Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. Downloading Random Executables on Video Formats for non-Windows Users? · · Score: 1
    Sure, most people shouldn't trust downloading random executables. But most of the people who actually *know* enough to not do that know enough to follow the instructions about "For an up-to-date copy of Bit Torrent, go to one of these sites. If you're too lazy to do it right, Click Here to install."

    At some point, somebody's probably going to do a Java implementation of BitTorrent that you can put on a web page for use without installation.

  2. Capability-based OS != Unix policies on Coyotos, A New Security-focused OS & Language · · Score: 1
    Check out the papers on eros-os.org, or look at the docs on coyotos, or look up KeyKOS. http://coyotos.org/docs/osverify-2004/osverify-200 4.pdf.
    This is using the term "capability" in an entirely different manner than the Unix-policy folks use it. A "Capability" in this context is approximately an object-method handle - everything interesting in the system is an object, and to invoke any method on an object, you need to know the capa that invokes the method, and you can only know that if something that already knows that capa decides to tell you. A capa is represented as a long enough string of bits (e.g. 64 or 128) that you won't guess it. The granularity of a capa is often as fine as "a block of disk" or "a page of RAM". Objects that you don't know capas for are invisible - rather than the OS deciding whether to permit or refuse you access to it (which you may be able to spoof), if you don't know any capas for an object, you don't have a way to ask for access to it. Just because something's extremely secure doesn't mean it's easy to use.... and the underlying models are sufficiently different from Unix that you can't usually just port your code and make a few tweaks.

    Since it's object-based, the natural storage model is persistent objects, and EROS and its relatives spend a lot of time making sure they stay persistent, e.g. syncing them to disk when needed - they tend to not mind if you do things like unplugging the power cord while processes are running, and start right where they left off when you plug them back in. On the other hand, the storage models aren't what you're used to unless somebody's written an emulation layer on top of it, and the emulations may also be different than what you're expecting.

  3. C++ is just as dangerous as C on Coyotos, A New Security-focused OS & Language · · Score: 1
    I really like C - it's simple, powerful, obvious, does what you think it does, doesn't lie to you about what it's doing, and if you want to shoot yourself in the foot, the hole goes right smack through your third metatarsal bone. It was a great language for many things, but almost nobody should be using it for almost anything any more, and almost nobody should allow anybody else's C programs onto their system.

    With C, it's perfectly easy to write safe, reliable, trustable programs - but the language doesn't force you to do so. C++ gives you a bunch of tools that are safer than doing some of the same things by hand, but it also doesn't force you to use them, and you can usually take your old dangerous C programs and force the C++ compiler to accept them (though some dangerous activities might need to be wedged pretty hard to get them to work :-) C++ has the advantage that some of the basic I/O libraries don't have some of the glaring holes that C's stdio.o does, but you can still *use* stdio if you want. You don't *have* to do dangerous and stupid things in C++, but you didn't have to do them in C either. It's still possible to drill a nice neat hole in your third metatarsal, but in C++ you're as likely to take out the second and fourth while you're at it, or maybe just nail a couple of toes.

    I never did any real work in Ada, but I read a lot about it back in the day. It pretty much forced you to do a lot of your design work upfront before getting down to coding, which was often a Good Thing on larger projects, and meant that more of your bugs got dealt with at the design stage than at the coding stage.

  4. Capabilities are Radically Different on Coyotos, A New Security-focused OS & Language · · Score: 1
    Capability-based Operating Systems are a radically different model for security and operations than anything Linux+SELinux does, or anything System V/MLS or the other multi-level-secure OS's did, though they've got their good points also. It's a bottom-up security design, and you really can't do anything to an object unless the owner of that object gives you a capability that lets you, as opposed to having some mediation system that stops you from doing things you're not supposed to. In capability-based systems, if you don't have permissions to manipulate an object, you can't see it at all.

    KeyKOS was usable, within a limited application space that made sense 20+ years ago. EROS was pretty rough, and how much work it got depended a lot on what Jon was up to any given year (and his students, after he was teaching), but adapting to all the modern things like TCP/IP and X and Email and such took work - maybe they'll finish this time :-) Some of the people involved (I think it was an incarnation of KeyKOS, with Bill and Norm) were once at a trade show where the people next to them were advertising the reliability of their system, and got very annoyed by a few cycles of "Here's KeyKOS running, let's start some complex application running, let's pull the power cord out of the wall, see the blinkenlights go dark, plug it in, blinkenlights start up again, application's running just fine except the clock ticked a couple of times, think the machine in the next booth could do that?" That's the reliability-and-persistence aspect of the system rather than the security aspect of it, but they're related, and it's more than just tacking on a journaling file system.

    On the other hand, security-oriented systems spend a lot of time either saying "No", or at least not saying "Yes", that getting stuff done isn't always easy, and for a lot of people, Knoppix and a UPS can provide enough security and reliability.

  5. Mod Parent Up - Actually Understands Capas on Coyotos, A New Security-focused OS & Language · · Score: 1

    That's the first comment I've read here that actually has some understanding of capability-based OS's...

  6. Only if the file owner wants to use it on Coyotos, A New Security-focused OS & Language · · Score: 1
    If the data owner encrypts something using a key that only he knows and a decently strong encryption system, you're out of luck if he doesn't give you the key. There are crypto systems that do things like secret sharing (N people have a partial key, and at least K of them have to get together to get the real key), or the data owner could give the semi-trusted person N bits of a key and brute-force gets the rest, but if the data owner doesn't do that, you're out of luck.

    Even if some administrator has "dredge through the raw disk" permissions, that doesn't mean you need One Big Omnipotent Superuser that has *all* the special permissions. Controlling printer hardware or network routing protocols or delivering email don't all need to be done by the same process or the same person, and it's much safer to keep those powers separate (even if the same Actual Human ends up owning all those capabilities.)

  7. Real Mailing Lists and Clueless ISPs. on ISP Responsibility in Fight Against Spam · · Score: 1
    There's a fairly simple, if not painless, solution to the problem, which is not to use clueless ISPs. No matter what town you live in, there's an ISP you can use that's not clueless - it may not be in your town, but if you've got an internet connection big enough to run a mailing list on, you've got a connection big enough to SSH out to somewhere else, and if your local ISP is too clueless for your mailing list to work, they're probably not the place you want your web page either. Worst case is you might have to spend US$20/month to get an account on a better ISP, and if you work with a bunch of .orgs, you can often use that account to support all of them.

    One big difference between small ISPs and big ISPs is the amount of personal attention you get, and even though the small-ISP business in the US is retrenching a lot, there are still a few thousand of them out there, plus there are probably also thousands of other service providers who use colo or hosting services to provide customizable support to end-users, often cheaply. If you can't get personal attention, and you can't get left alone, and you can't get whitelisted, there are *lots* of other ISPs to go to. (Getting un-RBLed is a separate problem....)

    The proprietor of the ISP where my main mailbox really lives has a heavy degree of clue, and is someone I see socially (I'm still paying the low price that he started charging for accounts when the machine in his bedroom was transitioning from a home box into a business, but regular accounts are cheap :-) The ISP I get my static-IP DSL line from still supports shell accounts for users and SSH access along with their dial service for $18.95/month (sonic.net). Conveniently, the ~250-person social-announcement mailing list I run is on a machine that uses the ISP where my email is (it's nice to be in the Bay Area), and the machine that the list used to be on uses a nationwide DSL provider (Speakeasy.) The ~500-person list I used to run on somebody's bedroom machine on a different DSL provider never had any problems with getting spam-blocked (I think the reliability problems were more with the hardware than the DSL provider, but they were all "access to the machine's dead again" rather than spam-blocking.) And that's not even counting commercial mail hosting services, or things like yahoogroups if you don't need privacy.

  8. Spews - Hate It - Too Aggressive on ISP Responsibility in Fight Against Spam · · Score: 1

    Spews may or may not have cleaned up their act, but they were always really heavy-handed with the collateral damage and not worried about false positives. It's certainly not something I could trust to junk a message for me, even after whitelisting my friends. On the other hand, as one component to SpamAssassin weights, it's probably not too bad, as long as it's not taken too seriously.

  9. "Functioning" is meaningless for postmaster/abuse on ISP Responsibility in Fight Against Spam · · Score: 1

    Sure, you could force domains that accept any email to accept mail to postmaster@domain. That doesn't mean that mail to postmaster gets read by a human, or that that human does anything useful with it. Similarly for abuse@. A domain administrator that doesn't want to do anything useful but wants to cut down on complaints could take care of 95% of responses with a replybot that acknowledges receipt and says they'll get on it right away, and could take care of 99.9% of problems by a replybot that also follows up mail to abuse@ with a "Thank you, we've resolved the problem by cancelling that user's account", even if it's not at all true.

  10. SPF for Banks, not so much ISPs on ISP Responsibility in Fight Against Spam · · Score: 1

    SPF for ISPs may be somewhat useful, but not that much - it's mainly the free email systems like Yahoo that want to cut down on complaints about spam with forged addresses. The big impact on spam would be for banks, e-gold, and similar financial institutions that have serious phishing problems. Getting four or five of the biggest ones to do SPF or DomainKeys or some equivalent would make one of the major sources of spam that I get unprofitable.

  11. IDing customers is hard - Obfuscation is *easy* on ISP Responsibility in Fight Against Spam · · Score: 1
    • Identifying customers is *really* hard, which means that it's often not cost-effective, unless you're delivering an access line to a physical location. Credit card numbers don't work well, though they're certainly a start - criminal spammers will use freshly stolen card numbers, non-criminal spammers will just use cheaply obtained debit cards or one-use numbers from privacy-protecting credit card companies, etc. Customer name is useless - businesses can call themselves almost anything they want. Physical address? Mailbox companies are easy.
    • Creating corporations is cheap and convenient. I've seen at least one spammer whose whois information was a "suite" number at "The Company Corporation" in Delaware, which is the canonical place to get a small Delaware corporation for ~$100. if you'd tracked them down and sued them for everything they were worth and had John Ashcroft burn their incorporation papers at the stake, all they'd be out is any money they hadn't spent yet, plus another $100 for their next disposable corporate shell. And that corporate shell might do business under a lot of names.
    • While it's not always easy for consumers to really check the legitimacy of a "business", the kinds of consumers who would even think about doing so aren't the problem. The consumers who buy Herbal Fake Viagra and give all their financial information to "mortgage" companies that send them ads on the net and spend lots of money helping Desperate Nigerian Housewives are the problem.
    • The registrar business is very decentralized now, plus see the previous comment about "it's hard to identify a customer". Furthermore, the registrar business is cheap and highly automated with very little profit margin about the $6 that the Registry overcharges registrars, so registrars can't afford to do real checking, and many registrars make money by letting their customers (e.g. ISPs, hosting centers, etc.) do that work by reselling to end users - and those resellers have even less incentive to spend money checking who they sell the names to. ICANN doesn't have much control over the process, and the way much of it remains stable today is the counter-arguments between "Let ICANN take over from Verisign? Bwah-hah-hah, you're crazy, that'd be even worse!" and "Kick out ICANN? Only the US Federal Government could really kick them out, and then you'd have Ashcroft-lite running it!"
    • DNS support is quasi-separate from DNS registration - any ISP that's spammer-friendly can easily run DNS for the spammer as well, but while it would be nice if non-spamhaus ISPs were better at kicking off known spammers, there's a lot of risk in letting that be decided randomly, and anything that makes it easier to kill the spammers makes it easier to hijack domains.
  12. No need to block 587/etc. on ISP Responsibility in Fight Against Spam · · Score: 1
    • Port 25 is used to deliver messages to destination mailbox servers, and can also be used by non-self-sufficient email clients to hand mail to SMTP servers that are smart enough to locate the destination mailbox server and keep retrying if the initial delivery fails.
    • Delivering unwanted messages to destination mailbox servers is a fundamental requirement for spam. The people who don't mind interfering with legitimate self-sufficient email MTAs/MUAs/peers if it helps reduce spam use Port 25 blocking as a tool for reducing spam.
    • Submitting email to an intermediate SMTP server isn't spamming, because it's not delivering it to the recipient who doesn't want it. The email itself might be legitimate or might be spam, and the intermediate SMTP server might do spam filtering or do rate limiting to reduce the amount of spam that gets transmitted.
    • Traditionally, mail from a non-self-sufficient mail system to a smarter mail system used unauthenticated Port 25, just as delivery did, but the kinds of people who don't mind collateral damage in the cause of spam prevention usually avoid damage by permitting Port 25 submission to "official" SMTP servers.
    • Mail submission from an unknown or anonymous source might be spam, and also might be forgery, and also might be consumption of resources by people who aren't paying you for them, so SMTP servers often authenticate mail submission, either by SSL or other submission protocols or passwords or static IP addresses or carefully tracked dynamic addresses or sometimes even untracked dynamic addresses. Anti-spammers almost never want to block authenticated email, unless of course the user has been identified as a spammer. Even if some customer is using an authenticated submission protocol to reach a mail server outside the ISP's domain, that's Somebody Else's Problem, and that outside mail server can be held responsible for any spamming.
  13. Zombies vs. Open Relays vs. Cracked Servers on ISP Responsibility in Fight Against Spam · · Score: 1
    • Once upon a time, cheap dialup accounts sending lots of spam before they got shut down were the big threat, and forcing outbound email through rate-limiting servers would catch most of it, though they often weren't run as well as you could run your own machine.
    • A couple of years ago, Open Relays were the big spam-forwarding threat, and checking for open relays would catch most of it.
    • Then Open Proxies were the problem, though they're harder to check for.
    • Now Zombies on Cracked Windows Machines are the problem.
    • Next year, Something Else will be the problem.
    Cracked Email Servers don't seem to be a big problem, except for occasional open relays that are easy to detect and close - so allowing users who knowingly run their own servers to send Port 25 mail isn't a big threat (unless they're actual spammers, in which case you hunt them down and kill them) - it's much harder to crack email servers than random Windows boxes, and there are a lot fewer of them. Cracked Windows boxes running Zombieware normally aren't bright enough to request that the ISP enable port 25 - so if the ISP is blocking outbound Port 25, or transparently forcing it through rate-limiting servers, you can catch most of that spam.
  14. Answerbots as a substitute for abuse handling on ISP Responsibility in Fight Against Spam · · Score: 1
    For most ISPs, 95% of their spam complaints can be handled by an answerbot that sends a "thank you, we'll check into that spammer and bust him" response to complaints, and 99.9% can be handled by a followup %s hours later saying "We checked into your complaint and we're closing that spammer's account", and it's only the 0.1% who'll actually bother checking (at least unless the spammer repeatedly targets the complainer using the same name.) If the spammer list-washes complaints, either to take complainers off the list or at least to use a different name to spam them with next time, it mostly goes unnoticed in the flood of other spam.

    Complaints from actual ISPs are a different problem, particularly complaints from your upstream's abuse department. But that just means you need to make sure any of your spammer customers try not to spam the wrong people.

    Cynical? Me? What????

  15. Pay phone unprofitability and Drug War Correctness on ISP Responsibility in Fight Against Spam · · Score: 1
    The reason that pay phones don't accept incoming calls is primarily that they don't make any *money* on incoming calls, and secondarily the political correctness of harassing people who use or sell politically incorrect drugs. (Your local convenience store, where the pay phones don't accept incoming calls, sells far more dangerous drugs, tobacco and ethanol, than the drug dealers they're discouraging.) Pay phones make money by charging a lot for making outgoing calls.

    Political Correctness wouldn't be all that effective if pay phones made money on incoming calls, but they since they don't, it's a good enough excuse for the pay phone company, who would otherwise be criticized for being hostile to poor people who use pay phones and travellers without cellphones. Besides, by now, drug dealers can get cheap anonymous prepaid cellphones, so there's no need for them to use pay phones to return pager calls.

  16. Bandwidth is Free - Abuse Handling Isn't on ISP Responsibility in Fight Against Spam · · Score: 1
    Bandwidth is pretty close to free - if you can afford to have a customer running BitTorrent or doing lots of web surfing or running a web server or running a legitimate mail server, you can afford the bandwidth the same user uses as a spam-relay zombie, and it's actually cheaper because they're not using your mail servers. It's especially true for asymmetric media like ADSL and Cable Modems - the 128kbps or 384kbps upstream bandwidth is a lot cheaper than the 1.5 Mbps downstream.

    Handling abuse complaints from other carriers and random internet users and having your customers bitch you out because your IP address space is on eleventy-three different blacklists which kills their legitimate email, however, is _not_ free :-) If you're an ISP, you've got an incentive to discourage that sort of thing. Unfortunately, if you mindlessly block Port 25, you're breaking the end-to-end principle that makes the Internet friendly to creative users as opposed to couch-potato consumers, and you want to keep them. So you need other solutions. Some ISPs have a policy that Port 25 is blocked by default, but the user can enable it with their regular options-management web page. That's sufficiently friendly to Linux users who *want* to handle their own email, while blocking zombie spam from people who didn't know they were running an SMTP system.

  17. Frogpads Rock! Also Half-Keyboards, T9. on New Standard Keyboard · · Score: 1
    (Frogpad is a one-hand keyboard, with several flavors of shift key, available in left-hand and right-hand versions.)
    I saw Frogpad at MacWorld, and for a few minutes of playing around, they seemed really nice. The ergonomics were comfortable, the extra-shift-key patterns weren't too complex, and it seemed like if I wanted to spend the bucks to buy one, they'd really rock. Unfortunately they were mainly showing off the Bluetooth version, which isn't useful to me, but it was fun to watch a wearable-computing-equipment vendor come up and talk to them while I was there; they also have a USB version that's cheaper.

    HalfKeyboard is another one-hander that's an immediately-obvious win. Unshifted, it's the QWERT keys; shifted it's the YUIOP keys (or POIUY, I forget which, and the shift key is the space-bar in sticky-mode for fast thumb use.) If you've spend way too much time on a standard keyboard, you immediately just KNOW where all the keys are. They were selling versions for the Palm and also USB, unfortunately for left-hand use (which is fine for a right-hander using Palm, but on a PC I'd rather type with my right hand and mouse with my left.) They also have a software driver version that works with standard PCs, letting you use either hand on a full-sized keyboard, but they wanted some ridiculous price for it, I think over $100, because they were selling to the handicapped-access market where there's a willingness to pay.

    For text-only niche use, not programming, I've gotten to really like T9 Predictive Typing on cell phones. It's not always correct, but it's usually correct most of the time, and wouldn't be hard to make it adaptive so you could teach it names you type frequently.

  18. Linksys or equivalent or broken-screen laptop on Just How Paranoid Are You? · · Score: 1

    Check into whether the Linksys or equivalent firewalls can do the firewalling you need (including transmitting the logs). That gets you a firewall box for $50 or so and frees up your PII-466 for more useful work, and keeps your power consumption down and hardware reliability up. Alternatively, eBay seems to be a good source of laptops with broken screens, which are fine for applications like this where you don't need to plug in a monitor very often.

  19. 5/hour is Too Low, Arbitrary on ISP Responsibility in Fight Against Spam · · Score: 1

    A normal Sendmail implementation will create a separate Port 25 connection to each destination mail server, and may group a message to multiple users at the same destination domain or MX together into one transmission. If you send mail to more than 5 people in any hour, that would probably incorrectly nail you as a spammer. Even mail to all of my family would blow through this - a recent family reunion message went to about 30-50 people. I also run a couple of mailing lists for small social groups; one of them has about 250 users, and another one used to be about 1000, though they ran on other people's DSL lines rather than my own. Also, I'm perfectly capable of writing more than 5 rants an hour on some mailing lists - or when I've had my laptop on the road for a day and get back to the DSL and transmit all the mail I've written, it can be quite a lot more.

  20. Breaking the End-To-End model is EVIL on ISP Responsibility in Fight Against Spam · · Score: 1
    Blocking Port 25 outbound for everybody is irresponsible, mean, nasty, evil, and a bad idea, just as blocking Port 80 inbound or Port 25 inbound is mean, nasty, evil, and greedy. It's breaking the end-to-end model that the Internet is based on. Port 587 is a partial workaround - it lets you take your perfectly capable well-administered machine and connect to some service provider who may or may not be more competent than you just to get around a broken ISP.

    However, there are ISPs with a middle-ground approach - Port 25 outbound is blocked by default, and you can turn it on by going to the administrative website and doing enough login/password/turing-test authentication to show you're not a zombie and choosing that option, along with whatever other firewall options you want. That's reasonably responsible, both to the Internet end-to-end model (it's letting you set the "ends" of your network flexibly) and also to the anti-littering needs of the public. It means you're not being dishonest about claiming to offer "Internet" access when actually selling "walled garden" services, but it means that people who really don't plan to run real email systems don't need to worry quite as much about their machines being abused.

  21. "ISP" fronts for Spammers - Moving Target on ISP Responsibility in Fight Against Spam · · Score: 2, Interesting
    Every big spammer knows about AGIS, the big ISP that lost all its connections to the rest of the Internet when their spammer-friendliness became well-known enough that they not only couldn't get peering with other ISPs, but couldn't even buy transit from anybody and their last few upstream providers kept getting pressured by the rest of the world. Lots of smaller spammers try the smalltime fake-ISP-front game - the ecology of hosting centers is sufficiently dense, with colocation companies renting rack space and bandwidth or crossconnects to ISPs and computer hardware leasing companies which lease them to managed operating system companies which lease them to managed hosting application companies which provide web page hosting service to end customers, wholesale email service to freemail providers, and virtual machines to end users, and you can play whack-a-mole for a long time before you find which layer is really the spammer, which layer is a fictitious business name also run by the spammer, which is a spammer-tolerant service provider company, which is an innocent but clueless company that really had bad customers paying them with stolen credit cards, and who needed whacking.

    Scotty Richter's OptInRealBig gang had their big pet ISP, named something along the lines of "wholesale bandwidth". AFAIKT, they mostly did business for Scotty, but they also sold bandwidth to other people, and they normally dealt with problems by explaining how they were shocked, shocked! to discover that one of their customers was a spammer! and would take care of them right away, usually by having their "customer" list-wash the complainer's address (they really *were* scrupulous about taking complainer's addresses off the list, though I had no way of knowing if they also resold the lists of complainers to other spammers), or worst case, by "getting rid of" their "bad" customer (i.e. renaming herbal-fake-viagra.com as fake-herbal-viagra.com with a different IP address on a different virtual server in their /19 block, or sometimes even "getting rid of" a whole virtual server, and giving it a new IP address.) Because they were pretending to be an honest, CAN-SPAM-law-abiding whitehat spammer, using their own IP address space, it was easier to trace them than the usual zombie-burning spammer, and I helped out with one or two rounds of complaining to their upstream providers when they got kicked off of one and found another. It usually required a couple exchanges of "No, I wasn't complaining to you to get them to 'investigate' and take my email address off their list, I was complaining to you to get you to cut them off unless they stop spamming entirely, which they're still doing, and I won't give you the email address they spammed, just the headers, and by the way they appear to be abusing a supposedly-inactive BGP Autonomous System Number" until they were cut off. Companies that *are* trying to hide are much tougher to get rid of.

  22. Spamblocking Whole Countries and DSL ISPs on ISP Responsibility in Fight Against Spam · · Score: 1
    Why does anybody's choice of connectivity provider have anything to do with their choice of email provider? Sure, my DSL ISP gives me a mailbox and a shell account, but all I do with that mailbox is set it to forward to my real email to handle occasional administrative messages from the DSL folks.

    Blocking whole countries by default, without giving the users a choice about it, is rude, stupid, xenophobic, and a good reason for your customers to leave en masse.

    On the other hand, *offering* email blocking by country, character set, favorite-blacklist, etc. is a really good thing. The EMail Service Provider where my main email address lives recently started doing this, and since I don't get any legitimate email from China or Korea or Brazil, I have the spam-filter set to flag some and block others. I do occasionally get mail from real people in Japan, though unfortunately (AFAIK) my ISP doesn't offer blocking by character set, so I still get two spams a month in Japanese, which I don't read, and have to use my email client's filters to discard. I still get spam, but I've had that email account splattered all over internet mailing lists for a decade or so and there's no way to keep harvesters from finding it - but my other main ISP has a good Spamassassin setup and not much gets through them.

  23. Does it run on WINE? on Gecko-based K-Meleon 0.9 browser Released · · Score: 1

    I'm assuming you can run WINE on top of Slackware....

  24. Nope, US passport. on American Airlines Information Gathering · · Score: 1

    When I was travelling in Eastern Europe in the early 90s, the immigration polizei did stop the train at the borders and inspect all our papers in a couple of places, and hauled off some Turkish-looking guy at one stop. But especially travelling by train or ferryboat, it was expected that staying at penziones was normal, and since the relative elimination of passport control between EU countries, I got less of that.

  25. [Airportname] Marriott on American Airlines Information Gathering · · Score: 1

    Sure, you Cubs fans know that the address is less recognizeable than 1600 Pennsylvania Ave :-), but if Chicago's not on your itinerary, almost every major airport has a Marriott on the grounds or near by, and nobody knows the address because they get picked up by the little shuttle-bus. If you prefer a lower-end hotel, Comfort Inn seems to be more common than Motel 6, and if they check, the "damn, the travel department always loses my reservation" seems to work.