I was intrigued by the following statement in the article:
Government-backed privacy agencies in Sweden and Germany, however, have blocked commercial services because personal information required in order to sign up would be stored on U.S.-based computers.
I live in Sweden. I don't know about Germany, but I have never heard of any government-backed agency in Sweden actually blocking access to foreign services for any reason, and in particular not for such a silly reason as sign-up procedures not compliant with Swedish law! If anyone can guess what the article author is referring to here, please let me know.
I have been trying for years to have my employer (a state university) merely consider blocking certain foreign ISPs from pouring junk mail over ourselves, but every suggested policy in that direction has either been rejected with a vague reference to the law prohibiting that, or not seen any response at all. I find it hard to believe that anybody in Swedish public administration would officially approve of blocking third-party traffic, let alone actually do it.
If the Google mail service falls foul of this act, then it does not matter whether or not the service is free; it is still breaking the law.
The issue is not whether the service is free, but whether it's voluntary (which I believe it is). Not even the UK Data Protection Act (which exists in various implementations throughout the EU) prevents people from voluntarily submitting information about themselves and allowing Google to store that information indefinitely, if they so like. The law comes into play only if Google collects or processes personal information without the explicit consent of the individual concerned.
I think it's fine that privacy groups keep an eye on this to inform potential users of privacy shortcomings, but invoking this law to claim users can't even knowingly waive their rights is a bit misleading, I think.
If you think mr Gates was depicted as Borg because he was the richest man alive, then you have some reading up to do.
Not only that, but Swedish business magazine Veckans Affarer has to read up on the definition of "ownership". They have simply added up the assets of the entire IKEA corporation as if it were part of Kamprad's private fortune. They can argue all they like that Kamprad still "controls" IKEA, but that claim alone doesn't make him richer than Bill Gates, who can likewise be said to "control" Microsoft.
Have Europeans accepted the poor things their countries did in the past?
"Right or wrong, my {continent|country|precinct|office}!"
When we talk about "our" countries, it becomes a matter of defining "us". Exactly who make up this vague collective that is supposed to recognize what that same collective did in the past? In a little more than 100 years, the living population of any country is completely replaced by another of roughly the same size. Even if we are infallible today, it doesn't mean our predecessors were, and I feel no urge to defend them if they acted wrong.
I recall something a fellow student told me back in the 1980's. He was living in a dorm sharing a single telephone, and the residents of that dorm (maybe a dozen people) were expected to split the phone bill among themselves. On occasion, some foreign student would spend hours on that phone calling home, only not to be around when the bill arrived three months later.
Turned out this had happened a bit too often, the remaining students had refused to pay the bill, and the phone company had closed the line. Even years after, when this fellow student moved in, the phone company refused to reopen the line, arguing "that dorm has a bad habit of not paying its bills", in spite of the fact that all of the students who were around when the line was first closed had now left...
If we go back a few hundred years, "Europeans" are responsible for colonizing America too, essentially wiping out the native population in the process. If there is any collective blame here, it's not tied to any particular continent. History is best learned from, not taken either responsibility for or pride in by those who weren't around to make it anyway.
As for SCO and its tactics, the most I can honestly say is "please accept our apologies for the inconvenience".
It's a shame that incidents such as this have contributed to the overall bad image of nuclear power. There is still a lot of potential which will probably never be revealed because the public at large are scared of what could happen if something went wrong.
I agree that the technology is a lot safer than the public at large is willing to believe, but I can't really blame them for not trusting the supposed experts, given how many times they have been let down in the past.
When the computer software and entertainment industries spend millions of dollars annually just trying to keep their customers from learning how household electronics work, why should the public at large even consider the possibility that the nuclear industry isn't secretly building new power plants disguised as military establishments? Is there a law saying that it's okay for any business except the nuclear industry to lie to the public?
Even if a small minority of experts are convinced that the technology is safe, it doesn't help a lot until the public is convinced those experts are right. With the level of technological understanding we see among the general public today, nuclear power is a bit like locking up all the firearms at school in a safe, giving the key to the headmaster, and hoping the kids won't ever think of taking it from him (now that headmaster has a very good reason to stay popular with the kids). Would you say those firearms are in good hands?
The truth is that modern techniques could probably make nuclear power an extremely safe alternative.
Good. Now take that truth and package it in a way that can be understood by the public at large, because they are the ones pulling the real strings here.
The real shame doesn't fall on Three Mile Island or Chernobyl, but on a society that as a whole is incapable of making informed decisions with respect to technology. Either you let the public know what you are doing, listen to their opinion, and do what they tell you. Or, you keep silent about what you know, ignore the public opinion, and hope you will retire before anything bad happens. Guess which society I'd prefer living in?
If giving up nuclear energy is the price I have to pay for unhindered public disclosure of most anything related to technology, I'd say it's a bargain.
Just to be clear, when you talk about 'sharing' hardware, what you really mean is that the innocent website is purchasing web hosting from spammers, right?
I'm not referring to any specific business arrangement, just to what an outsider can observe: Two websites, one legit and one controlled by a spammer, are found on the same IP address (or network). All I can tell is that they share a server, or at least a router. Thus they probably have some provider in common.
We are all clear that a web host that allows spammer sites to continue to exist on it is just as much a spammer as the guy who sends the email, right?
I wouldn't necessarily call them spammers for merely hosting the website, but that's besides the point. The important matter is whether they benefit (financially or otherwise) from providing service to spammers. They may even be ignorant of the fact that they host spammers, but I'd say it's up to them to find out; I'm not in the mood to be lenient towards network operators effectively plugging their ears, shouting "We are from Barcelona, we know nooothing!!" and routing my mail to their abuse wastebasket.
Or are we talking about site that jsut appeared out of nowhere and haven't been shutdown yet? Because, if we are, don't worry...AOL will LART the sites before they block access to them. (Well, at least, at the same time.)
I'm not worried about AOL blocking websites without warning said websites, not even if they were to block my website. I'm concerned about AOL blocking websites without letting their own users have a say in the matter.
Now, I understand that the AOL user community may not be the most computer-savvy on this planet, so I will not claim AOL is dead wrong here. However, what AOL is doing doesn't look like something just any ISP could or should do, and therefore this particular choice of theirs is useless to the rest of us.
Even if AOL acting in this way has the good side effect of scaring more hosting services to kick out their spammers sooner, a solution that relies on the existance of a single ISP big enough to carry any weight here isn't a good solution at all in the long run. AOL isn't there for us; AOL serves its shareholders and customers only. Even AOL won't last forever, and what if they decide to be your enemy? It's like having Jabba the Hut on your side; fine as long as he dislikes spammers too, not fine when he changes his mind, or when he is deposed by the rebels and you become fair game for having dined at his table.
If someone's innocent they don't have to worry...their site will be back when the spammer is gone.
Not knowing that your ISP also hosts a spammer doesn't make you innocent, only ignorant. You pay money to your ISP, allowing your ISP to afford the cost of kicking out a spammer once in a while. Why was the spammer there in the first place? I don't expect any ISP to predict the future behaviour of all their customers, but if a customer is found to have caused damage to others, the ISP ought to reimburse the victims in one way or another. I'm not asking for monetary reimbursement here, but as a gesture of good will, they could start by answering my mail in person, rather than handing me an auto-reply in return for me being their involuntary watchdog!
However, the spammer website hosting services don't constitute a major problem to me, because I don't buy from them anyway. I might block them from accessing my resources, but then there is the issue of joe-jobs implicating truly innocent sites suggesting that I'd better simply ignore them for now. I'd rather reject SMTP connections from IP addresses in all of Asia, Africa, and Latin America, plus a few more networks elsewhere, just to catch most open relays, proxies, and zombie hosts. It's not like I have a lot of business partners in Nigeria to care for anyway.
AOL answers this question, and others like it. More helpful than you were expecting, no?
AOL has become more informative recently, and I appreciate them letting us know where their servers are, but that doesn't solve the problem.
In answer to your question, the servers are for bounced messages. Block them, and the worst false positive you'll get is a legitimate bounce.
In my opinion, rejecting a legitimate bounce may actually be worse than rejecting ordinary legit mail, because in the latter case the sender will receive a message telling him his message didn't make it, and hopefully what can be done to solve the problem. Rejecting a legit bounce means someone will not be informed that their message was lost in transit.
The only situation when I find it ok to reject bounces is when I want to get the attention of the remote postmaster: "You have a problem, please fix ASAP!"
AOL has such a problem (accepting billions of junk mail messages only to bounce them back to victims of address forgery), but do you think they will do something about it just because I decide to reject their bounces? If we can agree to put those mail servers on a public blacklist, I'll be happy to employ said blacklist, but only for the purpose of shouting in AOL's ears.
It would be better if instead of completely blocking the page, it re-directed to a page saying that this site is implicated in spamming, but with a link to the real page.
With all the annoying warnings that users have learned to bypass without reading, will another warning really matter?
"ERASE *.* (Yes/No)?"
"Allow this cookie (Yes/No)?"
"Please read the terms of this end-user license agreement (Accept/Don't Accept)"
"You are about to enter a secure website. Continue (Yes/No)?"
"You are about to leave a secure website. Continue (Yes/No)?"
"You are about to leave this website. Continue (Yes/No)?"
"You are about to enter a spammer's website. Continue (Yes/No)?"
"This website will make your computer self-destruct in five seconds. Continue (Yes/No)?"
Really, it's just a game of motivation where the user is expected to press the right button to see the requested webpage as quickly as possible. "Check this box if you don't want to see this warning in the future."
Would mimimize impact to falsly accused sites.
Just like tagging e-mail as spam before passing it on to the recipient minimizes impact on legit mail? Impact? What impact?
I think AOL has made an unwise decision, not because of collateral damage to wrongly listed sites, but in a not-caring-what-the-users-want kind of way. If AOL had a million users asking for this feature, eager to send informed complaints to the blacklisted website operators to encourage them to kick out the spammers, then this may have some effect. AOL saying "Our customers will no longer have the freedom to read your advertising" isn't likely to be noticed by anybody with any influence here.
I got calls from users wanting to visit that station's site so I had to unblock it.
Agreed, this is a clear conflict of interest. Even though I could legally and technically block HTTP traffic between spammer websites and our university network, I wouldn't feel comfortable doing so, precisely because those most likely to complain about it would not be the spammers (or those unfortunate enough to share their web server with a spammer), but rather my own colleagues. And, they would complain to me, rather than to the spammer's ISP.
I'm all for public blacklists, and I keep using those to protect my own mailboxes from inbound junk. If somebody wants to send me mail, I'm justified in asking that person not to pay money to (or otherwise support) the ISP of a spammer. Likewise if they want to access my web pages, though I haven't implemented a blacklist check for those yet.
However, when I prevent my friends and colleagues from viewing somebody else's website just because that website shares hardware with a spammer, things are getting real tricky, because I'm interfering with traffic that doesn't necessarily benefit the spammer or his ISP anyway, and the only ones hurt by it are my friends and colleagues. This is clearly not desirable.
I admit that it makes a little more sense for AOL to do this, given their millions of users who supposedly don't know what's in their own best interest, but I wouldn't want to be a customer of such a company, nor would I want to work for it.
I believe most of us feel angry when reading about these vigilantes. I know I do. However, I would encourage all of us to remember that if these vigilantes were, say... tracking down spammers... then we would be extatic.
I don't feel angry about those vigilantes, but that's not to say I'd approve of what they are doing. I'm simply not affected by it, much in the same way I'm not affected by someone setting up tripwires in a semi-restriced area where I have no business going anyway. Do they risk hurting innocent people? Maybe; I don't know because I won't go anywhere near their code, and I still don't consider myself "innocent". I'd invite them to try hitting me. They can post my IP address all they like; I simply don't care.
I'm aware that there's a difference between pirates and spammers.
We are in agreement here, but I find another question more interesting, namely is there a difference between vigilantes and spammers?
My line of thought being, if these people (the vigilantes) make excessive use of the resources and gullibility of others just to make their point with respect to piracy and P2P software known, aren't they (rather than the pirates) the ones to be likened with spammers in the first place?
Spamming isn't primarily about stealing, it's about being seen, often by means of stealing. Piracy is about stealing without being seen. Vigilantism is (in this case) about being seen by those accused of stealing. Now I have to rest my case, before I bring in my friend Chewbacca...
Sounds like a good way to render another anti-bacterial agent useless. Spreading these things around is a good way to breed bacteria which are unaffected by such chemicals.
Indeed, just like spreading junk e-mail around has rendered e-mail useless for important communication, and spreading anti-spam agents around merely encourage spammers to develop killer spam to get around anything.
Now, is there perhaps a DNS-based blacklist meant to deal with Fellowes and other chemical spammers that are bent on sterilizing the entire terran biosphere for the benefit of killer bacteria? What's next; "Macroban" being launched to eliminate macro viruses (effectively killing macros altogether)?
it's a sad state of affairs when a developer outside of Microsoft actually ends up doing something that MS should have done themselves
Such as, Linus Torvalds implementing an entire operating system kernel for hardware that would otherwise be limited to software provided by Microsoft? I can really see Bill Gates getting a free ride off the collective efforts of the open source community here...
Nothing in the DNS RFCs suggests that a compliant DNS server can return arbitrarily chosen answers in response to a DNS question regarding an unknown domain. In fact, doing so clearly violates RFC 1035 section 4.1.1, which specifies that the response code 3 ("name error", also known as NXDOMAIN) should be returned for that case.
I'm afraid it's not that simple. The protocol specification does allow for a wildcard record, with the semantics that every domain matching the wildcard is considered to "exist" in the language of the RFC. Thus, returning NXDOMAIN in spite of the presence of a wildcard would be a protocol violation, but Verisign isn't doing that.
To a technical person like you or me, the existance or non-existance of a domain is determined by its presence in the DNS, not by some contract between a domain holder and a registrar. As long as the registrar allows DNS data to reflect all relevant agreements, there is no difference between the legal and the technical definition of "exist".
However, Verisign has attempted to separate the two definitions from each other, so that they can still say to ICANN that in a legal sense they have only assigned so-and-so many domains for six dollars per domain and year, while from a technical point of view every previously nonexistant domain has suddenly been allocated, and assigned to Verisign, for zero dollars per domain and year (but later deallocated, on demand from ICANN). That's not fair practice, and that's what ICANN should nail them for, rather than a perceived violation of RFC 1035.
In addition to that, we all have very valid concerns about the stability of the Internet and the usefulness of the DNS, concerns which should also be part of the deal between ICANN and Verisign, although I don't know how it has been worded. Problem is, we see it from our perspective, while Verisign sees it from their perspective, and many of us aren't even Verisign customers, meaning they will hardly listen to us.
How can Verisign personnel seriously claim that there is nothing wrong with SiteFinder?
From their perspective, they are probably right. How could they possibly see any problem, when they are blindfolded by their own limited frame of reference? It's a kind of corporate solipsism (everything revolves around us, and everybody else should thank us for their very existance; not that their thanks are worth anything except for decorating our press releases).
Immanuel Kant would have a field day with Verisign.
Wow, a comment suggesting a DDoS of someone you disagree with is just beyond something that I would expect to be uttered here.
It's not like anybody here is suggesting a coordinated, physical attack against Verisign because they have merely expressed an unpopular opinion. Rather, it's a hint of what may happen automatically under certain observable conditions, as a warning against creating those conditions.
If a company says "Beginning next week, we want to be notified of every spelling error made by anybody in writing, anywhere in the world, in any language" and I make a few extra spelling errors just for fun, I'm not making even a dent in their log file. If, on the other hand, I have an audience of half a billion clueless Internet users doing exactly what I suggest, I'm in effect coordinating a DDoS attack.
I don't have an audience of half a billion. Verisign has, in providing the COM and NET registries. If anybody is coordinating a DDoS attack against Verisign, it's Verisign themselves. Some slashdotter merely interpreted Verisign's suicidal statements for the rest of us. That's not the same thing as advocating terrorism.
While Verisign is the party at fault here, I think having everybody and their little brother who do understand the problem send mail to Verisign is a slight waste of time. If Verisign can ignore one thoughtful, informed complaint from someone who isn't paying their bills, even as Verisign would themselves benefit from following our sincere advice, they can just as easily ignore a million complaints saying the very same thing.
Instead, I suggest aiming some effort at the people who have the most to lose from Verisign's attempt to occupy every piece of unclaimed virtual territory imaginable: Their current customers, the owners of COM and NET domains. Of course, you may already be a Verisign customer, and if so you are encouraged to complain directly to Verisign in that capacity, but I still ask that you engage other COM and NET domain owners in the same effort, in particular those you have some kind of relationship with.
I don't own any COM or NET domain myself, nor do I depend directly on such a domain for my own e-mail or web pages (living in Sweden, using domains in our national ccTLD instead). When Verisign made their first attempt less than six months ago, I scanned a few years' worth of e-mail logs (I maintain a university department mail server) for envelope sender domains, and ordered them by frequency. I figured that if Verisign were to persist, I could (at least in theory, as a last resort) reject any mail from *.COM or *.NET, asking senders to use some other TLD when talking to us, while pointing at spam for an excuse.
I then wrote and sent off a complaint to Verisign, pointing out the options at my disposal. I sent copies of my complaint to the postmasters of the 22 most frequently occuring domains in my mail server log files (I'm not listing them here as every site has its own clientele; you can probably guess half of them anyway). In addition to a few dumb autoreplies, I did recieve one affirmative acknowledgement from the postmaster of a major ISP letting my message form the basis for their own formal request to Verisign to remove the wildcard record, as it hampered their spam controls. Now that is one ISP held in high regard by me!
In addition to domain owners, don't hesitate to contact also users of affected domains that somehow depend on you, asking them to contact their domain management, so that they will in turn be motivated to talk to Verisign.
It's not the number of messages sent to Verisign that count, but the number of paying customers behind any messages sent. If Verisign is willing to sue ICANN in the hope of changing the rules of the game, maybe they are just as happy to sue their own customers in the hope of keeping them onboard?
It's a nonsensical statement. If something is made to scale, it means that the relative proportions of the objects in the model reflect those of their real-world counterparts, and that the scale (between the model and the original) can be indicated as a numerical ratio, say 1:1,000.
The expression same scale appears to go beyond that, and suggest that the scale is indeed 1:1, i.e. the model has the same size as the original. This is of course only possible when the model has a physical representation, such as a printout. A computer model has no physical size, and thus no well-defined scale, even when it's a scale computer model.
I put the expression in the nonsense bin next to the one with the "10 kilowatt per year" and similar utterings...
Yes, the Wikipedia article explains that as well. However, my morse teacher didn't tell me about those letter digrams, and I have never practiced using them. They seem arbitrarily chosen to match the morse codes, rather than acronyms or abbreviations for anything. I guess the morse codes came first, and the letter digrams later. Anybody know when?
And, the Wikipedia article confirms that "+" has indeed been used for the "end of message" symbol, suggesting that there may have been additional non-letter representations in use as well.
Period "." is.-.-.-
Slash "/" is -..-. (pronounce "upper and lower" to memorize the rhytm)
I don't know about underscore or backslash, as I don't have a definitive list of interpunctuation characters in morse, but some of those you may think of (comma, colon, semicolon, question mark) do exist. However, there may be a problem with all the different kinds of matching brackets, braces and angles. In addition to that, there is no way (that I know of) to differentiate between upper and lower case letters. I'd rather not do a full URL in morse!
There are a number of morse code symbols that don't correspond to graphical letters, digits or interpunctuation; you may say that they are similar to ASCII control characters in denoting things such as "end of message".
Problem is, when you listen to and take down morse code by hand, you need an easy way to indicate those control symbols too. When I had some morse training in the 1970's (voluntary after-school classes), we used "+" to indicate "end of message" (.-.-.) and (surprise) "@" for "end of contact" (...-.-)...
I don't know whether "@" was in common use for that purpose or if it was just my teacher's idea. To me, @ thus meant "end of communication, time to do something else" long before I learned about spam!
The company that is known for having more patents (hardware and software) than any other company in the world is now the poster child for and the paladin of those who believe such patents to be immoral in the first place.
Abstract objects (such as a patent, or a law) know no concept of morality. Only sentient beings are capable of acts that can be either moral or immoral. Issuing a patent may be immoral, while obtaining that same patent need not be, and recognizing the difference between those two acts is not a sign of double standards.
If a bad law awards you a right you don't want, you may decry the law and elect not to utilize that right, but you cannot make the right go away from you any more than you can escape your own shadow. Since you don't have a choice as to the existance of your rights, merely recognizing them without using them is hardly an immoral act no matter what evil you could theoretically use those rights for.
Power may corrupt, but it doesn't make you guilty of having it.
Re:New Distributed Computing Project : DDoS spamme
on
I, Spammer
·
· Score: 1
Note that even with 100,000 users, only a percentage of which will receive a particular junk mail message during a single day, the web server operator is hardly going to notice those requests.
To make things somewhat more interesting, take the target IP address, convert it to an unsigned 32-bit integer modulo 3,600, turn the result into minutes and seconds past the hour into the future, and set your client to do the retrieval at that particular moment rather than when you received the spam.
In that way, similar requests for pages from different servers should be fairly evenly distributed over time at the client side, and your ISP should be happy.
Re:New Distributed Computing Project : DDoS spamme
on
I, Spammer
·
· Score: 1
This is not a new idea; it's similar in spirit to the tarpit MTA keeping spammers' SMTP clients busy talking to s-l-o-w s-e-r-v-e-r-s...
Do I understand you correctly that only confirmed spammers' websites would be targetted, in order to avoid bringing down innocent victim sites added to the spam as decoys (like "savethetrees", various government or anti-spam sites)?
If so, I doubt a single trusted source would be able to keep track of all the legit targets needed for this to be efficient. Listing a few hundred websites is not a problem, but verifying them as belonging to spammers may be, especially if you intend to testify before an audience of 100,000 users. Perhaps a hierarchy of delegated trust would do the trick.
You don't want the target list to become the most requested item on the Internet, so perhaps it would be a good idea to distribute that thing as well.
And, I don't think you should go to the trouble of identifying individual URLs on each server. Just resolve the server name to an IP address, verify it as a legit target, and connect to port 80 regardless of what the initial URL says; it will most likely refer to the same physical host. Download their index (or error) page, perhaps with a suitable hint about the spammer's whereabouts in the (misspelled) Referer: field.
By all means, do bug them, but bug them gently, please.
Personally, I'd declare their web servers off-limits for my local proxy cache, in order not to violate their copyright by viewing the same copy twice over a period of several seconds...
Standard errors on these numbers are about 0.2, so the human/chimp/gorilla differences are not statistically significant. The evidence is growing that the human/chimp split is more recent than the gorilla split, but as far as I know this hasn't yet been determined beyond reasonable doubt.
Are there similar comparisons made with respect to mitochondrial DNA (which is not subject to recombinations in the cell nucleus, but rather copied more or less unchanged along maternal lines only)? Since the mtDNA sequences are much shorter than nucleic DNA (around 16,500 base pairs for humans), I suppose they are easier to analyze statistically and that the margin of error is thus smaller, but I may be wrong.
Substitutions in non-coding mtDNA occur at an average rate of approximately one mutation per 20,000 years (corresponding to, say, 1,000 generations). In 4 million years, there ought to be some 200 mtDNA substitutions between a common ancestor and a modern descendant, and two present-day descendants on different branches would thus be 400 substitutions apart from each other.
And, if some software of your own making somehow makes it onto Microsoft's computers, UCITA gives you the right to remotely disable all or part of that software if Microsoft doesn't comply with your license terms.
How to get your software onto somebody else's computer in the first place? Try a piece of Javascript code in an HTML page.
That shouldn't ever happen, because whoever created it first gains instant copyright protection in all countries that are signatory to the treaty.
Is is generally true that the creator of a work is recognized as one and the same person in all countries (even in those that haven't signed the relevant treaties), but the creator isn't always identical to the copyright owner.
Different countries have different rules regarding who owns what rights with respect to works made for hire. Normally such issues are resolved by explicit clauses in the work contract, but in the absence of such a clause something made for hire in the USA may be found to belong to the employer in the USA but to the physical author in, say, Sweden.
If the author dies without selling his copyright, it is inherited according to either an explicit will or inheritance laws. If the author has no living heirs, again different countries have different laws with respect to where the property ends up. In Sweden, inheritance without heirs goes to a special fund, Allmänna Arvsfonden, which awards money for charity purposes. In the USA, I believe it's simply collected by the government.
A recent, strange case is that of the copyright to Adolf Hitler's Mein Kampf. The Free State of Bavaria, which considers itself the legal owner of Hitler's estate, sued a Swedish publisher for copyright infringement. However, the Swedish Supreme Court declared that Bavaria was not the legal owner of Hitler's works in Sweden, and they were therefore not allowed to bring the lawsuit in the first place. Unfortunately, the publisher was in the process unable to show that he had obtained the rights from anyone to publish the book, so the Supreme Court upheld a ban on the publication issued earlier.
Slashdot Mirror
I was intrigued by the following statement in the article:
I live in Sweden. I don't know about Germany, but I have never heard of any government-backed agency in Sweden actually blocking access to foreign services for any reason, and in particular not for such a silly reason as sign-up procedures not compliant with Swedish law! If anyone can guess what the article author is referring to here, please let me know.
I have been trying for years to have my employer (a state university) merely consider blocking certain foreign ISPs from pouring junk mail over ourselves, but every suggested policy in that direction has either been rejected with a vague reference to the law prohibiting that, or not seen any response at all. I find it hard to believe that anybody in Swedish public administration would officially approve of blocking third-party traffic, let alone actually do it.
The issue is not whether the service is free, but whether it's voluntary (which I believe it is). Not even the UK Data Protection Act (which exists in various implementations throughout the EU) prevents people from voluntarily submitting information about themselves and allowing Google to store that information indefinitely, if they so like. The law comes into play only if Google collects or processes personal information without the explicit consent of the individual concerned.
I think it's fine that privacy groups keep an eye on this to inform potential users of privacy shortcomings, but invoking this law to claim users can't even knowingly waive their rights is a bit misleading, I think.
Not only that, but Swedish business magazine Veckans Affarer has to read up on the definition of "ownership". They have simply added up the assets of the entire IKEA corporation as if it were part of Kamprad's private fortune. They can argue all they like that Kamprad still "controls" IKEA, but that claim alone doesn't make him richer than Bill Gates, who can likewise be said to "control" Microsoft.
"Right or wrong, my {continent|country|precinct|office}!"
When we talk about "our" countries, it becomes a matter of defining "us". Exactly who make up this vague collective that is supposed to recognize what that same collective did in the past? In a little more than 100 years, the living population of any country is completely replaced by another of roughly the same size. Even if we are infallible today, it doesn't mean our predecessors were, and I feel no urge to defend them if they acted wrong.
I recall something a fellow student told me back in the 1980's. He was living in a dorm sharing a single telephone, and the residents of that dorm (maybe a dozen people) were expected to split the phone bill among themselves. On occasion, some foreign student would spend hours on that phone calling home, only not to be around when the bill arrived three months later.
Turned out this had happened a bit too often, the remaining students had refused to pay the bill, and the phone company had closed the line. Even years after, when this fellow student moved in, the phone company refused to reopen the line, arguing "that dorm has a bad habit of not paying its bills", in spite of the fact that all of the students who were around when the line was first closed had now left...
If we go back a few hundred years, "Europeans" are responsible for colonizing America too, essentially wiping out the native population in the process. If there is any collective blame here, it's not tied to any particular continent. History is best learned from, not taken either responsibility for or pride in by those who weren't around to make it anyway.
As for SCO and its tactics, the most I can honestly say is "please accept our apologies for the inconvenience".
I agree that the technology is a lot safer than the public at large is willing to believe, but I can't really blame them for not trusting the supposed experts, given how many times they have been let down in the past.
When the computer software and entertainment industries spend millions of dollars annually just trying to keep their customers from learning how household electronics work, why should the public at large even consider the possibility that the nuclear industry isn't secretly building new power plants disguised as military establishments? Is there a law saying that it's okay for any business except the nuclear industry to lie to the public?
Even if a small minority of experts are convinced that the technology is safe, it doesn't help a lot until the public is convinced those experts are right. With the level of technological understanding we see among the general public today, nuclear power is a bit like locking up all the firearms at school in a safe, giving the key to the headmaster, and hoping the kids won't ever think of taking it from him (now that headmaster has a very good reason to stay popular with the kids). Would you say those firearms are in good hands?
Good. Now take that truth and package it in a way that can be understood by the public at large, because they are the ones pulling the real strings here.
The real shame doesn't fall on Three Mile Island or Chernobyl, but on a society that as a whole is incapable of making informed decisions with respect to technology. Either you let the public know what you are doing, listen to their opinion, and do what they tell you. Or, you keep silent about what you know, ignore the public opinion, and hope you will retire before anything bad happens. Guess which society I'd prefer living in?
If giving up nuclear energy is the price I have to pay for unhindered public disclosure of most anything related to technology, I'd say it's a bargain.
I'm not referring to any specific business arrangement, just to what an outsider can observe: Two websites, one legit and one controlled by a spammer, are found on the same IP address (or network). All I can tell is that they share a server, or at least a router. Thus they probably have some provider in common.
I wouldn't necessarily call them spammers for merely hosting the website, but that's besides the point. The important matter is whether they benefit (financially or otherwise) from providing service to spammers. They may even be ignorant of the fact that they host spammers, but I'd say it's up to them to find out; I'm not in the mood to be lenient towards network operators effectively plugging their ears, shouting "We are from Barcelona, we know nooothing!!" and routing my mail to their abuse wastebasket.
I'm not worried about AOL blocking websites without warning said websites, not even if they were to block my website. I'm concerned about AOL blocking websites without letting their own users have a say in the matter.
Now, I understand that the AOL user community may not be the most computer-savvy on this planet, so I will not claim AOL is dead wrong here. However, what AOL is doing doesn't look like something just any ISP could or should do, and therefore this particular choice of theirs is useless to the rest of us.
Even if AOL acting in this way has the good side effect of scaring more hosting services to kick out their spammers sooner, a solution that relies on the existance of a single ISP big enough to carry any weight here isn't a good solution at all in the long run. AOL isn't there for us; AOL serves its shareholders and customers only. Even AOL won't last forever, and what if they decide to be your enemy? It's like having Jabba the Hut on your side; fine as long as he dislikes spammers too, not fine when he changes his mind, or when he is deposed by the rebels and you become fair game for having dined at his table.
Not knowing that your ISP also hosts a spammer doesn't make you innocent, only ignorant. You pay money to your ISP, allowing your ISP to afford the cost of kicking out a spammer once in a while. Why was the spammer there in the first place? I don't expect any ISP to predict the future behaviour of all their customers, but if a customer is found to have caused damage to others, the ISP ought to reimburse the victims in one way or another. I'm not asking for monetary reimbursement here, but as a gesture of good will, they could start by answering my mail in person, rather than handing me an auto-reply in return for me being their involuntary watchdog!
However, the spammer website hosting services don't constitute a major problem to me, because I don't buy from them anyway. I might block them from accessing my resources, but then there is the issue of joe-jobs implicating truly innocent sites suggesting that I'd better simply ignore them for now. I'd rather reject SMTP connections from IP addresses in all of Asia, Africa, and Latin America, plus a few more networks elsewhere, just to catch most open relays, proxies, and zombie hosts. It's not like I have a lot of business partners in Nigeria to care for anyway.
AOL has become more informative recently, and I appreciate them letting us know where their servers are, but that doesn't solve the problem.
In my opinion, rejecting a legitimate bounce may actually be worse than rejecting ordinary legit mail, because in the latter case the sender will receive a message telling him his message didn't make it, and hopefully what can be done to solve the problem. Rejecting a legit bounce means someone will not be informed that their message was lost in transit.
The only situation when I find it ok to reject bounces is when I want to get the attention of the remote postmaster: "You have a problem, please fix ASAP!"
AOL has such a problem (accepting billions of junk mail messages only to bounce them back to victims of address forgery), but do you think they will do something about it just because I decide to reject their bounces? If we can agree to put those mail servers on a public blacklist, I'll be happy to employ said blacklist, but only for the purpose of shouting in AOL's ears.
With all the annoying warnings that users have learned to bypass without reading, will another warning really matter?
Really, it's just a game of motivation where the user is expected to press the right button to see the requested webpage as quickly as possible. "Check this box if you don't want to see this warning in the future."
Just like tagging e-mail as spam before passing it on to the recipient minimizes impact on legit mail? Impact? What impact?
I think AOL has made an unwise decision, not because of collateral damage to wrongly listed sites, but in a not-caring-what-the-users-want kind of way. If AOL had a million users asking for this feature, eager to send informed complaints to the blacklisted website operators to encourage them to kick out the spammers, then this may have some effect. AOL saying "Our customers will no longer have the freedom to read your advertising" isn't likely to be noticed by anybody with any influence here.
Agreed, this is a clear conflict of interest. Even though I could legally and technically block HTTP traffic between spammer websites and our university network, I wouldn't feel comfortable doing so, precisely because those most likely to complain about it would not be the spammers (or those unfortunate enough to share their web server with a spammer), but rather my own colleagues. And, they would complain to me, rather than to the spammer's ISP.
I'm all for public blacklists, and I keep using those to protect my own mailboxes from inbound junk. If somebody wants to send me mail, I'm justified in asking that person not to pay money to (or otherwise support) the ISP of a spammer. Likewise if they want to access my web pages, though I haven't implemented a blacklist check for those yet.
However, when I prevent my friends and colleagues from viewing somebody else's website just because that website shares hardware with a spammer, things are getting real tricky, because I'm interfering with traffic that doesn't necessarily benefit the spammer or his ISP anyway, and the only ones hurt by it are my friends and colleagues. This is clearly not desirable.
I admit that it makes a little more sense for AOL to do this, given their millions of users who supposedly don't know what's in their own best interest, but I wouldn't want to be a customer of such a company, nor would I want to work for it.
I don't feel angry about those vigilantes, but that's not to say I'd approve of what they are doing. I'm simply not affected by it, much in the same way I'm not affected by someone setting up tripwires in a semi-restriced area where I have no business going anyway. Do they risk hurting innocent people? Maybe; I don't know because I won't go anywhere near their code, and I still don't consider myself "innocent". I'd invite them to try hitting me. They can post my IP address all they like; I simply don't care.
We are in agreement here, but I find another question more interesting, namely is there a difference between vigilantes and spammers?
My line of thought being, if these people (the vigilantes) make excessive use of the resources and gullibility of others just to make their point with respect to piracy and P2P software known, aren't they (rather than the pirates) the ones to be likened with spammers in the first place?
Spamming isn't primarily about stealing, it's about being seen, often by means of stealing. Piracy is about stealing without being seen. Vigilantism is (in this case) about being seen by those accused of stealing. Now I have to rest my case, before I bring in my friend Chewbacca...
Indeed, just like spreading junk e-mail around has rendered e-mail useless for important communication, and spreading anti-spam agents around merely encourage spammers to develop killer spam to get around anything.
Now, is there perhaps a DNS-based blacklist meant to deal with Fellowes and other chemical spammers that are bent on sterilizing the entire terran biosphere for the benefit of killer bacteria? What's next; "Macroban" being launched to eliminate macro viruses (effectively killing macros altogether)?
I'm afraid it's not that simple. The protocol specification does allow for a wildcard record, with the semantics that every domain matching the wildcard is considered to "exist" in the language of the RFC. Thus, returning NXDOMAIN in spite of the presence of a wildcard would be a protocol violation, but Verisign isn't doing that.
To a technical person like you or me, the existance or non-existance of a domain is determined by its presence in the DNS, not by some contract between a domain holder and a registrar. As long as the registrar allows DNS data to reflect all relevant agreements, there is no difference between the legal and the technical definition of "exist".
However, Verisign has attempted to separate the two definitions from each other, so that they can still say to ICANN that in a legal sense they have only assigned so-and-so many domains for six dollars per domain and year, while from a technical point of view every previously nonexistant domain has suddenly been allocated, and assigned to Verisign, for zero dollars per domain and year (but later deallocated, on demand from ICANN). That's not fair practice, and that's what ICANN should nail them for, rather than a perceived violation of RFC 1035.
In addition to that, we all have very valid concerns about the stability of the Internet and the usefulness of the DNS, concerns which should also be part of the deal between ICANN and Verisign, although I don't know how it has been worded. Problem is, we see it from our perspective, while Verisign sees it from their perspective, and many of us aren't even Verisign customers, meaning they will hardly listen to us.
From their perspective, they are probably right. How could they possibly see any problem, when they are blindfolded by their own limited frame of reference? It's a kind of corporate solipsism (everything revolves around us, and everybody else should thank us for their very existance; not that their thanks are worth anything except for decorating our press releases).
Immanuel Kant would have a field day with Verisign.
It's not like anybody here is suggesting a coordinated, physical attack against Verisign because they have merely expressed an unpopular opinion. Rather, it's a hint of what may happen automatically under certain observable conditions, as a warning against creating those conditions.
If a company says "Beginning next week, we want to be notified of every spelling error made by anybody in writing, anywhere in the world, in any language" and I make a few extra spelling errors just for fun, I'm not making even a dent in their log file. If, on the other hand, I have an audience of half a billion clueless Internet users doing exactly what I suggest, I'm in effect coordinating a DDoS attack.
I don't have an audience of half a billion. Verisign has, in providing the COM and NET registries. If anybody is coordinating a DDoS attack against Verisign, it's Verisign themselves. Some slashdotter merely interpreted Verisign's suicidal statements for the rest of us. That's not the same thing as advocating terrorism.
Anonymous cowards have no image to better.
While Verisign is the party at fault here, I think having everybody and their little brother who do understand the problem send mail to Verisign is a slight waste of time. If Verisign can ignore one thoughtful, informed complaint from someone who isn't paying their bills, even as Verisign would themselves benefit from following our sincere advice, they can just as easily ignore a million complaints saying the very same thing.
Instead, I suggest aiming some effort at the people who have the most to lose from Verisign's attempt to occupy every piece of unclaimed virtual territory imaginable: Their current customers, the owners of COM and NET domains. Of course, you may already be a Verisign customer, and if so you are encouraged to complain directly to Verisign in that capacity, but I still ask that you engage other COM and NET domain owners in the same effort, in particular those you have some kind of relationship with.
I don't own any COM or NET domain myself, nor do I depend directly on such a domain for my own e-mail or web pages (living in Sweden, using domains in our national ccTLD instead). When Verisign made their first attempt less than six months ago, I scanned a few years' worth of e-mail logs (I maintain a university department mail server) for envelope sender domains, and ordered them by frequency. I figured that if Verisign were to persist, I could (at least in theory, as a last resort) reject any mail from *.COM or *.NET, asking senders to use some other TLD when talking to us, while pointing at spam for an excuse.
I then wrote and sent off a complaint to Verisign, pointing out the options at my disposal. I sent copies of my complaint to the postmasters of the 22 most frequently occuring domains in my mail server log files (I'm not listing them here as every site has its own clientele; you can probably guess half of them anyway). In addition to a few dumb autoreplies, I did recieve one affirmative acknowledgement from the postmaster of a major ISP letting my message form the basis for their own formal request to Verisign to remove the wildcard record, as it hampered their spam controls. Now that is one ISP held in high regard by me!
In addition to domain owners, don't hesitate to contact also users of affected domains that somehow depend on you, asking them to contact their domain management, so that they will in turn be motivated to talk to Verisign.
It's not the number of messages sent to Verisign that count, but the number of paying customers behind any messages sent. If Verisign is willing to sue ICANN in the hope of changing the rules of the game, maybe they are just as happy to sue their own customers in the hope of keeping them onboard?
It's a nonsensical statement. If something is made to scale, it means that the relative proportions of the objects in the model reflect those of their real-world counterparts, and that the scale (between the model and the original) can be indicated as a numerical ratio, say 1:1,000.
The expression same scale appears to go beyond that, and suggest that the scale is indeed 1:1, i.e. the model has the same size as the original. This is of course only possible when the model has a physical representation, such as a printout. A computer model has no physical size, and thus no well-defined scale, even when it's a scale computer model.
I put the expression in the nonsense bin next to the one with the "10 kilowatt per year" and similar utterings...
Yes, the Wikipedia article explains that as well. However, my morse teacher didn't tell me about those letter digrams, and I have never practiced using them. They seem arbitrarily chosen to match the morse codes, rather than acronyms or abbreviations for anything. I guess the morse codes came first, and the letter digrams later. Anybody know when?
And, the Wikipedia article confirms that "+" has indeed been used for the "end of message" symbol, suggesting that there may have been additional non-letter representations in use as well.
Slash "/" is -..-. (pronounce "upper and lower" to memorize the rhytm)
I don't know about underscore or backslash, as I don't have a definitive list of interpunctuation characters in morse, but some of those you may think of (comma, colon, semicolon, question mark) do exist. However, there may be a problem with all the different kinds of matching brackets, braces and angles. In addition to that, there is no way (that I know of) to differentiate between upper and lower case letters. I'd rather not do a full URL in morse!
There are a number of morse code symbols that don't correspond to graphical letters, digits or interpunctuation; you may say that they are similar to ASCII control characters in denoting things such as "end of message".
Problem is, when you listen to and take down morse code by hand, you need an easy way to indicate those control symbols too. When I had some morse training in the 1970's (voluntary after-school classes), we used "+" to indicate "end of message" (.-.-.) and (surprise) "@" for "end of contact" (...-.-)...
I don't know whether "@" was in common use for that purpose or if it was just my teacher's idea. To me, @ thus meant "end of communication, time to do something else" long before I learned about spam!
Abstract objects (such as a patent, or a law) know no concept of morality. Only sentient beings are capable of acts that can be either moral or immoral. Issuing a patent may be immoral, while obtaining that same patent need not be, and recognizing the difference between those two acts is not a sign of double standards.
If a bad law awards you a right you don't want, you may decry the law and elect not to utilize that right, but you cannot make the right go away from you any more than you can escape your own shadow. Since you don't have a choice as to the existance of your rights, merely recognizing them without using them is hardly an immoral act no matter what evil you could theoretically use those rights for.
Power may corrupt, but it doesn't make you guilty of having it.
To make things somewhat more interesting, take the target IP address, convert it to an unsigned 32-bit integer modulo 3,600, turn the result into minutes and seconds past the hour into the future, and set your client to do the retrieval at that particular moment rather than when you received the spam.
In that way, similar requests for pages from different servers should be fairly evenly distributed over time at the client side, and your ISP should be happy.
Do I understand you correctly that only confirmed spammers' websites would be targetted, in order to avoid bringing down innocent victim sites added to the spam as decoys (like "savethetrees", various government or anti-spam sites)?
If so, I doubt a single trusted source would be able to keep track of all the legit targets needed for this to be efficient. Listing a few hundred websites is not a problem, but verifying them as belonging to spammers may be, especially if you intend to testify before an audience of 100,000 users. Perhaps a hierarchy of delegated trust would do the trick.
You don't want the target list to become the most requested item on the Internet, so perhaps it would be a good idea to distribute that thing as well.
And, I don't think you should go to the trouble of identifying individual URLs on each server. Just resolve the server name to an IP address, verify it as a legit target, and connect to port 80 regardless of what the initial URL says; it will most likely refer to the same physical host. Download their index (or error) page, perhaps with a suitable hint about the spammer's whereabouts in the (misspelled) Referer: field.
By all means, do bug them, but bug them gently, please.
Personally, I'd declare their web servers off-limits for my local proxy cache, in order not to violate their copyright by viewing the same copy twice over a period of several seconds...
Substitutions in non-coding mtDNA occur at an average rate of approximately one mutation per 20,000 years (corresponding to, say, 1,000 generations). In 4 million years, there ought to be some 200 mtDNA substitutions between a common ancestor and a modern descendant, and two present-day descendants on different branches would thus be 400 substitutions apart from each other.
How to get your software onto somebody else's computer in the first place? Try a piece of Javascript code in an HTML page.
Is is generally true that the creator of a work is recognized as one and the same person in all countries (even in those that haven't signed the relevant treaties), but the creator isn't always identical to the copyright owner.
Different countries have different rules regarding who owns what rights with respect to works made for hire. Normally such issues are resolved by explicit clauses in the work contract, but in the absence of such a clause something made for hire in the USA may be found to belong to the employer in the USA but to the physical author in, say, Sweden.
If the author dies without selling his copyright, it is inherited according to either an explicit will or inheritance laws. If the author has no living heirs, again different countries have different laws with respect to where the property ends up. In Sweden, inheritance without heirs goes to a special fund, Allmänna Arvsfonden, which awards money for charity purposes. In the USA, I believe it's simply collected by the government.
A recent, strange case is that of the copyright to Adolf Hitler's Mein Kampf . The Free State of Bavaria, which considers itself the legal owner of Hitler's estate, sued a Swedish publisher for copyright infringement. However, the Swedish Supreme Court declared that Bavaria was not the legal owner of Hitler's works in Sweden, and they were therefore not allowed to bring the lawsuit in the first place. Unfortunately, the publisher was in the process unable to show that he had obtained the rights from anyone to publish the book, so the Supreme Court upheld a ban on the publication issued earlier.