and it is when they're at or heading to/from Congress, so you can't harass them on their way home either, except for "treason, felony and breach of the peace" - on the other hand, they might get away with pretending that refusing to stop for a TSA thug is "breach of the peace", and the Constitution doesn't say that their families or staff members are immune from arrest.
While they do need to have cell phone service to do their jobs, that's just so their customers can reach them when they're out of their offices, buying drinks for Congressional staff members or visiting government offices or meeting with other lobbyists.
The fearmongers who run the TSA may not be competent at things like maintaining accurate lists or building their databases with tracking information so they can identify the chain of events and accusations that put somebody on the list and track it back to the origins, like any competent database designer would do, but there are some things that are clearly done for political reasons, and putting A Well-Known Liberal Senator on the list was clearly one of them, just as introducing punishment gropings for anybody who doesn't cooperate with the Naked Scanners was clearly political, even though in both cases they pretend to have plausible deniability.
Now, finding terrorist supporters named "Kennedy" is unlikely to have been difficult; as of a couple of years ago I could *still* reliably find pro-IRA fundraising newspapers in Irish bars in San Francisco, and it's probably even easier to find them in Irish neighborhoods in Boston.
The Powers That Be want you to be a bit scared when you're going through the airport, but they mainly want you to be scared of Terrorists, and mainly feel that the TSA are there to protect you and catch the terrorists, not feel directly threatened by the TSA. Big Brother Government is there to Protect You, and you're supposed to be obedient.
They do use some smaller dogs as sniffers, beagles and the like, that aren't scary dogs, but even then, you expect police sniffer dogs to be looking for drugs, and you expect that the police will lie about what the dog's telling them if they feel like singling you out.
Even if windows gave you some filtering, you'd still have to deal with insiders, virus-infected users, etc. If you want security, you still need to use crypto.
I don't see how this is much better than the IRDA infrared that used to be built into laptops, printers, mice, etc. It got replaced by radio technology several generations ago.
If you want me to be able to save your ad for later, you need to display it in a format that's transparent, standards-based, and not annoying. (They also have to get past NoScript and AdBlock, so maybe I'm not your target customer - I don't mind static banner ads from legitimate advertisers supporting web pages I'm looking at for free, but they get trashed as collateral damage because I really don't want animated scripted spyware-laden bloatware ads slowing down my browser.
This guy seems to have raised $8m in the premise that people not only want to save ads, but that the advertisers he's probably hoping to monetize his product with are more willing to pay him to make their ads savable than to make their ads non-annoying in the first place. Maybe he's right, but it looks like he's trying to find the suckers who are born every minute...
Whoosh! Dude, you're missing that we're making fun of TFA's author's bad use of the English language here... It's even in the title of your posts:-)
It used to be easier to track down and collect from spammers a decade ago than it is today, because so much of it has moved to off-shoring and botnets, and spammers have learned to use shell corporations, bogus domain registration information, fly-by-night web hosting services, and other techniques, so the low-hanging fruit is mostly gone. It's especially tough because the easy people to catch are mostly the stupid ones, and they don't usually have a lot of money. Back when people still fell for the "Make Money Fast by Spamming The Internet" scams, usually there were a lot of suckers buying spamming kits, not actually making much money, but it was easier to catch them than the scammers selling the kits. On the other hand, slapping those people on the wrist for a few thousand dollars would usually keep them from getting back in the game..
If Dan's making money at it, good for him. He's probably catching a somewhat more professional class of spammer, but still stupid enough not to be able to avoid violating the anti-spamming laws or build themselves $100 Delaware Corporations to take the rap for their spamming.
Legal solutions aren't going to kill all spamming until we acquire Un-bribe-able World-Wide Pork-Product-Hating Overlords. But a large amount of spam actually does come from US-based spammers, including little guys and big businesses. It's extremely easy to comply with CAN-SPAM if you're not a deliberate spammer - don't send people unsolicited commercial email and you've done your job. It's pretty trivial to comply with it even if you *are* a deliberate spammer, and cheap and easy to set up a $100 shell corporation to limit your financial exposure even if you're a deliberate spammer who doesn't want to comply with the trivial rules. If Dan is making money suing you, then you're a) spamming, b) lazy, and probably c) stupid. If your primary problem is c) stupid, then you deserve to be slapped on the wrist with a couple thousand dollars worth of lawsuit and told to stop annoying people. If you're not stupid, just greedy, then you deserve worse, so I'd recommend spamming him lots of times.
Not only do legitimate companies and groups not send people unsolicited email, they maintain mailing list systems that let people unsubscribe, so even if they have spammed you, it's easy to unsubscribe once from all of your future email. Of course, most people have learned not to trust unsubscribe-from-spam systems, because that just gives spammers more data, but if you really are legitimate (e.g. you're a newspaper, somebody registers for your online comments system, and then decides you're sending them too much mail) you'll do that. And if you're legitimate and not stupid, you're certainly not going to buy mailing lists of "opt-in addresses" from untrustworthy sources.
The purpose of the laws that let individual spam victims sue spammers isn't just to let us get recompense for the 5 seconds of time it takes to read through a message that slipped though our spam filters - it's to let large numbers of people take care of the job of prosecuting spammers, since the criminal prosecution system isn't going to bother with the small-timers. The reason for allowing it to be done in small-claims court is to make it much easier for us to to that. And yeah, it does encourage the spamming business to professionalize and let Russian mobsters do the jobs that used to be done by real American workers living in their single-wides chasing "make money fast by spamming" scams, but getting rid of home-grown stupid spammers is an important part of cleaning up the Internet. But it also encourages the anti-spammers to professionalize, and good for them!
The easy half of the game is to have a system for generating lots of aliases - either of the form alias@yourdomain.com (or alias@yourusername.yourisp.net) or yourusername+tag@yourdomain.com are both standard approaches for supporting an infinite number of tagged addresses.
The difficult problem is getting your email user agent to be friendly about making sure that if you got mail from someone who knows you as alias123@yourdomain.com, your replies to them get sent From: alias123@yourdomain.com, and also making sure that if you're sending one mail message to more than one person (either with a mailing list, or separate To:/Cc:/Bcc:, that something appropriate gets done to send them mail with your different addresses. TMDA automates some of that; not sure if anybody's done Thunderbird bits for anything similar.
Unfortunately, part of that solution space is patented - Hall's 1999 "Zoemail" patent and a couple of following patents, though Yahoo has argued in court that they don't apply, at least to whatever Yahoo was doing, and that thy were invalid, obvious, annoying, etc.
If he's got the contract on his web pages, and the only way you can find out most of his email addresses you're targeting is by reading his web page, then you're presumed to have read his offer. If you're spamming "dan@danbalsam.com" that may not apply, because that's obvious without looking at his web page, but if you're spamming user34590438509348@danbalsam.com, you got that from his web page.
And maybe that's not a tough enough legal contract to force you to pay him $1000000 and your first-born child, but it should be plenty solid to get $1000 in small claims court.
It looks like he's especially trying to catch spammers who are doing business in California, since California laws are tougher than the US CAN-SPAM law. But it sounds like he's also catching people who are violating CAN-SPAM, and any US spammer who can't figure out how to comply with that law cheaply and easily while still spamming their way to Making Money Fa$t is too stupid to deserve to stay in business, and yet many of them don't bother. Obviously non-US spammers don't have to comply with US or California laws, but it's much harder to collect money from them so stopping them is Somebody Else's Problem.
One thing that's happened to improve algorithms, besides having people study Computer Science and take advantage of the work other people have done in academia and open source systems over the past few decades, is that computers are enough bigger and faster that you can solve problems that weren't feasible in the past, because you didn't have enough RAM, or disks were too small and you needed to use tape, or CPUs weren't fast enough to bother using some techniques, and having those tools gives you more choices of algorithms than I had when I was an undergrad in the 70s, or than my professors had when they were learning CS in the 60s and 50s. 640KB wasn't enough for everybody, and I remember a Star Wars funded research project at Princeton in the late 80s that had a VAX with 128MB of RAM crammed into it so they could study what you could do if you really always had enough RAM. (They didn't think 128MB was really quite enough, but it was a good start and they could get it funded, and it was still extravagantly large - they even had a 450MB disk drive just for swap:-)
Cool, thanks! I've got a lab where we evaluate firewall and intrusion detection products, and since we just got a new big VMware box, I'd like to be able to fill it full of well-behaved client VMs, evil nasty client VMs, etc., so a distro that's reasonably small and has reasonable features and convenient management is a helpful thing.
When George Bush declared North Korea to be part of the "Axis of Evil", it was doing Kim Jong-Il a favor, making both Kim and Dubya sound like bad-asses that their populations should respect. Kim may be following in his family traditions of bat-shit insanity and sociopathic disrespect for the people he's ruler of, but he's still playing mostly for a local audience, and secondarily for other world leaders playing for their own local audiences.
I'm interested in this for a VMware guest OS, as a possible alternative to m0n0wall. Have the authors thought about that kind of implementation? How much RAM does it need to run adequately?
Unfortunately, that was what they did. The point of satellites is that you're not dependent on ground-based infrastructure, but the reality was that governments could still ban using them except in wiretappable monopoly-price-supporting mode, which made them unusable or economically unsupportable.
The NSA/NCSC/NIST did give us SE Linux (I forget which hat they were wearing at the time), but it's from the Light Side there, trying to provide secure computers for government and industry, not the Dark Side which tries to provide insecure systems for other governments, and they did a good job of convincing people that they should overcome their usual lack of trust. The real catch with systems like that is that the military model of security users doesn't always match what non-military people need, but they know that.
Auditing crypto code is really tough. It's not something SELinux can help you with, unless you're trying to write applications that leak data across user/kernel boundaries or something; SELinux can't tell AES-256 from Bass-O-Matic, much less find that your "random" number generator leaks key bits to somebody who's got the secret backdoor keys, or that your choice of padding algorithms wasn't using enough salt bits. That takes crypto algorithm geeks to get that one correct, and protocol design has a whole nother can of worms and skill sets that are needed to find problems with it.
Good user name and Slashdot ID numb er, BTW. - rates you an automatic +1 funny -1 troll...
If other people can't really understand it, they can't understand what its assumptions and limitations are, and therefore can't adequately assess whether it's safe to use in a given environment. This makes it more likely that either (a) they won't use it, which is a self-denial-of-service bug, or (b) will use it in environments that don't meet the programmer's assumptions, and therefore will not be robust.
This is true even if the user is the original programmer, trying to use his macho-programmer code six months later.
At least one of the proposed LEO satellite networks ran into real problems because lots of governments insisted that they route satphone traffic from that network's customers in their countries through earth stations in their countries. It was partly security paranoia (like the recent Blackberry regulations around the world), but largely protectionism for the monopoly telcos, which didn't want to lose revenues from people who could use satphones to save money. (Typically this was third-world countries with poor infrastructure and government-run telcos, which were one of the big markets for satphones.) Remember when calling India cost a dollar a minute?
Slashdot Mirror
and it is when they're at or heading to/from Congress, so you can't harass them on their way home either, except for "treason, felony and breach of the peace" - on the other hand, they might get away with pretending that refusing to stop for a TSA thug is "breach of the peace", and the Constitution doesn't say that their families or staff members are immune from arrest.
While they do need to have cell phone service to do their jobs, that's just so their customers can reach them when they're out of their offices, buying drinks for Congressional staff members or visiting government offices or meeting with other lobbyists.
The fearmongers who run the TSA may not be competent at things like maintaining accurate lists or building their databases with tracking information so they can identify the chain of events and accusations that put somebody on the list and track it back to the origins, like any competent database designer would do, but there are some things that are clearly done for political reasons, and putting A Well-Known Liberal Senator on the list was clearly one of them, just as introducing punishment gropings for anybody who doesn't cooperate with the Naked Scanners was clearly political, even though in both cases they pretend to have plausible deniability.
Now, finding terrorist supporters named "Kennedy" is unlikely to have been difficult; as of a couple of years ago I could *still* reliably find pro-IRA fundraising newspapers in Irish bars in San Francisco, and it's probably even easier to find them in Irish neighborhoods in Boston.
The Powers That Be want you to be a bit scared when you're going through the airport, but they mainly want you to be scared of Terrorists, and mainly feel that the TSA are there to protect you and catch the terrorists, not feel directly threatened by the TSA. Big Brother Government is there to Protect You, and you're supposed to be obedient.
They do use some smaller dogs as sniffers, beagles and the like, that aren't scary dogs, but even then, you expect police sniffer dogs to be looking for drugs, and you expect that the police will lie about what the dog's telling them if they feel like singling you out.
Even if windows gave you some filtering, you'd still have to deal with insiders, virus-infected users, etc. If you want security, you still need to use crypto.
I don't see how this is much better than the IRDA infrared that used to be built into laptops, printers, mice, etc. It got replaced by radio technology several generations ago.
If you want me to be able to save your ad for later, you need to display it in a format that's transparent, standards-based, and not annoying. (They also have to get past NoScript and AdBlock, so maybe I'm not your target customer - I don't mind static banner ads from legitimate advertisers supporting web pages I'm looking at for free, but they get trashed as collateral damage because I really don't want animated scripted spyware-laden bloatware ads slowing down my browser.
This guy seems to have raised $8m in the premise that people not only want to save ads, but that the advertisers he's probably hoping to monetize his product with are more willing to pay him to make their ads savable than to make their ads non-annoying in the first place. Maybe he's right, but it looks like he's trying to find the suckers who are born every minute...
Userfriendly.com comic from Aug 7, 1999
Pitr: Am wonderink what is this email
Email: This is not unsolicited bulk email. Buy me. Blah blah blah
...
Pitr: Zlotniks! Sending me spam! Am fixink their leetle red wagon!
...
Boss: What happened to our email server?
Worker: It's flooded. And there's an email here that says "This is not a denial of service attack."
Whoosh! Dude, you're missing that we're making fun of TFA's author's bad use of the English language here... It's even in the title of your posts :-)
It used to be easier to track down and collect from spammers a decade ago than it is today, because so much of it has moved to off-shoring and botnets, and spammers have learned to use shell corporations, bogus domain registration information, fly-by-night web hosting services, and other techniques, so the low-hanging fruit is mostly gone. It's especially tough because the easy people to catch are mostly the stupid ones, and they don't usually have a lot of money. Back when people still fell for the "Make Money Fast by Spamming The Internet" scams, usually there were a lot of suckers buying spamming kits, not actually making much money, but it was easier to catch them than the scammers selling the kits. On the other hand, slapping those people on the wrist for a few thousand dollars would usually keep them from getting back in the game..
If Dan's making money at it, good for him. He's probably catching a somewhat more professional class of spammer, but still stupid enough not to be able to avoid violating the anti-spamming laws or build themselves $100 Delaware Corporations to take the rap for their spamming.
Legal solutions aren't going to kill all spamming until we acquire Un-bribe-able World-Wide Pork-Product-Hating Overlords. But a large amount of spam actually does come from US-based spammers, including little guys and big businesses. It's extremely easy to comply with CAN-SPAM if you're not a deliberate spammer - don't send people unsolicited commercial email and you've done your job. It's pretty trivial to comply with it even if you *are* a deliberate spammer, and cheap and easy to set up a $100 shell corporation to limit your financial exposure even if you're a deliberate spammer who doesn't want to comply with the trivial rules. If Dan is making money suing you, then you're a) spamming, b) lazy, and probably c) stupid. If your primary problem is c) stupid, then you deserve to be slapped on the wrist with a couple thousand dollars worth of lawsuit and told to stop annoying people. If you're not stupid, just greedy, then you deserve worse, so I'd recommend spamming him lots of times.
Not only do legitimate companies and groups not send people unsolicited email, they maintain mailing list systems that let people unsubscribe, so even if they have spammed you, it's easy to unsubscribe once from all of your future email. Of course, most people have learned not to trust unsubscribe-from-spam systems, because that just gives spammers more data, but if you really are legitimate (e.g. you're a newspaper, somebody registers for your online comments system, and then decides you're sending them too much mail) you'll do that. And if you're legitimate and not stupid, you're certainly not going to buy mailing lists of "opt-in addresses" from untrustworthy sources.
The purpose of the laws that let individual spam victims sue spammers isn't just to let us get recompense for the 5 seconds of time it takes to read through a message that slipped though our spam filters - it's to let large numbers of people take care of the job of prosecuting spammers, since the criminal prosecution system isn't going to bother with the small-timers. The reason for allowing it to be done in small-claims court is to make it much easier for us to to that. And yeah, it does encourage the spamming business to professionalize and let Russian mobsters do the jobs that used to be done by real American workers living in their single-wides chasing "make money fast by spamming" scams, but getting rid of home-grown stupid spammers is an important part of cleaning up the Internet. But it also encourages the anti-spammers to professionalize, and good for them!
The easy half of the game is to have a system for generating lots of aliases - either of the form alias@yourdomain.com (or alias@yourusername.yourisp.net) or yourusername+tag@yourdomain.com are both standard approaches for supporting an infinite number of tagged addresses.
The difficult problem is getting your email user agent to be friendly about making sure that if you got mail from someone who knows you as alias123@yourdomain.com, your replies to them get sent From: alias123@yourdomain.com, and also making sure that if you're sending one mail message to more than one person (either with a mailing list, or separate To:/Cc:/Bcc:, that something appropriate gets done to send them mail with your different addresses. TMDA automates some of that; not sure if anybody's done Thunderbird bits for anything similar.
Unfortunately, part of that solution space is patented - Hall's 1999 "Zoemail" patent and a couple of following patents, though Yahoo has argued in court that they don't apply, at least to whatever Yahoo was doing, and that thy were invalid, obvious, annoying, etc.
If he's got the contract on his web pages, and the only way you can find out most of his email addresses you're targeting is by reading his web page, then you're presumed to have read his offer. If you're spamming "dan@danbalsam.com" that may not apply, because that's obvious without looking at his web page, but if you're spamming user34590438509348@danbalsam.com, you got that from his web page.
And maybe that's not a tough enough legal contract to force you to pay him $1000000 and your first-born child, but it should be plenty solid to get $1000 in small claims court.
It looks like he's especially trying to catch spammers who are doing business in California, since California laws are tougher than the US CAN-SPAM law. But it sounds like he's also catching people who are violating CAN-SPAM, and any US spammer who can't figure out how to comply with that law cheaply and easily while still spamming their way to Making Money Fa$t is too stupid to deserve to stay in business, and yet many of them don't bother. Obviously non-US spammers don't have to comply with US or California laws, but it's much harder to collect money from them so stopping them is Somebody Else's Problem.
One thing that's happened to improve algorithms, besides having people study Computer Science and take advantage of the work other people have done in academia and open source systems over the past few decades, is that computers are enough bigger and faster that you can solve problems that weren't feasible in the past, because you didn't have enough RAM, or disks were too small and you needed to use tape, or CPUs weren't fast enough to bother using some techniques, and having those tools gives you more choices of algorithms than I had when I was an undergrad in the 70s, or than my professors had when they were learning CS in the 60s and 50s. 640KB wasn't enough for everybody, and I remember a Star Wars funded research project at Princeton in the late 80s that had a VAX with 128MB of RAM crammed into it so they could study what you could do if you really always had enough RAM. (They didn't think 128MB was really quite enough, but it was a good start and they could get it funded, and it was still extravagantly large - they even had a 450MB disk drive just for swap :-)
Cool, thanks! I've got a lab where we evaluate firewall and intrusion detection products, and since we just got a new big VMware box, I'd like to be able to fill it full of well-behaved client VMs, evil nasty client VMs, etc., so a distro that's reasonably small and has reasonable features and convenient management is a helpful thing.
When George Bush declared North Korea to be part of the "Axis of Evil", it was doing Kim Jong-Il a favor, making both Kim and Dubya sound like bad-asses that their populations should respect. Kim may be following in his family traditions of bat-shit insanity and sociopathic disrespect for the people he's ruler of, but he's still playing mostly for a local audience, and secondarily for other world leaders playing for their own local audiences.
I'm interested in this for a VMware guest OS, as a possible alternative to m0n0wall. Have the authors thought about that kind of implementation? How much RAM does it need to run adequately?
Unfortunately, that was what they did. The point of satellites is that you're not dependent on ground-based infrastructure, but the reality was that governments could still ban using them except in wiretappable monopoly-price-supporting mode, which made them unusable or economically unsupportable.
ObXKCD reference
.... void stares into You.....
The NSA/NCSC/NIST did give us SE Linux (I forget which hat they were wearing at the time), but it's from the Light Side there, trying to provide secure computers for government and industry, not the Dark Side which tries to provide insecure systems for other governments, and they did a good job of convincing people that they should overcome their usual lack of trust. The real catch with systems like that is that the military model of security users doesn't always match what non-military people need, but they know that.
Auditing crypto code is really tough. It's not something SELinux can help you with, unless you're trying to write applications that leak data across user/kernel boundaries or something; SELinux can't tell AES-256 from Bass-O-Matic, much less find that your "random" number generator leaks key bits to somebody who's got the secret backdoor keys, or that your choice of padding algorithms wasn't using enough salt bits. That takes crypto algorithm geeks to get that one correct, and protocol design has a whole nother can of worms and skill sets that are needed to find problems with it.
Good user name and Slashdot ID numb er, BTW. - rates you an automatic +1 funny -1 troll...
If you're going to have a conspiracy, there's no point in using one that can't penetrate tinfoil hats....
If other people can't really understand it, they can't understand what its assumptions and limitations are, and therefore can't adequately assess whether it's safe to use in a given environment. This makes it more likely that either (a) they won't use it, which is a self-denial-of-service bug, or (b) will use it in environments that don't meet the programmer's assumptions, and therefore will not be robust.
This is true even if the user is the original programmer, trying to use his macho-programmer code six months later.
At least one of the proposed LEO satellite networks ran into real problems because lots of governments insisted that they route satphone traffic from that network's customers in their countries through earth stations in their countries. It was partly security paranoia (like the recent Blackberry regulations around the world), but largely protectionism for the monopoly telcos, which didn't want to lose revenues from people who could use satphones to save money. (Typically this was third-world countries with poor infrastructure and government-run telcos, which were one of the big markets for satphones.) Remember when calling India cost a dollar a minute?