Their PDF blurbs talk about the ozone question, and say that the stuff breaks down in about 5 days in sunlight and doesn't bother the ozone. It doesn't say exactly what happens to the Fluorine in the process, but it does say that it's much different from the hydrogen-fluorine-carbon compounds like Freons. From what I remember, the freons catalyze the breakdown of ozone; perhaps the breakdown products from this compound don't do that (e.g. maybe the fluorine atoms all end up as F2.)
Feeding the Spam to DCC/ Vipul's Razor / etc.
on
Paid To Spam
·
· Score: 1
There are IP-based blocklists, but there are also message-content-hashing systems like Vipul's Razor, DCC, etc. that block messages that are roughly identical to reported spam. If you're a good enough firewall hacker to build something that captures the message and feeds it to those services, you're probably already running your own email (:-), and of course your ISP's AUP almost certainly bans you from sending the spam, but it's an entertaining gedankenexperiment.
The billboard on 101 in Redwood City CA is dangerously bright - too distracting at night. It has been real tempting to get some of my gun-owning friends together and take care of the problem, and it's really more of a job for an AK47 than a 22. (Actually, thermite on the supports, or big wire-cutters on the power feeds are more appropriate.) Even spray-paint would do just fine.
I don't mind that it's Clear Channel, though that's certainly worth a couple of extra Brownie(tm) points, but it's just way too bright.
It did have a dud pixel for a while, but they seem to have fixed it.
Isn't that called "Gossip" and "Rumors"?
on
P2P News Syndication?
·
· Score: 2, Interesting
I mean really, why have we let professionals think they've taken over the entire news business? Sure, they do a good job of many kinds of news reporting, and of collecting interesting stories, and they've become a really important part of modern society but fundamentally lots of news has always been more personalized, more subjective, and has had a much wider range of biases than The Official Sources. So they shouldn't be shocked that there's still amateur news distribution around. And that's much more true in the technology business, where so much of the commercial press does little better than reprint press releases.
And yes, there's a level of quality that you can get from professionals, but don't think that "objectivity" means there isn't a lot of bias. I'm not talking about the US's "Liberal Media" that the right-wingers whine about - the actual media are radically biased towards the Establishment, and if you want to find some actual liberal media you need to listen to Pacifica Radio or read leftist web sites. National Public Radio is relatively liberal in its cultural content, except for an obvious bias in favor of music by Dead White Europeans, but if you look at its poilitical coverage, it's still basically believing that the government that funds it are a really good thing, even if there are occasional individuals it doesn't like.
Oh, and back to the reliability of P2P-distributed news, did you hear that thing about Bush's trouble with Duct Tape?
You have to think about threat models - a system that lets one person crack every box on the internet is much more dangerous than one that requires physical access to the box to get information or physical access to the console port or reset button, and you have to decide whether you're worried about protecting secrets if the box is stolen or if that's not your problem.
The standard solution to this problem is to have the password be the serial number for the box, which you can read off the tag on the back. That way, somebody who has physical access to the box can still crack it, but you can't just attack an arbitrary box from across the Internet, because the formula depends on something that a random cracker won't know. Another variation is to use the MAC address for the box, which can be gotten by other boxes on the LAN, but is still mostly safe. And many types of hardware only let you use the administrative login from a specific port, typically a serial console port or the LAN side of a firewall or something, or only let you use the administrative login within N minutes of rebooting the box.
Somebody else mentioned the option of having a unique password that's based on the serial number of the box, which you can only get by calling the manufacturer. That's useful for your paid-option problem as well, and you can either keep a database or have the formula be "hash the serial number with a password that only the manufacturer knows", implmemented in some cryptographically strong fashion. The customer will normally do the administratively correct thing, which is to write the password on a yellow sticky note and tape it to the top of the box.
One of the common network administration problems that software tools aren't very good at is finding where wires go when they're behind furniture or walls. Wires are pretty much like string, and my cats like to chase string, so I send them out to chase the wires, listen for the thumping noises, and see where the cat comes out. Doesn't work every time, and sometimes they'd rather chase mice than wires, but one of my cats really like chomping on RJ45 jacks, so if I suspect that a problem is related to an unplugged RJ45, he's the one for the job.
Anonymous speech is a critically important part of free speech. Legality's not very useful at stopping technical problems unless it's easy to implement technical implementations, which it's not here. Also, there are two or three different kinds of "forgery" which have radically different effects, and some confused legislators are in the midst of trying to write laws that presume incorrect semantics.
Forging a real person's name and address non-obviously is a Really Bad Thing - they get hit with bouncegrams, possible flames, possible blacklisting, and possible loss of reputation.
Forging a real public figure's name in a way that's obviously fake is less of a problem, because the risk of lost reputation is much lower, but forging their address can still hit them with the costs of bounces. Claiming your email from George Bush or Pamela Anderson is obviously bogus.
Forging a fake userid at a real domain such as asdfghjkl12345@yahoo.com is still a problem, because the domain gets hit with the bounces and other administrative costs, and the big email providers' lawyers would argue that it interferes with their reputation, though you could argue back about that part.
Forging a less-obviously-fake person at a real company is also a problem - "Joe Wilson, Chief Virus Detection Director at McAfee" could be bad, if the message content is consistent with that (as opposed to being yet another Viagra ad)
Forging an obviously anonymous address such as JohnDoe@example.com or fajlkjasjkdasd@ssadhkljfdsaffdsafdsaf.com or nobody@nowhere.com or postmaster@localhost is entirely different - you're not impugning the reputation of a real person or causing there to be any cost to anybody (the IANA people who decided to assign a real IP address to example.com or the individual who registered localhost.com deserve whatever traffic they attract:-)
username+tag@domain.tld does have the risk that spammers can remove the tag, assuming that you accept mail to username@domain.tld with no tag (yeah, almost everybody does:-)
tag@username.domain.tld or tag@mydomain.tld makes it harder for the spammer to guess what to use as a default. At fastmail, tag@username.fastmail.fm is translated to username+tag@fastmail.fm, so as dictionary attack generally spams the whole account.
something@tag.mydomain.tld _is_ kind of cute, assuming you countrol your DNS - you can map unwanted tags to 127.0.0.1 or 192.168.255.255 to deflect the spammer, and you'll never see the blocked attempts, but that does mean that there's one extra semantic token for any human using the address to remember, so you might want to make "something" something boringly obvious, like the same as tag, or "mail" or yourfirstname or whatever, or else use something derived from their message.
Remember what Daksh does. They provide call centers in India that American companies hire to answer phone calls from Americans (and sometimes other people.) Now instead Daksh sales people chasing down American companies to hire a Daksh call center in India, IBM sales peopel will be chasing down the American companies. Some of those sales people will be the current Daksh sales people, but current IBM sales people will also be able to sell the Daksh call center's services.
IBM isn't buying them to get Indians to answer phone calls for Americans who want to talk about IBM products - they want them answering questions about IBM's customers' products.
We've got full tanks of kerosine and Lox, half a pack of cigarettes, it's dark, and we're wearing spacesuits built by the lowest bidder..... hit it!....
One of the canonical Internet security threats was always "some college student with lots of resources and technical skill and too much time on their hands" attacking your system. If you're running the Internet security for a university, a firewall is not going to keep that kind of threat _out_, because the students are already _inside_. (Ok, it'll discourage students from other colleges from hacking your college, but the most motivated threats are already inside your firewall.) Protecting administration computers is a different problem from protecting student computers, faculty computers, and shared workspace computers. Some of this can be helped by appropriate partitioning, and Schiller's point about keeping all the machines patched and as secure as possible is critical.
Some university administrations are concerned with protecting the rest of the Net from their students; others think that interferes too much with legitimate research. Some other poster commented that their university's policies are to be "open", but they block incoming Port 80 and Port 25 to student residence networks - meaning that students can't run their own web servers or mail servers, which is distinctly *not* openness.
The wget solution could be fun, if everybody did it, but it does have problems.
any spammer URLs contain a code that identifies your email address (and maybe the spammer), so the wget tells the spammer that they've got a valid email address for you. Sometimes it's encoded in the subdomain name, sometimes in the path, often in query contents.
Another is that these addresses are often redirects, so there might be queries to a simple redirector URL, which don't burn much bandwidth, that point to some free web site (or at least handle the images from the free web site) which does the heavy lifting. If the wget attack becomes popular, there'll be lots more of this, and spammers will play tricks to make it hard for the wget to automatically get the real site.
Many spammers also frequently put other people's valid URLs in their mail to fake legitimacy, e.g. URLs from E-Bay's news site or the Better Business Bureau or various anti-virus companies, in addition to having their own URL for the suckers to click.
It's dangerously bad. If email messages accurately identified where they came from, and if spammers didn't maliciously forge addresses of people they want to harass, and if spammers didn't usually abuse free email systems and free web pages or forge purely bogus sender addresses (usually also at free email systems), then that would be a fine idea. Many spammers also frequently put other people's valid URLs in their mail to fake legitimacy, e.g. URLs from E-Bay's news site or the Better Business Bureau or various anti-virus companies, in addition to having their own URL for the suckers to click.
Actually what he's reinvented is tagged email, either in the tagged-address format or tagged-subject format or not-written-clearly format. Lots of mail systems let you send mail to username+tag@domain.tld, or tag@username.domain.tld, and let the mail reader client sort or filter messages based on the tag. Most non-web clients aren't especially flexible about letting you generate a different tagged address when you send the mail, but some can do that.
That way you can use different addresses for mailing lists, orkut, random recipients, each Slashdot posting, etc., and blacklist addresses that get abused and/or only whitelist addresses you've sent people. There are some risks - the subdomain version occasionally gets hit by dictionary attacks, so you might receive 10 million messages on an occasional really bad day (this mainly happens if your subdomain doesn't run its own SMTP server that can milter it.)
Sounds like advertisers and probably the product's developers get to know every sentence we're reading... not ideal.
You almost don't *need* spyware with that kind of granularity, but my first reaction to "IE Toolbars" is always to ask "what spyware things does it do?" Some of them are really ugly stuff.
Might not be larceny / theft, because the person ripping them off doesn't even get to keep the money in most cases. Sure sounds like conspiracy, though.
Back when I worked for a supermarket company in New Jersey, anybody caught doing that would be dealing with the union - not just through grievance procedures, but far more *personally*. Especially if they messed with the butchers. And that doesn't even count the general belief that the supermarket company's trucking subsidiary was also a subsidiary of the Castellanos.
I had a co-op job in college doing industrial engineering for a supermarket company - lots of time&motion studies and warehouse design work. For most departments in a supermarket, the *benefits* of being manager for the department (e.g. bakery manager, butchers' manager) include a 48-hour week, which gets you paid for 52 hours given time-and-a-half for the 8 hours overtime. It's more time, and it's more money, and if the company tried to take it away from them there'd be massive unrest. Maybe not enough to get a strike, but certainly there'd be major increases in "shrinkage" and general breakage, and somehow 40-hour weeks would be getting 30-hour productivity. While you especially don't mess with the butchers, you also don't mess with the union - they're there to protect their people, and while I don't see unions making sense in most high-tech businesses, there are places that they do make sense.
According to the Wired article, Google plans to provide targeted ads based on the contents of your email. While they can probably find a way to preserve privacy while doing so, think about what 90% of your email is about. It's spam. So you'll mostly get targeted ads for Fake Herbal Viagra, Bogus Mortgages Deals, and Business Opportunities in Nigeria.
It's not actually that bad, if the advertising taglines are always only attached to the mail messages they correspond to - so you'll only see the Google ads for Fake Herbal Viagra if you open the Viagra spams, and you'll only see the Google ads for Nigerian Banking Services if you open the Nigerian scams, the ads for real pr0n sites if you open the pr0n spam, etc., while the email your mom sent you about replacing her old Windows machine with a Macintosh will get ads for Macs, crunchy red fruit, Dell, Microsoft products, glass cutters, and X10 cameras.
Sure, you've got great technology in Massachusetts, but you have to waste so much of it on snow removal. And in Texas you've got to waste it on Air Conditioning. I spent 20 years living in New Jersey where we had to do both. Sheesh, that was silly, in spite of how beautiful the place is.:-)
Of course, here in Silicon Valley, I pay more to heat my electrically-heated uninsulated condo in the winter than I paid to heat my house in New Jersey, but that has a lot to do with the building standards of the 1970s vs. the 1930s.
Imagine a Beowulf cluster of chatterbots.... No, maybe not.
So all these chatterbots are ranting at each other - Google just creates this new offer for free mail with 1GB mailboxes, and an hour and 20 minutes later, Slashdot posts an article describing how to fill them up quickly!
Disk drives are cheap - maybe not $0.50/GB yet, but getting close, and certainly under $1/GB for IDE or equivalent. Of course, you need to attach them to servers, which cost money, and do something RAID-like for individual disk redundancy, and journaling file systems, and assuming your business model requires that you not lose data, you need to mirror it somehow for backup purposes - either tape archives, or full mirrors, or RAIDs-of-RAIDs across some kind of storage network, or something. And you need electricity and HVAC and need human operators to manage the things, so divide the costs of the operation by the number of machines a sysadmin can support.
$2/GB sounds realistic, and sounds like it's in the range that advertising might be able to pay for, if there's any kind of profitable business model. Part of the key, of course, is that the average user won't using anything close to one gigabyte, at least not for a while, and disk drive costs keep dropping rapidly, so that may be $1 or $0.25 by the time the average user is really using a gigabyte. Also, depending on how they handle spam-filtering and mailbox indexing, they may not need to store more than one copy of each spam message:-)
Database servers and similar high-speed systems tend to prefer Storage Area Networks and 18GB 15000rpm SCSI drives instead of 200GB 7200rpm IDE drives, but you don't really need that for most of the storage in this kind of network - maybe for the core metadata and middle-level caches, but not the raw storage.
Yup. My Outlook mailbox is currently 986MB, mostly powerpoint/word/excel attachments, and that's _with_ archiving most of it to separate files (and CD-R) every quarter or so, which requires hacking it up into pieces under 700 MB. All in one big binary undocumented file. It's a dangerous and stupid mail storage approach.
Their PDF blurbs talk about the ozone question, and say that the stuff breaks down in about 5 days in sunlight and doesn't bother the ozone. It doesn't say exactly what happens to the Fluorine in the process, but it does say that it's much different from the hydrogen-fluorine-carbon compounds like Freons. From what I remember, the freons catalyze the breakdown of ozone; perhaps the breakdown products from this compound don't do that (e.g. maybe the fluorine atoms all end up as F2.)
There are IP-based blocklists, but there are also message-content-hashing systems like Vipul's Razor, DCC, etc. that block messages that are roughly identical to reported spam. If you're a good enough firewall hacker to build something that captures the message and feeds it to those services, you're probably already running your own email (:-), and of course your ISP's AUP almost certainly bans you from sending the spam, but it's an entertaining gedankenexperiment.
I don't mind that it's Clear Channel, though that's certainly worth a couple of extra Brownie(tm) points, but it's just way too bright.
It did have a dud pixel for a while, but they seem to have fixed it.
And yes, there's a level of quality that you can get from professionals, but don't think that "objectivity" means there isn't a lot of bias. I'm not talking about the US's "Liberal Media" that the right-wingers whine about - the actual media are radically biased towards the Establishment, and if you want to find some actual liberal media you need to listen to Pacifica Radio or read leftist web sites. National Public Radio is relatively liberal in its cultural content, except for an obvious bias in favor of music by Dead White Europeans, but if you look at its poilitical coverage, it's still basically believing that the government that funds it are a really good thing, even if there are occasional individuals it doesn't like.
Oh, and back to the reliability of P2P-distributed news, did you hear that thing about Bush's trouble with Duct Tape?
The standard solution to this problem is to have the password be the serial number for the box, which you can read off the tag on the back. That way, somebody who has physical access to the box can still crack it, but you can't just attack an arbitrary box from across the Internet, because the formula depends on something that a random cracker won't know. Another variation is to use the MAC address for the box, which can be gotten by other boxes on the LAN, but is still mostly safe. And many types of hardware only let you use the administrative login from a specific port, typically a serial console port or the LAN side of a firewall or something, or only let you use the administrative login within N minutes of rebooting the box.
Somebody else mentioned the option of having a unique password that's based on the serial number of the box, which you can only get by calling the manufacturer. That's useful for your paid-option problem as well, and you can either keep a database or have the formula be "hash the serial number with a password that only the manufacturer knows", implmemented in some cryptographically strong fashion. The customer will normally do the administratively correct thing, which is to write the password on a yellow sticky note and tape it to the top of the box.
One of the common network administration problems that software tools aren't very good at is finding where wires go when they're behind furniture or walls. Wires are pretty much like string, and my cats like to chase string, so I send them out to chase the wires, listen for the thumping noises, and see where the cat comes out. Doesn't work every time, and sometimes they'd rather chase mice than wires, but one of my cats really like chomping on RJ45 jacks, so if I suspect that a problem is related to an unplugged RJ45, he's the one for the job.
Legality's not very useful at stopping technical problems unless it's easy to implement technical implementations, which it's not here. Also, there are two or three different kinds of "forgery" which have radically different effects, and some confused legislators are in the midst of trying to write laws that presume incorrect semantics.
IBM isn't buying them to get Indians to answer phone calls for Americans who want to talk about IBM products - they want them answering questions about IBM's customers' products.
We've got full tanks of kerosine and Lox, half a pack of cigarettes, it's dark, and we're wearing spacesuits built by the lowest bidder. .... hit it! ....
Some university administrations are concerned with protecting the rest of the Net from their students; others think that interferes too much with legitimate research. Some other poster commented that their university's policies are to be "open", but they block incoming Port 80 and Port 25 to student residence networks - meaning that students can't run their own web servers or mail servers, which is distinctly *not* openness.
It's dangerously bad. If email messages accurately identified where they came from, and if spammers didn't maliciously forge addresses of people they want to harass, and if spammers didn't usually abuse free email systems and free web pages or forge purely bogus sender addresses (usually also at free email systems), then that would be a fine idea. Many spammers also frequently put other people's valid URLs in their mail to fake legitimacy, e.g. URLs from E-Bay's news site or the Better Business Bureau or various anti-virus companies, in addition to having their own URL for the suckers to click.
That way you can use different addresses for mailing lists, orkut, random recipients, each Slashdot posting, etc., and blacklist addresses that get abused and/or only whitelist addresses you've sent people. There are some risks - the subdomain version occasionally gets hit by dictionary attacks, so you might receive 10 million messages on an occasional really bad day (this mainly happens if your subdomain doesn't run its own SMTP server that can milter it.)
You almost don't *need* spyware with that kind of granularity, but my first reaction to "IE Toolbars" is always to ask "what spyware things does it do?" Some of them are really ugly stuff.
Web subscribers get traceroutes to 127.0.0.1.
Besides, the newsstand version has a shiny reflective front cover.
Back when I worked for a supermarket company in New Jersey, anybody caught doing that would be dealing with the union - not just through grievance procedures, but far more *personally*. Especially if they messed with the butchers. And that doesn't even count the general belief that the supermarket company's trucking subsidiary was also a subsidiary of the Castellanos.
I had a co-op job in college doing industrial engineering for a supermarket company - lots of time&motion studies and warehouse design work. For most departments in a supermarket, the *benefits* of being manager for the department (e.g. bakery manager, butchers' manager) include a 48-hour week, which gets you paid for 52 hours given time-and-a-half for the 8 hours overtime. It's more time, and it's more money, and if the company tried to take it away from them there'd be massive unrest. Maybe not enough to get a strike, but certainly there'd be major increases in "shrinkage" and general breakage, and somehow 40-hour weeks would be getting 30-hour productivity. While you especially don't mess with the butchers, you also don't mess with the union - they're there to protect their people, and while I don't see unions making sense in most high-tech businesses, there are places that they do make sense.
And a pony! But that just means that the new Google center will get Slashdotted.
It's not actually that bad, if the advertising taglines are always only attached to the mail messages they correspond to - so you'll only see the Google ads for Fake Herbal Viagra if you open the Viagra spams, and you'll only see the Google ads for Nigerian Banking Services if you open the Nigerian scams, the ads for real pr0n sites if you open the pr0n spam, etc., while the email your mom sent you about replacing her old Windows machine with a Macintosh will get ads for Macs, crunchy red fruit, Dell, Microsoft products, glass cutters, and X10 cameras.
Of course, here in Silicon Valley, I pay more to heat my electrically-heated uninsulated condo in the winter than I paid to heat my house in New Jersey, but that has a lot to do with the building standards of the 1970s vs. the 1930s.
So all these chatterbots are ranting at each other - Google just creates this new offer for free mail with 1GB mailboxes, and an hour and 20 minutes later, Slashdot posts an article describing how to fill them up quickly!
$2/GB sounds realistic, and sounds like it's in the range that advertising might be able to pay for, if there's any kind of profitable business model. Part of the key, of course, is that the average user won't using anything close to one gigabyte, at least not for a while, and disk drive costs keep dropping rapidly, so that may be $1 or $0.25 by the time the average user is really using a gigabyte. Also, depending on how they handle spam-filtering and mailbox indexing, they may not need to store more than one copy of each spam message :-)
Database servers and similar high-speed systems tend to prefer Storage Area Networks and 18GB 15000rpm SCSI drives instead of 200GB 7200rpm IDE drives, but you don't really need that for most of the storage in this kind of network - maybe for the core metadata and middle-level caches, but not the raw storage.
Yup. My Outlook mailbox is currently 986MB, mostly powerpoint/word/excel attachments, and that's _with_ archiving most of it to separate files (and CD-R) every quarter or so, which requires hacking it up into pieces under 700 MB. All in one big binary undocumented file. It's a dangerous and stupid mail storage approach.