Cable companies here in the Netherlands are planning to do the same thing, but they are being careful not to announce it too clearly.
Right now, typical cable networks have about 32 analog channels and around 60-90 digital channels of which some are in premium packages. Cable companies are agressively marketing their digital packages with offers for free receivers, free premium channels for several months when signing a contract, etc.
They are complaining that 15 euro per month (the typical price for analog plus the digital base package) is not covering the cost and that the income from the average subscriber has to be doubled in the upcoming years. So, what I expect to happen is within a year they announce that "their digital offering has been a big success" and they cut back the number of analog channels in the base package to use them for more premium channels. Existing programmes will still be part of the base digital package for a while, but when the number of subscribers to their premium packages (which often are 10 euros each) is not increasing rapidly enough, they will move some of these channels that traditionally were in the base package (like Discovery, Nat. Geographic, etc) over to a premium package.
After a while there will be only about 12-16 analog channels left (which the cable companies today have to provide by law) and when "almost all" clients have been forced over to digital this way, the analog package can be dropped just as easily as happened with the terrestrial transmitters yesterday.
("there are only 74.000 viewers left so why bother")
I think in step 2 they will agree, but mentally they see the "0.01 cents" as 1 cent. (0.01 dollars) In step 3 they will have difficulty imagining that 0.1 is the same as 0.10 and that is is cents, not dollars. In step 4 they will certainly disagree, claiming it is one dollar.
Re:Walk them through a series of simple examples..
on
Verizon Can't Do Math
·
· Score: 1
Then show them examples of how it works for cents, starting at a 'multiplied by one' example
Somewhere in the audio the call supervisor calculates.01 times 100 using her desk calculator... So, I don't think she would find the results you use as examples by inferring from the previous example.
When 1KB is.002, she will tap 10 *.002 in the calculator, get.02 and tell you "2 cents", or at best that will happen at the 1000 *.002 where she will say "2 dollars" for sure. No amount of reasoning ("when 1KB is.002 cents how can 10KB be 2 cents") to get around that, because every step is calculated and reasoned independently.
The problem with that is that as the consumer you are always pulling the short straw.
They (Verizon in this case) have all the power. When he doesn't pay, they can simply terminate his service. The continuity of service may be worth more than $71 to him.
Worse, they can probably (in according to the contract) increase the amount when paying late, put the matter in the hands of a collectors agency (which will charge even more) and register him on some blacklist. As there will be no notice of the nature of the conflict, it will be difficult to get service from other companies just because he is noted as a bad debtor.
The consumer can only try to contest the claim. The company makes sure this is difficult by putting idiots in the callcenter that make him feel helpless and surrender. Handling of e-mail and written letters usually is no better. He can write an elaborate message and still get a meaningless "we are sorry but the amount is $71" reply.
His only way to get some message through may be to pay the bill and terminate the contract, but even that may be unpractical (because it runs for several years and early termination is not possible or incurs an extra fee).
So, in fact he is completely dependent on the acts of the company and its stupid employees. We see the same thing here with phone, cable, energy companies and over here it has started when businesses were being run "the American way". So probably it is more familiar to Americans.
It is easy to point fingers at non-techies and explain at a haughty tone that certain things cannot happen that way!
I remember well how in the ninetees people who claimed that one could get a virus by just reading a mail or opening a wordprocessor document were laughed away. You know, there was a difference between programs and data! The poor souls could not know that, but a virus was a PROGRAM and it had to hide in a PROGRAM or at most a bootsector.
A virus hiding in a textfile was simply impossible. You could safely open any mail and as long as you would not save the attachments therein and launch them, there was zero chance that you would get a virus from this. (and indeed, in those days it was happening that mails had an attached.exe that promised to show something nice like fireworks for the newyear and in addition to that planted a virus on the computer that would forward those mails and destroy something)
But as time went by, it turned out that it COULD happen after all! We forgot about some possibilities that seemed remote, but turned out to be commonplace. We thought it would have been "impossible" to craft an exploit for a stack overflow bug that would actually execute some "useful" code instead of just crashing the system, but it happened. And more complex things happen today.
Maybe instead of (or in addition to) fixing things like this, they should distribute a tutorial on how to setup the system to use less-privileged users instead of being logged in as Admin all the time.
Also, they should more actively spread bad press about companies that release products that require administrator rights to be used. Those companies should be pointed out as part of the reason for security problems and hacked systems.
The article and many responses focus on how hard it is to filter image spam. The images are specially crafted to defeat OCR, and it is difficult to match keywords.
However, the recent spam flood has other properties: it is all sent via compromised Windows machines on residential cable/adsl connections, using very poorly written SMTP client software. When you look at the SMTP protocol level, they are very easy to identify and filter, due to the many subtle SMTP protocol errors. You do not even have to get to the DATA phase.
So, don't focus too much on message content. Look at what you can do in the SMTP server itself.
Anyone knows if (open source) sendmail can be configed to keep the messages it has relayed? E.g. something like moving processed queue items from the mqueue to another directory instead of deleting them after delivery.
With that in place, a tool to search the archived messages could come later (i.e. when it is really required).
That is like saying that you should validate your C programs using gcc -Wall and then, when they are syntactically correct, do not need to test them for correct functionality.
The result is what gets sent across the wire, and the banks (and BankSys) only uses that encrypted result as identifier. As such, there is no need to know the user's PIN
The problem with designs like this is that the PIN usually is just 4 digits. So while you can put a lot of effort in a complicated encryption mechanism that is supposed to be nonreversible, it is very easy to bruteforce. Just try all 10000 possible pins (in fact fewer, because combinations like 0000 are never issued) and see if you arrive at the same encrypted result. When you do, you have found the PIN.
The dedicated hardware (and firmware) that is supposed to validate the PIN should contain some "failed attempt counter" that blocks the validation after 3 attempts or so. But a system built to mimic the behaviour of the official systems does not necessarily do that. And even in those official systems, there may be APIs at a low level that perform one validation and can be called in a loop without triggering the blocking mechanism.
For LCD's that are better than equivalent-sized plasmas, I will happily plug the Philips 42PF9831 (Although I prefer the smaller 37PF9731).
That line of Philips TVs is awesome. I have a 32PF9986. This is the predecessor of the 9831 line (with a little less connectivity). I have it for about two years now, and at the time it was in a league of its own compared to all other LCD sets. It still it better than most of them.
It may not be a factor in the US market, but here in Europe plasma's have a bad reputation because of their energy consumption. Household equipment is rated in the shops on an energy efficiency scale, and LCD screens score much better than plasma.
Furthermore, plasma has a tendency to burn in. Of course every manufacturer and salesman will tell you that "this is no longer true", but once the problem has happened they are not so firm in their statements anymore. This causes trouble when watching 4:3 transmissions in true 4:3 format (rather than stretched to 16:9). It also sometimes causes station logos or newstickers to burn in.
You really do need to climb into the box. You will find it much roomier on the inside than it appears to be from the outside.
Once I read statements like that I know the poster does not understand the problem. There is no magic room inside the box. We all know about the articles about infinite compression. It simply isn't possible. Live with it.
Your basic misunderstanding is that when you have something that has "240 different ways" and you add another "240 different ways" you have "doubled the storage". This is not true. You have added 1 bit.
You cannot encode 256 bits in a single dot, and then reliably read back the result from the paper. You would need 2^256 different colors, reliably detectable. This is impossible.
correct calculation: 300x300x85 dots on the page. each dot can be 256 colors, or 1 byte can be encoded in 1 dot. total capacity: 300x300x85 = 7650000 bytes or about 7.6 MByte.
there is no way you are going to store 23 million different colors of a single pixel reliably on paper, but even when you did yould only encode 3 bytes (24 bits) per dot, or about 22 Mbyte total.
If you assume an 8.5 x 10 inch sheet of paper (85 square inches), 300 x 300 dpi x 256 colors, you end up with 1.95 billion bits of info you can put on a page.
Please show a detailed calculation because I cannot work out how you arrive at this result. My best result is about 7.6MB.
Of course companies like Pfizer and Rolex are irritated by the spammers but there is not much they can do either. They are the owners of the brand that gets pirated, but they have not asked the spammers to send the messages. They don't know more about who they are than you.
I think it is more promising to go after the stock spammers. It should be easy to find who is behind them.
I forwarded a couple of "You have won the Microsoft Lottery" 419 scams to their abuse address but they don't appear to be interested. I get a reply that I should contact the local police. As if I would be interested to waste my time. It is *their* name that gets abused, and I help them by forwarding scam mails they can use as evidence, but that is all the effort I am going to make.
In the ninetees I wrote some additions to a then popular TCP/IP and amateur packet radio program. One of the items I coded is an implementation of an existing routing algorithm that keeps information about a number of nodes in the network.
For efficiency, all data structures in this program are kept in "hashed lists": doubly-linked lists that start from an array of pointers. When an element needs to be looked up, a hash value is computed from the search key, the array is indexed using this hash value, and the corresponding list is linearly searched to find the element.
To print the nodelist in alphabetic order, I used a sort routine that links the elements together in alphabetic sequence and then walks along this list. The datastructure looks like this:/* NET/ROM routing table entry */
struct nrroute_tab {
struct nrroute_tab *next;/* doubly linked list pointers */
struct nrroute_tab *prev;
struct nrroute_tab *sort;/* link pointer when sorting */... etc.
The.h file describing this file was last modified in 1998. But this method was implemented years before that.
Of course there is a difference between what would be theoretically possible, and what measures manufacturers are willing to take. It would also be possible to make the IMEI (the hardware ID) of the phone really immutable, but in practice it seems to be easier for manufacturers to put it in flash memory where after shorter or longer time it becomes possible to change it via hacker tools.
There are different parties involved. Equipment manufacturers, service providers, service technicians, customers. Each has different requirements. A customer may like a hardwired unique IMEI and would like to see a lockout list for stolen equipment, because that protects him from phone robbery. However, the service provider does not like to lockout stolen phones, because it means a lost potential customer. A service technician may have to copy the IMEI from old to new phone when he replaces a board, but having this possibility often means that tools are available that allow the change of IMEI, making a lockout based on IMEI inpractical (and this fact is used as a convenient excuse by service providers).
The SIM lock situation is similar. Service providers like it, but manufacturers, technicians and customers probably don't. So again there often are tools to work around it, and they invariably leak out.
Slashdot Mirror
Cable companies here in the Netherlands are planning to do the same thing, but they are being careful not to announce it too clearly.
Right now, typical cable networks have about 32 analog channels and around 60-90 digital channels of which some are in premium packages.
Cable companies are agressively marketing their digital packages with offers for free receivers, free premium channels for several months when signing a contract, etc.
They are complaining that 15 euro per month (the typical price for analog plus the digital base package) is not covering the cost and that the income from the average subscriber has to be doubled in the upcoming years.
So, what I expect to happen is within a year they announce that "their digital offering has been a big success" and they cut back the number of analog channels in the base package to use them for more premium channels. Existing programmes will still be part of the base digital package for a while, but when the number of subscribers to their premium packages (which often are 10 euros each) is not increasing rapidly enough, they will move some of these channels that traditionally were in the base package (like Discovery, Nat. Geographic, etc) over to a premium package.
After a while there will be only about 12-16 analog channels left (which the cable companies today have to provide by law) and when "almost all" clients have been forced over to digital this way, the analog package can be dropped just as easily as happened with the terrestrial transmitters yesterday.
("there are only 74.000 viewers left so why bother")
My own several-years old motherboard, and many 3-year old Dell systems at work, have Intel controllers:
02:0c.0 Ethernet controller: Intel Corporation 82540EM Gigabit Ethernet Controller (rev 02)
ethtool -k eth0
Offload parameters for eth0:
rx-checksumming: on
tx-checksumming: on
scatter-gather: on
tcp segmentation offload: on
On the other hand, Intel's 82559 [intel.com] chips apparently do have it. I have no idea how common those are, though.
VERY common. I see either this or the Broadcom NetXtreme (which does checksum offloading but no TSO) in almost all systems we buy these days.
In Linux, type "ethtool -k eth0" to see if your card does it. Many systems I use have onboard Intel controllers and they all support it.
I think in step 2 they will agree, but mentally they see the "0.01 cents" as 1 cent. (0.01 dollars)
In step 3 they will have difficulty imagining that 0.1 is the same as 0.10 and that is is cents, not dollars.
In step 4 they will certainly disagree, claiming it is one dollar.
Then show them examples of how it works for cents, starting at a 'multiplied by one' example
.01 times 100 using her desk calculator...
.002, she will tap 10 * .002 in the calculator, get .02 and tell you "2 cents", or at best that will happen at the 1000 * .002 where she will say "2 dollars" for sure. .002 cents how can 10KB be 2 cents") to get around that, because every step is calculated and reasoned independently.
Somewhere in the audio the call supervisor calculates
So, I don't think she would find the results you use as examples by inferring from the previous example.
When 1KB is
No amount of reasoning ("when 1KB is
The problem with that is that as the consumer you are always pulling the short straw.
They (Verizon in this case) have all the power. When he doesn't pay, they can simply terminate his service. The continuity of service may be worth more than $71 to him.
Worse, they can probably (in according to the contract) increase the amount when paying late, put the matter in the hands of a collectors agency (which will charge even more) and register him on some blacklist.
As there will be no notice of the nature of the conflict, it will be difficult to get service from other companies just because he is noted as a bad debtor.
The consumer can only try to contest the claim. The company makes sure this is difficult by putting idiots in the callcenter that make him feel helpless and surrender.
Handling of e-mail and written letters usually is no better. He can write an elaborate message and still get a meaningless "we are sorry but the amount is $71" reply.
His only way to get some message through may be to pay the bill and terminate the contract, but even that may be unpractical (because it runs for several years and early termination is not possible or incurs an extra fee).
So, in fact he is completely dependent on the acts of the company and its stupid employees.
We see the same thing here with phone, cable, energy companies and over here it has started when businesses were being run "the American way". So probably it is more familiar to Americans.
It is easy to point fingers at non-techies and explain at a haughty tone that certain things cannot happen that way!
.exe that promised to show something nice like fireworks for the newyear and in addition to that planted a virus on the computer that would forward those mails and destroy something)
I remember well how in the ninetees people who claimed that one could get a virus by just reading a mail or opening a wordprocessor document were laughed away.
You know, there was a difference between programs and data! The poor souls could not know that, but a virus was a PROGRAM and it had to hide in a PROGRAM or at most a bootsector.
A virus hiding in a textfile was simply impossible. You could safely open any mail and as long as you would not save the attachments therein and launch them, there was zero chance that you would get a virus from this.
(and indeed, in those days it was happening that mails had an attached
But as time went by, it turned out that it COULD happen after all! We forgot about some possibilities that seemed remote, but turned out to be commonplace. We thought it would have been "impossible" to craft an exploit for a stack overflow bug that would actually execute some "useful" code instead of just crashing the system, but it happened. And more complex things happen today.
Resumes in Word are fun! Especially there are often multiple revisions and deleted textblocks in the file.
.pdf or plain text.
A wise man sends his resumes and letters as
Maybe instead of (or in addition to) fixing things like this, they should distribute a tutorial on how to setup the system to use less-privileged users instead of being logged in as Admin all the time.
Also, they should more actively spread bad press about companies that release products that require administrator rights to be used.
Those companies should be pointed out as part of the reason for security problems and hacked systems.
The article and many responses focus on how hard it is to filter image spam. The images are specially crafted to defeat OCR, and it is difficult to match keywords.
However, the recent spam flood has other properties: it is all sent via compromised Windows machines on residential cable/adsl connections, using very poorly written SMTP client software.
When you look at the SMTP protocol level, they are very easy to identify and filter, due to the many subtle SMTP protocol errors.
You do not even have to get to the DATA phase.
So, don't focus too much on message content. Look at what you can do in the SMTP server itself.
Anyone knows if (open source) sendmail can be configed to keep the messages it has relayed?
E.g. something like moving processed queue items from the mqueue to another directory instead of deleting them after delivery.
With that in place, a tool to search the archived messages could come later (i.e. when it is really required).
That is like saying that you should validate your C programs using gcc -Wall and then, when they are syntactically correct, do not need to test them for correct functionality.
This is not very useful. Not only is it incredibly slow, but also you cannot test anything related to :hover, for example a menu system.
I know, because I wanted to test the site at work for IE7 compatability and we do not have XP.
The result is what gets sent across the wire, and the banks (and BankSys) only uses that encrypted result as identifier. As such, there is no need to know the user's PIN
The problem with designs like this is that the PIN usually is just 4 digits. So while you can put a lot of effort in a complicated encryption mechanism that is supposed to be nonreversible, it is very easy to bruteforce. Just try all 10000 possible pins (in fact fewer, because combinations like 0000 are never issued) and see if you arrive at the same encrypted result. When you do, you have found the PIN.
The dedicated hardware (and firmware) that is supposed to validate the PIN should contain some "failed attempt counter" that blocks the validation after 3 attempts or so.
But a system built to mimic the behaviour of the official systems does not necessarily do that.
And even in those official systems, there may be APIs at a low level that perform one validation and can be called in a loop without triggering the blocking mechanism.
For LCD's that are better than equivalent-sized plasmas, I will happily plug the Philips 42PF9831 (Although I prefer the smaller 37PF9731).
That line of Philips TVs is awesome. I have a 32PF9986. This is the predecessor of the 9831 line (with a little less connectivity). I have it for about two years now, and at the time it was in a league of its own compared to all other LCD sets. It still it better than most of them.
It may not be a factor in the US market, but here in Europe plasma's have a bad reputation because of their energy consumption.
Household equipment is rated in the shops on an energy efficiency scale, and LCD screens score much better than plasma.
Furthermore, plasma has a tendency to burn in. Of course every manufacturer and salesman will tell you that "this is no longer true", but once the problem has happened they are not so firm in their statements anymore.
This causes trouble when watching 4:3 transmissions in true 4:3 format (rather than stretched to 16:9).
It also sometimes causes station logos or newstickers to burn in.
You really do need to climb into the box. You will find it much roomier on the inside than it appears to be from the outside.
Once I read statements like that I know the poster does not understand the problem. There is no magic room inside the box.
We all know about the articles about infinite compression. It simply isn't possible. Live with it.
Your basic misunderstanding is that when you have something that has "240 different ways" and you add another "240 different ways" you have "doubled the storage".
This is not true. You have added 1 bit.
You cannot encode 256 bits in a single dot, and then reliably read back the result from the paper.
You would need 2^256 different colors, reliably detectable. This is impossible.
correct calculation: 300x300x85 dots on the page. each dot can be 256 colors, or 1 byte can be encoded in 1 dot.
total capacity: 300x300x85 = 7650000 bytes or about 7.6 MByte.
there is no way you are going to store 23 million different colors of a single pixel reliably on paper, but even when you did yould only encode 3 bytes (24 bits) per dot, or about 22 Mbyte total.
If you assume an 8.5 x 10 inch sheet of paper (85 square inches), 300 x 300 dpi x 256 colors, you end up with 1.95 billion bits of info you can put on a page.
Please show a detailed calculation because I cannot work out how you arrive at this result. My best result is about 7.6MB.
Of course companies like Pfizer and Rolex are irritated by the spammers but there is not much they can do either.
They are the owners of the brand that gets pirated, but they have not asked the spammers to send the messages. They don't know more about who they are than you.
I think it is more promising to go after the stock spammers. It should be easy to find who is behind them.
I forwarded a couple of "You have won the Microsoft Lottery" 419 scams to their abuse address but they don't appear to be interested.
I get a reply that I should contact the local police. As if I would be interested to waste my time.
It is *their* name that gets abused, and I help them by forwarding scam mails they can use as evidence, but that is all the effort I am going to make.
In the ninetees I wrote some additions to a then popular TCP/IP and amateur packet radio program. One of the items I coded is an implementation of an existing routing algorithm that keeps information about a number of nodes in the network.
/* NET/ROM routing table entry */
/* doubly linked list pointers */ /* link pointer when sorting */ ... etc.
.h file describing this file was last modified in 1998. But this method was implemented years before that.
For efficiency, all data structures in this program are kept in "hashed lists": doubly-linked lists that start from an array of pointers. When an element needs to be looked up, a hash value is computed from the search key, the array is indexed using this hash value, and the corresponding list is linearly searched to find the element.
To print the nodelist in alphabetic order, I used a sort routine that links the elements together in alphabetic sequence and then walks along this list. The datastructure looks like this:
struct nrroute_tab {
struct nrroute_tab *next;
struct nrroute_tab *prev;
struct nrroute_tab *sort;
The
Of course there is a difference between what would be theoretically possible, and what measures manufacturers are willing to take.
It would also be possible to make the IMEI (the hardware ID) of the phone really immutable, but in practice it seems to be easier for manufacturers to put it in flash memory where after shorter or longer time it becomes possible to change it via hacker tools.
There are different parties involved. Equipment manufacturers, service providers, service technicians, customers. Each has different requirements.
A customer may like a hardwired unique IMEI and would like to see a lockout list for stolen equipment, because that protects him from phone robbery. However, the service provider does not like to lockout stolen phones, because it means a lost potential customer.
A service technician may have to copy the IMEI from old to new phone when he replaces a board, but having this possibility often means that tools are available that allow the change of IMEI, making a lockout based on IMEI inpractical (and this fact is used as a convenient excuse by service providers).
The SIM lock situation is similar. Service providers like it, but manufacturers, technicians and customers probably don't. So again there often are tools to work around it, and they invariably leak out.