> As others have pointed out, most spammers are forging their headers > anyway, are using a spamhaus ISP that doesn't care, or are simply not > accepting incoming email. A "one-click spam reporting tool" would only > lead people to click the button without thinking about what they're > doing, and bother people who can't or won't do anything.
Perhaps it should send mail to the ISP's upstream provider if there's no response within a certain time.
With a patched version from RedHat to crib from, other distributions
could have a corresponding patch for their distributions available in a
matter of hours. This GPL thing forces them to provide the source, you
know.:)
And this isn't an easy vulnerability to exploit. If you have a look at
the credits for its discovery, you'll see that it has been found before,
and was actually deemed non-exploitable at that time. Here is the
description of it from the advisory:
When certain globbing patterns are processed, the globbing function does
not set this variable when an error occurs. As a result of this,
Wu-Ftpd may eventually attempt to free uninitialized memory. There are
a number of possibly exploitable conditions.
If this region of memory contained user-controllable data before the
free call, it may be possible to have an arbitrary word in memory
overwritten with an arbitrary value. This can lead to execution of
arbitrary code if function pointers or return addresses are
overwritten.
...so independantly of inducing the spurious call to
free, an exploit would have to modify the neighborhood
of memory that it will try to free. It would probably take more than a
few hours to find a way do that.:)
Have Amazon's fortunes turned around while I wasn't
looking? I can't see folks taking this praise too
seriously if Amazon goes belly up, as many expect
it to.
The measures you suggest will reduce the likelihood
of local errors in programs, but they're unlikely
to help you avoid common problems with interfaces
between the components of the software you write.
Have you been involved in writing any complex
software yourself?
Frankly, perl6 development looks paralyzed to me.
They've been at it for over a year, but as far
as I know, they've yet to make detailed plans for
implementing their ideas. Instead, they're still
coming up with pie-in-the-sky design goals like
making a common runtime for python and perl. I'm
dubious about perl6 ever even making it out the
door.
I've been using python for years, and love it. I've just started to
look at ruby; I'm reading through "Programming Ruby" at the moment.
Some of the control structures seem a little too elaborate to me, like
the range condition expressions, but on the whole, it seems like a very
nice language. I haven't done anything substantial with it, yet, but
I'm definitely going to as soon as I've finished my thesis. Anyway,
with regard to the more vigorous python community, etc., the ruby/python
extension looks like a really sweet set of training wheels. Basically,
it gives you access to python objects from ruby.
If grub can provide adequate real-time indexing of the web then they
don't really need to compete with google's search heuristics. They'll
be providing a genuinely new service that could comfortably coexist with
google's excellent searches of static pages.
> 3.) adam added this today, but we have to worry about the cases where
> users don't have the same version of aim.exe as their clientstring
> advertises. therefore we have to fingerprint the aim.exe you supply
> us, in order to base the client string we send on that.
Why don't you arrange for Oscar to download the client for the user on
installation? It's only a few kB, after all.
I heard at Keith Winstein's seminar that
in New Zealand, retailers are forbidden to sell
DVD players that can't play DVD's from all
regions. It's a violation of consumer protection
laws or something.:)
> Thse court cases are all squarely centerred around a click-wrap
> violation and acusations of theft of a 40 bit player key.... the Xing
> key. After all, the DVD CSS was not patented, nor was it trulY a
> trade secret violation by an employee.
Hmm? My understanding was that the 2600 case centered around the claim
that the DeCSS code is primarily intended to circumvent a copy
protection scheme, and therefore trafficking in it is a violation of the
DMCA. If you can post references to court papers that suggest
otherwise, that'd be very interesting.
I got it, but it seems rather culturally specific.
It's not clear to me primes of that form would be
so well known to a completely independant
Mathematical culture. (It's not even clear to me
that Natural numbers need to be a dominant notion
in the development of Mathematics, but I suppose
they had to use something of the sort.)
Unless you are outside of the territorial
juridestiction of your country groups like the FTC
will eventually get you good.
It's not clear how governments are going to be
able to regulate some transactions. Suppose I
set up a software shop in the US, but I advertise
it anonymously on the web, and request payment to
an account in the Cayman Islands? I can
communicate anonymously with my customers, and
establish my reputation using a digital signature.
To demonstrate that to a particular customer that
their software has been written, I can put an
interface to it up on a web site hosted by a third party, and request payment for it in advance. Now,how is the US government even going to find me, let alone force me to honor its regulations?
For a really general query like 'Linux' news
stories are quite appropriate. It's clear that
the user wasn't looking for specific information,
so giving the option to find out about recent
developments on the topic makes a lot of sense.
The format of the cookies file is fairly transparent. After visiting the sites that you want to keep the cookies for, make a copy of the.netscape/cookies file, and remove any that don't come from the sites you want to recognize you (I keep nyt & slashdot.) Then put something in.logout, or a cron job, like cp ~/.my-cookies ~/.netscape/cookies
I don't know that you would be allowed to bring your own laptop/PDA for very long. These are already forbidden from certain labs, because of the opportunities they afford for illicit communication.
Slashdot Mirror
> As others have pointed out, most spammers are forging their headers
> anyway, are using a spamhaus ISP that doesn't care, or are simply not
> accepting incoming email. A "one-click spam reporting tool" would only
> lead people to click the button without thinking about what they're
> doing, and bother people who can't or won't do anything.
Perhaps it should send mail to the ISP's upstream provider if there's no
response within a certain time.
Alex.
MIT's student film group has been showing movies
in lecture halls with wireless for quite a while,
now.
alex.
And this isn't an easy vulnerability to exploit. If you have a look at the credits for its discovery, you'll see that it has been found before, and was actually deemed non-exploitable at that time. Here is the description of it from the advisory:
Alex.
Have Amazon's fortunes turned around while I wasn't
looking? I can't see folks taking this praise too
seriously if Amazon goes belly up, as many expect
it to.
Alex.
The measures you suggest will reduce the likelihood
of local errors in programs, but they're unlikely
to help you avoid common problems with interfaces
between the components of the software you write.
Have you been involved in writing any complex
software yourself?
Alex.
Frankly, perl6 development looks paralyzed to me.
They've been at it for over a year, but as far
as I know, they've yet to make detailed plans for
implementing their ideas. Instead, they're still
coming up with pie-in-the-sky design goals like
making a common runtime for python and perl. I'm
dubious about perl6 ever even making it out the
door.
Alex.
There's also a book by the same authors of that
Dr D article. It's online at
http://www.rubycentral.com/book/index.html
Alex.
I've been using python for years, and love it. I've just started to
= Ru by%2FPython
look at ruby; I'm reading through "Programming Ruby" at the moment.
Some of the control structures seem a little too elaborate to me, like
the range condition expressions, but on the whole, it seems like a very
nice language. I haven't done anything substantial with it, yet, but
I'm definitely going to as soon as I've finished my thesis. Anyway,
with regard to the more vigorous python community, etc., the ruby/python
extension looks like a really sweet set of training wheels. Basically,
it gives you access to python objects from ruby.
http://www.ruby-lang.org/en/raa-list.rhtml?name
HTH.
Alex.
If grub can provide adequate real-time indexing of the web then they
don't really need to compete with google's search heuristics. They'll
be providing a genuinely new service that could comfortably coexist with
google's excellent searches of static pages.
I'd like to order a round of pangalactic
gargleblasters for the whole house. Put it on my
tab.
Alex.
The main problem will be getting people who
modify the documents to actually use the VC
you set up, I expect.
"Learning Python" is much better, imo, though by
the time it came out I couldn't learn much from
it, so I don't know how it would look to a
beginner.
Alex.
> The big problem is that this needs browser
:)
> support before it gets support at the server.
You could point your browser at a locally running
proxy that would add the header, I suppose.
> 3.) adam added this today, but we have to worry about the cases where
> users don't have the same version of aim.exe as their clientstring
> advertises. therefore we have to fingerprint the aim.exe you supply
> us, in order to base the client string we send on that.
Why don't you arrange for Oscar to download the client for the user on
installation? It's only a few kB, after all.
I heard at Keith Winstein's seminar that :)
in New Zealand, retailers are forbidden to sell
DVD players that can't play DVD's from all
regions. It's a violation of consumer protection
laws or something.
> Thse court cases are all squarely centerred around a click-wrap
> violation and acusations of theft of a 40 bit player key.... the Xing
> key. After all, the DVD CSS was not patented, nor was it trulY a
> trade secret violation by an employee.
Hmm? My understanding was that the 2600 case centered around the claim
that the DeCSS code is primarily intended to circumvent a copy
protection scheme, and therefore trafficking in it is a violation of the
DMCA. If you can post references to court papers that suggest
otherwise, that'd be very interesting.
That's an awful idea. I'd rather live without
DVD's than commit my private messages to a flawed
encryption scheme.
Alex.
I think there's an interesting ethical question
here that deserves consideration independant of
legal issues.
Alex.
I got it, but it seems rather culturally specific.
It's not clear to me primes of that form would be
so well known to a completely independant
Mathematical culture. (It's not even clear to me
that Natural numbers need to be a dominant notion
in the development of Mathematics, but I suppose
they had to use something of the sort.)
Alex.
Alex.
Why would anyone pay google for a partnership
when they can just redirect the user's browser
to the relevant query on google?
Alex.
For a really general query like 'Linux' news
stories are quite appropriate. It's clear that
the user wasn't looking for specific information,
so giving the option to find out about recent
developments on the topic makes a lot of sense.
Alex.
Alex.
The format of the cookies file is fairly .netscape/cookies file, and remove any that .logout, or a cron job, like
transparent. After visiting the sites that
you want to keep the cookies for, make a copy of
the
don't come from the sites you want to recognize
you (I keep nyt & slashdot.) Then put something
in
cp ~/.my-cookies ~/.netscape/cookies
Alex.
I don't know that you would be allowed to bring
your own laptop/PDA for very long. These are
already forbidden from certain labs, because of
the opportunities they afford for illicit
communication.
Alex.