What would be your actual dollar cost of spam, if you didn't
spend much time and effort fighting it?
Let me explain...
I sometimes hear that spam has significant costs in bandwidth and
storage but I don't believe it. As far as I can tell, SMTP traffic
is at most 2-5% of net traffic. And a quick calculation shows that
an ISP's costs for storing its users' spam are fractions of pennies
on the dollar. (*)
You've likened spam to a DDoS attack on your mail servers.
Stories about being flooded with traffic sound impressive but
computers are so fast now, it's hard to put anecdotes into context.
So I'm looking for dollar amounts. For a customers paying
b dollars per unit time, an ISP like yours has to spend
c dollars per unit time on servers that can handle those
customers' incoming SMTP traffic. If this is significant, I'm
looking for c over a times b:)
Obviously admins to run the servers are an important cost. But
for purposes of this question, suppose you wanted to do the bare
minimum. Say you set up the SMTP servers to use just a few of the
less-intrusive DNSBL lists, like sbl.spamhaus, relays.ordb, or
list.dsbl, and then ignored them as much as possible.
The next most common argument I hear is that customers will
abandon ISPs that don't fight spam. But every ISP has the same
problem, so this is really a competitive advantage issue except for
the small percentage of users who are actually driven off the
internet by spam.
Then there's outgoing spam but I don't imagine that's
too hard to recognize and stop quickly.
Let me know what I'm missing...
(*) Thumbnail calculations of spam storage follow. Let's say J.
Average ISP Customer gets 20 spams a day at 10K each, and deletes
them only every 30 days. That's an average of 20*10K*15 = 3 MB of
storage. If the ISP replaces hard drives every two years on average
and its total storage costs are ten times the actual medium costs
(for labor, backup, redundancy, downtime), then at today's hard
drive prices, that spam storage will cost the ISP 0.003 * 10 / 2
dollars, or about a penny and a half. Over that same year, J.
Customer pays the ISP $100+.
"All the source code will appear on the site soon (GPL)."
Why not today?
Don't be embarrassed about it being crappy code, all code is crappy in the early stages.:) Put the GPL LICENSE file in the root directory, and follow its directions for adding notification to your source files. Then tar it up and call it 0.01.
Put it up and keep putting it up as you update it. If you think you might have security issues, best that you open the code now before your user base gets any bigger -- let people review it and send you suggestions. If you don't think you have security issues, you have no reason not to release it.
For a project that demands community participation, a promise of GPL code in the future is worthless. What's valuable is the code itself.
Licenses, releases, security feedback, other feedback... this is all part of doing a project like this. It's something that isn't normally taught in a university, but if you really want to run a project that depends on its community, this is not extra-credit, this is a prerequisite.
I can't find any licensing anywhere that tells me the terms under which their collected information will be used.
As far as I can tell from prowling over the site's FAQs and other documents, the student who put this together might collect a ton of data about your personal listening habits for a year and then (A) get bored with it and shut the project down without releasing that data back to the community who might want to actually keep the recommendation-system running, or (B) sell it all to marketers who promptly turn it into a paid service.
We've learned from CDDB what happens when users volunteer to build something that isn't Free: if it becomes popular enough to do any good, someone will buy it and shut out the very people who built it.
The creator has a good idea but needs to think it through before he'll get my participation.
It's a crime that Chicago got to take up a slot on the Best Picture list when Far From Heaven was easily the best picture of last year.
Of course I say that without having seen The Hours or The Pianist because no place within 50 miles of me has shown them yet.
Far From Heaven did get four nominations (including Julianne Moore, who should win) but not the one it really deserved. Stupid Academy.
I'm glad to see both Spirit and Spirited Away nominated for Animated Feature; either could win, in my opinion. Spirit was a great movie with really beautiful artwork that was marred by Bryan Adams' hideous music. Of course this assumes anyone cares about a category that last year only bothered to put up three nominees and none of them was Final Fantasy or Waking Life, you stupid Academy traitorous rat bastards who are constitutionally incapable of recognizing any films or critically-acclaimed box-office flops.
Adaptation got nominated for Adapted Screenplay, plus three acting nominations. And "if you liked Adaptation, you'll love" (tm) Confessions of a Dangerous Mind -- it didn't get nominated for anything but I think it's a better film. I liked them both quite a lot.
Solaris should have gotten a nod for Art Direction. That's a damn shame.
And I'm really glad to see Bowling For Columbine nominated for Documentary Feature; if it wins, it'll be a good Oscar night no matter what else happens.
The noise level was one of the biggest complaints many customers
had with the previous generation Power Macs. According to Apple,
this problem has been fixed and customers will be happy with the
results of the work put into correcting this issue.
"We worked really hard and went over the systems to find every
possible way to make the system quieter," said Tom Boger,
Director, Power Mac Product Marketing. "I'm happy to tell you that
we've done that -- when the systems get out in the marketplace,
I'm sure our customers are going to be delighted at how quiet
these systems are."
"They are significantly quieter -- these will answer the critics,"
added Joswiak.
I hope so... I don't want my next Mac to end up looking like
this...
What I'd like to know is how noisy the new mirror-face Power Macs are.
I have an older PowerMac by my left knee and at ear level it generates 44 dB of soft white noise. The new-style mirror-face PowerMacs also generate about 44 dB of noise. But it's whining, tonal noise. It's a note you can hum. It's a hum that cannot be ignored.
Also, apparently, when the mirror-face PowerMacs' auxiliary fan kicks on, it's described as a "leaf blower." It's a lot louder. (I haven't heard that -- the main fans are bad enough -- and it's possible that the recent firmware upgrade helped keep the leaf-blower fan mostly off.)
The hum is so annoying that there's a website devoted to complaining about it and trying to get rid of it:
g4noise.com.
A friend of mine has a music lab with 20 old-style PowerMacs that he'd like to upgrade to newer models. He got one mirror-face PowerMac just to see what it was like. The noise is totally unacceptable for a music lab station -- there's not even any question -- I sat down in front of the keyboard and it took me three seconds to realize there's no way I would use this computer for music.
The best solutions seem to be building a plywood case, lining it with foam, and putting the whole PowerMac inside!
"Even if you read "3-4" to mean 5 orders of magnitude, that means that the factoring cost is reduced by a factor of 100,000.
In other words, a 1024-bit key will only be as safe, after this cost-reduction, as a 1007-bit key is today for the same amount of money."
An increase in 3 bits in symmetric keys corresponds to an increase of about 160 bits at this size of asymmetric key. As I understand it (and this is probably an oversimplification), this is because while you can pick any symmetric key you want, your choice of asymmetric key is limited to prime numbers.
So a change of 4 orders of magnitude in cost-effectiveness would be about the same as shaving 13 bits off a symmetric key. But if the table credited to Lenstra and Verheul is correct, that would correspond to reducing a 1028-bit asymmetric key's effectiveness to 488 bits.
Hmmmm. On the Apple II+, I used "Magic Window II," or at least that name rings a bell and I think it's what I used. It got 70 actual columns of display by using the hi-res screen, 280 pixels wide: each char was 3 pixels wide and 1 pixel between them.
The program's idea of a "W" in 3 horizontal pixels required a bit of imagination, but I typed many a paper on it.
"Will Linux and other alternative operating systems continue to install and function properly on computers containing AMI BIOSes?"
In answering this question, I would ask that our interview victim clarify whether there are any circumstances under which "alternative operating systems" would need to be cryptographically signed by an authority in order to boot, and if so, who is that authority?
Now here's another aspect of TCPA. You can use it to defeat the GPL.
During my investigations into TCPA, I learned that HP has started a development program to produce a TCPA-compliant version of GNU/linux. I couldn't figure out how they planned to make money out of this. On Thursday, at the Open Source Software Economics conference, I figured out how they might.
Making a TCPA-compliant version of GNU/linux (or Apache, or whatever) will mean tidying up the code and removing whatever features conflict with the TCPA security policy. The company will then submit the pruned code to an evaluator, together with a mass of documentation for the work that's been done, including a whole lot of analyses showing, for example, that you can't get root by a buffer overflow.
The business model, I believe, is this. HP will not dispute that the resulting `pruned code' is covered by the GPL. You will be able to download it, compile it, check it against the binary, and do what you like with it. However, to make it into TCPA-linux, to run it on a TCPA-enabled machine in privileged mode, you need more than the code. You need a valid signature on the binary, plus a cert to use the TCPA PKI. That will cost you money (if not at first, then eventually).
Anyone will be free to make modifications to the pruned code, but in the absence of a signature the resulting O/S won't enable users to access TCPA features. It will of course be open to competitors to try to re-do the evaluation effort for enhanced versions of the pruned code, but that will cost money; six figures at least. There will likely be little motive for commercial competitors to do it, as HP will have the first mover advantages and will be able to undercut them on price. There will also be little incentive for philanthropists to do it, as the resulting product would not really be a GPL version of a TCPA operating system, but a proprietary operating system that the philanthropist could give away free.
I knew a programmer, a real hotshot, who really could write 1,500 lines of code a day.
Then he discovered loops.
Replacement needed for SMTP
on
ISP Chief on Spam
·
· Score: 3, Informative
I think we're living in the last days of SMTP as our email delivery protocol. It worked great for the first ten years but now the commons is being exploited. This is a simple truth of economics. It costs nothing to send an email -- it's too cheap to measure -- and high-volume advertising is a natural consequence.
I don't think Barry is right about the situation being about to implode. "Imminent death of the net predicted" has a poor track record for accuracy. But I wouldn't be surprised to see things get much worse over the next, let's say, three years.
What we need is to have a replacement ready. Waiting in the wings to take over. As "SMTP email" becomes more and more spammy, and people get more and more frustrated with both spam and the inconveniences caused by fighting spam, the number of people willing to adopt a replacement will grow.
My contention is that the only way to solve the problem is to make it cost something to send spam. The root of the problem is the unbelievable cheapness of delivery. Every attempt to solve the problem has been an attempt to make delivering spam more expensive (typically by getting spammers kicked off ISPs, cancelling their contracts and costing them money circuitously).
We simply need to make email delivery cost something. A tenth of a penny an email would be more than enough.
Maybe it can be done with "hash cash," requiring the email sender to spend CPU cycles to solve a math problem. Personally I don't think that's going anywhere; CPUs are way too cheap right now. But that's an ingenious approach to the problem and a good example of the kind of thinking that will be needed.
I lean toward inventing an entire micropayment system to solve this problem. The advantage is that, piggybacked on the solution to spam, you get micropayments -- which, when applied to the web, usher in a whole new era of content production.
But whatever happens, something needs to be waiting in the wings for when SMTP finally hits the wall.
"If you can suggest something that is half as effective at raising the cost for spammers as SPEWS, please suggest it. SPEWS forces providers to decide whether they want to host exclusively spammers or host exclusively non-spammers."
First of all, I don't think most network administrators -- or their bosses -- know what they're getting into when they use Spews to police their network. If you are an admin who signs your company up for it, be prepared to have this conversation:
Boss: Hey, can you check to see if there's some kind of network trouble. I haven't gotten a reply email from a client in three days.
You:(after checking) Ah, that mail server is spam-friendly, we reject their mail.
Boss:(confused) They're not a spammer, they're our best client.
You: No, but they buy bandwidth from someone who buys bandwidth from someone who...
Boss: What?
You: We're using SPEWS, which is the most effective tool at stopping spam around the world! It forces providers to decide whether...
Boss: I don't give a damn, you work for me, not people around the world. Your job is to make the email work, not be a do-gooder. You may have cost this company a contract. Now get the damn mail working and tell me how many times you bounced my client's mail so I can decide whether you still have a job.
And -- you think Spews is effective? After being put on their list I had a grand total of one person unable to receive my mail. I have a dozen other people using my server to send and receive mail to hundreds of people, and according to my logs, among all of us, the sum total of people who couldn't get our email was two. That's the most pitiful boycott I've ever seen.
"Spews is EVIL... Please take a look at http://www.antispews.org"
Thanks for the link. I'll confirm that Spews is not the way to go. Well, it depends on whether your goal is to block spam for your users, or just to piss people off.
If you're a network admin and you want to block spam for your users, try something else.
If you just want to piss people off, Spews is great. My personal mail server (very kindly hosted for me for free on a friend's network) was put on Spews' blacklist. My server has never in its lifetime sent a single spam, of course. But Spews had found four (count 'em) examples of spammer websites (not spam-sending machines) on the IP blocks owned by the people who my friend bought access from, twice removed. Because of these four claimed spam websites, Spews put FOUR CLASS A's on their list.
That's right -- a quarter-million IP numbers were blocked because they didn't like the policies at four IP numbers.
Wait, did I say four? When I checked up on them, two had already moved to other providers, one I couldn't find, and only one was still there. So my server, and a quarter-million others, were being blocked because the Spews people disagreed with one solitary website. Hosted by a company that I have no relationship with.
It goes without saying that attempts to get my server whitelisted failed.
And I do question the value of their blocking my mail server. Like I said, I was being hosted for free just because I have helpful friends... my moving to another network actually saved them money!
Somehow, I think most net administrators, if they knew that Spews' purpose was political and not technological, would be less likely to use it. There are plenty of other blacklists out there. What are the good ones that don't hijack your networks to apply political pressure?
Slashdot has kind of grandfathered in the New York Times. We always linked to them in the past even though they required registration, and we're not going to stop now. But other sites that require it, we don't (usually) link to.
The link you gave does require registration -- you probably don't notice because you've already got the cookie.
MARK DUGGAN
University of Chicago - Department of Economics
October 2000
Abstract:
This paper examines the relationship between gun ownership and
crime. Previous research has suffered from a lack of reliable data
on gun ownership. I exploit a unique data set to reliably estimate
annual gun ownership rates at both the state and the county level
during the past two decades. My findings demonstrate that changes
in gun ownership are significantly positively related to changes
in the homicide rate, with this relationship driven entirely by
the impact of gun ownership on murders in which a gun is used. The
effect of gun ownership on all other crime categories is much less
marked. Recent reductions in the fraction of households owning a
gun can explain at least one-third of the differential decline in
gun homicides relative to non-gun homicides since 1993. I also use
this data to examine the impact of Carrying Concealed Weapons
legislation on crime, and reject the hypothesis that these laws
led to increases in gun ownership or reductions in criminal
activity.
This study just counted advisories (which makes it worthless, because it's time-of-exposure and degree-of-exposure which matter) from CERT (which makes it worthless, because the real security news happens on a much faster level) and it was produced by the same group which took a beating over its biased, Intel-funded anti-AMD propaganda earlier this year.
That's why Slashdot isn't running it: because it isn't security news.
So please stop posting your conspiracy theories.
Thank you.
Mod me and the rest of this thread offtopic, because we are.
Voyager (all solid actors, good characters, good stories)
DS9 (close second: great story arc, mostly good characters)
TNG (mediocre with occasionally good stories, a single exceptionally talented actor more than making up for all the Data-learns-about-love crap)
Enterprise (worth watching if nothing else is on, I keep holding out hope that the next episode will be good)
TOS (better than almost anything else from the '60s but still unwatchably bad - except for the thinly-veiled social commentary episodes which are a cross between Twilight Zone and the History Channel)
I like the Beatles, and their early work was groundbreaking and revolutionary and changed the face of rock'n'roll and all that. But I still fast-forward past "Please Please Me" to get to something from the White Album.
"The last I checked, WEP stood for Wired Equivalent Privacy."
I found a few places, like this,
that say either is OK:
What Type of Security is Available?
WEP (Wired Equivalent Privacy a.k.a. Wireless Encryption Protocol) is data encryption defined by the 802.11 standard that was designed to prevent access to the network...
But Google finds over 20 times as many hits on "Wired Equivalent Privacy," so that's the de facto winner. I'm guessing "Wireless Encryption Protocol" is just such a good expansion of the acronym that it's sprouted up all by itself. That's actually what I had understood "WEP" to mean until 10 minutes ago.:)
"Why should it matter if we sell them censorware or not? The people of China are hardly what one would think of as stupid... if we stopped selling them software they'd write it themselves."
Good point! And very true. But wouldn't it seem odd for some people in this country to make a living censoring Beijing and Riyadh in the name of profit, while others make a living getting around it in the name of democracy?
How would that look on the international scene?
If we did that, next thing you know we'd be doing all kinds of wacky things, like... I don't know... suing tobacco companies and
giving the money to tobacco farmers...
"Sweden middle class has a lower standard of living than the lowest earning group in US - Blacks."
Conservatives keep claiming this. It's been debunked before. Here's the best example, from p. 5 of Paul Krugman's excellent piece "For Richer":
Let me use the example of Sweden, that great conservative bete noire.
A few months ago the conservative cyberpundit Glenn Reynolds made a splash when he pointed out that Sweden's G.D.P. per capita is roughly comparable with that of Mississippi -- see, those foolish believers in the welfare state have impoverished themselves! Presumably he assumed that this means that the typical Swede is as poor as the typical resident of Mississippi, and therefore much worse off than the typical American.
But life expectancy in Sweden is about three years higher than that of the U.S. Infant mortality is half the U.S. level, and less than a third the rate in Mississippi. Functional illiteracy is much less common than in the U.S.
How is this possible? One answer is that G.D.P. per capita is in some ways a misleading measure. Swedes take longer vacations than Americans, so they work fewer hours per year. That's a choice, not a failure of economic performance. Real G.D.P. per hour worked is 16 percent lower than in the United States, which makes Swedish productivity about the same as Canada's.
But the main point is that though Sweden may have lower average income than the United States, that's mainly because our rich are so much richer. The median Swedish family has a standard of living roughly comparable with that of the median U.S. family: wages are if anything higher in Sweden, and a higher tax burden is offset by public provision of health care and generally better public services. And as you move further down the income distribution, Swedish living standards are way ahead of those in the U.S. Swedish families with children that are at the 10th percentile -- poorer than 90 percent of the population -- have incomes 60 percent higher than their U.S. counterparts. And very few people in Sweden experience the deep poverty that is all too common in the United States. One measure: in 1994 only 6 percent of Swedes lived on less than $11 per day, compared with 14 percent in the U.S.
The moral of this comparison is that even if you think that America's high levels of inequality are the price of our high level of national income, it's not at all clear that this price is worth paying. The reason conservatives engage in bouts of Sweden-bashing is that they want to convince us that there is no tradeoff between economic efficiency and equity -- that if you try to take from the rich and give to the poor, you actually make everyone worse off. But the comparison between the U.S. and other advanced countries doesn't support this conclusion at all. Yes, we are the richest major nation. But because so much of our national income is concentrated in relatively few hands, large numbers of Americans are worse off economically than their counterparts in other advanced countries.
You can (and should) go read the whole thing right now:
For Richer
"stopping holocaust denial - as repugnant as most people might find those sites - is censorship, plain and simple. One of the costs of living in a free society is that not everything is warm and fuzzy - I wish more people would remember that."
I think it's deplorable that Google has bent its knee to the German government in this way. Practically speaking, it's unfortunate because this gets the neo-Nazis and Holocaust-deniers more press (unintended consequences). And they do love this kind of attention, there is
nothing they love more than being censored.
But more importantly, morally, it's wrong that these people are being censored. What they say is despicable. But until they start making credible threats against people, or telling harmful lies about individuals, instead of simply telling lies about a group of people, they should be allowed to have their say. Fairness demands that. And just because they would refuse to treat us with basic fairness, is no reason for us to be so afraid that we stoop to their level.
Slashdot Mirror
200 Kbytes * 365 days = 73 MB, not 73 GB. So the connectivity cost would be 0.001% of revenue, not 1%.
What would be your actual dollar cost of spam, if you didn't spend much time and effort fighting it?
Let me explain...
I sometimes hear that spam has significant costs in bandwidth and storage but I don't believe it. As far as I can tell, SMTP traffic is at most 2-5% of net traffic. And a quick calculation shows that an ISP's costs for storing its users' spam are fractions of pennies on the dollar. (*)
You've likened spam to a DDoS attack on your mail servers. Stories about being flooded with traffic sound impressive but computers are so fast now, it's hard to put anecdotes into context. So I'm looking for dollar amounts. For a customers paying b dollars per unit time, an ISP like yours has to spend c dollars per unit time on servers that can handle those customers' incoming SMTP traffic. If this is significant, I'm looking for c over a times b :)
Obviously admins to run the servers are an important cost. But for purposes of this question, suppose you wanted to do the bare minimum. Say you set up the SMTP servers to use just a few of the less-intrusive DNSBL lists, like sbl.spamhaus, relays.ordb, or list.dsbl, and then ignored them as much as possible.
The next most common argument I hear is that customers will abandon ISPs that don't fight spam. But every ISP has the same problem, so this is really a competitive advantage issue except for the small percentage of users who are actually driven off the internet by spam.
Then there's outgoing spam but I don't imagine that's too hard to recognize and stop quickly.
Let me know what I'm missing...
(*) Thumbnail calculations of spam storage follow. Let's say J. Average ISP Customer gets 20 spams a day at 10K each, and deletes them only every 30 days. That's an average of 20*10K*15 = 3 MB of storage. If the ISP replaces hard drives every two years on average and its total storage costs are ten times the actual medium costs (for labor, backup, redundancy, downtime), then at today's hard drive prices, that spam storage will cost the ISP 0.003 * 10 / 2 dollars, or about a penny and a half. Over that same year, J. Customer pays the ISP $100+.
UPDATE vars SET value='Selling cutting-edge pseudo-news to sex-starved 16-year-olds' WHERE name='slogan';
Why not today?
Don't be embarrassed about it being crappy code, all code is crappy in the early stages. :) Put the GPL LICENSE file in the root directory, and follow its directions for adding notification to your source files. Then tar it up and call it 0.01.
Put it up and keep putting it up as you update it. If you think you might have security issues, best that you open the code now before your user base gets any bigger -- let people review it and send you suggestions. If you don't think you have security issues, you have no reason not to release it.
For a project that demands community participation, a promise of GPL code in the future is worthless. What's valuable is the code itself.
Licenses, releases, security feedback, other feedback... this is all part of doing a project like this. It's something that isn't normally taught in a university, but if you really want to run a project that depends on its community, this is not extra-credit, this is a prerequisite.
Just my opinion :)
As far as I can tell from prowling over the site's FAQs and other documents, the student who put this together might collect a ton of data about your personal listening habits for a year and then (A) get bored with it and shut the project down without releasing that data back to the community who might want to actually keep the recommendation-system running, or (B) sell it all to marketers who promptly turn it into a paid service.
We've learned from CDDB what happens when users volunteer to build something that isn't Free: if it becomes popular enough to do any good, someone will buy it and shut out the very people who built it.
The creator has a good idea but needs to think it through before he'll get my participation.
Of course I say that without having seen The Hours or The Pianist because no place within 50 miles of me has shown them yet.
Far From Heaven did get four nominations (including Julianne Moore, who should win) but not the one it really deserved. Stupid Academy.
I'm glad to see both Spirit and Spirited Away nominated for Animated Feature; either could win, in my opinion. Spirit was a great movie with really beautiful artwork that was marred by Bryan Adams' hideous music. Of course this assumes anyone cares about a category that last year only bothered to put up three nominees and none of them was Final Fantasy or Waking Life, you stupid Academy traitorous rat bastards who are constitutionally incapable of recognizing any films or critically-acclaimed box-office flops.
Adaptation got nominated for Adapted Screenplay, plus three acting nominations. And "if you liked Adaptation, you'll love" (tm) Confessions of a Dangerous Mind -- it didn't get nominated for anything but I think it's a better film. I liked them both quite a lot.
Solaris should have gotten a nod for Art Direction. That's a damn shame.
And I'm really glad to see Bowling For Columbine nominated for Documentary Feature; if it wins, it'll be a good Oscar night no matter what else happens.
Apple updates Power Macs, releases 20 inch display:
I hope so... I don't want my next Mac to end up looking like this...
I have an older PowerMac by my left knee and at ear level it generates 44 dB of soft white noise. The new-style mirror-face PowerMacs also generate about 44 dB of noise. But it's whining, tonal noise. It's a note you can hum. It's a hum that cannot be ignored.
Also, apparently, when the mirror-face PowerMacs' auxiliary fan kicks on, it's described as a "leaf blower." It's a lot louder. (I haven't heard that -- the main fans are bad enough -- and it's possible that the recent firmware upgrade helped keep the leaf-blower fan mostly off.)
The hum is so annoying that there's a website devoted to complaining about it and trying to get rid of it: g4noise.com.
A friend of mine has a music lab with 20 old-style PowerMacs that he'd like to upgrade to newer models. He got one mirror-face PowerMac just to see what it was like. The noise is totally unacceptable for a music lab station -- there's not even any question -- I sat down in front of the keyboard and it took me three seconds to realize there's no way I would use this computer for music.
The best solutions seem to be building a plywood case, lining it with foam, and putting the whole PowerMac inside!
So I hope the new models have quieter fans...
You didn't read the primer we linked to :)
An increase in 3 bits in symmetric keys corresponds to an increase of about 160 bits at this size of asymmetric key. As I understand it (and this is probably an oversimplification), this is because while you can pick any symmetric key you want, your choice of asymmetric key is limited to prime numbers.
So a change of 4 orders of magnitude in cost-effectiveness would be about the same as shaving 13 bits off a symmetric key. But if the table credited to Lenstra and Verheul is correct, that would correspond to reducing a 1028-bit asymmetric key's effectiveness to 488 bits.
I think.
The program's idea of a "W" in 3 horizontal pixels required a bit of imagination, but I typed many a paper on it.
In answering this question, I would ask that our interview victim clarify whether there are any circumstances under which "alternative operating systems" would need to be cryptographically signed by an authority in order to boot, and if so, who is that authority?
As Ross Anderson pointed out last year,
Then he discovered loops.
I don't think Barry is right about the situation being about to implode. "Imminent death of the net predicted" has a poor track record for accuracy. But I wouldn't be surprised to see things get much worse over the next, let's say, three years.
What we need is to have a replacement ready. Waiting in the wings to take over. As "SMTP email" becomes more and more spammy, and people get more and more frustrated with both spam and the inconveniences caused by fighting spam, the number of people willing to adopt a replacement will grow.
My contention is that the only way to solve the problem is to make it cost something to send spam. The root of the problem is the unbelievable cheapness of delivery. Every attempt to solve the problem has been an attempt to make delivering spam more expensive (typically by getting spammers kicked off ISPs, cancelling their contracts and costing them money circuitously).
We simply need to make email delivery cost something. A tenth of a penny an email would be more than enough.
Maybe it can be done with "hash cash," requiring the email sender to spend CPU cycles to solve a math problem. Personally I don't think that's going anywhere; CPUs are way too cheap right now. But that's an ingenious approach to the problem and a good example of the kind of thinking that will be needed.
I lean toward inventing an entire micropayment system to solve this problem. The advantage is that, piggybacked on the solution to spam, you get micropayments -- which, when applied to the web, usher in a whole new era of content production.
But whatever happens, something needs to be waiting in the wings for when SMTP finally hits the wall.
First of all, I don't think most network administrators -- or their bosses -- know what they're getting into when they use Spews to police their network. If you are an admin who signs your company up for it, be prepared to have this conversation:
And -- you think Spews is effective? After being put on their list I had a grand total of one person unable to receive my mail. I have a dozen other people using my server to send and receive mail to hundreds of people, and according to my logs, among all of us, the sum total of people who couldn't get our email was two. That's the most pitiful boycott I've ever seen.
Thanks for the link. I'll confirm that Spews is not the way to go. Well, it depends on whether your goal is to block spam for your users, or just to piss people off.
If you're a network admin and you want to block spam for your users, try something else.
If you just want to piss people off, Spews is great. My personal mail server (very kindly hosted for me for free on a friend's network) was put on Spews' blacklist. My server has never in its lifetime sent a single spam, of course. But Spews had found four (count 'em) examples of spammer websites (not spam-sending machines) on the IP blocks owned by the people who my friend bought access from, twice removed. Because of these four claimed spam websites, Spews put FOUR CLASS A's on their list.
That's right -- a quarter-million IP numbers were blocked because they didn't like the policies at four IP numbers.
Wait, did I say four? When I checked up on them, two had already moved to other providers, one I couldn't find, and only one was still there. So my server, and a quarter-million others, were being blocked because the Spews people disagreed with one solitary website. Hosted by a company that I have no relationship with.
It goes without saying that attempts to get my server whitelisted failed.
And I do question the value of their blocking my mail server. Like I said, I was being hosted for free just because I have helpful friends... my moving to another network actually saved them money!
Somehow, I think most net administrators, if they knew that Spews' purpose was political and not technological, would be less likely to use it. There are plenty of other blacklists out there. What are the good ones that don't hijack your networks to apply political pressure?
The link you gave does require registration -- you probably don't notice because you've already got the cookie.
No need to file a bug report (or post about it)... when it happens, we know.
MARK DUGGAN
University of Chicago - Department of Economics
October 2000
Abstract:
This paper examines the relationship between gun ownership and crime. Previous research has suffered from a lack of reliable data on gun ownership. I exploit a unique data set to reliably estimate annual gun ownership rates at both the state and the county level during the past two decades. My findings demonstrate that changes in gun ownership are significantly positively related to changes in the homicide rate, with this relationship driven entirely by the impact of gun ownership on murders in which a gun is used. The effect of gun ownership on all other crime categories is much less marked. Recent reductions in the fraction of households owning a gun can explain at least one-third of the differential decline in gun homicides relative to non-gun homicides since 1993. I also use this data to examine the impact of Carrying Concealed Weapons legislation on crime, and reject the hypothesis that these laws led to increases in gun ownership or reductions in criminal activity.
That's why Slashdot isn't running it: because it isn't security news.
So please stop posting your conspiracy theories.
Thank you.
Mod me and the rest of this thread offtopic, because we are.
Bah. Here's the correct order:
Voyager (all solid actors, good characters, good stories)
DS9 (close second: great story arc, mostly good characters)
TNG (mediocre with occasionally good stories, a single exceptionally talented actor more than making up for all the Data-learns-about-love crap)
Enterprise (worth watching if nothing else is on, I keep holding out hope that the next episode will be good)
TOS (better than almost anything else from the '60s but still unwatchably bad - except for the thinly-veiled social commentary episodes which are a cross between Twilight Zone and the History Channel)
I like the Beatles, and their early work was groundbreaking and revolutionary and changed the face of rock'n'roll and all that. But I still fast-forward past "Please Please Me" to get to something from the White Album.
I found a few places, like this, that say either is OK:
But Google finds over 20 times as many hits on "Wired Equivalent Privacy," so that's the de facto winner. I'm guessing "Wireless Encryption Protocol" is just such a good expansion of the acronym that it's sprouted up all by itself. That's actually what I had understood "WEP" to mean until 10 minutes ago. :)
Good point! And very true. But wouldn't it seem odd for some people in this country to make a living censoring Beijing and Riyadh in the name of profit, while others make a living getting around it in the name of democracy?
How would that look on the international scene?
If we did that, next thing you know we'd be doing all kinds of wacky things, like... I don't know... suing tobacco companies and giving the money to tobacco farmers...
Conservatives keep claiming this. It's been debunked before. Here's the best example, from p. 5 of Paul Krugman's excellent piece "For Richer":
You can (and should) go read the whole thing right now: For Richer
So Vehicle 14 is two pages of text, plus 8192 pages for 8192 diagrams?
Well said.
I've been involved in combatting Holocaust-denial on the net for ten years. I work with The Holocaust History Project, have transcribed and helped translate documents, including those about gas chambers, and have prepared information on deniers. I've even co-authored a lengthy and highly technical paper on chemistry of the Auschwitz gas chambers.
I think it's deplorable that Google has bent its knee to the German government in this way. Practically speaking, it's unfortunate because this gets the neo-Nazis and Holocaust-deniers more press (unintended consequences). And they do love this kind of attention, there is nothing they love more than being censored.
But more importantly, morally, it's wrong that these people are being censored. What they say is despicable. But until they start making credible threats against people, or telling harmful lies about individuals, instead of simply telling lies about a group of people, they should be allowed to have their say. Fairness demands that. And just because they would refuse to treat us with basic fairness, is no reason for us to be so afraid that we stoop to their level.