Some Unix mail programs have the username+tag@domain feature, and I've seen some other mail systems that use a different character instead of "+". Another approach is to get a domain name or subdomain and a mailer that wildcards, so tag@yourdomain.com or tag@yourname.yourisp.net gets forwarded to you for whatever tag is used. Fastmail.fm provides automatic translation between tag@yourname.fastmail.fm and yourname+tag@fastmail.fm , at least for paid subscribers, which means you can give the name tag@yourname.fastmail.fm to your mother-in-law who just doesn't grok the "+" syntax, and to webforms that choke on plus.
Risks Some web forms choke on the "+". Some humans do too:-) Dictionary Spam can be very ugly if somebody spams millions of potential usernames at your subdomain (or your pseudo-subdomain at yourname.fastmail.fm, but they've got spam protection available which can kill those.)
Mitigations If you're running your own subdomain and your own inbound mail server, be sure that mail sent to more than a couple of bogus or honeypot addresses gets noted and either blocked or teergrubed at the envelope level.
ISPs don't actually have common carrier status, though they've got some protections under the ECPA and maybe other regulations, and there are special annoyances under the DMCA that may undo some of the earlier protections, or at least give an web service provider a strong incentive to cover their ass. On the other hand, serving web pages and hauling IP packets are much different activities, and a university could reasonably take a position that its job is hauling IP packets to dorm rooms and DNS packets to DNS servers, and providing some other services on university servers, but that contents of student-owned computers are the individual student's responsibility. If they feel quasi-legalistic, they could make it an honor code thing. (The one big catch is that in universities that don't block P2P entirely, it makes a huge amount of sense from a bandwidth conservation standpoint to provide some supernodes on campus, or pursue some similar localization-based approach so that students don't need to download more than one copy of a given file from outside, and similarly provide web caching which is less politically risky.)
A non-government-owned university _could_ decide to spin off its network services as a wholly-owned subsidiary, and treat it as an ISP or telco or both. On the other hand, they might need a good accounting department to do it successfully, because building wiring and phone closet space isn't the easiest thing to separate ownership of financially, or to price appropriately (either for buying or renting...)
It's so frustrating watching DARPA technology. They get to play with lots of cool stuff, but 90% of it's about killing people, making nuclear war more practical, or causing other kinds of evil and terrorism, and the rest of it's mostly about protecting soldiers (who are out doing those things) or else cleaning up the mess from nuclear and chemical weapons manufacturing.
On the other hand, they get to blow stuff up, use expensive computers, and build really cool networks....
I've met someone who bought "Free, just pay for shipping" business cards from an ad she saw on the internet. I assumed this was from a spam, since there was a lot of that going on then (3-4 years ago), though it's possible that it was a banner ad instead. I don't know whether those spams were also being used for identity theft, or only for selling names to other spammers and junk mailers.
One of my former customers is paranoid about cameras, and back when I supported them I usually carried a very small digital camera with me all the time, so I had to remember to check it with them at the door (along with registering the serial number of my laptop and PDA, etc.)
On the other hand, when I was meeting with them, I was meeting with them, so unless I was having lunch at their cafeteria before the meeting, I wouldn't be using a cell phone there anyway. So having to check a camera-phone at the front desk wouldn't be that much of a problem.
Besides, any information that fits on a 352x288 camera-phone picture I can remember in my head:-)
I no longer carry the camera in my briefcase, but that's mainly because my work laptop is running Win2000 in "you're not the administrator" mode, and there's some sort of driver problem that just doesn't like to talk USB to it...
My wife recently got a camera-equipped GSM phone (this is the US, so GSM isn't the default...) It turned out that the resolution was only 352x288, which is what the REALLY REALLY cheap CCD chips have supported for years, and it seems like most of the other camera phones available in the US were that resolution, not even 640x480. While that's good enough for a picture you're going to display on a cellphone or PDA screen, it's useless if you're going to upload to a computer. There were also other annoying things about the phone, so she returned it and got a smaller cheaper non-camera phone.
640x480 cameras have been under $100 since at least 1999 (when I bought my first one), and under $40 for over a year, and 1024x768 pocket-sized cameras with LCD screens are under $100 now, or credit-card-sized without LCDs. The 1999 Toshiba PDR-2(?) was about the size of my current cellphone, and I'd still be using it today if it had a lens cap to prevent scratches (sigh...), and my $40 SiPix is smaller than the smallest phone I've seen.
Both of those not only have space for the battery, but also cost and space for a processor and RAM and communications interfaces, all of which would be cheaper if they could piggyback on the cellphone's hardware.
The first $40 digital camera I bought a few years ago was either 352x288 or 320x240, and it was about enough for a thumbnail of a real picture (its thumbnails were 160x120). It was too lame to bother keeping (even as a present for my sister's 7-year-old kid.)
Unfortunately, it seems that the people who run my main email ISP seem to really like it.:-) There are some people who really always send email from the same set of servers, so it's ok for them to use RMX to indicate the fact, but for people who don't do that, it's likely to lead to lead to lost email.
Sometimes my laptop is at work and I want to send email from my home email account. So I tell Eudora to use the SMTP server at work and it works fine, but the mail gets sent from my company's DMZ outbound mail server, rather than from my ISP's outbound mail server. RMX would break that. Other times my laptop is at home, and I want to send email with my work IP address, but that's easy, because I use a VPN tunnel to connect to my office, so it gets sent from our usual email server. (Sometimes my laptop is at home on the VPN, and I want to send email from my home account - that case looks like I'm sending it from the office...)
Sure, I could use some lame webmail form at my ISP to send email from, but that's really annoying, especially if I'm replying to a message that I've received on my POP3 or IMAP email client rather than composing a new message.
While they decided not to implement this, and the message was only a draft (badly written, at that), it didn't affect inbound or outbound AT&T ISP mail. It only affected mail to AT&T employees and other addresses on AT&T's internal mail servers. If you're a business or consumer customer of AT&T internet service, it wouldn't have affected whether you could send or receive mail to other companies.
What it did was affect whether or not mail you sent to joe.random.employee@att.com got heavy spam filtering (on the mail servers that were getting pounded to death and might lose mail) or whether you got sent to one of the servers that did less spam filtering and wasn't getting pounded.
So even if a few spammers got themselves whitelisted, that wouldn't be a big problem because the filtering can handle them (plus they'd be coming from known IP addresses which could be blocked or de-whitelisted). But for some customers who are ISPs or email providers, it's a lot tougher to do the job right - they'd really want to
permit email from sysadmin@bigisp.example.net to wholesale-fiber-sales@att.com
deny forged email pretending to be from got.viagra@bigisp.example.net that really came from some hijacked Korean relay
do some filtering on email from joe-random-user@bigisp.example.net to random-employee@att.com
Oh, great. Now we not only have to put up with the RIAA, we'll have Archer Daniels Midland in our face as well:-) ADM is the politically-connected giant agribusiness conglomerate.
Skype appears to have done some interesting things. Unfortunately, they're not using open standards or even documented protocols, so there's no way to build or buy anything that interfaces with it except from them, as opposed to the SIP phones, which are components in a large and rapidly developing market of rich features.
It's not just that their source code isn't Free as in Beer or Free(tm) as in politically correct RMS-style speech, it's not even semi-Open as in "Source Available so you can read it and figure out what they're really doing".
For Crypto use, the closed source code and proprietary protocols render it Untrustable. They have some good buzzwords in their documentation, and they're using some good building blocks, but doing useful crypto means getting *all* the pieces correct and documenting them in a way that people who understand the technology and its weaknesses can verify that it's ok. For instance, it's really nice that they're using AES and 1536-2048-bit RSA, but are they generating random numbers for the keying competently? Are they using Diffie-Hellman or other Perfect Forward Secrecy techniques? Are they doing the padding correctly on RSA parameters? Are they reusing keps carelessly? Many other companies with better funding than Skype have screwed this up badly, including the entire GSM phone networks.
Skype says they've got really cool proprietary codecs because they didn't like what else was out there. Whether it really is cool or not, or whether it really is genuinely new (as opposed to some appropriate set of options for standard codec algorithms, probably at more than 8000 samples/second) is less important to me than the fact that since it's proprietary I can't build or buy anything compatible with it. That's pretty lame.
Their signalling and call setup algorithms are also proprietary and undocumented, which is also lame, although they may be interesting.
Their encryption is vaguely described, but since it's closed-source there's no way to evaluate it, which is super-lame.
I really really miss the Xerox PARC map system.... Lat/Long isn't always what you want, but it's really good to have a system that will always display it for the points you select, as well as letting you tell it what lat/long you want to display if you're trying to do something that needs that.
One of the most important features for me is being able to pick a big display size. Sure, it's nice that many of the map systems out there have the option to display on a 640x480 screen, but I want to be able to use the pixels I've got. Mapquest is pretty good about offering big or small maps, and Microsoft Expedia is really excellent, at least for displaying non-street maps of random parts of the world, which is the main time I use it.
I was trying to write up directions for a restaurant, and didn't remember if you could turn left off the Lawrence Expressway southbound onto Apollo. I pulled up the aerial photo, zoomed in, and no, there's no stoplight at that intersection and there's a street barrier in the middle.
Sometimes the photos aren't as useful - roofs don't tend to be very informative in dense areas - but sometimes they are, and sometimes they're just fun. The resolution's good enough to see cars on the street, though not usually to recognize them.
The problem is that the state is running alcohol distribution as a monopoly, and it's not competent at it, and it doesn't have competitors who can either do a better job or at least do a worse job but fail at different times. You'll also find that in most US states with state-run liquor monopolies that there's a limited selection of products available compared to the "regulated and corrupt but more flexible" oligopolies in states like Florida and the actual free markets like (well, not quite any of them, but many are close.) One of the fundamental reasons that the Soviet Union fell is that without a real market mechanism, they weren't able to make good economic decisions, because central planners never have adequate data or adequate competence.
This is somewhat of a California-centric perspective - we may have state-dominated incompetent quasi-monopolies for minor little things like electricity, but on important stuff like wine you've got a really wide choice. Now, that's also because we have the climate to do good winemaking, while most of Mississippi's is better for making liquor and various kinds of hooch (:-)
I always find it annoying when somebody puts out an announcement that Foobie Bletch 5.7 has been released, with an URL for the Big!! Announcement!! web site that says that the Personal Edition now supports the Skins and Graphics Accelerators that were introduced in Foobie Bletch Professional 5.1!! and an FAQ that tells you how to work around the popular bugs in the installer and Doesn't tell you what the bloody product does!
So The Maya Family of Products are a bunch of tools for video animation and special effects, and come in different flavors with different prices and feature sets. And as the parent article says, this one appears to be yet another set of features added to the personal edition.
He's Pining for the Fjords, in Roskilde
on
Is Bluetooth Dead?
·
· Score: 1
Harald Bluetooth? He's dead, man, I've seen his gravestone . It's in Roskilde Cathedral, next to the Roskilde Fjord in Denmark, about 30km west of Copenhagen. There's a really good Viking ship museum there as well.
But Harald, well, 'E's passed on! This parrot is no more! He has ceased to be! 'E's expired and gone to meet 'is maker! 'E's a stiff! Bereft of life, 'e rests in peace! If you hadn't nailed 'im to the perch 'e'd be pushing up the daisies! 'Is metabolic processes are now 'istory! 'E's off the twig! 'E's kicked the bucket, 'e's shuffled off 'is mortal coil, run down the curtain and joined the bleedin' choir invisibile!! THIS IS AN EX-pyrate.
The problem is that.com and.net aren't the only TLDs with evil wildcarding brokenness, just the latest and the only one to do so unilaterally without the responsible people discussing and setting policy first, and the patch didn't list quite all the TLDs that have official policies of wildcarding, just most of them. You can update it to add the others to the list, if you want, though that'll only help web browsing on port 80, and will cause you trouble if spammers try to forge mail from the other domains.
I'm not going to argue about whether BIND version N is buggy, insecure, hard to configure but easier to configure than sendmail, or an over-complicated sack of crap, but -
the reason we still use it after 15+ years is because its maintainers evidently DO have the will to maintain it, in spite of all the features that people keep wanting added, and the reason that 48 hours after Verisign broke the DNS system you could install a BIND patch is ALSO because its maintainers have the will and ability to fix it.
In an open-source open-protocol world, the reason to stop using a product like BIND is that either somebody writes a better product, or you get so fed up with it you write a better (or worse) replacement yourself, or you decide that it's so appallingly unfixably buggy that it's might be better to go back to using carrier pigeons to deliver/etc/hosts files on clay tablets than to keep using it. There are applications that are bad enough that you'd take the third approach, many of which come from Microsoft or Novell, and enough people took the second approach that you can be lazy and take the first approach if you want to. Most of the alternative solutions are good enough for 80-90% of the potential users, and some of the djb flame wars are either arguments from the other 10-20% of the people who need the extra capabilities or arguments about whether the DJB approach to licensing and doing everything his way justifies going back, if not to clay pigeons, at least to BIND.
The problem isn't the code, it's just data. The BIND patch had a list of top-level domains, like.museum, for which wildcarding is ok, and otherwise it blocks them. The problem is that Vixie missed some of the domains that do wildcarding - so just add the extra domains to the list. The patch works just fine, and seems to be stable. Furthermore, Vixie (who discussed this at a talk at Stanford as week or so ago) says that the patch *does* violate strict interpretation of DNS standards, whereas Verisign's Sitefinder doesn't violate the technical standards (just the policies), so the patch only provides a mechanism for implementing the feature but doesn't turn it on unless you explicitly tell it to.
As a secondary issue, there's the question of whether you *want* DNS wildcarding for those domains. If you don't, then even if the patch mistakenly blocks them, that's ok. One of the most serious problems with Verisign's DNS hack was that it's OK behaviour for web browsing on port 80, broken for browsing on other ports, but is almost never helpful for typoed email messages, is seriously broken wrong behaviour for spammer-forged email addresses, and for other protocols, is usually broken, sometimes very annoyingly broken. If you're using a web browser to check out http://nonexistent.museum, you get a friendly menu, but if you were trying to send email to curator@missspelllled.art.museum, instead of your email client telling you that the domain doesn't exist (which you'd then correct), it'll accept the email and then eventually give you a bouncegram, which is especially annoying if you were sending mail to more than one person. Do you get any better treatment from bob@misspellled.name ?
What's worse is spammers forging From: or SMTP envelope addresses from these TLDs, which was a problem that wasn't particularly obvious before Verisign's.com hack reminded everybody. Instead your email system detecting that MAIL FROM: is bogus and rejecting it, or accepting the message, or detecting that From: spammer@nonexistent.name is bogus and discarding it instead of delivering it to you, now you'll have to notice that yourself, if your email server and client are friendly enough to let you see the envelope headers.
If you didn't keep records, you can't pursue anything. And if you don't say the magic words "put me on your don't call list", it doesn't count either. In this case, they've offered you compensation, and it'll cost them much more than the $2 check or whatever your cell bill was to actually send you a check, and maybe you can bully them into also giving you a free subscription as well. If you really want to waste everybody's time, you could always subpoena their calling records.
In the future, the way you show that they called you is to ask them their name, company, phone number (if they've got one), and write it down, with date and time, and then ask to speak to their manager, and get their name and phone number, and if you don't know already, verify whether they're working for a telemarketing company or for the calling company directly. If it's not the first call from them, also get the name and phone number of their corporate legal department, and their company's main phone number, and get the manager to commit to putting you on their don't call list (after getting them to make a lame attempt to explain why they called you even though you've previously asked to be on their don't call list, which they'll do by saying that the previous person must have messed up.)
This game is all about Time, and Money, and Annoyance, and Fun. As George Gordon says, if you're not having fun doing this, you shouldn't be wasting your time. That's different from whether you're wasting _their_ time, and their time is money (yours might or might not be), so if you're having fun doing this, and it's not the first call from them, then of _course_ you want to call back their legal department in the daytime and discuss the fact that they called you back in spite of them saying they'd put you on the list.
They're obviously spending money per individual phone line to get close to that kind of spending, so it's probably Centrex, not a PBX. As long as either their building wiring can handle Ethernets (which most college campuses are doing these days) or else (for a bit more money) their building radio-interference levels can handle wireless of some sort, they can do VOIP.
Somebody else commented that this still takes real estate, power, management, maintenance, etc. Yes, it does, but a lot less than you'd think - a Cisco Call Manager is basically a fancy router, and if they're using IP phones on everybody's desk, the rest of it's all decentralized. If they're using Ethernets, the hardware IP phones can share a jack with a PC (or the softphones are just software on the PC), though of course they still have to maintain the ethernets, and if they're using 802.11, they'll have some extra access points to maintain. The phones aren't maintenance free, but they're just pieces of hardware - if one of them breaks, replace it with a new one and tell it your phone number and you're up and running again.
$4M up front vs. $500K/month? That's a good deal even short term, even though in fact they'll need to hire several people to manage the system, so their savings won't be the full $500K. Still pays off in a year.
The only way I can see for a typical university to have been spending half a million dollars a month was if they still had Centrex lines, with each phone served by the local phone company office. Figure $20/phone, that's about 25000 phones (probably fewer, because there's also long-distance charges, etc.) If you replace that with a PBX or equivalent, you'll save a lot of money on monthly charges, at the cost of upfront capital, and the big difference that VOIP makes is that IP PBXs are much cheaper than the older generations of PBXs. There are other things VOIP lets you do, such as using a long-distance service that accepts IP connections, but you could have done that from any PBX (typically adding some extra hardware), whereas Centrex service usually doesn't give you that choice - you've just got your choice of regular long-distance phone companies.
There are several different options - Hardware, Consumer-oriented Services, Business-oriented Services. Remember that the issue isn't just the software - you're connecting your network to the phone company's network, so somebody has to provide the actual physical connection. The protocols used are typically either H.323 (older), SIP (newer), or sometimes proprietary. Most of the services want to charge you money, but they're usually pretty cheap - particularly for international calling to Asia, where phone-company phone calls are typically still expensive. Expect about US$0.01 per minute, plus or minus a bit. And of course you'll probably need a broadband connection at home; some VOIP works over dialup, but it's pretty dodgy.
You sound a lot like a consumer (:-), so check out things like Net2Phone and Dialpad. But also check out Free World Dialup. Vonage is trying to replace your whole phone line, including local and inbound calls, rather than just skimming your outgoing long distance calls.
Consumer-oriented services typically want your credit card to set up an account, though there are other models. Business-oriented services usually have more interesting options for billing, accounting, grouping users together, incoming calls, etc. Hardware ranges from single-line frobs to 4-line PC boards to 24-line T1s to PBXs, etc. Check out www.openh323.org if you're interested.
Risks Some web forms choke on the "+". Some humans do too :-) Dictionary Spam can be very ugly if somebody spams millions of potential usernames at your subdomain (or your pseudo-subdomain at yourname.fastmail.fm, but they've got spam protection available which can kill those.)
Mitigations If you're running your own subdomain and your own inbound mail server, be sure that mail sent to more than a couple of bogus or honeypot addresses gets noted and either blocked or teergrubed at the envelope level.
A non-government-owned university _could_ decide to spin off its network services as a wholly-owned subsidiary, and treat it as an ISP or telco or both. On the other hand, they might need a good accounting department to do it successfully, because building wiring and phone closet space isn't the easiest thing to separate ownership of financially, or to price appropriately (either for buying or renting...)
sorry, I'll mod myself down now...
On the other hand, they get to blow stuff up, use expensive computers, and build really cool networks....
I've met someone who bought "Free, just pay for shipping" business cards from an ad she saw on the internet. I assumed this was from a spam, since there was a lot of that going on then (3-4 years ago), though it's possible that it was a banner ad instead. I don't know whether those spams were also being used for identity theft, or only for selling names to other spammers and junk mailers.
On the other hand, when I was meeting with them, I was meeting with them, so unless I was having lunch at their cafeteria before the meeting, I wouldn't be using a cell phone there anyway. So having to check a camera-phone at the front desk wouldn't be that much of a problem.
Besides, any information that fits on a 352x288 camera-phone picture I can remember in my head :-)
I no longer carry the camera in my briefcase, but that's mainly because my work laptop is running Win2000 in "you're not the administrator" mode, and there's some sort of driver problem that just doesn't like to talk USB to it...
640x480 cameras have been under $100 since at least 1999 (when I bought my first one), and under $40 for over a year, and 1024x768 pocket-sized cameras with LCD screens are under $100 now, or credit-card-sized without LCDs. The 1999 Toshiba PDR-2(?) was about the size of my current cellphone, and I'd still be using it today if it had a lens cap to prevent scratches (sigh...), and my $40 SiPix is smaller than the smallest phone I've seen.
Both of those not only have space for the battery, but also cost and space for a processor and RAM and communications interfaces, all of which would be cheaper if they could piggyback on the cellphone's hardware.
The first $40 digital camera I bought a few years ago was either 352x288 or 320x240, and it was about enough for a thumbnail of a real picture (its thumbnails were 160x120). It was too lame to bother keeping (even as a present for my sister's 7-year-old kid.)
Sometimes my laptop is at work and I want to send email from my home email account. So I tell Eudora to use the SMTP server at work and it works fine, but the mail gets sent from my company's DMZ outbound mail server, rather than from my ISP's outbound mail server. RMX would break that. Other times my laptop is at home, and I want to send email with my work IP address, but that's easy, because I use a VPN tunnel to connect to my office, so it gets sent from our usual email server. (Sometimes my laptop is at home on the VPN, and I want to send email from my home account - that case looks like I'm sending it from the office...)
Sure, I could use some lame webmail form at my ISP to send email from, but that's really annoying, especially if I'm replying to a message that I've received on my POP3 or IMAP email client rather than composing a new message.
What it did was affect whether or not mail you sent to joe.random.employee@att.com got heavy spam filtering (on the mail servers that were getting pounded to death and might lose mail) or whether you got sent to one of the servers that did less spam filtering and wasn't getting pounded.
So even if a few spammers got themselves whitelisted, that wouldn't be a big problem because the filtering can handle them (plus they'd be coming from known IP addresses which could be blocked or de-whitelisted). But for some customers who are ISPs or email providers, it's a lot tougher to do the job right - they'd really want to
- permit email from sysadmin@bigisp.example.net to wholesale-fiber-sales@att.com
- deny forged email pretending to be from got.viagra@bigisp.example.net that really came from some hijacked Korean relay
- do some filtering on email from joe-random-user@bigisp.example.net to random-employee@att.com
and it's hard to do that really well.Oh, great. Now we not only have to put up with the RIAA, we'll have Archer Daniels Midland in our face as well :-) ADM is the politically-connected giant agribusiness conglomerate.
It's not just that their source code isn't Free as in Beer or Free(tm) as in politically correct RMS-style speech, it's not even semi-Open as in "Source Available so you can read it and figure out what they're really doing".
For Crypto use, the closed source code and proprietary protocols render it Untrustable. They have some good buzzwords in their documentation, and they're using some good building blocks, but doing useful crypto means getting *all* the pieces correct and documenting them in a way that people who understand the technology and its weaknesses can verify that it's ok. For instance, it's really nice that they're using AES and 1536-2048-bit RSA, but are they generating random numbers for the keying competently? Are they using Diffie-Hellman or other Perfect Forward Secrecy techniques? Are they doing the padding correctly on RSA parameters? Are they reusing keps carelessly? Many other companies with better funding than Skype have screwed this up badly, including the entire GSM phone networks.
Their signalling and call setup algorithms are also proprietary and undocumented, which is also lame, although they may be interesting.
Their encryption is vaguely described, but since it's closed-source there's no way to evaluate it, which is super-lame.
One of the most important features for me is being able to pick a big display size. Sure, it's nice that many of the map systems out there have the option to display on a 640x480 screen, but I want to be able to use the pixels I've got. Mapquest is pretty good about offering big or small maps, and Microsoft Expedia is really excellent, at least for displaying non-street maps of random parts of the world, which is the main time I use it.
Sometimes the photos aren't as useful - roofs don't tend to be very informative in dense areas - but sometimes they are, and sometimes they're just fun. The resolution's good enough to see cars on the street, though not usually to recognize them.
This is somewhat of a California-centric perspective - we may have state-dominated incompetent quasi-monopolies for minor little things like electricity, but on important stuff like wine you've got a really wide choice. Now, that's also because we have the climate to do good winemaking, while most of Mississippi's is better for making liquor and various kinds of hooch (:-)
So The Maya Family of Products are a bunch of tools for video animation and special effects, and come in different flavors with different prices and feature sets. And as the parent article says, this one appears to be yet another set of features added to the personal edition.
But Harald, well, 'E's passed on! This parrot is no more! He has ceased to be! 'E's expired and gone to meet 'is maker! 'E's a stiff! Bereft of life, 'e rests in peace! If you hadn't nailed 'im to the perch 'e'd be pushing up the daisies! 'Is metabolic processes are now 'istory! 'E's off the twig! 'E's kicked the bucket, 'e's shuffled off 'is mortal coil, run down the curtain and joined the bleedin' choir invisibile!! THIS IS AN EX-pyrate.
The problem is that .com and .net aren't the only TLDs with evil wildcarding brokenness, just the latest and the only one to do so unilaterally without the responsible people discussing and setting policy first, and the patch didn't list quite all the TLDs that have official policies of wildcarding, just most of them. You can update it to add the others to the list, if you want, though that'll only help web browsing on port 80, and will cause you trouble if spammers try to forge mail from the other domains.
the reason we still use it after 15+ years is because its maintainers evidently DO have the will to maintain it, in spite of all the features that people keep wanting added, and the reason that 48 hours after Verisign broke the DNS system you could install a BIND patch is ALSO because its maintainers have the will and ability to fix it.
In an open-source open-protocol world, the reason to stop using a product like BIND is that either somebody writes a better product, or you get so fed up with it you write a better (or worse) replacement yourself, or you decide that it's so appallingly unfixably buggy that it's might be better to go back to using carrier pigeons to deliver /etc/hosts files on clay tablets than to keep using it. There are applications that are bad enough that you'd take the third approach, many of which come from Microsoft or Novell, and enough people took the second approach that you can be lazy and take the first approach if you want to. Most of the alternative solutions are good enough for 80-90% of the potential users, and some of the djb flame wars are either arguments from the other 10-20% of the people who need the extra capabilities or arguments about whether the DJB approach to licensing and doing everything his way justifies going back, if not to clay pigeons, at least to BIND.
As a secondary issue, there's the question of whether you *want* DNS wildcarding for those domains. If you don't, then even if the patch mistakenly blocks them, that's ok. One of the most serious problems with Verisign's DNS hack was that it's OK behaviour for web browsing on port 80, broken for browsing on other ports, but is almost never helpful for typoed email messages, is seriously broken wrong behaviour for spammer-forged email addresses, and for other protocols, is usually broken, sometimes very annoyingly broken. If you're using a web browser to check out http://nonexistent.museum, you get a friendly menu, but if you were trying to send email to curator@missspelllled.art.museum, instead of your email client telling you that the domain doesn't exist (which you'd then correct), it'll accept the email and then eventually give you a bouncegram, which is especially annoying if you were sending mail to more than one person. Do you get any better treatment from bob@misspellled.name ?
What's worse is spammers forging From: or SMTP envelope addresses from these TLDs, which was a problem that wasn't particularly obvious before Verisign's .com hack reminded everybody. Instead your email system detecting that MAIL FROM: is bogus and rejecting it, or accepting the message, or detecting that From: spammer@nonexistent.name is bogus and discarding it instead of delivering it to you, now you'll have to notice that yourself, if your email server and client are friendly enough to let you see the envelope headers.
In the future, the way you show that they called you is to ask them their name, company, phone number (if they've got one), and write it down, with date and time, and then ask to speak to their manager, and get their name and phone number, and if you don't know already, verify whether they're working for a telemarketing company or for the calling company directly. If it's not the first call from them, also get the name and phone number of their corporate legal department, and their company's main phone number, and get the manager to commit to putting you on their don't call list (after getting them to make a lame attempt to explain why they called you even though you've previously asked to be on their don't call list, which they'll do by saying that the previous person must have messed up.)
This game is all about Time, and Money, and Annoyance, and Fun. As George Gordon says, if you're not having fun doing this, you shouldn't be wasting your time. That's different from whether you're wasting _their_ time, and their time is money (yours might or might not be), so if you're having fun doing this, and it's not the first call from them, then of _course_ you want to call back their legal department in the daytime and discuss the fact that they called you back in spite of them saying they'd put you on the list.
Somebody else commented that this still takes real estate, power, management, maintenance, etc. Yes, it does, but a lot less than you'd think - a Cisco Call Manager is basically a fancy router, and if they're using IP phones on everybody's desk, the rest of it's all decentralized. If they're using Ethernets, the hardware IP phones can share a jack with a PC (or the softphones are just software on the PC), though of course they still have to maintain the ethernets, and if they're using 802.11, they'll have some extra access points to maintain. The phones aren't maintenance free, but they're just pieces of hardware - if one of them breaks, replace it with a new one and tell it your phone number and you're up and running again.
$4M up front vs. $500K/month? That's a good deal even short term, even though in fact they'll need to hire several people to manage the system, so their savings won't be the full $500K. Still pays off in a year.
The only way I can see for a typical university to have been spending half a million dollars a month was if they still had Centrex lines, with each phone served by the local phone company office. Figure $20/phone, that's about 25000 phones (probably fewer, because there's also long-distance charges, etc.) If you replace that with a PBX or equivalent, you'll save a lot of money on monthly charges, at the cost of upfront capital, and the big difference that VOIP makes is that IP PBXs are much cheaper than the older generations of PBXs. There are other things VOIP lets you do, such as using a long-distance service that accepts IP connections, but you could have done that from any PBX (typically adding some extra hardware), whereas Centrex service usually doesn't give you that choice - you've just got your choice of regular long-distance phone companies.
You sound a lot like a consumer (:-), so check out things like Net2Phone and Dialpad. But also check out Free World Dialup. Vonage is trying to replace your whole phone line, including local and inbound calls, rather than just skimming your outgoing long distance calls.
Consumer-oriented services typically want your credit card to set up an account, though there are other models. Business-oriented services usually have more interesting options for billing, accounting, grouping users together, incoming calls, etc. Hardware ranges from single-line frobs to 4-line PC boards to 24-line T1s to PBXs, etc. Check out www.openh323.org if you're interested.