finding malicious software. Granted, their tool is decent, but not the best one around, not by far even, despite their 'intimate knowledge' of their own system.
Matter of fact is that despite unpublished APIs, attempts at completely breaking competing software and such, MS seldom makes something that is significantly better then their competition, and usually it is them playing catchup when it comes to security related software
Given their history with security, it is entirely correct to say that untill they have actually proven themselves competent in this over a somewhat longer term, 3rd party solutions are to be trusted over their solution.
IBM indeed qualifies for being a 28 years old living in his aunts basement..
So do the companies I work for of course..
At any rate, as part of my job I do forensics and cleanup of compromised machines, Windows, Linux and many Unix variations... Linux (and in general Unix) machines are typically a desirable target for those involved in denial of service attacks, distribution of illegal files and so on, usually because they are used as a server and have a lot of bandwidth.
I telnet directly to web servers to reply in forums...
Well, all jokes aside, I do indeed telnet into smtp, pop3, nntp and http servers at times for testing and debugging.. It is often somewhat amusing to observe how people respond when they see me doing that (ranging from 'is it that simple??' to complete amazement and awe)
I telnet into smtp and pop3 servers to send and read mail...
This might be hard to follow, but a substantial group of people never ever heard about them, never saw their ads, and generally have no clue. I was actually one of those. Why? because they do not advertise where I live (it would be illegal for them most likely also, and not just because they are a scam).
You know.. a large number of people (like over 90%) does not live in the USA and simply never heard of them... Slashdot is American? sure, but many of its readers are not... so sorry for spoiling your joke by being informative...
http://www.scam.com/showthread.php?t=10213
Or is tucows one of those registrars which doesn't actually let you move your domain registration out of them?
From experience I can say they are not being difficult in such things at all, rather the opposite.
We get blamed for the things we do, the things we don't do, the things other people do that we didn't prevent, the things other people don't do that we didn't encourage...
All of those can be mistakes, and mistakes happen. You are misunderstanding why people have a problem with the current attitude of the USA.
Boy, life is tough in the most important country in the history of the world.
You see, this is the real problem.
Currently, the USA is the most powerfull country on the face of the planet. That in itself does not make it the most important country at this moment, let alone in history. Get rid of this arrogant and absurd notion, and your problem is gone.