Actually, some of this is really interesting technology. A few projects along these lines have been Motes and Smart Dust at Berkeley, and at least one of the groups named their project after the Larsen Localizers from Vernor Vinge's books even though getting that small is a ways out. Gumstix is a bit bigger, so there are a few more options and a bit less work on customization required compared to the smaller devices.
Paypal and EBay are the two sites I most want to have using SPF or equivalent, because I get huge amounts of spam from them but also occasionally get real email from them if I've bought something. There are also a couple of banks that are big scammer targets, and it'd be nice to have their phish get trashed.
On the other hand, I've never had a problem with forged mail from the Bank of Nigeria, so maybe they don't need to use it:-)
Look, crypto is a fine thing if it's doing what you want, and DKIM may be useful *after* a message has passed an SPF check, but they're doing different things, even though both of them are ostensibly about preventing joe jobs and other forgeries.
SPF lets a domain administrator specify that all mail from that domain will come from one of the specific servers, so you can trash crude forgeries quickly at the cost of a couple of DNS lookups, and incidentally trash a lot of phishing spam without burning up lots of CPU.
DKIM lets an administrator specify crypto keys that will be used to sign real email from that domain, so you can validate it at the cost of a lot of CPU. That's useful for checking mail that purports to be from *your* bank but might be a *good* forgery. But it's a waste of CPU for checking mail from banks you don't care about, or the 99.44% of purported PayPal/eBay messages that are fake, since you can use SPF to discard the ones sent by zombies, Chinese spammers, address-space hijackers, etc.
So maybe you want both, or maybe you'll use other methods to deal with the good forgeries. But SPF lets you trash a lot of the crude phishing spam before you do any heavy lifting. (Of course, it won't protect you from mail purporting to be from PayPalSecurityLtd.co.uk or Paypal.aq, and spammers will fight back by polluting the namespace, but it's at least some help.)
This wasn't the judge accusing Thompson of contempt of court - this was Take-Two's lawyers asking the the judge to do that. They rattled Jack's cage, and he snarled at them. If they thought there was any realistic chance of the judge taking them up on it, it *would* have been hardball; the much more normal thing for them to have done would be to file some motion about frivilous lawsuits and ask the judge to award them legal costs. If Jack were a brighter guy, he'd have filed some response about "See, Judge, this just shows what Bullies these gamerszzzz are, and why they're a threat to society", but no, he's just snarling.
(I wanted to write "no, he's just snarling like the shark he jumped" or something along those lines, but you can only twist a metaphor so far, given that sharks don't actually snarl....)
RTFA. This isn't the judge telling Thompson to prove he's not in contempt, it's Take-Two's lawyers filing a motion to ask the judge to do that. A vituperative rant at Take-Two (not at the judge) would be perfectly appropriate at this point, if it were anyone other than Jack, but what we got instead was a wimpy quasi-threatening vituperative rant instead of a better-thought-out rant along the lines of "See, Judge, this just shows what bullies those eeeevilllll gamerrrrzzzz are!" Plaintiffs and defendants can contemn each other all they want, as long as they don't contemn the judge or the court.
RTFA. This wasn't the judge telling Jack the Dripper to show cause that he shouldn't be thrown in the slammer for contempt. This was Take-Two Games's lawyers filing a motion to ASK the judge to do that. IMHO, it's a bit tacky, but then this *is* Jack Thompson they're asking it about, so he's not in any position to take the high road here.
Obviously you want to encrypt your user data directories or filesystems, and you may want to encrypt your swap (depending on your threat model.) On Unix, there's no particular need to encrypt most of the file systems that programs live in (e.g./usr can be read-only unencrypted, though/var should be encrypted.)
The reason to encrypt the whole drive as opposed to the writable sections is simply convenience - if you've got hardware assistance, it's probably designed to encrypt the whole disk using some crypto chip in the disk controller, and administratively simpler to use, and if you don't have that, it's probably easier to encrypt individual partitions or filesystems, or sometimes directories, rather than hack up some CPU-based driver that encrypts the whole disk.
From a performance standpoint, it's probably faster *not* to encrypt your program filesystems, and as far as encrypting swap goes, you took the big hit when you started to swap anyway, and rotational+seek latency is usually more of a limitation than overall throughput, so if this bothers you, but some more RAM. Encryption chips on the disk controller are probably faster than CPU software drivers, but not necessarily - your mileage is extremely variable.
The standard question in crypto is "what's your threat model?"
If you're worried about the KGB stealing your laptop because they want the info in it, yes, you need to encrypt swap also.
If you're worried about some junkie stealing your laptop to make some quick cash, you probably don't need crypto at all, but if fences have gotten smarter about the value of information for identity thieves, maybe you do.
If you're worried about smarter thieves who will opportunistically use the information on the system if they can access it, then file system encryption is critical but swap space encryption probably isn't.
I'd guess that 95% of the threat model, for people who aren't keeping military secrets or unencrypted personnel files, is such that encrypting swap isn't that important - you're better off deploying a solution that doesn't do that than you are not deploying it at all.
My corporate IT department decided a couple of years ago that we need to have locking screen savers on our laptops, with a timeout that they gradually cranked down to 10 minutes. On the one or two days a month that I go in to the office, that's fine if they want to play that game. But I work from home 90% of the time, or visit customers (in which case I'll have my laptop with me during a meeting), and it's really inconvenient to have the system lock itself up if I walk away for a few minutes, or if I'm talking on the phone, or if I'm watching some web-based slide show conference, or if I'm giving a presentation to a customer and we've reached a slide that leads to 15 minutes of discussion. And I normally don't have admin privileges, but when I do run some installer that gets me admin-for-a-day, that's still not enough privilege to override this annoyance.
So if I've got to put up with locking screensavers anyway, might as well have it lock the filesystem as well, especially since it demands a password when I wake the system up after closing the lid to sleep/hibernate it.
A couple of decades ago, the average British policeman didn't carry guns, just clubs, though they could go request a gun if they needed to chase someone Irish. These days they have Islamic terrorists as an excuse, so when they went out to assassinate that Brazilian guy, they were well-armed.
Anything positive you can do to improve computer security by writing a vulnerability-checking bot, you can also do by writing a scanner tool that a legitimate administrator or user can use to check their systems, and the scanner can do it in a way that doesn't overwhelm network resources, doesn't lead to the vulnerable machines you found creating an exponentially increasing number of probes checking other machines causing the checker and checkee machines and the network to grind to a halt, (doesn't decide to run off hunting Sarah Connor), and in general doesn't cause serious headaches for the system admins or the users, and if it has problems (which there's a good chance it does, especially because the targets you're hunting keep changing in malicious ways), you can turn it off, fix the bugs or adjust the features, and start again.
Want to find and fix any infected machines at work? Build a tool for your sysadmins to find them with, do an audit of the machines that need cleaning to find the *other* things wrong with them as well as identifying those that are running potentially critical activities that need to be salvaged carefully instead of by scorched-earth, and let them use whatever tools are appropriate to fix the holes it finds.
Want to find and fix the buggy machines on your cable-modem company's network? Build the tool and sell it to them, or give it to them and teach them how to run it. Don't go looking like Yet Another Zombie-Master who's trying to maintain some pretense of legitimacy - if you're going to be legit, be legit, and if your cable company's too clueless to accept your 1337-k3wl program, then build a different program to block packets from your fellow customers or get yourself an ISP that's clueful enough that they don't need your program.
Want to fix the buggy machines in Korea or the spammer-friendly hosting in China? Go ahead, make their day, but don't tell them *I* said it was a good idea.... And besides, it's really easy to blackhole-route them so you and any machines you control simply don't get packets from there and can't send packets back.
A working anonymity system (and there are some) means that you can connect to web discussion sites that don't block anonymous cowards and write things that are difficult to trace back to you. If those things are libelous, well, maybe you've gotten away with it. But the libel is usually less credible if it comes from an Anonymous Coward than if it's from a named individual who's got a reputation to maintain (unless of course that reputation is already bad) - people who read the net need to not believe everything they read and libel juries need to understand that anonymous libel is less damaging than non-anonymous libel. And of course there's a significant legal distinction between libel and insult - saying that somebody ripped you off is actionable, while saying that they're a stupid tasteless incompetent jerk whose mother smells of elderberries is generally not. The boundaries are a lot fuzzier on the date-rating sites - the fact that somebody who dated you thinks negatively of you can keep you from getting future dates from other readers even if there aren't any actionable specifics.
Pseudonym techniques can allow persistent identities that aren't linkable to the real author, and the cypherpunks movement spent a while discussing the technical/social implications back in the 90s.
Spamhaus is popular because they run a good, well-maintained list, and are very conservative about only putting people on there who belong there, and not doing the heavy-collateral-damage approach that some other lists do. Additionally, they're focused on taking the big high-volume spammers and tracking them down, as opposed to blocking the ISP of every zombie out there. They can and presumably do make mistakes, but they're about the best out there.
Most ISPs need more protection that just burning CPU on Spamassassin - diverting obviously untrustable email at the SMTP handshake instead of accepting the message is pretty critical, and the way the SMTP protocols work, if you refuse the message then, any correctly-configured legitimate email sender will get feedback, as opposed to if you accept the message and then dump it. (You can do milter-things to process the message body before accepting the message, but there are enough known-bad sources that you can kill before they get that far that it saves you a lot of CPU and transmission.)
Simply greylisting mail kills off a surprising fraction of spam, including mail from most zombies and most of the unused-address-space-BGP-hacking senders. You could certainly use Spamhaus, and for that matter just about any RBL, to drive a greylist harder (e.g. 1 hour delay for listed sites, 5 minutes for unknowns.)
First of all, you can only tax the 1-bits, not the 0-bits, so the tax thugs have over-estimated by a factor of two. Second, as other people have pointed out, the customer is also transmitting light back, so the *real* energy transmission that would be subject to VAT is at most the number of excess 1-bits transmitted from the carrier to the customer, because this is a value-ADDED tax. So probably no more than 1% of the bits are excess one-bits, and therefore no more than 1% should be taxable, and if you were to measure the traffic you could probably get a better estimate.
Now, if you want to do the accounting properly, you should separate out the cost of the energy used in producing the light, as opposed to the cost of the information. So the wattage used to drive the transmission gear ought to be easy to measure, because that's the energy used to generate light. What percentage of the total electricity used by the ISP goes to the lasers, as opposed to the servers, routers, etc.? How much did they spend on electricity? How much is that as a percentage of the total price of the service?
If the stupid tax thugs want to cripple their economy through rent-seeking, make sure they only get the correct rent...
When I first started working with Indian businesses in the early 90s, my opinion was that the best thing anybody could do for the world economy was to ask their telecom regulation bureaucrats how much of a bribe it would take to get them to go away and leave everybody alone. A billion dollars? Pay it! Of course, nobody did that, but telecom did gradually get some partial liberalization, and the Bangalore call center business alone went from near-zero to a billion dollars, then two, then five billion a year, and I've lost track of its growth since then. There's still a lot of trouble - VSNL had a lock on the submarine cable landings, so there were terabits of traffic going by the harbor in Mumbai but only a few gigabits were allowed to land, and they were very expensive because of their scarcity and the toll they extracted for using the services, whereas other carriers can haul bandwidth around the country for costs (as opposed to prices) that resemble the costs in the EU or US. India may have economic development issues that make it a bit more expensive, but that's more like a factor of 2, not 10, and the cost of right-of-way for cable routes should probably be much lower, which makes up for some of it.
It's possible for a book to be friendly to both geeks and non-geeks. It's also possible for it to be non-useful for both, of course:-) Just because something explains things in shiny friendly terms with short words and lots of pictures doesn't mean it's hostile to geeks, if there's real information there and some transparency to the references, so we can read quickly over the newbie stuff and find out how to actually install things. On the other hand, the content has to actually be there, or it's not useful.
There are spam-blocker lists that wildly blast anybody with IP addresses near suspected spammers, and are virtually impossible to get off of, even if you're only getting collateral damage because your ISP shares an upstream with another ISP that had a spammer or two. SPEWS has this reputation, and there are some other lists that nobody bothers using. Collateral damage is part of the *point* of some of those services - they're trying to pressure ISPs to be really aggressive about beating up on spammers, and they don't mind a lot of false positives.
But Spamhaus has a reputation that you only get on their bad list if you're actively provably spamming, and their lists are pretty conservative. They're not trying for collateral damage or overkill, they're trying to nail the top spam sources for you. They may have had an occasional conflict or lapse in judgement over the years, but they're fundamentally good guys running a high-quality user-safe service.
That doesn't mean that the only thing you can do with their list is block all traffic from addresses on it. One use for block lists (DNSBL, SURBL, etc.) is to use as Spamassassin weights, so they each kick in a few points of threshold-nearing badness if you're on them. Another use is driving redirects - your main email server receives an incoming connection, and if it's from an address on the Blocking List, you not only tell it to come back later (greylisting is a *great* zombie defense), but you tell it to use your secondary email server, where blacklisted or non-whitelisted mail senders can fight their way through a 100+ Load Average to get into a Spamassassin that's tuned to check for a lot more rules, heavily validate sending addresses with the mail servers they're allegedly coming from, etc., throws in an occasional teergrube delay, and in general gets much more hostile treatment that systems that aren't on blocking lists. I might even trust SPEWS for that kind of decision, but certainly Spamhaus is a good start.
By the way, in addition to zombies, one of the most common sources of spam recently has been servers that announce previously unused IP address space on the global BGP routes, send some mail for a few minutes, and then de-announce their routes so nobody can check up on them. Typically the routes are stolen out of some not very well protected source, or are for instance more-specific routes from another provider's larger block of addresses. Greylisting turns out to just work on any of these that don't stick around, because if their address space has disappeared in 5 minutes, it won't be around 30 minutes later to retransmit and get itself on a whitelist.
Spammers are really aggressive. Unfortunately, this means that anything you do to prevent false positives is a potential target for them to exploit, and false positives are the bane of spam-blocking.
Some spam blockers are really aggressive also, and some of them are really difficult to interact with once they decide they don't like you. Unfortunately, AOL has a reputation for being one of them, and it has a lot of subscribers so people really care. It *is* possible to deal with AOL's policies, at least most of the time, though they apparently do a bloody inadequate job of following SMTP standards when they don't like you (e.g. silently dropping spam after accepting it as opposed to rejecting it with a 55x or whatever), but it's difficult, and some ISPs aren't very good at it.
Forwarding mail to an AOL account without spam-filtering it first is one classic problem ISPs face. Either you make sure you filter the spam (which still risks false positives, and also risks missing some potential spams that AOL's rules rejected but yours didn't), or you do something to make AOL not notice that you sent them mail they think is spam.
Maybe you just refuse to forward mail to AOL.
Maybe you need to encrypt all the emails you forward, so AOL just sees "Encrypted message #12345 forwarded from user@example.net" and has to decrypt it to find out that it's spam.
Maybe you keep a pool of different email server IP addresses, round-robin your email forwarding to AOL among the ones it hasn't blocked yet:-)
I run a much smaller mailing list - a few hundred people, 2-3 messages a week on the main list. Fairly often I get bouncegrams back about greylisting, some of which are quite obscure, depending on what lies the greylister is telling the sender. And sometimes it's just hard to tell what the bouncegrams are complaining about. The recent entertainment has been that somebody either on the list or somebody who knows somebody on the list seems to have a virus, so I keep getting bounces from random mailer-daemons saying that "ex-user@example.com is unknown, couldn't deliver this message (and then the virus)." They're usually distinguishable from the bouncegrams I usually get that say "550 spammers-fake-return-address@example.com: User Unknown" which are returning a copy of the majordomo help message sent to people who send mail to listname-request@mydomain.example.org.
Spamhaus puts out a list of people they believe to be jerks.
You can decide whether to use it or not.
One of these jerks decided to sue Spamhaus to stop letting people know they were jerks.
The jerks allege that telling everybody you're a jerk is "restraint of trade".
Spamhaus isn't based in the US, so they don't think the court in Illinois has jurisdiction over them.
If Spamhaus were to sue the jerks in a UK court, for something like libel, they could probably get a judgement - UK courts are at least as expansive about lawsuits against defendants anywhere in the world, and have a lower burden of proof on libel/slander suits than US courts do.
By suing Spamhaus, in such a blatantly incorrect way, the alleged jerks have demonstrated that they *really are* jerks. I wouldn't do business with them, where "doing business" includes accepting email.
Are you asking when you asked your email provider to block spam for you, or when you asked them to use a *specific* method of spam-blocking? You asked them to do *some* spam-blocking for you when you signed up for email service, because almost all email providers have to provide it as a part of doing business; otherwise they lose customers to other providers that *do* block spam, as well as getting their mail servers overwhelmed by the load and therefore increasing their costs.
If you're asking when you opted in to that particular method of blocking spam, that depends on your provider - some give you lots of feature choices, others give you "take it or leave it". One of my email providers lets you pick countries to block or flag email from - my spam load dropped by 50% or more when I blocked China, Korea, and Brazil. Another email provider I use has several blocking lists as part of Spamassassin weights, and I run procmail to delete mail with heavy spam-assassin weights, whitelist friends and mailing lists, flag suspicious stuff, etc.
And what are you doing getting email service from your ISP, instead of getting a portable address and mail service so that when you change ISPs you can keep your address and mail? Much less when Comcast is your ISP? Duh!
A number of years ago, there was a company called Netpulse that had exercise bikes in health clubs with internet terminals on them. Their market was entertainment-while-exercising, rather than exercise-while-computing, which is a bit different - I hope the Geekcycle works better. Part of the problem was ergonomics - they had a touchscreen rather than a real keyboard, which made it hard to type; you could hit the pageup/pagedown keys without much trouble, but if you wanted to type more than a few words, you basically had to stop pedalling and lean forward, and the timers on the hey-you-stopped-pedaling feature were set *way* to tight, so you couldn't type much before it interrupted you. It just wasn't usable. Furthermore, the screen resolution was too low; I forget if it was 640x480 or 800x600, but Slashdot was hard to read because the border frames took up too much screen space. I had my Slashdot id set to something like zzz, because it was almost impossible to type "billstewart" without the you-stopped-pedalling timer attacking.
This was back during the dotcom boom - their business model was something like tracking user fitness and selling advertising based on the demographics of the frequent users, plus presumably some rental charge to the health clubs. Obviously they'd never tried doing any real computing while doing any real pedaling.
These guys are samurai, not ninjas. They've got the flashy costumes, the big swords, and do their work in big groups in public. They may have some ninjas planting broken shards of exploding danger on the nets waiting for pirates to pick them up, but that's an entirely different issue, and we've got our own ways of dealing with them.
When I ran a traceroute to www.spamhaus.org I got to a server in San Jose or San Francisco, a bit hard to tell which. Don't know if that's a mirror site or what, but service would be slower for US email servers if all of it had to head to Europe to verify the spamicity of the sender's address.
Actually, some of this is really interesting technology. A few projects along these lines have been Motes and Smart Dust at Berkeley, and at least one of the groups named their project after the Larsen Localizers from Vernor Vinge's books even though getting that small is a ways out. Gumstix is a bit bigger, so there are a few more options and a bit less work on customization required compared to the smaller devices.
On the other hand, I've never had a problem with forged mail from the Bank of Nigeria, so maybe they don't need to use it
SPF lets a domain administrator specify that all mail from that domain will come from one of the specific servers, so you can trash crude forgeries quickly at the cost of a couple of DNS lookups, and incidentally trash a lot of phishing spam without burning up lots of CPU.
DKIM lets an administrator specify crypto keys that will be used to sign real email from that domain, so you can validate it at the cost of a lot of CPU. That's useful for checking mail that purports to be from *your* bank but might be a *good* forgery. But it's a waste of CPU for checking mail from banks you don't care about, or the 99.44% of purported PayPal/eBay messages that are fake, since you can use SPF to discard the ones sent by zombies, Chinese spammers, address-space hijackers, etc.
So maybe you want both, or maybe you'll use other methods to deal with the good forgeries. But SPF lets you trash a lot of the crude phishing spam before you do any heavy lifting. (Of course, it won't protect you from mail purporting to be from PayPalSecurityLtd.co.uk or Paypal.aq, and spammers will fight back by polluting the namespace, but it's at least some help.)
(I wanted to write "no, he's just snarling like the shark he jumped" or something along those lines, but you can only twist a metaphor so far, given that sharks don't actually snarl....)
RTFA. This isn't the judge telling Thompson to prove he's not in contempt, it's Take-Two's lawyers filing a motion to ask the judge to do that. A vituperative rant at Take-Two (not at the judge) would be perfectly appropriate at this point, if it were anyone other than Jack, but what we got instead was a wimpy quasi-threatening vituperative rant instead of a better-thought-out rant along the lines of "See, Judge, this just shows what bullies those eeeevilllll gamerrrrzzzz are!" Plaintiffs and defendants can contemn each other all they want, as long as they don't contemn the judge or the court.
RTFA. This wasn't the judge telling Jack the Dripper to show cause that he shouldn't be thrown in the slammer for contempt. This was Take-Two Games's lawyers filing a motion to ASK the judge to do that. IMHO, it's a bit tacky, but then this *is* Jack Thompson they're asking it about, so he's not in any position to take the high road here.
The reason to encrypt the whole drive as opposed to the writable sections is simply convenience - if you've got hardware assistance, it's probably designed to encrypt the whole disk using some crypto chip in the disk controller, and administratively simpler to use, and if you don't have that, it's probably easier to encrypt individual partitions or filesystems, or sometimes directories, rather than hack up some CPU-based driver that encrypts the whole disk.
From a performance standpoint, it's probably faster *not* to encrypt your program filesystems, and as far as encrypting swap goes, you took the big hit when you started to swap anyway, and rotational+seek latency is usually more of a limitation than overall throughput, so if this bothers you, but some more RAM. Encryption chips on the disk controller are probably faster than CPU software drivers, but not necessarily - your mileage is extremely variable.
- If you're worried about the KGB stealing your laptop because they want the info in it, yes, you need to encrypt swap also.
- If you're worried about some junkie stealing your laptop to make some quick cash, you probably don't need crypto at all, but if fences have gotten smarter about the value of information for identity thieves, maybe you do.
- If you're worried about smarter thieves who will opportunistically use the information on the system if they can access it, then file system encryption is critical but swap space encryption probably isn't.
I'd guess that 95% of the threat model, for people who aren't keeping military secrets or unencrypted personnel files, is such that encrypting swap isn't that important - you're better off deploying a solution that doesn't do that than you are not deploying it at all.So if I've got to put up with locking screensavers anyway, might as well have it lock the filesystem as well, especially since it demands a password when I wake the system up after closing the lid to sleep/hibernate it.
A couple of decades ago, the average British policeman didn't carry guns, just clubs, though they could go request a gun if they needed to chase someone Irish. These days they have Islamic terrorists as an excuse, so when they went out to assassinate that Brazilian guy, they were well-armed.
Sell us some more locks, will you?
Want to find and fix any infected machines at work? Build a tool for your sysadmins to find them with, do an audit of the machines that need cleaning to find the *other* things wrong with them as well as identifying those that are running potentially critical activities that need to be salvaged carefully instead of by scorched-earth, and let them use whatever tools are appropriate to fix the holes it finds.
Want to find and fix the buggy machines on your cable-modem company's network? Build the tool and sell it to them, or give it to them and teach them how to run it. Don't go looking like Yet Another Zombie-Master who's trying to maintain some pretense of legitimacy - if you're going to be legit, be legit, and if your cable company's too clueless to accept your 1337-k3wl program, then build a different program to block packets from your fellow customers or get yourself an ISP that's clueful enough that they don't need your program.
Want to fix the buggy machines in Korea or the spammer-friendly hosting in China? Go ahead, make their day, but don't tell them *I* said it was a good idea.... And besides, it's really easy to blackhole-route them so you and any machines you control simply don't get packets from there and can't send packets back.
It's not just that it has gravitas, it's that it has gravitas without having stability. Kind of like Rush Limbaugh when he's off his meds...
Sorry, ran out of title length. "Judge plays game, gets ass kicked, orders Taketwo to make it easier to win"....
Pseudonym techniques can allow persistent identities that aren't linkable to the real author, and the cypherpunks movement spent a while discussing the technical/social implications back in the 90s.
They can and presumably do make mistakes, but they're about the best out there.
Most ISPs need more protection that just burning CPU on Spamassassin - diverting obviously untrustable email at the SMTP handshake instead of accepting the message is pretty critical, and the way the SMTP protocols work, if you refuse the message then, any correctly-configured legitimate email sender will get feedback, as opposed to if you accept the message and then dump it. (You can do milter-things to process the message body before accepting the message, but there are enough known-bad sources that you can kill before they get that far that it saves you a lot of CPU and transmission.)
Simply greylisting mail kills off a surprising fraction of spam, including mail from most zombies and most of the unused-address-space-BGP-hacking senders. You could certainly use Spamhaus, and for that matter just about any RBL, to drive a greylist harder (e.g. 1 hour delay for listed sites, 5 minutes for unknowns.)
Now, if you want to do the accounting properly, you should separate out the cost of the energy used in producing the light, as opposed to the cost of the information. So the wattage used to drive the transmission gear ought to be easy to measure, because that's the energy used to generate light. What percentage of the total electricity used by the ISP goes to the lasers, as opposed to the servers, routers, etc.? How much did they spend on electricity? How much is that as a percentage of the total price of the service?
If the stupid tax thugs want to cripple their economy through rent-seeking, make sure they only get the correct rent...
When I first started working with Indian businesses in the early 90s, my opinion was that the best thing anybody could do for the world economy was to ask their telecom regulation bureaucrats how much of a bribe it would take to get them to go away and leave everybody alone. A billion dollars? Pay it! Of course, nobody did that, but telecom did gradually get some partial liberalization, and the Bangalore call center business alone went from near-zero to a billion dollars, then two, then five billion a year, and I've lost track of its growth since then. There's still a lot of trouble - VSNL had a lock on the submarine cable landings, so there were terabits of traffic going by the harbor in Mumbai but only a few gigabits were allowed to land, and they were very expensive because of their scarcity and the toll they extracted for using the services, whereas other carriers can haul bandwidth around the country for costs (as opposed to prices) that resemble the costs in the EU or US. India may have economic development issues that make it a bit more expensive, but that's more like a factor of 2, not 10, and the cost of right-of-way for cable routes should probably be much lower, which makes up for some of it.
It's possible for a book to be friendly to both geeks and non-geeks. It's also possible for it to be non-useful for both, of course:-) Just because something explains things in shiny friendly terms with short words and lots of pictures doesn't mean it's hostile to geeks, if there's real information there and some transparency to the references, so we can read quickly over the newbie stuff and find out how to actually install things. On the other hand, the content has to actually be there, or it's not useful.
But Spamhaus has a reputation that you only get on their bad list if you're actively provably spamming, and their lists are pretty conservative. They're not trying for collateral damage or overkill, they're trying to nail the top spam sources for you. They may have had an occasional conflict or lapse in judgement over the years, but they're fundamentally good guys running a high-quality user-safe service.
That doesn't mean that the only thing you can do with their list is block all traffic from addresses on it. One use for block lists (DNSBL, SURBL, etc.) is to use as Spamassassin weights, so they each kick in a few points of threshold-nearing badness if you're on them. Another use is driving redirects - your main email server receives an incoming connection, and if it's from an address on the Blocking List, you not only tell it to come back later (greylisting is a *great* zombie defense), but you tell it to use your secondary email server, where blacklisted or non-whitelisted mail senders can fight their way through a 100+ Load Average to get into a Spamassassin that's tuned to check for a lot more rules, heavily validate sending addresses with the mail servers they're allegedly coming from, etc., throws in an occasional teergrube delay, and in general gets much more hostile treatment that systems that aren't on blocking lists. I might even trust SPEWS for that kind of decision, but certainly Spamhaus is a good start.
By the way, in addition to zombies, one of the most common sources of spam recently has been servers that announce previously unused IP address space on the global BGP routes, send some mail for a few minutes, and then de-announce their routes so nobody can check up on them. Typically the routes are stolen out of some not very well protected source, or are for instance more-specific routes from another provider's larger block of addresses. Greylisting turns out to just work on any of these that don't stick around, because if their address space has disappeared in 5 minutes, it won't be around 30 minutes later to retransmit and get itself on a whitelist.
Some spam blockers are really aggressive also, and some of them are really difficult to interact with once they decide they don't like you. Unfortunately, AOL has a reputation for being one of them, and it has a lot of subscribers so people really care. It *is* possible to deal with AOL's policies, at least most of the time, though they apparently do a bloody inadequate job of following SMTP standards when they don't like you (e.g. silently dropping spam after accepting it as opposed to rejecting it with a 55x or whatever), but it's difficult, and some ISPs aren't very good at it.
Forwarding mail to an AOL account without spam-filtering it first is one classic problem ISPs face. Either you make sure you filter the spam (which still risks false positives, and also risks missing some potential spams that AOL's rules rejected but yours didn't), or you do something to make AOL not notice that you sent them mail they think is spam.
I run a much smaller mailing list - a few hundred people, 2-3 messages a week on the main list. Fairly often I get bouncegrams back about greylisting, some of which are quite obscure, depending on what lies the greylister is telling the sender. And sometimes it's just hard to tell what the bouncegrams are complaining about. The recent entertainment has been that somebody either on the list or somebody who knows somebody on the list seems to have a virus, so I keep getting bounces from random mailer-daemons saying that "ex-user@example.com is unknown, couldn't deliver this message (and then the virus)." They're usually distinguishable from the bouncegrams I usually get that say "550 spammers-fake-return-address@example.com: User Unknown" which are returning a copy of the majordomo help message sent to people who send mail to listname-request@mydomain.example.org.
If you're asking when you opted in to that particular method of blocking spam, that depends on your provider - some give you lots of feature choices, others give you "take it or leave it". One of my email providers lets you pick countries to block or flag email from - my spam load dropped by 50% or more when I blocked China, Korea, and Brazil. Another email provider I use has several blocking lists as part of Spamassassin weights, and I run procmail to delete mail with heavy spam-assassin weights, whitelist friends and mailing lists, flag suspicious stuff, etc.
And what are you doing getting email service from your ISP, instead of getting a portable address and mail service so that when you change ISPs you can keep your address and mail? Much less when Comcast is your ISP? Duh!
This was back during the dotcom boom - their business model was something like tracking user fitness and selling advertising based on the demographics of the frequent users, plus presumably some rental charge to the health clubs. Obviously they'd never tried doing any real computing while doing any real pedaling.
Yarrr!
When I ran a traceroute to www.spamhaus.org I got to a server in San Jose or San Francisco, a bit hard to tell which. Don't know if that's a mirror site or what, but service would be slower for US email servers if all of it had to head to Europe to verify the spamicity of the sender's address.