Slashdot Mirror


User: billstewart

billstewart's activity in the archive.

Stories
0
Comments
7,948
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 7,948

  1. Numerical Assumptions make it succeed or fail on Impoverish a Spammer Today · · Score: 2, Informative
    Tweaking the numbers differently can make this kind of system look like it will succeed or fail. Some recent reputable papers have been looking like it's more likely to fail - too many zombies out there, so if the zombies bother to include CAMRAM support, they can win. It's harder for the zombies to win if every message requires computation, but if each sender only has to do the computation once per recipient, and not on every message, then it's way too easy for the zombies. On the other hand, that makes it easier to detect and blacklist the zombies as well.


    It's obviously a bad idea to build a system that only lets a reasonable machine send 10 messages per day - probably even 100 per day is too low, depending on your applications. 1000 is usually fine. It turns out that there are calculations that scale based on memory speed rather than CPU speed, so there's a much lower spread between the slowest non-palmtops and the fastest CPUs out there (like 4:1 rather than 20:1). But even if each zombie can send out 10,000 messages/day instead of 10,000,000, that slows them down enough that you can detect them and kill them (or at least blacklist them...)

  2. Re:I will save you one step... on Impoverish a Spammer Today · · Score: 1
    It's basically simple to add, once the standards settle down and make up their mind. The details depend on whatever DNS system you're using, but you're going to add a TXT record to the DNS entry for your domain (or for your email system, if it looks like user@smtp.example.com etc.) The original SPF version was fairly simple, but Microsoft wants to bloat it up with XML to make it more powerful and flexible and hard to fit into a 512-byte DNS record, and it sounds like that's going to happen. Go to spf.pobox.com and check out the wizard.

    The hard problem is making sure you're really always going to try to send mail from the IP addresses belonging to your domain, which may require you to build SSL-encrypted SMTP submission into your mail server if you don't have that already. But that's a usually good thing to have.

  3. Only CAMRAM users need to whitelist you on Impoverish a Spammer Today · · Score: 1
    And they'll have to whitelist their other mailing lists as well or get dumped off all of them. The problem is that whitelisting only works well in conjunction with forgery prevention - that either means some kind of identity mechanism like SPF, or digital signatures of some sort. Those also have their problems, but SPF will probably happen on a number of bigger machines and become supported by a number of mail-handling tools.

    The CAMRAM folks don't like identity mechanisms, because there are huge risks to privacy, risks of government abuse of power, and risks of spammers cracking them. On the other hand, digital signatures burn CPU (though it's not bad if you can do just one signature per message multicast to the list.)

  4. LCD iMac isn't small on Mobo for Vertically Challenged Devices · · Score: 1

    It's cute, but that's a big honking base on it. Some of its size constraints include having enough weight to balance the monitor (otherwise you'd probably have to screw or clamp it to the desk), room for disk drives, and room for CD/DVD/etc which are non-trivial size.

  5. You weren't using your upstream much anyway on Slashback: Civilians, Rubyx, Restrictions · · Score: 1
    First of all, if you're greedy, this gives you a way to download the stuff you want, when you want it, without getting stuck behind everybody else who's also trying to download today's Slackware release from their hopelessly overloaded mirror site. Because the more people trying to download at once, the faster it goes (well, mumble, unless the tracker gets overloaded like Slackware's did yesterday, mumble mumble.) And if you're not greedy, but you _are_ cheap, it's a way you can offer large files you've developed to the public without getting swamped by people downloading from you; put out the torrent and let them share it with each other.

    But yes, altruism is a big part of it. But it's altruism that doesn't cost you anything, because if you're like most people, you weren't using your upstream much anyway, except for file sharing (think of this as different file sharing.) (It's only burning downstream bandwidth when you're getting new stuff, not when you're forwarding old stuff to other people.) Sure, you need to keep some upstream bandwidth for TCP ACKs, and sending email, and it would be nice if there were a way to prioritize your outgoing traffic so that applications like this get extra-low priority.

    Another reason that, if you're a greedy person, you want to be altruistic is so that when you want to get stuff, there are people out there sharing it. This works best by having a community in which people share stuff a lot, which works best when they can trust the community to have things they want when they want it so they'll bother installing and running the software.

    If you're running a web server that gets a lot of traffic, then that's a different matter, because you need the upstream bandwidth you've got. And if you're trying to have a video-conference with somebody, you need the bandwidth, so put your file sharing application on hold for a while. If you're trying to do Voice Over IP, make sure your file sharing software limits its upload bandwidth to less than your max upstream speed, and even then you might need to hit the Pause button while you're on the voipphone if the sound quality gets bad. But otherwise, you usually aren't losing much by running a well-tuned Bittorrent-like application. I don't know if WhiteWater is well-tuned or not; haven't played with it. BitTorrent can be.

  6. Bits vs. Bytes, and overloading uploads on Slackware 10.0 Officially Released · · Score: 1
    You were getting 20-25k BYTES per second, which is about 160-200k bits per second.

    But yeah, if you're trying to cram data into the DSL pipe faster than it has room for, it's going to queue a little bit of the excess and drop the rest, and you can get into trouble with retransmissions, as well as trashing your other data. Another problem is that any protocol that depends on ACKs, including TCP, is really much happier if the ACKs don't get delayed or lost, and keeping your Bittorrent transmission rate lower than your upstream speed makes a huge difference in that.

  7. Bad Web design - download more pages on Next Knoppix Release to Feature GPL'd FreeNX · · Score: 1

    Back before it got slashdotted, I checked out web page to see what NX was. If they even put a sentence or two at the top of their web page saying "NX is an accelerated replacement for the X Windows transmission protocol" or something more precise than that, I wouldn't have had to check out the screenshots page to see if that would provide any more information about what the product did. It didn't, but it burned a bunch more bandwidth not saying what the product does.

  8. Thanks for a coherent explanation! on Next Knoppix Release to Feature GPL'd FreeNX · · Score: 1

    Nomachine.com's web page sure doesn't say anything useful, and you've done it in one sentence! I couldn't even tell if NX's use of the term "server" was the database terminology ("server's a program on a big box in the back room and client's an application on your desktop that connects to it") or the X Windows terminology ("server's a program on your desktop that draws stuff, and client's an application that runs somewhere, like on the big database server box in the back room.")

  9. Tracker for Disc 2 having trouble. on Slackware 10.0 Officially Released · · Score: 1
    I'm running BitTorrent on Disc 1 (and had a nice friendly 110% upload ratio until an hour ago, when a couple of peers dropped out and my download speed zoomed to 70+kbps, making me look like an 80% slacker :-)

    I was running BitTorrent on Disc 2 also, and got about 85% downloaded when the tracker dropped me, and I haven't been able to reconnect. Anybody have a way to check if the tracker's died and kickstart it?

  10. Bittorrent Fairness / Leech Prevention Causes That on Slackware 10.0 Officially Released · · Score: 1
    Bit Torrent works because everybody who's downloading is also creating bandwidth by uploading to other people. Since the number of bits that get downloaded is obviously equal to the number of bits that get uploaded (less occasional lost bits), both per second rate and long term quantity, so in the long term, BitTorrent only works because the amount of bandwidth people offer for uploading exceeds the amount of bandwidth people actually use for downloading, and it also only works if enough people are generous with allowing uploads after they're finished downloading to make up for the freeloading leeches who disconnect after they've gotten their downloads finished.

    So to enforce this, Bittorrent has a general tit-for-tat policy that your download rate is limited to your upload rate unless you're getting lucky, and a bunch of tuning to try to optimize things so that people with high upload rates get extra lucky on excess downloading bandwidth a lot (so the system can keep their uploads full) and in general.

    Your bandwidth looks like your upload and download rates are pretty balanced, at about 200 kbits/second. Depending on your DSL circuit, that's not too bad - slower ADSL is limited to ~128kbps upstream, faster US ADSL is often 384kbps upstream, and you're in about the middle. Cable modems in the US are usually limited to 128kbps or 256kbps upstream. You can often do better than this downstream - in the last hour, my upload rate has usually been 10-14 kB/sec (mostly filling my ADSL 128kbps upstream, though I use a client that lets my throttle it to about 90% of maximum capacity so my other applications don't starve), and my download rate has sometimes been 6-10 kB/s,
    but is currently cranking at 72 kB/sec, because there are some fast seeds or fast peers available right now that don't have anybody else to feed (with 15 seeds and 6 peers.)

    What I often see is that downloading popular distributions goes slowly for a while after release, but often I get huge bursts of download speed overnight, because people's downloads finish after they've gone to bed and get left on for uploading, while other people aren't starting many new clients to use up the available speed.

  11. Re:Sound familiar? on U.S. Supreme Court: Public Anonymity No Right · · Score: 1

    A friend of mine was riding in the back seat of her car while her teenage kid drove and another kid rode in the front seat. (It didn't help that the car color was "arrest-me red", of course. This was in semi-rural New Jersey.) Cop pulled them over for no good reason and started harassing the kid. She leaned forward to where she was a bit more visible and asked the cop what his problem was, and suddenly the cop's attitude changed, because he was of course harassing kids just because he could.

  12. Re:Sound familiar? on U.S. Supreme Court: Public Anonymity No Right · · Score: 2, Interesting
    Some blacks are criminals, and I won't trust any of them who are pointing guns at me, Ever. Some Italians are mobsters, and I _won't_ trust any Italians pointing guns at me and telling me it's an offer I can't refuse, Ever. Some Russians are mobsters, and I won't trust any Russians pointing guns at me, Ever. Some Arabs are terrorists, and I won't trust any Arabs who kidnap me and threaten to kill me, Ever. And every on-duty cop I've seen has a gun and a stick, though usually they're only waving around the stick, and most off-duty cops I've known have another gun on them as well.

    There are cops I've had nice pleasant conversations with even when I've done something wrong (like the guys in rural Colorado who stopped me and told me that they'd clocked me at 69mph when we both knew I'd probably been doing 75-80.) Friendly guys, and they'd established up front that they were being friendly and I ought to be cooperative, and I appreciated the warning that I'd gotten to an area populated enough to care about speed limits. On the other hand, the cops who arrested me for photographing them when they were backing up their buddy who'd ripped off a friend's car radio were lying thugs who should have been canned from the force. Too many of my local cops are bullies - I've had them use force on my because I took too long getting my license out of my wallet when they had their headlights pointed in my mirror, and I've seen them shoving a couple of black guys to the ground and handcuffing them (ok, they _were_ breaking into a car at 3am, but they asserted it was their own car and the driver had left his wallet and keys on the seat - about half an hour later, the cops were busy apologizing, because it _was_ their car, as demonstrated by the wallet on the car seat.) I've occasionally driven out of a brightly lit parking lot with only my parking lights on, not my headlights. The older local cop who saw me do that flashed his lights at me and waved when I turned my lights on; the younger cop who saw me do that was Mr. Testosterone who wanted to yell at me about where I was going and whether I'd been drinking. I had my van break down in a nearby rich neighborhood at 1am once, and had the hood up pouring water into the radiator when the cops showed up. Did they start by asking "Need any help?"? Nope - it was "!License and Registration!".

    I've had friends who were cops, and I've got some inlaws who are cops. I've also done some firearms training with cops who are friends of friends - being a cop is often scary shit, and one of the reasons you can't trust cops is that if they don't understand what you're doing, they tend to get scared and do the macho intimidation overreaction thing because it's occasionally a lot safer for them than not doing so. Older cops are usually safer to be around, because most of them are over the bullying power trip thing if they had that, and most of them have enough experience and maturity to deal with most situations. But some of them are experienced Bad Cops, and there are situations like domestic disputes and bank robberies that are always unsafe and unpredictable.

    And given your signature line, you've probably also read The Phoenix Guards. Remember the scene in the tavern where our four friends get in a fight with the other guard unit, and what insults led to the fight?

  13. No, it's quite bad, even though it's name only on U.S. Supreme Court: Public Anonymity No Right · · Score: 1
    The court didn't say "It's unConstitutional to require your papers" - the court said "Nevada's law doesn't require you to produce papers for police, only to demand that you give your name, and that's Constitutionally ok, and that used to be a legally gray area but we think it's a reasonable expansion of the powers that states can give themselves." (Not quite in those words, obviously, but that's what the majority opinion says.)

    But if you go look at what really happened, the cop didn't demand that Hiibel state his name (at least in any of the parts of the tape that were audible enough to get on the transcript), the cop demanded that Hiibel produce papers - repeatedly. No assertions about "ok, if you won't show me your papers, give me your name as required by law" - just increasingly voluble demands for him to show ID. And the court let them get away with that, and upheld the conviction because Nevada's law does let cops demand names and Hiibel didn't volunteer his name.

    About 20 states have laws that allow police to demand your name - the Supreme Court majority opinion lists them, but doesn't say how much more each state tells cops they're able to demand. You should probably go check if you live in one of them. But realistically, don't be surprised if the other states all quietly make laws requiring this, encouraged by Homeland Security or the American Association of Motor Vehicle Administrators or some other shills.

    Of course, if you're driving, and have a driver's license, state laws pretty much all require that you produce it. (I don't know if this applies in non-state jurisdictions, such as US colonies like Guam and Puerto Rico, or Indian reservations, or military bases with Federal police, etc.) If you've got a license with you, but aren't driving, the rules may depend on your state law.

  14. Even Greyhound sometimes demands ID on U.S. Supreme Court: Public Anonymity No Right · · Score: 2, Interesting
    Greyhound's also started cooperating with the Homeland Security thugs. Not everywhere, but in their big stations. My brother was travelling a couple of years ago, and his return trip took him through Chicago, where they demanded that he show ID before they'd honor his ticket. I forget if he ended up suing them or just escalating his complaint a lot. Furthermore, they're letting cops get on busses to demand ID from people and demand to search their bags - a Supreme Court case a couple of years ago upheld the conviction of a bus passenger who had marijuana discovered in his bag, because citizens are supposed to know that they can refuse illegal searches and he didn't.

    Back when I was in college in the 70s, bus tickets and train tickets and airplane tickets weren't things that only applied to one particular person who'd been granted permission to travel - they were bearer tickets that said you'd paid for your seat.

    Getting around in a car _does_ often require you to carry papers. Cops can stop you any time they feel like it and demand them. Usually they only do this if you've done something either wrong or suspicious-looking while driving, but if you think that cops can't or don't ask for papers without that, then you must be a clean-shaven short-haired white boy who didn't start driving until you got out of college and acquired a clean non-sporty-looking car. Furthermore, many state and local police run sobriety checkpoints on heavy-alcohol weekends and inspect everybody's papers when they go by.

    Back when I lived in New Jersey, I was once stopped at a checkpoint coming back from an election-night party, and the cops were not only asking for my papers, but asking where I was coming from and where I was going. Unfortunately, at that time I had a burned-out taillight that I did not want to call attention to, so I did not tell him what I was thinking, which was that I was going to America but had obviously made a wrong turn and could he direct me back across the border.

  15. Not Trusting Cops vs. your signature file on U.S. Supreme Court: Public Anonymity No Right · · Score: 1
    I've also seen lots of small-town cops who are thugs, and big-city cops get to be professional thugs if they're corrupt. There are lots of good cops out there, but as you say, if there are a few like this, you can't trust any of them. I've also run into situations where cops are undertrained for some situations they get into and react badly out of feat or cluelessness - one of the cities near me seems to train them to deal with uncertainty by going for maximum aggression and domination of the situation, because it's often safer for the cops, and sometimes for the public, than if they make a mistake in the opposite direction.

    Somebody has a line about how there have been fake cops accosting people, so if somebody stops you, how can you tell if they're really a cop, or just a guy in a cop suit, which come to think of it, is really all a cop is?

    But your signature line is encouraging people to support Jim Feldkamp for Congress, who was recently an FBI agent (i.e. a cop), and who lists one of his big issues as Homeland Security, in particular getting Homeland Security interfering with\\\\\\\\\\ protecting small towns like yours, not just big cities. Homeland Security are the folks who want to take away our civil liberties wholesale, unlike your small-town thug cops who just want to take them away retail. Furthermore, Feldkamp's web page doesn't list what party he's running under - is he an independent, or a stealth Republican, or a stealth Random-Right-Winger-Party? What baggage is he bringing with him, other than cops looking under your bed looking for Terrorists? I certainly hope someone with that background isn't claiming to be Libertarian, or if he is, I hope the Libertarians notice.

    bill

    dot

    stewart

    at

    pobox

    dot com

  16. You don't have it correct on U.S. Supreme Court: Public Anonymity No Right · · Score: 1
    The Nevada law, which the Supremes cravenly upheld in this case, isn't about people who've been arrested - it's about people who _haven't_ been arrested, and says that cops can demand names from them. If your state doesn't have a law about the issue (only about 20 states do), then it doesn't. If you have a driver's license with you, you may have to show it to a cop who demands it (definitely if you're driving, and depending on state law, potentially even if you're not driving but have it with you.) I don't know the rules for Green Cards or non-citizens with passports/visas.

    But if you've been arrested, and don't have a driver's license or other special case, the rules are all different. According to the Brown vs. Texas case, you don't have to give your name, and they can book you as a John Doe.

    That's not always your best move legally :-(), especially if you're not guilty of anything, or if you _are_ guilty of something, but you can do it. Remember that police can usually get away with holding you for up to 48 hours for no particularly good reason, and if they happen to bust you on a Thursday and the 48 hours expires on Saturday and there's no judge around til Monday, well bummer for you, 'cause John Doe doesn't get out on bail or on his own unrecognized recognizance.

  17. Lying to cops is generally illegal on U.S. Supreme Court: Public Anonymity No Right · · Score: 1

    There are lots of things that you don't have to tell cops, but if you do tell them, you can get into much bigger trouble for lying. So you'd better not go using Wrigley Field as your address unless you live there, but you can do just fine with "General Delivery, Your-town, your-state". And you'd better not use that kind of name for police, but you can probably try "Bob. Just Bob" if you want (or whatever your first name is.)

  18. You can download their programs free on Confession For Two: A Spammer Spills it All · · Score: 3, Interesting

    If their web site is working well enough to poke around on, you can download their programs for free. There's the main send-safe program, some harvester stuff, a "honeypot detector" for finding anti-spammer honeypots, email address verifiers, etc. The stuff looks like it only runs in demo mode (limited number of addresses per run, etc.) unless you buy a license code. The terms of use talk about not using it to illegally spam, but don't say anything about not reverse engineering it (though I haven't tried installing any of the software.) It'd be interesting to see what tools they use for detecting us, and how we can work around them, and of course all that downloading burns their bandwidth, which they're probably paying for by the megabit.

  19. A few big ones, many small wannabees on Confession For Two: A Spammer Spills it All · · Score: 4, Interesting
    The Top 200 spammers on Spamcop's ROKSO list are probably mostly making a lot of money, except the ones who've recently dropped out of sight (Anybody gotten spam from OptInRealBig lately? We may have killed them.) But there are a lot of smalltime wannabee operators like this columnist's S.Pammer who think they'll make money fast, get ripped off buying shoddy spamware products like that disk of 60% useless names, and either lose money or make less than they could working at MacDonald's. And if you _are_ big and successful, you need to worry about hiring lawyers to defend you against multi-million-dollar lawsuits and hiring hackers to get around anti-spammer techniques and hiring actual professional money-launderers to get your ill-gotten cash out of Nigeria.

    The other people who make money, of course, are the people selling the Herbal Fake Viagra or whatever the product of the week is, because their costs are significantly less than what they're paying the spammers that sell it. Mortgage brokers who pay spammers for leads may be winning or losing - spammer-generated leads are likely to be low quality. Pr0n sites sometimes make money and sometimes lose it - they have to generate enough material to get people to actually pay them rather than just looking at the free sample material, and ISPs often charge them more because they're a high-bandwidth business that's highly likely to fail.

  20. Tracking the real cost - it's Wasted Time on Confession For Two: A Spammer Spills it All · · Score: 1
    If you're an email provider, then spam costs you big money. Otherwise, it's almost free - the amount of bandwidth I spend Slashdot exceeds the amount of spam I get in a day (though that's after lots of filtering.) The rest of my bandwidth is much larger than that, and banner ads add up to more bandwidth than the spam I don't filter out, and that's not even counting the BitTorrent I'm usually running to serve the latest Linux distribution because bandwidth is basically free.

    The most important cost of spam is Wasted Time. For businesses, it's time their employees could be spending doing productive work; for home users, it's either time spent working or having fun, and it makes the Internet experience less full as well. Like telemarketing, it's an annoyance and waste of time, and because it's much cheaper to send than telemarketing calls, there's lots more of it, but it's basically the same kind of problem.

    Junk faxing is illegal in the US, because when Spamford Wallace invented the Junk Fax industry, the costs of junk faxes and the annoyance of having your machine run out of paper were significantly annoying. These days, receiving faxes on real paper is kind of antique - if you're not using an email-based server, like EFax/JFax/etc, you've probably got some kind of PC with a modem card that lets you decide whether to print, so the cost is lower. But it's still annoying.

  21. Evils of NAT on How To Avoid Viruses At Windows Install Time? · · Score: 1
    I do in fact work for an ISP that charges extra for additional ISPs, but that's not related to my assertions :-) I also get my DSL from a local provider that offers static IP addresses for a reasonable fee, though they charge more for their basic service than some of the newer dynamic-addressed DSL providers.

    I didn't say NAT isn't useful for some things - I've also got most of my PCs behind a NAT firewall, because they need some kind of firewall and because it's the lazy approach to DHCP support (otherwise I'd need to program the static addresses into all the machines, including the ones that really are client-only.) NAT's not the best kind of firewall, but it's a start, and I can hang any reasonably-safely-configured servers off the DSL directly.

    But it still breaks the model that lets the Internet work well.

  22. Hardware's easier and safer on How To Avoid Viruses At Windows Install Time? · · Score: 1

    It's nice that the firewalls are on by default in SP2, once you've got SP2 installed. Plug the cheap hardware device in to your network connection before you try to use them. Once you've got everything really configured the way you want, _then_ you can _think_ about removing the hardware firewall.

  23. Hardware Firewall Appliance, not just builtin on How To Avoid Viruses At Windows Install Time? · · Score: 2, Informative
    Some of the people replying to this message seem to think you're talking about XP's built-in firewall features. While they may be nice, a cheap hardware NAT firewall is just about a necessity for installing Windows safely, because you need to reduce the rate of attacks until you can get all the updates installed, which might include firewall updates.

    NAT is an evil abomination that breaks the Internet's end-to-end model, but for machines that will really never receive incoming connections (VOIP, games, IM, etc. as well as web servers), it's cheap insurance, and for machines that aren't ready to connect to the net, like unpatched Windows, it's pretty much essential. And once you've got your machine patched, you can then open up whatever ports you want on your firewall, if it's bright enough to do that.

  24. Scandinavians all look alike to you, I suppose :-) on Skolelinux Project Releases Version 1.0 · · Score: 3, Informative

    Actually, Linus is from Finland, and he's part of the Swedish-speaking ethnic group in Finland, who are left over from when Swedes were the big imperialist power of the North. Swedish is close enough to Norwegian that they can mostly understand each other without having to resort to English (but Linus does speak English quite well :-), as opposed to Finnish which is significantly unrelated.

  25. February is old news - what's happened since then? on Broadband Over Power Lines vs. Radio Relayers · · Score: 4, Informative
    The article's from February. Here's the January Slashdot Discussion. Has anything new happened? In particular, how are the recent discussions about using powerline data transmission to feed 802.11 local distribution going? That offers a lot of potential to reduce the amount of wired transmission that can cause interference.

    Articles about BPL that get technical often bring up comparisons between how it works in the US vs. Europe. For various historical/technical evolution reasons, including population densities, the two sides of the pond have much different concentrations of number of users per power transformer, and supposedly the technology makes a lot more economic sense in Europe. In the US, one of the more interesting markets is rural access, where distances are too long for DSL and cable TV isn't very common - satellite's an obvious alternative, but satellite latency is annoying. Non-Amish farmers have tended to be fairly wired for a long time - the commodities and futures markets have a major impact on how you can get the best price for your crops, and even old modems and Apple IIs were good enough to get trading information and text-based weather reports, but more bandwidth is always better.

    But the other obvious market is that it's another wired or near-wired access method to get bits to your house, besides the Phone Companies and cable modems, which means it increases competition for the phone business as well as data business. Power companies already have a certain amount of potential simply from owning right-of-way, though sometimes the phone companies own the poles, and state Public Utility Commission regulators often create all kinds of strange rulings about who can do what with the shared assets (a problem cable tv companies have had, especially when they want to sell bandwidth on the fibers they run in shared right-of-way.)