That's not an IP address, it's a domain name, though those are of course forgeable. You can't really forge the IP address in a TCP connection except by using NAT or proxy connections, because the three-way handshake that sets up the call implicitly validates the address. (You can forge it easily in the forged-SYN denial of service attacks, because those don't set up real connections, and while a sufficiently good sequence number predictor with eavesdropping capabilities could forge a TCP connection, that's a seriously-deep-cracker attack, not a spammer attack.)
But that one still pretty much follows my contention that you can't really validate it - you can check against a known-spammers blackhole list, but that doesn't help you with unknown IP addresses, and if you block everything from dial, dsl, and cable modem, you're blocking people running real Linux mailers at home...
All kidding about nuclear weaponry aside, the technical community does have a range of things we can do for vigilante action against spammers, some of which are legal, but not necessarily in good taste, and some of which are covered by various computer crime laws. How do you feel about amending computer crime laws to permit vigilante-ism against spammers? Safe? Unsafe? Totally stupid and an offense to the community? Tempting but no thanks? Too much risk of joe jobs? All/none of the above?
Some examples are the usual DDOSs, using cracker tools and rootkits on their email or web servers, poisoning their DNS caches so all their future email goes to 127.0.0.1, etc. A calmer example is to modify your DNS so any email you receive from an open-relay site (or for one of your trap addresses) gets the address of another open-relay site, so they can spend the time sending spam to each other instead of to you, but that's not quite vigilanteism.
In some sense that's already happened - spammers using HTML mail often set it to download images from their sites in ways that let them know you've opened their messages. Some email clients make it easy to turn this on and off or make it clickable per message, but many aren't that flexible. So they're sending you 5KB of message, and letting your mail system download the dancing animated image if they succeeded in getting you to look past the Subject: line.
It's easy to develop lots of protocols to replace SMTP as a mail delivery protocol, that move different amounts of work and control back and forth between sender and intermediaries and recipient. The question is how to do the social engineering to get them adopted - what do you think we'd have to offer, and do, to get people to change, and to make transitions tolerable?
Some obvious approaches, like most of the postage-required-for-delivery or pay-me-to-read-your-mail-with-optional-refund things will discourage and annoy many of the people you might want actually to receive email from from bothering to contact you, so you'd probably end up with some backdoor anyway, because otherwise you're killing off conversations with interesting people and potential business opportunities.
Some of the other systems, like hashcash or turing-gif widgets, may be more acceptable to senders, but not easy to adapt to the mail clients that many people use, so you've either got to find a way to make a technical transition easy (e.g. mail servers that send cookies you need to reply with), or else convince lots of people to "upgrade" their mail clients (e.g. get Microsoft to put it in Outlook.) Any ideas on getting those adopted?
If spammers need to use genuine usable From: addresses to get you to accept their mail, they'll find a way to do it, and it's easier for big commercial spammers to adapt than little guys. The reason they don't do it now is economics - it cuts down on the number of complaints their ISPs get and makes most of the bouncegrams go away (since more of them _know_ that the lists of 9 billion validated double-opt-in spam-free email addresses they've bought aren't highly accurate.)
Also, unlike Barry, who has an ISP's concerns about mail volume and customer complaints, the real problem that spam causes end-users is that it wastes their time. Having to spend _your_ time deciding whether a name and address are worth your time before they can tell you what they want isn't very useful; if it included a Subject: line, you'd have an easier time guessing, though lots of spam tries to look like Subject: lines the recipient might be interested in. And if you're going to accept Subject: lines, most POP and IMAP mail readers have a download-headers option, though they don't all have a quick killfile command.
What does "IP addresses in email headers that are valid" mean? Email headers don't have IP addresses in them except for Received: headers added by recipients and forwarders, though many ISPs' mail transfer agents tag their customers' outgoing mail headers with identifications of the customer's name or address or something. And normally there's very little correlation between the IP address used to deliver email to a recipient's SMTP server and the domain name of the sender - smaller senders are typically using their ISPs' mail relays, and larger senders have their own IP address space, but may run many domain names, and those domain names can be hosted from many IP networks. In my case, neither pobox.com (which is my mail receiving forwarder ISP) or idiom.com (which is where my shell account and web page live) are related to either my DSL or my home or work or on-the-road dial ISPs, though if I use my DSL provider's outgoing SMTP relay, it does tag it with something that looks vaguely like my main email address (though it's not done correctly:-).
A _receiving_ SMTP server can tag incoming messages with the IP address that's sending them to it, and that often has some semblence of correctness (except when NAT and firewalls and abused relays or proxies obscure the real address), but that doesn't often tell you the real user, especially if anti-spam blocking policies set by ISPs force mail to go through their servers instead of coming directly from the recipient. Those policies also mean that aggressive anti-spammers who want to DOS or DDOS spammers can't attack the individual miscreant, only the spammers' ISPs, who are much more likely to get the anti-spammers kicked off _their_ accounts as well as more likely to have enough resources that they're harder to DOS or root.
Anyway, they're no help for several of the classic spammer cases - Disposable $20/month dialup accounts, freemail accounts set up by bots, badly administered open proxies or mail relays, mail servers behind firewalls, fake freemail servers run by spamhauses who are obsequiously willing to delete the accounts of their naughty users, etc. If everybody who handles a message does a good enough job of marking it, there's some chance of tracking down users a bit, but badly administered relays/proxies are inherently not good at this (that's why we call them "badly administered") and relay-abusing spammers can just respond by forging "From:" addresses with correct domain names for the relay machines they're abusing, e.g. random-user@someschool.edu.kr or QuakeMonster@homepc456.network23.dsl-provider.seou l.net.kr.
If you Google for "spammer murdered Jersey", you'll find references to two spammers getting killed in New Jersey in 1999. The articles in CNN.com and the New York Times have both expired, but perhaps creative archive searching can relocate them.
IIRC, there was some issue involving a pump&dump stock scam and Russian mafiosi, but I don't remember if the Russians were the spammers, the suspected killers, the potential scamees who decided to put a contract on the spammers, or some/all of the above.
Barry has commented that he no longer cares about false positives, and several of his users or ex-users have disagreed. How much of this can be resolved by building good bouncegram protocols for false positives, e.g. the mail system returns an error message to the sender with some kind of Turing-test cookie that a human can use to re-try sending but a bot can't?
Some systems reject connection attempts from suspected Bad Guys wholesale without even a reject message; this is especially bad when the mail is from an innocent user who's been caught by collateral damage from an enthusiastic blacklist.
Some systems reject messages from blacklisted systems but include an explanation in their 550/etc messages. This means that if you're a real user caught by collateral damage (or if you're a real user of an ISP that also sells to spammers), you'll know, and can complain to your ISP, which is supposed to be the point of collateral-damage blocking.
Few if any systems give an alternate reply method, other than "try again with a different ISP.", e.g. use a Hotmail account to resend with. Annoying, but at least it's some way for a human to reply to a human.
Unix email reliability want WAY up when the HoneyDanBer UUCP system made a serious attempt to always send bouncegrams; previous UUCP systems sometimes tried and sometimes didn't, and for business use, you really need decent reliability.
I have to disagree with your assertion that spam is NEVER for legitimate products - while a large amount of spam certainly is for bogus products, or bogus scams selling real products, whether that's imitation Viagra or real Viagra or penis enlargers or Nigerian bank accounts or spamware, a lot of spam really is for real products that they really deliver.
OK, so 99% of that is Pr0n, but for most of those sites, they really exist, and they'll really take your money and give you pr0n, and if you like the quality of what they're selling compared to free pr0n, well, you've kept the spammers in business selling spamming services to the pr0n industry, and you may end up with your computer getting viruses from it just as *you* would have gotten strange diseases had you dealt with most of their "artists" in person. It's not like Tiffany and her girlfriends really wanted to talk to you in person, except for $3.99/minute, but she'll be happy to sell you pictures as well as showing you banner ads for other sites that will pay _them_ if you click through.
It's Geek Chic to like Google because they do a really excellent job - if somebody else does an even better one, or Google starts to do a bad job, we'll change search engines. I've tried a couple of the alternatives - NorthernLights was pretty good for a while, but their business model failed them, and Teoma got good buzz but I wasn't impressed with the results, which may have been from not searching enough pages rather than from less exciting algorithms.
There have been various attempts by Fundamentally Clueless People to try to get Google regulated by Somebody, Anybody, Especially the Government, preferably by the FTC (because Google is alleged to be essentially a public utility) or at least to get the Ralph Nader folks turned on to Google-Bashing. After all, if Google claims to try to rank the most interesting and relevant topics high in its list, and you're not one of them, that's Just Not Fair!, and at least some arguments from Brandt or people like him want the government to force Google to rank things fairly. Well, duh!The reason everybody uses Google instead of some of its competitors is *precisely* because it usually does a really good job of finding the things everybody is looking for, as opposed to Displaying items 1-10 of the 13122319084324 web pages matching your search in no particularly useful order, and covers a reasonable fraction of the material on the web. The beauty of open technologies like the web is that if you don't like the pagerank, you can go make one of your own; instead of convincing the government Google to change its search order to work the way you want it to, you can just as well run your own search engine or convince your favorite Feds to run their own Politically Correct Search Engine. Meanwhile, if they mess up Google too badly, we'll have to go find something else anyway, and if some liberal-intentioned luser convinces the Feds to mess up all the US search engines, we'll use one from somewhere else, but that's degrading the value of Google for the whole world community, while running your own competitor engine is potentially very valuable to the world (if you're good at it, either as a standalone site or an additional-searches site), or at least neutral.
An entirely different attempt to control Google was the Search King lawsuit. (Slashdot story, LawMeme article.) Unlike Brandt, who's a clueless whiny-liberal type who knows fairness better than you do, Search King was merely greedy, a parasite that tries to sell people a service of improving their Google ranking and then whined because Google downrates sites that try to manipulate their rankings so that their boring pages show up before more genuinely interesting pages. (Of course, Google _will_ be happy to provide you a sponsored-listing ad entry if you pay them, but those are at least visually distinguishable.)
Overture's search engine has sponsored links and regular links, though they mix them in a bit more than Google does. Link sponsors bid on how much they're willing to pay per click-through, and the sponsored links get sorted by high bid. (And with Overture, the last time I checked, they had a policy that the three highest bidders for a set of keywords get sponsored as advertising on Google searches for the same keywords.) Various people have commmented that this can be used to bash spammers. Go search for bulk email or some similar spammer-advertising phrase, and check out how much they're paying - typically the top couple bidders for that term are in the $2-5 range, though I've occasionally seen it as high as $15 (presumably a badly automated bidding war?), and the next dozen are usually $1 or more. So open a new Mozilla session, open the top few dozen sponsored links in new tabs, reject cookies from the spammers, let it download for a while to be sure they're all there, and then kill off the window. Then go back in to Mozilla and kill off the cookies you've gotten from overture, since they do have various anti-abuse protections to keep people from hacking the searching mechanisms (e.g. to discourage people from using this to bash their customers....) I don't know if they also track IP addresses, but you can be creative. Also check them out using Google.
Sure, the people who first bombed the World Trade Center in 1993 got their FBI infiltrator to help make their bomb, but not everybody's that organized. It's especially useful for catching amateur wanabee terrorists or other kooks - if the Shoe Bomber really was a wanabee terrorist and not world's dumbest-looking government plant, but was somehow financially competent enough to be able to keep a credit card, then some of this TIA Big Brother stuff might actually catch some of them, as well as harassing lots of innocent people.
But it's much more useful than that - if they're able to collect all that information, they can correlate it with people who give money to the Green Party or peace groups or environmental groups (some of whom are already on the TSA's not-allowed-to-fly lists because of their political incorrectness.) Also, the increased "information sharing" between the US civilian police agencies, spook agencies, and military, plus the redefinitions of lots of forms of vice as "national security" issues means that they can use those hotel bills from Humboldt County, California to decide to give your luggage a lot of extra attention when you're flying back from Amsterdam, or ask the Internal Revenue Service to check out your tax returns after that trip to Las Vegas just in case you might have been "money laundering" or passing some cash to that suspicious Penn fellow.
Hey, get it straight - we're not ordering vegan airline meals because we're deranged; we're grouchy *because* of the vegan airline meals!
Actually, I tended to order vegetarian airline meals even back when I was carnivorous; they usually were better-tasting and not as heavy, and you can get just as deranged from having to eat meat-based airline meals, which also tend to come with squushy bread-like things as opposed to the styrofoam rice cakes that vegies get.
Many hardware development environments have a somewhat pricy development box with lots of software tools, debugging ports, every interface the system could support, etc. which you can use to prototype and develop your real application, which is some embedded thing that might cost $5 or $50 or $5000 depending on what it it? So how much does one of these things cost for a typical deployed environment, e.g. a PCI board or a one of a bunch of chips on a graphics board? Does it go on a $500 board, or is $5000 realistic? (Makes a lot of difference if you want to build a Beowulf cluster of them....)
Two problems with what you said (not with your conclusion; I agree that juries are probably not useful here.)
Common-law juries have always had the power to judge the law as well as the facts. This is mainly relevant in criminal cases or other cases of government-vs-individual, e.g. fugitive slave law cases, or that medical marijuana case in Oakland last week, where the judge wouldn't let the defendant's lawyer tell the jury that this was a medical marijuana case because they'd vote not guilty. But it's still present in civil cases, and is often directly relevant in determining damage awards.
The more relevant disagreement is that questions of fact are seriously relevant in patent cases. Does the plaintiff's patent really cover the defendant's product/process? Was the plaintiff's patent actually new and non-obvious, and are the parts of the patent claims that apply to the defendant's product/process the parts that _are_ new and non-obvious, or are they just the boilerplate, warmup or cooldown parts surrounding the heavy work? Patent claims are normally written in broad, obfuscated language, trying to very specifically cover what's actually true and unique about their product, but not in any way that somebody can reproduce, while implying that everything in the world might be covered.
Juries (and judges) are often _not_ technical enough to evaluate some of the subtleties, so they end up having to rely on expert witnesses a lot, but there's the problem of deciding which side's expert witnesses are more believable. And business method patents are much more accessible to juries' knowledge levels than technology patents - even if you don't know how to write dynamic HTML, you can still evaluate whether "1. Put your brochureware on the INTERNET. 2. Check your email for orders from customers. 3. PROFIT!!" is a novel enough concept to deserve a patent.
Aside from the spammers who are too incompetent to provide a useful return address if you _want_ their products (you'd be surprised), there are lots who are good at adding deniability. The "Great tip on this stock" is always popular, and the encouragements to check out web pages that can easily be on non-US servers, or the ones that pretend they're telling somebody else about this hot new web site they saw or whatever.
And then of course there are the Nigerian spammers.
Happened to me as well - the front page of Slashdot was showing it with no comments under it (wow, FP when I've actually got something to say:-), and when it accepted my posting the page said ~192, but then the front page and the item page both showed nothing there. I guess it was one of those Bad Slashdot Days, but stuff's here now.
There are so many things that can go wrong with a list like that if you don't implement it carefully. First of all, it'll be downloaded by Korean-proxy-abusing spammers and spammed anyway, from outside the states' jurisdictions. ("Buy Our Spam Prevention Software Now!") And SPAMMERS ALWAYS LIE. You'll start seeing spam about "This Email Isn't Spam, and by not using the State Spam-Blocking-List, you've given us permission to contact you about our AmAAAAZING Spam-Free Offers!"
Second, if you don't verify the information carefully, at minimum with double-opt-in and some kind of Turing test (e.g."type the number from the gif into this box"), there'll be all sorts of abuse, signing up people who don't want to be there, automated h4X0r b0ts trying to kill everybody in the state, random crap like that. Do you trust your average state government to implement something like that right? (If you answered "yes", and live in California or New Jersey, you obviously don't bother reading headlines about state government computer project debacles, and if you live somewhere else, your local government is just as stupid by I haven't been paying attention to them:-)
Third, there are ways to provide some privacy protection while still maintaining a blocking list. For instance, instead of keeping a database of addresses that pass the double-opt-in test, publish a list of harder-to-abuse hashes of the addresses:
Salt, Hash(emailaddress, salt)
Fourth, this doesn't always mix well with newer tagged-format addresses ("username+tag1@example.com") or domain or subdomain addresses ("anything@mydomain-example.com" or "anything@username.fastmail.fm") unless the rules are tediously explicit and accurate for how to use them. These kinds of addresses let you give every recipient a unique address, which your email programs can filter on to discard stuff that's obviously abuse and sort stuff that's from real people.
All sorts of people who don't understand the web or the Internet keep trying to get rules made or bring lawsuits or abuse the DMCA in novel ways because they don't like how their data is being used. In most cases, this is way out of line (as opposed to mildly out of line) because they can simply set their web server not to respond to requests they don't like.
A classic instance is the "deep linking" cases, where somebody doesn't want to let you see their deep pages except by coming through their front page. Rather than taking this to court, as several content providers have done, and beat up on users one at a time, it's much simpler to check the HTTP-REFERER to find out what page the request came from, and send an appropriate response page to any request that doesn't come from one of their other pages. (Whether that's a 404 or a redirect to the front page or a login screen or whatever depends on the circumstances.)
Screen scapers are an interesting case for a couple of reasons. One of them is that blind people often use them to feed text-to-speech browsers, so banning them is Extremely Politically Incorrect, as well as rude and stupid. Another is that anybody with a Print-Screen program on their PC can screen-scrape - you're only affecting whether they get ugly bitmaps or friendlier HTML objects. So you not only have to ban custom-tailored CPAN objects, you have to get Microsoft and Linus to break the screen-grabbers in their operating systems.
The related question "ok, so how *do* I detect and block http requests I don't like?" is left as an exercise to the blocker (and to the people who build workarounds to the blocks, and the people who also block those workarounds, etc...) The classic answers are things like cookies (widely supported "need the cookie to see the page" features seem to be available), ugly URLs that are either time-decaying or dependent on the requester's IP address, etc., or just checking the browser to see which lies it's telling about what kind of browser it is. There's also the robots.txt convention for politely requesting robots to stay away, and Spider traps to hand entertaining things to impolite robots or overly curious humans.
The Bush Administration would like to spend $200-300B for Gulf War 2. If we spent the money educated a few million scientists, they'd have the ability to do a huge amount of good for society, which won't happen if we spend the money taking people away from productive jobs to bomb other people, or turn a good chunk of US factory production into making missile and tank engines instead of car and Cessna engines. That doesn't even begin to count the costs of the destruction done to Iraq during Gulf War 1.0, or the ~200,000 people killed directly during that part (that was the US government estimate), or the ~500K-2M people who died during the decade of Gulf War 1.1 (UN estimates), mainly from bad water (because we bombed their water systems) or starvation (because the destruction further trashed their economy, as well as killing off a lot of productive people, and because the embargo prevented them from getting medicine or imported food or water system repair parts.
I'd rather have privately-built space stuff, but even blowing the $100B on the space station or a really great fireworks show would be better than blowing it on a war. And if we don't buy college educations for a million or two scientists, we can just as well buy college educations for a million or two liberal arts students so we'll get better literature or at least better-written computer manuals and television shows...
If it's a file server you use much, it's nice to have it on a UPS. (Also, if it's a DNS server or DHCP server, you really want it on a UPS as well.) For a low-end device, laptop-style batteries are fine.
But that one still pretty much follows my contention that you can't really validate it - you can check against a known-spammers blackhole list, but that doesn't help you with unknown IP addresses, and if you block everything from dial, dsl, and cable modem, you're blocking people running real Linux mailers at home...
Some examples are the usual DDOSs, using cracker tools and rootkits on their email or web servers, poisoning their DNS caches so all their future email goes to 127.0.0.1, etc. A calmer example is to modify your DNS so any email you receive from an open-relay site (or for one of your trap addresses) gets the address of another open-relay site, so they can spend the time sending spam to each other instead of to you, but that's not quite vigilanteism.
In some sense that's already happened - spammers using HTML mail often set it to download images from their sites in ways that let them know you've opened their messages. Some email clients make it easy to turn this on and off or make it clickable per message, but many aren't that flexible. So they're sending you 5KB of message, and letting your mail system download the dancing animated image if they succeeded in getting you to look past the Subject: line.
Some obvious approaches, like most of the postage-required-for-delivery or pay-me-to-read-your-mail-with-optional-refund things will discourage and annoy many of the people you might want actually to receive email from from bothering to contact you, so you'd probably end up with some backdoor anyway, because otherwise you're killing off conversations with interesting people and potential business opportunities.
Some of the other systems, like hashcash or turing-gif widgets, may be more acceptable to senders, but not easy to adapt to the mail clients that many people use, so you've either got to find a way to make a technical transition easy (e.g. mail servers that send cookies you need to reply with), or else convince lots of people to "upgrade" their mail clients (e.g. get Microsoft to put it in Outlook.) Any ideas on getting those adopted?
Also, unlike Barry, who has an ISP's concerns about mail volume and customer complaints, the real problem that spam causes end-users is that it wastes their time. Having to spend _your_ time deciding whether a name and address are worth your time before they can tell you what they want isn't very useful; if it included a Subject: line, you'd have an easier time guessing, though lots of spam tries to look like Subject: lines the recipient might be interested in. And if you're going to accept Subject: lines, most POP and IMAP mail readers have a download-headers option, though they don't all have a quick killfile command.
A _receiving_ SMTP server can tag incoming messages with the IP address that's sending them to it, and that often has some semblence of correctness (except when NAT and firewalls and abused relays or proxies obscure the real address), but that doesn't often tell you the real user, especially if anti-spam blocking policies set by ISPs force mail to go through their servers instead of coming directly from the recipient. Those policies also mean that aggressive anti-spammers who want to DOS or DDOS spammers can't attack the individual miscreant, only the spammers' ISPs, who are much more likely to get the anti-spammers kicked off _their_ accounts as well as more likely to have enough resources that they're harder to DOS or root.
Anyway, they're no help for several of the classic spammer cases - Disposable $20/month dialup accounts, freemail accounts set up by bots, badly administered open proxies or mail relays, mail servers behind firewalls, fake freemail servers run by spamhauses who are obsequiously willing to delete the accounts of their naughty users, etc. If everybody who handles a message does a good enough job of marking it, there's some chance of tracking down users a bit, but badly administered relays/proxies are inherently not good at this (that's why we call them "badly administered") and relay-abusing spammers can just respond by forging "From:" addresses with correct domain names for the relay machines they're abusing, e.g. random-user@someschool.edu.kr or QuakeMonster@homepc456.network23.dsl-provider.seou l.net.kr.
IIRC, there was some issue involving a pump&dump stock scam and Russian mafiosi, but I don't remember if the Russians were the spammers, the suspected killers, the potential scamees who decided to put a contract on the spammers, or some/all of the above.
- Some systems reject connection attempts from suspected Bad Guys wholesale without even a reject message; this is especially bad when the mail is from an innocent user who's been caught by collateral damage from an enthusiastic blacklist.
- Some systems reject messages from blacklisted systems but include an explanation in their 550/etc messages. This means that if you're a real user caught by collateral damage (or if you're a real user of an ISP that also sells to spammers), you'll know, and can complain to your ISP, which is supposed to be the point of collateral-damage blocking.
- Few if any systems give an alternate reply method, other than "try again with a different ISP.", e.g. use a Hotmail account to resend with. Annoying, but at least it's some way for a human to reply to a human.
Unix email reliability want WAY up when the HoneyDanBer UUCP system made a serious attempt to always send bouncegrams; previous UUCP systems sometimes tried and sometimes didn't, and for business use, you really need decent reliability.OK, so 99% of that is Pr0n, but for most of those sites, they really exist, and they'll really take your money and give you pr0n, and if you like the quality of what they're selling compared to free pr0n, well, you've kept the spammers in business selling spamming services to the pr0n industry, and you may end up with your computer getting viruses from it just as *you* would have gotten strange diseases had you dealt with most of their "artists" in person. It's not like Tiffany and her girlfriends really wanted to talk to you in person, except for $3.99/minute, but she'll be happy to sell you pictures as well as showing you banner ads for other sites that will pay _them_ if you click through.
There have been various attempts by Fundamentally Clueless People to try to get Google regulated by Somebody, Anybody, Especially the Government, preferably by the FTC (because Google is alleged to be essentially a public utility) or at least to get the Ralph Nader folks turned on to Google-Bashing. After all, if Google claims to try to rank the most interesting and relevant topics high in its list, and you're not one of them, that's Just Not Fair! , and at least some arguments from Brandt or people like him want the government to force Google to rank things fairly. Well, duh! The reason everybody uses Google instead of some of its competitors is *precisely* because it usually does a really good job of finding the things everybody is looking for, as opposed to Displaying items 1-10 of the 13122319084324 web pages matching your search in no particularly useful order, and covers a reasonable fraction of the material on the web. The beauty of open technologies like the web is that if you don't like the pagerank, you can go make one of your own; instead of convincing the government Google to change its search order to work the way you want it to, you can just as well run your own search engine or convince your favorite Feds to run their own Politically Correct Search Engine. Meanwhile, if they mess up Google too badly, we'll have to go find something else anyway, and if some liberal-intentioned luser convinces the Feds to mess up all the US search engines, we'll use one from somewhere else, but that's degrading the value of Google for the whole world community, while running your own competitor engine is potentially very valuable to the world (if you're good at it, either as a standalone site or an additional-searches site), or at least neutral.
An entirely different attempt to control Google was the Search King lawsuit. (Slashdot story, LawMeme article.) Unlike Brandt, who's a clueless whiny-liberal type who knows fairness better than you do, Search King was merely greedy, a parasite that tries to sell people a service of improving their Google ranking and then whined because Google downrates sites that try to manipulate their rankings so that their boring pages show up before more genuinely interesting pages. (Of course, Google _will_ be happy to provide you a sponsored-listing ad entry if you pay them, but those are at least visually distinguishable.)
Overture's search engine has sponsored links and regular links, though they mix them in a bit more than Google does. Link sponsors bid on how much they're willing to pay per click-through, and the sponsored links get sorted by high bid. (And with Overture, the last time I checked, they had a policy that the three highest bidders for a set of keywords get sponsored as advertising on Google searches for the same keywords.) Various people have commmented that this can be used to bash spammers. Go search for bulk email or some similar spammer-advertising phrase, and check out how much they're paying - typically the top couple bidders for that term are in the $2-5 range, though I've occasionally seen it as high as $15 (presumably a badly automated bidding war?), and the next dozen are usually $1 or more. So open a new Mozilla session, open the top few dozen sponsored links in new tabs, reject cookies from the spammers, let it download for a while to be sure they're all there, and then kill off the window. Then go back in to Mozilla and kill off the cookies you've gotten from overture, since they do have various anti-abuse protections to keep people from hacking the searching mechanisms (e.g. to discourage people from using this to bash their customers....) I don't know if they also track IP addresses, but you can be creative. Also check them out using Google.
On the other hand, for the hippie jam bands that let you non-commercially for your friends, obviously you want to rename the files .420pm instead...
But it's much more useful than that - if they're able to collect all that information, they can correlate it with people who give money to the Green Party or peace groups or environmental groups (some of whom are already on the TSA's not-allowed-to-fly lists because of their political incorrectness.) Also, the increased "information sharing" between the US civilian police agencies, spook agencies, and military, plus the redefinitions of lots of forms of vice as "national security" issues means that they can use those hotel bills from Humboldt County, California to decide to give your luggage a lot of extra attention when you're flying back from Amsterdam, or ask the Internal Revenue Service to check out your tax returns after that trip to Las Vegas just in case you might have been "money laundering" or passing some cash to that suspicious Penn fellow.
Actually, I tended to order vegetarian airline meals even back when I was carnivorous; they usually were better-tasting and not as heavy, and you can get just as deranged from having to eat meat-based airline meals, which also tend to come with squushy bread-like things as opposed to the styrofoam rice cakes that vegies get.
Note: None of this applies to Air France....
Many hardware development environments have a somewhat pricy development box with lots of software tools, debugging ports, every interface the system could support, etc. which you can use to prototype and develop your real application, which is some embedded thing that might cost $5 or $50 or $5000 depending on what it it? So how much does one of these things cost for a typical deployed environment, e.g. a PCI board or a one of a bunch of chips on a graphics board? Does it go on a $500 board, or is $5000 realistic? (Makes a lot of difference if you want to build a Beowulf cluster of them....)
Common-law juries have always had the power to judge the law as well as the facts. This is mainly relevant in criminal cases or other cases of government-vs-individual, e.g. fugitive slave law cases, or that medical marijuana case in Oakland last week, where the judge wouldn't let the defendant's lawyer tell the jury that this was a medical marijuana case because they'd vote not guilty. But it's still present in civil cases, and is often directly relevant in determining damage awards.
The more relevant disagreement is that questions of fact are seriously relevant in patent cases. Does the plaintiff's patent really cover the defendant's product/process? Was the plaintiff's patent actually new and non-obvious, and are the parts of the patent claims that apply to the defendant's product/process the parts that _are_ new and non-obvious, or are they just the boilerplate, warmup or cooldown parts surrounding the heavy work? Patent claims are normally written in broad, obfuscated language, trying to very specifically cover what's actually true and unique about their product, but not in any way that somebody can reproduce, while implying that everything in the world might be covered.
Juries (and judges) are often _not_ technical enough to evaluate some of the subtleties, so they end up having to rely on expert witnesses a lot, but there's the problem of deciding which side's expert witnesses are more believable. And business method patents are much more accessible to juries' knowledge levels than technology patents - even if you don't know how to write dynamic HTML, you can still evaluate whether
"1. Put your brochureware on the INTERNET. 2. Check your email for orders from customers. 3. PROFIT!!"
is a novel enough concept to deserve a patent.
And then of course there are the Nigerian spammers.
Sure, no problem, just send mail to all those "unsubscribe" addresses and "remove me" web pages and you'll be all set.
Happened to me as well - the front page of Slashdot was showing it with no comments under it (wow, FP when I've actually got something to say :-), and when it accepted my posting the page said ~192, but then the front page and the item page both showed nothing there. I guess it was one of those Bad Slashdot Days, but stuff's here now.
I wrote a real post, but it's not showing up here. Sigh...
Second, if you don't verify the information carefully, at minimum with double-opt-in and some kind of Turing test (e.g."type the number from the gif into this box"), there'll be all sorts of abuse, signing up people who don't want to be there, automated h4X0r b0ts trying to kill everybody in the state, random crap like that. Do you trust your average state government to implement something like that right? (If you answered "yes", and live in California or New Jersey, you obviously don't bother reading headlines about state government computer project debacles, and if you live somewhere else, your local government is just as stupid by I haven't been paying attention to them :-)
Third, there are ways to provide some privacy protection while still maintaining a blocking list. For instance, instead of keeping a database of addresses that pass the double-opt-in test, publish a list of harder-to-abuse hashes of the addresses:
Fourth, this doesn't always mix well with newer tagged-format addresses ("username+tag1@example.com") or domain or subdomain addresses ("anything@mydomain-example.com" or "anything@username.fastmail.fm") unless the rules are tediously explicit and accurate for how to use them. These kinds of addresses let you give every recipient a unique address, which your email programs can filter on to discard stuff that's obviously abuse and sort stuff that's from real people.
A classic instance is the "deep linking" cases, where somebody doesn't want to let you see their deep pages except by coming through their front page. Rather than taking this to court, as several content providers have done, and beat up on users one at a time, it's much simpler to check the HTTP-REFERER to find out what page the request came from, and send an appropriate response page to any request that doesn't come from one of their other pages. (Whether that's a 404 or a redirect to the front page or a login screen or whatever depends on the circumstances.)
Screen scapers are an interesting case for a couple of reasons. One of them is that blind people often use them to feed text-to-speech browsers, so banning them is Extremely Politically Incorrect, as well as rude and stupid. Another is that anybody with a Print-Screen program on their PC can screen-scrape - you're only affecting whether they get ugly bitmaps or friendlier HTML objects. So you not only have to ban custom-tailored CPAN objects, you have to get Microsoft and Linus to break the screen-grabbers in their operating systems.
The related question "ok, so how *do* I detect and block http requests I don't like?" is left as an exercise to the blocker (and to the people who build workarounds to the blocks, and the people who also block those workarounds, etc...) The classic answers are things like cookies (widely supported "need the cookie to see the page" features seem to be available), ugly URLs that are either time-decaying or dependent on the requester's IP address, etc., or just checking the browser to see which lies it's telling about what kind of browser it is. There's also the robots.txt convention for politely requesting robots to stay away, and Spider traps to hand entertaining things to impolite robots or overly curious humans.
I'd rather have privately-built space stuff, but even blowing the $100B on the space station or a really great fireworks show would be better than blowing it on a war. And if we don't buy college educations for a million or two scientists, we can just as well buy college educations for a million or two liberal arts students so we'll get better literature or at least better-written computer manuals and television shows...
If it's a file server you use much, it's nice to have it on a UPS. (Also, if it's a DNS server or DHCP server, you really want it on a UPS as well.) For a low-end device, laptop-style batteries are fine.
Or can you get User Mode Linux to run on it and have a *really* large virtual cluster?