Slashdot Mirror


User: Tom

Tom's activity in the archive.

Stories
0
Comments
10,601
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 10,601

  1. Re:RTFA on Pluto: Linux-based Do-everything System · · Score: 1

    Then not be able to fix it,

    Uh, sorry? Just because it comes in a shiny box doesn't mean it's magic, you know? In fact, most of the commercial systems I've seen are more badly hacked together than most Free Software (there are exceptions - on both sides).

    All you need is a debugger...

  2. better predictions on Security Predictions of 2004 · · Score: 2, Funny

    Almost all of these are just "we'll see the current trend continue".

    Ironically, my own prediction isn't much different:

    In 2004, lots of interesting things will happen in security, and none of the things that would matter will change. Instead, a lot of time, money and effort will be thrown at the wrong non-solutions.

    i.e. more of 2003, or 2002, or 2001, ...

  3. Re:Proud to be a Heretic! on What You Can't Say · · Score: 1

    My uid is 1/10th his, and I'll call him a n00b.

    Hihi.

    The interesting thing about group think is that any slightly differing opinion is "really wrong"

    Yes. That is why someone I respect once said that you should associate with the people whose opinions you find revolting - you can learn more from them.

  4. Re:Best examples of heresy I can think of on What You Can't Say · · Score: 1

    One of them had two passports - he was a German citizen.

    Germany doesn't recognize double-passports. If you want to become a german, you have to drop whatever other statesmanship you have.

    Better argument: Israel is known to take an extremely light, if not supportive, position on producers of fake passports. Of course, that is in order to allow Israeli people to produce some OTHER passport in hijackings, and possibly not be shot on the spot.

    So most likely that german passport was fake.

  5. Re:Best examples of heresy I can think of on What You Can't Say · · Score: 1

    No, you can say that perfectly well.

    In fact, you can have an interesting discussion about it, touching lots of areas from religion to anthropology to quantum physics (the problem of the observer).

    Definitely not a heresy.

  6. Re:Best examples of heresy I can think of on What You Can't Say · · Score: 1

    Nah, pretty lame. Try this one:

    "Having sex with children is ok."

    Ancient greek comes to mind - teachers quite regularily had (homo)sexual relations with their pupils.
    There is also much evidence that a whole lot of the "I am damaged for life because I was abused as a kid" cases were artifacts of psychological investigation, i.e. the case may be real, but the trauma was only created afterwards, by the psychologist probing and asking and trying and turning until he had created it.

    Disclaimer: Do I think sex with kids is fine? No, I don't. I am undecided. Also, I'm talking about sex, not rape.

    Flame away. :)

  7. Re:The Power User's Lament on Wasting Time Fixing Computers · · Score: 1

    a lot of people expect their computers and internet connections to function about as reliably as any other comparable appliances

    And that's the fundamental mistake. Repeat with me:

    A computer is not an appliance.

    When your assumption is false, nothing you derive from it has a reliable truth value. No wonder these people get confused and fed up.

  8. RTFA on Pluto: Linux-based Do-everything System · · Score: 1

    It's actually quite a nifty product. And I am quite sure none of the "I built this myself for less" posters come even close to the functionality it provides.

    I'd love to have one of these. I've been dreaming of integrating more and having less odd electronics that do one thing and don't talk with anything else around.

  9. Re:What's wrong with POP3? on Cringely's 2004 Predictions · · Score: 1

    Why replace POP3 (and IMAP)? These work fine and are completely separate of the SMTP delivery engine.

    Yes, but how much will this stop a random marketing drone from telling your bosses boss that because of all the spam, he needs to replace it by OOPP (our-own-proprietary-protocol) ?

    I've been in way too many meetings with people who don't deserve their "head of IT" or "CTO" title to believe that a technical argument, no matter the truth value, wins over good marketing and fancy slides.

  10. More laws, higher penalties on You've Got Spam: AOL Blocks 1/2 Trillion Spam · · Score: 2, Insightful

    In storage and transmission costs alone, this is a fortune.

    So what do we need? Harsher laws, of course. And stop saying they won't work already. The main spammers are known all we need to do is put, say, the top-50 away for life.

    Sounds harsh? I don't think so. Spammers are committing a very serious, evil crime: Stealing from the commons.

    Unfortunately, in our corporate dominated world, where things don't count unless they are property of someone and can be put on a quarterly report, that idea is mostly lost.
    That doesn't change the facts. Spammers are stealing from all of us. A single spam mail might be petty theft, but it's petty theft times several million.

    The law needs to recognize that spam is destroying a part of society, and adapt the sentences. Fuck fines. Put the notorious spammers away for a few decades, into a prison for serial-rapists and murderers. Make their cases extremely public. Make it clear that now that the top-50 list has been cleaned out, anyone aspiring to take one of those spots has a cell reserved already.

  11. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    A CRC check *is* a content-based filter rule.

    Your and my definitions seem very different.

    "Content-based", in legalese and technical jargon familiar to me, means "discrimination based on the content of a message". A CRC check doesn't care for what I write. IP packets have checksums, too. Nobody calls them content-based filters.

  12. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    Interesting the way you switch from "your grandmother" examples to people running their own servers,

    Not really, though confusing, I agree. Let me clarify, and then sign off as well as you are right:

    * You need to make something that grandma can handle, and the HC calculation needs to be done in her client, not at the ISP
    * You also need something for those who run their own servers, and want to do HC there.

    Why do you need both? Because of the way markets work. You always have "early adopters", and these are usually from the 2nd kind. But you also have the "mainstream", and they're the 1st type.
    If you want to go anywhere, you need both. If you get no early adopters, you have no in into the mainstream. And if you get only the early adopters, the entire thing fails as a general system.

    So grandma and the server-owning geek aren't really that far apart.

  13. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    EACH MESSAGE is a separate and complete job,

    Ah, now I get you. Yes, that is indeed the primary shortcoming that I pointed out in some other comment.
    I thought you were talking about parallelizing individual message HC calculations.

    Frankly, I don't think you have any idea what's involved in transmitting mail.

    Hihi, you're funny. :)
    I'm actually pretty fluid in SMTP, and I've been administrator for mailservers, including some with massive volumes, for ~10 years.

    I know that HC is filtering, if you want to define it broadly. However, HC does not require the recipient to define rules. The MTA simply takes the message, runs the hash, and if it doesn't match, bounces it. It's essentially a CRC check, if you want.
    You'll agree that a CRC check is quite a different animal than content-based filter rules, don't you?

    I don't believe it's a magic bullet. But frankly, any bullet in a spammers head is good news to me, ain't gotta be a golden one.

  14. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    Unless you have your own dedicated known static IP,

    check

    *and* your ISP gives you unfiltered port 25 outgoing,

    check

    *and* you're up to running your own mail server instead of using the ISPs,

    check

    Looks like I'm fine. Just like probably half a million other people. So I want my HC in my MTA.

    What you want to do is put HC into the last instance under client control. i.e. people who run their own servers will want it in the MTA. ISPs, on the other hand, run relay servers, and will want to relay only HC stamped mails, so the client has to do it.

    We really agree here, except for some technicalities.

  15. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    According to the HC FAQ the nodes don't need to communicate:

    Now you are mixing up two things. If you use HC the way it was intended to, then the FAQ holds true. If you try to abuse it by parallel processing, then the nodes need to communicate.

    I didn't say that email should cost money. I said that unsolicited email should cost money often enough that it becomes unprofitable for the spammers to pursue it.

    That means that email should cost money. Otherwise you're back at filtering and SA in order to seperate the good (free) from the bad (costly).

    [red/green/amber]

    Yes, the basic principle is clear enough. Your problem remains. 99% of possible communication partners are in the amber list. If moving from there to green is too much hassle, it won't happen.
    And for some people, simple things such as hitting reply again, or just cutting quotes down to a minimum, or not top-posting or any such nonsense is already too much hassle, as you can see in mail and usenet and where else every day.

  16. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    You can't put hashcash in the MTA.

    For outlook and webmail users, you'd put it into their respective clients, correct.
    For the (by now minority) real Internet users, the MTA would be the logical place.

  17. new trend on Israel Suspends MS Office Purchases For Now · · Score: 1

    Nah, not switching away from M$ Office. What's interesting is that like in a landslide, more and more countries and large corporations find out that if they pull out a Linux box, and mention a pilot project, prices for M$ products suddenly start to drop.
    If that isn't enough, you threaten to go away, use OO and Linux, and mention again how well the pilot project was going.

    Never been so easy to get the local M$ rep to dump his prices well below anything you had ever seen before.

  18. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    Yes, HC uses SHA1. It does not, however, compute a straightforward hash, but does partial hash collisions. You can do that in parallel, but it requires additional overhead and is non-trivial (plus it can't be done offline, the nodes need to communicate, as the search space split isn't equal sized).

    I do absolutely agree on the money part. That's what I said earlier: If we started out with e-mail now, we could just add postage to it and nobody would yell because it was never different.

    But let's see you convince the millions of people who already proved their smarts by signing up for hotmail accounts that e-mail should cost money in the future.
    Here's my guess on the outcome: 80% wouldn't even know what you're talking about. 20% would say "fuck you, my hotmail said it's free".

    The whole problem is that no solution will work if it doesn't work for mum and dad and the hotmail lusers.

  19. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    the scheme I suggested is just as automatable as HashCash or any other system.

    Uh? I always thought the entire point of challenge-response systems is to make sure that you are talking with an actual human at the other end.

    A simple challenge that you propose would do nothing to stop spam except force them to add 10 lines of code for the verification part to their mass-mailing software.

    And before you talk about valid return addresses, let's talk about hijacked machines. See how spam nowadays can well have a very valid return address without that being one that belongs to the spammer?

    Also, HC requires ONE change in ONE program, usually the low-level MTA. If we just put HC into MTAs today, 99% of the people who are using it tomorrow won't even know.

  20. Re:leave the mainstream on Best Original Games of 2003? · · Score: 1

    Marble Blast = Marble Madness, NES game from 10+ years ago.

    Download the demo, and you'll agree that it MB relates to MM the same way that Tombraider relates to Pitfall.
    Yes, it's the same basic idea. That doesn't mean there is no room or originality. If that is your definition of "original", then no book, play or movie written during the past 2000 years is original.

    Scorched 3D... I love that it exists, but adding a third dimension to old gameplay is not original.

    That depends on whether the 3rd dimension is just eyecandy or actually changes the gameplay. Turns out it does. You can, for example, lob bombs around mountains in strong wind.

    Savage = Battlezone and Battlezone 2.

    Not in the very least. I've played both BZs, and I loved them to death. But they are definitely not the same kind of game as Savage.
    BZ is an RTS where you also command one unit, or an FPS where you can also build, depending on how you view it.
    In Savage you play either a pure RTS as commander, or a pure FPS as a warrior. It's an entirely different, and original, way of combining the two genres.

    Again: Just because someone else wrote a sentence with the same 2 words in them once doesn't mean I can't come up with a truly original sentence around those same two words.

  21. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    How can an operation that is 100% parallelizable not get a linear speedup from more computing resources?

    One of the whitepapers explains it. Please RTFM.

    If you can do the processing offline, the spammer gets even more of an advantage...

    No he doesn't, because online time is not now and will not in the future be his bottleneck.

    If you can sign a mailing to a mailing list in one pass, and do it offline, the spammer can do the same thing...

    No, he can't. Again, this is explained in the whitepapers, RTFM.

    if you need to make arrangements for the mailing list ahead of time, then that's whitelisting... why not just whitelist the mailing list?

    Yes, the mailing list problem is solved via a version of whitelisting. You still do HC in order to prevent spoofing attacks.

    Nobody claims HC is perfect. However, quite a few people with more brainpower than me or you have put a lot of thought into it. Nothing you've said so far hasn't been addressed already 2+ years ago.

  22. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    You haven't thought it through: YOU, as the recipient, set the price.

    Communication, however, has at least two participants. Just because the recipient sets that price doesn't mean that the sender plays ball.

    Please go back and re-read my last two postings in light of that meaning.

    Does it have a cost? Yes. But it's a vanishingly small one compared to the cost... the *human* cost... of spam.

    True, if this were a green field and we two were about to invent e-mail.
    The problem here isn't so much the cost of the new system. It's the cost of switching over. Not in money or time, but in lost communication partners, namely those who stick to the old one because of whatever marginal costs the new one has that they don't want to bear.

    Postage is no problem with snail mail because it always was that way.

    Your system builds up blocks to jump over where there used to be none. That means a lot of people won't jump, no matter the height.

    HC or other systems can be automated, which means the people don't perceive the obstacles. That is why I said that nothing that adds a visible cost to e-mail will work, ever.

  23. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1

    If I'm the author of TIG, and I'm stupid enough to block mail from anyone who isn't willing to pay me $2.50, then I deserve to heard about this security hole third-hand after you post it to full-disclosure. And I'll figure out that trying to make big bucks off reading email was a dumb idea.

    Right. Now that we agree on the core, let's see how slippery the slope is.

    You still with me if the price is not $2.50 but $1? 40? 20? 5? 1?

    Ok, let's drop the strawman. It's not about money. Even if it's just your challenge-response system, I might still say [expletive] if you make it any harder than absolutely necessary for me to contact you. After all, you are the one who needs to know, my benefit in telling you is minimal, and if you ask me to jump, I don't care how high.

    That is the point. Any anti-spam system that makes communication even minimally more difficult is doomed to fail, because your grandma won't understand why and your brother will be pissed and both will stick to the old.

  24. Re:old and embraced on Microsoft Researching Anti-Spam Technique · · Score: 1
    So, your hashcash plugin runs in "a few seconds" on this machine. That means, on a multi-GHz Pentium, you can probably calculate hashcash for 100 messages a second.

    No it does specifically not mean that. Read more of the HC documentation. The algorithm is specifically designed to not profit linear or even near from more CPU power.

    And I still haven't addressed mailing lists, mail to multiple people, offline mail, and hijacked computers.

    Then I will:

    • The mailing list problem and its solution are explained somewhere in the HC FAQ. Basically, you generate just one stamp for the list itself, not one for each recipient.
    • Offline mail is a non-problem. Nothing in HC requires a permanent connection.
    • Hijacked computers - see my other posting to this topic. I see this as the major shortcoming as well. Using HC would reduce the usefulness of a captured machine dramatically (from 10k mails a minute to 10 mails a minute or so), but spammers would still have the ability to send out thousands and millions of spams, with enough zombies.

  25. Re:Get Ready, Folks on Microsoft at the Tipover Point · · Score: 3, Insightful

    Linux is obviously going to gain some incredible market share in the server department.

    That said, start expecting to see exploits coming out a lot -- there's simply going to be more people attacking as well as using.


    We've been hearing that for about 4 or 5 years.

    Now just in case you have been living in a box, allow me to point out that the market share for Internet servers is already larger for Linux than for windows, especially when it comes to the high-visibility targets, i.e. webservers.

    Pray, where are all the exploits? On my last count, the ratio was roughly 10:1, and that is counting only remote exploits against server services (i.e. ignoring all the Shatter attacks and Outlook or IE holes).

    So, we've been hearing this for years, with no indication that there's the slightest bit of truth to it. Please troll off.